aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authormcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-08-08 07:25:32 +0000
committermcentner <mcentner@d688527b-c9ab-4aba-bd8d-4036d912da1d>2007-08-08 07:25:32 +0000
commit43e57a42832ea8b4ceb0317f3c9028a4174ffa7b (patch)
treef5ed9074b8d7b89b2dd5b22d326f63be103e7551 /id
parent10889e9dea2cc2f70b475e6ff7af37fdba1621d9 (diff)
downloadmoa-id-spss-43e57a42832ea8b4ceb0317f3c9028a4174ffa7b.tar.gz
moa-id-spss-43e57a42832ea8b4ceb0317f3c9028a4174ffa7b.tar.bz2
moa-id-spss-43e57a42832ea8b4ceb0317f3c9028a4174ffa7b.zip
Adapted project directory structure to suit the new maven based build process.
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@909 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id')
-rw-r--r--id/oa/src/main/webapp/WEB-INF/web.xml9
-rw-r--r--id/oa/src/main/webapp/auth.jsp48
-rw-r--r--id/oa/src/main/webapp/chooseBKU.jsp19
-rw-r--r--id/oa/src/main/webapp/form.jsp20
-rw-r--r--id/oa/src/main/webapp/getBKUSelectTag.jsp6
-rw-r--r--id/oa/src/main/webapp/index.jsp60
-rw-r--r--id/oa/src/main/webapp/stateful_login.jsp29
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd29
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml113
-rw-r--r--id/server/auth/src/main/webapp/errorpage-auth.jsp50
-rw-r--r--id/server/auth/src/main/webapp/index.jsp40
-rw-r--r--id/server/auth/src/main/webapp/message-auth.jsp20
-rw-r--r--id/server/data/deploy/conf/Catalina/localhost/proxy.xml25
-rw-r--r--id/server/data/deploy/conf/moa-id/MOAIdentities.xsd59
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleIdentities.xml34
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml113
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml135
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml118
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml138
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml121
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml143
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml123
-rw-r--r--id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml145
-rw-r--r--id/server/data/deploy/conf/moa-id/log4j.properties25
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml9
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml10
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml10
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml9
-rw-r--r--id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml9
-rw-r--r--id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt21
-rw-r--r--id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html44
-rw-r--r--id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html56
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml105
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml44
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml49
-rw-r--r--id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml107
-rw-r--r--id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml79
-rw-r--r--id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden(pwd=allekunden).p12bin0 -> 3716 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden.derbin0 -> 1020 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1(pwd=kunde1).p12bin0 -> 3932 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1.derbin0 -> 920 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2(pwd=kunde2).p12bin0 -> 3908 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2.derbin0 -> 1200 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/keys/customerBMI/moa-signaturdienst-strafregisterbescheinigung.p12bin0 -> 4097 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml103
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml42
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml47
-rw-r--r--id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml105
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1(pwd=kunde1).p12bin0 -> 3926 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.derbin0 -> 882 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/customer1/trustedServers(pwd=servers).keystorebin0 -> 943 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2(pwd=kunde2).p12bin0 -> 3926 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.derbin0 -> 882 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/customer2/trustedServers(pwd=servers).keystorebin0 -> 943 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server(pwd=server).p12bin0 -> 3808 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server.derbin0 -> 877 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/tomcat(pwd=server).keystorebin0 -> 5200 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/trustedClients(pwd=clients).keystorebin0 -> 988 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin0 -> 1111 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cerbin0 -> 1018 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cerbin0 -> 1151 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cerbin0 -> 860 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cerbin0 -> 861 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cerbin0 -> 865 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.derbin0 -> 1747 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCACrypt-SN04(CertifiedKeypair).der22
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCASig-SN03(SecureSignatureKeypair).derbin0 -> 914 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cerbin0 -> 1136 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cerbin0 -> 1136 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cerbin0 -> 1171 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cerbin0 -> 1133 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cerbin0 -> 1076 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cerbin0 -> 1141 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cerbin0 -> 870 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin0 -> 1111 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cerbin0 -> 860 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cerbin0 -> 861 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cerbin0 -> 865 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.derbin0 -> 1747 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cerbin0 -> 1076 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cerbin0 -> 1141 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cerbin0 -> 870 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin0 -> 1205 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin0 -> 1171 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin0 -> 1205 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin0 -> 1171 bytes
-rw-r--r--id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt39
-rw-r--r--id/server/data/deploy/templates/moaid-templates.warbin0 -> 32185 bytes
-rw-r--r--id/server/data/deploy/tomcat/server.mod_jk.xml162
-rw-r--r--id/server/data/deploy/tomcat/server.xml171
-rw-r--r--id/server/data/deploy/tomcat/tomcat-util-4.1.27-patched/tomcat-util.jarbin0 -> 178544 bytes
-rw-r--r--id/server/data/deploy/tomcat/unix/tomcat-start.sh28
-rw-r--r--id/server/data/deploy/tomcat/unix/tomcat-stop.sh7
-rw-r--r--id/server/data/deploy/tomcat/uriworkermap.properties9
-rw-r--r--id/server/data/deploy/tomcat/win32/startTomcat.bat26
-rw-r--r--id/server/data/deploy/tomcat/win32/stopTomcat.bat13
-rw-r--r--id/server/data/deploy/tomcat/workers.properties6
-rw-r--r--id/server/doc/Architektur ID.vsdbin0 -> 318464 bytes
-rw-r--r--id/server/doc/MOA ID 1.x.wsdl41
-rw-r--r--id/server/doc/MOA-ID Feinspezifikation.docbin0 -> 268288 bytes
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.2.xsd350
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.3.xsd424
-rw-r--r--id/server/doc/MOA-ID-Configuration-1.4.xsd505
-rw-r--r--id/server/doc/MOA_ID_1.2_20040315.pdfbin0 -> 577309 bytes
-rw-r--r--id/server/doc/MOA_ID_1.3_20060315.pdfbin0 -> 355156 bytes
-rw-r--r--id/server/doc/MOA_ID_1.4_20070802.pdfbin0 -> 239502 bytes
-rw-r--r--id/server/doc/OID-1-0-3.pdfbin0 -> 347041 bytes
-rw-r--r--id/server/doc/api-doc/allclasses-frame.html35
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html171
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html259
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html114
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html194
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html526
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html126
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html751
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html152
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html204
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html364
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html91
-rw-r--r--id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html91
-rw-r--r--id/server/doc/api-doc/deprecated-list.html89
-rw-r--r--id/server/doc/api-doc/help-doc.html142
-rw-r--r--id/server/doc/api-doc/index-all.html422
-rw-r--r--id/server/doc/api-doc/index.html22
-rw-r--r--id/server/doc/api-doc/overview-tree.html101
-rw-r--r--id/server/doc/api-doc/package-list0
-rw-r--r--id/server/doc/api-doc/packages.html26
-rw-r--r--id/server/doc/api-doc/serialized-form.html89
-rw-r--r--id/server/doc/api-doc/stylesheet.css29
-rw-r--r--id/server/doc/bku-auswahl.20030408.pdfbin0 -> 131587 bytes
-rw-r--r--id/server/doc/cs-sstc-schema-assertion-01.xsd194
-rw-r--r--id/server/doc/cs-sstc-schema-protocol-01.xsd127
-rw-r--r--id/server/doc/moa-id.htm7
-rw-r--r--id/server/doc/moa_id/api-doc/allclasses-frame.html44
-rw-r--r--id/server/doc/moa_id/api-doc/allclasses-noframe.html44
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html251
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html631
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html172
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-frame.html32
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-summary.html148
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-tree.html145
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-use.html162
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html228
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html613
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html184
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-frame.html32
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-summary.html149
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-tree.html145
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-use.html163
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html906
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html214
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-frame.html32
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-summary.html148
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-tree.html145
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-use.html181
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-frame.html32
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-summary.html148
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-tree.html147
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-use.html162
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html249
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html506
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html251
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/NotAllowedException.html253
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html136
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html136
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolverException.html192
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/NotAllowedException.html182
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-frame.html47
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-summary.html175
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-tree.html154
-rw-r--r--id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-use.html170
-rw-r--r--id/server/doc/moa_id/api-doc/constant-values.html262
-rw-r--r--id/server/doc/moa_id/api-doc/deprecated-list.html134
-rw-r--r--id/server/doc/moa_id/api-doc/help-doc.html193
-rw-r--r--id/server/doc/moa_id/api-doc/index-all.html462
-rw-r--r--id/server/doc/moa_id/api-doc/index.html26
-rw-r--r--id/server/doc/moa_id/api-doc/overview-frame.html50
-rw-r--r--id/server/doc/moa_id/api-doc/overview-summary.html165
-rw-r--r--id/server/doc/moa_id/api-doc/overview-tree.html155
-rw-r--r--id/server/doc/moa_id/api-doc/package-list5
-rw-r--r--id/server/doc/moa_id/api-doc/packages.html37
-rw-r--r--id/server/doc/moa_id/api-doc/resources/inherit.gifbin0 -> 57 bytes
-rw-r--r--id/server/doc/moa_id/api-doc/serialized-form.html169
-rw-r--r--id/server/doc/moa_id/api-doc/stylesheet.css29
-rw-r--r--id/server/doc/moa_id/examples/BKUSelectionTemplate.html52
-rw-r--r--id/server/doc/moa_id/examples/ChainingModes.txt6
-rw-r--r--id/server/doc/moa_id/examples/IdentityLinkSigners.txt9
-rw-r--r--id/server/doc/moa_id/examples/LoginServletExample.txt171
-rw-r--r--id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml148
-rw-r--r--id/server/doc/moa_id/examples/Template.html50
-rw-r--r--id/server/doc/moa_id/examples/TransformsInfoAuthBlock.txt35
-rw-r--r--id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml103
-rw-r--r--id/server/doc/moa_id/examples/conf/OAConfBasicAuth.xml9
-rw-r--r--id/server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml10
-rw-r--r--id/server/doc/moa_id/examples/conf/OAConfParamAuth.xml10
-rw-r--r--id/server/doc/moa_id/examples/moa-id-env.sh.txt15
-rw-r--r--id/server/doc/moa_id/examples/startTomcat.bat.txt26
-rw-r--r--id/server/doc/moa_id/faqs.htm217
-rw-r--r--id/server/doc/moa_id/id-admin.htm317
-rw-r--r--id/server/doc/moa_id/id-admin_1.htm539
-rw-r--r--id/server/doc/moa_id/id-admin_2.htm1417
-rw-r--r--id/server/doc/moa_id/id-admin_3.htm204
-rw-r--r--id/server/doc/moa_id/id-anwendung.htm104
-rw-r--r--id/server/doc/moa_id/id-anwendung_1.htm205
-rw-r--r--id/server/doc/moa_id/id-anwendung_2.htm247
-rw-r--r--id/server/doc/moa_id/links.htm141
-rw-r--r--id/server/doc/moa_id/moa-id-ablauf.jpgbin0 -> 15550 bytes
-rw-r--r--id/server/doc/moa_id/moa.htm248
-rw-r--r--id/server/doc/moa_images/east.gifbin0 -> 966 bytes
-rw-r--r--id/server/doc/moa_images/idle.gifbin0 -> 869 bytes
-rw-r--r--id/server/doc/moa_images/moa_diagramm1.jpgbin0 -> 60602 bytes
-rw-r--r--id/server/doc/moa_images/moa_thema.gifbin0 -> 25120 bytes
-rw-r--r--id/server/doc/moa_images/north.gifbin0 -> 967 bytes
-rw-r--r--id/server/doc/moa_images/pfeil.gifbin0 -> 843 bytes
-rw-r--r--id/server/doc/moa_images/print.gifbin0 -> 211 bytes
-rw-r--r--id/server/doc/moa_images/select.gifbin0 -> 880 bytes
-rw-r--r--id/server/doc/moa_images/south.gifbin0 -> 965 bytes
-rw-r--r--id/server/doc/moa_images/transdot.gifbin0 -> 43 bytes
-rw-r--r--id/server/doc/moa_images/west.gifbin0 -> 966 bytes
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java159
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java34
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java1019
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java75
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java163
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java88
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java146
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java156
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java49
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java84
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java83
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java150
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java60
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java91
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java206
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java383
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java73
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java137
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java266
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java65
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java129
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java101
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java172
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java348
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java79
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java26
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java63
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java177
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java92
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java193
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java72
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java157
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java319
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java165
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java156
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java202
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java75
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java99
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java120
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java107
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java274
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java159
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java32
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java177
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java894
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java31
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java128
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java106
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java414
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java268
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java360
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java135
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java173
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java184
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java268
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java188
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java394
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java119
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java114
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java111
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java59
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java96
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java66
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java51
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java186
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java119
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java64
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java149
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java142
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java249
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java211
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java86
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java37
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java82
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java95
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java39
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java678
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java422
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java55
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java143
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java158
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java100
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java35
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java879
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java212
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java572
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java76
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java68
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java374
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java62
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java22
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java180
-rw-r--r--id/server/idserverlib/src/test/java/test/MOAIDTestCase.java203
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java171
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test200VerifyIdentityLink.java369
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java609
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test400GetAuthenticationData.java137
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test500StartAuthenticationServlet.java305
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java281
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/A/Test700SelectBKU.java63
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java163
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/AllTests.java49
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/C/Test100Konfiguration.java60
-rw-r--r--id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java146
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/AllTests.java41
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java35
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java56
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java47
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java33
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java47
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java105
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java73
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java29
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java51
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java52
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java93
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java38
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java166
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java29
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java137
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java67
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java55
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java91
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java112
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java127
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/AllTests.java31
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java462
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java32
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java19
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java180
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java92
-rw-r--r--id/server/idserverlib/src/test/java/test/lasttest/Dispatcher.java64
-rw-r--r--id/server/idserverlib/src/test/java/test/lasttest/HostnameVerifierHack.java13
-rw-r--r--id/server/idserverlib/src/test/java/test/lasttest/LasttestClient.java218
-rw-r--r--id/server/idserverlib/src/test/java/test/lasttest/TestThread.java251
-rw-r--r--id/server/proxy/src/main/webapp/WEB-INF/web.xml82
-rw-r--r--id/server/proxy/src/main/webapp/errorpage-proxy.jsp50
-rw-r--r--id/server/proxy/src/main/webapp/message-proxy.jsp20
-rw-r--r--id/server/resources/properties/id_messages_de.properties158
-rw-r--r--id/server/resources/wsdl/MOA-ID-1.0.wsdl40
-rw-r--r--id/server/resources/wsdl/MOA-ID-1.x.wsdl40
-rw-r--r--id/server/resources/wsdl/MOA-SPSS-1.2.xsd454
-rw-r--r--id/server/resources/xmldata/CertInfoDsigSignature.xml139
-rw-r--r--id/server/services/org.apache.axis.components.net.SecureSocketFactory1
-rw-r--r--id/templates/src/main/webapp/SampleBKUSelectionTemplate.html52
-rw-r--r--id/templates/src/main/webapp/SampleLogo.gifbin0 -> 24664 bytes
-rw-r--r--id/templates/src/main/webapp/SampleTemplate.html62
-rw-r--r--id/templates/src/main/webapp/WEB-INF/web.xml9
-rw-r--r--id/templates/src/main/webapp/css/display.css52
-rw-r--r--id/templates/src/main/webapp/css/main.css74
-rw-r--r--id/templates/src/main/webapp/valid-html401.gifbin0 -> 2328 bytes
414 files changed, 47098 insertions, 0 deletions
diff --git a/id/oa/src/main/webapp/WEB-INF/web.xml b/id/oa/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 000000000..13158fdaa
--- /dev/null
+++ b/id/oa/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
+
+<web-app>
+ <display-name>Sample OA</display-name>
+ <description>MOA Sample OA</description>
+</web-app>
+
diff --git a/id/oa/src/main/webapp/auth.jsp b/id/oa/src/main/webapp/auth.jsp
new file mode 100644
index 000000000..0b563a83e
--- /dev/null
+++ b/id/oa/src/main/webapp/auth.jsp
@@ -0,0 +1,48 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login</title>
+</head>
+<body>
+<% /** assumes moa-id-auth and oa in the same servlet container,
+ and moa-id-proxy on a different fixed location */
+ String authUrlPath =
+ request.getScheme() + "://"
+ + request.getServerName() + ":" + request.getServerPort()
+ + "/moa-id-auth/";
+ String proxyUrlPath = "http://10.16.126.28:9080/moa-id-proxy/";
+ String oaUrlPath =
+ request.getScheme() + "://"
+ + request.getServerName() + ":" + request.getServerPort()
+ + "/oa/";
+ String params =
+ "Target=gb&" +
+ "OA=" + proxyUrlPath + "index.jsp";
+ String urlStartAuth =
+ authUrlPath +
+ "StartAuthentication?" +
+ params;
+ String templateParam =
+ "&Template=" + oaUrlPath + "AuthTemplate.jsp";
+ String urlStartAuthCustom =
+ urlStartAuth +
+ templateParam;
+ String urlSelectBKU =
+ authUrlPath +
+ "SelectBKU?" +
+ params;
+ String urlSelectBKUCustom =
+ urlSelectBKU +
+ templateParam +
+ "&BKUSelectionTemplate=" + oaUrlPath + "BKUSelectionTemplate.jsp";
+%>
+<a href="<%=urlStartAuth%>">Log in to sample application</a>
+<br>
+<a href="<%=urlStartAuthCustom%>">Log in to sample application using custom form</a>
+<br>
+<a href="<%=urlSelectBKU%>">Choose BKU (HTMLComplete or HTMLSelect) and log in</a>
+<br>
+<a href="<%=urlSelectBKUCustom%>">Choose BKU (HTMLSelect) using custom form and log in</a>
+<br>
+<a href="<%=authUrlPath+"StartAuthentication"%>">Wrong parameters example</a>
+</body>
+</html> \ No newline at end of file
diff --git a/id/oa/src/main/webapp/chooseBKU.jsp b/id/oa/src/main/webapp/chooseBKU.jsp
new file mode 100644
index 000000000..0135b6fdf
--- /dev/null
+++ b/id/oa/src/main/webapp/chooseBKU.jsp
@@ -0,0 +1,19 @@
+<html>
+<head>
+<title>BKU Auswahl</title>
+</head>
+<body>
+<h1>BKU Auswahl</h1>
+<p>
+<form method="post" action="<%=request.getParameter("returnURI")%>">
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
+<input type="submit" value="Ausw&auml;hlen"/>
+</form>
+</p>
+</body>
+</html> \ No newline at end of file
diff --git a/id/oa/src/main/webapp/form.jsp b/id/oa/src/main/webapp/form.jsp
new file mode 100644
index 000000000..d439fa84d
--- /dev/null
+++ b/id/oa/src/main/webapp/form.jsp
@@ -0,0 +1,20 @@
+<%@ page import="java.util.*" %>
+<html>
+<head>
+<title>Sample Online Application</title>
+</head>
+<body>
+<h1>Sample Form</h1>
+<p>
+<form action="form.jsp">
+<% String param1 = request.getParameter("param1");
+ if (param1 == null) param1 = ""; %>
+Input some text:
+<input type="text" name="param1" size="10"/>
+<br>Previous text input: <%=param1%><br>
+<input type="submit" value="Send"/>
+</form>
+</p>
+<p><a href="index.jsp">Back</a></p>
+</body>
+</html> \ No newline at end of file
diff --git a/id/oa/src/main/webapp/getBKUSelectTag.jsp b/id/oa/src/main/webapp/getBKUSelectTag.jsp
new file mode 100644
index 000000000..028dbd348
--- /dev/null
+++ b/id/oa/src/main/webapp/getBKUSelectTag.jsp
@@ -0,0 +1,6 @@
+<select name="bkuURI">
+ <option value="http://localhost:3495/http-security-layer-request" selected>Lokale B&uuml;rgerkarte</option>
+ <option value="https://provider1.at:3496/http-security-layer-request">Provider eins</option>
+ <option value="https://provider2.at:3496/http-security-layer-request">Provider zwei</option>
+ <option value="https://10.16.126.28:3496/http-security-layer-request">B&uuml;rgerkarte Arbeitsplatz Paul Ivancsics</option>
+</select>
diff --git a/id/oa/src/main/webapp/index.jsp b/id/oa/src/main/webapp/index.jsp
new file mode 100644
index 000000000..35e49d743
--- /dev/null
+++ b/id/oa/src/main/webapp/index.jsp
@@ -0,0 +1,60 @@
+<%@ page import="java.util.*,javax.servlet.http.*,sun.misc.BASE64Decoder" %>
+<html>
+<head>
+<title>Sample Online Application</title>
+</head>
+<body>
+<h1>Sample Online Application</h1>
+
+<p>Request headers:
+<table border="1">
+ <%
+ /* collect parameters from request */
+ for (Enumeration headers = request.getHeaderNames(); headers.hasMoreElements(); ) {
+ String key = (String) headers.nextElement();
+ String value = request.getHeader(key); %>
+ <tr><td><%=key%></td><td><%=value%></td></tr>
+ <% } %>
+</table>
+</p>
+
+<% String query=request.getQueryString(); %>
+<p>QueryString: "<%=query%>"
+</p>
+
+<p>Request parameters:
+<table border="1">
+ <%
+ /* collect parameters from request */
+ for (Enumeration params = request.getParameterNames(); params.hasMoreElements(); ) {
+ String name = (String) params.nextElement();
+ String value = request.getParameter(name); %>
+ <tr><td><%=name%></td><td><%=value%></td></tr>
+ <% } %>
+</table>
+</p>
+
+<p>Cookies:
+<table border="1">
+ <%
+ /* collect attributes from request */
+ Cookie[] cookies = request.getCookies();
+ if (cookies != null) {
+ for (int i = 0; i < cookies.length; i++) {
+ Cookie cookie = cookies[i]; %>
+ <tr><td><%=cookie.getName()%></td><td><%=cookie.getValue()%></td></tr>
+ <% }
+ } %>
+</table>
+</p>
+
+<% String authHeader = request.getHeader("Authorization");
+ if (authHeader != null) {
+ authHeader = authHeader.substring(authHeader.indexOf(" ")+1);
+ String decAuthHeader = new String(new BASE64Decoder().decodeBuffer(authHeader));
+%>
+<p>Basic authentication credentials: <%=decAuthHeader%></p>
+<% } %>
+<p><a href="form.jsp">Form sample</a></p>
+</body>
+</html> \ No newline at end of file
diff --git a/id/oa/src/main/webapp/stateful_login.jsp b/id/oa/src/main/webapp/stateful_login.jsp
new file mode 100644
index 000000000..eaede507f
--- /dev/null
+++ b/id/oa/src/main/webapp/stateful_login.jsp
@@ -0,0 +1,29 @@
+<%@ page import="javax.servlet.http.*" %>
+<%
+ /* check request's remote IP address - must be moa-id-proxy's address */
+ String remoteIPAddress = request.getRemoteAddr();
+ if (! "127.0.0.1".equals(remoteIPAddress)) { /* Substitute "127.0.0.1" for moa-id-proxy's IP address */
+ response.setStatus(403);
+ return;
+ }
+
+ /* store authentication data in cookies */
+ String fn = request.getParameter("FamilyName");
+ String gn = request.getParameter("GivenName");
+ /* set cookie domain and cookie path ! */
+ String cookieDomain = ".test.test"; /* Set this to the common domain of moa-id-proxy and of the online application */
+ String cookiePath = request.getContextPath(); /* Set this to the context path of the online application */
+
+ Cookie cfn = new Cookie("familyname", fn);
+ cfn.setDomain(cookieDomain);
+ cfn.setPath(cookiePath);
+ response.addCookie(cfn);
+
+ Cookie cgn = new Cookie("givenname", gn);
+ cgn.setDomain(cookieDomain);
+ cgn.setPath(cookiePath);
+ response.addCookie(cgn);
+
+ /* redirect to online application's start page */
+ response.sendRedirect("http://oa.test.test:8080/oa/index.jsp"); /* Substitute for URL in online application */
+%>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd
new file mode 100644
index 000000000..0f0eb49d1
--- /dev/null
+++ b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd
@@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<deployment name="defaultClientConfig"
+ xmlns="http://xml.apache.org/axis/wsdd/"
+ xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"
+ xmlns:handler="http://xml.apache.org/axis/wsdd/providers/handler">
+
+ <handler name="URLMapper" type="java:org.apache.axis.handlers.http.URLMapper"/>
+ <handler name="MsgDispatcher" type="java:org.apache.axis.providers.java.MsgProvider"/>
+ <handler name="HTTPAuthHandler" type="java:org.apache.axis.handlers.http.HTTPAuthHandler"/>
+
+ <service name="GetAuthenticationData" provider="java:MSG">
+ <namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
+ <parameter name="allowedMethods" value="Request"/>
+ <parameter name="className" value="at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService"/>
+ <wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
+ <requestFlow>
+ </requestFlow>
+ <responseFlow>
+ </responseFlow>
+ </service>
+
+ <transport name="http">
+ <requestFlow>
+ <handler type="URLMapper"/>
+ <handler type="HTTPAuthHandler"/>
+ </requestFlow>
+ </transport>
+
+</deployment>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 000000000..603758fb8
--- /dev/null
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
+<web-app>
+ <display-name>MOA ID Auth</display-name>
+ <description>MOA ID Authentication Service</description>
+ <servlet>
+ <servlet-name>SelectBKU</servlet-name>
+ <display-name>SelectBKU</display-name>
+ <description>Select Bürgerkartenartenumgebung</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>StartAuthentication</servlet-name>
+ <display-name>StartAuthentication</display-name>
+ <description>Start authentication process</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <servlet-name>VerifyIdentityLink</servlet-name>
+ <display-name>VerifyIdentityLink</display-name>
+ <description>Verify identity link coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>VerifyAuthBlock</servlet-name>
+ <display-name>VerifyAuthBlock</display-name>
+ <description>Verify AUTH block coming from security layer</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <display-name>ConfigurationUpdate</display-name>
+ <description>Update MOA-ID Auth configuration from the configuration file</description>
+ <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
+ </servlet>
+ <servlet>
+ <servlet-name>AxisServlet</servlet-name>
+ <display-name>Apache-Axis Servlet</display-name>
+ <servlet-class>
+ org.apache.axis.transport.http.AxisServlet
+ </servlet-class>
+ </servlet>
+
+ <!-- JSP servlet -->
+ <servlet>
+ <servlet-name>jspservlet</servlet-name>
+ <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
+ </servlet>
+
+ <!-- servlet mapping for jsp pages -->
+ <!-- errorpage.jsp (customizeable) -->
+ <servlet-mapping>
+ <servlet-name>jspservlet</servlet-name>
+ <url-pattern>/errorpage-auth.jsp</url-pattern>
+ </servlet-mapping>
+ <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) -->
+ <servlet-mapping>
+ <servlet-name>jspservlet</servlet-name>
+ <url-pattern>/message-auth.jsp</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>SelectBKU</servlet-name>
+ <url-pattern>/SelectBKU</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>StartAuthentication</servlet-name>
+ <url-pattern>/StartAuthentication</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>VerifyIdentityLink</servlet-name>
+ <url-pattern>/VerifyIdentityLink</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>VerifyAuthBlock</servlet-name>
+ <url-pattern>/VerifyAuthBlock</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>AxisServlet</servlet-name>
+ <url-pattern>/services/*</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>30</session-timeout>
+ </session-config>
+ <error-page>
+ <error-code>500</error-code>
+ <location>/errorpage.jsp</location>
+ </error-page>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>ConfigurationUpdate</web-resource-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>moa-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>UserDatabase</realm-name>
+ </login-config>
+ <security-role>
+ <description>
+ The role that is required to log in to the moa Application
+ </description>
+ <role-name>moa-admin</role-name>
+ </security-role>
+</web-app>
diff --git a/id/server/auth/src/main/webapp/errorpage-auth.jsp b/id/server/auth/src/main/webapp/errorpage-auth.jsp
new file mode 100644
index 000000000..07f3e7f69
--- /dev/null
+++ b/id/server/auth/src/main/webapp/errorpage-auth.jsp
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>Ein Fehler ist aufgetreten</title>
+</head>
+<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
+ String errorMessage = (String)request.getAttribute("ErrorMessage");
+ String wrongParameters = (String)request.getAttribute("WrongParameters");
+%>
+
+<body>
+<h1>Fehler bei der Anmeldung</h1>
+<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
+
+<% if (errorMessage != null) { %>
+<p>
+<%= errorMessage%><br>
+</p>
+<% } %>
+<% if (exceptionThrown != null) { %>
+<p>
+<%= exceptionThrown.getMessage()%>
+</p>
+<% } %>
+<% if (wrongParameters != null) { %>
+<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
+<b> <%= wrongParameters %> </b><br>
+<p>
+ Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
+<% } %>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/index.jsp b/id/server/auth/src/main/webapp/index.jsp
new file mode 100644
index 000000000..733ba317f
--- /dev/null
+++ b/id/server/auth/src/main/webapp/index.jsp
@@ -0,0 +1,40 @@
+<html>
+<head>
+<title>MOA ID Auth Sample Login</title>
+</head>
+<body>
+<%
+ String urlPath =
+ request.getScheme() + "://"
+ + request.getServerName() + ":" + request.getServerPort()
+ + request.getContextPath() + "/";
+ String params =
+ "Target=gb&" +
+ "OA=https://localhost:8443/moa-id-proxy/index.jsp";
+ String urlStartAuth =
+ urlPath +
+ "StartAuthentication?" +
+ params;
+ String templateParam =
+ "&Template=http://localhost:18080/oa/AuthTemplate.jsp";
+ String urlStartAuthCustom =
+ urlStartAuth +
+ templateParam;
+ String urlSelectBKU =
+ urlPath +
+ "SelectBKU?" +
+ params;
+ String urlSelectBKUCustom =
+ urlSelectBKU +
+ templateParam +
+ "&BKUSelectionTemplate=http://localhost:18080/oa/BKUSelectionTemplate.jsp";
+%>
+<a href="<%=urlStartAuth%>">Log in to sample application</a>
+<br>
+<a href="<%=urlStartAuthCustom%>">Log in to sample application using custom form</a>
+<br>
+<a href="<%=urlSelectBKU%>">Choose BKU (HTMLComplete or HTMLSelect) and log in</a>
+<br>
+<a href="<%=urlSelectBKUCustom%>">Choose BKU (HTMLSelect) using custom form and log in</a>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/auth/src/main/webapp/message-auth.jsp b/id/server/auth/src/main/webapp/message-auth.jsp
new file mode 100644
index 000000000..0c28c1ba7
--- /dev/null
+++ b/id/server/auth/src/main/webapp/message-auth.jsp
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>MOA-ID AUTH</title>
+</head>
+<% String message = (String)request.getAttribute("Message");
+%>
+
+<body>
+<h1>MOA-ID AUTH</h1>
+
+<% if (message != null) { %>
+<p>
+<%= message%><br>
+</p>
+<% } %>
+
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/data/deploy/conf/Catalina/localhost/proxy.xml b/id/server/data/deploy/conf/Catalina/localhost/proxy.xml
new file mode 100644
index 000000000..eef60b953
--- /dev/null
+++ b/id/server/data/deploy/conf/Catalina/localhost/proxy.xml
@@ -0,0 +1,25 @@
+<!--
+
+ Context configuration file for the MOA-Proxy App
+
+ aus einer Tomcat 4.x.xx server.xml Datei:
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+
+-->
+<Context path="" docBase="${catalina.base}/webappsProxy/moa-id-proxy.war" privileged="true"
+
+ antiResourceLocking="false" antiJARLocking="false">
+
+<!--
+<ResourceLink name="users" global="UserDatabase"
+ type="org.apache.catalina.UserDatabase"/>
+-->
+
+ <!-- Uncomment this Valve to limit access to the Admin app to localhost
+ for obvious security reasons. Allow may be a comma-separated list of
+ hosts (or even regular expressions).
+ <Valve className="org.apache.catalina.valves.RemoteAddrValve"
+ allow="127.0.0.1"/>
+ -->
+
+</Context>
diff --git a/id/server/data/deploy/conf/moa-id/MOAIdentities.xsd b/id/server/data/deploy/conf/moa-id/MOAIdentities.xsd
new file mode 100644
index 000000000..91c7a6cc0
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/MOAIdentities.xsd
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" elementFormDefault="qualified" attributeFormDefault="unqualified">
+ <xs:element name="MOAIdentities">
+ <xs:annotation>
+ <xs:documentation>MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID</xs:documentation>
+ </xs:annotation>
+ <xs:complexType>
+ <xs:sequence maxOccurs="unbounded">
+ <xs:element name="Mapping">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element name="Identity">
+ <xs:complexType>
+ <xs:choice>
+ <xs:element name="NamedIdentity" type="tns:NamedIdentityType"/>
+ <xs:element name="bPKIdentity" type="tns:bPKIdentitiyType"/>
+ <xs:element name="wbPKIdentity" type="tns:wbPKIdentitiyType"/>
+ </xs:choice>
+ </xs:complexType>
+ </xs:element>
+ <xs:element name="Parameters" type="tns:ParametersType"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+ <xs:complexType name="wbPKIdentitiyType">
+ <xs:simpleContent>
+ <xs:extension base="xs:boolean">
+ <xs:attribute name="wbPK" type="xs:string" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="bPKIdentitiyType">
+ <xs:simpleContent>
+ <xs:extension base="xs:boolean">
+ <xs:attribute name="bPK" type="xs:string" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="NamedIdentityType">
+ <xs:simpleContent>
+ <xs:extension base="xs:boolean">
+ <xs:attribute name="SurName" type="xs:string" use="required"/>
+ <xs:attribute name="GivenName" type="xs:string" use="required"/>
+ <xs:attribute name="BirthDate" type="xs:string" use="optional"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ <xs:complexType name="ParametersType">
+ <xs:attribute name="UN" type="xs:string" use="optional"/>
+ <xs:attribute name="PW" type="xs:string" use="optional"/>
+ <xs:attribute name="Param1" type="xs:string" use="optional"/>
+ <xs:attribute name="Param2" type="xs:string" use="optional"/>
+ <xs:attribute name="Param3" type="xs:string" use="optional"/>
+ </xs:complexType>
+</xs:schema>
diff --git a/id/server/data/deploy/conf/moa-id/SampleIdentities.xml b/id/server/data/deploy/conf/moa-id/SampleIdentities.xml
new file mode 100644
index 000000000..fc6dc2ccf
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleIdentities.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration für den Einsatz der MOA-ID Proxy-Komponenten unter Einsatz eines speziellen XMLLoginParameterResolver
+ Damit kann unter Einsatz des XMLLoginParameterResolverPlainData (s.u.) eine Einschränkung von Benutzer für OA erfolgen. -->
+<!-- Beispiel für ein Element ProxyComponent in der MOA-ID Konfigurationsdatei welches den XMLLoginParameterResolverPlainData
+ mit der Benutzerdatei Identities.xml verwendet um sich über Basic Authentication (401) an einer Webseite anzumeldne -->
+
+
+<!--
+ <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"
+ loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.XMLLoginParameterResolverPlainData"
+ loginParameterResolverConfiguration="Identities.xml">
+ <ConnectionParameter URL="http://www.cio.gv.at/">
+ </ConnectionParameter>
+ </ProxyComponent>
+-->
+<MOAIdentities xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814 MOAIdentities.xsd">
+ <!-- Eintrag aller Benutzer mit Berechtigung -->
+ <!-- Die Daten müssen in der Schreibweise wie in der Personenbindung (= Schreibweise des ZMRs) eingegeben werden -->
+
+ <!-- Benutzerin Kunz -->
+ <Mapping>
+ <Identity>
+ <NamedIdentity SurName="Kunz" GivenName="Karin Stella" BirthDate="1900-01-01">1</NamedIdentity>
+ </Identity>
+ <Parameters UN="KunzKS" PW="geheim"/>
+ </Mapping>
+ <!-- Benutzer Mustermann -->
+ <Mapping>
+ <Identity>
+ <NamedIdentity SurName="Mustermann-Fall" GivenName="Max Moriz" BirthDate="1900-01-01">1</NamedIdentity>
+ </Identity>
+ <Parameters UN="MustMM" PW="höchst?Geheim"/>
+ </Mapping>
+</MOAIdentities>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
new file mode 100644
index 000000000..f8dbd4b13
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+ <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+ <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
new file mode 100644
index 000000000..51d62bd72
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur
+ Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+ <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Konfiguration fuer MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+ <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+ <!-- fuer MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://www.cio.gv.at/">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
new file mode 100644
index 000000000..8a9898792
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml
@@ -0,0 +1,118 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer
+ A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+ -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+ <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+ <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
new file mode 100644
index 000000000..b859fe758
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml
@@ -0,0 +1,138 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer
+ A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+ Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+ <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Konfiguration fuer MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+ <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+ <!-- fuer MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://www.cio.gv.at/">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
new file mode 100644
index 000000000..e5b49bbe1
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml
@@ -0,0 +1,121 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur
+ Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt;
+ Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+ <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH WID Modus -->
+ <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+ <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+ <IdentificationNumber>
+ <!-- Beispiel Firmenbuchnummer -->
+ <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+ </IdentificationNumber>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
new file mode 100644
index 000000000..4e7a8ae54
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml
@@ -0,0 +1,143 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur
+ Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt;
+ Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+ <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Konfiguration fuer MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH WID Modus -->
+ <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+ <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+ <IdentificationNumber>
+ <!-- Beispiel Firmenbuchnummer -->
+ <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+ </IdentificationNumber>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+
+ <!-- fuer MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://www.cio.gv.at/">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
new file mode 100644
index 000000000..1d5c410ec
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml
@@ -0,0 +1,123 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer
+ A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+ Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt,
+ Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+ <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH WID Modus -->
+ <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+ <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+ <IdentificationNumber>
+ <!-- Beispiel Firmenbuchnummer -->
+ <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+ </IdentificationNumber>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
new file mode 100644
index 000000000..2afa97e77
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer
+ A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext
+ Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt,
+ Harald Bratko, IAIK -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/>
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) -->
+ <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID>
+
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID>
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> -->
+ <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> -->
+
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) -->
+ <X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName>
+
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Konfiguration fuer MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+ <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH WID Modus -->
+ <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true">
+ <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens -->
+ <IdentificationNumber>
+ <!-- Beispiel Firmenbuchnummer -->
+ <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer>
+ </IdentificationNumber>
+ <!-->Lokale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; nur f&uuml;r diese Online Applikation<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet -->
+ <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> -->
+ <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> -->
+
+ <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> -->
+ <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU -->
+ <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> -->
+ </AuthComponent>
+ <!-- fuer MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://www.cio.gv.at/">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
new file mode 100644
index 000000000..debdb146c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/log4j.properties
@@ -0,0 +1,25 @@
+# commons-logging setup
+org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
+
+# define log4j root loggers
+log4j.rootLogger=info, stdout, R
+log4j.logger.moa=info
+log4j.logger.moa.spss.server=info
+log4j.logger.iaik.server=info
+log4j.logger.moa.id.auth=info
+log4j.logger.moa.id.proxy=info
+
+# configure the stdout appender
+log4j.appender.stdout=org.apache.log4j.ConsoleAppender
+log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
+#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
+log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
+
+# configure the rolling file appender (R)
+log4j.appender.R=org.apache.log4j.RollingFileAppender
+log4j.appender.R.File=${catalina.home}/logs/moa-id.log
+log4j.appender.R.MaxFileSize=10000KB
+log4j.appender.R.MaxBackupIndex=1
+log4j.appender.R.layout=org.apache.log4j.PatternLayout
+log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
+
diff --git a/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
new file mode 100644
index 000000000..fc99cea79
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/BasicOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
new file mode 100644
index 000000000..4d34c3646
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/HeaderOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <HeaderAuth>
+ <!-- zusaetzlicher Header GivenName -->
+ <Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header>
+ <Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header>
+ </HeaderAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
new file mode 100644
index 000000000..979faca95
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/ParamOAConfiguration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <ParamAuth>
+ <!-- URL Parameter GivenName und FamilyName -->
+ <Parameter Name="GivenName" Value="MOAGivenName"></Parameter>
+ <Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter>
+ </ParamAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
new file mode 100644
index 000000000..edbfe7aa5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/SampleOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml b/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
new file mode 100644
index 000000000..2cff3bd67
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAWBPK</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
new file mode 100644
index 000000000..01f724cc4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt
@@ -0,0 +1,21 @@
+TEMPLATES:
+==========
+Zweck:
+------
+Mithilfe von Templates können Sie das Aussehen der Seiten
+"Auswahl der Bürgerkartenumgebung" sowie "Anmeldung mit Bürgerkarte"
+anpassen. Damit können Sie zusätzliche Hintergrundinformationen (Wozu
+dient die Anmeldung, etc.) zu diesen Seiten hinzufügen und das Layout an
+Ihre sonstigen Anwendungen anpassen.
+
+Wenn Sie in den Beispielkonfigurationsdateien die Elmente
+"AuthComponent/Templates" oder "OnlineApplication/AuthComponent/Templates"
+aktivieren, dann werden die in diesem Verzeichnis enthaltenen Beispieltemplates
+geladen. Es sind dies sehr einfache Templates, die nur das Laden über die
+Konfigurationsdatei demonstrieren sollen. (Das Laden der Templates über
+die Konfigurationsdatei steht erst ab Version 1.3.1 zur Verfügung).
+Etwas aufwendigere Templates (mit CSS) finden Sie als eigene Webapplikation im
+Verzeichnis "/auth/templates" der entpackten Distribution.
+
+Nähere Informationen zu den Templates finden Sie im MOA-ID-Konfigurationshandbuch.
+
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
new file mode 100644
index 000000000..2f2ea6552
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleBKUSelectionTemplate.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Auswahl der B&uuuml;rgerkartenumgebung</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+</head>
+
+<body>
+
+<h1 align="center">Auswahl der B&uuml;rgerkartenumgebung</h1>
+
+<p></p>
+<p>Sie haben sich f&uuml;r Anmeldung mit Ihrer B&uuml;rgerkarte entschieden. Da es verschiedene Formen der B&uuml;rgerkarte gibt, m&uuml;ssen Sie nun w&auml;hlen, welche Sie bei der Anmeldung verwenden wollen.</p>
+<h3>Auswahl der B&uuml;rgerkarte</h3>
+<form name="CustomizedForm" method="post" action="<StartAuth>">
+ <BKUSelect>
+ <input type="submit" value="Ausw&auml;hlen"/>
+</form>
+<br/>
+<p></p>
+
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+<h4>Hinweise: </h4>
+<ul>
+ <li>
+ <p>Bei der Anmeldung mit einer <a href="http://www.a-trust.at/info.asp?node=337" target="_blank">A-Trust B&uuml;rgerkarte</a> oder Ihrer
+ <a href="http://www.chipkarte.at/esvapps/page/page.jsp?p_pageid=110&p_menuid=62182&p_id=2" target="_blank">E-CARD</a> ben&ouml;tigen Sie
+ eine funktionsf&auml;hige <a href="http://www.buergerkarte.at/" target="_blank">B&uuml;rgerkartensoftware</a> sowie einen passenden Kartenleser.</p>
+ </li>
+ <li>
+ <p>Bei der Anmeldung mit der <a href="http://www.a1.net/signatur" target="_blank">A1-Signatur</a> &uuml;ber Ihr Handy wird keine B&uuml;rgerkartensoftware und
+ kein Kartenleser ben&ouml;tigt.</p>
+ </li>
+</ul>
+
+<p align="right">&nbsp; </p>
+
+
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
new file mode 100644
index 000000000..83a6639e6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleTemplate.html
@@ -0,0 +1,56 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+</head>
+
+<body>
+
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
+
+<p></p>
+
+Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Wenn Sie in Folge die Schaltfl&auml;che "Anmeldung mit B&uuml;rgerkarte"
+aktivieren, so werden Sie zur Signatur der Anmeldedaten aufgefordert. Wenn Sie diese
+signieren, so werden Sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+
+<form name="CustomizedForm" action="<BKU>" method="post">
+ <div align="center">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<XMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<DataURL>"/>
+ <input type="hidden"
+ name="PushInfobox"
+ value="<PushInfobox>"/>
+ <input type="submit" value="Anmeldung mit B&uuml;rgerkarte" name="submit"/>
+ </div>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<CertInfoXMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<CertInfoDataURL>"/>
+
+
+<br/>
+<p></p>
+
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
new file mode 100644
index 000000000..915a6bf2f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml
@@ -0,0 +1,105 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">
+ .boldstyle {font-weight: bold; }
+ .italicstyle { font-style: italic; }
+ .annotationstyle { font-size: 0.8em; }
+ table { border:1px solid #000;}
+ td { border:1px solid #000; padding:4px;}
+ </style>
+ </head>
+ <body>
+<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+ <table>
+ <tr>
+ <td class="boldstyle">
+ Name:
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Geburtsdatum:
+ </td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Applikation:
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="boldstyle">
+ Geschäftsbereich:
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="boldstyle">
+ Anmeldeserver:
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Datum:
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Uhrzeit:
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="boldstyle">
+ wbPK (*):
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <p/>
+ <hr/>
+ <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
new file mode 100644
index 000000000..5089140b4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml
@@ -0,0 +1,44 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">
+ .boldstyle { font-weight: bold; }
+ .italicstyle { font-style: italic; }
+ .annotationstyle { font-size: 0.8em; }
+ </style>
+ </head>
+ <body>
+ <h1>Signatur der Anmeldedaten</h1>
+ <p/>
+ <h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </span>,
+geboren am
+<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4>
+ <p/>
+ <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </h4>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </h4>
+ <p/>
+ <hr/>
+ <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>application/xhtml+xml</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
new file mode 100644
index 000000000..07d926d14
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml
@@ -0,0 +1,49 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ </head>
+ <body>
+ <h1>Signatur der Anmeldedaten</h1>
+ <p/>
+ <h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>,
+ geboren am
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>,
+ den Zugang zur gesicherten Anwendung.</h4>
+ <p/>
+ <h4>Datum und Uhrzeit:
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>,
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </h4>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </h4>
+ <p/>
+ <hr/>
+ <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische
+ Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens
+ berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
new file mode 100644
index 000000000..05f91750c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml
@@ -0,0 +1,107 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ </head>
+ <body>
+ <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+ <table>
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geburtsdatum:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Datum:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Uhrzeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td>
+ <b>wbPK (*):</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <p/>
+ <hr/>
+ <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen
+ Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige
+ Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
new file mode 100644
index 000000000..008a59d8e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
+<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <cfg:SignatureVerification>
+ <cfg:CertificateValidation>
+ <cfg:PathConstruction>
+ <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
+ <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
+ <cfg:CertificateStore>
+ <cfg:DirectoryStore>
+ <cfg:Location>certstore</cfg:Location>
+ </cfg:DirectoryStore>
+ </cfg:CertificateStore>
+ </cfg:PathConstruction>
+ <cfg:PathValidation>
+ <cfg:ChainingMode>
+ <cfg:DefaultMode>pkix</cfg:DefaultMode>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ </cfg:ChainingMode>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ </cfg:PathValidation>
+ <cfg:RevocationChecking>
+ <cfg:EnableChecking>true</cfg:EnableChecking>
+ <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
+ <cfg:ServiceOrder>
+ <cfg:Service>CRL</cfg:Service>
+ <cfg:Service>OCSP</cfg:Service>
+ </cfg:ServiceOrder>
+ <cfg:Archiving>
+ <cfg:EnableArchiving>false</cfg:EnableArchiving>
+ <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
+ <cfg:Archive>
+ <cfg:DatabaseArchive>
+ <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
+ <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
+ </cfg:DatabaseArchive>
+ </cfg:Archive>
+ </cfg:Archiving>
+ </cfg:RevocationChecking>
+ </cfg:CertificateValidation>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlock</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlock.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlock_deprecated</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlock_deprecated.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockText</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockText.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>MOAIDTransformAuthBlockText_deprecated</cfg:Id>
+ <cfg:Location>profiles/MOAIDTransformAuthBlockText_deprecated.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ </cfg:SignatureVerification>
+</cfg:MOAConfiguration>
diff --git a/id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden(pwd=allekunden).p12 b/id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden(pwd=allekunden).p12
new file mode 100644
index 000000000..8827ed99c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden(pwd=allekunden).p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden.der b/id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden.der
new file mode 100644
index 000000000..332aa817a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/keys/common/moa-signaturdienst-allekunden.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1(pwd=kunde1).p12 b/id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1(pwd=kunde1).p12
new file mode 100644
index 000000000..4499ab52b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1(pwd=kunde1).p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1.der b/id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1.der
new file mode 100644
index 000000000..63ba5cce5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/keys/customer1/moa-signaturdienst-kunde1.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2(pwd=kunde2).p12 b/id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2(pwd=kunde2).p12
new file mode 100644
index 000000000..5b7631133
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2(pwd=kunde2).p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2.der b/id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2.der
new file mode 100644
index 000000000..4f87134e7
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/keys/customer2/moa-signaturdienst-kunde2.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/keys/customerBMI/moa-signaturdienst-strafregisterbescheinigung.p12 b/id/server/data/deploy/conf/moa-spss/keys/customerBMI/moa-signaturdienst-strafregisterbescheinigung.p12
new file mode 100644
index 000000000..c5a43deca
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/keys/customerBMI/moa-signaturdienst-strafregisterbescheinigung.p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
new file mode 100644
index 000000000..6ed91ddc3
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">
+ .boldstyle {font-weight: bold; }
+ .italicstyle { font-style: italic; }
+ .annotationstyle { font-size: 0.8em; }
+ table { border:1px solid #000;}
+ td { border:1px solid #000; padding:4px;}
+ </style>
+ </head>
+ <body>
+<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+ <table>
+ <tr>
+ <td class="boldstyle">
+ Name:
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Geburtsdatum:
+ </td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Applikation:
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td class="boldstyle">
+ Geschäftsbereich:
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td class="boldstyle">
+ Anmeldeserver:
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Datum:
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td class="boldstyle">
+ Uhrzeit:
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td class="boldstyle">
+ wbPK (*):
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <p/>
+ <hr/>
+ <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
new file mode 100644
index 000000000..b116152c8
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ <style type="text/css" media="screen">
+ .boldstyle { font-weight: bold; }
+ .italicstyle { font-style: italic; }
+ .annotationstyle { font-size: 0.8em; }
+ </style>
+ </head>
+ <body>
+ <h1>Signatur der Anmeldedaten</h1>
+ <p/>
+ <h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle">
+ <xsl:value-of select="//@Issuer"/>
+ </span>,
+geboren am
+<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4>
+ <p/>
+ <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </h4>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </h4>
+ <p/>
+ <hr/>
+ <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
new file mode 100644
index 000000000..10854242e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ </head>
+ <body>
+ <h1>Signatur der Anmeldedaten</h1>
+ <p/>
+ <h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>,
+ geboren am
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>,
+ den Zugang zur gesicherten Anwendung.</h4>
+ <p/>
+ <h4>Datum und Uhrzeit:
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>,
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </h4>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </h4>
+ <p/>
+ <hr/>
+ <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische
+ Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens
+ berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
new file mode 100644
index 000000000..0c079da71
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml
@@ -0,0 +1,105 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:output method="xml" version="1.0" encoding="UTF-8" indent="yes"/>
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ </head>
+ <body>
+ <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p>
+ <table>
+ <tr>
+ <td>
+ <b>Name:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//@Issuer"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Geburtsdatum:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.
+ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Applikation:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
+ <tr>
+ <td>
+ <b>Geschäftsbereich:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
+ </td>
+ </tr>
+ </xsl:if>
+ <tr>
+ <td>
+ <b>Anmeldeserver:</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:NameIdentifier"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Datum:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,6,2)"/>.
+ <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
+ </td>
+ </tr>
+ <tr>
+ <td>
+ <b>Uhrzeit:</b>
+ </td>
+ <td>
+ <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>:
+ <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
+ </td>
+ </tr>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <tr>
+ <td>
+ <b>wbPK (*):</b>
+ </td>
+ <td>
+ <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
+ </td>
+ </tr>
+ </xsl:if>
+ </table>
+ <xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <p/>
+ <hr/>
+ <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen
+ Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige
+ Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6>
+ </xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+</VerifyTransformsInfoProfile>
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1(pwd=kunde1).p12 b/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1(pwd=kunde1).p12
new file mode 100644
index 000000000..33f76bf9c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1(pwd=kunde1).p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der b/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der
new file mode 100644
index 000000000..b6091332c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/trustedServers(pwd=servers).keystore b/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/trustedServers(pwd=servers).keystore
new file mode 100644
index 000000000..9c6c55359
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/customer1/trustedServers(pwd=servers).keystore
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2(pwd=kunde2).p12 b/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2(pwd=kunde2).p12
new file mode 100644
index 000000000..ec7bf8e48
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2(pwd=kunde2).p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der b/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der
new file mode 100644
index 000000000..20bc38e14
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/trustedServers(pwd=servers).keystore b/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/trustedServers(pwd=servers).keystore
new file mode 100644
index 000000000..d32a22f0f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/customer2/trustedServers(pwd=servers).keystore
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server(pwd=server).p12 b/id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server(pwd=server).p12
new file mode 100644
index 000000000..af524d060
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server(pwd=server).p12
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server.der b/id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server.der
new file mode 100644
index 000000000..c3b3003d9
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/server/moa-ssl-server.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/tomcat(pwd=server).keystore b/id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/tomcat(pwd=server).keystore
new file mode 100644
index 000000000..780e58934
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/tomcat(pwd=server).keystore
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/trustedClients(pwd=clients).keystore b/id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/trustedClients(pwd=clients).keystore
new file mode 100644
index 000000000..908e00b42
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/sslKeys/tomcat/trustedClients(pwd=clients).keystore
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer
new file mode 100644
index 000000000..836ba3767
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Enc-01-SN0450(CertifiedKeypair_alt).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cer
new file mode 100644
index 000000000..28cb48bb0
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-TrustSignTest-Sig-01-SN0588(SecureSignatureKeypair_alt).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
new file mode 100644
index 000000000..8c434777e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
new file mode 100644
index 000000000..efa28178e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
new file mode 100644
index 000000000..3be7b6a06
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCACrypt-SN04(CertifiedKeypair).der b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCACrypt-SN04(CertifiedKeypair).der
new file mode 100644
index 000000000..d3c213711
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCACrypt-SN04(CertifiedKeypair).der
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDljCCAwOgAwIBAgIBBDAJBgUrDgMCHQUAMHQxCzAJBgNVBAYTAkFUMSwwKgYD
+VQQKEyNTdGFic3RlbGxlIElLVC1TdHJhdGVnaWUgZGVzIEJ1bmRlczEeMBwGA1UE
+CxMVVGVjaG5payB1bmQgU3RhbmRhcmRzMRcwFQYDVQQDEw5UZXN0IENBIC0gUm9v
+dDAeFw0wNDA1MTgxMzQ1NTdaFw0wOTEyMzEyMjU5MzBaMIGGMQswCQYDVQQGEwJB
+VDEsMCoGA1UEChMjU3RhYnN0ZWxsZSBJS1QtU3RyYXRlZ2llIGRlcyBCdW5kZXMx
+HjAcBgNVBAsTFVRlY2huaWsgdW5kIFN0YW5kYXJkczEpMCcGA1UEAxQgVGVzdCBD
+QSAtIFZlcnNjaGz8c3NlbHVuZyBC/HJnZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0A
+MIGJAoGBALmykoSgYUpJiaK5NlC5jTcMQikEIB6kOdS7e82DBbT5G13zQeuiNBA2
+KzLMPMBK62Go+ZV8w94N5cSm2auuempVAHNF80ao9G3wYgK0xOVZXvf/145o8TIw
+StPPckmVPL2OPa8/DIB8tqNjblFxy+XcBnTQMLKaxYSzwA/zULoNAgMBAAGjggEr
+MIIBJzAOBgNVHQ8BAf8EBAMCAcYwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4E
+FgQUjRMKvtgH3PngerFS/Rt+vuEDbLMwXQYDVR0gBFYwVDBSBgwrBgEEAZUSAQID
+AQEwQjBABggrBgEFBQcCAjA0GjJEaWVzZXMgWmVydGlmaWthdCBpc3QgbnVyIGb8
+ciBUZXN0endlY2tlIGdlZWlnbmV0LjA5BgNVHR8EMjAwMC6gLKAqhihodHRwOi8v
+bGFicy5jaW8uZ3YuYXQvdGVtcC9jcmxzL3Jvb3QuY3JsMBQGByooAAoBAQEECQwH
+QktBLUlLVDARBglghkgBhvhCAQEEBAMCAQIwHwYDVR0jBBgwFoAUZWxSwiqQLpxu
+4vk3Op4dYHG46XswCQYFKw4DAh0FAAOBgQAnuY7RPFXLpO2hb3h1B0cy5p861j6E
+eD+c/ZKAGqIh4kh3A65D8Zl90GSv9vV4L03dnN5hc7rm/bwKzDI57/PI2dL0H/S4
+OOl4tt4fZmjN8Xrv3oJxNEa+6AJ8TGCcouc/Eqxnpc0SxkP6UQrA8J8RM/8fk05U
+DAyTZbTQ5wPIhA==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCASig-SN03(SecureSignatureKeypair).der b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCASig-SN03(SecureSignatureKeypair).der
new file mode 100644
index 000000000..807fa786c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/Stabsstelle-TestCASig-SN03(SecureSignatureKeypair).der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer
new file mode 100644
index 000000000..fc5bd433b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN16f8(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer
new file mode 100644
index 000000000..f3cf5e676
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Enc-01SN4848(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..28fbdf42f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN16f9(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..c9da41583
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Premium-Sig-01SN484a(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cer
new file mode 100644
index 000000000..06b40aa67
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cer
new file mode 100644
index 000000000..7e9fd5b0b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cer
new file mode 100644
index 000000000..da38ce028
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
new file mode 100644
index 000000000..8c434777e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
new file mode 100644
index 000000000..efa28178e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
new file mode 100644
index 000000000..3be7b6a06
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cer
new file mode 100644
index 000000000..06b40aa67
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom.A1 Signatur.20040326-20140326.SerNo6646(SecureSignatureKeypair_CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cer
new file mode 100644
index 000000000..7e9fd5b0b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20060912-20110912_SerNo027866.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cer
new file mode 100644
index 000000000..da38ce028
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/mobilkom_A1-Signatur_20070501-20120501_SerNo6650.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustprofiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
Binary files differ
diff --git a/id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt
new file mode 100644
index 000000000..e23ebad6e
--- /dev/null
+++ b/id/server/data/deploy/templates/LIESMICH_TEMPLATES.txt
@@ -0,0 +1,39 @@
+TEMPLATES:
+==========
+Zweck:
+------
+Mithilfe von Templates können Sie das Aussehen der Seiten
+"Auswahl der Bürgerkartenumgebung" sowie "Anmeldung mit Bürgerkarte"
+anpassen. Damit können Sie zusätzliche Hintergrundinformationen (Wozu
+dient die Anmeldung, etc.) zu diesen Seiten hinzufügen und das Layout an
+Ihre sonstigen Anwendungen anpassen.
+
+Wird kein Template mit den Parametern Template und BKUSelectionTemplate
+angegeben, so wird defaultmäßig jew. eine schlichte "neutrale" Variante
+angezeigt.
+
+Bei der Erstellung von Template muss die Form gemäß MOA-ID Dokumentation
+Abschnitt: "Aufruf von MOA-ID" (id-anwendung_1.htm) eingehalten werden.
+
+Templates können Grundsätzlich von jeder HTTP Adresse abgerufen
+werden, d.h. sie können auf einen belibigen Webserver abgelegt werden.
+
+
+Anwendung des Beispiels:
+------------------------
+Wenn Sie keinen anderen Webserver zum Ablegen der Templates verwenden möchten,
+so kann die Webcontainer Fähigkeit von Tomcat für die Ablage der HTML-Templates
+genutzt werden. Ein einfaches Beispiel mit den beiden Templates
+"SampleBKUSelectionTemplate.html" sowie "SampleTemplate.html" findet sich im
+WAR Archiv moaid-templates.war
+
+
+Wenn dieses WAR Archiv in das webapps Verzeichnis von Tomcat gestellt wird, so
+wird diese automatisch entpackt und deployed. In Folge können Sie die Template
+Dateien per Parameter beim Aufruf von MOA-ID angeben.
+
+Beispiel Link mit Einsatz von Template:
+https://localhost:8443/moa-id-auth/SelectBKU?Target=Test-Bereich&OA=https://localhost:8443/&BKUSelectionTemplate=http://localhost:8080/moaid-templates/SampleBKUSelectionTemplate.html&Template=http://localhost:8080/moaid-templates/SampleTemplate.html
+
+
+Sie können diese beiden Templates als Vorlage für eigene Designs verwenden. \ No newline at end of file
diff --git a/id/server/data/deploy/templates/moaid-templates.war b/id/server/data/deploy/templates/moaid-templates.war
new file mode 100644
index 000000000..72b034d5c
--- /dev/null
+++ b/id/server/data/deploy/templates/moaid-templates.war
Binary files differ
diff --git a/id/server/data/deploy/tomcat/server.mod_jk.xml b/id/server/data/deploy/tomcat/server.mod_jk.xml
new file mode 100644
index 000000000..b32cf7844
--- /dev/null
+++ b/id/server/data/deploy/tomcat/server.mod_jk.xml
@@ -0,0 +1,162 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443" acceptCount="10" debug="0"
+ connectionTimeout="0" useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log."
+ suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ </Engine>
+ </Service>
+</Server> \ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/server.xml b/id/server/data/deploy/tomcat/server.xml
new file mode 100644
index 000000000..2fd7b6439
--- /dev/null
+++ b/id/server/data/deploy/tomcat/server.xml
@@ -0,0 +1,171 @@
+<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8080" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443" acceptCount="100"
+ debug="0" connectionTimeout="20000" useURIValidationHack="false"
+ disableUploadTimeout="true"/>
+ <!-- Note : To disable connection timeouts, set connectionTimeout value to -1 -->
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8443" minProcessors="5" maxProcessors="75"
+ enableLookups="uri" acceptCount="100" debug="0" scheme="https"
+ secure="true" useURIValidationHack="false"
+ disableUploadTimeout="true">
+ <Factory
+ className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
+ clientAuth="false" protocol="TLS"/>
+ </Connector>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log."
+ suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ </Engine>
+ </Service>
+</Server> \ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/tomcat-util-4.1.27-patched/tomcat-util.jar b/id/server/data/deploy/tomcat/tomcat-util-4.1.27-patched/tomcat-util.jar
new file mode 100644
index 000000000..62c7645b9
--- /dev/null
+++ b/id/server/data/deploy/tomcat/tomcat-util-4.1.27-patched/tomcat-util.jar
Binary files differ
diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
new file mode 100644
index 000000000..6dc0289d5
--- /dev/null
+++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
@@ -0,0 +1,28 @@
+#! /bin/bash
+
+export JAVA_HOME= <insert java home directory (no trailing path separator)>
+export CATALINA_HOME= <insert Tomcat 4.1.x home directory (no trailing path separator)>
+export CATALINA_BASE=$CATALINA_HOME
+
+CONFIG_OPT=-Dmoa.id.configuration=$CATALINA_BASE/conf/moa-id/SampleMOAIDConfiguration.xml
+LOGGING_OPT=-Dlog4j.configuration=file:$CATALINA_BASE/conf/moa-id/log4j.properties
+SPSS_OPT=-Dmoa.spss.server.configuration=$CATALINA_BASE/conf/moa-spss/SampleMOASPSSConfiguration.xml
+
+#TRUST_STORE_OPT=-Djavax.net.ssl.trustStore=$CATALINA_BASE/conf/moa-spss/keys/clients/trustedMOAClients-password=changeit.keystore
+#TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit
+#TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks
+
+export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $SPSS_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT"
+
+echo CATALINA_HOME: $CATALINA_HOME
+echo CATALINA_BASE: $CATALINA_BASE
+echo CATALINA_OPTS: $CATALINA_OPTS
+
+echo
+echo Moving old log files to logs\backup
+mv logs/*.out logs/backup
+mv logs/*.txt logs/backup
+mv logs/*.log logs/backup
+
+cd $CATALINA_HOME
+./bin/startup.sh
diff --git a/id/server/data/deploy/tomcat/unix/tomcat-stop.sh b/id/server/data/deploy/tomcat/unix/tomcat-stop.sh
new file mode 100644
index 000000000..82e4ffcfe
--- /dev/null
+++ b/id/server/data/deploy/tomcat/unix/tomcat-stop.sh
@@ -0,0 +1,7 @@
+#! /bin/bash
+
+export JAVA_HOME= <insert java home directory (no trailing path separator)>
+export CATALINA_HOME= <insert Tomcat 4.1.x home directory (no trailing path separator)>
+
+cd $CATALINA_HOME
+./bin/shutdown.sh \ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/uriworkermap.properties b/id/server/data/deploy/tomcat/uriworkermap.properties
new file mode 100644
index 000000000..32b4c1f50
--- /dev/null
+++ b/id/server/data/deploy/tomcat/uriworkermap.properties
@@ -0,0 +1,9 @@
+# a sample mod_jk uriworkermap.properties file for mapping
+# MOA-ID-AUTH and MOA-ID-PROXY web service requests to workers
+#
+# omit the mappings you don't need
+
+#/moa-id-auth/*=moaworker
+
+#forward all requests to tomcat (e.g.)
+/*=moaworker \ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat
new file mode 100644
index 000000000..f6ebc3613
--- /dev/null
+++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat
@@ -0,0 +1,26 @@
+rem ----------------------------------------------------------------------------------------------
+rem Modify these entries according to your needs
+
+rem JDK home directory (no trailing path separator)
+set JAVA_HOME=<jdk home directory>
+
+rem Tomcat 4.1.x home directory (no trailing path separator)
+set CATALINA_HOME=<Tomcat 4.1.x home directory>
+
+rem ----------------------------------------------------------------------------------------------
+
+set CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=%CATALINA_HOME%/conf/moa-spss/SampleMOASPSSConfiguration.xml
+set CONFIG_OPT_ID=-Dmoa.id.configuration=%CATALINA_HOME%/conf/moa-id/SampleMOAIDConfiguration.xml
+set LOGGING_OPT=-Dlog4j.configuration=file:%CATALINA_HOME%/conf/moa-id/log4j.properties
+
+set PARAMS_MOA=%CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT%
+
+rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
+rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
+rem set PARAM_TRUST_STORE_TYPE=-Djavax.net.ssl.trustStoreType=jks
+rem set PARAMS_SSL=%PARAM_TRUST_STORE% %PARAM_TRUST_STORE_PASS% %PARAM_TRUST_STORE_TYPE%
+
+set CATALINA_OPTS=%PARAMS_MOA% %PARAMS_SSL%
+
+cd %CATALINA_HOME%
+bin\catalina.bat start \ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/win32/stopTomcat.bat b/id/server/data/deploy/tomcat/win32/stopTomcat.bat
new file mode 100644
index 000000000..09dd83f2d
--- /dev/null
+++ b/id/server/data/deploy/tomcat/win32/stopTomcat.bat
@@ -0,0 +1,13 @@
+rem ----------------------------------------------------------------------------------------------
+rem Modify these entries according to your needs
+
+rem JDK home directory (no trailing path separator)
+set JAVA_HOME=<jdk home directory>
+
+rem Tomcat 4.1.x home directory (no trailing path separator)
+set CATALINA_HOME=<Tomcat 4.1.x home directory>
+
+rem ----------------------------------------------------------------------------------------------
+
+cd %CATALINA_HOME%
+bin\catalina.bat stop \ No newline at end of file
diff --git a/id/server/data/deploy/tomcat/workers.properties b/id/server/data/deploy/tomcat/workers.properties
new file mode 100644
index 000000000..9350ddc77
--- /dev/null
+++ b/id/server/data/deploy/tomcat/workers.properties
@@ -0,0 +1,6 @@
+# a sample workers.properties file defining a single mod_jk worker
+
+worker.list=moaworker
+worker.moaworker.type=ajp13
+worker.moaworker.host=localhost
+worker.moaworker.port=8009
diff --git a/id/server/doc/Architektur ID.vsd b/id/server/doc/Architektur ID.vsd
new file mode 100644
index 000000000..d4678007a
--- /dev/null
+++ b/id/server/doc/Architektur ID.vsd
Binary files differ
diff --git a/id/server/doc/MOA ID 1.x.wsdl b/id/server/doc/MOA ID 1.x.wsdl
new file mode 100644
index 000000000..06daae8f1
--- /dev/null
+++ b/id/server/doc/MOA ID 1.x.wsdl
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by patrick peck (anecon) -->
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
+ <message name="GetAuthenticationDataInput">
+ <part name="body" element="samlp:Request"/>
+ </message>
+ <message name="GetAuthenticationDataOutput">
+ <part name="body" element="samlp:Response"/>
+ </message>
+ <message name="MOAFault">
+ <part name="body" element="moa:ErrorResponse"/>
+ </message>
+ <portType name="IdentificationPortType">
+ <operation name="getAuthenticationData">
+ <input message="tns:GetAuthenticationDataInput"/>
+ <output message="tns:GetAuthenticationDataOutput"/>
+ <fault name="MOAFault" message="tns:MOAFault"/>
+ </operation>
+ </portType>
+ <binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="getAuthenticationData">
+ <soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+ <input>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </input>
+ <output>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </output>
+ <fault name="MOAFault">
+ <soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </fault>
+ </operation>
+ </binding>
+ <service name="GetAuthenticationDataService">
+ <port name="IdentificationPort" binding="tns:IdentificationBinding">
+ <soap:address location="http://localhost/Identification"/>
+ </port>
+ </service>
+</definitions>
diff --git a/id/server/doc/MOA-ID Feinspezifikation.doc b/id/server/doc/MOA-ID Feinspezifikation.doc
new file mode 100644
index 000000000..e71ffa8e6
--- /dev/null
+++ b/id/server/doc/MOA-ID Feinspezifikation.doc
Binary files differ
diff --git a/id/server/doc/MOA-ID-Configuration-1.2.xsd b/id/server/doc/MOA-ID-Configuration-1.2.xsd
new file mode 100644
index 000000000..4b018db64
--- /dev/null
+++ b/id/server/doc/MOA-ID-Configuration-1.2.xsd
@@ -0,0 +1,350 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:element name="Binding" minOccurs="0" maxOccurs="1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="full"/>
+ <xsd:enumeration value="userName"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOABPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAStammzahl"/>
+ <xsd:enumeration value="MOAIdentificationValueType"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MOAKeyBoxSelector">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SecureSignatureKeypair"/>
+ <xsd:enumeration value="CertifiedKeypair"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der
+ Authentisierungs-Komponente</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der
+ Proxy-Komponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die
+ Zertifikatspfadvalidierung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
+ für jeden TrustAnchor gesetzt werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="dsig:X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" type="xsd:string" use="required"/>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelection" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+ </xsd:sequence>
+ <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem
+ Security-Layer</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
+ inkludiert</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der
+ Personenbindung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des
+ AUTH-Blocks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers des
+ IdentityLinks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für
+ die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.3.xsd b/id/server/doc/MOA-ID-Configuration-1.3.xsd
new file mode 100644
index 000000000..66c6e1832
--- /dev/null
+++ b/id/server/doc/MOA-ID-Configuration-1.3.xsd
@@ -0,0 +1,424 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" schemaLocation="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831/core/Core.20020225.xsd"/>
+ <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:element name="Binding" minOccurs="0">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="full"/>
+ <xsd:enumeration value="userName"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOABPK"/>
+ <xsd:enumeration value="MOAWBPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAStammzahl"/>
+ <xsd:enumeration value="MOAIdentificationValueType"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MOAKeyBoxSelector">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SecureSignatureKeypair"/>
+ <xsd:enumeration value="CertifiedKeypair"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der
+ Authentisierungs-Komponente</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der
+ Proxy-Komponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+ <xsd:attribute name="type" use="optional" default="publicService">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:NMTOKEN">
+ <xsd:enumeration value="businessService"/>
+ <xsd:enumeration value="publicService"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die
+ Zertifikatspfadvalidierung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
+ für jeden TrustAnchor gesetzt werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="dsig:X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+ <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+ <xsd:enumeration value="AuthenticationData.TimeOut"/>
+ <xsd:enumeration value="TrustManager.RevocationChecking"/>
+ <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+ <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelection" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+ </xsd:sequence>
+ <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem
+ Security-Layer</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der
+ Personenbindung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des
+ AUTH-Blocks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers des
+ IdentityLinks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
+ inkludiert</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="TemplatesType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="Template" type="TemplateType" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TemplateType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <!--xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="pr:AbstractSimpleIdentification"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element-->
+ <xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:choice>
+ <xsd:element ref="pr:Firmenbuchnummer"/>
+ <xsd:element ref="pr:ZMRzahl"/>
+ <xsd:element ref="pr:Vereinsnummer"/>
+ <xsd:element ref="pr:ERJPZahl"/>
+ <xsd:element name="AnyNumber">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0" maxOccurs="1" />
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ <xsd:attribute name="slVersion" use="optional" default="1.1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="1.1"/>
+ <xsd:enumeration value="1.2"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+ <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für
+ die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+</xsd:schema>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.xsd b/id/server/doc/MOA-ID-Configuration-1.4.xsd
new file mode 100644
index 000000000..66a9c0ed4
--- /dev/null
+++ b/id/server/doc/MOA-ID-Configuration-1.4.xsd
@@ -0,0 +1,505 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:element name="Binding" minOccurs="0">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="full"/>
+ <xsd:enumeration value="userName"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOABPK"/>
+ <xsd:enumeration value="MOAWBPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAStammzahl"/>
+ <xsd:enumeration value="MOAIdentificationValueType"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MOAKeyBoxSelector">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SecureSignatureKeypair"/>
+ <xsd:enumeration value="CertifiedKeypair"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der
+ Authentisierungs-Komponente</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der
+ Proxy-Komponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+ <xsd:attribute name="type" use="optional" default="publicService">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:NMTOKEN">
+ <xsd:enumeration value="businessService"/>
+ <xsd:enumeration value="publicService"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") für die
+ Zertifikatspfadvalidierung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
+ für jeden TrustAnchor gesetzt werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="dsig:X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswürdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+ <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+ <xsd:enumeration value="AuthenticationData.TimeOut"/>
+ <xsd:enumeration value="TrustManager.RevocationChecking"/>
+ <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+ <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelection" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+ </xsd:sequence>
+ <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem
+ Security-Layer</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet müssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dürfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP über das API
+ aufgerufen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der
+ Personenbindung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des
+ AUTH-Blocks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers des
+ IdentityLinks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest für die Signatur des AUTH-Blocks
+ inkludiert</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="TemplatesType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TemplateType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyInfoboxesType">
+ <xsd:annotation>
+ <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="DefaultTrustProfile" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Optionales DefaultTrustprofil für die Überprüfung aller weiteren Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Infobox" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Parameter für Überprüfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>optionalervName, der für Fehlermeldungen verwendet werden soll;
+ z.B.: "Stellvertretungen" für "Mandates"; fehlt dieser Parameter, dann wird
+ das Identifier-Attribut verwendet</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>TrustProfil, das für die Überprüfung der Infobox
+ verwendet werden soll</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Validatorklasse, die für die Prüfung der Infobox
+ verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
+ vom Default Package- und Klassennamen abweichen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+ <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen Prüfapplikation
+ übergeben werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="SchemaLocationType">
+ <xsd:annotation>
+ <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="Schema" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <!--xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="pr:AbstractSimpleIdentification"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element-->
+ <xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:choice>
+ <xsd:element ref="pr:Firmenbuchnummer"/>
+ <xsd:element ref="pr:ZMRzahl"/>
+ <xsd:element ref="pr:Vereinsnummer"/>
+ <xsd:element ref="pr:ERJPZahl"/>
+ <xsd:element name="AnyNumber">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="slVersion" use="optional" default="1.1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="1.1"/>
+ <xsd:enumeration value="1.2"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+ <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel, der für
+ die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+</xsd:schema>
diff --git a/id/server/doc/MOA_ID_1.2_20040315.pdf b/id/server/doc/MOA_ID_1.2_20040315.pdf
new file mode 100644
index 000000000..0c89c2730
--- /dev/null
+++ b/id/server/doc/MOA_ID_1.2_20040315.pdf
Binary files differ
diff --git a/id/server/doc/MOA_ID_1.3_20060315.pdf b/id/server/doc/MOA_ID_1.3_20060315.pdf
new file mode 100644
index 000000000..c9b0d160c
--- /dev/null
+++ b/id/server/doc/MOA_ID_1.3_20060315.pdf
Binary files differ
diff --git a/id/server/doc/MOA_ID_1.4_20070802.pdf b/id/server/doc/MOA_ID_1.4_20070802.pdf
new file mode 100644
index 000000000..a3a2f1177
--- /dev/null
+++ b/id/server/doc/MOA_ID_1.4_20070802.pdf
Binary files differ
diff --git a/id/server/doc/OID-1-0-3.pdf b/id/server/doc/OID-1-0-3.pdf
new file mode 100644
index 000000000..4beab3e41
--- /dev/null
+++ b/id/server/doc/OID-1-0-3.pdf
Binary files differ
diff --git a/id/server/doc/api-doc/allclasses-frame.html b/id/server/doc/api-doc/allclasses-frame.html
new file mode 100644
index 000000000..114c4b426
--- /dev/null
+++ b/id/server/doc/api-doc/allclasses-frame.html
@@ -0,0 +1,35 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+All Classes
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameHeadingFont">
+<B>All Classes</B></FONT>
+<BR>
+
+<TABLE BORDER="0" WIDTH="100%">
+<TR>
+<TD NOWRAP><FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" TARGET="classFrame">AuthenticationData</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" TARGET="classFrame">AuthenticationException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" TARGET="classFrame">AuthenticationServer</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" TARGET="classFrame"><I>ConnectionBuilder</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" TARGET="classFrame"><I>LoginParameterResolver</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" TARGET="classFrame">OAConfiguration</A>
+<BR>
+</FONT></TD>
+</TR>
+</TABLE>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html
new file mode 100644
index 000000000..313defcbc
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html
@@ -0,0 +1,171 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class AuthenticationException
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id</FONT>
+<BR>
+Class AuthenticationException</H2>
+<PRE>
+<B>at.gv.egovernment.moa.id.AuthenticationException</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationException</B></DL>
+
+<P>
+Exception thrown during handling of AuthenticationSession
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[])">AuthenticationException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A>[]&nbsp;parameters)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationException.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationException(java.lang.String, java.lang.Object[])"><!-- --></A><H3>
+AuthenticationException</H3>
+<PRE>
+public <B>AuthenticationException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A>[]&nbsp;parameters)</PRE>
+<DL>
+<DD>Constructor for AuthenticationException.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - &nbsp;</DL>
+</DD>
+</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html
new file mode 100644
index 000000000..7aaad7c68
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html
@@ -0,0 +1,259 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class AuthenticationServer
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.auth</FONT>
+<BR>
+Class AuthenticationServer</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">java.lang.Object</A>
+ |
+ +--<B>at.gv.egovernment.moa.id.auth.AuthenticationServer</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationServer</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></DL>
+
+<P>
+API for MOA ID Authentication Service.<br>
+ <CODE>AuthenticationSession</CODE> is stored in a session store and retrieved
+ by giving the session ID.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#AuthenticationServer()">AuthenticationServer</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationServer.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()">getInstance</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the single instance of <code>AuthenticationServer</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()">clone</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)">equals</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()">finalize</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()">getClass</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()">hashCode</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()">notify</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()">notifyAll</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()">toString</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationServer()"><!-- --></A><H3>
+AuthenticationServer</H3>
+<PRE>
+public <B>AuthenticationServer</B>()</PRE>
+<DL>
+<DD>Constructor for AuthenticationServer.</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getInstance()"><!-- --></A><H3>
+getInstance</H3>
+<PRE>
+public static <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A> <B>getInstance</B>()</PRE>
+<DL>
+<DD>Returns the single instance of <code>AuthenticationServer</code>.<DD><DL>
+<DT><B>Returns:</B><DD>the single instance of <code>AuthenticationServer</code></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthenticationData(java.lang.String)"><!-- --></A><H3>
+getAuthenticationData</H3>
+<PRE>
+public <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A> <B>getAuthenticationData</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A></PRE>
+<DL>
+<DD>Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ The <code>AuthenticationData</code> is deleted from the store upon end of this call.<DD><DL>
+<DT><B>Returns:</B><DD><code>AuthenticationData</code></DL>
+</DD>
+</DL>
+<HR>
+
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html
new file mode 100644
index 000000000..ece0242d9
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html
@@ -0,0 +1,114 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.auth.AuthenticationServer
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.auth.AuthenticationServer</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A> in at.gv.egovernment.moa.id.auth</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.auth that return <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()">getInstance</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the single instance of <code>AuthenticationServer</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html
new file mode 100644
index 000000000..96ff7f4af
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html
@@ -0,0 +1,194 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.AuthenticationException
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.AuthenticationException</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A> in at.gv.egovernment.moa.id.auth</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.auth that throw <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">selectBKU</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;bkuSelectionTemplateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;templateURL)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes request to select a BKU.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">startAuthentication</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;templateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;bkuURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;sessionID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes the beginning of an authentication session.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyIdentityLink(java.lang.String, java.lang.String)">verifyIdentityLink</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;xmlInfoboxReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;InfoboxReadResponse&gt;</code>
+ Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code>
+ Verifies identity link by calling the MOA SP component
+ Checks certificate authority of identity link
+ Stores identity link in the session
+ Creates an authentication block to be signed by the user
+ Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ containg the authentication block, meant to be returned to the
+ security layer implementation
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyAuthenticationBlock(java.lang.String, java.lang.String)">verifyAuthenticationBlock</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;xmlCreateXMLSignatureReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes
+ Parses authentication block enclosed in
+ <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Verifies authentication block by calling the MOA SP component
+ Creates authentication data
+ Creates a corresponding SAML artifact
+ Stores authentication data in the authentication data store
+ indexed by the SAML artifact
+ Deletes authentication session
+ Returns the SAML artifact, encoded BASE64
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;at.gv.egovernment.moa.id.auth.data.AuthenticationSession</CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getSession(java.lang.String)">getSession</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;id)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves a session from the session store.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html
new file mode 100644
index 000000000..ec020b79d
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html
@@ -0,0 +1,526 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class OAConfiguration
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.config.proxy</FONT>
+<BR>
+Class OAConfiguration</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">java.lang.Object</A>
+ |
+ +--<B>at.gv.egovernment.moa.id.config.proxy.OAConfiguration</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>OAConfiguration</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></DL>
+
+<P>
+Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ These include the login type (stateful or stateless), the HTTP authentication type,
+ and information needed to add authentication parameters or headers for a URL connection
+ to the remote online application.
+<P>
+<DL>
+<DT><B>See Also: </B><DD><code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code></DL>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#BASIC_AUTH">BASIC_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#HEADER_AUTH">HEADER_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATEFUL">LOGINTYPE_STATEFUL</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATELESS">LOGINTYPE_STATELESS</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#PARAM_AUTH">PARAM_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#OAConfiguration()">OAConfiguration</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getAuthType()">getAuthType</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the authType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthPasswordMapping()">getBasicAuthPasswordMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the basicAuthPasswordMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthUserIDMapping()">getBasicAuthUserIDMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the basicAuthUserIDMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getHeaderAuthMapping()">getHeaderAuthMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the headerAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getLoginType()">getLoginType</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the loginType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getParamAuthMapping()">getParamAuthMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the paramAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setAuthType(java.lang.String)">setAuthType</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authLoginType)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the authType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthPasswordMapping(java.lang.String)">setBasicAuthPasswordMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthPassword)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the basicAuthPasswordMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthUserIDMapping(java.lang.String)">setBasicAuthUserIDMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthUserID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the basicAuthUserIDMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setHeaderAuthMapping(java.util.HashMap)">setHeaderAuthMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;headerAuth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the headerAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setLoginType(java.lang.String)">setLoginType</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;loginType)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the loginType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setParamAuthMapping(java.util.HashMap)">setParamAuthMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;paramAuth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the paramAuthMapping.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()">clone</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)">equals</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()">finalize</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()">getClass</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()">hashCode</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()">notify</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()">notifyAll</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()">toString</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="LOGINTYPE_STATEFUL"><!-- --></A><H3>
+LOGINTYPE_STATEFUL</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>LOGINTYPE_STATEFUL</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="LOGINTYPE_STATELESS"><!-- --></A><H3>
+LOGINTYPE_STATELESS</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>LOGINTYPE_STATELESS</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="BASIC_AUTH"><!-- --></A><H3>
+BASIC_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>BASIC_AUTH</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="HEADER_AUTH"><!-- --></A><H3>
+HEADER_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>HEADER_AUTH</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="PARAM_AUTH"><!-- --></A><H3>
+PARAM_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>PARAM_AUTH</B></PRE>
+<DL>
+</DL>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="OAConfiguration()"><!-- --></A><H3>
+OAConfiguration</H3>
+<PRE>
+public <B>OAConfiguration</B>()</PRE>
+<DL>
+</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getBasicAuthPasswordMapping()"><!-- --></A><H3>
+getBasicAuthPasswordMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getBasicAuthPasswordMapping</B>()</PRE>
+<DL>
+<DD>Returns the basicAuthPasswordMapping.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getBasicAuthUserIDMapping()"><!-- --></A><H3>
+getBasicAuthUserIDMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getBasicAuthUserIDMapping</B>()</PRE>
+<DL>
+<DD>Returns the basicAuthUserIDMapping.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getHeaderAuthMapping()"><!-- --></A><H3>
+getHeaderAuthMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getHeaderAuthMapping</B>()</PRE>
+<DL>
+<DD>Returns the headerAuthMapping.<DD><DL>
+<DT><B>Returns:</B><DD>HashMap</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getLoginType()"><!-- --></A><H3>
+getLoginType</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getLoginType</B>()</PRE>
+<DL>
+<DD>Returns the loginType.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getParamAuthMapping()"><!-- --></A><H3>
+getParamAuthMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getParamAuthMapping</B>()</PRE>
+<DL>
+<DD>Returns the paramAuthMapping.<DD><DL>
+<DT><B>Returns:</B><DD>HashMap</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setBasicAuthPasswordMapping(java.lang.String)"><!-- --></A><H3>
+setBasicAuthPasswordMapping</H3>
+<PRE>
+public void <B>setBasicAuthPasswordMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthPassword)</PRE>
+<DL>
+<DD>Sets the basicAuthPasswordMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>basicAuthPasswordMapping</CODE> - The basicAuthPasswordMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setBasicAuthUserIDMapping(java.lang.String)"><!-- --></A><H3>
+setBasicAuthUserIDMapping</H3>
+<PRE>
+public void <B>setBasicAuthUserIDMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;basicAuthUserID)</PRE>
+<DL>
+<DD>Sets the basicAuthUserIDMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>basicAuthUserIDMapping</CODE> - The basicAuthUserIDMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setHeaderAuthMapping(java.util.HashMap)"><!-- --></A><H3>
+setHeaderAuthMapping</H3>
+<PRE>
+public void <B>setHeaderAuthMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;headerAuth)</PRE>
+<DL>
+<DD>Sets the headerAuthMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>headerAuthMapping</CODE> - The headerAuthMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setLoginType(java.lang.String)"><!-- --></A><H3>
+setLoginType</H3>
+<PRE>
+public void <B>setLoginType</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;loginType)</PRE>
+<DL>
+<DD>Sets the loginType.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>loginType</CODE> - The loginType to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setParamAuthMapping(java.util.HashMap)"><!-- --></A><H3>
+setParamAuthMapping</H3>
+<PRE>
+public void <B>setParamAuthMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html">HashMap</A>&nbsp;paramAuth)</PRE>
+<DL>
+<DD>Sets the paramAuthMapping.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>paramAuthMapping</CODE> - The paramAuthMapping to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthType()"><!-- --></A><H3>
+getAuthType</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getAuthType</B>()</PRE>
+<DL>
+<DD>Returns the authType.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setAuthType(java.lang.String)"><!-- --></A><H3>
+setAuthType</H3>
+<PRE>
+public void <B>setAuthType</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;authLoginType)</PRE>
+<DL>
+<DD>Sets the authType.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authType</CODE> - The authType to set</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html
new file mode 100644
index 000000000..c41742f7a
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html
@@ -0,0 +1,126 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.config.proxy.OAConfiguration
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.config.proxy.OAConfiguration</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A> in at.gv.egovernment.moa.id.proxy</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.proxy with parameters of type <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html
new file mode 100644
index 000000000..0a0906e25
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html
@@ -0,0 +1,751 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class AuthenticationData
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.data</FONT>
+<BR>
+Class AuthenticationData</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">java.lang.Object</A>
+ |
+ +--<B>at.gv.egovernment.moa.id.data.AuthenticationData</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationData</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></DL>
+
+<P>
+Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#AuthenticationData()">AuthenticationData</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationData.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getAssertionID()">getAssertionID</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the assertionID.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getDateOfBirth()">getDateOfBirth</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the dateOfBirth.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getFamilyName()">getFamilyName</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the familyName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getGivenName()">getGivenName</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the givenName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationValue()">getIdentificationValue</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the identificationValue.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssueInstant()">getIssueInstant</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the issueInstant.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssuer()">getIssuer</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the issuer.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;int</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getMajorVersion()">getMajorVersion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the majorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;int</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getMinorVersion()">getMinorVersion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the minorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getPublicAuthorityCode()">getPublicAuthorityCode</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the publicAuthorityCode.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getSamlAssertion()">getSamlAssertion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the samlAssertion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Date.html">Date</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getTimestamp()">getTimestamp</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the timestamp.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getVPK()">getVPK</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the vpk.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;boolean</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#isPublicAuthority()">isPublicAuthority</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the publicAuthority.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;boolean</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#isQualifiedCertificate()">isQualifiedCertificate</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the qualifiedCertificate.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setAssertionID(java.lang.String)">setAssertionID</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;assertionID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the assertionID.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setDateOfBirth(java.lang.String)">setDateOfBirth</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;dateOfBirth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the dateOfBirth.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setFamilyName(java.lang.String)">setFamilyName</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;gamilyName)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the familyName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setGivenName(java.lang.String)">setGivenName</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;givenName)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the givenName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationValue(java.lang.String)">setIdentificationValue</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;identificationValue)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the identificationValue.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssueInstant(java.lang.String)">setIssueInstant</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issueInstant)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the issueInstant.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssuer(java.lang.String)">setIssuer</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issuer)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the issuer.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setMajorVersion(int)">setMajorVersion</A></B>(int&nbsp;majorVersion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the majorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setMinorVersion(int)">setMinorVersion</A></B>(int&nbsp;minorVersion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the minorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthority(boolean)">setPublicAuthority</A></B>(boolean&nbsp;publicAuthority)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the publicAuthority.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthorityCode(java.lang.String)">setPublicAuthorityCode</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicAuthorityIdentification)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the publicAuthorityCode.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setQualifiedCertificate(boolean)">setQualifiedCertificate</A></B>(boolean&nbsp;qualifiedCertificate)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the qualifiedCertificate.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setSamlAssertion(java.lang.String)">setSamlAssertion</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlAssertion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the samlAssertion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setVPK(java.lang.String)">setVPK</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;vpk)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the vpk.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()">clone</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)">equals</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()">finalize</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()">getClass</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()">hashCode</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()">notify</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()">notifyAll</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()">toString</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)">wait</A>,
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationData()"><!-- --></A><H3>
+AuthenticationData</H3>
+<PRE>
+public <B>AuthenticationData</B>()</PRE>
+<DL>
+<DD>Constructor for AuthenticationData.</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getMinorVersion()"><!-- --></A><H3>
+getMinorVersion</H3>
+<PRE>
+public int <B>getMinorVersion</B>()</PRE>
+<DL>
+<DD>Returns the minorVersion.<DD><DL>
+<DT><B>Returns:</B><DD>int</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="isPublicAuthority()"><!-- --></A><H3>
+isPublicAuthority</H3>
+<PRE>
+public boolean <B>isPublicAuthority</B>()</PRE>
+<DL>
+<DD>Returns the publicAuthority.<DD><DL>
+<DT><B>Returns:</B><DD>boolean</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getPublicAuthorityCode()"><!-- --></A><H3>
+getPublicAuthorityCode</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getPublicAuthorityCode</B>()</PRE>
+<DL>
+<DD>Returns the publicAuthorityCode.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="isQualifiedCertificate()"><!-- --></A><H3>
+isQualifiedCertificate</H3>
+<PRE>
+public boolean <B>isQualifiedCertificate</B>()</PRE>
+<DL>
+<DD>Returns the qualifiedCertificate.<DD><DL>
+<DT><B>Returns:</B><DD>boolean</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getVPK()"><!-- --></A><H3>
+getVPK</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getVPK</B>()</PRE>
+<DL>
+<DD>Returns the vpk.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setMinorVersion(int)"><!-- --></A><H3>
+setMinorVersion</H3>
+<PRE>
+public void <B>setMinorVersion</B>(int&nbsp;minorVersion)</PRE>
+<DL>
+<DD>Sets the minorVersion.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>minorVersion</CODE> - The minorVersion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setPublicAuthority(boolean)"><!-- --></A><H3>
+setPublicAuthority</H3>
+<PRE>
+public void <B>setPublicAuthority</B>(boolean&nbsp;publicAuthority)</PRE>
+<DL>
+<DD>Sets the publicAuthority.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>publicAuthority</CODE> - The publicAuthority to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setPublicAuthorityCode(java.lang.String)"><!-- --></A><H3>
+setPublicAuthorityCode</H3>
+<PRE>
+public void <B>setPublicAuthorityCode</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicAuthorityIdentification)</PRE>
+<DL>
+<DD>Sets the publicAuthorityCode.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>publicAuthorityCode</CODE> - The publicAuthorityCode to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setQualifiedCertificate(boolean)"><!-- --></A><H3>
+setQualifiedCertificate</H3>
+<PRE>
+public void <B>setQualifiedCertificate</B>(boolean&nbsp;qualifiedCertificate)</PRE>
+<DL>
+<DD>Sets the qualifiedCertificate.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>qualifiedCertificate</CODE> - The qualifiedCertificate to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setVPK(java.lang.String)"><!-- --></A><H3>
+setVPK</H3>
+<PRE>
+public void <B>setVPK</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;vpk)</PRE>
+<DL>
+<DD>Sets the vpk.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>vpk</CODE> - The vpk to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAssertionID()"><!-- --></A><H3>
+getAssertionID</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getAssertionID</B>()</PRE>
+<DL>
+<DD>Returns the assertionID.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getDateOfBirth()"><!-- --></A><H3>
+getDateOfBirth</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getDateOfBirth</B>()</PRE>
+<DL>
+<DD>Returns the dateOfBirth.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getFamilyName()"><!-- --></A><H3>
+getFamilyName</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getFamilyName</B>()</PRE>
+<DL>
+<DD>Returns the familyName.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getGivenName()"><!-- --></A><H3>
+getGivenName</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getGivenName</B>()</PRE>
+<DL>
+<DD>Returns the givenName.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIdentificationValue()"><!-- --></A><H3>
+getIdentificationValue</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getIdentificationValue</B>()</PRE>
+<DL>
+<DD>Returns the identificationValue.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIssueInstant()"><!-- --></A><H3>
+getIssueInstant</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getIssueInstant</B>()</PRE>
+<DL>
+<DD>Returns the issueInstant.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIssuer()"><!-- --></A><H3>
+getIssuer</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getIssuer</B>()</PRE>
+<DL>
+<DD>Returns the issuer.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getMajorVersion()"><!-- --></A><H3>
+getMajorVersion</H3>
+<PRE>
+public int <B>getMajorVersion</B>()</PRE>
+<DL>
+<DD>Returns the majorVersion.<DD><DL>
+<DT><B>Returns:</B><DD>int</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setAssertionID(java.lang.String)"><!-- --></A><H3>
+setAssertionID</H3>
+<PRE>
+public void <B>setAssertionID</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;assertionID)</PRE>
+<DL>
+<DD>Sets the assertionID.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>assertionID</CODE> - The assertionID to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setDateOfBirth(java.lang.String)"><!-- --></A><H3>
+setDateOfBirth</H3>
+<PRE>
+public void <B>setDateOfBirth</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;dateOfBirth)</PRE>
+<DL>
+<DD>Sets the dateOfBirth.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>dateOfBirth</CODE> - The dateOfBirth to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setFamilyName(java.lang.String)"><!-- --></A><H3>
+setFamilyName</H3>
+<PRE>
+public void <B>setFamilyName</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;gamilyName)</PRE>
+<DL>
+<DD>Sets the familyName.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>familyName</CODE> - The familyName to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setGivenName(java.lang.String)"><!-- --></A><H3>
+setGivenName</H3>
+<PRE>
+public void <B>setGivenName</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;givenName)</PRE>
+<DL>
+<DD>Sets the givenName.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>givenName</CODE> - The givenName to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIdentificationValue(java.lang.String)"><!-- --></A><H3>
+setIdentificationValue</H3>
+<PRE>
+public void <B>setIdentificationValue</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;identificationValue)</PRE>
+<DL>
+<DD>Sets the identificationValue.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>identificationValue</CODE> - The identificationValue to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIssueInstant(java.lang.String)"><!-- --></A><H3>
+setIssueInstant</H3>
+<PRE>
+public void <B>setIssueInstant</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issueInstant)</PRE>
+<DL>
+<DD>Sets the issueInstant.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>issueInstant</CODE> - The issueInstant to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIssuer(java.lang.String)"><!-- --></A><H3>
+setIssuer</H3>
+<PRE>
+public void <B>setIssuer</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;issuer)</PRE>
+<DL>
+<DD>Sets the issuer.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>issuer</CODE> - The issuer to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setMajorVersion(int)"><!-- --></A><H3>
+setMajorVersion</H3>
+<PRE>
+public void <B>setMajorVersion</B>(int&nbsp;majorVersion)</PRE>
+<DL>
+<DD>Sets the majorVersion.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>majorVersion</CODE> - The majorVersion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getSamlAssertion()"><!-- --></A><H3>
+getSamlAssertion</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>getSamlAssertion</B>()</PRE>
+<DL>
+<DD>Returns the samlAssertion.<DD><DL>
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setSamlAssertion(java.lang.String)"><!-- --></A><H3>
+setSamlAssertion</H3>
+<PRE>
+public void <B>setSamlAssertion</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlAssertion)</PRE>
+<DL>
+<DD>Sets the samlAssertion.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>samlAssertion</CODE> - The samlAssertion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getTimestamp()"><!-- --></A><H3>
+getTimestamp</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Date.html">Date</A> <B>getTimestamp</B>()</PRE>
+<DL>
+<DD>Returns the timestamp.<DD><DL>
+<DT><B>Returns:</B><DD>Date</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html
new file mode 100644
index 000000000..1822504b5
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html
@@ -0,0 +1,152 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Class at.gv.egovernment.moa.id.data.AuthenticationData
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.data.AuthenticationData</B></H2>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A> in at.gv.egovernment.moa.id.auth</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.auth that return <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A> in at.gv.egovernment.moa.id.proxy</FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in at.gv.egovernment.moa.id.proxy with parameters of type <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.<A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html
new file mode 100644
index 000000000..7d9bcef1d
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html
@@ -0,0 +1,204 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Interface ConnectionBuilder
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Interface ConnectionBuilder</H2>
+<HR>
+<DL>
+<DT>public interface <B>ConnectionBuilder</B></DL>
+
+<P>
+Builder for <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A> objects used to forward requests
+ to the remote online application.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/HttpURLConnection.html">HttpURLConnection</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html#buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory)">buildConnection</A></B>(javax.servlet.http.HttpServletRequest&nbsp;request,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicURLPrefix,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;realURLPrefix,
+ javax.net.ssl.SSLSocketFactory&nbsp;sslSocketFactory)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.<br>
+ The HttpURLConnection has been created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, but
+ it has not yet been connected to by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html#connect()"><CODE>URLConnection.connect()</CODE></A>.<br>
+ The field settings of the HttpURLConnection are:
+
+ <code>allowUserInteraction = false</code>
+ <code>doInput = true</code>
+ <code>doOutput = true</code>
+ <code>requestMethod = request.getMethod()</code>
+ <code>useCaches = false</code>
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory)"><!-- --></A><H3>
+buildConnection</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/HttpURLConnection.html">HttpURLConnection</A> <B>buildConnection</B>(javax.servlet.http.HttpServletRequest&nbsp;request,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;publicURLPrefix,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;realURLPrefix,
+ javax.net.ssl.SSLSocketFactory&nbsp;sslSocketFactory)
+ throws <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/io/IOException.html">IOException</A></PRE>
+<DL>
+<DD>Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.<br>
+ The HttpURLConnection has been created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, but
+ it has not yet been connected to by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html#connect()"><CODE>URLConnection.connect()</CODE></A>.<br>
+ The field settings of the HttpURLConnection are:
+ <ul>
+ <li><code>allowUserInteraction = false</code></li>
+ <li><code>doInput = true</code></li>
+ <li><code>doOutput = true</code></li>
+ <li><code>requestMethod = request.getMethod()</code></li>
+ <li><code>useCaches = false</code></li>
+ </ul><DD><DL>
+<DT><B>Parameters:</B><DD><CODE>request</CODE> - the incoming request which shall be forwarded<DD><CODE>publicURLPrefix</CODE> - the public URL prefix to be substituted by the real URL prefix<DD><CODE>realURLPrefix</CODE> - the URL prefix to substitute the public URL prefix<DD><CODE>sslSocketFactory</CODE> - factory to be used for creating an SSL socket in case
+ of a URL for scheme <code>"https:"</code>;
+ <br>if <code>null</code>, the default SSL socket factory would be used<DT><B>Returns:</B><DD>a URLConnection created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, connecting to
+ the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code><DT><B>Throws:</B><DD><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/io/IOException.html">IOException</A> - if an I/O exception occurs during opening the connection<DT><B>See Also: </B><DD><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>,
+<CODE>com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()</CODE></DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html
new file mode 100644
index 000000000..717ab1ee6
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html
@@ -0,0 +1,364 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Interface LoginParameterResolver
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Interface LoginParameterResolver</H2>
+<HR>
+<DL>
+<DT>public interface <B>LoginParameterResolver</B></DL>
+
+<P>
+Determines authentication parameters and headers to be added to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A>
+ to the remote online application.
+ Utilizes <A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><CODE>OAConfiguration</CODE></A> and <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html"><CODE>AuthenticationData</CODE></A>.
+<P>
+<HR>
+
+<P>
+<!-- ======== INNER CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABKZ">MOABKZ</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOADateOfBirth">MOADateOfBirth</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAFamilyName">MOAFamilyName</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAGivenName">MOAGivenName</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIPAddress">MOAIPAddress</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAPublicAuthority">MOAPublicAuthority</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAQualifiedCertificate">MOAQualifiedCertificate</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAVPK">MOAVPK</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAZMRZahl">MOAZMRZahl</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="MOAGivenName"><!-- --></A><H3>
+MOAGivenName</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAGivenName</B></PRE>
+<DL>
+<DD>Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.</DL>
+<HR>
+
+<A NAME="MOAFamilyName"><!-- --></A><H3>
+MOAFamilyName</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAFamilyName</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOADateOfBirth"><!-- --></A><H3>
+MOADateOfBirth</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOADateOfBirth</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAVPK"><!-- --></A><H3>
+MOAVPK</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAVPK</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAPublicAuthority"><!-- --></A><H3>
+MOAPublicAuthority</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAPublicAuthority</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOABKZ"><!-- --></A><H3>
+MOABKZ</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOABKZ</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAQualifiedCertificate"><!-- --></A><H3>
+MOAQualifiedCertificate</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAQualifiedCertificate</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAZMRZahl"><!-- --></A><H3>
+MOAZMRZahl</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAZMRZahl</B></PRE>
+<DL>
+</DL>
+<HR>
+
+<A NAME="MOAIPAddress"><!-- --></A><H3>
+MOAIPAddress</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A> <B>MOAIPAddress</B></PRE>
+<DL>
+</DL>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" CELLPADDING="3" CELLSPACING="0" WIDTH="100%">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><!-- --></A><H3>
+getAuthenticationHeaders</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getAuthenticationHeaders</B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</PRE>
+<DL>
+<DD>Returns authentication headers to be added to a URLConnection.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authConf</CODE> - configuration data<DD><CODE>authData</CODE> - authentication data<DD><CODE>clientIPAddress</CODE> - client IP address<DT><B>Returns:</B><DD>A map, the keys being header names and values being corresponding header values.
+ <br>In case of authentication type <code>"basic-auth"</code>, header fields
+ <code>username</code> and <code>password</code>.
+ <br>In case of authentication type <code>"header-auth"</code>, header fields
+ derived from parameter mapping and authentication data provided.
+ <br>Otherwise, an empty map.</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><!-- --></A><H3>
+getAuthenticationParameters</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html">Map</A> <B>getAuthenticationParameters</B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html">String</A>&nbsp;clientIPAddress)</PRE>
+<DL>
+<DD>Returns request parameters to be added to a URLConnection.<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authConf</CODE> - configuration data<DD><CODE>authData</CODE> - authentication data<DD><CODE>clientIPAddress</CODE> - client IP address<DT><B>Returns:</B><DD>A map, the keys being parameter names and values being corresponding parameter values.
+ <br>In case of authentication type <code>"param-auth"</code>, parameters
+ derived from parameter mapping and authentication data provided.
+ <br>Otherwise, an empty map.</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY: &nbsp;INNER&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL: &nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html
new file mode 100644
index 000000000..c40b34e9f
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html
@@ -0,0 +1,91 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Interface at.gv.egovernment.moa.id.proxy.ConnectionBuilder
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Interface<br>at.gv.egovernment.moa.id.proxy.ConnectionBuilder</B></H2>
+</CENTER>
+No usage of at.gv.egovernment.moa.id.proxy.ConnectionBuilder
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html
new file mode 100644
index 000000000..9bad43a2a
--- /dev/null
+++ b/id/server/doc/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html
@@ -0,0 +1,91 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Uses of Interface at.gv.egovernment.moa.id.proxy.LoginParameterResolver
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Interface<br>at.gv.egovernment.moa.id.proxy.LoginParameterResolver</B></H2>
+</CENTER>
+No usage of at.gv.egovernment.moa.id.proxy.LoginParameterResolver
+<P>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/deprecated-list.html b/id/server/doc/api-doc/deprecated-list.html
new file mode 100644
index 000000000..78f7d881f
--- /dev/null
+++ b/id/server/doc/api-doc/deprecated-list.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Deprecated List
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Deprecated</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="deprecated-list.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Deprecated API</B></H2>
+</CENTER>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Deprecated</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="deprecated-list.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/help-doc.html b/id/server/doc/api-doc/help-doc.html
new file mode 100644
index 000000000..79438069d
--- /dev/null
+++ b/id/server/doc/api-doc/help-doc.html
@@ -0,0 +1,142 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: API Help
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Help</B></FONT>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="help-doc.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H1>
+How This API Document Is Organized</H1>
+</CENTER>
+This API (Application Programming Interface) document has pages corresponding to the items in the navigation bar, described as follows.<H3>
+Package</H3>
+<BLOCKQUOTE>
+
+<P>
+Each package has a page that contains a list of its classes and interfaces, with a summary for each. This page can contain four categories:<UL>
+<LI>Interfaces (italic)<LI>Classes<LI>Exceptions<LI>Errors</UL>
+</BLOCKQUOTE>
+<H3>
+Class/Interface</H3>
+<BLOCKQUOTE>
+
+<P>
+Each class, interface, inner class and inner interface has its own separate page. Each of these pages has three sections consisting of a class/interface description, summary tables, and detailed member descriptions:<UL>
+<LI>Class inheritance diagram<LI>Direct Subclasses<LI>All Known Subinterfaces<LI>All Known Implementing Classes<LI>Class/interface declaration<LI>Class/interface description
+<P>
+<LI>Inner Class Summary<LI>Field Summary<LI>Constructor Summary<LI>Method Summary
+<P>
+<LI>Field Detail<LI>Constructor Detail<LI>Method Detail</UL>
+Each summary entry contains the first sentence from the detailed description for that item. The summary entries are alphabetical, while the detailed descriptions are in the order they appear in the source code. This preserves the logical groupings established by the programmer.</BLOCKQUOTE>
+<H3>
+Use</H3>
+<BLOCKQUOTE>
+Each documented package, class and interface has its own Use page. This page describes what packages, classes, methods, constructors and fields use any part of the given class or package. Given a class or interface A, its Use page includes subclasses of A, fields declared as A, methods that return A, and methods and constructors with parameters of type A. You can access this page by first going to the package, class or interface, then clicking on the "Use" link in the navigation bar.</BLOCKQUOTE>
+<H3>
+Tree (Class Hierarchy)</H3>
+<BLOCKQUOTE>
+There is a <A HREF="overview-tree.html">Class Hierarchy</A> page for all packages, plus a hierarchy for each package. Each hierarchy page contains a list of classes and a list of interfaces. The classes are organized by inheritance structure starting with <code>java.lang.Object</code>. The interfaces do not inherit from <code>java.lang.Object</code>.<UL>
+<LI>When viewing the Overview page, clicking on "Tree" displays the hierarchy for all packages.<LI>When viewing a particular package, class or interface page, clicking "Tree" displays the hierarchy for only that package.</UL>
+</BLOCKQUOTE>
+<H3>
+Deprecated API</H3>
+<BLOCKQUOTE>
+The <A HREF="deprecated-list.html">Deprecated API</A> page lists all of the API that have been deprecated. A deprecated API is not recommended for use, generally due to improvements, and a replacement API is usually given. Deprecated APIs may be removed in future implementations.</BLOCKQUOTE>
+<H3>
+Index</H3>
+<BLOCKQUOTE>
+The <A HREF="index-all.html">Index</A> contains an alphabetic list of all classes, interfaces, constructors, methods, and fields.</BLOCKQUOTE>
+<H3>
+Prev/Next</H3>
+These links take you to the next or previous class, interface, package, or related page.<H3>
+Frames/No Frames</H3>
+These links show and hide the HTML frames. All pages are available with or without frames.
+<P>
+<H3>
+Serialized Form</H3>
+Each serializable or externalizable class has a description of its serialization fields and methods. This information is of interest to re-implementors, not to developers using the API. While there is no link in the navigation bar, you can get to this information by going to any serialized class and clicking "Serialized Form" in the "See also" section of the class description.
+<P>
+<FONT SIZE="-1">
+<EM>
+This help file applies to API documentation generated using the standard doclet. </EM>
+</FONT>
+<BR>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Help</B></FONT>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="help-doc.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/index-all.html b/id/server/doc/api-doc/index-all.html
new file mode 100644
index 000000000..a66b0252e
--- /dev/null
+++ b/id/server/doc/api-doc/index-all.html
@@ -0,0 +1,422 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Index
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Index</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="index-all.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<A HREF="#_A_">A</A> <A HREF="#_B_">B</A> <A HREF="#_C_">C</A> <A HREF="#_G_">G</A> <A HREF="#_H_">H</A> <A HREF="#_I_">I</A> <A HREF="#_L_">L</A> <A HREF="#_M_">M</A> <A HREF="#_O_">O</A> <A HREF="#_P_">P</A> <A HREF="#_R_">R</A> <A HREF="#_S_">S</A> <A HREF="#_V_">V</A> <HR>
+<A NAME="_A_"><!-- --></A><H2>
+<B>A</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>AuthenticationData</B></A> - class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>.<DD>Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#AuthenticationData()"><B>AuthenticationData()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Constructor for AuthenticationData.
+<DT><A HREF="at/gv/egovernment/moa/id/AuthenticationException.html"><B>AuthenticationException</B></A> - class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A>.<DD>Exception thrown during handling of AuthenticationSession<DT><A HREF="at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[])"><B>AuthenticationException(String, Object[])</B></A> -
+Constructor for class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html">AuthenticationException</A>
+<DD>Constructor for AuthenticationException.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>AuthenticationServer</B></A> - class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>.<DD>API for MOA ID Authentication Service.<br>
+ <CODE>AuthenticationSession</CODE> is stored in a session store and retrieved
+ by giving the session ID.<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#AuthenticationServer()"><B>AuthenticationServer()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Constructor for AuthenticationServer.
+</DL>
+<HR>
+<A NAME="_B_"><!-- --></A><H2>
+<B>B</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#BASIC_AUTH"><B>BASIC_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html#buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory)"><B>buildConnection(HttpServletRequest, String, String, SSLSocketFactory)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html">ConnectionBuilder</A>
+<DD>Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.<br>
+ The HttpURLConnection has been created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()"><CODE>URL.openConnection()</CODE></A>, but
+ it has not yet been connected to by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html#connect()"><CODE>URLConnection.connect()</CODE></A>.<br>
+ The field settings of the HttpURLConnection are:
+
+ <code>allowUserInteraction = false</code>
+ <code>doInput = true</code>
+ <code>doOutput = true</code>
+ <code>requestMethod = request.getMethod()</code>
+ <code>useCaches = false</code>
+
+</DL>
+<HR>
+<A NAME="_C_"><!-- --></A><H2>
+<B>C</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#cleanup()"><B>cleanup()</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Cleans up expired session and authentication data stores.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>ConnectionBuilder</B></A> - interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html">ConnectionBuilder</A>.<DD>Builder for <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A> objects used to forward requests
+ to the remote online application.</DL>
+<HR>
+<A NAME="_G_"><!-- --></A><H2>
+<B>G</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getAssertionID()"><B>getAssertionID()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the assertionID.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)"><B>getAuthenticationData(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><B>getAuthenticationHeaders(OAConfiguration, AuthenticationData, String)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>Returns authentication headers to be added to a URLConnection.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><B>getAuthenticationParameters(OAConfiguration, AuthenticationData, String)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>Returns request parameters to be added to a URLConnection.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getAuthType()"><B>getAuthType()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the authType.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthPasswordMapping()"><B>getBasicAuthPasswordMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the basicAuthPasswordMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthUserIDMapping()"><B>getBasicAuthUserIDMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the basicAuthUserIDMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getDateOfBirth()"><B>getDateOfBirth()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the dateOfBirth.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getFamilyName()"><B>getFamilyName()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the familyName.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getGivenName()"><B>getGivenName()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the givenName.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getHeaderAuthMapping()"><B>getHeaderAuthMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the headerAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationValue()"><B>getIdentificationValue()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the identificationValue.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()"><B>getInstance()</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Returns the single instance of <code>AuthenticationServer</code>.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssueInstant()"><B>getIssueInstant()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the issueInstant.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssuer()"><B>getIssuer()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the issuer.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getLoginType()"><B>getLoginType()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the loginType.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getMajorVersion()"><B>getMajorVersion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the majorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getMinorVersion()"><B>getMinorVersion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the minorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getParamAuthMapping()"><B>getParamAuthMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Returns the paramAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getPublicAuthorityCode()"><B>getPublicAuthorityCode()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the publicAuthorityCode.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getSamlAssertion()"><B>getSamlAssertion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the samlAssertion.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getSession(java.lang.String)"><B>getSession(String)</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Retrieves a session from the session store.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getTimestamp()"><B>getTimestamp()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the timestamp.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getVPK()"><B>getVPK()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the vpk.
+</DL>
+<HR>
+<A NAME="_H_"><!-- --></A><H2>
+<B>H</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#HEADER_AUTH"><B>HEADER_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_I_"><!-- --></A><H2>
+<B>I</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#isPublicAuthority()"><B>isPublicAuthority()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the publicAuthority.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#isQualifiedCertificate()"><B>isQualifiedCertificate()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Returns the qualifiedCertificate.
+</DL>
+<HR>
+<A NAME="_L_"><!-- --></A><H2>
+<B>L</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>LoginParameterResolver</B></A> - interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>.<DD>Determines authentication parameters and headers to be added to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html"><CODE>URLConnection</CODE></A>
+ to the remote online application.
+ <DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATEFUL"><B>LOGINTYPE_STATEFUL</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATELESS"><B>LOGINTYPE_STATELESS</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_M_"><!-- --></A><H2>
+<B>M</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABKZ"><B>MOABKZ</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOADateOfBirth"><B>MOADateOfBirth</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAFamilyName"><B>MOAFamilyName</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAGivenName"><B>MOAGivenName</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>Constants used in <code>MOAIDConfiguration-1.1.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIPAddress"><B>MOAIPAddress</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAPublicAuthority"><B>MOAPublicAuthority</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAQualifiedCertificate"><B>MOAQualifiedCertificate</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAVPK"><B>MOAVPK</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAZMRZahl"><B>MOAZMRZahl</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">LoginParameterResolver</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_O_"><!-- --></A><H2>
+<B>O</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>OAConfiguration</B></A> - class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>.<DD>Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ <DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#OAConfiguration()"><B>OAConfiguration()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_P_"><!-- --></A><H2>
+<B>P</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#PARAM_AUTH"><B>PARAM_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_R_"><!-- --></A><H2>
+<B>R</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#REQ_START_AUTHENTICATION"><B>REQ_START_AUTHENTICATION</B></A> -
+Static variable in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Request name <CODE>at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet</CODE> is mapped to
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#REQ_VERIFY_AUTH_BLOCK"><B>REQ_VERIFY_AUTH_BLOCK</B></A> -
+Static variable in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Request name <CODE>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</CODE> is mapped to
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#REQ_VERIFY_IDENTITY_LINK"><B>REQ_VERIFY_IDENTITY_LINK</B></A> -
+Static variable in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Request name <CODE>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</CODE> is mapped to
+</DL>
+<HR>
+<A NAME="_S_"><!-- --></A><H2>
+<B>S</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><B>selectBKU(String, String, String, String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes request to select a BKU.
+
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setAssertionID(java.lang.String)"><B>setAssertionID(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the assertionID.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setAuthType(java.lang.String)"><B>setAuthType(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the authType.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthPasswordMapping(java.lang.String)"><B>setBasicAuthPasswordMapping(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the basicAuthPasswordMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthUserIDMapping(java.lang.String)"><B>setBasicAuthUserIDMapping(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the basicAuthUserIDMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setDateOfBirth(java.lang.String)"><B>setDateOfBirth(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the dateOfBirth.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setFamilyName(java.lang.String)"><B>setFamilyName(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the familyName.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setGivenName(java.lang.String)"><B>setGivenName(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the givenName.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setHeaderAuthMapping(java.util.HashMap)"><B>setHeaderAuthMapping(HashMap)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the headerAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationValue(java.lang.String)"><B>setIdentificationValue(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the identificationValue.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssueInstant(java.lang.String)"><B>setIssueInstant(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the issueInstant.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssuer(java.lang.String)"><B>setIssuer(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the issuer.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setLoginType(java.lang.String)"><B>setLoginType(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the loginType.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setMajorVersion(int)"><B>setMajorVersion(int)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the majorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setMinorVersion(int)"><B>setMinorVersion(int)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the minorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setParamAuthMapping(java.util.HashMap)"><B>setParamAuthMapping(HashMap)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html">OAConfiguration</A>
+<DD>Sets the paramAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthority(boolean)"><B>setPublicAuthority(boolean)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the publicAuthority.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthorityCode(java.lang.String)"><B>setPublicAuthorityCode(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the publicAuthorityCode.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setQualifiedCertificate(boolean)"><B>setQualifiedCertificate(boolean)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the qualifiedCertificate.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setSamlAssertion(java.lang.String)"><B>setSamlAssertion(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the samlAssertion.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsAuthDataTimeOut(long)"><B>setSecondsAuthDataTimeOut(long)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Sets the authDataTimeOut.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsSessionTimeOut(long)"><B>setSecondsSessionTimeOut(long)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Sets the sessionTimeOut.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setVPK(java.lang.String)"><B>setVPK(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">AuthenticationData</A>
+<DD>Sets the vpk.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><B>startAuthentication(String, String, String, String, String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes the beginning of an authentication session.
+
+</DL>
+<HR>
+<A NAME="_V_"><!-- --></A><H2>
+<B>V</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyAuthenticationBlock(java.lang.String, java.lang.String)"><B>verifyAuthenticationBlock(String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes
+ Parses authentication block enclosed in
+ <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ Verifies authentication block by calling the MOA SP component
+ Creates authentication data
+ Creates a corresponding SAML artifact
+ Stores authentication data in the authentication data store
+ indexed by the SAML artifact
+ Deletes authentication session
+ Returns the SAML artifact, encoded BASE64
+
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyIdentityLink(java.lang.String, java.lang.String)"><B>verifyIdentityLink(String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html">AuthenticationServer</A>
+<DD>Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.<br>
+
+ Validates given <code>&lt;InfoboxReadResponse&gt;</code>
+ Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code>
+ Verifies identity link by calling the MOA SP component
+ Checks certificate authority of identity link
+ Stores identity link in the session
+ Creates an authentication block to be signed by the user
+ Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ containg the authentication block, meant to be returned to the
+ security layer implementation
+
+</DL>
+<HR>
+<A HREF="#_A_">A</A> <A HREF="#_B_">B</A> <A HREF="#_C_">C</A> <A HREF="#_G_">G</A> <A HREF="#_H_">H</A> <A HREF="#_I_">I</A> <A HREF="#_L_">L</A> <A HREF="#_M_">M</A> <A HREF="#_O_">O</A> <A HREF="#_P_">P</A> <A HREF="#_R_">R</A> <A HREF="#_S_">S</A> <A HREF="#_V_">V</A>
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Index</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="index-all.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/index.html b/id/server/doc/api-doc/index.html
new file mode 100644
index 000000000..7eb5deff7
--- /dev/null
+++ b/id/server/doc/api-doc/index.html
@@ -0,0 +1,22 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN""http://www.w3.org/TR/REC-html40/loose.dtd>
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003-->
+<TITLE>
+MOA ID API
+</TITLE>
+</HEAD>
+<FRAMESET cols="20%,80%">
+<FRAME src="allclasses-frame.html" name="packageFrame">
+<FRAME src="at/gv/egovernment/moa/id/data/AuthenticationData.html" name="classFrame">
+</FRAMESET>
+<NOFRAMES>
+<H2>
+Frame Alert</H2>
+
+<P>
+This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client.
+<BR>
+Link to <A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">Non-frame version.</A></NOFRAMES>
+</HTML>
diff --git a/id/server/doc/api-doc/overview-tree.html b/id/server/doc/api-doc/overview-tree.html
new file mode 100644
index 000000000..bcd54df75
--- /dev/null
+++ b/id/server/doc/api-doc/overview-tree.html
@@ -0,0 +1,101 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API: Class Hierarchy
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-tree.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For All Packages</H2>
+</CENTER>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html"><B>Object</B></A><UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html"><B>AuthenticationData</B></A><LI TYPE="circle">class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html"><B>AuthenticationServer</B></A><LI TYPE="circle">class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html"><B>OAConfiguration</B></A></UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html"><B>AuthenticationException</B></A></UL>
+<H2>
+Interface Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html"><B>ConnectionBuilder</B></A><LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html"><B>LoginParameterResolver</B></A></UL>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-tree.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/package-list b/id/server/doc/api-doc/package-list
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/id/server/doc/api-doc/package-list
diff --git a/id/server/doc/api-doc/packages.html b/id/server/doc/api-doc/packages.html
new file mode 100644
index 000000000..f5dd01736
--- /dev/null
+++ b/id/server/doc/api-doc/packages.html
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+MOA ID API
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<BR>
+
+<BR>
+
+<BR>
+<CENTER>
+The front page has been renamed.Please see:
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="index.html">Frame version</A>
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html">Non-frame version.</A></CENTER>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/serialized-form.html b/id/server/doc/api-doc/serialized-form.html
new file mode 100644
index 000000000..09311e7c2
--- /dev/null
+++ b/id/server/doc/api-doc/serialized-form.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Fri May 16 09:59:18 CEST 2003 -->
+<TITLE>
+Serialized Form
+</TITLE>
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+</HEAD>
+<BODY BGCOLOR="white">
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_top"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="serialized-form.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+<CENTER>
+<H1>
+Serialized Form</H1>
+</CENTER>
+<HR>
+
+<!-- ========== START OF NAVBAR ========== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0">
+<TR>
+<TD COLSPAN=2 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" TARGET="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="serialized-form.html" TARGET="_top"><B>NO FRAMES</B></A></FONT></TD>
+</TR>
+</TABLE>
+<!-- =========== END OF NAVBAR =========== -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/api-doc/stylesheet.css b/id/server/doc/api-doc/stylesheet.css
new file mode 100644
index 000000000..74a3534ae
--- /dev/null
+++ b/id/server/doc/api-doc/stylesheet.css
@@ -0,0 +1,29 @@
+/* Javadoc style sheet */
+
+/* Define colors, fonts and other style attributes here to override the defaults */
+
+/* Page background color */
+body { background-color: #FFFFFF }
+
+/* Table colors */
+#TableHeadingColor { background: #CCCCFF } /* Dark mauve */
+#TableSubHeadingColor { background: #EEEEFF } /* Light mauve */
+#TableRowColor { background: #FFFFFF } /* White */
+
+/* Font used in left-hand frame lists */
+#FrameTitleFont { font-size: normal; font-family: normal }
+#FrameHeadingFont { font-size: normal; font-family: normal }
+#FrameItemFont { font-size: normal; font-family: normal }
+
+/* Example of smaller, sans-serif font in frames */
+/* #FrameItemFont { font-size: 10pt; font-family: Helvetica, Arial, sans-serif } */
+
+/* Navigation bar fonts and colors */
+#NavBarCell1 { background-color:#EEEEFF;}/* Light mauve */
+#NavBarCell1Rev { background-color:#00008B;}/* Dark Blue */
+#NavBarFont1 { font-family: Arial, Helvetica, sans-serif; color:#000000;}
+#NavBarFont1Rev { font-family: Arial, Helvetica, sans-serif; color:#FFFFFF;}
+
+#NavBarCell2 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF;}
+#NavBarCell3 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF;}
+
diff --git a/id/server/doc/bku-auswahl.20030408.pdf b/id/server/doc/bku-auswahl.20030408.pdf
new file mode 100644
index 000000000..39efe315f
--- /dev/null
+++ b/id/server/doc/bku-auswahl.20030408.pdf
Binary files differ
diff --git a/id/server/doc/cs-sstc-schema-assertion-01.xsd b/id/server/doc/cs-sstc-schema-assertion-01.xsd
new file mode 100644
index 000000000..8bc5af147
--- /dev/null
+++ b/id/server/doc/cs-sstc-schema-assertion-01.xsd
@@ -0,0 +1,194 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v3.5 NT (http://www.xmlspy.com) by Phill Hallam-Baker (VeriSign Inc.) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: cs-sstc-schema-assertion-01
+ Location: http://www.oasis-open.org/committees/security/docs/
+ </documentation>
+ </annotation>
+ <simpleType name="IDType">
+ <restriction base="string"/>
+ </simpleType>
+ <simpleType name="IDReferenceType">
+ <restriction base="string"/>
+ </simpleType>
+ <simpleType name="DecisionType">
+ <restriction base="string">
+ <enumeration value="Permit"/>
+ <enumeration value="Deny"/>
+ <enumeration value="Indeterminate"/>
+ </restriction>
+ </simpleType>
+ <element name="AssertionIDReference" type="saml:IDReferenceType"/>
+ <element name="Assertion" type="saml:AssertionType"/>
+ <complexType name="AssertionType">
+ <sequence>
+ <element ref="saml:Conditions" minOccurs="0"/>
+ <element ref="saml:Advice" minOccurs="0"/>
+ <choice maxOccurs="unbounded">
+ <element ref="saml:Statement"/>
+ <element ref="saml:SubjectStatement"/>
+ <element ref="saml:AuthenticationStatement"/>
+ <element ref="saml:AuthorizationDecisionStatement"/>
+ <element ref="saml:AttributeStatement"/>
+ </choice>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="AssertionID" type="saml:IDType" use="required"/>
+ <attribute name="Issuer" type="string" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="Conditions" type="saml:ConditionsType"/>
+ <complexType name="ConditionsType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AudienceRestrictionCondition"/>
+ <element ref="saml:Condition"/>
+ </choice>
+ <attribute name="NotBefore" type="dateTime" use="optional"/>
+ <attribute name="NotOnOrAfter" type="dateTime" use="optional"/>
+ </complexType>
+ <element name="Condition" type="saml:ConditionAbstractType"/>
+ <complexType name="ConditionAbstractType" abstract="true"/>
+ <element name="AudienceRestrictionCondition" type="saml:AudienceRestrictionConditionType"/>
+ <complexType name="AudienceRestrictionConditionType">
+ <complexContent>
+ <extension base="saml:ConditionAbstractType">
+ <sequence>
+ <element ref="saml:Audience" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Audience" type="anyURI"/>
+ <element name="Advice" type="saml:AdviceType"/>
+ <complexType name="AdviceType">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+ <element name="Statement" type="saml:StatementAbstractType"/>
+ <complexType name="StatementAbstractType" abstract="true"/>
+ <element name="SubjectStatement" type="saml:SubjectStatementAbstractType"/>
+ <complexType name="SubjectStatementAbstractType" abstract="true">
+ <complexContent>
+ <extension base="saml:StatementAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Subject" type="saml:SubjectType"/>
+ <complexType name="SubjectType">
+ <choice>
+ <sequence>
+ <element ref="saml:NameIdentifier"/>
+ <element ref="saml:SubjectConfirmation" minOccurs="0"/>
+ </sequence>
+ <element ref="saml:SubjectConfirmation"/>
+ </choice>
+ </complexType>
+ <element name="NameIdentifier" type="saml:NameIdentifierType"/>
+ <complexType name="NameIdentifierType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="NameQualifier" type="string" use="optional"/>
+ <attribute name="Format" type="anyURI" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="SubjectConfirmation" type="saml:SubjectConfirmationType"/>
+ <complexType name="SubjectConfirmationType">
+ <sequence>
+ <element ref="saml:ConfirmationMethod" maxOccurs="unbounded"/>
+ <element ref="saml:SubjectConfirmationData" minOccurs="0"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="SubjectConfirmationData" type="anyType"/>
+ <element name="ConfirmationMethod" type="anyURI"/>
+ <element name="AuthenticationStatement" type="saml:AuthenticationStatementType"/>
+ <complexType name="AuthenticationStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:SubjectLocality" minOccurs="0"/>
+ <element ref="saml:AuthorityBinding" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="AuthenticationMethod" type="anyURI" use="required"/>
+ <attribute name="AuthenticationInstant" type="dateTime" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="SubjectLocality" type="saml:SubjectLocalityType"/>
+ <complexType name="SubjectLocalityType">
+ <attribute name="IPAddress" type="string" use="optional"/>
+ <attribute name="DNSAddress" type="string" use="optional"/>
+ </complexType>
+ <element name="AuthorityBinding" type="saml:AuthorityBindingType"/>
+ <complexType name="AuthorityBindingType">
+ <attribute name="AuthorityKind" type="QName" use="required"/>
+ <attribute name="Location" type="anyURI" use="required"/>
+ <attribute name="Binding" type="anyURI" use="required"/>
+ </complexType>
+ <element name="AuthorizationDecisionStatement" type="saml:AuthorizationDecisionStatementType"/>
+ <complexType name="AuthorizationDecisionStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ <attribute name="Decision" type="saml:DecisionType" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Action" type="saml:ActionType"/>
+ <complexType name="ActionType">
+ <simpleContent>
+ <extension base="string">
+ <attribute name="Namespace" type="anyURI"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+ <element name="Evidence" type="saml:EvidenceType"/>
+ <complexType name="EvidenceType">
+ <choice maxOccurs="unbounded">
+ <element ref="saml:AssertionIDReference"/>
+ <element ref="saml:Assertion"/>
+ </choice>
+ </complexType>
+ <element name="AttributeStatement" type="saml:AttributeStatementType"/>
+ <complexType name="AttributeStatementType">
+ <complexContent>
+ <extension base="saml:SubjectStatementAbstractType">
+ <sequence>
+ <element ref="saml:Attribute" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeDesignator" type="saml:AttributeDesignatorType"/>
+ <complexType name="AttributeDesignatorType">
+ <attribute name="AttributeName" type="string" use="required"/>
+ <attribute name="AttributeNamespace" type="anyURI" use="required"/>
+ </complexType>
+ <element name="Attribute" type="saml:AttributeType"/>
+ <complexType name="AttributeType">
+ <complexContent>
+ <extension base="saml:AttributeDesignatorType">
+ <sequence>
+ <element ref="saml:AttributeValue" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeValue" type="anyType"/>
+</schema>
diff --git a/id/server/doc/cs-sstc-schema-protocol-01.xsd b/id/server/doc/cs-sstc-schema-protocol-01.xsd
new file mode 100644
index 000000000..ecad05b0f
--- /dev/null
+++ b/id/server/doc/cs-sstc-schema-protocol-01.xsd
@@ -0,0 +1,127 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XML Spy v4.2 U (http://www.xmlspy.com) by Phillip Hallam-Baker (Phillip Hallam-Baker) -->
+<schema targetNamespace="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns="http://www.w3.org/2001/XMLSchema" elementFormDefault="unqualified">
+ <import namespace="urn:oasis:names:tc:SAML:1.0:assertion" schemaLocation="cs-sstc-schema-assertion-01.xsd"/>
+ <import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <annotation>
+ <documentation>
+ Document identifier: cs-sstc-schema-protocol-01
+ Location: http://www.oasis-open.org/committees/security/docs/
+ </documentation>
+ </annotation>
+ <complexType name="RequestAbstractType" abstract="true">
+ <sequence>
+ <element ref="samlp:RespondWith" minOccurs="0" maxOccurs="unbounded"/>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="RequestID" type="saml:IDType" use="required"/>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ </complexType>
+ <element name="RespondWith" type="QName"/>
+ <element name="Request" type="samlp:RequestType"/>
+ <complexType name="RequestType">
+ <complexContent>
+ <extension base="samlp:RequestAbstractType">
+ <choice>
+ <element ref="samlp:Query"/>
+ <element ref="samlp:SubjectQuery"/>
+ <element ref="samlp:AuthenticationQuery"/>
+ <element ref="samlp:AttributeQuery"/>
+ <element ref="samlp:AuthorizationDecisionQuery"/>
+ <element ref="saml:AssertionIDReference" maxOccurs="unbounded"/>
+ <element ref="samlp:AssertionArtifact" maxOccurs="unbounded"/>
+ </choice>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AssertionArtifact" type="string"/>
+ <element name="Query" type="samlp:QueryAbstractType"/>
+ <complexType name="QueryAbstractType" abstract="true"/>
+ <element name="SubjectQuery" type="samlp:SubjectQueryAbstractType"/>
+ <complexType name="SubjectQueryAbstractType" abstract="true">
+ <complexContent>
+ <extension base="samlp:QueryAbstractType">
+ <sequence>
+ <element ref="saml:Subject"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthenticationQuery" type="samlp:AuthenticationQueryType"/>
+ <complexType name="AuthenticationQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <attribute name="AuthenticationMethod" type="anyURI"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AttributeQuery" type="samlp:AttributeQueryType"/>
+ <complexType name="AttributeQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:AttributeDesignator" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="optional"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="AuthorizationDecisionQuery" type="samlp:AuthorizationDecisionQueryType"/>
+ <complexType name="AuthorizationDecisionQueryType">
+ <complexContent>
+ <extension base="samlp:SubjectQueryAbstractType">
+ <sequence>
+ <element ref="saml:Action" maxOccurs="unbounded"/>
+ <element ref="saml:Evidence" minOccurs="0" maxOccurs="1"/>
+ </sequence>
+ <attribute name="Resource" type="anyURI" use="required"/>
+ </extension>
+ </complexContent>
+ </complexType>
+ <complexType name="ResponseAbstractType" abstract="true">
+ <sequence>
+ <element ref="ds:Signature" minOccurs="0"/>
+ </sequence>
+ <attribute name="ResponseID" type="saml:IDType" use="required"/>
+ <attribute name="InResponseTo" type="saml:IDReferenceType" use="optional"/>
+ <attribute name="MajorVersion" type="integer" use="required"/>
+ <attribute name="MinorVersion" type="integer" use="required"/>
+ <attribute name="IssueInstant" type="dateTime" use="required"/>
+ <attribute name="Recipient" type="anyURI" use="optional"/>
+ </complexType>
+ <element name="Response" type="samlp:ResponseType"/>
+ <complexType name="ResponseType">
+ <complexContent>
+ <extension base="samlp:ResponseAbstractType">
+ <sequence>
+ <element ref="samlp:Status"/>
+ <element ref="saml:Assertion" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </extension>
+ </complexContent>
+ </complexType>
+ <element name="Status" type="samlp:StatusType"/>
+ <complexType name="StatusType">
+ <sequence>
+ <element ref="samlp:StatusCode"/>
+ <element ref="samlp:StatusMessage" minOccurs="0" maxOccurs="1"/>
+ <element ref="samlp:StatusDetail" minOccurs="0"/>
+ </sequence>
+ </complexType>
+ <element name="StatusCode" type="samlp:StatusCodeType"/>
+ <complexType name="StatusCodeType">
+ <sequence>
+ <element ref="samlp:StatusCode" minOccurs="0"/>
+ </sequence>
+ <attribute name="Value" type="QName" use="required"/>
+ </complexType>
+ <element name="StatusMessage" type="string"/>
+ <element name="StatusDetail" type="samlp:StatusDetailType"/>
+ <complexType name="StatusDetailType">
+ <sequence>
+ <any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+</schema>
diff --git a/id/server/doc/moa-id.htm b/id/server/doc/moa-id.htm
new file mode 100644
index 000000000..82e5adc19
--- /dev/null
+++ b/id/server/doc/moa-id.htm
@@ -0,0 +1,7 @@
+<html>
+<head>
+<meta http-equiv="refresh" content="0; URL=moa_id/moa.htm"/>
+
+</head>
+<body></body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/moa_id/api-doc/allclasses-frame.html b/id/server/doc/moa_id/api-doc/allclasses-frame.html
new file mode 100644
index 000000000..9e051d7b1
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/allclasses-frame.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+All Classes (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameHeadingFont">
+<B>All Classes</B></FONT>
+<BR>
+
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data" target="classFrame">AuthenticationData</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id" target="classFrame">AuthenticationException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth" target="classFrame">AuthenticationServer</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy" target="classFrame"><I>ConnectionBuilder</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy" target="classFrame"><I>LoginParameterResolver</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy" target="classFrame">LoginParameterResolverException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy" target="classFrame">NotAllowedException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy" target="classFrame">OAConfiguration</A>
+<BR>
+</FONT></TD>
+</TR>
+</TABLE>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/allclasses-noframe.html b/id/server/doc/moa_id/api-doc/allclasses-noframe.html
new file mode 100644
index 000000000..dc5c0fb5f
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/allclasses-noframe.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+All Classes (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameHeadingFont">
+<B>All Classes</B></FONT>
+<BR>
+
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><I>ConnectionBuilder</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><I>LoginParameterResolver</I></A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A>
+<BR>
+<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<BR>
+</FONT></TD>
+</TR>
+</TABLE>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html
new file mode 100644
index 000000000..a11ad6242
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/AuthenticationException.html
@@ -0,0 +1,251 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+AuthenticationException (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.AuthenticationException class">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="AuthenticationException (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id</FONT>
+<BR>
+Class AuthenticationException</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">java.lang.Object</A>
+ <IMG SRC="../../../../../resources/inherit.gif" ALT="extended by">MOAIDException
+ <IMG SRC="../../../../../resources/inherit.gif" ALT="extended by"><B>at.gv.egovernment.moa.id.AuthenticationException</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationException</B><DT>extends MOAIDException</DL>
+
+<P>
+Exception thrown during handling of AuthenticationSession
+<P>
+
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../serialized-form.html#at.gv.egovernment.moa.id.AuthenticationException">Serialized Form</A></DL>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[])">AuthenticationException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationException.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[], java.lang.Throwable)">AuthenticationException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Throwable.html" title="class or interface in java.lang">Throwable</A>&nbsp;wrapped)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationException.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()" title="class or interface in java.lang">clone</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)" title="class or interface in java.lang">equals</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()" title="class or interface in java.lang">finalize</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()" title="class or interface in java.lang">getClass</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()" title="class or interface in java.lang">hashCode</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()" title="class or interface in java.lang">notify</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()" title="class or interface in java.lang">notifyAll</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()" title="class or interface in java.lang">toString</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)" title="class or interface in java.lang">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationException(java.lang.String, java.lang.Object[])"><!-- --></A><H3>
+AuthenticationException</H3>
+<PRE>
+public <B>AuthenticationException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters)</PRE>
+<DL>
+<DD>Constructor for AuthenticationException.
+<P>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - </DL>
+<HR>
+
+<A NAME="AuthenticationException(java.lang.String, java.lang.Object[], java.lang.Throwable)"><!-- --></A><H3>
+AuthenticationException</H3>
+<PRE>
+public <B>AuthenticationException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Throwable.html" title="class or interface in java.lang">Throwable</A>&nbsp;wrapped)</PRE>
+<DL>
+<DD>Constructor for AuthenticationException.
+<P>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - <DD><CODE>parameters</CODE> - <DD><CODE>wrapped</CODE> - </DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html
new file mode 100644
index 000000000..b5be8a054
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/AuthenticationServer.html
@@ -0,0 +1,631 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+AuthenticationServer (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.auth.AuthenticationServer class">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="AuthenticationServer (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.auth</FONT>
+<BR>
+Class AuthenticationServer</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">java.lang.Object</A>
+ <IMG SRC="../../../../../../resources/inherit.gif" ALT="extended by"><B>at.gv.egovernment.moa.id.auth.AuthenticationServer</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationServer</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></DL>
+
+<P>
+API for MOA ID Authentication Service.<br>
+ <CODE>AuthenticationSession</CODE> is stored in a session store and retrieved
+ by giving the session ID.
+<P>
+
+<P>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#AuthenticationServer()">AuthenticationServer</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationServer.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#cleanup()">cleanup</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Cleans up expired session and authentication data stores.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#debugOutputXMLFile(java.lang.String, org.w3c.dom.Element)">debugOutputXMLFile</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;filename,
+ org.w3c.dom.Element&nbsp;rootElem)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Writes an XML structure to file for debugging purposes, encoding UTF-8.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#debugOutputXMLFile(java.lang.String, java.lang.String)">debugOutputXMLFile</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;filename,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlString)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Writes an XML structure to file for debugging purposes, encoding UTF-8.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()">getInstance</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the single instance of <code>AuthenticationServer</code>.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;AuthenticationSession</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getSession(java.lang.String)">getSession</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;id)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves a session from the session store.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">selectBKU</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bkuSelectionTemplateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;templateURL)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes request to select a BKU.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsAuthDataTimeOut(long)">setSecondsAuthDataTimeOut</A></B>(long&nbsp;seconds)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the authDataTimeOut.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsSessionTimeOut(long)">setSecondsSessionTimeOut</A></B>(long&nbsp;seconds)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the sessionTimeOut.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">startAuthentication</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;templateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bkuURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes the beginning of an authentication session.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyAuthenticationBlock(java.lang.String, java.lang.String)">verifyAuthenticationBlock</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlCreateXMLSignatureReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyIdentityLink(java.lang.String, java.lang.String)">verifyIdentityLink</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlInfoboxReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()" title="class or interface in java.lang">clone</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)" title="class or interface in java.lang">equals</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()" title="class or interface in java.lang">finalize</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()" title="class or interface in java.lang">getClass</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()" title="class or interface in java.lang">hashCode</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()" title="class or interface in java.lang">notify</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()" title="class or interface in java.lang">notifyAll</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()" title="class or interface in java.lang">toString</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)" title="class or interface in java.lang">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationServer()"><!-- --></A><H3>
+AuthenticationServer</H3>
+<PRE>
+public <B>AuthenticationServer</B>()</PRE>
+<DL>
+<DD>Constructor for AuthenticationServer.
+<P>
+</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getInstance()"><!-- --></A><H3>
+getInstance</H3>
+<PRE>
+public static <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A> <B>getInstance</B>()</PRE>
+<DL>
+<DD>Returns the single instance of <code>AuthenticationServer</code>.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>the single instance of <code>AuthenticationServer</code></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><!-- --></A><H3>
+selectBKU</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>selectBKU</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bkuSelectionTemplateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;templateURL)
+ throws WrongParametersException,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>,
+ ConfigurationException,
+ BuildException</PRE>
+<DL>
+<DD>Processes request to select a BKU.
+ <br/>Processing depends on value of <CODE>AuthConfigurationProvider#getBKUSelectionType</CODE>.
+ <br/>For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> for the
+ "BKU Auswahl" service is returned.
+ <br/>For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection is returned.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authURL</CODE> - base URL of MOA-ID Auth component<DD><CODE>target</CODE> - "Gesch&auml;ftsbereich"<DD><CODE>oaURL</CODE> - online application URL requested<DD><CODE>bkuSelectionTemplateURL</CODE> - template for BKU selection form to be used
+ in case of <code>HTMLSelect</code>; may be null<DD><CODE>templateURL</CODE> - URL providing an HTML template for the HTML form to be used
+ for call <code>startAuthentication</code>
+<DT><B>Returns:</B><DD>for <code>bkuSelectionType==HTMLComplete</code>, the <code>returnURI</code> for the
+ "BKU Auswahl" service;
+ for <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection
+<DT><B>Throws:</B>
+<DD><CODE>WrongParametersException</CODE> - upon missing parameters
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></CODE> - when the configured BKU selection service cannot be reached,
+ and when the given bkuSelectionTemplateURL cannot be reached
+<DD><CODE>ConfigurationException</CODE> - on missing configuration data
+<DD><CODE>BuildException</CODE> - while building the HTML form</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><!-- --></A><H3>
+startAuthentication</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>startAuthentication</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;templateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bkuURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID)
+ throws WrongParametersException,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>,
+ ConfigurationException,
+ BuildException</PRE>
+<DL>
+<DD>Processes the beginning of an authentication session.
+ <ul>
+ <li>Starts an authentication session</li>
+ <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
+ <li>Creates an HTML form for querying the identity link from the
+ security layer implementation.
+ <br>Form parameters include
+ <ul>
+ <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
+ <li>the data URL where the security layer implementation sends it response to</li>
+ </ul>
+ </ul>
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>authURL</CODE> - URL of the servlet to be used as data URL<DD><CODE>target</CODE> - "Gesch&auml;ftsbereich" of the online application requested<DD><CODE>oaURL</CODE> - online application URL requested<DD><CODE>bkuURL</CODE> - URL of the "B&uuml;rgerkartenumgebung" to be used;
+ may be <code>null</code>; in this case, the default location will be used<DD><CODE>templateURL</CODE> - URL providing an HTML template for the HTML form generated
+<DT><B>Returns:</B><DD>HTML form
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></CODE>
+<DD><CODE>WrongParametersException</CODE>
+<DD><CODE>ConfigurationException</CODE>
+<DD><CODE>BuildException</CODE><DT><B>See Also:</B><DD><CODE>GetIdentityLinkFormBuilder</CODE>,
+<CODE>InfoboxReadRequestBuilder</CODE></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="verifyIdentityLink(java.lang.String, java.lang.String)"><!-- --></A><H3>
+verifyIdentityLink</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>verifyIdentityLink</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlInfoboxReadResponse)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException</PRE>
+<DL>
+<DD>Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.<br>
+ <ul>
+ <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
+ <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
+ <li>Verifies identity link by calling the MOA SP component</li>
+ <li>Checks certificate authority of identity link</li>
+ <li>Stores identity link in the session</li>
+ <li>Creates an authentication block to be signed by the user</li>
+ <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ containg the authentication block, meant to be returned to the
+ security layer implementation</li>
+ </ul>
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>sessionID</CODE> - ID of associated authentication session data<DD><CODE>xmlInfoboxReadResponse</CODE> - String representation of the
+ <code>&lt;InfoboxReadResponse&gt;</code>
+<DT><B>Returns:</B><DD>String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></CODE>
+<DD><CODE>ParseException</CODE>
+<DD><CODE>ConfigurationException</CODE>
+<DD><CODE>ValidateException</CODE>
+<DD><CODE>ServiceException</CODE></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="verifyAuthenticationBlock(java.lang.String, java.lang.String)"><!-- --></A><H3>
+verifyAuthenticationBlock</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>verifyAuthenticationBlock</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlCreateXMLSignatureReadResponse)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ServiceException,
+ ValidateException</PRE>
+<DL>
+<DD>Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.<br>
+ <ul>
+ <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
+ <li>Parses authentication block enclosed in
+ <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ <li>Verifies authentication block by calling the MOA SP component</li>
+ <li>Creates authentication data</li>
+ <li>Creates a corresponding SAML artifact</li>
+ <li>Stores authentication data in the authentication data store
+ indexed by the SAML artifact</li>
+ <li>Deletes authentication session</li>
+ <li>Returns the SAML artifact, encoded BASE64</li>
+ </ul>
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>sessionID</CODE> - session ID of the running authentication session<DD><CODE>xmlCreateXMLSignatureReadResponse</CODE> - String representation of the
+ <code>&lt;CreateXMLSignatureResponse&gt;</code>
+<DT><B>Returns:</B><DD>SAML artifact needed for retrieving authentication data, encoded BASE64
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></CODE>
+<DD><CODE>BuildException</CODE>
+<DD><CODE>ParseException</CODE>
+<DD><CODE>ConfigurationException</CODE>
+<DD><CODE>ServiceException</CODE>
+<DD><CODE>ValidateException</CODE></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthenticationData(java.lang.String)"><!-- --></A><H3>
+getAuthenticationData</H3>
+<PRE>
+public <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A> <B>getAuthenticationData</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;samlArtifact)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></PRE>
+<DL>
+<DD>Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ The <code>AuthenticationData</code> is deleted from the store upon end of this call.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD><code>AuthenticationData</code>
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></CODE></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getSession(java.lang.String)"><!-- --></A><H3>
+getSession</H3>
+<PRE>
+public static AuthenticationSession <B>getSession</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;id)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></PRE>
+<DL>
+<DD>Retrieves a session from the session store.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>id</CODE> - session ID
+<DT><B>Returns:</B><DD><code>AuthenticationSession</code> stored with given session ID,
+ <code>null</code> if session ID unknown
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></CODE></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="cleanup()"><!-- --></A><H3>
+cleanup</H3>
+<PRE>
+public void <B>cleanup</B>()</PRE>
+<DL>
+<DD>Cleans up expired session and authentication data stores.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setSecondsSessionTimeOut(long)"><!-- --></A><H3>
+setSecondsSessionTimeOut</H3>
+<PRE>
+public void <B>setSecondsSessionTimeOut</B>(long&nbsp;seconds)</PRE>
+<DL>
+<DD>Sets the sessionTimeOut.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setSecondsAuthDataTimeOut(long)"><!-- --></A><H3>
+setSecondsAuthDataTimeOut</H3>
+<PRE>
+public void <B>setSecondsAuthDataTimeOut</B>(long&nbsp;seconds)</PRE>
+<DL>
+<DD>Sets the authDataTimeOut.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="debugOutputXMLFile(java.lang.String, org.w3c.dom.Element)"><!-- --></A><H3>
+debugOutputXMLFile</H3>
+<PRE>
+public static void <B>debugOutputXMLFile</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;filename,
+ org.w3c.dom.Element&nbsp;rootElem)</PRE>
+<DL>
+<DD>Writes an XML structure to file for debugging purposes, encoding UTF-8.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>filename</CODE> - file name<DD><CODE>rootElem</CODE> - root element in DOM tree</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="debugOutputXMLFile(java.lang.String, java.lang.String)"><!-- --></A><H3>
+debugOutputXMLFile</H3>
+<PRE>
+public static void <B>debugOutputXMLFile</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;filename,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlString)</PRE>
+<DL>
+<DD>Writes an XML structure to file for debugging purposes, encoding UTF-8.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>filename</CODE> - file name<DD><CODE>xmlString</CODE> - XML string</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationServer.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html
new file mode 100644
index 000000000..53f0912b1
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html
@@ -0,0 +1,172 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Class at.gv.egovernment.moa.id.auth.AuthenticationServer (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Class at.gv.egovernment.moa.id.auth.AuthenticationServer (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.auth.AuthenticationServer</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.auth"><B>at.gv.egovernment.moa.id.auth</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A> in <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A> that return <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()">getInstance</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the single instance of <code>AuthenticationServer</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationServer.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-frame.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-frame.html
new file mode 100644
index 000000000..013ac6e16
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-frame.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.auth (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.auth package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameTitleFont">
+<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html" target="classFrame">at.gv.egovernment.moa.id.auth</A></FONT>
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT size="+1" CLASS="FrameHeadingFont">
+Classes</FONT>&nbsp;
+<FONT CLASS="FrameItemFont">
+<BR>
+<A HREF="AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth" target="classFrame">AuthenticationServer</A></FONT></TD>
+</TR>
+</TABLE>
+
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-summary.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-summary.html
new file mode 100644
index 000000000..1fadccfd1
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-summary.html
@@ -0,0 +1,148 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.auth (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.auth package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.auth (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<H2>
+Package at.gv.egovernment.moa.id.auth
+</H2>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A></B></TD>
+<TD>API for MOA ID Authentication Service.</TD>
+</TR>
+</TABLE>
+&nbsp;
+
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-tree.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-tree.html
new file mode 100644
index 000000000..ed050ad9e
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-tree.html
@@ -0,0 +1,145 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.auth Class Hierarchy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.auth Class Hierarchy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For Package at.gv.egovernment.moa.id.auth
+</H2>
+</CENTER>
+<DL>
+<DT><B>Package Hierarchies:</B><DD><A HREF="../../../../../../overview-tree.html">All Packages</A></DL>
+<HR>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang"><B>Object</B></A><UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.auth.<A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth"><B>AuthenticationServer</B></A></UL>
+</UL>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-use.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-use.html
new file mode 100644
index 000000000..54bd8b9fb
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/auth/package-use.html
@@ -0,0 +1,162 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Package at.gv.egovernment.moa.id.auth (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Package at.gv.egovernment.moa.id.auth (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Package<br>at.gv.egovernment.moa.id.auth</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.auth"><B>at.gv.egovernment.moa.id.auth</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Classes in <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A> used by <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/class-use/AuthenticationServer.html#at.gv.egovernment.moa.id.auth"><B>AuthenticationServer</B></A></B>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;API for MOA ID Authentication Service.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html
new file mode 100644
index 000000000..d844f1ac0
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/class-use/AuthenticationException.html
@@ -0,0 +1,228 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Class at.gv.egovernment.moa.id.AuthenticationException (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Class at.gv.egovernment.moa.id.AuthenticationException (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.AuthenticationException</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.auth"><B>at.gv.egovernment.moa.id.auth</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A> in <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A> that throw <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">selectBKU</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bkuSelectionTemplateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;templateURL)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes request to select a BKU.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)">startAuthentication</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;target,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;oaURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;templateURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bkuURL,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes the beginning of an authentication session.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyIdentityLink(java.lang.String, java.lang.String)">verifyIdentityLink</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlInfoboxReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyAuthenticationBlock(java.lang.String, java.lang.String)">verifyAuthenticationBlock</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;sessionID,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;xmlCreateXMLSignatureReadResponse)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;AuthenticationSession</CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getSession(java.lang.String)">getSession</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;id)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves a session from the session store.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html
new file mode 100644
index 000000000..afeb1a482
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html
@@ -0,0 +1,613 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+OAConfiguration (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.config.proxy.OAConfiguration class">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="OAConfiguration (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.config.proxy</FONT>
+<BR>
+Class OAConfiguration</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">java.lang.Object</A>
+ <IMG SRC="../../../../../../../resources/inherit.gif" ALT="extended by"><B>at.gv.egovernment.moa.id.config.proxy.OAConfiguration</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>OAConfiguration</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></DL>
+
+<P>
+Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ These include the login type (stateful or stateless), the HTTP authentication type,
+ and information needed to add authentication parameters or headers for a URL connection
+ to the remote online application.
+<P>
+
+<P>
+<DL>
+<DT><B>See Also:</B><DD><code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code></DL>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#BASIC_AUTH">BASIC_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant for an auth method</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#HEADER_AUTH">HEADER_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant for an auth method</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATEFUL">LOGINTYPE_STATEFUL</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant for an login method</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATELESS">LOGINTYPE_STATELESS</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant for an login method</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#PARAM_AUTH">PARAM_AUTH</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant for an auth method</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#OAConfiguration()">OAConfiguration</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getAuthType()">getAuthType</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the authType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthPasswordMapping()">getBasicAuthPasswordMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the basicAuthPasswordMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthUserIDMapping()">getBasicAuthUserIDMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the basicAuthUserIDMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getHeaderAuthMapping()">getHeaderAuthMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the headerAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getLoginType()">getLoginType</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the loginType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getParamAuthMapping()">getParamAuthMapping</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the paramAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setAuthType(java.lang.String)">setAuthType</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authLoginType)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the authType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthPasswordMapping(java.lang.String)">setBasicAuthPasswordMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;basicAuthPassword)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the basicAuthPasswordMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthUserIDMapping(java.lang.String)">setBasicAuthUserIDMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;basicAuthUserID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the basicAuthUserIDMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setHeaderAuthMapping(java.util.HashMap)">setHeaderAuthMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html" title="class or interface in java.util">HashMap</A>&nbsp;headerAuth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the headerAuthMapping.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setLoginType(java.lang.String)">setLoginType</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;loginType)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the loginType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setParamAuthMapping(java.util.HashMap)">setParamAuthMapping</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html" title="class or interface in java.util">HashMap</A>&nbsp;paramAuth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the paramAuthMapping.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()" title="class or interface in java.lang">clone</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)" title="class or interface in java.lang">equals</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()" title="class or interface in java.lang">finalize</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()" title="class or interface in java.lang">getClass</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()" title="class or interface in java.lang">hashCode</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()" title="class or interface in java.lang">notify</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()" title="class or interface in java.lang">notifyAll</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()" title="class or interface in java.lang">toString</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)" title="class or interface in java.lang">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="LOGINTYPE_STATEFUL"><!-- --></A><H3>
+LOGINTYPE_STATEFUL</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>LOGINTYPE_STATEFUL</B></PRE>
+<DL>
+<DD>Constant for an login method
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../../constant-values.html#at.gv.egovernment.moa.id.config.proxy.OAConfiguration.LOGINTYPE_STATEFUL">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="LOGINTYPE_STATELESS"><!-- --></A><H3>
+LOGINTYPE_STATELESS</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>LOGINTYPE_STATELESS</B></PRE>
+<DL>
+<DD>Constant for an login method
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../../constant-values.html#at.gv.egovernment.moa.id.config.proxy.OAConfiguration.LOGINTYPE_STATELESS">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="BASIC_AUTH"><!-- --></A><H3>
+BASIC_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>BASIC_AUTH</B></PRE>
+<DL>
+<DD>Constant for an auth method
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../../constant-values.html#at.gv.egovernment.moa.id.config.proxy.OAConfiguration.BASIC_AUTH">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="HEADER_AUTH"><!-- --></A><H3>
+HEADER_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>HEADER_AUTH</B></PRE>
+<DL>
+<DD>Constant for an auth method
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../../constant-values.html#at.gv.egovernment.moa.id.config.proxy.OAConfiguration.HEADER_AUTH">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="PARAM_AUTH"><!-- --></A><H3>
+PARAM_AUTH</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>PARAM_AUTH</B></PRE>
+<DL>
+<DD>Constant for an auth method
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../../constant-values.html#at.gv.egovernment.moa.id.config.proxy.OAConfiguration.PARAM_AUTH">Constant Field Values</A></DL>
+</DL>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="OAConfiguration()"><!-- --></A><H3>
+OAConfiguration</H3>
+<PRE>
+public <B>OAConfiguration</B>()</PRE>
+<DL>
+</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getBasicAuthPasswordMapping()"><!-- --></A><H3>
+getBasicAuthPasswordMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getBasicAuthPasswordMapping</B>()</PRE>
+<DL>
+<DD>Returns the basicAuthPasswordMapping.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getBasicAuthUserIDMapping()"><!-- --></A><H3>
+getBasicAuthUserIDMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getBasicAuthUserIDMapping</B>()</PRE>
+<DL>
+<DD>Returns the basicAuthUserIDMapping.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getHeaderAuthMapping()"><!-- --></A><H3>
+getHeaderAuthMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A> <B>getHeaderAuthMapping</B>()</PRE>
+<DL>
+<DD>Returns the headerAuthMapping.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>HashMap</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getLoginType()"><!-- --></A><H3>
+getLoginType</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getLoginType</B>()</PRE>
+<DL>
+<DD>Returns the loginType.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getParamAuthMapping()"><!-- --></A><H3>
+getParamAuthMapping</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A> <B>getParamAuthMapping</B>()</PRE>
+<DL>
+<DD>Returns the paramAuthMapping.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>HashMap</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setBasicAuthPasswordMapping(java.lang.String)"><!-- --></A><H3>
+setBasicAuthPasswordMapping</H3>
+<PRE>
+public void <B>setBasicAuthPasswordMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;basicAuthPassword)</PRE>
+<DL>
+<DD>Sets the basicAuthPasswordMapping.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setBasicAuthUserIDMapping(java.lang.String)"><!-- --></A><H3>
+setBasicAuthUserIDMapping</H3>
+<PRE>
+public void <B>setBasicAuthUserIDMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;basicAuthUserID)</PRE>
+<DL>
+<DD>Sets the basicAuthUserIDMapping.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setHeaderAuthMapping(java.util.HashMap)"><!-- --></A><H3>
+setHeaderAuthMapping</H3>
+<PRE>
+public void <B>setHeaderAuthMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html" title="class or interface in java.util">HashMap</A>&nbsp;headerAuth)</PRE>
+<DL>
+<DD>Sets the headerAuthMapping.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setLoginType(java.lang.String)"><!-- --></A><H3>
+setLoginType</H3>
+<PRE>
+public void <B>setLoginType</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;loginType)</PRE>
+<DL>
+<DD>Sets the loginType.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>loginType</CODE> - The loginType to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setParamAuthMapping(java.util.HashMap)"><!-- --></A><H3>
+setParamAuthMapping</H3>
+<PRE>
+public void <B>setParamAuthMapping</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/HashMap.html" title="class or interface in java.util">HashMap</A>&nbsp;paramAuth)</PRE>
+<DL>
+<DD>Sets the paramAuthMapping.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthType()"><!-- --></A><H3>
+getAuthType</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getAuthType</B>()</PRE>
+<DL>
+<DD>Returns the authType.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setAuthType(java.lang.String)"><!-- --></A><H3>
+setAuthType</H3>
+<PRE>
+public void <B>setAuthType</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;authLoginType)</PRE>
+<DL>
+<DD>Sets the authType.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/OAConfiguration.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html
new file mode 100644
index 000000000..5e33084ad
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html
@@ -0,0 +1,184 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Class at.gv.egovernment.moa.id.config.proxy.OAConfiguration (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Class at.gv.egovernment.moa.id.config.proxy.OAConfiguration (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.config.proxy.OAConfiguration</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.proxy"><B>at.gv.egovernment.moa.id.proxy</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A> in <A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in <A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A> with parameters of type <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="OAConfiguration.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-frame.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-frame.html
new file mode 100644
index 000000000..442356ce1
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-frame.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.config.proxy (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.config.proxy package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameTitleFont">
+<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/package-summary.html" target="classFrame">at.gv.egovernment.moa.id.config.proxy</A></FONT>
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT size="+1" CLASS="FrameHeadingFont">
+Classes</FONT>&nbsp;
+<FONT CLASS="FrameItemFont">
+<BR>
+<A HREF="OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy" target="classFrame">OAConfiguration</A></FONT></TD>
+</TR>
+</TABLE>
+
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-summary.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-summary.html
new file mode 100644
index 000000000..482aecc48
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-summary.html
@@ -0,0 +1,149 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.config.proxy (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.config.proxy package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.config.proxy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/data/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<H2>
+Package at.gv.egovernment.moa.id.config.proxy
+</H2>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A></B></TD>
+<TD>Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/data/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-tree.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-tree.html
new file mode 100644
index 000000000..e66568757
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-tree.html
@@ -0,0 +1,145 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.config.proxy Class Hierarchy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.config.proxy Class Hierarchy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/data/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For Package at.gv.egovernment.moa.id.config.proxy
+</H2>
+</CENTER>
+<DL>
+<DT><B>Package Hierarchies:</B><DD><A HREF="../../../../../../../overview-tree.html">All Packages</A></DL>
+<HR>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang"><B>Object</B></A><UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.config.proxy.<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy"><B>OAConfiguration</B></A></UL>
+</UL>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/data/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-use.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-use.html
new file mode 100644
index 000000000..184fcb226
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/config/proxy/package-use.html
@@ -0,0 +1,163 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Package at.gv.egovernment.moa.id.config.proxy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Package at.gv.egovernment.moa.id.config.proxy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Package<br>at.gv.egovernment.moa.id.config.proxy</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/package-summary.html">at.gv.egovernment.moa.id.config.proxy</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.proxy"><B>at.gv.egovernment.moa.id.proxy</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Classes in <A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/package-summary.html">at.gv.egovernment.moa.id.config.proxy</A> used by <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/class-use/OAConfiguration.html#at.gv.egovernment.moa.id.proxy"><B>OAConfiguration</B></A></B>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html
new file mode 100644
index 000000000..d6bc30647
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/AuthenticationData.html
@@ -0,0 +1,906 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+AuthenticationData (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.data.AuthenticationData class">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="AuthenticationData (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.data</FONT>
+<BR>
+Class AuthenticationData</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">java.lang.Object</A>
+ <IMG SRC="../../../../../../resources/inherit.gif" ALT="extended by"><B>at.gv.egovernment.moa.id.data.AuthenticationData</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>AuthenticationData</B><DT>extends <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></DL>
+
+<P>
+Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+<P>
+
+<P>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#AuthenticationData()">AuthenticationData</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for AuthenticationData.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getAssertionID()">getAssertionID</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the assertionID.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getDateOfBirth()">getDateOfBirth</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the dateOfBirth.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getFamilyName()">getFamilyName</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the familyName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getGivenName()">getGivenName</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the givenName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationType()">getIdentificationType</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the identificationType</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationValue()">getIdentificationValue</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the identificationValue.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssueInstant()">getIssueInstant</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the issueInstant.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssuer()">getIssuer</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the issuer.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;int</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getMajorVersion()">getMajorVersion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the majorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;int</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getMinorVersion()">getMinorVersion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the minorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getPBK()">getPBK</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the bPK.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getPublicAuthorityCode()">getPublicAuthorityCode</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the publicAuthorityCode.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getSamlAssertion()">getSamlAssertion</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the samlAssertion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Date.html" title="class or interface in java.util">Date</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#getTimestamp()">getTimestamp</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the timestamp.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;boolean</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#isPublicAuthority()">isPublicAuthority</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the publicAuthority.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;boolean</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#isQualifiedCertificate()">isQualifiedCertificate</A></B>()</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns the qualifiedCertificate.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setAssertionID(java.lang.String)">setAssertionID</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;assertionID)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the assertionID.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setDateOfBirth(java.lang.String)">setDateOfBirth</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;dateOfBirth)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the dateOfBirth.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setFamilyName(java.lang.String)">setFamilyName</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;gamilyName)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the familyName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setGivenName(java.lang.String)">setGivenName</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;givenName)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the givenName.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationType(java.lang.String)">setIdentificationType</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;identificationType)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the identificationType.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationValue(java.lang.String)">setIdentificationValue</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;identificationValue)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the identificationValue.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssueInstant(java.lang.String)">setIssueInstant</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;issueInstant)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the issueInstant.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssuer(java.lang.String)">setIssuer</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;issuer)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the issuer.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setMajorVersion(int)">setMajorVersion</A></B>(int&nbsp;majorVersion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the majorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setMinorVersion(int)">setMinorVersion</A></B>(int&nbsp;minorVersion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the minorVersion.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setPBK(java.lang.String)">setPBK</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bPK)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the bPK.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthority(boolean)">setPublicAuthority</A></B>(boolean&nbsp;publicAuthority)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the publicAuthority.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthorityCode(java.lang.String)">setPublicAuthorityCode</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;publicAuthorityIdentification)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the publicAuthorityCode.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setQualifiedCertificate(boolean)">setQualifiedCertificate</A></B>(boolean&nbsp;qualifiedCertificate)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the qualifiedCertificate.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html#setSamlAssertion(java.lang.String)">setSamlAssertion</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;samlAssertion)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Sets the samlAssertion.</TD>
+</TR>
+</TABLE>
+&nbsp;<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()" title="class or interface in java.lang">clone</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)" title="class or interface in java.lang">equals</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()" title="class or interface in java.lang">finalize</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()" title="class or interface in java.lang">getClass</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()" title="class or interface in java.lang">hashCode</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()" title="class or interface in java.lang">notify</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()" title="class or interface in java.lang">notifyAll</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()" title="class or interface in java.lang">toString</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)" title="class or interface in java.lang">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="AuthenticationData()"><!-- --></A><H3>
+AuthenticationData</H3>
+<PRE>
+public <B>AuthenticationData</B>()</PRE>
+<DL>
+<DD>Constructor for AuthenticationData.
+<P>
+</DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getMinorVersion()"><!-- --></A><H3>
+getMinorVersion</H3>
+<PRE>
+public int <B>getMinorVersion</B>()</PRE>
+<DL>
+<DD>Returns the minorVersion.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>int</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="isPublicAuthority()"><!-- --></A><H3>
+isPublicAuthority</H3>
+<PRE>
+public boolean <B>isPublicAuthority</B>()</PRE>
+<DL>
+<DD>Returns the publicAuthority.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>boolean</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getPublicAuthorityCode()"><!-- --></A><H3>
+getPublicAuthorityCode</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getPublicAuthorityCode</B>()</PRE>
+<DL>
+<DD>Returns the publicAuthorityCode.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="isQualifiedCertificate()"><!-- --></A><H3>
+isQualifiedCertificate</H3>
+<PRE>
+public boolean <B>isQualifiedCertificate</B>()</PRE>
+<DL>
+<DD>Returns the qualifiedCertificate.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>boolean</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getPBK()"><!-- --></A><H3>
+getPBK</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getPBK</B>()</PRE>
+<DL>
+<DD>Returns the bPK.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setMinorVersion(int)"><!-- --></A><H3>
+setMinorVersion</H3>
+<PRE>
+public void <B>setMinorVersion</B>(int&nbsp;minorVersion)</PRE>
+<DL>
+<DD>Sets the minorVersion.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>minorVersion</CODE> - The minorVersion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setPublicAuthority(boolean)"><!-- --></A><H3>
+setPublicAuthority</H3>
+<PRE>
+public void <B>setPublicAuthority</B>(boolean&nbsp;publicAuthority)</PRE>
+<DL>
+<DD>Sets the publicAuthority.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>publicAuthority</CODE> - The publicAuthority to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setPublicAuthorityCode(java.lang.String)"><!-- --></A><H3>
+setPublicAuthorityCode</H3>
+<PRE>
+public void <B>setPublicAuthorityCode</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;publicAuthorityIdentification)</PRE>
+<DL>
+<DD>Sets the publicAuthorityCode.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setQualifiedCertificate(boolean)"><!-- --></A><H3>
+setQualifiedCertificate</H3>
+<PRE>
+public void <B>setQualifiedCertificate</B>(boolean&nbsp;qualifiedCertificate)</PRE>
+<DL>
+<DD>Sets the qualifiedCertificate.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>qualifiedCertificate</CODE> - The qualifiedCertificate to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setPBK(java.lang.String)"><!-- --></A><H3>
+setPBK</H3>
+<PRE>
+public void <B>setPBK</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;bPK)</PRE>
+<DL>
+<DD>Sets the bPK.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>bPK</CODE> - The bPK to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAssertionID()"><!-- --></A><H3>
+getAssertionID</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getAssertionID</B>()</PRE>
+<DL>
+<DD>Returns the assertionID.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getDateOfBirth()"><!-- --></A><H3>
+getDateOfBirth</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getDateOfBirth</B>()</PRE>
+<DL>
+<DD>Returns the dateOfBirth.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getFamilyName()"><!-- --></A><H3>
+getFamilyName</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getFamilyName</B>()</PRE>
+<DL>
+<DD>Returns the familyName.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getGivenName()"><!-- --></A><H3>
+getGivenName</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getGivenName</B>()</PRE>
+<DL>
+<DD>Returns the givenName.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIdentificationValue()"><!-- --></A><H3>
+getIdentificationValue</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getIdentificationValue</B>()</PRE>
+<DL>
+<DD>Returns the identificationValue.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIdentificationType()"><!-- --></A><H3>
+getIdentificationType</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getIdentificationType</B>()</PRE>
+<DL>
+<DD>Returns the identificationType
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIssueInstant()"><!-- --></A><H3>
+getIssueInstant</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getIssueInstant</B>()</PRE>
+<DL>
+<DD>Returns the issueInstant.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getIssuer()"><!-- --></A><H3>
+getIssuer</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getIssuer</B>()</PRE>
+<DL>
+<DD>Returns the issuer.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getMajorVersion()"><!-- --></A><H3>
+getMajorVersion</H3>
+<PRE>
+public int <B>getMajorVersion</B>()</PRE>
+<DL>
+<DD>Returns the majorVersion.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>int</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setAssertionID(java.lang.String)"><!-- --></A><H3>
+setAssertionID</H3>
+<PRE>
+public void <B>setAssertionID</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;assertionID)</PRE>
+<DL>
+<DD>Sets the assertionID.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>assertionID</CODE> - The assertionID to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setDateOfBirth(java.lang.String)"><!-- --></A><H3>
+setDateOfBirth</H3>
+<PRE>
+public void <B>setDateOfBirth</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;dateOfBirth)</PRE>
+<DL>
+<DD>Sets the dateOfBirth.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>dateOfBirth</CODE> - The dateOfBirth to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setFamilyName(java.lang.String)"><!-- --></A><H3>
+setFamilyName</H3>
+<PRE>
+public void <B>setFamilyName</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;gamilyName)</PRE>
+<DL>
+<DD>Sets the familyName.
+<P>
+<DD><DL>
+</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setGivenName(java.lang.String)"><!-- --></A><H3>
+setGivenName</H3>
+<PRE>
+public void <B>setGivenName</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;givenName)</PRE>
+<DL>
+<DD>Sets the givenName.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>givenName</CODE> - The givenName to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIdentificationValue(java.lang.String)"><!-- --></A><H3>
+setIdentificationValue</H3>
+<PRE>
+public void <B>setIdentificationValue</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;identificationValue)</PRE>
+<DL>
+<DD>Sets the identificationValue.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>identificationValue</CODE> - The identificationValue to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIdentificationType(java.lang.String)"><!-- --></A><H3>
+setIdentificationType</H3>
+<PRE>
+public void <B>setIdentificationType</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;identificationType)</PRE>
+<DL>
+<DD>Sets the identificationType.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>identificationType</CODE> - The identificationType to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIssueInstant(java.lang.String)"><!-- --></A><H3>
+setIssueInstant</H3>
+<PRE>
+public void <B>setIssueInstant</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;issueInstant)</PRE>
+<DL>
+<DD>Sets the issueInstant.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>issueInstant</CODE> - The issueInstant to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setIssuer(java.lang.String)"><!-- --></A><H3>
+setIssuer</H3>
+<PRE>
+public void <B>setIssuer</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;issuer)</PRE>
+<DL>
+<DD>Sets the issuer.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>issuer</CODE> - The issuer to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setMajorVersion(int)"><!-- --></A><H3>
+setMajorVersion</H3>
+<PRE>
+public void <B>setMajorVersion</B>(int&nbsp;majorVersion)</PRE>
+<DL>
+<DD>Sets the majorVersion.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>majorVersion</CODE> - The majorVersion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getSamlAssertion()"><!-- --></A><H3>
+getSamlAssertion</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>getSamlAssertion</B>()</PRE>
+<DL>
+<DD>Returns the samlAssertion.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>String</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="setSamlAssertion(java.lang.String)"><!-- --></A><H3>
+setSamlAssertion</H3>
+<PRE>
+public void <B>setSamlAssertion</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;samlAssertion)</PRE>
+<DL>
+<DD>Sets the samlAssertion.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>samlAssertion</CODE> - The samlAssertion to set</DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getTimestamp()"><!-- --></A><H3>
+getTimestamp</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Date.html" title="class or interface in java.util">Date</A> <B>getTimestamp</B>()</PRE>
+<DL>
+<DD>Returns the timestamp.
+<P>
+<DD><DL>
+
+<DT><B>Returns:</B><DD>Date</DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/AuthenticationData.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html
new file mode 100644
index 000000000..44c47942a
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html
@@ -0,0 +1,214 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Class at.gv.egovernment.moa.id.data.AuthenticationData (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Class at.gv.egovernment.moa.id.data.AuthenticationData (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.data.AuthenticationData</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.auth"><B>at.gv.egovernment.moa.id.auth</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.proxy"><B>at.gv.egovernment.moa.id.proxy</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A> in <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in <A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A> that return <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A></CODE></FONT></TD>
+<TD><CODE><B>AuthenticationServer.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)">getAuthenticationData</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;samlArtifact)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A> in <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A> with parameters of type <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="AuthenticationData.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-frame.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-frame.html
new file mode 100644
index 000000000..b3be4f39a
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-frame.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.data (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.data package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameTitleFont">
+<A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-summary.html" target="classFrame">at.gv.egovernment.moa.id.data</A></FONT>
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT size="+1" CLASS="FrameHeadingFont">
+Classes</FONT>&nbsp;
+<FONT CLASS="FrameItemFont">
+<BR>
+<A HREF="AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data" target="classFrame">AuthenticationData</A></FONT></TD>
+</TR>
+</TABLE>
+
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-summary.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-summary.html
new file mode 100644
index 000000000..28b8dd351
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-summary.html
@@ -0,0 +1,148 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.data (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.data package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.data (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<H2>
+Package at.gv.egovernment.moa.id.data
+</H2>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A></B></TD>
+<TD>Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;
+
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-tree.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-tree.html
new file mode 100644
index 000000000..6911edcdb
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-tree.html
@@ -0,0 +1,145 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.data Class Hierarchy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.data Class Hierarchy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For Package at.gv.egovernment.moa.id.data
+</H2>
+</CENTER>
+<DL>
+<DT><B>Package Hierarchies:</B><DD><A HREF="../../../../../../overview-tree.html">All Packages</A></DL>
+<HR>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang"><B>Object</B></A><UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.data.<A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data"><B>AuthenticationData</B></A></UL>
+</UL>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-use.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-use.html
new file mode 100644
index 000000000..c90a703c9
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/data/package-use.html
@@ -0,0 +1,181 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Package at.gv.egovernment.moa.id.data (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Package at.gv.egovernment.moa.id.data (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Package<br>at.gv.egovernment.moa.id.data</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-summary.html">at.gv.egovernment.moa.id.data</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.auth"><B>at.gv.egovernment.moa.id.auth</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.proxy"><B>at.gv.egovernment.moa.id.proxy</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Classes in <A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-summary.html">at.gv.egovernment.moa.id.data</A> used by <A HREF="../../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html#at.gv.egovernment.moa.id.auth"><B>AuthenticationData</B></A></B>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Classes in <A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-summary.html">at.gv.egovernment.moa.id.data</A> used by <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><B><A HREF="../../../../../../at/gv/egovernment/moa/id/data/class-use/AuthenticationData.html#at.gv.egovernment.moa.id.proxy"><B>AuthenticationData</B></A></B>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-frame.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-frame.html
new file mode 100644
index 000000000..9c4352356
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-frame.html
@@ -0,0 +1,32 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameTitleFont">
+<A HREF="../../../../../at/gv/egovernment/moa/id/package-summary.html" target="classFrame">at.gv.egovernment.moa.id</A></FONT>
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT size="+1" CLASS="FrameHeadingFont">
+Classes</FONT>&nbsp;
+<FONT CLASS="FrameItemFont">
+<BR>
+<A HREF="AuthenticationException.html" title="class in at.gv.egovernment.moa.id" target="classFrame">AuthenticationException</A></FONT></TD>
+</TR>
+</TABLE>
+
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-summary.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-summary.html
new file mode 100644
index 000000000..3750976f2
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-summary.html
@@ -0,0 +1,148 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV PACKAGE&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<H2>
+Package at.gv.egovernment.moa.id
+</H2>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A></B></TD>
+<TD>Exception thrown during handling of AuthenticationSession</TD>
+</TR>
+</TABLE>
+&nbsp;
+
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV PACKAGE&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/package-summary.html"><B>NEXT PACKAGE</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-tree.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-tree.html
new file mode 100644
index 000000000..ebf3b1498
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-tree.html
@@ -0,0 +1,147 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id Class Hierarchy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id Class Hierarchy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For Package at.gv.egovernment.moa.id
+</H2>
+</CENTER>
+<DL>
+<DT><B>Package Hierarchies:</B><DD><A HREF="../../../../../overview-tree.html">All Packages</A></DL>
+<HR>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang"><B>Object</B></A><UL>
+<LI TYPE="circle">class MOAIDException<UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.<A HREF="../../../../../at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id"><B>AuthenticationException</B></A></UL>
+</UL>
+</UL>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;<A HREF="../../../../../at/gv/egovernment/moa/id/auth/package-tree.html"><B>NEXT</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-use.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-use.html
new file mode 100644
index 000000000..bc895c974
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/package-use.html
@@ -0,0 +1,162 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Package at.gv.egovernment.moa.id (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Package at.gv.egovernment.moa.id (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Package<br>at.gv.egovernment.moa.id</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../at/gv/egovernment/moa/id/package-summary.html">at.gv.egovernment.moa.id</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.auth"><B>at.gv.egovernment.moa.id.auth</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.auth"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Classes in <A HREF="../../../../../at/gv/egovernment/moa/id/package-summary.html">at.gv.egovernment.moa.id</A> used by <A HREF="../../../../../at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><B><A HREF="../../../../../at/gv/egovernment/moa/id/class-use/AuthenticationException.html#at.gv.egovernment.moa.id.auth"><B>AuthenticationException</B></A></B>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Exception thrown during handling of AuthenticationSession</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html
new file mode 100644
index 000000000..398be7e71
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html
@@ -0,0 +1,249 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+ConnectionBuilder (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.proxy.ConnectionBuilder interface">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="ConnectionBuilder (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Interface ConnectionBuilder</H2>
+<HR>
+<DL>
+<DT>public interface <B>ConnectionBuilder</B></DL>
+
+<P>
+Builder for <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html" title="class or interface in java.net"><CODE>URLConnection</CODE></A> objects used to forward requests
+ to the remote online application.
+<P>
+
+<P>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/HttpURLConnection.html" title="class or interface in java.net">HttpURLConnection</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html#buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory, java.util.Map)">buildConnection</A></B>(javax.servlet.http.HttpServletRequest&nbsp;request,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;publicURLPrefix,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;realURLPrefix,
+ javax.net.ssl.SSLSocketFactory&nbsp;sslSocketFactory,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A>&nbsp;parameters)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html" title="class or interface in java.net"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory, java.util.Map)"><!-- --></A><H3>
+buildConnection</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/HttpURLConnection.html" title="class or interface in java.net">HttpURLConnection</A> <B>buildConnection</B>(javax.servlet.http.HttpServletRequest&nbsp;request,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;publicURLPrefix,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;realURLPrefix,
+ javax.net.ssl.SSLSocketFactory&nbsp;sslSocketFactory,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A>&nbsp;parameters)
+ throws <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/io/IOException.html" title="class or interface in java.io">IOException</A></PRE>
+<DL>
+<DD>Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html" title="class or interface in java.net"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.<br>
+ The HttpURLConnection has been created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()" title="class or interface in java.net"><CODE>URL.openConnection()</CODE></A>, but
+ it has not yet been connected to by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html#connect()" title="class or interface in java.net"><CODE>URLConnection.connect()</CODE></A>.<br>
+ The field settings of the HttpURLConnection are:
+ <ul>
+ <li><code>allowUserInteraction = false</code></li>
+ <li><code>doInput = true</code></li>
+ <li><code>doOutput = true</code></li>
+ <li><code>requestMethod = request.getMethod()</code></li>
+ <li><code>useCaches = false</code></li>
+ </ul>
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>request</CODE> - the incoming request which shall be forwarded<DD><CODE>publicURLPrefix</CODE> - the public URL prefix to be substituted by the real URL prefix<DD><CODE>realURLPrefix</CODE> - the URL prefix to substitute the public URL prefix<DD><CODE>sslSocketFactory</CODE> - factory to be used for creating an SSL socket in case
+ of a URL for scheme <code>"https:"</code>;
+ <br>if <code>null</code>, the default SSL socket factory would be used<DD><CODE>parameters</CODE> - parameters to be forwarded
+<DT><B>Returns:</B><DD>a URLConnection created by <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()" title="class or interface in java.net"><CODE>URL.openConnection()</CODE></A>, connecting to
+ the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code>
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/io/IOException.html" title="class or interface in java.io">IOException</A></CODE> - if an I/O exception occurs during opening the connection<DT><B>See Also:</B><DD><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html#openConnection()" title="class or interface in java.net"><CODE>URL.openConnection()</CODE></A>,
+<CODE>com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()</CODE></DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/ConnectionBuilder.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV CLASS&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html
new file mode 100644
index 000000000..0b2926e55
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html
@@ -0,0 +1,506 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+LoginParameterResolver (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.proxy.LoginParameterResolver interface">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="LoginParameterResolver (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Interface LoginParameterResolver</H2>
+<HR>
+<DL>
+<DT>public interface <B>LoginParameterResolver</B></DL>
+
+<P>
+Determines authentication parameters and headers to be added to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html" title="class or interface in java.net"><CODE>URLConnection</CODE></A>
+ to the remote online application.
+ Utilizes <A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy"><CODE>OAConfiguration</CODE></A> and <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data"><CODE>AuthenticationData</CODE></A>.
+<P>
+
+<P>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+<A NAME="field_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Field Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABKZ">MOABKZ</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABPK">MOABPK</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOADateOfBirth">MOADateOfBirth</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAFamilyName">MOAFamilyName</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAGivenName">MOAGivenName</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIdentificationValueType">MOAIdentificationValueType</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIPAddress">MOAIPAddress</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAPublicAuthority">MOAPublicAuthority</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAQualifiedCertificate">MOAQualifiedCertificate</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>static&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAStammzahl">MOAStammzahl</A></B></CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code></TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="method_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Method Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#configure(java.lang.String)">configure</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;configuration)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+<A NAME="field_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Field Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="MOAGivenName"><!-- --></A><H3>
+MOAGivenName</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOAGivenName</B></PRE>
+<DL>
+<DD>Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAGivenName">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOAFamilyName"><!-- --></A><H3>
+MOAFamilyName</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOAFamilyName</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAFamilyName">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOADateOfBirth"><!-- --></A><H3>
+MOADateOfBirth</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOADateOfBirth</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOADateOfBirth">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOABPK"><!-- --></A><H3>
+MOABPK</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOABPK</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOABPK">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOAPublicAuthority"><!-- --></A><H3>
+MOAPublicAuthority</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOAPublicAuthority</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAPublicAuthority">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOABKZ"><!-- --></A><H3>
+MOABKZ</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOABKZ</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOABKZ">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOAQualifiedCertificate"><!-- --></A><H3>
+MOAQualifiedCertificate</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOAQualifiedCertificate</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAQualifiedCertificate">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOAStammzahl"><!-- --></A><H3>
+MOAStammzahl</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOAStammzahl</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAStammzahl">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOAIdentificationValueType"><!-- --></A><H3>
+MOAIdentificationValueType</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOAIdentificationValueType</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAIdentificationValueType">Constant Field Values</A></DL>
+</DL>
+<HR>
+
+<A NAME="MOAIPAddress"><!-- --></A><H3>
+MOAIPAddress</H3>
+<PRE>
+public static final <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A> <B>MOAIPAddress</B></PRE>
+<DL>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../constant-values.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAIPAddress">Constant Field Values</A></DL>
+</DL>
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<A NAME="method_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Method Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><!-- --></A><H3>
+getAuthenticationHeaders</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A> <B>getAuthenticationHeaders</B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A>,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A></PRE>
+<DL>
+<DD>Returns authentication headers to be added to a URLConnection.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>oaConf</CODE> - configuration data<DD><CODE>authData</CODE> - authentication data<DD><CODE>clientIPAddress</CODE> - client IP address
+<DT><B>Returns:</B><DD>A map, the keys being header names and values being corresponding header values.
+ <br>In case of authentication type <code>"basic-auth"</code>, header fields
+ <code>username</code> and <code>password</code>.
+ <br>In case of authentication type <code>"header-auth"</code>, header fields
+ derived from parameter mapping and authentication data provided.
+ <br>Otherwise, an empty map.
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A></CODE>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A></CODE></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><!-- --></A><H3>
+getAuthenticationParameters</H3>
+<PRE>
+public <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A> <B>getAuthenticationParameters</B>(<A HREF="../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A></PRE>
+<DL>
+<DD>Returns request parameters to be added to a URLConnection.
+<P>
+<DD><DL>
+<DT><B>Parameters:</B><DD><CODE>oaConf</CODE> - configuration data<DD><CODE>authData</CODE> - authentication data<DD><CODE>clientIPAddress</CODE> - client IP address
+<DT><B>Returns:</B><DD>A map, the keys being parameter names and values being corresponding parameter values.
+ <br>In case of authentication type <code>"param-auth"</code>, parameters
+ derived from parameter mapping and authentication data provided.
+ <br>Otherwise, an empty map.
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A></CODE></DL>
+</DD>
+</DL>
+<HR>
+
+<A NAME="configure(java.lang.String)"><!-- --></A><H3>
+configure</H3>
+<PRE>
+public void <B>configure</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;configuration)
+ throws <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A>,
+ <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A></PRE>
+<DL>
+<DD><DL>
+
+<DT><B>Throws:</B>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A></CODE>
+<DD><CODE><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A></CODE></DL>
+</DD>
+</DL>
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolver.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;<A HREF="#field_summary">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_summary">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;<A HREF="#field_detail">FIELD</A>&nbsp;|&nbsp;CONSTR&nbsp;|&nbsp;<A HREF="#method_detail">METHOD</A></FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html
new file mode 100644
index 000000000..fd4dd84d2
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html
@@ -0,0 +1,251 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+LoginParameterResolverException (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.proxy.LoginParameterResolverException class">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="LoginParameterResolverException (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolverException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolverException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Class LoginParameterResolverException</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">java.lang.Object</A>
+ <IMG SRC="../../../../../../resources/inherit.gif" ALT="extended by">MOAIDException
+ <IMG SRC="../../../../../../resources/inherit.gif" ALT="extended by"><B>at.gv.egovernment.moa.id.proxy.LoginParameterResolverException</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>LoginParameterResolverException</B><DT>extends MOAIDException</DL>
+
+<P>
+Exception thrown while proxying a request to the online application
+<P>
+
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../serialized-form.html#at.gv.egovernment.moa.id.proxy.LoginParameterResolverException">Serialized Form</A></DL>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html#LoginParameterResolverException(java.lang.String, java.lang.Object[])">LoginParameterResolverException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for LoginParameterResolverException.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html#LoginParameterResolverException(java.lang.String, java.lang.Object[], java.lang.Throwable)">LoginParameterResolverException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Throwable.html" title="class or interface in java.lang">Throwable</A>&nbsp;wrapped)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for LoginParameterResolverException.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()" title="class or interface in java.lang">clone</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)" title="class or interface in java.lang">equals</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()" title="class or interface in java.lang">finalize</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()" title="class or interface in java.lang">getClass</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()" title="class or interface in java.lang">hashCode</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()" title="class or interface in java.lang">notify</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()" title="class or interface in java.lang">notifyAll</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()" title="class or interface in java.lang">toString</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)" title="class or interface in java.lang">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="LoginParameterResolverException(java.lang.String, java.lang.Object[])"><!-- --></A><H3>
+LoginParameterResolverException</H3>
+<PRE>
+public <B>LoginParameterResolverException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters)</PRE>
+<DL>
+<DD>Constructor for LoginParameterResolverException.
+<P>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - <DD><CODE>parameters</CODE> - </DL>
+<HR>
+
+<A NAME="LoginParameterResolverException(java.lang.String, java.lang.Object[], java.lang.Throwable)"><!-- --></A><H3>
+LoginParameterResolverException</H3>
+<PRE>
+public <B>LoginParameterResolverException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Throwable.html" title="class or interface in java.lang">Throwable</A>&nbsp;wrapped)</PRE>
+<DL>
+<DD>Constructor for LoginParameterResolverException.
+<P>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - <DD><CODE>parameters</CODE> - <DD><CODE>wrapped</CODE> - </DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/LoginParameterResolverException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>NEXT CLASS</B></A></FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolverException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/NotAllowedException.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/NotAllowedException.html
new file mode 100644
index 000000000..7c01bd12f
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/NotAllowedException.html
@@ -0,0 +1,253 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+NotAllowedException (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.proxy.NotAllowedException class">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="NotAllowedException (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/NotAllowedException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="NotAllowedException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<!-- ======== START OF CLASS DATA ======== -->
+<H2>
+<FONT SIZE="-1">
+at.gv.egovernment.moa.id.proxy</FONT>
+<BR>
+Class NotAllowedException</H2>
+<PRE>
+<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">java.lang.Object</A>
+ <IMG SRC="../../../../../../resources/inherit.gif" ALT="extended by">MOAIDException
+ <IMG SRC="../../../../../../resources/inherit.gif" ALT="extended by"><B>at.gv.egovernment.moa.id.proxy.NotAllowedException</B>
+</PRE>
+<HR>
+<DL>
+<DT>public class <B>NotAllowedException</B><DT>extends MOAIDException</DL>
+
+<P>
+Exception thrown while proxying a request to the online application
+ Reason for this exception: the dedicated LoginParameterResolver does
+ not allow access to the desired ressource.
+<P>
+
+<P>
+<DL>
+<DT><B>See Also:</B><DD><A HREF="../../../../../../serialized-form.html#at.gv.egovernment.moa.id.proxy.NotAllowedException">Serialized Form</A></DL>
+<HR>
+
+<P>
+<!-- ======== NESTED CLASS SUMMARY ======== -->
+
+
+<!-- =========== FIELD SUMMARY =========== -->
+
+
+<!-- ======== CONSTRUCTOR SUMMARY ======== -->
+
+<A NAME="constructor_summary"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Constructor Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html#NotAllowedException(java.lang.String, java.lang.Object[])">NotAllowedException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for NotAllowedException.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html#NotAllowedException(java.lang.String, java.lang.Object[], java.lang.Throwable)">NotAllowedException</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Throwable.html" title="class or interface in java.lang">Throwable</A>&nbsp;wrapped)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Constructor for NotAllowedException.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<!-- ========== METHOD SUMMARY =========== -->
+
+<A NAME="methods_inherited_from_class_java.lang.Object"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD><B>Methods inherited from class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><CODE><A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#clone()" title="class or interface in java.lang">clone</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#equals(java.lang.Object)" title="class or interface in java.lang">equals</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#finalize()" title="class or interface in java.lang">finalize</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#getClass()" title="class or interface in java.lang">getClass</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#hashCode()" title="class or interface in java.lang">hashCode</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notify()" title="class or interface in java.lang">notify</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#notifyAll()" title="class or interface in java.lang">notifyAll</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#toString()" title="class or interface in java.lang">toString</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait()" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long)" title="class or interface in java.lang">wait</A>, <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html#wait(long, int)" title="class or interface in java.lang">wait</A></CODE></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<!-- ============ FIELD DETAIL =========== -->
+
+
+<!-- ========= CONSTRUCTOR DETAIL ======== -->
+
+<A NAME="constructor_detail"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=1><FONT SIZE="+2">
+<B>Constructor Detail</B></FONT></TD>
+</TR>
+</TABLE>
+
+<A NAME="NotAllowedException(java.lang.String, java.lang.Object[])"><!-- --></A><H3>
+NotAllowedException</H3>
+<PRE>
+public <B>NotAllowedException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters)</PRE>
+<DL>
+<DD>Constructor for NotAllowedException.
+<P>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - <DD><CODE>parameters</CODE> - </DL>
+<HR>
+
+<A NAME="NotAllowedException(java.lang.String, java.lang.Object[], java.lang.Throwable)"><!-- --></A><H3>
+NotAllowedException</H3>
+<PRE>
+public <B>NotAllowedException</B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;messageId,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang">Object</A>[]&nbsp;parameters,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Throwable.html" title="class or interface in java.lang">Throwable</A>&nbsp;wrapped)</PRE>
+<DL>
+<DD>Constructor for NotAllowedException.
+<P>
+<DT><B>Parameters:</B><DD><CODE>messageId</CODE> - <DD><CODE>parameters</CODE> - <DD><CODE>wrapped</CODE> - </DL>
+
+<!-- ============ METHOD DETAIL ========== -->
+
+<!-- ========= END OF CLASS DATA ========= -->
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Class</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="class-use/NotAllowedException.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>PREV CLASS</B></A>&nbsp;
+&nbsp;NEXT CLASS</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="NotAllowedException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+<TR>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+ SUMMARY:&nbsp;NESTED&nbsp;|&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_summary">CONSTR</A>&nbsp;|&nbsp;<A HREF="#methods_inherited_from_class_java.lang.Object">METHOD</A></FONT></TD>
+<TD VALIGN="top" CLASS="NavBarCell3"><FONT SIZE="-2">
+DETAIL:&nbsp;FIELD&nbsp;|&nbsp;<A HREF="#constructor_detail">CONSTR</A>&nbsp;|&nbsp;METHOD</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html
new file mode 100644
index 000000000..69af13810
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/ConnectionBuilder.html
@@ -0,0 +1,136 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Interface at.gv.egovernment.moa.id.proxy.ConnectionBuilder (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Interface at.gv.egovernment.moa.id.proxy.ConnectionBuilder (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Interface<br>at.gv.egovernment.moa.id.proxy.ConnectionBuilder</B></H2>
+</CENTER>
+No usage of at.gv.egovernment.moa.id.proxy.ConnectionBuilder
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="ConnectionBuilder.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html
new file mode 100644
index 000000000..aca06fa02
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolver.html
@@ -0,0 +1,136 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Interface at.gv.egovernment.moa.id.proxy.LoginParameterResolver (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Interface at.gv.egovernment.moa.id.proxy.LoginParameterResolver (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Interface<br>at.gv.egovernment.moa.id.proxy.LoginParameterResolver</B></H2>
+</CENTER>
+No usage of at.gv.egovernment.moa.id.proxy.LoginParameterResolver
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolver.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolverException.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolverException.html
new file mode 100644
index 000000000..ccd7d50cf
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolverException.html
@@ -0,0 +1,192 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Class at.gv.egovernment.moa.id.proxy.LoginParameterResolverException (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Class at.gv.egovernment.moa.id.proxy.LoginParameterResolverException (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolverException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.proxy.LoginParameterResolverException</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.proxy"><B>at.gv.egovernment.moa.id.proxy</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A> in <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A> that throw <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationParameters</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns request parameters to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#configure(java.lang.String)">configure</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;configuration)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="LoginParameterResolverException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/NotAllowedException.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/NotAllowedException.html
new file mode 100644
index 000000000..fa0e1f24e
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/class-use/NotAllowedException.html
@@ -0,0 +1,182 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Class at.gv.egovernment.moa.id.proxy.NotAllowedException (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Class at.gv.egovernment.moa.id.proxy.NotAllowedException (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="NotAllowedException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Class<br>at.gv.egovernment.moa.id.proxy.NotAllowedException</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.proxy"><B>at.gv.egovernment.moa.id.proxy</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Uses of <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A> in <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2>Methods in <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A> that throw <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/util/Map.html" title="class or interface in java.util">Map</A></CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)">getAuthenticationHeaders</A></B>(<A HREF="../../../../../../../at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>&nbsp;oaConf,
+ <A HREF="../../../../../../../at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>&nbsp;authData,
+ <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;clientIPAddress)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Returns authentication headers to be added to a URLConnection.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD ALIGN="right" VALIGN="top" WIDTH="1%"><FONT SIZE="-1">
+<CODE>&nbsp;void</CODE></FONT></TD>
+<TD><CODE><B>LoginParameterResolver.</B><B><A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#configure(java.lang.String)">configure</A></B>(<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A>&nbsp;configuration)</CODE>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy"><FONT CLASS="NavBarFont1"><B>Class</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="NotAllowedException.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-frame.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-frame.html
new file mode 100644
index 000000000..a8afe874e
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-frame.html
@@ -0,0 +1,47 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.proxy (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.proxy package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+<FONT size="+1" CLASS="FrameTitleFont">
+<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html" target="classFrame">at.gv.egovernment.moa.id.proxy</A></FONT>
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT size="+1" CLASS="FrameHeadingFont">
+Interfaces</FONT>&nbsp;
+<FONT CLASS="FrameItemFont">
+<BR>
+<A HREF="ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy" target="classFrame"><I>ConnectionBuilder</I></A>
+<BR>
+<A HREF="LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy" target="classFrame"><I>LoginParameterResolver</I></A></FONT></TD>
+</TR>
+</TABLE>
+
+
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT size="+1" CLASS="FrameHeadingFont">
+Classes</FONT>&nbsp;
+<FONT CLASS="FrameItemFont">
+<BR>
+<A HREF="LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy" target="classFrame">LoginParameterResolverException</A>
+<BR>
+<A HREF="NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy" target="classFrame">NotAllowedException</A></FONT></TD>
+</TR>
+</TABLE>
+
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-summary.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-summary.html
new file mode 100644
index 000000000..9c6f09843
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-summary.html
@@ -0,0 +1,175 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.proxy (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="at.gv.egovernment.moa.id.proxy package">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.proxy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;NEXT PACKAGE</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<H2>
+Package at.gv.egovernment.moa.id.proxy
+</H2>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Interface Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy">ConnectionBuilder</A></B></TD>
+<TD>Builder for <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html" title="class or interface in java.net"><CODE>URLConnection</CODE></A> objects used to forward requests
+ to the remote online application.</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A></B></TD>
+<TD>Determines authentication parameters and headers to be added to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html" title="class or interface in java.net"><CODE>URLConnection</CODE></A>
+ to the remote online application.
+ </TD>
+</TR>
+</TABLE>
+&nbsp;
+
+<P>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class Summary</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A></B></TD>
+<TD>Exception thrown while proxying a request to the online application</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="15%"><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A></B></TD>
+<TD>Exception thrown while proxying a request to the online application
+ Reason for this exception: the dedicated LoginParameterResolver does
+ not allow access to the desired ressource.</TD>
+</TR>
+</TABLE>
+&nbsp;
+
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Package</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-use.html"><FONT CLASS="NavBarFont1"><B>Use</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-summary.html"><B>PREV PACKAGE</B></A>&nbsp;
+&nbsp;NEXT PACKAGE</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-tree.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-tree.html
new file mode 100644
index 000000000..90e057ebc
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-tree.html
@@ -0,0 +1,154 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+at.gv.egovernment.moa.id.proxy Class Hierarchy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="at.gv.egovernment.moa.id.proxy Class Hierarchy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For Package at.gv.egovernment.moa.id.proxy
+</H2>
+</CENTER>
+<DL>
+<DT><B>Package Hierarchies:</B><DD><A HREF="../../../../../../overview-tree.html">All Packages</A></DL>
+<HR>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang"><B>Object</B></A><UL>
+<LI TYPE="circle">class MOAIDException<UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.proxy.<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>NotAllowedException</B></A></UL>
+<LI TYPE="circle">class MOAIDException<UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.proxy.<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>LoginParameterResolverException</B></A></UL>
+</UL>
+</UL>
+<H2>
+Interface Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>ConnectionBuilder</B></A><LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>LoginParameterResolver</B></A></UL>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;<A HREF="../../../../../../at/gv/egovernment/moa/id/data/package-tree.html"><B>PREV</B></A>&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-use.html b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-use.html
new file mode 100644
index 000000000..a8c6c026b
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/at/gv/egovernment/moa/id/proxy/package-use.html
@@ -0,0 +1,170 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Uses of Package at.gv.egovernment.moa.id.proxy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="../../../../../../stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Uses of Package at.gv.egovernment.moa.id.proxy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Uses of Package<br>at.gv.egovernment.moa.id.proxy</B></H2>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Packages that use <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><A HREF="#at.gv.egovernment.moa.id.proxy"><B>at.gv.egovernment.moa.id.proxy</B></A></TD>
+<TD>&nbsp;&nbsp;</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<A NAME="at.gv.egovernment.moa.id.proxy"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+Classes in <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A> used by <A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/class-use/LoginParameterResolverException.html#at.gv.egovernment.moa.id.proxy"><B>LoginParameterResolverException</B></A></B>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Exception thrown while proxying a request to the online application</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD><B><A HREF="../../../../../../at/gv/egovernment/moa/id/proxy/class-use/NotAllowedException.html#at.gv.egovernment.moa.id.proxy"><B>NotAllowedException</B></A></B>
+
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;Exception thrown while proxying a request to the online application
+ Reason for this exception: the dedicated LoginParameterResolver does
+ not allow access to the desired ressource.</TD>
+</TR>
+</TABLE>
+&nbsp;
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-summary.html"><FONT CLASS="NavBarFont1"><B>Package</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Use</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="package-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="../../../../../../help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="../../../../../../index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="package-use.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="../../../../../../allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/constant-values.html b/id/server/doc/moa_id/api-doc/constant-values.html
new file mode 100644
index 000000000..bc145c359
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/constant-values.html
@@ -0,0 +1,262 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Constant Field Values (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Constant Field Values (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="constant-values.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H1>
+Constant Field Values</H1>
+</CENTER>
+<HR SIZE="4" NOSHADE>
+<B>Contents</B><UL>
+<LI><A HREF="#at.gv">at.gv.*</A>
+</UL>
+
+<A NAME="at.gv"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD ALIGN="left"><FONT SIZE="+2">
+<B>at.gv.*</B></FONT></TD>
+</TR>
+</TABLE>
+
+<P>
+
+<TABLE BORDER="0" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=3><B>at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.config.proxy.OAConfiguration.BASIC_AUTH"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#BASIC_AUTH">BASIC_AUTH</A></CODE></TD>
+<TD ALIGN="right"><CODE>"basic"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.config.proxy.OAConfiguration.HEADER_AUTH"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#HEADER_AUTH">HEADER_AUTH</A></CODE></TD>
+<TD ALIGN="right"><CODE>"header"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.config.proxy.OAConfiguration.LOGINTYPE_STATEFUL"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATEFUL">LOGINTYPE_STATEFUL</A></CODE></TD>
+<TD ALIGN="right"><CODE>"stateful"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.config.proxy.OAConfiguration.LOGINTYPE_STATELESS"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATELESS">LOGINTYPE_STATELESS</A></CODE></TD>
+<TD ALIGN="right"><CODE>"stateless"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.config.proxy.OAConfiguration.PARAM_AUTH"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#PARAM_AUTH">PARAM_AUTH</A></CODE></TD>
+<TD ALIGN="right"><CODE>"param"</CODE></TD>
+</TR>
+</FONT></TD>
+</TR>
+</TABLE>
+
+<P>
+
+<P>
+
+<TABLE BORDER="0" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#EEEEFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=3><B>at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A></B></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOABKZ"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABKZ">MOABKZ</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOABKZ"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOABPK"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABPK">MOABPK</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOABPK"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOADateOfBirth"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOADateOfBirth">MOADateOfBirth</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOADateOfBirth"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAFamilyName"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAFamilyName">MOAFamilyName</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOAFamilyName"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAGivenName"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAGivenName">MOAGivenName</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOAGivenName"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAIdentificationValueType"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIdentificationValueType">MOAIdentificationValueType</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOAIdentificationValueType"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAIPAddress"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIPAddress">MOAIPAddress</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOAIPAddress"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAPublicAuthority"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAPublicAuthority">MOAPublicAuthority</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOAPublicAuthority"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAQualifiedCertificate"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAQualifiedCertificate">MOAQualifiedCertificate</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOAQualifiedCertificate"</CODE></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolver.MOAStammzahl"><!-- --></A><TD ALIGN="right"><FONT SIZE="-1">
+<CODE>public&nbsp;static&nbsp;final&nbsp;<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/String.html" title="class or interface in java.lang">String</A></CODE></FONT></TD>
+<TD ALIGN="left"><CODE><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAStammzahl">MOAStammzahl</A></CODE></TD>
+<TD ALIGN="right"><CODE>"MOAStammzahl"</CODE></TD>
+</TR>
+</FONT></TD>
+</TR>
+</TABLE>
+
+<P>
+
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="constant-values.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/deprecated-list.html b/id/server/doc/moa_id/api-doc/deprecated-list.html
new file mode 100644
index 000000000..d760f28ee
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/deprecated-list.html
@@ -0,0 +1,134 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Deprecated List (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Deprecated List (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Deprecated</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="deprecated-list.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+<B>Deprecated API</B></H2>
+</CENTER>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Deprecated</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="deprecated-list.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/help-doc.html b/id/server/doc/moa_id/api-doc/help-doc.html
new file mode 100644
index 000000000..bbdccd6b5
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/help-doc.html
@@ -0,0 +1,193 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+API Help (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="API Help (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Help</B></FONT>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="help-doc.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H1>
+How This API Document Is Organized</H1>
+</CENTER>
+This API (Application Programming Interface) document has pages corresponding to the items in the navigation bar, described as follows.<H3>
+Overview</H3>
+<BLOCKQUOTE>
+
+<P>
+The <A HREF="overview-summary.html">Overview</A> page is the front page of this API document and provides a list of all packages with a summary for each. This page can also contain an overall description of the set of packages.</BLOCKQUOTE>
+<H3>
+Package</H3>
+<BLOCKQUOTE>
+
+<P>
+Each package has a page that contains a list of its classes and interfaces, with a summary for each. This page can contain four categories:<UL>
+<LI>Interfaces (italic)<LI>Classes<LI>Exceptions<LI>Errors</UL>
+</BLOCKQUOTE>
+<H3>
+Class/Interface</H3>
+<BLOCKQUOTE>
+
+<P>
+Each class, interface, nested class and nested interface has its own separate page. Each of these pages has three sections consisting of a class/interface description, summary tables, and detailed member descriptions:<UL>
+<LI>Class inheritance diagram<LI>Direct Subclasses<LI>All Known Subinterfaces<LI>All Known Implementing Classes<LI>Class/interface declaration<LI>Class/interface description
+<P>
+<LI>Nested Class Summary<LI>Field Summary<LI>Constructor Summary<LI>Method Summary
+<P>
+<LI>Field Detail<LI>Constructor Detail<LI>Method Detail</UL>
+Each summary entry contains the first sentence from the detailed description for that item. The summary entries are alphabetical, while the detailed descriptions are in the order they appear in the source code. This preserves the logical groupings established by the programmer.</BLOCKQUOTE>
+<H3>
+Use</H3>
+<BLOCKQUOTE>
+Each documented package, class and interface has its own Use page. This page describes what packages, classes, methods, constructors and fields use any part of the given class or package. Given a class or interface A, its Use page includes subclasses of A, fields declared as A, methods that return A, and methods and constructors with parameters of type A. You can access this page by first going to the package, class or interface, then clicking on the "Use" link in the navigation bar.</BLOCKQUOTE>
+<H3>
+Tree (Class Hierarchy)</H3>
+<BLOCKQUOTE>
+There is a <A HREF="overview-tree.html">Class Hierarchy</A> page for all packages, plus a hierarchy for each package. Each hierarchy page contains a list of classes and a list of interfaces. The classes are organized by inheritance structure starting with <code>java.lang.Object</code>. The interfaces do not inherit from <code>java.lang.Object</code>.<UL>
+<LI>When viewing the Overview page, clicking on "Tree" displays the hierarchy for all packages.<LI>When viewing a particular package, class or interface page, clicking "Tree" displays the hierarchy for only that package.</UL>
+</BLOCKQUOTE>
+<H3>
+Deprecated API</H3>
+<BLOCKQUOTE>
+The <A HREF="deprecated-list.html">Deprecated API</A> page lists all of the API that have been deprecated. A deprecated API is not recommended for use, generally due to improvements, and a replacement API is usually given. Deprecated APIs may be removed in future implementations.</BLOCKQUOTE>
+<H3>
+Index</H3>
+<BLOCKQUOTE>
+The <A HREF="index-all.html">Index</A> contains an alphabetic list of all classes, interfaces, constructors, methods, and fields.</BLOCKQUOTE>
+<H3>
+Prev/Next</H3>
+These links take you to the next or previous class, interface, package, or related page.<H3>
+Frames/No Frames</H3>
+These links show and hide the HTML frames. All pages are available with or without frames.
+<P>
+<H3>
+Serialized Form</H3>
+Each serializable or externalizable class has a description of its serialization fields and methods. This information is of interest to re-implementors, not to developers using the API. While there is no link in the navigation bar, you can get to this information by going to any serialized class and clicking "Serialized Form" in the "See also" section of the class description.
+<P>
+<FONT SIZE="-1">
+<EM>
+This help file applies to API documentation generated using the standard doclet.</EM>
+</FONT>
+<BR>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Help</B></FONT>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="help-doc.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/index-all.html b/id/server/doc/moa_id/api-doc/index-all.html
new file mode 100644
index 000000000..b6ccf5c68
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/index-all.html
@@ -0,0 +1,462 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Index (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Index (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Index</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="index-all.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<A HREF="#_A_">A</A> <A HREF="#_B_">B</A> <A HREF="#_C_">C</A> <A HREF="#_D_">D</A> <A HREF="#_G_">G</A> <A HREF="#_H_">H</A> <A HREF="#_I_">I</A> <A HREF="#_L_">L</A> <A HREF="#_M_">M</A> <A HREF="#_N_">N</A> <A HREF="#_O_">O</A> <A HREF="#_P_">P</A> <A HREF="#_S_">S</A> <A HREF="#_V_">V</A> <HR>
+<A NAME="_A_"><!-- --></A><H2>
+<B>A</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data"><B>AuthenticationData</B></A> - class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>.<DD>Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#AuthenticationData()"><B>AuthenticationData()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Constructor for AuthenticationData.
+<DT><A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id"><B>AuthenticationException</B></A> - class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>.<DD>Exception thrown during handling of AuthenticationSession<DT><A HREF="at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[])"><B>AuthenticationException(String, Object[])</B></A> -
+Constructor for class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>
+<DD>Constructor for AuthenticationException.
+<DT><A HREF="at/gv/egovernment/moa/id/AuthenticationException.html#AuthenticationException(java.lang.String, java.lang.Object[], java.lang.Throwable)"><B>AuthenticationException(String, Object[], Throwable)</B></A> -
+Constructor for class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">AuthenticationException</A>
+<DD>Constructor for AuthenticationException.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth"><B>AuthenticationServer</B></A> - class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>.<DD>API for MOA ID Authentication Service.<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#AuthenticationServer()"><B>AuthenticationServer()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Constructor for AuthenticationServer.
+<DT><A HREF="at/gv/egovernment/moa/id/package-summary.html"><B>at.gv.egovernment.moa.id</B></A> - package at.gv.egovernment.moa.id<DD>&nbsp;<DT><A HREF="at/gv/egovernment/moa/id/auth/package-summary.html"><B>at.gv.egovernment.moa.id.auth</B></A> - package at.gv.egovernment.moa.id.auth<DD>&nbsp;<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/package-summary.html"><B>at.gv.egovernment.moa.id.config.proxy</B></A> - package at.gv.egovernment.moa.id.config.proxy<DD>&nbsp;<DT><A HREF="at/gv/egovernment/moa/id/data/package-summary.html"><B>at.gv.egovernment.moa.id.data</B></A> - package at.gv.egovernment.moa.id.data<DD>&nbsp;<DT><A HREF="at/gv/egovernment/moa/id/proxy/package-summary.html"><B>at.gv.egovernment.moa.id.proxy</B></A> - package at.gv.egovernment.moa.id.proxy<DD>&nbsp;</DL>
+<HR>
+<A NAME="_B_"><!-- --></A><H2>
+<B>B</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#BASIC_AUTH"><B>BASIC_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Constant for an auth method
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html#buildConnection(javax.servlet.http.HttpServletRequest, java.lang.String, java.lang.String, javax.net.ssl.SSLSocketFactory, java.util.Map)"><B>buildConnection(HttpServletRequest, String, String, SSLSocketFactory, Map)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy">ConnectionBuilder</A>
+<DD>Builds an HttpURLConnection to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URL.html" title="class or interface in java.net"><CODE>URL</CODE></A> which is derived
+ from an <CODE>HttpServletRequest</CODE> URL, by substitution of a
+ public URL prefix for the real URL prefix.
+</DL>
+<HR>
+<A NAME="_C_"><!-- --></A><H2>
+<B>C</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>ConnectionBuilder</B></A> - interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy">ConnectionBuilder</A>.<DD>Builder for <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html" title="class or interface in java.net"><CODE>URLConnection</CODE></A> objects used to forward requests
+ to the remote online application.<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#cleanup()"><B>cleanup()</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Cleans up expired session and authentication data stores.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#configure(java.lang.String)"><B>configure(String)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_D_"><!-- --></A><H2>
+<B>D</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#debugOutputXMLFile(java.lang.String, org.w3c.dom.Element)"><B>debugOutputXMLFile(String, Element)</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Writes an XML structure to file for debugging purposes, encoding UTF-8.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#debugOutputXMLFile(java.lang.String, java.lang.String)"><B>debugOutputXMLFile(String, String)</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Writes an XML structure to file for debugging purposes, encoding UTF-8.
+</DL>
+<HR>
+<A NAME="_G_"><!-- --></A><H2>
+<B>G</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getAssertionID()"><B>getAssertionID()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the assertionID.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getAuthType()"><B>getAuthType()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Returns the authType.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getAuthenticationData(java.lang.String)"><B>getAuthenticationData(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationHeaders(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><B>getAuthenticationHeaders(OAConfiguration, AuthenticationData, String)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Returns authentication headers to be added to a URLConnection.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#getAuthenticationParameters(at.gv.egovernment.moa.id.config.proxy.OAConfiguration, at.gv.egovernment.moa.id.data.AuthenticationData, java.lang.String)"><B>getAuthenticationParameters(OAConfiguration, AuthenticationData, String)</B></A> -
+Method in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Returns request parameters to be added to a URLConnection.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthPasswordMapping()"><B>getBasicAuthPasswordMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Returns the basicAuthPasswordMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getBasicAuthUserIDMapping()"><B>getBasicAuthUserIDMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Returns the basicAuthUserIDMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getDateOfBirth()"><B>getDateOfBirth()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the dateOfBirth.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getFamilyName()"><B>getFamilyName()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the familyName.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getGivenName()"><B>getGivenName()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the givenName.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getHeaderAuthMapping()"><B>getHeaderAuthMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Returns the headerAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationType()"><B>getIdentificationType()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the identificationType
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIdentificationValue()"><B>getIdentificationValue()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the identificationValue.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getInstance()"><B>getInstance()</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Returns the single instance of <code>AuthenticationServer</code>.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssueInstant()"><B>getIssueInstant()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the issueInstant.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getIssuer()"><B>getIssuer()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the issuer.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getLoginType()"><B>getLoginType()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Returns the loginType.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getMajorVersion()"><B>getMajorVersion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the majorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getMinorVersion()"><B>getMinorVersion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the minorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getPBK()"><B>getPBK()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the bPK.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#getParamAuthMapping()"><B>getParamAuthMapping()</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Returns the paramAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getPublicAuthorityCode()"><B>getPublicAuthorityCode()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the publicAuthorityCode.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getSamlAssertion()"><B>getSamlAssertion()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the samlAssertion.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#getSession(java.lang.String)"><B>getSession(String)</B></A> -
+Static method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Retrieves a session from the session store.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#getTimestamp()"><B>getTimestamp()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the timestamp.
+</DL>
+<HR>
+<A NAME="_H_"><!-- --></A><H2>
+<B>H</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#HEADER_AUTH"><B>HEADER_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Constant for an auth method
+</DL>
+<HR>
+<A NAME="_I_"><!-- --></A><H2>
+<B>I</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#isPublicAuthority()"><B>isPublicAuthority()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the publicAuthority.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#isQualifiedCertificate()"><B>isQualifiedCertificate()</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Returns the qualifiedCertificate.
+</DL>
+<HR>
+<A NAME="_L_"><!-- --></A><H2>
+<B>L</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATEFUL"><B>LOGINTYPE_STATEFUL</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Constant for an login method
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#LOGINTYPE_STATELESS"><B>LOGINTYPE_STATELESS</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Constant for an login method
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>LoginParameterResolver</B></A> - interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>.<DD>Determines authentication parameters and headers to be added to a <A HREF="http://java.sun.com/j2se/1.3/docs/api/java/net/URLConnection.html" title="class or interface in java.net"><CODE>URLConnection</CODE></A>
+ to the remote online application.
+ <DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>LoginParameterResolverException</B></A> - class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A>.<DD>Exception thrown while proxying a request to the online application<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html#LoginParameterResolverException(java.lang.String, java.lang.Object[])"><B>LoginParameterResolverException(String, Object[])</B></A> -
+Constructor for class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A>
+<DD>Constructor for LoginParameterResolverException.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html#LoginParameterResolverException(java.lang.String, java.lang.Object[], java.lang.Throwable)"><B>LoginParameterResolverException(String, Object[], Throwable)</B></A> -
+Constructor for class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">LoginParameterResolverException</A>
+<DD>Constructor for LoginParameterResolverException.
+</DL>
+<HR>
+<A NAME="_M_"><!-- --></A><H2>
+<B>M</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABKZ"><B>MOABKZ</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOABPK"><B>MOABPK</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOADateOfBirth"><B>MOADateOfBirth</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAFamilyName"><B>MOAFamilyName</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAGivenName"><B>MOAGivenName</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
+ naming predicates used by the <code>LoginParameterResolver</code>.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIPAddress"><B>MOAIPAddress</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAIdentificationValueType"><B>MOAIdentificationValueType</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAPublicAuthority"><B>MOAPublicAuthority</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAQualifiedCertificate"><B>MOAQualifiedCertificate</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html#MOAStammzahl"><B>MOAStammzahl</B></A> -
+Static variable in interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy">LoginParameterResolver</A>
+<DD>Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>
+</DL>
+<HR>
+<A NAME="_N_"><!-- --></A><H2>
+<B>N</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>NotAllowedException</B></A> - class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A>.<DD>Exception thrown while proxying a request to the online application
+ Reason for this exception: the dedicated LoginParameterResolver does
+ not allow access to the desired ressource.<DT><A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html#NotAllowedException(java.lang.String, java.lang.Object[])"><B>NotAllowedException(String, Object[])</B></A> -
+Constructor for class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A>
+<DD>Constructor for NotAllowedException.
+<DT><A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html#NotAllowedException(java.lang.String, java.lang.Object[], java.lang.Throwable)"><B>NotAllowedException(String, Object[], Throwable)</B></A> -
+Constructor for class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">NotAllowedException</A>
+<DD>Constructor for NotAllowedException.
+</DL>
+<HR>
+<A NAME="_O_"><!-- --></A><H2>
+<B>O</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy"><B>OAConfiguration</B></A> - class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>.<DD>Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ <DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#OAConfiguration()"><B>OAConfiguration()</B></A> -
+Constructor for class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>&nbsp;
+</DL>
+<HR>
+<A NAME="_P_"><!-- --></A><H2>
+<B>P</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#PARAM_AUTH"><B>PARAM_AUTH</B></A> -
+Static variable in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Constant for an auth method
+</DL>
+<HR>
+<A NAME="_S_"><!-- --></A><H2>
+<B>S</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#selectBKU(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><B>selectBKU(String, String, String, String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Processes request to select a BKU.
+
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setAssertionID(java.lang.String)"><B>setAssertionID(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the assertionID.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setAuthType(java.lang.String)"><B>setAuthType(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Sets the authType.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthPasswordMapping(java.lang.String)"><B>setBasicAuthPasswordMapping(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Sets the basicAuthPasswordMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setBasicAuthUserIDMapping(java.lang.String)"><B>setBasicAuthUserIDMapping(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Sets the basicAuthUserIDMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setDateOfBirth(java.lang.String)"><B>setDateOfBirth(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the dateOfBirth.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setFamilyName(java.lang.String)"><B>setFamilyName(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the familyName.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setGivenName(java.lang.String)"><B>setGivenName(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the givenName.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setHeaderAuthMapping(java.util.HashMap)"><B>setHeaderAuthMapping(HashMap)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Sets the headerAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationType(java.lang.String)"><B>setIdentificationType(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the identificationType.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIdentificationValue(java.lang.String)"><B>setIdentificationValue(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the identificationValue.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssueInstant(java.lang.String)"><B>setIssueInstant(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the issueInstant.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setIssuer(java.lang.String)"><B>setIssuer(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the issuer.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setLoginType(java.lang.String)"><B>setLoginType(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Sets the loginType.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setMajorVersion(int)"><B>setMajorVersion(int)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the majorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setMinorVersion(int)"><B>setMinorVersion(int)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the minorVersion.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setPBK(java.lang.String)"><B>setPBK(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the bPK.
+<DT><A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html#setParamAuthMapping(java.util.HashMap)"><B>setParamAuthMapping(HashMap)</B></A> -
+Method in class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy">OAConfiguration</A>
+<DD>Sets the paramAuthMapping.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthority(boolean)"><B>setPublicAuthority(boolean)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the publicAuthority.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setPublicAuthorityCode(java.lang.String)"><B>setPublicAuthorityCode(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the publicAuthorityCode.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setQualifiedCertificate(boolean)"><B>setQualifiedCertificate(boolean)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the qualifiedCertificate.
+<DT><A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html#setSamlAssertion(java.lang.String)"><B>setSamlAssertion(String)</B></A> -
+Method in class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data">AuthenticationData</A>
+<DD>Sets the samlAssertion.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsAuthDataTimeOut(long)"><B>setSecondsAuthDataTimeOut(long)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Sets the authDataTimeOut.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#setSecondsSessionTimeOut(long)"><B>setSecondsSessionTimeOut(long)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Sets the sessionTimeOut.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#startAuthentication(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)"><B>startAuthentication(String, String, String, String, String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Processes the beginning of an authentication session.
+
+</DL>
+<HR>
+<A NAME="_V_"><!-- --></A><H2>
+<B>V</B></H2>
+<DL>
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyAuthenticationBlock(java.lang.String, java.lang.String)"><B>verifyAuthenticationBlock(String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ security layer implementation.
+<DT><A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html#verifyIdentityLink(java.lang.String, java.lang.String)"><B>verifyIdentityLink(String, String)</B></A> -
+Method in class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth">AuthenticationServer</A>
+<DD>Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ security layer implementation.
+</DL>
+<HR>
+<A HREF="#_A_">A</A> <A HREF="#_B_">B</A> <A HREF="#_C_">C</A> <A HREF="#_D_">D</A> <A HREF="#_G_">G</A> <A HREF="#_H_">H</A> <A HREF="#_I_">I</A> <A HREF="#_L_">L</A> <A HREF="#_M_">M</A> <A HREF="#_N_">N</A> <A HREF="#_O_">O</A> <A HREF="#_P_">P</A> <A HREF="#_S_">S</A> <A HREF="#_V_">V</A>
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Index</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="index-all.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/index.html b/id/server/doc/moa_id/api-doc/index.html
new file mode 100644
index 000000000..61c644160
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/index.html
@@ -0,0 +1,26 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc on Mon Mar 15 15:50:53 CET 2004-->
+<TITLE>
+MOA ID API
+</TITLE>
+</HEAD>
+<FRAMESET cols="20%,80%">
+<FRAMESET rows="30%,70%">
+<FRAME src="overview-frame.html" name="packageListFrame" title="All Packages">
+<FRAME src="allclasses-frame.html" name="packageFrame" title="All classes and interfaces (except non-static nested types)">
+</FRAMESET>
+<FRAME src="overview-summary.html" name="classFrame" title="Package, class and interface descriptions">
+<NOFRAMES>
+<H2>
+Frame Alert</H2>
+
+<P>
+This document is designed to be viewed using the frames feature. If you see this message, you are using a non-frame-capable web client.
+<BR>
+Link to<A HREF="overview-summary.html">Non-frame version.</A>
+</NOFRAMES>
+</FRAMESET>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/overview-frame.html b/id/server/doc/moa_id/api-doc/overview-frame.html
new file mode 100644
index 000000000..58e79621c
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/overview-frame.html
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+Overview (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="Overview, <h1>MOA ID API</h1>">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+
+</HEAD>
+
+<BODY BGCOLOR="white">
+
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT size="+1" CLASS="FrameTitleFont">
+<B></B></FONT></TD>
+</TR>
+</TABLE>
+
+<TABLE BORDER="0" WIDTH="100%" SUMMARY="">
+<TR>
+<TD NOWRAP><FONT CLASS="FrameItemFont"><A HREF="allclasses-frame.html" target="packageFrame">All Classes</A></FONT>
+<P>
+<FONT size="+1" CLASS="FrameHeadingFont">
+Packages</FONT>
+<BR>
+<FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/package-frame.html" target="packageFrame">at.gv.egovernment.moa.id</A></FONT>
+<BR>
+<FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/auth/package-frame.html" target="packageFrame">at.gv.egovernment.moa.id.auth</A></FONT>
+<BR>
+<FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/config/proxy/package-frame.html" target="packageFrame">at.gv.egovernment.moa.id.config.proxy</A></FONT>
+<BR>
+<FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/data/package-frame.html" target="packageFrame">at.gv.egovernment.moa.id.data</A></FONT>
+<BR>
+<FONT CLASS="FrameItemFont"><A HREF="at/gv/egovernment/moa/id/proxy/package-frame.html" target="packageFrame">at.gv.egovernment.moa.id.proxy</A></FONT>
+<BR>
+</TD>
+</TR>
+</TABLE>
+
+<P>
+&nbsp;
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/overview-summary.html b/id/server/doc/moa_id/api-doc/overview-summary.html
new file mode 100644
index 000000000..0d16ca82c
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/overview-summary.html
@@ -0,0 +1,165 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+Overview (MOA ID API)
+</TITLE>
+
+<META NAME="keywords" CONTENT="Overview, <h1>MOA ID API</h1>">
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Overview (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Overview</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H1>
+<h1>MOA ID API</h1>
+</H1>
+</CENTER>
+
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Packages</B></FONT></TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="20%"><B><A HREF="at/gv/egovernment/moa/id/package-summary.html">at.gv.egovernment.moa.id</A></B></TD>
+<TD>&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="20%"><B><A HREF="at/gv/egovernment/moa/id/auth/package-summary.html">at.gv.egovernment.moa.id.auth</A></B></TD>
+<TD>&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="20%"><B><A HREF="at/gv/egovernment/moa/id/config/proxy/package-summary.html">at.gv.egovernment.moa.id.config.proxy</A></B></TD>
+<TD>&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="20%"><B><A HREF="at/gv/egovernment/moa/id/data/package-summary.html">at.gv.egovernment.moa.id.data</A></B></TD>
+<TD>&nbsp;</TD>
+</TR>
+<TR BGCOLOR="white" CLASS="TableRowColor">
+<TD WIDTH="20%"><B><A HREF="at/gv/egovernment/moa/id/proxy/package-summary.html">at.gv.egovernment.moa.id.proxy</A></B></TD>
+<TD>&nbsp;</TD>
+</TR>
+</TABLE>
+
+<P>
+&nbsp;<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Overview</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-summary.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/overview-tree.html b/id/server/doc/moa_id/api-doc/overview-tree.html
new file mode 100644
index 000000000..583aeddde
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/overview-tree.html
@@ -0,0 +1,155 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:52 CET 2004 -->
+<TITLE>
+Class Hierarchy (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Class Hierarchy (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H2>
+Hierarchy For All Packages</H2>
+</CENTER>
+<DL>
+<DT><B>Package Hierarchies:</B><DD><A HREF="at/gv/egovernment/moa/id/package-tree.html">at.gv.egovernment.moa.id</A>, <A HREF="at/gv/egovernment/moa/id/auth/package-tree.html">at.gv.egovernment.moa.id.auth</A>, <A HREF="at/gv/egovernment/moa/id/config/proxy/package-tree.html">at.gv.egovernment.moa.id.config.proxy</A>, <A HREF="at/gv/egovernment/moa/id/data/package-tree.html">at.gv.egovernment.moa.id.data</A>, <A HREF="at/gv/egovernment/moa/id/proxy/package-tree.html">at.gv.egovernment.moa.id.proxy</A></DL>
+<HR>
+<H2>
+Class Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">class java.lang.<A HREF="http://java.sun.com/j2se/1.3/docs/api/java/lang/Object.html" title="class or interface in java.lang"><B>Object</B></A><UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.data.<A HREF="at/gv/egovernment/moa/id/data/AuthenticationData.html" title="class in at.gv.egovernment.moa.id.data"><B>AuthenticationData</B></A><LI TYPE="circle">class at.gv.egovernment.moa.id.auth.<A HREF="at/gv/egovernment/moa/id/auth/AuthenticationServer.html" title="class in at.gv.egovernment.moa.id.auth"><B>AuthenticationServer</B></A><LI TYPE="circle">class MOAIDException<UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.<A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id"><B>AuthenticationException</B></A></UL>
+<LI TYPE="circle">class MOAIDException<UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>LoginParameterResolverException</B></A></UL>
+<LI TYPE="circle">class MOAIDException<UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy"><B>NotAllowedException</B></A></UL>
+<LI TYPE="circle">class at.gv.egovernment.moa.id.config.proxy.<A HREF="at/gv/egovernment/moa/id/config/proxy/OAConfiguration.html" title="class in at.gv.egovernment.moa.id.config.proxy"><B>OAConfiguration</B></A></UL>
+</UL>
+<H2>
+Interface Hierarchy
+</H2>
+<UL>
+<LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>ConnectionBuilder</B></A><LI TYPE="circle">interface at.gv.egovernment.moa.id.proxy.<A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html" title="interface in at.gv.egovernment.moa.id.proxy"><B>LoginParameterResolver</B></A></UL>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#FFFFFF" CLASS="NavBarCell1Rev"> &nbsp;<FONT CLASS="NavBarFont1Rev"><B>Tree</B></FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="overview-tree.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/package-list b/id/server/doc/moa_id/api-doc/package-list
new file mode 100644
index 000000000..4cafbedb3
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/package-list
@@ -0,0 +1,5 @@
+at.gv.egovernment.moa.id
+at.gv.egovernment.moa.id.auth
+at.gv.egovernment.moa.id.config.proxy
+at.gv.egovernment.moa.id.data
+at.gv.egovernment.moa.id.proxy
diff --git a/id/server/doc/moa_id/api-doc/packages.html b/id/server/doc/moa_id/api-doc/packages.html
new file mode 100644
index 000000000..dc4a5e004
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/packages.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+ (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title=" (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+<BR>
+
+<BR>
+
+<BR>
+<CENTER>
+The front page has been relocated.Please see:
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="index.html">Frame version</A>
+<BR>
+&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<A HREF="overview-summary.html">Non-frame version.</A></CENTER>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/resources/inherit.gif b/id/server/doc/moa_id/api-doc/resources/inherit.gif
new file mode 100644
index 000000000..c814867a1
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/resources/inherit.gif
Binary files differ
diff --git a/id/server/doc/moa_id/api-doc/serialized-form.html b/id/server/doc/moa_id/api-doc/serialized-form.html
new file mode 100644
index 000000000..feb57f861
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/serialized-form.html
@@ -0,0 +1,169 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<!--NewPage-->
+<HTML>
+<HEAD>
+<!-- Generated by javadoc (build 1.4.2_01) on Mon Mar 15 15:50:53 CET 2004 -->
+<TITLE>
+Serialized Form (MOA ID API)
+</TITLE>
+
+
+<LINK REL ="stylesheet" TYPE="text/css" HREF="stylesheet.css" TITLE="Style">
+
+<SCRIPT type="text/javascript">
+function windowTitle()
+{
+ parent.document.title="Serialized Form (MOA ID API)";
+}
+</SCRIPT>
+
+</HEAD>
+
+<BODY BGCOLOR="white" onload="windowTitle();">
+
+
+<!-- ========= START OF TOP NAVBAR ======= -->
+<A NAME="navbar_top"><!-- --></A>
+<A HREF="#skip-navbar_top" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_top_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="serialized-form.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_top"></A>
+<!-- ========= END OF TOP NAVBAR ========= -->
+
+<HR>
+<CENTER>
+<H1>
+Serialized Form</H1>
+</CENTER>
+<A NAME="at.gv.egovernment.moa.id.AuthenticationException"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class <A HREF="at/gv/egovernment/moa/id/AuthenticationException.html" title="class in at.gv.egovernment.moa.id">at.gv.egovernment.moa.id.AuthenticationException</A> extends MOAIDException implements Serializable</B></FONT></TD>
+</TR>
+</TABLE>
+
+<P>
+
+<P>
+<HR SIZE="4" NOSHADE>
+<A NAME="at.gv.egovernment.moa.id.proxy.LoginParameterResolverException"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class <A HREF="at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.html" title="class in at.gv.egovernment.moa.id.proxy">at.gv.egovernment.moa.id.proxy.LoginParameterResolverException</A> extends MOAIDException implements Serializable</B></FONT></TD>
+</TR>
+</TABLE>
+
+<P>
+
+<P>
+<HR SIZE="4" NOSHADE>
+<A NAME="at.gv.egovernment.moa.id.proxy.NotAllowedException"><!-- --></A>
+<TABLE BORDER="1" WIDTH="100%" CELLPADDING="3" CELLSPACING="0" SUMMARY="">
+<TR BGCOLOR="#CCCCFF" CLASS="TableSubHeadingColor">
+<TD COLSPAN=2><FONT SIZE="+2">
+<B>Class <A HREF="at/gv/egovernment/moa/id/proxy/NotAllowedException.html" title="class in at.gv.egovernment.moa.id.proxy">at.gv.egovernment.moa.id.proxy.NotAllowedException</A> extends MOAIDException implements Serializable</B></FONT></TD>
+</TR>
+</TABLE>
+
+<P>
+
+<P>
+<HR>
+
+
+<!-- ======= START OF BOTTOM NAVBAR ====== -->
+<A NAME="navbar_bottom"><!-- --></A>
+<A HREF="#skip-navbar_bottom" title="Skip navigation links"></A>
+<TABLE BORDER="0" WIDTH="100%" CELLPADDING="1" CELLSPACING="0" SUMMARY="">
+<TR>
+<TD COLSPAN=3 BGCOLOR="#EEEEFF" CLASS="NavBarCell1">
+<A NAME="navbar_bottom_firstrow"><!-- --></A>
+<TABLE BORDER="0" CELLPADDING="0" CELLSPACING="3" SUMMARY="">
+ <TR ALIGN="center" VALIGN="top">
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-summary.html"><FONT CLASS="NavBarFont1"><B>Overview</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Package</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Class</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <FONT CLASS="NavBarFont1">Use</FONT>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="overview-tree.html"><FONT CLASS="NavBarFont1"><B>Tree</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="deprecated-list.html"><FONT CLASS="NavBarFont1"><B>Deprecated</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="index-all.html"><FONT CLASS="NavBarFont1"><B>Index</B></FONT></A>&nbsp;</TD>
+ <TD BGCOLOR="#EEEEFF" CLASS="NavBarCell1"> <A HREF="help-doc.html"><FONT CLASS="NavBarFont1"><B>Help</B></FONT></A>&nbsp;</TD>
+ </TR>
+</TABLE>
+</TD>
+<TD ALIGN="right" VALIGN="top" ROWSPAN=3><EM>
+</EM>
+</TD>
+</TR>
+
+<TR>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+&nbsp;PREV&nbsp;
+&nbsp;NEXT</FONT></TD>
+<TD BGCOLOR="white" CLASS="NavBarCell2"><FONT SIZE="-2">
+ <A HREF="index.html" target="_top"><B>FRAMES</B></A> &nbsp;
+&nbsp;<A HREF="serialized-form.html" target="_top"><B>NO FRAMES</B></A> &nbsp;
+&nbsp;<SCRIPT type="text/javascript">
+ <!--
+ if(window==top) {
+ document.writeln('<A HREF="allclasses-noframe.html"><B>All Classes</B></A>');
+ }
+ //-->
+</SCRIPT>
+<NOSCRIPT>
+ <A HREF="allclasses-noframe.html"><B>All Classes</B></A>
+</NOSCRIPT>
+
+</FONT></TD>
+</TR>
+</TABLE>
+<A NAME="skip-navbar_bottom"></A>
+<!-- ======== END OF BOTTOM NAVBAR ======= -->
+
+<HR>
+
+</BODY>
+</HTML>
diff --git a/id/server/doc/moa_id/api-doc/stylesheet.css b/id/server/doc/moa_id/api-doc/stylesheet.css
new file mode 100644
index 000000000..14c3737e8
--- /dev/null
+++ b/id/server/doc/moa_id/api-doc/stylesheet.css
@@ -0,0 +1,29 @@
+/* Javadoc style sheet */
+
+/* Define colors, fonts and other style attributes here to override the defaults */
+
+/* Page background color */
+body { background-color: #FFFFFF }
+
+/* Headings */
+h1 { font-size: 145% }
+
+/* Table colors */
+.TableHeadingColor { background: #CCCCFF } /* Dark mauve */
+.TableSubHeadingColor { background: #EEEEFF } /* Light mauve */
+.TableRowColor { background: #FFFFFF } /* White */
+
+/* Font used in left-hand frame lists */
+.FrameTitleFont { font-size: 100%; font-family: Helvetica, Arial, sans-serif }
+.FrameHeadingFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif }
+.FrameItemFont { font-size: 90%; font-family: Helvetica, Arial, sans-serif }
+
+/* Navigation bar fonts and colors */
+.NavBarCell1 { background-color:#EEEEFF;} /* Light mauve */
+.NavBarCell1Rev { background-color:#00008B;} /* Dark Blue */
+.NavBarFont1 { font-family: Arial, Helvetica, sans-serif; color:#000000;}
+.NavBarFont1Rev { font-family: Arial, Helvetica, sans-serif; color:#FFFFFF;}
+
+.NavBarCell2 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF;}
+.NavBarCell3 { font-family: Arial, Helvetica, sans-serif; background-color:#FFFFFF;}
+
diff --git a/id/server/doc/moa_id/examples/BKUSelectionTemplate.html b/id/server/doc/moa_id/examples/BKUSelectionTemplate.html
new file mode 100644
index 000000000..5536226a8
--- /dev/null
+++ b/id/server/doc/moa_id/examples/BKUSelectionTemplate.html
@@ -0,0 +1,52 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Auswahl der B&uuuml;rgerkartenumgebung</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
+</head>
+
+<body>
+<img src="/moaid-templates/SampleLogo.gif" alt='Organisation XY'>
+<h1 align="center">Auswahl der B&uuml;rgerkartenumgebung</h1>
+<p></p>
+<p>Sie haben sich f&uuml;r Anmeldung mit Ihrer B&uuml;rgerkarte entschieden. Da es verschiedene Formen der B&uuml;rgerkarte gibt, m&uuml;ssen Sie nun w&auml;hlen, welche Sie bei der Anmeldung verwenden wollen.</p>
+<h3>Auswahl der B&uuml;rgerkarte</h3>
+<form name="CustomizedForm" method="post" action="<StartAuth>">
+ <BKUSelect>
+ <input type="submit" value="Ausw&auml;hlen"/>
+</form>
+<br/>
+<p></p>
+
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+<h4>Hinweise: </h4>
+<ul>
+ <li>
+ <p>Wollen Sie eine A-Trust B&uuml;rgerkarte erwerben? Hier finden Sie Informationen
+ dazu: <a href="http://www.a-trust.at/info.asp?node=337" target="_blank">A-Trust
+ B&uuml;rgerkarte.</a> Bei der Anmeldung mit der A-Trust B&uuml;rgerkarte
+ ben&ouml;tigen Sie eine funktionsf&auml;hige B&uuml;rgerkartensoftware sowie
+ einen passenden Kartenleser.</p>
+ </li>
+ <li>
+ <p>Wollen Sie ein A1-Signatur erwerben? Wenden Sie sich an 0800-664 680 um
+ Informationen zur A1-Signatur zu erhalten.
+ Hier finden Sie ebenfalls Informationen dazu: <a href="http://www.a1.net/signatur" target="_blank">A1-Signatur</a>.
+ Bei der Anmeldung mit der A1-Signatur wird keine B&uuml;rgerkartensoftware und
+ kein Kartenleser ben&ouml;tigt.</p>
+ </li>
+</ul>
+<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleBKUSElectionTemplate.html"><img border="0"
+ src="/moaid-templates/valid-html401.gif"
+ alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
+<p align="right">&nbsp; </p>
+
+
+</body>
+</html>
diff --git a/id/server/doc/moa_id/examples/ChainingModes.txt b/id/server/doc/moa_id/examples/ChainingModes.txt
new file mode 100644
index 000000000..820b60d06
--- /dev/null
+++ b/id/server/doc/moa_id/examples/ChainingModes.txt
@@ -0,0 +1,6 @@
+ <ChainingModes systemDefaultMode="pkix">
+ <TrustAnchor mode="chaining">
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </TrustAnchor>
+ </ChainingModes>
diff --git a/id/server/doc/moa_id/examples/IdentityLinkSigners.txt b/id/server/doc/moa_id/examples/IdentityLinkSigners.txt
new file mode 100644
index 000000000..15269ad79
--- /dev/null
+++ b/id/server/doc/moa_id/examples/IdentityLinkSigners.txt
@@ -0,0 +1,9 @@
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+ </IdentityLinkSigners> \ No newline at end of file
diff --git a/id/server/doc/moa_id/examples/LoginServletExample.txt b/id/server/doc/moa_id/examples/LoginServletExample.txt
new file mode 100644
index 000000000..587ef5e97
--- /dev/null
+++ b/id/server/doc/moa_id/examples/LoginServletExample.txt
@@ -0,0 +1,171 @@
+import java.io.IOException;
+import java.util.Vector;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import javax.xml.namespace.QName;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.apache.xml.serialize.LineSeparator;
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.jaxen.JaxenException;
+import org.jaxen.SimpleNamespaceContext;
+import org.jaxen.dom.DOMXPath;
+import org.w3c.dom.Attr;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Beispiel für ein Login-Servlet, das von MOA-ID-AUTH über einen Redirect aufgerufen wird.
+ * Es werden demonstriert:
+ * - Parameterübergabe von MOA-ID-AUTH
+ * - Aufruf des MOA-ID-AUTH Web Service zum Abholen der Anmeldedaten über das Apache Axis Framework
+ * - Parsen der Anmeldedaten mittels der XPath Engine "Jaxen"
+ * - Speichern der Anmeldedaten in der HTTPSession
+ * - Redirect auf die eigentliche Startseite der OA
+ *
+ * @author Paul Ivancsics
+ */
+public class LoginServletExample extends HttpServlet {
+
+ // Web Service QName und Endpoint
+ private static final QName SERVICE_QNAME = new QName("GetAuthenticationData");
+ private static final String ENDPOINT =
+ "http://localhost:8080/moa-id-auth/services/GetAuthenticationData";
+ // NamespaceContext für Jaxen
+ private static SimpleNamespaceContext NS_CONTEXT;
+ static {
+ NS_CONTEXT = new SimpleNamespaceContext();
+ NS_CONTEXT.addNamespace("saml", "urn:oasis:names:tc:SAML:1.0:assertion");
+ NS_CONTEXT.addNamespace("samlp", "urn:oasis:names:tc:SAML:1.0:protocol");
+ NS_CONTEXT.addNamespace("pr", "http://reference.e-government.gv.at/namespace/persondata/20020228#");
+ }
+
+ /**
+ * Servlet wird von MOA-ID-AUTH nach erfolgter Authentisierung über ein Redirect aufgerufen.
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ // Parameter "Target" und "SAMLArtifact" aus dem Redirect von MOA-ID-AUTH lesen
+ String target = req.getParameter("Target");
+ String samlArtifact = req.getParameter("SAMLArtifact");
+
+ try {
+ // DOMBuilder instanzieren
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+
+ // <samlp:Request> zusammenstellen und in einen DOM-Baum umwandeln
+ String samlRequest =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?><samlp:Request IssueInstant=\"2003-01-01T00:00:00+02:00\" MajorVersion=\"1\" MinorVersion=\"0\" RequestID=\"12345678901234567890\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\"><samlp:AssertionArtifact>"
+ + samlArtifact
+ + "</samlp:AssertionArtifact></samlp:Request>";
+ Document root_request = builder.parse(new ByteArrayInputStream(samlRequest.getBytes()));
+
+ // Neues SOAPBodyElement anlegen und mit dem DOM-Baum füllen
+ SOAPBodyElement body = new SOAPBodyElement(root_request.getDocumentElement());
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+
+ // AXIS-Service für Aufruf von MOA-ID-AUTH instanzieren
+ Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME);
+
+ // Axis-Call erzeugen und mit Endpoint verknüpfen
+ Call call = service.createCall();
+ call.setTargetEndpointAddress(ENDPOINT);
+
+ // Call aufrufen und die Antwort speichern
+ System.out.println("Calling MOA-ID-AUTH ...");
+ Vector responses = (Vector) call.invoke(params);
+
+ // erstes BodyElement auslesen
+ SOAPBodyElement response = (SOAPBodyElement) responses.get(0);
+
+ // <samlp:Response> als DOM-Baum holen
+ Document responseDocument = response.getAsDocument();
+ Element samlResponse = responseDocument.getDocumentElement();
+
+ // <samlp:Response> auf System.out ausgeben
+ System.out.println("Response received:");
+ OutputFormat format = new OutputFormat((Document) responseDocument);
+ format.setLineSeparator(LineSeparator.Windows);
+ format.setIndenting(true);
+ format.setLineWidth(0);
+ XMLSerializer serializer = new XMLSerializer(System.out, format);
+ serializer.asDOMSerializer();
+ serializer.serialize(responseDocument);
+
+ // <samlp:StatusCode> auslesen
+ Attr statusCodeAttr = (Attr)getNode(samlResponse, "/samlp:Response/samlp:Status/samlp:StatusCode/@Value");
+ String samlStatusCode = statusCodeAttr.getValue();
+ System.out.println("StatusCode: " + samlStatusCode);
+
+ // <saml:Assertion> auslesen
+ if ("samlp:Success".equals(samlStatusCode)) {
+ Element samlAssertion = (Element)getNode(samlResponse, "/samlp:Response/saml:Assertion");
+
+ // FamilyName aus der <saml:Assertion> parsen
+ Node familyNameNode = getNode(samlAssertion, "//saml:AttributeStatement/saml:Attribute[@AttributeName=\"PersonData\"]/saml:AttributeValue/pr:Person/pr:Name/pr:FamilyName");
+ String familyName = getText(familyNameNode);
+ System.out.println("Family name: " + familyName);
+
+ // weitere Anmeldedaten aus der <saml:Assertion> parsen
+ // ...
+
+ // Anmeldedaten und Target in der HTTPSession speichern
+ HttpSession session = req.getSession();
+ session.setAttribute("UserFamilyName", familyName);
+ session.setAttribute("Geschaeftsbereich", target);
+
+ // weitere Anmeldedaten in der HTTPSession speichern
+ // ...
+
+ // Redirect auf die eigentliche Startseite
+ resp.sendRedirect("/index.jsp");
+ }
+ }
+ catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ /** Returns the first node matching an XPath expression. */
+ private static Node getNode(Node contextNode, String xpathExpression) throws JaxenException {
+ DOMXPath xpath = new DOMXPath(xpathExpression);
+ xpath.setNamespaceContext(NS_CONTEXT);
+ return (Node) xpath.selectSingleNode(contextNode);
+ }
+ /** Returns the text that a node contains. */
+ public static String getText(Node node) {
+ if (!node.hasChildNodes()) {
+ return "";
+ }
+
+ StringBuffer result = new StringBuffer();
+ NodeList list = node.getChildNodes();
+ for (int i = 0; i < list.getLength(); i++) {
+ Node subnode = list.item(i);
+ if (subnode.getNodeType() == Node.TEXT_NODE) {
+ result.append(subnode.getNodeValue());
+ } else if (subnode.getNodeType() == Node.CDATA_SECTION_NODE) {
+ result.append(subnode.getNodeValue());
+ } else if (subnode.getNodeType() == Node.ENTITY_REFERENCE_NODE) {
+ // Recurse into the subtree for text
+ // (and ignore comments)
+ result.append(getText(subnode));
+ }
+ }
+ return result.toString();
+ }
+}
diff --git a/id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml b/id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml
new file mode 100644
index 000000000..09e60c6f1
--- /dev/null
+++ b/id/server/doc/moa_id/examples/SampleMOAIDVerifyInfoboxesConfiguration.xml
@@ -0,0 +1,148 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-->Globale Templates zum Anpassen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; und
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot;<-->
+ <!--Templates>
+ <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/>
+ <Template URL="sampleTemplates/SampleTemplate.html"/>
+ </Templates-->
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ <!--TransformsInfo filename="transforms/TransformsInfoAuthBlockTextAmir.xml"/-->
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ -->
+ <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<-->
+ <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID-->
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+ </IdentityLinkSigners>
+ <VerifyInfoboxes>
+ <DefaultTrustProfile>
+ <TrustProfileID>GlobalVIDefaultTrust</TrustProfileID>
+ </DefaultTrustProfile>
+ <Infobox Identifier="InfoboxA" />
+ <Infobox Identifier="InfoboxB" required="true" provideStammzahl="true" provideIdentityLink="false">
+ <FriendlyName>Beispiel Infobox B</FriendlyName>
+ <TrustProfileID>GlobalInfoboxBTrust</TrustProfileID>
+ <SchemaLocations>
+ <Schema namespace="http://ns1.ns1" schemaLocation="schemas/ns1.xsd"/>
+ <Schema namespace="http://ns2.ns2" schemaLocation="schemas/ns2.xsd"/>
+ </SchemaLocations>
+ <ApplicationSpecificParameters>
+ <Parameter1>content1</Parameter1>
+ <Parameter2>content2</Parameter2>
+ <Parameter3>
+ <Parameter3a>content3a</Parameter3a>
+ <Parameter3b>content3b</Parameter3b>
+ </Parameter3>
+ </ApplicationSpecificParameters>
+ </Infobox>
+ </VerifyInfoboxes>
+ </AuthComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden -->
+ <!-- erste Online-Applikation -->
+ <OnlineApplication publicURLPrefix="https://OA1/">
+ <!-- fuer MOA-ID-AUTH -->
+ <AuthComponent slVersion="1.2">
+ <VerifyInfoboxes>
+ <DefaultTrustProfile>
+ <TrustProfileID>LocalOA1DefaultTrust</TrustProfileID>
+ </DefaultTrustProfile>
+ <!-- InfoboxB -->
+ <Infobox Identifier="InfoboxB" required="true">
+ <FriendlyName>Demo Infobox B</FriendlyName>
+ <ValidatorClass>oa1.validate.InfoboxBValidator</ValidatorClass>
+ <SchemaLocations>
+ <Schema namespace="http://ns1.ns1" schemaLocation="schemas/local/ns1oa1.xsd"/>
+ <Schema namespace="http://ns2.ns2" schemaLocation="schemas/local/ns2oa1.xsd"/>
+ </SchemaLocations>
+ </Infobox>
+ <!-- InfoboxC -->
+ <Infobox Identifier="InfoboxC">
+ <FriendlyName>Demo Infobox C</FriendlyName>
+ <TrustProfileID>LocalInfoboxOA1CTrust</TrustProfileID>
+ </Infobox>
+ <!-- InfoboxD -->
+ <Infobox Identifier="InfoboxD" />
+ </VerifyInfoboxes>
+ </AuthComponent>
+ </OnlineApplication>
+ <!-- zweite Online-Applikation -->
+ <OnlineApplication publicURLPrefix="https://OA2/">
+ <!-- fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <VerifyInfoboxes>
+ <!-- InfoboxA -->
+ <Infobox Identifier="InfoboxA">
+ <TrustProfileID>LocalInfoboxOA2ATrust</TrustProfileID>
+ </Infobox>
+ <!-- InfoboxB -->
+ <Infobox Identifier="InfoboxB" />
+ </VerifyInfoboxes>
+ </AuthComponent>
+ </OnlineApplication>
+ <!-- dritte Online-Applikation -->
+ <OnlineApplication publicURLPrefix="https://OA3/">
+ <AuthComponent provideStammzahl="true" />
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/doc/moa_id/examples/Template.html b/id/server/doc/moa_id/examples/Template.html
new file mode 100644
index 000000000..5074f5beb
--- /dev/null
+++ b/id/server/doc/moa_id/examples/Template.html
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
+</head>
+
+<body>
+<img src="/moaid-templates/SampleLogo.gif" alt='Organisation XY'>
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Wenn Sie in Folge die Schaltfl&auml;che "Anmeldung mit B&uuml;rgerkarte"
+aktivieren, so werden zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+
+<form name="CustomizedForm" action="<BKU>" method="post">
+<div align="center">
+<input type="hidden"
+name="XMLRequest"
+value="<XMLRequest>"/>
+<input type="hidden"
+name="DataURL"
+value="<DataURL>"/>
+<input type="hidden"
+name="PushInfobox"
+value="<PushInfobox>"/>
+
+<input type="submit" value="Anmeldung mit B&uuml;rgerkarte" name="submit"/>
+</div>
+</form>
+<form name="CustomizedInfoForm"
+action="<BKU>"
+method="post">
+<input type="hidden"
+name="XMLRequest"
+value="<CertInfoXMLRequest>"/>
+<input type="hidden"
+name="DataURL"
+value="<CertInfoDataURL>"/>
+
+
+<input type="hidden" value="Weitere Info"/>
+</form>
+
+</body>
+</html>
diff --git a/id/server/doc/moa_id/examples/TransformsInfoAuthBlock.txt b/id/server/doc/moa_id/examples/TransformsInfoAuthBlock.txt
new file mode 100644
index 000000000..edbde0073
--- /dev/null
+++ b/id/server/doc/moa_id/examples/TransformsInfoAuthBlock.txt
@@ -0,0 +1,35 @@
+<sl10:TransformsInfo>
+ <dsig:Transforms>
+ <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">
+ <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
+ <html>
+ <head>
+ <title>Signatur der Anmeldedaten</title>
+ </head>
+ <body>
+<h1>Signatur der Anmeldedaten</h1>
+<p></p>
+<h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>,
+geboren am
+<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,3,2)"/>, den Zugang zur gesicherten Anwendung.</h4>
+<p></p>
+<h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/></h4>
+<xsl:if test="//saml:Attribute[@AttributeName='wbPK']">
+ <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4>
+ <p></p>
+ <hr></hr>
+ <font size="2">(*) wbPK: Das <i>Wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Buergers und des Wirtschaftsunternehmens berechnet und ermoeglicht eine eindeutige Zuordnung des Buergers zum Wirtschaftsunternehmen.</font>
+</xsl:if>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms>
+ <sl10:FinalDataMetaInfo>
+ <sl10:MimeType>text/html</sl10:MimeType>
+ </sl10:FinalDataMetaInfo>
+</sl10:TransformsInfo>
diff --git a/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml b/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
new file mode 100644
index 000000000..db43b0c1d
--- /dev/null
+++ b/id/server/doc/moa_id/examples/conf/MOA-ID-Configuration.xml
@@ -0,0 +1,103 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur
+ Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt -->
+<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
+ <!-- Konfiguration fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service -->
+ <BKUSelection BKUSelectionAlternative="HTMLSelect">
+ <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ </ConnectionParameter>
+ </BKUSelection>
+ <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer -->
+ <SecurityLayer>
+ <!-- TransformInfo in Textform -->
+ <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/>
+ </SecurityLayer>
+ <MOA-SP>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird.
+ Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert -->
+ <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> -->
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ <!-- </ConnectionParameter> -->
+
+ <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyIdentityLink>
+ <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID>
+ </VerifyIdentityLink>
+ <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) -->
+ <VerifyAuthBlock>
+ <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID>
+ <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) -->
+ <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID>
+ </VerifyAuthBlock>
+ </MOA-SP>
+
+ <!-- Gueltige Signatoren des IdentityLink, der von der Buergerkarte gelesen wird -->
+ <IdentityLinkSigners>
+ <!-- Personenbindung alt (Ausgabe vor 05.2004) -->
+ <X509SubjectName>CN=zmr,OU=BMI-IV-2,O=BMI,C=AT</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) mit Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission</X509SubjectName>
+ <!-- Personenbindung neu (ab 05.2004, mit Stammzahl) jedoch ohne Typo -->
+ <X509SubjectName>T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission</X509SubjectName>
+ </IdentityLinkSigners>
+ </AuthComponent>
+
+ <!-- Konfiguration fuer MOA-ID-PROXY -->
+ <ProxyComponent>
+ <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
+ <AuthComponent>
+ <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </AuthComponent>
+ </ProxyComponent>
+
+ <!-- Eintragung fuer jede Online-Applikation -->
+ <!-- Demo Online-Applikation: Zugriff auf www.cio.gv.at ueber MOA-ID-PROXY -->
+ <OnlineApplication publicURLPrefix="https://localhost:8443/">
+ <!-- fuer MOA-ID-AUTH -->
+ <AuthComponent>
+ <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens bei type = "businessService" -->
+ <!-- <IdentificationNumber> -->
+ <!-- Beispiel Firmenbuchnummer -->
+ <!-- <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> -->
+ <!-- </IdentificationNumber> -->
+ </AuthComponent>
+ <!-- fuer MOA-ID-PROXY -->
+ <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600">
+ <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> -->
+ <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
+ <ConnectionParameter URL="http://www.cio.gv.at/">
+ <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> -->
+ <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
+ </ConnectionParameter>
+ </ProxyComponent>
+ </OnlineApplication>
+
+ <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate -->
+ <ChainingModes systemDefaultMode="pkix">
+ </ChainingModes>
+
+ <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
+ fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird
+ zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
+ <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
+
+ <!-- Cache-Verzeichnis fuer-Zertifikate -->
+ <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
+ <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/>
+ <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
+ <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
+ <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
+
+ <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
+ <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
+ <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
+ <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
+</MOA-IDConfiguration>
diff --git a/id/server/doc/moa_id/examples/conf/OAConfBasicAuth.xml b/id/server/doc/moa_id/examples/conf/OAConfBasicAuth.xml
new file mode 100644
index 000000000..fc99cea79
--- /dev/null
+++ b/id/server/doc/moa_id/examples/conf/OAConfBasicAuth.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <BasicAuth>
+ <UserID>MOAFamilyName</UserID>
+ <Password>MOAGivenName</Password>
+ </BasicAuth>
+</Configuration>
diff --git a/id/server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml b/id/server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml
new file mode 100644
index 000000000..4d34c3646
--- /dev/null
+++ b/id/server/doc/moa_id/examples/conf/OAConfHeaderAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <HeaderAuth>
+ <!-- zusaetzlicher Header GivenName -->
+ <Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header>
+ <Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header>
+ </HeaderAuth>
+</Configuration>
diff --git a/id/server/doc/moa_id/examples/conf/OAConfParamAuth.xml b/id/server/doc/moa_id/examples/conf/OAConfParamAuth.xml
new file mode 100644
index 000000000..979faca95
--- /dev/null
+++ b/id/server/doc/moa_id/examples/conf/OAConfParamAuth.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet -->
+<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <LoginType>stateless</LoginType>
+ <ParamAuth>
+ <!-- URL Parameter GivenName und FamilyName -->
+ <Parameter Name="GivenName" Value="MOAGivenName"></Parameter>
+ <Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter>
+ </ParamAuth>
+</Configuration>
diff --git a/id/server/doc/moa_id/examples/moa-id-env.sh.txt b/id/server/doc/moa_id/examples/moa-id-env.sh.txt
new file mode 100644
index 000000000..1ccca10c1
--- /dev/null
+++ b/id/server/doc/moa_id/examples/moa-id-env.sh.txt
@@ -0,0 +1,15 @@
+rem insert Tomcat 4.1.x home directory (no trailing path separator)
+set CATALINA_HOME=<Tomcat 4.1.x home directory>
+
+CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=$CATALINA_HOME/conf/moa-spss/SampleMOASPSSConfiguration.xml
+CONFIG_OPT_ID=-Dmoa.id.configuration=$CATALINA_HOME/conf/moa-id/SampleMOAIDConfiguration.xml
+
+
+LOGGING_OPT=-Dlog4j.configuration=file:$CATALINA_HOME/conf/moa-id/log4j.properties
+# TRUST_STORE_OPT=-Djavax.net.ssl.trustStore=truststore.jks
+# TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit
+# TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks
+
+export CATALINA_OPTS="$CONFIG_OPT_SPSS $CONFIG_OPT_ID $LOGGING_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT"
+echo CATALINA_OPTS=$CATALINA_OPTS
+
diff --git a/id/server/doc/moa_id/examples/startTomcat.bat.txt b/id/server/doc/moa_id/examples/startTomcat.bat.txt
new file mode 100644
index 000000000..29588120c
--- /dev/null
+++ b/id/server/doc/moa_id/examples/startTomcat.bat.txt
@@ -0,0 +1,26 @@
+rem ----------------------------------------------------------------------------------------------
+rem Modify these entries according to your needs
+
+rem JDK home directory (no trailing path separator)
+set JAVA_HOME=<jdk home directory>
+
+rem Tomcat 4.1.x home directory (no trailing path separator)
+set CATALINA_HOME=<Tomcat 4.1.x home directory>
+
+rem ----------------------------------------------------------------------------------------------
+
+set CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=%CATALINA_HOME%/conf/moa-spss/SampleMOASPSSConfiguration.xml
+set CONFIG_OPT_ID=-Dmoa.id.configuration=%CATALINA_HOME%/conf/moa-id/SampleMOAIDConfiguration.xml
+set LOGGING_OPT=-Dlog4j.configuration=file:%CATALINA_HOME%/conf/moa-id/log4j.properties
+
+set PARAMS_MOA=%CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT%
+
+rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
+rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
+rem set PARAM_TRUST_STORE_TYPE=-Djavax.net.ssl.trustStoreType=jks
+rem set PARAMS_SSL=%PARAM_TRUST_STORE% %PARAM_TRUST_STORE_PASS% %PARAM_TRUST_STORE_TYPE%
+
+set CATALINA_OPTS=%PARAMS_MOA% %PARAMS_SSL%
+
+cd %CATALINA_HOME%
+bin\catalina.bat start \ No newline at end of file
diff --git a/id/server/doc/moa_id/faqs.htm b/id/server/doc/moa_id/faqs.htm
new file mode 100644
index 000000000..effc21637
--- /dev/null
+++ b/id/server/doc/moa_id/faqs.htm
@@ -0,0 +1,217 @@
+<html>
+<head>
+ <title>FAQs - Häufig gestellte Fragen </title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#c0c0c0; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:6px }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+ <table width="650" border="0" cellpadding="10" cellspacing="0">
+ <tr>
+ <td width="170" valign="top">
+ <div style="font-weight:bold; margin-top:12px">FAQs</div>
+ <br />
+ <div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+ <br />
+ <!-- div id="slogan">
+MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Trust und dem Institut für angewandte Informations- und Kom-munikationstechnik (IAIK) der Universität Graz
+</div -->
+ </td>
+ <td valign="top">
+ <div id="titel">FAQs - Häufig gestellte Fragen </div>
+ <p id="block"><b><a href="#frage1">Frage</a><a href="#frage4">&nbsp;</a><a href="#frage1">1</a></b>
+ Mit dem Internet Explorer kommt es bei einer Anmeldung an der lokal
+ installierten Version von MOA-ID zu Fehlern beim Redirect. Warum?</p>
+ <p id="block"> <b><a href="#frage2">Frage</a><a href="#frage4">&nbsp;</a><a href="#frage2">2</a></b>
+ Wenn die Proxy-Komponente lokal l&auml;uft und per TLS/SSL aufgerufen
+ wird, kommt es zu einer Fehlermeldung. Wie kann dies verhindert werden?</p>
+ <p id="block"><b><a href="#frage3">Frage</a><a href="#frage4">&nbsp;</a><a href="#frage3">3</a></b>
+ Es soll serverseitig lediglich starke TLS/SSL Verschl&uuml;sselung (&gt;100
+ Bit) unterst&uuml;tzt werden. Wie kann dies erzwungen werden?</p>
+ <p id="block"><b><a href="#frage4">Frage&nbsp;4 </a></b>Beim Starten von
+ MOA ID bzw. MOA SPSS tritt folgende Exception auf: <tt>java.lang.ClassCastException:
+ iaik.asn1.structures.Name</tt>. Was kann der Fehler sein?<b><a href="#frage3"></a></b></p>
+ <p id="block"><b><a href="#frage5">Frage&nbsp;5</a></b> Ich m&ouml;chte
+ MOA in einer Umgebung betreiben, die einen Internet-Zugang nur &uuml;ber
+ einen Proxy erlaubt. Funktioniert das?</p>
+ <p id="block"><b><a href="#frage6">Frage&nbsp;6</a></b> Tomcat: W&auml;rend
+ des Betriebs kommt es zu org.apache.commons.logging.LogConfigurationException.
+ Wie kann dies verhindert werden?</p>
+ <hr>
+ <p id="subtitel"></p>
+ <p id="subtitel"><a name="frage1"></a>Frage 1</p>
+ <p id="block"><b>Q: </b>Mit dem Internet Explorer kommt es bei einer Anmeldung
+ an der lokal installierten Version von MOA-ID zu Fehlern beim Redirect.
+ Warum?</p>
+ <p id="block"><b>A:</b> Aufgrund eines Fehlers in Microsofts Internet
+ Explorer schl&auml;gt der (lokale) Redirect auf dem lokal installierten
+ Tomcat fehl.</p>
+ <p id="block"> Als Workaround empfiehlt es sich, zum lokalen Testen einen
+ alternativen Browser wie <a href="http://www.opera.com/">Opera</a>,
+ <a href="http://www.mozilla.org/">Mozilla</a> oder <a href="http://www.netscape.org/">Netscape</a>
+ zu verwenden, da diese Probleme dort nicht auftreten. Von einem anderen
+ Rechner aus kann jedoch die Anmeldung an MOA-ID auch mit dem Internet
+ Explorer erfolgen. </p>
+ <hr />
+ <p id="subtitel"><a name="frage2"></a>Frage 2</p>
+ <p id="block"> <b>Q: </b>Wenn die Proxy-Komponente lokal l&auml;uft und
+ per TLS/SSL aufgerufen wird, kommt es zu einer Fehlermeldung. Wie kann
+ dies verhindert werden?</p>
+ <p id="block"> <b>A:</b> Wenn in der Konfiguration statt 'localhost' der
+ eigene Rechnername verwendet wird, funktioniert die Proxy-Komponente
+ wie gewohnt.<br>
+ <br />
+ Zum Herausfinden des Rechnernamens wechselt man unter Windows auf die
+ Kommandozeile und kann mittels 'ipconfig /all' den Rechnernamen herausfinden.
+ Unix/Linux-Anwender sehen bspw. mittels 'cat' in der Datei /etc/hosts
+ nach, der Texteintrag hinter der eigenen IP-Adresse spezifiziert den
+ Rechnernamen. </p>
+ <hr />
+ <p id="subtitel"><a name="frage3"></a>Frage 3</p>
+ <p id="block"> <b>Q: </b>Es soll serverseitig lediglich starke TLS/SSL
+ Verschl&uuml;sselung (&gt;100 Bit) unterst&uuml;tzt werden. Wie kann
+ dies erzwungen werden?</p>
+ <p id="block"> <b>A: </b>Tomcat bietet (bis dato) keine einfache M&ouml;glichkeit
+ die serverseitig verwendeten TLS/SSL Verschl&uuml;sselungsalgorithmen
+ zu konfigurieren. Daher empfiehlt es sich in diesem Fall, einen Web-Server
+ wie Apache oder den Microsoft Internet-Information-Server f&uuml;r das
+ SSL-Handling vorzuschalten und dort in der jeweiligen Konfiguration
+ starke Verschl&uuml;sselung zu erzwingen.<b> </b></p>
+ <hr />
+ <b>
+ <p id="subtitel"><a name="frage4"></a>Frage 4</p>
+ Q: </b>Beim Starten von MOA SPSS tritt folgende Exception auf: <tt>java.lang.ClassCastException:
+ iaik.asn1.structures.Name</tt>. Was kann der Fehler sein?
+ <p id="block"> <b>A:</b> Auf Grund einer mangelhaften Implementierung
+ in einigen Versionen des JDK 1.3.1 kann es beim Betrieb von MOA zu folgendem
+ Problem kommen: Sun macht in der Implementierung von PKCS7.getCertificate()
+ einen Downcast vom Interface java.security.Principal auf die eigene
+ Implementierung, was zu einer ClassCastException führt, wenn der JCE-Provider
+ von Sun nicht an erster Stelle in der List der Security-Provider installiert
+ ist. MOA geht nun aber so vor, dass der JCE-Provider des IAIK an die
+ erste Stelle installiert wird, wenn er zum Zeitpunkt der Konfiguration
+ noch nicht installiert war. Wird dann von irgendeinem ClassLoader der
+ jar-Verifier ben&uuml;tzt, wird PKCS7.getCertificate() verwendet, und
+ es kommt zu einer ClassCastException. </p>
+ <p id="block"> Wird MOA über die API-Schnittstelle verwendet, ist ein
+ Workaround die manuelle Installation des IAIK-JCE-Providers nach dem
+ Sun JCE-Provider (etwa an die letzte Stelle), bevor die MOA-Konfiguration
+ aufgerufen wird. Bei Verwendung der Webservices ist die Möglichkeit
+ der statischen Konfiguration der JCE-Provider mittels Angabe in der
+ Datei $JAVA_HOME/jre/lib/security/java.security der einzige bekannte
+ Workaround. Hierzu müssen die Einträge
+ <pre>
+ security.provider.1=sun.security.provider.Sun
+ security.provider.2=com.sun.rsajca.Provider
+</pre>
+ durch folgenden Eintrag ergänzt werden:
+ <pre>
+ security.provider.3=iaik.security.provider.IAIK
+</pre>
+ <p></p>
+
+ <hr />
+ <p id="subtitel"><a name="frage5"></a>Frage 5</p>
+ <div id="block">
+ <p id="block"><b>Q: </b>Ich m&ouml;chte MOA in einer Umgebung betreiben,
+ die einen Internet-Zugang nur &uuml;ber einen Proxy erlaubt. Funktioniert
+ das?</p>
+ <p id="block"> <b>A:</b> Ja, zumindest f&uuml;r Zugriffe &uuml;ber HTTP.
+ Sie m&uuml;ssen dazu die nachfolgenden JAVA System-Properties setzen:</p>
+ <blockquote>
+ <p><tt>http.proxyHost=&lt;proxyhost&gt;<br>
+ http.proxyPort=&lt;proxyport&gt;<br>
+ http.nonProxyHosts=&quot;&lt;exceptionhosts&gt;&quot;</tt></p>
+ </blockquote>
+ <p><tt>&lt;proxyhost&gt;</tt> gibt den Namen oder die IP-Adresse des
+ Proxies an.</p>
+ <p><tt>&lt;proxyport&gt;</tt> gibt den Port des Proxies an.</p>
+ <p><tt>&lt;exceptionhosts&gt;</tt> enth&auml;lt eine Liste von Rechnernamen,
+ die nicht &uuml;ber den Proxy laufen sollen. Jedenfalls m&uuml;ssen
+ sie hier <tt>localhost</tt> angeben. Einzelne Namen sind durch eine
+ Pipe (<tt>|</tt>) zu trennen. Bitte beachten Sie, dass IP-Addressen
+ nicht angegeben werden d&uuml;rfen, sowie die verpflichtend zu verwendenen
+ Anf&uuml;hrungszeichen.</p>
+ </div>
+ <hr />
+ <p id="subtitel"><a name="frage6">Frage 6</a></p>
+ <p><b>Q:</b> Tomcat: W&auml;rend des Betriebs kommt es zu org.apache.commons.logging.LogConfigurationException.
+ Wie kann dies verhindert werden?</p>
+ <p>org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException:
+ org.apache.commons.logging.LogConfigurationException<br>
+ : Class org.apache.commons.logging.impl.Jdk14Logger does not implement
+ Log</p>
+ <p><b>A:</b> Dies ist ein Fehler in tomcat in der Version 4.1.27. $CATALINA_HOME\server\lib\tomcat-util.jar muss gegen eine
+ gepatchte Version ausgetauscht werden, da ein BUG in der Originalversion
+ von tomcat 4.1.27. Diese gepatchte Version ist in der MOA-ID Distribution
+ im Verzeichnis $MOA_ID_INST_AUTH\tomcat\tomcat-util-4.1.27-patched\
+ zu finden.</p>
+ <p>&nbsp; </p>
+ </td>
+ </tr>
+ <tr>
+ <td width="170" valign="top">&nbsp;</td>
+ <td valign="top">&nbsp;</td>
+ </tr>
+ </table>
+
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+ <td width="150" valign="top"><br />
+ </td>
+ <td valign="top" width="460">
+ <hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm
new file mode 100644
index 000000000..19fa3562c
--- /dev/null
+++ b/id/server/doc/moa_id/id-admin.htm
@@ -0,0 +1,317 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></div>
+<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></a></div>
+<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></a></div>
+<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+<br />
+</td>
+
+<td valign="top">
+<div id="titel">MOA ID-Administration v.1.4</div>
+<p id="block">
+Die Komponenten des Moduls Identifikation (MOA-ID), MOA-ID-AUTH und MOA-ID-PROXY, sind als plattformunabh&auml;ngige Webapplikationen ausgelegt.
+MOA-ID-AUTH ist die Basiskomponente des Moduls, und MOA-ID-PROXY ist eine optionale Zusatzkomponente.
+F&uuml;r den Betrieb dieser Webapplikationen wird eine Java Virtual Machine und ein Java Servlet Container vorausgesetzt.
+<br /><br />
+Dieses Handbuch beschreibt die Installation und Konfiguration von MOA-ID-AUTH und von MOA-ID-PROXY, und die Einrichtung der Systemumgebungen.
+</p>
+</td></tr></table>
+<br />
+
+
+
+<div id="szenarien" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="titel">&#160;</p>
+</td>
+<td valign="top">
+<p id="titel">Übersicht </p>
+<div id="block">
+F&uuml;r den Betrieb von MOA-ID-AUTH sind unterschiedliche Szenarien m&ouml;glich, die unterschiedliche M&ouml;glichkeiten bieten und die Installation unterschiedlicher Software- und Hardware-Komponenten erfordern. Dieser Abschnitt gibt einen kurzen Überblick &uuml;ber die notwendige Basis-Installation und optionale weitere Konfigurationsm&ouml;glichkeiten.
+</div>
+</td></tr></table>
+<br />
+
+<div id="szenarien1" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<div id="subtitel">Basis-Installation von MOA-ID-AUTH</div>
+<p id="block">
+Die Basis-Installation stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA-ID-AUTH dar, andererseits dient sie als Ausgangspunkt f&uuml;r weitere (optionale) Konfigurations-M&ouml;glichkeiten.
+<br /><br />
+Folgende Software ist Voraussetzung f&uuml;r die Basis-Installation:
+</div>
+<ul>
+<li>JDK 1.4.0, JDK 1.4.2 oder JDK 1.5.0</li>
+<li>Tomcat 4.1.31 oder Tomcat 5.0.28</li>
+<li>MOA-ID-AUTH 1.4 </li>
+<li>MOA SP/SS 1.4 oder neuer (entweder als WebService oder direkt als interne Bibliothek)</li>
+</ul>
+<div id="block">
+Um m&ouml;glichen Versionskonflikten aus dem Weg zu gehen sollten stets die neuesten Versionen von MOA-ID als auch von MOA-SP/SS verwendet werden. <br/>
+In diesem Betriebs-Szenario wird MOA-ID-AUTH in Tomcat deployt. Tomcat fungiert gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r MOA-ID-AUTH. Beide Protokolle werden direkt in Tomcat konfiguriert.
+<br/><br/>
+Die Webapplikation verwendet Log4j als Logging Toolkit.
+</div>
+</table>
+<br />
+
+<div id="szenarien2" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Basis-Installation von MOA-ID-PROXY (optional)</p>
+<div id="block">
+Einer Online-Applikation, f&uuml;r die MOA-ID-AUTH die Authentisierung &uuml;bernimmt, kann die Komponente MOA-ID-PROXY vorgeschaltet werden. Diese Komponente &uuml;bernimmt die Anmeldedaten von MOA-ID-AUTH, f&uuml;hrt die Anmeldung an der Online Applikation durch und schleust in der Folge Daten an die Online-Applikation und Daten an den Benutzer durch.
+
+Die Basis-Installation von MOA-ID-PROXY geschieht im Wesentlichen analog zur Basis-Installation von MOA-ID-AUTH.
+<br/><br/>
+MOA-ID-AUTH und MOA-ID-PROXY k&ouml;nnen in verschiedenen Konstellationen zum Einsatz gebracht werden:
+<ul>
+<li>auf verschiedenen Rechnern</li>
+<li>auf ein und demselben Rechner in verschiedenen Java Servlet Containern</li>
+<li>auf ein und demselben Rechner in ein und demselben Java Servlet Container</li>
+</ul>
+ <br />
+Ausgehend von der Basis-Installation k&ouml;nnen die optionalen Konfigurationen, die in den nachfolgenden Abschnitten beschrieben werden, unabh&auml;ngig und in beliebiger Kombination aufgesetzt werden.
+</div>
+</td></tr></table>
+<br />
+
+<div id="szenarien3" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration mit vorgeschaltetem Webserver (optional)</p>
+<div id="block">
+Den MOA ID Webapplikationen kann jeweils optional ein Webserver vorgeschaltet sein. Unter Microsoft Windows ist das im Regelfall der Microsoft Internet Information Server (MS IIS), auf Unix-Systemen kommt &uuml;blicherweise der Apache Webserver zum Einsatz.
+<br /><br />
+ Folgende Software ist unter Windows Voraussetzung:
+</div>
+<ul>
+<li>MS IIS 5.0 </li>
+<li>Jakarta mod_jk 1.2.2 </li>
+</ul>
+<div id="block">Folgende Software ist unter Unix/Linux Voraussetzung: <div id="block">
+<ul>
+<li>Apache Webserver 2.0.x mit mod_SSL </li>
+<li>Jakarta mod_jk 1.2.2 </li>
+</ul>
+<div id="block">In diesem Fall &uuml;bernimmt der vorgeschaltete Webserver die Funktion des HTTP- und HTTPS-Endpunktes. Beide Protokolle werden im Webserver konfiguriert.
+<br /><br />
+Mittels mod_jk werden die Webservice-Aufrufe, die im vorgeschalteten Webserver eintreffen, an Tomcat weiter geleitet, bzw. die Antwort von Tomcat wieder an den Webserver zur&uuml;ck &uuml;bermittelt.
+</div>
+</div></div></td></tr></table>
+<br />
+
+<div id="szenarien4" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration mit PostgreSQL (optional)</p>
+<div id="block">
+Das MOA ID Webservice kann eine PostgreSQL Datenbank nutzen, um:
+</div>
+<ul>
+<li>Log-Meldungen zu speichern </li>
+</ul>
+<div id="block">F&uuml;r den Zugriff auf PostgreSQL ist die Installation folgender Software Voraussetzung: </div>
+<ul>
+<li>PostgreSQL 7.3</li>
+</ul>
+</td></tr></table>
+<br />
+
+<div id="szenarien5" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Zusammenfassung</p>
+<div id="block">
+Notwendig f&uuml;r den Betrieb von MOA ID ist eine Basis-Installation. Weitere optionale Konfigurationen k&ouml;nnen unabh&auml;ngig und in beliebiger Kombination miteinander durchgef&uuml;hrt werden, um eine bessere Integration der MOA ID Webapplikationen in die vorhandene Betriebs-Infrastruktur zu erreichen.
+</div>
+</td></tr></table>
+<br /><br />
+
+
+
+<div id="referenzen" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="titel">Referenzierte Software</p>
+<div id="block">
+Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapplikationen entwickelt und getestet wurde. Geringf&uuml;gig andere Software-Versionen stellen &uuml;blicherweise kein Problem dar.
+</div>
+<br /><br />
+<div id="block">
+ <table border="1" width="100%" cellpadding="2" cellspacing="0">
+ <tr>
+ <th width="59%">Komponente</th>
+ <th width="41%">Getestete Version</th>
+ </tr>
+ <tr>
+ <td width="59%"><b>JDK (SDK)</b> </td>
+ <td width="41%">min. <a href="http://java.sun.com/j2se/1.4.0/download.html">1.4.0</a> bzw. <a href="http://java.sun.com/j2se/1.4.2/download.html"><br>
+ 1.4.2</a><br/>
+ <a href="http://java.sun.com/j2se/1.5.0/download.html">1.5.0</a>
+ </td>
+ </tr>
+ <tr>
+ <td width="59%" height="21"><b>Tomcat</b></td>
+ <td width="41%" height="21">
+ <p><a href="http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.31/bin/jakarta-tomcat-4.1.31.zip">4.1.31</a><br/>
+ <a href="http://gd.tuwien.ac.at/infosys/servers/http/apache/dist/tomcat/tomcat-5/v5.0.28/bin/jakarta-tomcat-5.0.28.zip">5.0.25</a></p>
+ </td>
+ </tr>
+ <tr>
+ <td width="59%"><b>MOA-ID-AUTH </b></td>
+ <td width="41%"><a href="http://www.cio.gv.at/onlineservices/basicmodules/moa/implementation/">1.4 (neueste Version) </a></td>
+ </tr>
+ <tr>
+ <td width="59%"><b>MOA-ID-PROXY </b></td>
+ <td width="41%"><a href="http://www.cio.gv.at/onlineservices/basicmodules/moa/implementation/">1.4 (neueste Version)</a></td>
+ </tr>
+ <tr>
+ <td width="59%"><b>MOA-SPSS </b></td>
+ <td width="41%"><a href="http://www.cio.gv.at/onlineservices/basicmodules/moa/implementation/">1.4 (neueste Version)</a>&#160;</td>
+ </tr>
+ <tr>
+ <td width="59%"><b>Apache Webserver </b></td>
+ <td width="41%"><a href="http://httpd.apache.org/">1.3.X</a>
+ bzw.<br>
+ <a href="http://httpd.apache.org/">2.0.X</a></td>
+ </tr>
+ <tr>
+ <td width="59%"><b>Microsoft Internet Information Server
+ </b></td>
+ <td width="41%"><a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp">5.0</a>&#160; <br/>
+ <a href="http://www.microsoft.com/WindowsServer2003/iis/default.mspx">6.0</a>&#160; </td>
+ </tr>
+ <tr>
+ <td width="59%"><b>mod_SSL </b></td>
+ <td width="41%">(<a href="http://httpd.apache.org/docs-2.0/ssl/">**</a>)&#160;
+ </td>
+ </tr>
+ <tr>
+ <td width="59%"><b>Jakarta mod_jk </b></td>
+ <td width="41%"><a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">1.2.2&#160;</a>
+ </td>
+ </tr>
+ <tr>
+ <td width="59%"><b>Jakarta Log4j </b></td>
+ <td width="41%"><a href="http://jakarta.apache.org/log4j/docs/index.html">1.2.8</a>&#160;
+ </td>
+ </tr>
+ <tr>
+ <td width="59%"><b>PostgreSQL </b></td>
+ <td width="41%"><a href="http://techdocs.postgresql.org/installguides.php">7.3</a>&#160;
+ </td>
+ </tr>
+ </table>
+</div>
+<br />
+ <br />
+
+ <div id="block"> (**) passend zur Version des Apache Webservers </div>
+</td></tr></table>
+<br /><br />
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+</td></tr></table>
+<br />
+
+
+</div>
+</div></div></div></div></div></div></body>
+</html>
diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm
new file mode 100644
index 000000000..289c52d8a
--- /dev/null
+++ b/id/server/doc/moa_id/id-admin_1.htm
@@ -0,0 +1,539 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ pre { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></div>
+<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></a></div>
+<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+<br />
+<div id="slogan">
+<b>Installationsschritte: </b>
+<br />
+<a href="#vorbereitung"><b>Vorbereitung</b></a><br />
+<a href="#Tomcat"><b>Tomcat Konfiguration</b></a><br />
+<a href="#deployment_ak"><b>Deployment<br/>MOA-ID-AUTH</b></a><br />
+<a href="#deployment_pk"><b>Deployment<br/>MOA-ID-PROXY</b></a><br />
+<a href="#Tomcat_Start"><b>Tomcat Start/Stop</b></a><br />
+<a href="#Logging"><b>Logging</b></a><br />
+</div>
+</td>
+
+<td valign="top">
+<p id="titel">Basis-Installation v.1.4</p>
+Bei der Basis-Installation von MOA-ID-AUTH und von MOA-ID-PROXY ist grunds&auml;tzlich gleichartig vorzugehen.
+Unterschiede sind in der Installationsanweisung angef&uuml;hrt.
+<div id="vorbereitung" />
+<p id="subtitel">Vorbereitung</p>
+<div id="block">
+ <p><b>Installation des JDK</b><br />
+ Installieren Sie das JDK in ein
+ beliebiges Verzeichnis. Das Wurzelverzeichnis der JDK-Installation
+ wird im weiteren Verlauf als $JAVA_HOME bezeichnet. <br />
+ <br />
+ <b>Installation von Tomcat</b><br />
+ Installieren Sie Tomcat in ein Verzeichnis, das <b>keine Leer- und
+ Sonderzeichen</b> im Pfadnamen enth&auml;lt. Am Besten verwenden
+ die referenzierte Version von Tomcat im zip-Format. (Hinweis f.
+ Windows: nicht die selbstinstallierende exe Version verwenden.)
+ Das Wurzelverzeichnis der Tomcat-Installation wird im weiteren Verlauf
+ als $CATALINA_HOME bezeichnet.<br />
+ <br />
+ <b>Entpacken der MOA ID Webapplikation</b><br />
+ Entpacken Sie die ausgelieferten Dateien der Webapplikation (moa-id-auth-x.y.zip
+ oder moa-id-proxy-x.y.zip; ersetzen Sie x.y durch die Releasenummer
+ von MOA-ID-AUTH bzw. MOA-ID-PROXY) in ein beliebiges Verzeichnis.
+ Diese Verzeichnisse werden im weiteren Verlauf als $MOA_ID_INST_AUTH
+ bzw. $MOA_ID_INST_PROXY bezeichnet. <br />
+ <br />
+ <b>Installation der IAIK JCE und des IAIK LDAP Protocol Handlers</b><br />
+ Die Dateien aus dem Verzeichnis $MOA_ID_INST_AUTH/ext (oder $MOA_ID_INST_PROXY/ext)
+ m&uuml;ssen in das Verzeichnis $JAVA_HOME/jre/lib/ext kopiert werden.
+ Anschlie&szlig;end steht eine Unterst&uuml;tzung f&uuml;r Kryptographie
+ und SSL jeder Java-Anwendung die dieses JDK verwendet zur Verf&uuml;gung.<br>
+ <br />
+ Zus&auml;tzlich m&uuml;ssen die so genannten Unlimited Strength
+ Jurisdiction Policy Files heruntergeladen, entpackt
+ und ins Verzeichnis $JAVA_HOME/jre/lib/security kopiert werden. </p>
+ <p>Der Download f&uuml;r diese Dateien findet sich am unteren Ende
+ der Download-Seite des jeweiligen JDK in der Sektion "Other
+ Downloads". D.h. JDK <a href="http://java.sun.com/j2se/1.4.0/download.html">
+ hier f&uuml;r 1.4.0</a>, das JDK <a href="http://java.sun.com/j2se/1.4.2/download.html">hier
+ f&uuml;r 1.4.2</a> bzw. das JDK <a href="http://java.sun.com/j2se/1.5.0/download.html">hier
+ f&uuml;r 1.5.0</a>.</p>
+ </div>
+
+</div></td></tr></table>
+
+<div id="Tomcat" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration von Tomcat</p>
+<div id="block">
+<b>Minimale Konfiguration</b> <br />
+Die zentrale Konfigurations-Datei von Tomcat ist $CATALINA_HOME/conf/server.xml. Tomcat wird grunds&auml;tzlich mit
+einer funktionierenden Default-Konfiguration ausgeliefert, die jedoch einiges an Ballast enth&auml;lt und viele Ports
+offen l&auml;sst. Die Datei $MOA_ID_INST_AUTH/tomcat/server.xml (bzw. $MOA_ID_INST_PROXY/tomcat/server.xml) enth&auml;lt eine minimale
+Tomcat-Konfiguration, die je einen Connector f&uuml;r HTTP und f&uuml;r HTTPS freischaltet.<br /><br />
+<b>SSL</b><br />
+F&uuml;r den sicheren Betrieb von MOA-ID-AUTH ist die Verwendung von SSL Voraussetzung, sofern nicht ein vorgelagerter WebServer (Apache oder IIS) das SSL-Handling &uuml;bernimmt.
+Ebenso kann SSL auch f&uuml;r MOA-ID-PROXY verwendet werden.
+Das Dokument <a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html" target="_new">Tomcat SSL Configuration HOW-TO</a> gibt einen guten Überblick &uuml;ber die Konfiguration von SSL in Tomcat. Da die f&uuml;r SSL notwendigen Bibliotheken bereits im Abschnitt "Vorbereitung" eingebunden wurden, sind nur noch folgende Schritte notwendig:
+</div>
+<ul>
+<li>Erstellung eines Server-Keystores, welches den privaten Schl&uuml;ssel des Servers sowie das Server-Zertifikat enth&auml;lt,
+z.B. mit dem <a href="http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html" target="_new"> Java Keytool</a>. <br />
+<b>Hinweis:</b> Standardm&auml;&szlig;ig wird beim Erzeugen eines neuen Keystores im Home-Verzeichnis des Benutzers die Datei ".keystore" angelegt. M&ouml;chte man den Dateinamen und Pfad &auml;ndern, kann man das dem SSL-Connector in $CATALINA_HOME/conf/server.xml durch hinzuf&uuml;gen des Attributes <i>keystoreFile="NAME DES KEYSTORES"</i> im Element &lt;Factory&gt; bekannt machen. Das zum Keystore geh&ouml;rende Passwort &uuml;bergibt man Tomcat mittels des Attributes <i>keystorePass= "PASSWORT DES KEYSTORES"</i> im Element &lt;Factory&gt;. </li>
+<li>Erstellung eines Keystores mit vertrauensw&uuml;rdigen Client-Zertifikaten, z.B. mit dem <a href="http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html" target="_new"> Java Keytool</a> (nur, wenn SSL Client-Authentisierung verwendet werden soll) </li>
+<li>Falls eine Client-Authentisierung gew&uuml;nscht ist, muss die Konfiguration des SSL-Connectors in $CATALINA_HOME/conf/server.xml angepasst werden.</li>
+</ul>
+
+<div id="block">
+<b>MOA Administrator</b><br />
+Der Aufruf der URL f&uuml;r die dynamische Konfiguration von MOA-ID-AUTH ist durch eine Passwort-Abfrage gesch&uuml;tzt, und kann nur von Benutzern aufgerufen werden, die der Benutzer-Rolle <tt>moa-admin</tt> zugeordnet werden k&ouml;nnen.<br />
+Um diese Benutzer-Rolle und einen oder mehrere Benutzer einzurichten, m&uuml;ssen in der Datei $CATALINA_HOME/conf/tomcat-users.xml unter dem Element <tt>&lt;tomcat-users&gt;</tt> sinngem&auml;&szlig; folgende Eintr&auml;ge hinzugef&uuml;gt werden:
+<pre>
+&lt;role rolename="moa-admin"/&gt;
+&lt;user username="moa" password="moa" roles="moa-admin"/&gt;
+</pre>
+</div>
+</td></tr></table>
+
+<div id="deployment_ak" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Deployment von MOA-ID-AUTH in Tomcat</p>
+<div id="block">
+Um MOA-ID-AUTH in Tomcat f&uuml;r den Ablauf vorzubereiten, sind folgende Schritte notwendig: <br />
+ <ul>
+ <li>Die Datei $MOA_ID_INST_AUTH/moa-id-auth.war wird ins Verzeichnis
+ $CATALINA_HOME/webapps kopiert. Dort wird sie beim ersten Start
+ von Tomcat automatisch ins Verzeichnis $CATALINA_HOME/webapps/moa-id-auth
+ entpackt. </li>
+ <li>Die MOA-ID Konfigurationsdatei und die zugeh&ouml;rigen Verzeichnisse
+ "certs" und "transforms" werden in ein beliebiges Verzeichnis
+ im Filesystem kopiert (z.B. $CATALINA_HOME/conf/moa-id). <br />
+ Im Verzeichnis $MOA_ID_INST_AUTH/conf/moa-id befinden sich
+ acht verschiedene Beispielkonfigurationen, die als Ausgangspunkte
+ f&uuml;r die Konfiguration von MOA-ID-AUTH dienen k&ouml;nnen:
+ <ul>
+ <li>SampleMOAIDConfiguration.xml: Konfiguration von MOA-ID f&uuml;r
+ eine Anwendung aus dem &ouml;ffentlichen Bereich.
+ <br>Karte: B&uuml;rgerkarte
+ <br>Konfiguration ohne Proxykomponente</li>
+ <li>SampleMOAIDConfiguration_withTestBKs.xml: Konfiguration von MOA-ID
+ f&uuml;r eine Anwendung aus dem &ouml;ffentlichen Bereich.
+ <br>Karte: B&uuml;rgerkarte und Testkarte
+ <br>Konfiguration ohne Proxykomponente</li>
+ <li>SampleMOAWIDConfiguration.xml: Konfiguration von MOA-ID f&uuml;r
+ eine Anwendung aus dem privatwirtschaftlichen Bereich (MOA-WID Modus).
+ <br>Karte: B&uuml;rgerkarte
+ <br>Konfiguration ohne Proxykomponente</li>
+ <li>SampleMOAWIDConfiguration_withTestBKs.xml: Konfiguration von MOA-ID f&uuml;r
+ eine Anwendung aus dem privatwirtschaftlichen Bereich (MOA-WID Modus).
+ <br>Karte: B&uuml;rgerkarte und Testkarte
+ <br>Konfiguration ohne Proxykomponente</li>
+ <li id="sampleProxyConfig">SampleMOAIDConfigurationProxy.xml: Konfiguration von MOA-ID f&uuml;r
+ eine Anwendung aus dem &ouml;ffentlichen Bereich.
+ <br>Karte: B&uuml;rgerkarte
+ <br>Konfiguration mit <a href="#deployment_pk">Proxykomponente</a>.</li>
+ <li>SampleMOAIDConfiguration_withTestBKsProxy.xml: Konfiguration von MOA-ID
+ f&uuml;r eine Anwendung aus dem &ouml;ffentlichen Bereich.
+ <br>Karte: B&uuml;rgerkarte und Testkarte
+ <br>Konfiguration mit <a href="#deployment_pk">Proxykomponente</a></li>
+ <li>SampleMOAWIDConfigurationProxy.xml: Konfiguration von MOA-ID f&uuml;r
+ eine Anwendung aus dem privatwirtschaftlichen Bereich (MOA-WID Modus).
+ <br>Karte: B&uuml;rgerkarte
+ <br>Konfiguration mit <a href="#deployment_pk">Proxykomponente</a></li>
+ <li>SampleMOAWIDConfiguration_withTestBKsProxy.xml: Konfiguration von MOA-ID f&uuml;r
+ eine Anwendung aus dem privatwirtschaftlichen Bereich (MOA-WID Modus).
+ <br>Karte: B&uuml;rgerkarte und Testkarte
+ <br>Konfiguration mit <a href="#deployment_pk">Proxykomponente</a></li>
+ </ul>
+ </li>
+ <li>Die endorsed Libraries f&uuml;r Tomcat m&uuml;ssen aus dem
+ Verzeichnis $MOA_ID_INST_AUTH/endorsed in das Tomcat-Verzeichnis
+ $CATALINA_HOME/common/endorsed kopieren werden. Folgende Libraries
+ sind f&uuml;r das Deployment im endorsed Verzeichnis vorgesehen:
+ <ul>
+ <li id="klein">Xerces-J-2.4.0 (bestehend aus xercesImpl.jar
+ und xmlParserAPIs.jar) - f&uuml;r alle JDKs.</li>
+ <li>Xalan-j-2.5.1 (bestehend aus xalan.jar).</li>
+ </ul>
+ Eventuell vorhandene Dateien mit dem gleichen Namen m&uuml;ssen
+ ersetzt werden. Die ggf. in diesem Verzeichnis vorhandene Datei
+ <code>xml-apis.jar</code> muss gel&ouml;scht werden.</li>
+ <li>Folgende Java System Properties sind zu setzen: <br />
+ <ul id="klein">
+ <li id="klein">moa.id.configuration=Name der MOA ID Konfigurationsdatei.
+ Eine beispielhafte MOA ID Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/
+ SampleMOAIDConfiguration.xml enthalten.</li>
+ <li id="klein">log4j.configuration=URL der Log4j Konfigurationsdatei.
+ Eine beispielhafte Log4j-Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/log4j.properties
+ enthalten. </li>
+ <li id="klein">javax.net.ssl.trustStore=Name des Truststores
+ f&uuml;r vertrauensw&uuml;rdige SSL Client-Zertifikate (optional;
+ nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt werden
+ soll). <br>
+ </li>
+ </ul>
+ Diese Java System-Properties werden Tomcat &uuml;ber die Umgebungsvariable
+ CATALINA_OPTS mitgeteilt (Beispiel-Skripte zum Setzen dieser
+ Properties f&uuml;r <b>Windows</b> und f&uuml;r <b>Unix bzw.
+ Linux</b> finden sie unter $MOA_ID_INST_AUTH/tomcat/win32 bzw.
+ $MOA_ID_INST_AUTH/tomcat/unix). Diese Skripte k&ouml;nnen sie nach $CATALINA_HOME kompieren und in Folge von dort starten nachdem die Variablen CATALINA_HOME sowie JAVA_HOME in den Skripten entsprechend den Pfaden der Installation gesetzt wurden.
+ </ul>
+</div>
+</td></tr></table>
+
+
+<div id="deployment_pk" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Deployment von MOA-ID-PROXY in Tomcat</p>
+<div id="block">
+Um MOA-ID-PROXY in Tomcat f&uuml;r den Ablauf vorzubereiten, sind folgende Schritte notwendig:
+<br />
+ <ul>
+ <li>
+ <b>F&uuml;r Tomcat 4.1.31:</b>
+ <ul>
+ <li>Die Datei $MOA_ID_INST_PROXY/moa-id-proxy.war wird in ein
+ beliebiges Verzeichnis (bspw. $CATALINA_HOME/webappsProxy) kopiert. <b>HINWEIS:
+ Das Verzeichnis darf sich NICHT unterhalb $CATALINA_HOME/webapps befinden!</b><br/>
+ </li>
+ <li>Anschlie&szlig;end muss in der Datei <tt>$CATALINA_HOME/conf/server.xml</tt> der
+ Tomcat-Root-Context auf diese Datei gesetzt werden: wenn
+ das war-file sich in $CATALINA_HOME/webappsProxy befindet, geschieht dies
+ mit dem Einf&uuml;gen von folgendem Element innerhalb von
+ <tt>&lt;Server&gt;...&lt;Service&gt;...&lt;Engine&gt;...&lt;Host&gt;</tt>:
+ <pre>&lt;Context path=""
+ docBase="../webappsProxy/moa-id-proxy.war"
+ debug="0"/&gt;</pre>
+ Anmerkung: Der Root-Context von Tomcat ist normalerweise auskommentiert.
+ </li>
+ </ul>
+ </li>
+ <li>
+ <b>F&uuml;r Tomcat 5.0.28:</b>
+ <ul>
+ <li>Die Datei $MOA_ID_INST_PROXY/moa-id-proxy.war ist in ein
+ beliebiges Verzeichnis (bspw. $CATALINA_HOME/webappsProxy) <b>zu entpacken</b>
+ (diese Datei ist mittels ZIP Algorithmus komprimiert und kann mit jedem Tool,
+ das mit .ZIP-Dateien umgehen kann, ge&ouml;ffnet werden). <b>HINWEIS:
+ Das Verzeichnis darf sich NICHT unterhalb $CATALINA_HOME/webapps befinden!</b><br/>
+ </li>
+ <li>Anschlie&szlig;end muss in der Datei <tt>$CATALINA_HOME/conf/server.xml</tt> der
+ Tomcat-Root-Context auf diese Datei gesetzt werden: wenn die Proxy Web-Applikation
+ nach $CATALINA_HOME\webappsProxy entpackt wurde, geschieht dies mit dem Einf&uuml;gen
+ von folgendem Element innerhalb von
+ <tt>&lt;Server&gt;...&lt;Service&gt;...&lt;Engine&gt;...&lt;Host&gt;</tt>: </li>
+ <pre>&lt;Context path="" docBase="../webappsProxy"
+ debug="0"/&gt;</pre>
+ Alternativ kann statt die Datei server.xml zu &auml;ndern in <tt>$CATALINA_HOME\conf\Catalina\localhost</tt> eine Datei moa-id-proxy.xml mit vorhin angegebenen Inhalt erstellt werden.
+ </ul>
+ </li>
+ </ul>
+
+ <br />
+ <b>Tomcat Konfiguration:</b>
+ <ul>
+ <li>Die MOA-ID Konfigurationsdatei und die zugeh&ouml;rigen
+ Verzeichnisse "certs" und "oa" werden in ein beliebiges Verzeichnis
+ im Filesystem kopiert (z.B. $CATALINA_HOME/ conf/moa-id).
+ <br />
+ Im Verzeichnis $MOA_ID_INST_PROXY/conf/moa-id befinden sich
+ vier verschiedene <a href="#sampleProxyConfig">Beispielkonfigurationen</a>,
+ die als Ausgangspunkte f&uuml;r die Konfiguration von MOA-ID-PROXY
+ dienen k&ouml;nnen.
+ </li>
+ <li>Die endorsed Libraries f&uuml;r Tomcat m&uuml;ssen aus dem
+ Verzeichnis $MOA_ID_INST_PROXY/endorsed in das Tomcat-Verzeichnis
+ $CATALINA_HOME/common/endorsed kopiert werden. Folgende Libraries
+ sind f&uuml;r das Deployment im endorsed Verzeichnis vorgesehen:
+ <ul>
+ <li id="klein">Xerces-J-2.4.0 (bestehend aus xercesImpl.jar
+ und xmlParserAPIs.jar)</li>
+ </ul>
+ Eventuell vorhandene Dateien mit dem gleichen Namen m&uuml;ssen
+ ersetzt werden.
+ </li>
+ <li>Folgende Java System Properties sind zu setzen: <br />
+ <ul id="klein">
+ <li id="klein">moa.id.configuration=Name der MOA ID Konfigurationsdatei.
+ Eine beispielhafte MOA ID Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/
+ SampleMOAIDConfiguration.xml enthalten.</li>
+ <li id="klein">log4j.configuration=URL der Log4j Konfigurationsdatei.
+ Eine beispielhafte Log4j-Konfiguration ist in $MOA_ID_INST_AUTH/conf/moa-id/log4j.properties
+ enthalten. </li>
+ <li id="klein">javax.net.ssl.trustStore=Name des Truststores
+ f&uuml;r vertrauensw&uuml;rdige SSL Client-Zertifikate
+ (optional; nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt
+ werden soll). </li>
+ </ul>
+ </li>
+ Diese Java System-Properties werden Tomcat &uuml;ber die Umgebungsvariable
+ CATALINA_OPTS mitgeteilt (siehe Deployment von MOA-ID-AUTH<a href="examples/moa-id-env.sh.txt"></a>).
+ <br>
+ <br>
+ Beispiel-Skripts zum Setzen von CATALINA_OPTS und zum Starten
+ von Tomcat sind in $MOA_ID_INST_AUTH\tomcat\ zu finden - Sie
+ k&ouml;nnen diese f&uuml;r Ihre Zwecke adaptieren (JAVA_HOME
+ und $CATALINA_HOME setzen) und nach $CATALINA_HOME kopieren.
+ </ul>
+</div>
+</td></tr></table>
+
+<div id="Tomcat_Start" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Starten und Stoppen von Tomcat </p>
+ <div id="block"> Nach dem Deployment und der Konfiguration kann
+ Tomcat aus seinem Wurzelverzeichnis ($CATALINA_HOME) mit <br />
+ <pre>
+ startTomcat (unter Windows) oder
+ moa-id-env.sh
+ bin/catalina.sh start (unter Unix/Linux)
+</pre>
+gestartet werden. Das Stoppen von Tomcat erfolgt analog mit <br />
+<pre>
+ bin\catalina stop (unter Windows) oder
+ bin/catalina.sh stop (unter Unix/Linux)
+</pre>
+Ein erfolgreicher Startvorgang von MOA-ID-AUTH ist an folgender Log-Meldung ersichtlich: <br />
+<pre>
+ INFO | 08 13:33:38,497 | main |
+ MOA ID Authentisierung wurde
+ erfolgreich gestartet
+</pre>
+Analog bei MOA-ID-PROXY: <br/>
+<pre>
+ INFO | 08 13:35:49,876 | main |
+ MOA ID Proxy wurde erfolgreich gestartet
+</pre>
+
+Nach dem erfolgreichen Starten von Tomcat steht MOA-ID-AUTH unter der URL
+<pre>
+http(s)://host:port/moa-id-auth/StartAuthentication
+</pre>
+zur Verf&uuml;gung. Der WebService ist unter
+<pre>
+http(s)://host:port/moa-id-auth/services/GetAuthenticationData
+</pre>
+erreichbar. Die Verf&uuml;gbarkeit der Anwendung kann &uuml;berpr&uuml;ft werden, indem die URLs mit einem Web-Browser aufgerufen werden.<br />
+<br />
+<div id="ConfigUpdate" />
+<b>Dynamische Konfigurations-Updates</b><br />
+Dynamische Konfigurations-Updates k&ouml;nnen f&uuml;r MOA-ID-AUTH durch den Aufruf der URL http://hostname:port/moa-id-auth/ConfigurationUpdate (z.B. durch Eingabe in einem Browser) durchgef&uuml;hrt werden. Analog wird die Konfiguration von MOA-ID-PROXY mittels http://hostname:port/ConfigurationUpdate aktualisiert.<br /><br />
+<b>Hinweis: </b>Konfigurations&auml;nderungen f&uuml;r die Online-Applikationen betreffen grunds&auml;tzlich sowohl die Auth- als auch die Proxy-Komponente.
+Wenn bspw. das <tt>publicURLPrefix</tt> der OA ge&auml;ndert wird, muss sowohl f&uuml;r die Auth- als auch f&uuml;r die Proxy-Komponente ein ConfigurationUpdate durchgef&uuml;hrt werden. <br /> <br />
+Konnte MOA-ID-AUTH bzw. MOA-ID-PROXY nicht ordnungsgem&auml;&szlig; konfiguriert und gestartet werden, geht das aus der Log-Meldung hervor: <br />
+<pre>
+FATAL | 03 13:19:06,924 | main | Fehler
+ beim Starten des Service MOA ID Authentisierung
+</pre>
+bzw.
+<pre>
+FATAL | 03 13:19:06,924 | main | Fehler
+ beim Starten des Service MOA ID Proxy
+</pre>
+In diesem Fall geben die WARN bzw. ERROR Log-Meldungen unmittelbar davor Aufschluss &uuml;ber den genaueren Grund. <br />
+</div>
+</div></td></tr></table>
+
+
+<div id="Logging" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<div id="Logging" />
+<p id="subtitel">Logging</p>
+<div id="block">
+Die MOA ID Webapplikation verwendet Jakarta Log4j f&uuml;r die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. Log4j bietet zahlreiche Konfigurationsm&ouml;glichkeiten, die ausf&uuml;hrlich im <a href="http://jakarta.apache.org/log4j/docs/manual.html" target="_new">Log4j Handbuch</a> beschrieben sind. Unter anderem gibt es die M&ouml;glichkeit, folgende Einstellungen vorzunehmen: <br />
+<ul>
+<li id="klein">Das verwendete Log-Level (DEBUG, INFO, WARN, ERROR, FATAL).</li>
+<li id="klein">Name und maximale Gr&ouml;&szlig;e der Log-Datei(en).</li>
+<li id="klein">Das Aussehen der Log-Eintr&auml;ge.</li>
+</ul>
+Es werden folgende Log-Hierarchien verwendet:
+</div>
+<ul>
+<li>moa.id.auth f&uuml;r alle Log-Meldungen aus dem MOA-ID-AUTH Modul </li>
+<li>moa.id.proxy f&uuml;r alle Log-Meldungen aus dem MOA-ID-PROXY Modul </li>
+<li>moa.spss.server f&uuml;r alle Log-Meldungen aus dem MOA-SPSS Modul </li>
+<li>iaik.server f&uuml;r alle Log-Meldungen aus den IAIK Kryptographie-Modulen </li>
+</ul>
+<div id="block">
+Als Ausgangspunkt f&uuml;r die Logging-Konfiguration liegt die Datei $MOA_ID_INST_AUTH/conf/moa-id/log4j.properties (bzw. $MOA_ID_INST_PROXY/conf/moa-id/log4j.properties) bei.
+Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Datei <tt>$CATALINA_HOME/logs/moa-id.log</tt> geschrieben.
+<br /><br />
+<b>Format der Log-Meldungen</b><br />
+Anhand einer konkreten Log-Meldung wird das Format der MOA ID Log-Meldungen erl&auml;utert:
+<pre>
+ INFO | 09 08:23:59,385 | Thread-8 |
+ Anmeldedaten zu MOASession -5468974113772848113
+ angelegt, SAML Artifakt
+ AAF/BrdRfnMaQVGIbP/Gf9OwDUwwsXChb7nuT+VXQzOoHbV
+</pre>
+
+Der Wert <tt>INFO</tt> besagt, dass die Log-Meldung im Log-Level <tt>INFO</tt> entstanden ist. Folgende Log-Levels existieren:<br />
+<ul>
+<li id="klein"><tt>DEBUG:</tt> Log-Meldungen im Log-Level <tt>DEBUG</tt> geben Auskunft &uuml;ber die innere Arbeitsweise des Systems. Sie sind haupts&auml;chlich f&uuml;r Entwickler interessant.</li>
+<li id="klein"><tt>INFO:</tt> Diese Log-Meldungen geben informative Status-Informationen &uuml;ber den Ablauf der Webapplikation, wie z.B., dass eine neue Anfrage eingelangt ist.</li>
+<li id="klein"><tt>WARN:</tt> Bei der Ausf&uuml;hrung einer Operation sind leichte Fehler aufgetreten. Der Ablauf der Webapplikation ist nicht weiter beeintr&auml;chtigt.</li>
+<li id="klein"><tt>ERROR:</tt> Die Ausf&uuml;hrung einer Operation musste abgebrochen werden. Die Webapplikation ist davon nicht beeintr&auml;chtigt. </li>
+<li id="klein"><tt>FATAL:</tt> Es ist ein Fehler aufgetreten, der den weiteren Betrieb der Webapplikation nicht mehr sinnvoll macht.</li>
+</ul>
+Der n&auml;chste Wert <tt>09 08:23:59,385</tt>, gibt den Zeitpunkt an, an dem die Log-Meldung generiert wurde (in diesem Fall den 9. Tag im aktuellen Monat, sowie die genaue Uhrzeit). <br />
+Der Rest der Zeile einer Log-Meldung ist der eigentliche Text, mit dem das System bestimmte Informationen anzeigt. Im Fehlerfall ist h&auml;ufig ein Java Stack-Trace angef&uuml;gt, der eine genauere Ursachen-Forschung erm&ouml;glicht.
+<br /><br />
+
+
+<b>Wichtige Log-Meldungen</b><br />
+Neben den im Abschnitt "Starten und Stoppen von Tomcat" beschriebenen Log-Meldungen, die anzeigen, ob die Webapplikation
+ordnungsgem&auml;&szlig; gestartet wurde, geben nachfolgenden Log-Meldungen Aufschluss &uuml;ber die Abarbeitung von Anfragen.
+Die Annahme einer Anfrage wird beispielsweise angezeigt durch:
+</div>
+<pre>
+ INFO | 09 08:37:17,663 | Thread-9 |
+ MOASession 6576509775379152205 angelegt
+
+ INFO | 09 08:37:20,828 | Thread-9 |
+ Anmeldedaten zu MOASession 6576509775379152205
+ angelegt, SAML Artifakt
+ AAF/BrdRfnMaQVGIbP/Gf9OwDUwwsXChb7nuT+VXQzOoHbV
+
+</pre>
+
+<div id="block">
+Die 1. Log-Meldung besagt, dass sich ein Benutzer an MOA-ID-AUTH angemeldet und eine eindeutige SessionID zugewiesen bekommen hat. <br />
+Die 2. Log-Meldung informiert dar&uuml;ber, dass die Anmeldedaten des Benutzers unter dem angezeigten SAML Artifakt abgeholt werden k&ouml;nnen.<br />
+</div>
+Wenn nun versucht wird, eine Transaktion mit einer ung&uumlltigen SessionID fortzusetzen erh&auml;lt man folgende Log-Meldung:<br />
+<pre>
+ ERROR | 09 09:34:27,105 | Thread-8 |
+ at.gv.egovernment.moa.id.AuthenticationException:
+ MOASessionID ist unbekannt
+ (MOASessionID=-8650403497547200032)
+</pre><div id="block">
+ <p>In diesem Fall gibt der mitgeloggte Stacktrace Auskunft
+ &uuml;ber die Art des Fehlers. Der Aufrufer der MOA ID
+ Webapplikation bekommt einen Fehlercode sowie eine kurze
+ Beschreibung des Fehlers als Antwort zur&uuml;ck. <br />
+ <br />
+ Die Tats&auml;chlich &uuml;bertragenen Anfragen bzw. Antworten
+ werden aus Effizienzgr&uuml;nden nur im Log-Level DEBUG
+ angezeigt. </p>
+ <hr />
+ <p>
+ </div>
+ </p>
+ </div>
+</td></tr></table>
+<br /><br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2004 </div>
+</td></tr></table>
+<br />
+
+
+</div>
+</div></div></div></div></div></body>
+</html>
diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm
new file mode 100644
index 000000000..aa7809425
--- /dev/null
+++ b/id/server/doc/moa_id/id-admin_2.htm
@@ -0,0 +1,1417 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; color:#505060; font-weight:bold; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> &uuml;bersicht</b></a></div>
+<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></a></div>
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></div>
+<div id="klein"><a href="id-admin_3.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+<br /><br />
+<div id="slogan">
+<a href="#moaid-konfiguration"><b>Konfiguration<br />von MOA-ID</b></a>
+<br /><br />
+<a href="examples/conf/MOA-ID-Configuration.xml" target="_new">Konfigurationsdatei</a>
+<br /><br />
+<b>Parameter-&uuml;bersicht</b><br />
+<a href="#ConnectionParameter">ConnectionParameter</a><br />
+<a href="#AuthComponent">AuthComponent</a><br />
+<a href="#BKUSelection" >&nbsp;&nbsp;BKUSelection</a><br />
+<a href="#SecurityLayer">&nbsp;&nbsp;SecurityLayer</a><br />
+<a href="#MOA-SP">&nbsp;&nbsp;MOA-SP</a><br />
+<a href="#IdentityLinkSigners">&nbsp;&nbsp;IdentityLinkSigners</a><br />
+<a href="#VerifyInfoboxesAuth">&nbsp;&nbsp;VerifyInfoboxes</a><br />
+<a href="#ProxyComponent">ProxyComponent</a><br />
+<a href="#OnlineApplication">OnlineApplication</a><br />
+<a href="#OnlineApplication/AuthComponent">&nbsp;&nbsp;AuthComponent</a><br />
+<a href="#OnlineApplication/ProxyComponent">&nbsp;&nbsp;ProxyComponent</a><br />
+<a href="#ChainingModes">ChainingModes</a><br />
+<a href="#TrustedCACertificates">TrustedCACertificates</a><br />
+<a href="#GenericConfiguration">GenericConfiguration</a><br />
+<br />
+<a href="#oa-config"><b>Konfiguration<br />der Online-Applikation</b></a><br />
+<br />
+<b>Parameter-&uuml;bersicht</b><br />
+<a href="#LoginType">LoginType</a><br />
+<a href="#ParamAuth">ParamAuth</a><br />
+<a href="#Parameter">&nbsp;&nbsp;ParamAuth/Parameter</a><br />
+<a href="#BasicAuth">BasicAuth</a><br />
+<a href="#HeaderAuth">HeaderAuth</a><br />
+<a href="#Header">&nbsp;&nbsp;HeaderAuth/Header</a><br />
+<br />
+<a href="#sp-config"><b>Konfiguration<br />von MOA-SP</b></a><br />
+<br />
+<a href="#verifytransformsInfoProfile">VerifyTransformsInfoProfile</a><br />
+<a href="#trustProfile">TrustProfile</a><br />
+<a href="#certstore">Certstore</a><br />
+<br />
+<a href="#online-config"><b>&auml;nderung der Konfig. <br />w&auml;hrend des Betriebs</b></a><br />
+
+<br />
+</div>
+
+</td>
+
+ <td valign="top">
+ <div id="titel">Konfiguration von MOA ID v.1.4</div>
+ <div id="moaid-konfiguration" />
+ <p id="subtitel">Konfiguration von MOA ID v.1.4</p>
+ <p id="block"> Die Konfiguration von MOA ID wird mittels einer XML-basierten
+ Konfigurationsdatei, die dem Schema
+ <a href="../MOA-ID-Configuration-1.4.xsd" target="_new">MOA-ID-Configuration-1.4.xsd</a>
+ entspricht, durchgef&uuml;hrt.
+ <p /> Der Ort der Konfigurationsdatei wird im Abschnitt <a href="id-admin_1.htm#deployment">Deployment
+ der Web-Applikation in Tomcat</a> beschrieben.
+ <p /> Die folgenden Abschnitte erl&auml;utern das Format der Konfigurationsdatei.
+ <a href="examples/conf/MOA-ID-Configuration.xml" target="_new">MOA-ID-Configuration.xml</a>
+ zeigt ein Beispiel f&uuml;r eine umfassende Konfigurationsdatei. </p>
+ <p>Enth&auml;lt die Konfigurationsdatei relative Pfadangaben, werden
+ diese relativ zum Verzeichnis, in dem sich die MOA-ID Konfigurationsdatei
+ befindet, interpretiert.<br>
+ </p>
+ <div id="ConnectionParameter" />
+ <p id="block"> <b>ConnectionParameter</b> <br />
+ Das Element <tt>ConnectionParameter</tt> enth&auml;lt Parameter,
+ die MOA-ID f&uuml;r den Aufbau von Verbindungen zu anderen Komponenten
+ ben&ouml;tigt. Dieses Element tritt mehrfach in der Konfigurationsdatei
+ auf und wird daher vorab detailliert beschrieben. <br />
+ <br />
+ Das Attribut <tt>URL</tt> enth&auml;lt die URL der Komponente zu
+ der die Verbindung aufgebaut werden soll. Wird das Schema <tt>https</tt>
+ verwendet, k&ouml;nnen die Kind-Elemente <tt>AcceptedServerCertificates</tt>
+ und <tt>ClientKeyStore</tt> angegeben werden. Wird das Schema <tt>http</tt>
+ verwendet m&uuml;ssen keine Kind-Elemente angegeben werden bzw.
+ werden diese nicht ausgewertet. Andere Schemas werden nicht unterst&uuml;tzt.
+ <br />
+ <br />
+ Wird die Verbindung &uuml;ber TLS aufgebaut und erfordert der TLS-Server
+ eine Client-Authentisierung mittels Zertifikate, dann muss das Kind-Element
+ <tt>ClientKeyStore</tt> spezifiziert werden. Im Element <tt>ClientKeyStore</tt>
+ wird der Filename des PKCS#12-Keys (relativ zur MOA-ID Konfigurationsdatei)
+ angegeben. Diesem Keystore wird der private Schl&uuml;ssel f&uuml;r
+ die TLS-Client-Authentisierung entnommen. Das Passwort zum Lesen
+ des privaten Schl&uuml;ssels wird im Attribut <tt>ClientKeyStore/@password</tt>
+ konfiguriert.<br />
+ Aufgrund der Tatsache, dass starke Verschl&uuml;sselung eine Voraussetzung
+ f&uuml;r MOA-ID darstellt, werden clientseitig nur die folgenden
+ Cipher Suites unterst&uuml;tzt:<br/>
+ <ul>
+ <li><tt>SSL_RSA_WITH_RC4_128_SHA</tt></li>
+ <li><tt>SSL_RSA_WITH_RC4_128_MD5</tt></li>
+ <li><tt>SSL_RSA_WITH_3DES_EDE_CBC_SHA</tt></li>
+ </ul>
+ Im Kind-Element <tt>AcceptedServerCertificates</tt> kann ein Verzeichnisname
+ (relativ zur MOA-ID Konfigurationsdatei) angegeben werden, in dem
+ die akzeptierten Zertifikate der TLS-Verbindung hinterlegt sind. In
+ diesem Verzeichnis werden nur Serverzertifikate abgelegt. Fehlt dieser
+ Parameter wird lediglich &uuml;berpr&uuml;ft ob ein Zertifikatspfad
+ zu den im Element <tt>&lt;TrustedCACertificates&gt;</tt> angegebenen
+ Zertifikaten erstellt werden kann. Falls dies nicht m&ouml;glich ist,
+ kommt es zu einem Fehlerfall.
+ <p></p>
+ <div id="AuthComponent" />
+ <p id="block"> <b>AuthComponent</b> <br />
+ <tt>AuthComponent</tt> enth&auml;lt Parameter, die nur die MOA-ID
+ Authentisierungskomponente betreffen. Das Element ist optional
+ und muss nicht verwendet werden, wenn auf dem Server keine MOA-ID
+ Authentisierungskomponente installiert wird. <br />
+ <br />
+ Das Element <tt>AuthComponent</tt> hat f&uuml;nf Kind-Elemente:
+ <ul>
+ <li><tt>BKUSelection</tt> (optional)</li>
+ <li><tt>SecurityLayer</tt></li>
+ <li><tt>MOA-SP</tt></li>
+ <li><tt>IdentityLinkSigners</tt></li>
+ <li><tt>VerifyInfoboxes</tt> (optional ab Version 1.4)</li>
+ </ul>
+ <p></p>
+ <div id="BKUSelection" />
+ <p id="block"> <b>AuthComponent/BKUSelection</b> <br />
+ Das optionale Element <tt>BKUSelection</tt> enth&auml;lt Parameter
+ zur Nutzung eines Auswahldienstes f&uuml;r eine B&uuml;rgerkartenumgebung
+ (BKU). Wird das Element nicht angegeben, dann wird die lokale
+ B&uuml;rgerkartenumgebung auf <tt>http://localhost:3495/http-security-layer-request</tt>
+ verwendet. <br />
+ <br />
+ Das Attribut <tt>BKUSelectionAlternative</tt> gibt an welche
+ Alternative zur BKU-Auswahl verwendet werden soll. MOA-ID unterst&uuml;tzt
+ die Werte <tt>HTMLComplete</tt> (vollst&auml;ndige HTML-Auswahl)
+ und <tt>HTMLSelect</tt> (HTML-Code f&uuml;r Auswahl) [<a href="../bku-auswahl.20030408.pdf">"Auswahl
+ von B&uuml;rgerkartenumge-bungen"</a>, Arno Hollosi]. <br />
+ <br />
+ Das Kind-Element <tt>ConnectionParameter</tt> spezifiziert die
+ Verbindung zum Auswahldienst (siehe <a href="#ConnectionParameter"><tt>ConnectionParameter</tt></a>),
+ jedoch kann das Kind-Element <tt>ClientKeyStore</tt> nicht angegeben
+ werden. </p>
+ <div id="AuthTemplates" />
+ <p id="block"> <b>AuthComponent/Templates</b> <br />
+ Das optionale Element <tt>Templates</tt> kann genau einmal vorkommen, um
+ das Aussehen der Seiten &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; sowie
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; anzupassen. Die hier
+ spezifizierten (globalen) Templates haben Priorit&auml;t gegen&uuml;ber Templates,
+ die in der aufrufenden URL (vgl. <a href="id-anwendung_1.htm" target="_new">Aufruf von MOA-ID-AUTH</a>)
+ &uuml;bergeben werden, haben jedoch Nachrang gegen&uuml;ber in
+ der Konfigurationsdatei f&uuml;r eine Online-Applikation individuell definierte (lokale)
+ Templates (siehe <a href="#OnlineApplication/AuthComponent/Templates" target="_new">
+ OnlineApplication/AuthComponent/Templates</a>).
+ Das heißt, sind in der Konfigurationsddatei f&uuml;r eine Online-Applikation lokale
+ Templates definiert (Element <tt>OnlineApplication/AuthComponent/Templates</tt>), so werden
+ die als global spezifizierten Templates (<tt>AuthComponent/Templates</tt>) f&uuml;r diese
+ OnlineApplikation ignoriert, jedoch f&uuml;r alle anderen Online-Applikationen
+ verwendet. Templates in der aufrufenden URL werden demnach nur mehr dann
+ herangezogen, wenn in der Konfigurationsdatei weder globale (f&uuml;r alle
+ Online-Applikationen g&uuml;ltig) noch lokale (Templates je Online-Applikation)
+ spezifiziert sind.<br>
+ Das <tt>Templates</tt>-Element hat die zwei Kindelemente
+ <tt>BKUSelectionTemplate</tt> und <tt>Template</tt>. Jedes dieser
+ beiden Elemente kann genau einmal vorkommen oder fehlen.
+ Das Kindelement <tt>BKUSelectionTemplate</tt> spezifiziert ein Template
+ zur Gestaltung der Seite &quot;Auswahl der B&uuml;rgerkartenumgebung&quot;,
+ während das Kindelement <tt>Template</tt> die Seite
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; referenziert.
+ Beide Elemente haben genau ein Attribut namens <tt>URL</tt>,
+ das die Lage des Templates im Form einer URL beschreibt.
+ Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die
+ MOA-ID Konfigurationsdatei befindet, interpretiert.<br>
+ Im folgenden Beispiel werden zwei Templates im Verzeichnis
+ CATALINA_HOME/conf/moa-id/templates referenziert:
+ <br>
+ <pre>
+&lt;Templates&gt;
+ &lt;BKUSelectionTemplate URL="templates/SampleBKUSelectionTemplate.html"/&gt;
+ &lt;Template URL="templates/SampleTemplate.html"/&gt;
+&lt;/Templates&gt;</pre>
+
+ <br>
+ Richtlinien zur Struktur der beiden Templates k&ouml;nnen der
+ MOA-ID-Spezifikation bzw. dem Abschnitt
+ <a href="id-anwendung_1.htm" target="_new">Aufruf von MOA-ID-AUTH</a>
+ dieses Handbuches entnommen werden.
+
+ </p>
+ </div>
+ <div id="SecurityLayer" />
+ <p id="block"> <b>AuthComponent/SecurityLayer</b> <br />
+ Das Element <tt>SecurityLayer</tt> enth&auml;lt Parameter
+ zur Nutzung des Security-Layers. <br />
+ <br />
+ Das Kind-Element <tt>TransformsInfo</tt> spezifiziert eine
+ Transformation, die f&uuml;r die Erstellung der Signatur des
+ AUTH-Blocks als Parameter in den <tt>CreateXMLSignatureRequest</tt>
+ des Security-Layers integriert werden muss. Mehrere unterschiedliche
+ Implementierungen des Security-Layer k&ouml;nnen durch die
+ Angabe mehrerer <tt>TransformsInfo</tt>-Elemente unterst&uuml;tzt
+ werden. <br />
+ <br />
+ Das Attribut <tt>TransformsInfo/@filename</tt> verweist auf
+ eine Datei, die das globale Element <tt>TransformsInfo</tt>
+ vom Typ <tt>TransformsInfo</tt> enth&auml;lt. Die Angabe erfolgt
+ relativ zur MOA-ID Konfigurationsdatei. Das Encoding dieser
+ Datei muss UTF-8 sein. <br />
+ <br />
+ <a href="examples/TransformsInfoAuthBlock.txt">Beispiel f&uuml;r
+ eine TransformsInfo-Datei</a> </p>
+ <div id="MOA-SP" />
+ <p id="block"> <b>AuthComponent/MOA-SP</b> <br />
+ Das Element <tt>MOA-SP</tt> enth&auml;lt Parameter zur Nutzung
+ von MOA-SP. MOA-SP wird f&uuml;r die &uuml;berpr&uuml;fung
+ der Signatur der Personenbindung und des AUTH-Blocks verwendet.
+ <br />
+ <br />
+ Wird das Kind-Element <tt>ConnectionParameter</tt> angegeben,
+ dann wird MOA-SP &uuml;ber das Webservice angesprochen.</p>
+ <p id="block">Wird das Kind-Element <tt>ConnectionParameter</tt>
+ nicht angegeben so wird eine MOA-ID beiligende Version von
+ MOA-SP direkt &uuml;ber das Java-API angesprochen. In diesem
+ Fall muss das System-Property auf die verwendete Konfigurationsdatei
+ von MOA-SP gesetzt werden. Eine beispielhafte MOA-SP Konfigurationsdatei
+ ist in <tt>$MOA_ID_INST_AUTH/conf/moa-spss/SampleMOASPSSConfiguration.xml</tt>
+ enthalten. </p>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ <div id="moaid-konfiguration" />
+ <div id="ConnectionParameter" />
+ <div id="AuthComponent" />
+ <div id="BKUSelection" />
+ <div id="SecurityLayer" />
+ <div id="MOA-SP" />
+ <div id="verifytransformsInfoProfile" />
+ <p><b><i>Hinweis:</i></b><i> MOA-SP muss entsprechend konfiguriert
+ werden - siehe hierzu Abschnitt <a href="#sp-config">Konfiguration
+ von MOA-SP</a>. Alle Details zur Konfiguration von MOA-SP
+ finden sie in der Distribution von MOA-SP/SS beiligenden
+ Dokumentation im Abschnitt 'Konfiguration'.<br>
+ </i><br />
+ Das Kind-Element <tt>VerifyIdentityLink/TrustProfileID</tt>
+ spezifiziert eine TrustProfileID, die f&uuml;r den <tt>VerifyXMLSignatureRequest</tt>
+ zur &Uuml;berpr&uuml;fung der Signatur der Personenbindung
+ verwendet werden muss. Diese TrustProfileID muss beim
+ verwendeten MOA-SP Modul konfiguriert sein.<br />
+ <br />
+ Die Kind-Elemente <tt>VerifyAuthBlock/TrustProfileID</tt>
+ und <tt>VerifyAuthBlock/VerifyTransformsInfoProfileID</tt>
+ spezifizieren eine TrustProfileID und eine ID f&uuml;r
+ ein Transformationsprofil, die f&uuml;r den <tt>VerifyXMLSignatureRequest</tt>
+ zur &uuml;berpr&uuml;fung der Signatur des Auth-Blocks
+ verwendet werden m&uuml;ssen. Diese TrustProfileID muss
+ beim verwendeten MOA-SP Modul konfiguriert sein.</p>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ <div id="moaid-konfiguration" />
+ <div id="AuthComponent" />
+ <div id="IdentityLinkSigners" />
+ <p id="block"> <b>AuthComponent/IdentityLinkSigners</b>
+ <br />
+ Dieses Element gibt an von welchen Signatoren die Signatur
+ des IdentityLink erstellt werden musste damit der IdentityLink
+ akzeptiert wird. F&uuml;r jeden Signator muss der <tt>X509SubjectName</tt>
+ nach RFC 2253 spezifiziert werden. <br />
+ <br />
+ <a href="examples/IdentityLinkSigners.txt">Beispiel</a>
+ <br /><br />
+ <b>Anmerkung:</b> Ab Version 1.4 ist dieses Element nicht mehr verpflichtend notwendig, da die
+ Berechtigung von Zertifikaten zum Signieren von Personenbindungen ab Februar
+ 2007 &uuml;ber die Zertifikatseigenschaft "Eigenschaft zur Ausstellung von Personenbindungen"
+ (OID: 1.2.40.0.10.1.7.1) gepr&uuml;ft wird.
+ Der Namens-Check des alten Zertifikats wird fix in MOA-ID integriert, sodass das
+ <tt>IdentityLinkSigners</tt>-Element in der Konfiguration &uuml;berfl&uuml;ssig wird.
+
+ <br />
+ </p>
+ <div id="VerifyInfoboxesAuth" />
+ <p id="block"> <b>AuthComponent/VerifyInfoboxes</b>
+ <br />
+ Ab Version 1.4 bietet MOA-ID die M&ouml;glichkeit einer erweiterten Infobox-Validierung,
+ das heißt, es k&ouml;nnen neben der Personenbindung auch weitere ausgelesene Infoboxen
+ validiert werden. Die für die Validierung der Infoboxen notwendigen Parameter
+ k&ouml;nnen &uuml;ber die Konfigurationsdatei durch das <tt>VerifyInfoboxes</tt>
+ Element sowohl <a href="#VerifyInfoboxesAuth">global</a> als auch
+ <a href="#OnlineApplication/AuthComponent/VerifyInfoboxes">lokal</a>
+ je Online-Applikation gesetzt werden. MOA-ID &uuml;bergibt diese Parameter der
+ Applikation, die f&uuml;r die Verifikation des Inhaltes der jeweilgen von der BKU
+ &uuml;bermittelten Infobox verantwortlich ist. Im Folgenden wird eine derartige
+ Applikation als <tt>Pr&uuml;fapplikation</tt> bezeichnet.
+ <br />
+ Das <tt>Verifyinfoboxes</tt> Element ist optional und kann fehlen,
+ wenn keine Infoboxen außer der der Personenbindung validiert werden m&uuml;ssen.
+ <br />
+ Das <tt>VerifyInfoboxes</tt>-Element hat folgende Kind-Elemente:
+ <ul>
+ <li id="DefaultTrustProfileVI"><tt>DefaultTrustProfile</tt>: Dieses optionale
+ Element kann nur einmal vorkommen und spezifiziert ein Trust-Profil, das
+ von einer <tt>Pr&uuml;fapplikation</tt> zur Validierung einer Infobox
+ herangezogen werden kann, wenn f&uuml;r diese Infobox kein eigenes
+ <a href="#TrustProfileVI">Trust-Profil</a> gesetzt wurde. Es hat genau ein
+ Kindelement namens <tt>TrustProfileID</tt>, das die ID eines in MOA-SP
+ konfigurierten Trust-Profiles enthält.
+ <br />
+ <b>Anmerkung:</b> Das Trust-Profil f&uuml;r die
+ <a href="#trustProfile">Personenbindung</a> darf <b>nicht</b>
+ zur Validierung anderer Infoboxen verwendet werden. Das Trust-Profil f&uuml;r
+ die <a href="#trustProfile">B&uuml;rgerkarte</a> <b>soll</b> nur dann zur Validierung
+ anderer Infoboxen verwendet werden, wenn die zur Verifikation der Zertifikate ben&ouml;tigten
+ Wurzelzertifikate bereits im entsprechenden Trust-Store enthalten sind. (vgl.
+ MOA-ID Spezifikation, Abschnitt 4.6).
+ </li>
+ <li id="InfoboxVI"><tt>Infobox</tt>: Dieses Element kann beliebig oft vorkommen
+ und kapselt die Parameter, die f&uuml;r die Validierung einer Infobox an die
+ jeweilige Pr&uuml;fapplikation &uuml;bergeben werden.
+ <br />
+ Das <tt>Infobox</tt>-Element hat folgende Attribute:
+ <ul>
+ <li id="IdentifierVI"><tt>Identifier:</tt> Dieses Attribut muss vorhanden sein und gibt
+ den <tt>Namen</tt> der Infobox an. Er muss dabei exakt dem <tt>Bezeichner</tt>
+ der jeweiligen zu validierenden Infobox aus der BKU entsprechen, also
+ zum Beispiel <tt>Mandates</tt> f&uuml;r die <tt>Vollmachten</tt>-Infobox oder
+ <tt>EHSPToken</tt> f&uuml;r die <tt>GDAToken</tt>-Infobox.
+ <br />
+ </li>
+ <li id="requiredVI"><tt>required:</tt> Dieses Attribut vom Typ
+ <tt>boolean</tt> bestimmt, ob MOA-ID den Inhalt der entsprechenden Infobox
+ f&uuml;r die Anmeldung zwingend ben&ouml;tigt. Ist es auf <tt>true</tt>
+ gesetzt, und wird der entsprechende Infobox-Inhalt nicht von der BKU
+ &uuml;bermittelt, so bricht MOA-ID den Anmeldevorgang mit einer Fehlermeldung
+ ab.
+ <br />
+ Fehlt dieses Attribut, so wird als Defaultwert <tt>false</tt> gesetzt.
+ <br />
+ </li>
+ <li id="provideStammzahlVI"><tt>provideStammzahl:</tt> Dieses Attribut vom Typ
+ <tt>boolean</tt> bestimmt, ob die Pr&uuml;fapplikation die Stammzahl aus der
+ Personenbindung erhalten darf. Fehlt dieses Attribut, so wird als Defaultwert
+ <tt>false</tt> gesetzt.
+ <br />
+ <b>Anmerkung</b>: Das Attribut steht in keinem Zusammenhang zum gleichnamigen
+ Attribut <a href="#provideStammzahlOA">OnlineApplication/AuthComponent/@provideStammzahl</a>,
+ das angibt ob die Stammzahl an die <i>Online-Applikation</i> weitergegeben werden darf.
+ </li>
+ <li id="provideIdentityLinkVI"><tt>provideIdentityLink:</tt> Dieses Attribut vom Typ
+ <tt>boolean</tt> bestimmt, ob die Pr&uuml;fapplikation die Personenbindung erhalten
+ soll. Hat es den Wert <tt>true</tt>, so wird ein Klone des Wurzel-Elements der Personenbindung
+ an die Pr&uuml;fapplikation &uuml;bergeben, wobei zu beachten ist, dass die
+ darin enthaltene Stammzahl auf einen leeren String gesetzt wird, falls das
+ Attribut <a href="#provideStammzahlVI">provideStammzahl</a> auf <tt>false</tt>
+ gesetzt ist.
+ Fehlt das <tt>provideIdentityLink</tt>-Attribut, so wird als Defaultwert <tt>false</tt> gesetzt.
+ <br />
+ <b>Anmerkung 1</b>: Das Attribut steht in keinem Zusammenhang zum gleichnamigen
+ Attribut <a href="#provideIdentityLinkOA">OnlineApplication/AuthComponent/@provideIdentityLink</a>,
+ das angibt ob die <i>Online-Applikation</i> die Personenbindung erhalten
+ soll.
+ <br />
+ <b>Anmerkung 2</b>: Der Pr&uuml;fapplikation werden defaultmäßig der Vorname,
+ der Familienname, das Geburtsdatum, der Typ der Stammzahl, die Stammzahl
+ (konfigurierbar) und die &ouml;ffentlichen Schl&uuml;ssel aus der Personenbindung
+ &uuml;bergeben. Das Attribut <tt>provideIdentityLink</tt> sollte deshalb
+ wirklich nur dann auf <tt>true</tt> gesetzt werden, wenn von der
+ Pr&uuml;fapplikation noch andere Daten aus der Personenbindung ben&ouml;tigt
+ werden.
+ </li>
+ </ul>
+ Das <tt>Infobox</tt>-Element hat folgende Kind-Elemente:
+ <ul>
+ <li id="FriendlyNameVI"><tt>FriendlyName</tt>: Das Element ist optional und
+ enth&auml;lt einen Namen, der von MOA-ID zur Anzeige von, die jeweilige Infobox
+ betreffende, Fehlermeldungen im Browser verwendet wird. Im Regelfall wird man
+ hier den deutschen Namen der Infobox setzen, also z.B. <tt>Vollmachten</tt>
+ oder <tt>Stellvertretungen</tt> f&uuml;r die <tt>Mandates</tt>-Infobox oder
+ <tt>GDAToken</tt> f&uuml;r die <tt>EHSPToken</tt>-Infobox.
+ <br />
+ Fehlt dieses Element, so wird f&uuml;r Fehlermeldungen der Wert des
+ <a href="#IdentifierVI">Identifier</a>-Attributes verwendet.
+ </li>
+ <li id="TrustProfileVI"><tt>TrustProfileID</tt>: Das Element ist optional und
+ bezeichnet ein in MOA-SP konfiguriertes Trust-Profil, das von MOA-ID
+ f&uuml;r die Validierung der Infobox verwendet wird.
+ Dabei ist wieder zu beachten, dass das Trust-Profil f&uuml;r die
+ <a href="#trustProfile">Personenbindung</a> <b>nicht</b>
+ zur Validierung anderer Infoboxen verwendet werden darf, und das Trust-Profil f&uuml;r
+ die <a href="#trustProfile">B&uuml;rgerkarte</a> nur dann zur Validierung
+ anderer Infoboxen verwendet werden <b>soll</b>, wenn die zur Verifikation der
+ Zertifikate ben&ouml;tigten Wurzelzertifikate bereits im entsprechenden
+ Trust-Store enthalten sind. (vgl. MOA-ID Spezifikation, Abschnitt 4.6).
+ <br />Fehlt dieses Element, so wird das
+ <a href="#DefaultTrustProfileVI">Default-Trust-Profil</a>
+ verwendet. Ist dieses auch nicht konfiguriert, so wird f&uuml;r die
+ Validierung der entsprechenden Infobox keine Zertifikatspr&uuml;fung
+ notwendig sein.
+ </li>
+ <li id="ValidatorClassVI"><tt>ValidatorClass</tt>: Das Element ist optional
+ und bezeichnet den Namen der Klasse (voller Package-Name), die von MOA-ID
+ zur Validierung der Infobox geladen werden soll. Fehlt dieses Element,
+ so wird MOA-ID versuchen, eine Default-Klasse zu laden, deren Namen aus
+ dem <a href="#IdentifierVI">Identifier</a>-Attribut der Infobox abgeleitet
+ wird (vgl. MOA-ID-Spezifikation, Abschnitt 4.7.2.3,
+ <tt>Zuordnung eines InfoboxReadResponse zu einer implementierenden Klasse</tt>).
+ <br />
+ <b>Anmerkung</b>: Im Regelfall wird dieses Element fehlen, da bei der
+ Entwicklung einer Infobox-Pr&uuml;fapplikation der Default-Klassennamen
+ verwendet werden sollte. Nur wenn es verschiedene Pr&uuml;fapplikationen
+ f&uuml;r eine Infobox gibt, wird man das <tt>ValidatorClass</tt>
+ verwenden, um eine andere als die Default-Applikation zu laden.
+ </li>
+ <li id="SchemaLocationsVI"><tt>SchemaLocations</tt>: Das Element ist optional
+ und referenziert XML-Schemas, die von der Pr&uuml;fapplikation zum
+ validierenden Parsen von Infoboxen verwendet werden k&ouml;nnen. Das
+ Element hat beliebig viele <tt>Schema</tt>-Kindelemente, dessen Attribute
+ <tt>namespace</tt> und <tt>schemaLocation</tt> jeweils die Namespace-URI
+ und den Ort (URI) des entsprechenden Schemas bezeichnen. Relative URIs im
+ <tt>schemaLocation</tt>-Attribut sind dabei relativ zum Verzeichnis der
+ MOA-ID-Konfigurationsdatei zu interpretieren.
+ <br />
+ Beispiel:
+ <br />
+ <pre>
+ &lt;SchemaLocations&gt;
+ &lt;Schema namespace="http://ns1.ns1" schemaLocation="schemas/ns1.xsd"/&gt;
+ &lt;Schema namespace="http://ns2.ns2" schemaLocation="schemas/ns2.xsd"/&gt;
+ &lt;/SchemaLocations>
+ </pre>
+ Weitere M&ouml;glichkeiten zur &Uuml;bergabe von XML-Schemas an die
+ Pr&uuml;fapplikation k&ouml;nnen in der MOA-ID-Spezifikation im
+ Abschnitt 4.7.2, <tt>Erweiterte Infoboxüberprüfung</tt>, nachgelesen werden.
+ </li>
+ <li id="ApplicationSpecificParametersVI"><tt>ApplicationSpecificParameters</tt>:
+ Das Element ist optional und nimmt Infobox-kontext-spezifische Parameter
+ auf.
+ <br />
+ Da MOA-ID die zusätzlichen zur Personenbindung abgefragten Infoboxen
+ (bzw. deren Inhalte) nicht a priori kennt, ist es unm&ouml;glich vorherzusehen,
+ welche Parameter eine Pr&uuml;fapplikation zum Validieren einer Infobox
+ ben&ouml;tigt. Die Konfiguration sieht daher das Element
+ <tt>ApplicationSpecificParameters</tt> vor, um einer bestimmten
+ Pr&uuml;fapplikation kontext spezifische Parameter zu übermitteln.
+ Dieses Element wird vollst&auml;ndig an die Pr&uuml;fapplikation
+ weitergegeben, und es obliegt der Pr&uuml;fapplikation die Kindelemente
+ des <tt>ApplicationSpecificParameters</tt>-Element zu extrahieren und zu
+ interpretieren.
+ <br />
+ Beispiel:
+ <br />
+ <pre>
+ &lt;ApplicationSpecificParameters&gt;
+ &lt;Parameter1&gt;content1&lt;/Parameter1&gt;
+ &lt;Parameter2&gt;content2&lt;/Parameter2&gt;
+ &lt;Parameter3&gt;
+ &lt;Parameter3a&gt;content3a&lt;/Parameter3a&gt;
+ &lt;Parameter3b&gt;content3b&lt;/Parameter3b&gt;
+ &lt;/Parameter3&gt;
+ &lt;/ApplicationSpecificParameters&gt;
+ </pre>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <br />
+ Eine Beispielkonfiguration finden sie am Ende das Abschnitts
+ <a href="#VerifyInfoboxesOA">OnlineApplication/AuthComponent/VerifyInfoboxes</a>.
+ <br />
+ <br />
+ </p>
+ </div>
+
+ <div id="ProxyComponent" />
+ <p id="block"> <b>ProxyComponent</b> <br />
+ <tt>ProxyComponent</tt> enth&auml;lt Parameter, die
+ nur die MOA-ID Proxykomponente betreffen. Das Element
+ ist optional und muss nicht verwendet werden, wenn auf
+ dem Server keine MOA-ID Proxykomponente installiert
+ wird. <br />
+ <br />
+ Das Element <tt>ProxyComponent</tt> hat nur das Kind-Element
+ <tt>AuthComponent</tt>, das die Verbindung zur Authentisierungs-komponente
+ beschreibt. <br />
+ <br />
+ Baut die Proxykomponente die Verbindung zur Authentisierungs-komponente
+ &uuml;ber ein Webservice auf, dann muss das Element
+ <tt>ConnectionParameter</tt> spezifiziert werden. <br />
+ <br />
+ Baut die Proxykomponente die Verbindung zur Authentisierungs-komponente
+ &uuml;ber das API auf, dann wird das Element <tt>ConnectionParameter</tt>
+ nicht spezifiziert. </p>
+ <div id="OnlineApplication" />
+ <p id="block"> <b>OnlineApplication</b> <br />
+ F&uuml;r jede Online-Applikation, die &uuml;ber MOA-ID
+ authentisiert wird, gibt es ein Element <tt>OnlineApplication</tt>.
+ Die Parameter betreffen teils die MOA-ID Authentisierungskomponente,
+ teils die MOA-ID Proxykomponente, teils beide. <br />
+ <br />
+ Das ab Version 1.3 optionale Attribut <tt>OnlineApplication/@type</tt>
+ spezifiziert den Typ der OnlineApplikation und kann
+ die Werte <tt>publicService</tt> f&uuml;r eine Applikation
+ aus dem &ouml;ffentlichen Bereich und <tt>businessService</tt>
+ für eine Anwendung aus dem privatwirtschaftlichen Bereich annehmen.
+ Ab Version 1.4 kann im Modus <tt>businessService</tt> ein zus&auml;tzliches
+ logisches Attribut <tt>OnlineApplication/@calculateHPI</tt> angegeben werden.
+ Dadurch wird im Falle von <tt>calculateHPI="true"</tt> im privatwirtschaftlichen
+ Bereich zur Identifikation der Health Professional Identifier HPI anstatt des wbPKs (siehe
+ <a href="#OnlineApplication/AuthComponent/IdentificationNumber">
+ OnlineApplication/AuthComponent/IdentificationNumber</a>) berechnet
+ und zur Anmeldung weiterverwendet.
+ Ist dieses Attribut nicht gesetzt, so wird der Typ <tt>publicService</tt>
+ vorausgesetzt. <br />
+ <br />
+ Das Attribut <tt>OnlineApplication/@publicURLPrefix</tt>
+ entspricht dem URL-Pr&auml;fix der nach au&szlig;en
+ sichtbaren Dom&auml;ne der Online-Applikation, welcher
+ von der MOA-ID Proxykomponente durch den URL-Pr&auml;fix
+ der wirklichen Dom&auml;ne (Attribut <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt>)
+ ersetzt wird. Es dient als Schl&uuml;ssel zum Auffinden
+ der Konfigurationsparameter zur Online-Applikation.
+ </p>
+ <p id="block">Das Attribut <tt>OnlineApplication/@keyBoxIdentifier</tt>
+ gibt das Schl&uuml;sselpaar an, welches von der B&uuml;rgerkartenumgebung
+ zum Signieren des Auth Blocks verwendet wird. M&ouml;gliche
+ Werte: <tt>CertifiedKeypair </tt>sowie<tt> SecureSignatureKeypair.<br>
+ </tt><br />
+ Das Element <tt>OnlineApplication</tt> hat optional
+ zwei Kind-Elemente: <tt>AuthComponent</tt> und <tt>ProxyComponent</tt>.
+ </p>
+ <div id="OnlineApplication/AuthComponent" />
+ <p id="block"> <b>OnlineApplication/AuthComponent</b>
+ <br />
+ Das Element <tt>OnlineApplication/AuthComponent</tt>
+ muss verwendet werden wenn auf dem Server die Authentisierungskomponente
+ installiert wird. Es enth&auml;lt Parameter, die
+ das Verhalten der Authentisierungskomponente bez&uuml;glich
+ der Online-Applikation konfiguriert. <br />
+ <br />
+ Das optionale Attribut <tt>slVersion</tt> definiert die Version des
+ verwendeten SecurityLayer und damit den Namespace aller
+ Requests, die von MOA-ID an die B&uuml;rgerkartenumgebung
+ geschickt werden. Dieses Attribut kann entweder den Wert <tt>1.1</tt>
+ oder <tt>1.2</tt> annehmen. Fehlt das Attribut, so wird als
+ Defaultwert <tt>1.1</tt> gesetzt.
+ <br />Wurde als Typ der Online-Applikation
+ der Wert <tt>businessService</tt> (vgl. Attribut <tt>OnlineApplication/@type</tt>)
+ spezifiziert, so wird das Attribut <tt>slVersion</tt> ignoriert
+ und immer der Wert <tt>1.2</tt> verwendet, da die f&uuml;r
+ Applikationen aus dem privatwirtschaftlichen Bereich notwendige
+ Berechnung des <tt>wirtschaftsbereichsspezifischen Personenkennzeichens</tt>
+ (<tt>wbPK</tt>) erst ab SecurityLayer Version <tt>1.2</tt> m&ouml;glich ist.
+ <br /><br />
+ Das Attribut <tt id="provideStammzahlOA">provideStammzahl</tt> bestimmt,
+ ob die Stammzahl in den Anmeldedaten aufscheint
+ oder ob der Wert ausgeblendet (d.h. auf den Leerstring gesetzt)
+ wird. Die Attribute <tt>provideAUTHBlock</tt> und
+ <tt id="provideIdentityLinkOA">provideIdentityLink</tt> steuern, ob die
+ Anmeldedaten den Auth-Block bzw. die Personenbindung enthalten.
+ Ab Version 1.3 kann das Attribut <tt>provideCertificate</tt>
+ verwendet werden, um das Signatorzertifikat in die
+ Anmeldedaten aufzunehmen.
+ Alle Attribute sind optional und haben den Default-Wert
+ <tt>false</tt>.
+ <br />
+ <b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem
+ Zusammenhang zum gleichnamigen Attribut
+ <a href="#provideStammzahlVI">VerifyInfoboxes/@provideStammzahl</a>,
+ das angibt ob die Stammzahl an eine <i>Pr&uuml;fapplikation</i> weitergegeben
+ werden darf.
+ <b>Anmerkung</b>: Das Attribut <tt>provideIdentityLink</tt> steht in keinem
+ Zusammenhang zum gleichnamigen Attribut
+ <a href="#provideIdentityLinkVI">VerifyInfoboxes/@provideIdentityLink</a>,
+ das angibt ob die Personenbindung an eine <i>Pr&uuml;fapplikation</i>
+ weitergegeben werden soll.
+ <br />
+ <br />
+ </p>
+ <div id="OnlineApplication/AuthComponent/IdentificationNumber" />
+ <p id="block"> <b>OnlineApplication/AuthComponent/IdentificationNumber</b>
+ <br />
+ Das <tt>wirtschaftsbereichsspezifische Personenkennzeichen</tt> (<tt>wbPK</tt>)
+ wird aus der auf der B&uuml;rgerkarte gespeicherten Stammzahl des B&uuml;rgers
+ und der Stammzahl des Wirtschaftsunternehmens berechnet.
+ Laut <a href="http://reference.e-government.gv.at/E-Government-Gesetz.394.0.html" target="_new">E-Governmentgesetz</a>
+ darf die <i>Errechnung eines wbPK aus der Stammzahl nicht beim Auftraggeber eines
+ privaten Bereichs durchgeführt werden</i> (vgl. E-GovGesetz §12(1).4), und muss deshalb
+ an die Bürgerkartenumgebung ausgelagert werden.
+ Das <tt>OnlineApplication/AuthComponent/IdentificationNumber</tt> Element
+ wird nun verwendet, um die Stammzahl des Wirtschaftsunternehmens zu spezifizieren,
+ welche in weiterer Folge von MOA-ID an die B&uuml;rgerkartenumgebung übergeben
+ wird.<br /> Dieses Element muss bei privatwirtschaftlichen Applikationen
+ vorhanden sein und wird ignoriert, falls es im Kontext von Anwendungen aus
+ dem &ouml;ffentlichen Bereich verwendet wird. <br />
+ Das Element hat genau eines der folgenden m&ouml;glichen Kindelemente
+ aus dem <a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20050214/" target="_new">PersonData</a>
+ Namespace, die als einzigen Inhalt die jeweilige Stammzahl des Unternehmens enthalten:
+ <ul>
+ <li>
+ Das Element <tt>pr:Firmenbuchnummer</tt> enth&auml;lt als einzigen Inhalt
+ die Firmenbuchnummer des Unternehmens.
+ </li>
+ <li>
+ Das Element <tt>pr:Vereinsnummer</tt> enth&auml;lt als einzigen Inhalt
+ die Vereinsregisternummer des Unternehmens.
+ </li>
+ <li>
+ Das Element <tt>pr:ERJPZahl</tt> enth&auml;lt als einzigen Inhalt eine
+ Zahl aus dem Erg&auml;nzungsregister für nicht-natürliche Personen (CorporateBody).
+ </li>
+ <li>
+ Das Element <tt>pr:ZMRzahl</tt> enth&auml;lt als einzigen Inhalt eine
+ Stammzahl einer nat&uuml;rlichen in &Ouml;sterreich meldepflichtigen Person.
+ </li>
+ </ul>
+
+ Die Stammzahl ist jeweils ohne Pr&auml;fix anzugeben, also wird zum Beispiel
+ die Firmenbuchnummer <tt>FN468924i</tt> folgendermaßen definiert:
+ <br /> <br />
+ <tt>&lt;pr:Firmenbuchnummer&gt;468924i&lt;/pr:Firmenbuchnummer&gt;</tt>
+ <br /><br />
+ Leerzeichen werden ignoriert und im Falle einer Firmenbuchnummer werden
+ f&uuml;hrende Nullen gel&ouml;scht und Bindestriche aus der Nummer entfernt.
+ <br /><br />
+ Beispiele:<br />
+ <blockquote>
+ <tt>468924 i</tt> wird zu <tt>468924i</tt><br />
+ <tt>00468924</tt> wird zu <tt>468924i</tt><br />
+ <tt>468924-i</tt> wird zu <tt>468924i</tt><br />
+ </blockquote>
+ Alternativ zu den oben angef&uuml;hrten Elementen aus dem
+ <a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20050214/" target="_new">PersonData</a>
+ Namespace kann auch das Element <tt>AnyNumber</tt> verwendet werden, um
+ Stammzahlen zu spezifizieren, die nicht einer der vier oben aufgelisteten
+ Kategorien zugeordnet werden können.
+ <br></br>
+ Das Element <tt>AnyNumber</tt> hat genau ein Attribut namens <tt>Identifier</tt>,
+ das das Pr&auml;fix der jeweiligen Stammzahl ent&auml;lt. Der Inhalt des
+ Elements <tt>AnyNumber</tt> ist die Stammzahl selbst, wobei die selben Regeln
+ wie oben gelten.
+ <br></br>
+ Die Firmenbuchnummer aus obigem Beispiel k&ouml;nnte man nun beispielsweise mit Hilfe das Elements
+ <tt>AnyNumber</tt> auch folgendermaßen definieren:
+ <br></br>
+ <tt>&lt;AnyNumber Identifier="FN"&gt;468924i&lt;/AnyNumber&gt;</tt>
+ <br></br>
+ Es sei aber nochmals daraufhingewiesen, dass f&uuml;r Stammzahlen der
+ Kategorien <tt>Firmenbuchnummer</tt>, <tt>Vereinsnummer</tt>,
+ <tt>ERJPZahl</tt> und <tt>ZMRzahl</tt> die vordefinierten Elemente aus
+ dem <a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20050214/" target="_new">PersonData</a>
+ Namespace verwendet werden sollen. Das Element <tt>AnyNumber</tt> wurde haupts&auml;chlich in
+ das Schema aufgenommen, um offen f&uuml;r m&ouml;gliche Erweiterungen zu sein.
+ </p>
+ <div id="OnlineApplication/AuthComponent/Templates" />
+ <p id="block"> <b>OnlineApplication/AuthComponent/Templates</b>
+ <br />
+ Dieses Kindelement kann genau einmal vorkommen und entspricht in seiner Struktur dem
+ Element <a href="#AuthTemplates" target="_new">AuthComponent/Templates</a>.
+ Es kann verwendet werden, um Templates zur Gestaltung der Seiten
+ &quot;Auswahl der B&uuml;rgerkartenumgebung&quot; sowie
+ &quot;Anmeldung mit B&uuml;rgerkarte&quot; individuell f&uuml;r
+ eine Online-Applikation zu definieren. Die hier definierten Templates haben
+ Priorit&auml;t gegen&uuml;ber globalen Templates und Templates, die
+ in der aufrufenden URL &uuml;bergeben werden.
+ </p>
+ </div>
+
+ <div id="OnlineApplication/AuthComponent/TransformsInfo" />
+ <p id="block"> <b>OnlineApplication/AuthComponent/TransformsInfo</b>
+ <br />
+ Dieses Kindelement kann mehrfach vorkommen und entspricht in seiner Struktur
+ dem Element <tt>AuthComponent/SecurityLayer/TransformsInfo</tt>.
+ Das Element kann verwendet werden, um f&uuml;r unterschiedliche
+ Online-Applikationen unterschiedliche Transformationen zu spezifizieren.
+ Alle über dieses Element definierten Transformationen haben
+ Vorrang gegen&uuml;ber die durch <tt>AuthComponent/SecurityLayer/TransformsInfo</tt>
+ angegebenen Transformationen. Das heißt, ist f&uuml;r eine
+ Online-Applikation das Kindelement <tt>AuthComponent/TransformsInfo</tt>
+ vorhanden, so wird f&uuml;r diese Applikation die durch dieses Element
+ spezifizierte Transformation verwendet (das Element kann nat&uuml;rlich
+ mehrfach vorkommen, wodurch mehrere Transformationen bezeichnet werden).
+ F&uuml;r alle Applkikationen, die kein Kindelement vom Typ
+ <tt>AuthComponent/TransformsInfo</tt> enthalten, werden die unter
+ <tt>AuthComponent/SecurityLayer/TransformsInfo</tt> spezifizierten
+ &quot;Default-Transformationen&quot; verwendet. <br />
+ Dabei ist zu beachten, dass f&uuml;r jede definierte Transformation
+ ein entsprechendes <tt>MOA-SP/VerifyAuthBlock/VerifyTransformsInfoProfileID</tt>
+ Element vorhanden sein muss.</p>
+ </p>
+ </div>
+ <div id="VerifyInfoboxesOA" >
+ <p id="block"> <b>OnlineApplication/AuthComponent/VerifyInfoboxes</b>
+ <br />
+ Dieses optionale Element entspricht dem <a href="#VerifyInfoboxesAuth">VerifyInfoboxes</a>-Element
+ aus der globalen AUTH-Komponente und &uuml;berschreibt teilweise die
+ dort gesetzten Werte f&uuml;r die jeweilige Infobox pro Online-Applikation.
+ Dabei gelten die folgenden Regeln:
+ <br />
+ Ist nur das globale <a href="#VerifyInfoboxesAuth">VerifyInfoboxes</a>-Element
+ vorhanden, so gelten die dort definierten Parameter f&uuml;r <b>alle</b>
+ Online-Applikationen. Ist kein globales Element vorhanden, so kann
+ MOA-ID f&uuml;r alle Online-Applikation, in deren AUTH-Komponente
+ ein <tt>VerifyInfoboxes</tt>-Element enthalten ist, die darin
+ definierten Infoboxen &uuml;berpr&uuml;fen. F&uuml;r
+ Online-Applikationen, in deren AUTH-Komponente kein
+ <tt>VerifyInfoboxes</tt>-Element gesetzt ist, kann demnach keine
+ andere Infobox als die der Personenbindung validiert werden.
+ <br />
+ Sind sowohl global (<tt>MOA-IDConfiguration/AuthComponent/VerifyInfoboxes</tt>)
+ als auch lokal (<tt>OnlineApplication/AuthComponent/VerifyInfoboxes</tt>)
+ in den Online-Applikationen Infobox-Validatoren konfiguriert, so verarbeitet
+ MOA-ID die darin enthaltenen Parameter wie folgt:
+ <ul>
+ <li id="DefaultTrustProfileOA"><tt>DefaultTrustProfile</tt>: Ein lokal
+ definiertes Default-Trust-Profil hat sowohl Vorrang gegen&uuml;ber einem
+ global gesetzten <a href="#DefaultTrustProfileVI">Default-Trust-Profil</a>
+ als auch gegen&uuml;ber einem global gesetzen
+ <a href="#TrustProfileVI">infobox-spezifischen</a> Trustprofil. Ist
+ beispielsweise im globalen <tt>VerifyInfoboxes</tt>-Element zwar kein
+ Default-Trust-Profil, aber f&uuml;r die Infobox A ein eigenes Trust-Profil
+ definiert, so wird ein lokal definiertes Default-Trust-Profil dem global
+ f&uuml;r die Infobox A gesetzten Trust-Profil vorgezogen.
+ </li>
+ <li id="InfoboxOA"><tt>Infobox</tt>: MOA-ID kann die Vereinigung aus den
+ global und lokal konfigurierten Infoboxen f&uuml;r eine Online-Applikation
+ validieren. Sind beispielsweise global Pr&uuml;fapplikationen
+ f&uuml;r die Infoboxen mit den Bezeichnern
+ (<a href="#IdentifierVI">Infobox/@Identifier</a>-Attribut) <tt>A</tt>
+ und <tt>B</tt> konfiguriert, und lokal f&uuml;r die Online-Applikation
+ <tt>OA1</tt> die Infoboxen <tt>B</tt>, <tt>C</tt> und <tt>D</tt>, so
+ kann MOA-ID f&uuml;r die Online-Applikation <tt>OA1</tt> die
+ Infoboxen <tt>A</tt>, <tt>B</tt>, <tt>C</tt> und <tt>D</tt> validieren.
+ F&uuml;r die Infobox <tt>A</tt> werden dabei die Parameter aus der
+ globalen Konfiguration verwendet und f&uuml;r die Infoboxen
+ <tt>C</tt> und <tt>D</tt> die lokalen Parameter. F&uuml;r die Infobox
+ <tt>B</tt> sind sowohl globale als auch lokale Parameter vorhanden,
+ die von MOA-ID wie folgt interpretiert werden:
+ <ul>
+ <li>Attribute:
+ Die Attribute <a href="#requiredVI">required</a>,
+ <a href="#provideStammzahlVI">provideStammzahl</a> und
+ <a href="#provideIdentityLinkVI">provideIdentityLink</a> <b><i>&uuml;berschreiben</i></b>
+ die global gesetzten Werte. Dabei ist zu beachten, das ein Fehlen dieser
+ Attribute bedeutet, dass ihnen &uuml;ber das Schema der Defaultwert
+ <tt>false</tt> zugewiesen wird. Ist also beispielsweise f&uuml;r die
+ Infobox mit dem Bezeichner <tt>B</tt> das <tt>required</tt>-Attribut
+ global auf <tt>true</tt> gesetzt (&lt;Infobox Identifier="B" required="true"&gt;)
+ und fehlt dieses Attribut lokal in der Online-Applikation <tt>OA1</tt>
+ (&lt;Infobox Identifier="B"&gt;), so hat das <tt>required</tt>-Attribut
+ f&uuml;r die Infobox <tt>B</tt> den Wert <tt>false</tt>.
+ <br />
+ Die Attribute <a href="#requiredVI">required</a>,
+ <a href="#provideStammzahlVI">provideStammzahl</a> und
+ <a href="#provideIdentityLinkVI">provideIdentityLink</a> m&uuml;ssen also
+ f&uuml;r Infoboxen, die sowohl global als auch lokal konfiguriert sind,
+ in jeder lokalen Konfiguration neu gesetzt werden, wenn ihnen der Wert
+ <tt>true</tt> zugwiesen werden sollen.
+ </li>
+ <li>Kind-Elemente:
+ <ul>
+ <li id="FriendlyNameOA"><a href="#FriendlyNameVI">FriendlyName</a>:
+ Ein lokal gesetzter <tt>FriendlyName</tt> wird einem global
+ gesetzten vorgezogen. Ist sowohl lokal als auch global kein
+ <tt>FriendlyName</tt> definiert, so wird das
+ <a href="#IdentifierVI">Identifier</a>-Attribut als <tt>FriendlyName</tt>
+ verwendet.
+ <br />
+ </li>
+ <li id="TrustProfileOA"><a href="#TrustProfileVI">TrustProfileID</a>:
+ Ein lokal definiertes Trust-Profil wird einem lokal definierten
+ Default-Trust-Profil vorgezogen. Sind lokal sowohl kein
+ Default-Trust-Profil als auch kein infobox-spezifisches Trust-Profil
+ definiert, so wird das global gesetzte infobox-spezifisches Trust-Profil
+ verwendet. Fehlt auch dieses, so wird das globale Default-Trust-Profil
+ selektiert. Ist weder lokal als auch lokal ein Trust-Profil
+ definiert, so wird f&uuml;r f&uuml;r die Validierung dieser
+ Infobox kein Trust-Profil ben&ouml;tigt.
+ </li>
+ <li id="ValidatorClassOA"><a href="#ValidatorClassVI">ValidatorClass</a>:
+ Eine lokal gesetzte Validator-Klasse wird einer global gesetzten
+ vorgezogen. Ist sowohl lokal als auch global f&uuml;r eine Infobox
+ keine Validator-Klasse konfiguriert, so wird die Default-Klasse
+ geladen (siehe <a href="#ValidatorClassVI">ValidatorClass</a>).
+ </li>
+ <li id="SchemaLocationsOA"><a href=#SchemaLocations">SchemaLocations</a>:
+ Lokal definierte Schemas werden global definierten vorgezogen.
+ Sind lokal keine Schemas konfiguriert, so werden die globalen verwendet,
+ so sie vorhanden sind.
+ </li>
+ <li id="ApplicationSpecificParametersOA">
+ <a href="#ApplicationSpecificParameters">ApplicationSpecificParameters</a>:
+ Lokal definierte applikationsspezifische Paramter werden global
+ definierten vorgezogen. Sind lokal keine derartigen Paramter
+ konfiguriert, so werden die globalen verwendet, so sie vorhanden
+ sind.
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </li>
+ </ul>
+ <br />
+ <b id="VerifyInfoboxesSample">Beispiel</b>: In der Konfigurationsdatei
+ <a href="examples/SampleMOAIDVerifyInfoboxesConfiguration.xml" target="_new">
+ SampleMOAIDVerifyInfoboxesConfiguration.xml</a> sind global
+ (<tt>MOA-IDConfiguration/AuthComponent/VerifyInfoboxes</tt>)
+ Pr&uuml;fapplikationen f&uuml;r die beiden Infoboxen mit den Bezeichnern
+ <tt>InfoboxA</tt> und <tt>InfoboxB</tt> konfiguriert.
+ <tt>InfoboxA</tt> demonstriert in diesem Beispiel die minimale Konfiguration
+ einer Pr&uuml;fapplikation - es ist nur der Identifier angegeben. MOA-ID
+ wird in diesem Fall versuchen, die Default-Validatorklasse
+ <tt>at.gv.egovernment.moa.id.auth.validator.infoboxa.InfoboxAValidator</tt>
+ zu laden (siehe dazu auch MOA-ID-Spezifikation, Abschnitt 4.7.2.3,
+ <tt>Zuordnung eines InfoboxReadResponse zu einer implementierenden Klasse</tt>).
+ Da ein Default-Trust-Profil (<tt>GlobalVIDefaultTrust</tt>) konfiguriert ist,
+ wird MOA-ID dieses Profil zur Verifikation von Zertifikaten heranziehen.
+ Da kein <tt>FriendlyName</tt> gesetzt ist, wird das <tt>Identifier</tt> Attibut
+ (<tt>InfoboxA</tt>) als <tt>FriendlyName</tt> verwendet. Weitere Parameter
+ sind f&uuml;r die Verifikation dieser Infobox nicht erforderlich.
+ <br />
+ Die Pr&uuml;fapplikation f&uuml;r die <tt>InfoboxB</tt> setzt nahezu alle
+ m&ouml;glichen Paramter mit Ausnahme der Validator-Klasse. MOA-ID wird
+ zur Verifikation dieser Infobox also auch die daf&uuml;r zust&auml;dige Default-Klasse
+ (<tt>at.gv.egovernment.moa.id.auth.validator.infoboxb.InfoboxBValidator</tt>)
+ laden, und alle konfigurierten Parameter an diese Klasse &uuml;bergeben.
+ <br />
+ In die Konfigurationsdatei sind drei Online-Applikationen mit den
+ public URL-Prefixen <tt>https://OA1/</tt>, <tt>https://OA2/</tt> und
+ <tt>https://OA3/</tt> eingetragen.
+ Online-Applikation <tt>OA1</tt> konfiguriert Pr&uuml;fapplikationen f&uuml;r
+ die drei Infoboxen <tt>InfoboxB</tt>, <tt>InfoboxC</tt> und
+ <tt>InfoboxD</tt>. Das heißt, MOA-ID kann f&uuml;r die Online-Applikation
+ <tt>OA1</tt> insgesamt vier Infoboxen &uuml;berpr&uuml;fen: die
+ Paramter f&uuml;r die Infobox <tt>InfoboxA</tt> werden
+ von der entsprechenden global konfigurierten Pr&uuml;applikation
+ &uuml;bernommen. Die Infoboxen <tt>InfoboxC</tt> und
+ <tt>InfoboxD</tt> sind nur lokal gesetzt. F&uuml;r <tt>InfoboxB</tt>
+ &uuml;bernimmt MOA-ID die applikationsspezifischen Parameter aus der
+ entsprechenden global konfigurierten Infobox und &uuml;berschreibt
+ alle weiteren Parameter mit den lokalen Werten. Als Trust-Profil wird
+ das lokale Deafult-Trust-Profil (<tt>LocalOA1DefaultTrust</tt>) genommen -
+ dieses hat Vorrang gegen&uuml;ber den global gesetzten Profilen. Weiters
+ ist zu beachten, dass die Attribute <tt>provideStammzahl</tt> und
+ <tt>provideIdentityLink</tt> lokal nicht gesetzt sind, und daher den
+ Deafult-Wert <tt>false</tt> einnehmen.
+ <br />
+ Das <tt>VerifyInfoboxes</tt>-Element in der AUTH-Komponente der zweiten
+ Online-Applikation (<tt>OA2</tt>) spezifiziert keine anderen Pr&uuml;fapplikationen
+ als die global definierten, &uuml;berschreibt aber f&uuml;r beide Infoboxen
+ teilweise die global gesetzten Parameter. <tt>InfoboxA</tt> verwendet
+ ein lokal definiertes Trust-Profil (<tt>LocalInfoboxOA2ATrust</tt>),
+ <tt>InfoboxB</tt> &uuml;bernimmt
+ alle globalen Parameter, setzt aber f&uuml;r die Attribute <tt>required</tt>,
+ <tt>provideStammzahl</tt> und <tt>provideIdentityLink</tt> jeweils den
+ Defaultwert <tt>false</tt>.
+ <br />
+ Die dritte Online-Applikation <tt>OA3</tt> enth&auml;lt in Ihrer AUTH-Komponente
+ kein <tt>VerifyInfoboxes</tt>-Element. MOA-ID &uuml;bernimmt daher f&uuml;r
+ diese Online-Applikation die global konfigurierten Infobox-Pr&uuml;applikationen
+ (<tt>InfoboxA</tt> und <tt>InfoboxB</tt>) mit allen Paramertern genauso wie
+ sie dort gesetzt sind. Zu beachten ist hier, dass das in der AUTH-Komponente
+ auf <tt>true</tt> gesetzte Attribut <tt>proviedStammzahl</tt> die
+ Online-Applikation und <b><i>nicht</i></b> die Pr&uuml;applikation
+ betrifft.
+ <br />
+ </p>
+ </div>
+ </p>
+ </div>
+ <div id="OnlineApplication/ProxyComponent" />
+ <p id="block"> <b>OnlineApplication/ProxyComponent</b>
+ <br />
+ Das Element <tt>OnlineApplication/ProxyComponent</tt>
+ muss verwendet werden wenn auf dem Server die
+ Proxykomponente installiert wird. <br />
+ <br />
+ Das optionale Attribut <tt>configFileURL</tt>
+ verweist auf eine Konfigurationsdatei die dem Schema
+ <a href="../MOA-ID-Configuration-1.4.xsd" target="_new">MOA-ID-Configuration-1.4.xsd</a>
+ entspricht mit Dokument-Element <tt>Configuration</tt>.
+ Die Angabe erfolgt relativ zur verwendeten MOA-ID
+ Konfigurationsdatei. Beispiel f&uuml;r das Element
+ <tt>configFileURL</tt>: &quot;oa/SampleOAConfiguration.xml&quot;.<br />
+ Defaultm&auml;&szlig;ig wird versucht die Datei
+ von der betreffenden OnlineApplikation unter dem
+ Wert: <tt>http://&lt;realURLPrefix&gt;/MOAConfig.xml</tt>
+ zu laden.<br/>
+ (<tt>&lt;realURLPrefix&gt;</tt> entspricht dem
+ Wert von <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt>)
+ <br />
+ <br />
+ Das optionale Attribut <tt>sessionTimeOut</tt>
+ legt das Timeout einer Benutzersession in der
+ Proxykomponente in Sekunden fest.<br />
+ Default-Wert: 3600 <br />
+ <br />
+ Im optionalen Attribut <tt>loginParameterResolverImpl</tt>
+ kann der Klassenname eines zu verwendenden <tt>LoginParameterResolver</tt>
+ angegeben werden, welcher die Defaultimplementierung
+ ersetzt. <br />
+ </p>
+ <p id="block">Im optionalen Attribut <tt>loginParameterResolverConfiguration
+ </tt>kann ein Configurationsstring f&uuml;r die
+ Initialisierung der betreffenden <tt>loginParameterResolverImpl</tt>
+ angegeben werden.<br>
+ <br />
+ Im optionalen Attribut <tt>connectionBuilderImpl</tt>
+ kann der Klassenname eines zu verwendenden ConnectionBuilder
+ angegeben werden, welcher die Defaultimplementierung
+ ersetzt. <br />
+ <br />
+ Im Kind-Element <tt>ConnectionParameter</tt> ist
+ konfiguriert, wie MOA-ID-PROXY zur Online-Applikation
+ verbindet. </p>
+ <div id="ChainingModes" />
+ <p id="block"> <b>ChainingModes</b><br />
+ Das Element <tt>ChainingModes</tt> definiert,
+ ob bei der Zertifikatspfad-&uuml;berpr&uuml;fung
+ das Kettenmodell (<tt>"chaining"</tt>) oder
+ das Modell nach PKIX RFC 3280 (<tt>"pkix"</tt>)
+ verwendet werden soll. <br />
+ <br />
+ Das Attribut <tt>systemDefaultMode</tt> spezifiziert
+ das Modell, das im Standardfall verwendet werden
+ soll. <br/>
+ <br/>
+ Mit dem Kind-Element <tt>TrustAnchor</tt> kann
+ f&uuml;r jeden Trust Anchor ein abweichendes
+ Modell spezifiziert werden. Ein Trust Anchor
+ ist ein Zertifikat, das in <tt>TrustedCACertificates</tt>
+ spezifiziert ist. Ein Trust Anchor wird durch
+ den Typ <tt>&lt;dsig:X509IssuerSerialType&gt;</tt>
+ spezifiziert. Das f&uuml;r diesen Trust Anchor
+ g&uuml;ltige Modell wird durch das Attribut
+ <tt>mode</tt> spezifiziert. <br/>
+ <br/>
+ G&uuml;ltige Werte f&uuml;r die Attribute <tt>systemDefaultMode</tt>
+ und <tt>mode</tt> sind <tt>"chaining"</tt> und
+ <tt>"pkix"</tt>. <br/>
+ <br/>
+ <a href="examples/ChainingModes.txt">Beispiel</a>
+ </p>
+ <div id="TrustedCACertificates" />
+ <p id="block"> <b>TrustedCACertificates</b><br />
+ Das Element <tt>TrustedCACertificates</tt>
+ enth&auml;lt das Verzeichnis (relativ zur
+ MOA-ID Konfigurationsdatei), das jene Zertifikate
+ enth&auml;lt, die als vertrauensw&uuml;rdig
+ betrachtet werden. Im Zuge der &Uuml;berpr&uuml;fung
+ der TLS-Serverzertifikate wird die Zertifikatspfaderstellung
+ an einem dieser Zertifikate beendet. </p>
+ <div id="GenericConfiguration" />
+ <p id="block"> <b>GenericConfiguration</b><br />
+ Das Element <tt>GenericConfiguration</tt>
+ erm&ouml;glicht das Setzen von Namen-Werte
+ Paaren mittels der Attribute <tt>name</tt>
+ und <tt>value</tt>. Die folgende Liste spezifiziert
+ <ul>
+ <li>g&uuml;ltige Werte f&uuml;r das name-Attribut,
+ </li>
+ <li>eine Beschreibung </li>
+ <li>g&uuml;ltige Werte f&uuml;r das value-Attribut
+ und (falls vorhanden)</li>
+ <li>den Default-Wert f&uuml;r das value-Attribut.
+ </li>
+ </ul>
+ <table border="0" cellspacing="3" cellpadding="2">
+ <tr id="DirectoryCertStoreParameters.RootDir">
+ <th align="left">name: DirectoryCertStoreParameters.RootDir</th>
+ </tr>
+ <tr>
+ <td id="info"> Gibt den Pfadnamen zu einem
+ Verzeichnis an, das als Zertifikatsspeicher
+ im Zuge der TLS-Server-Zertifikats&uuml;berpr&uuml;fung
+ verwendet wird.<br />
+ <hr />
+ <b>value: </b><br />
+ G&uuml;ltige Werte: Name eines g&uuml;ltigen
+ Verzeichnisses (relativ zur MOA-ID Konfigurationsdatei)<br />
+ <b>Dieser Parameter muss angegeben werden.</b>
+ </td>
+ </tr>
+ </table>
+ <table border="0" cellspacing="3" cellpadding="2">
+ <tr id="AuthenticationSession.TimeOut">
+ <th align="left">name: AuthenticationSession.TimeOut</th>
+ </tr>
+ <tr>
+ <td id="info"> Gibt die Zeitspanne in
+ Sekunden vom Beginn der Authentisierung
+ bis zum Anlegen der Anmeldedaten an.
+ Wird die Angegebene Zeitspanne &uuml;berschritten
+ wird der Anmeldevorgang abgebrochen.
+ <br />
+ <hr />
+ <b>value: </b><br />
+ G&uuml;ltige Werte: positive Ganzzahlen
+ <br />
+ Default-Wert: 120 </td>
+ </tr>
+ </table>
+ <table border="0" cellspacing="3" cellpadding="2">
+ <tr id="AuthenticationData.TimeOut">
+ <th align="left">name: AuthenticationData.TimeOut</th>
+ </tr>
+ <tr>
+ <td id="info"> Gibt die Zeitspanne in
+ Sekunden an, f&uuml;r die die Anmeldedaten
+ in der Authentisierungskomponente zum
+ Abholen durch die Proxykomponente oder
+ eine nachfolgende Applikation bereitstehen.
+ Nach Ablauf dieser Zeitspanne werden
+ die Anmeldedaten gel&ouml;scht.<br />
+ <hr />
+ <b>value: </b><br />
+ G&uuml;ltige Werte: positive Ganzzahlen<br />
+ Default-Wert: 600 </td>
+ </tr>
+ </table>
+ <table border="0" cellspacing="3" cellpadding="2">
+ <tr id="TrustManager.RevocationChecking">
+ <th align="left">name: TrustManager.RevocationChecking</th>
+ </tr>
+ <tr>
+ <td id="info"> F&uuml;r die TLS-Server-Authentisierung
+ d&uuml;rfen nur Server-Zertifikate verwendet
+ werden, die eine CRLDP-Extension enthalten
+ (andernfalls kann von MOA-ID keine CRL-&uuml;berpr&uuml;fung
+ durchgef&uuml;hrt werden). <br />
+ Soll das RevocationChecking generell
+ ausgeschaltet werden, ist dieses Attribut
+ anzugeben und auf "false" zu setzen.
+ <br />
+ <hr />
+ <b>value: </b><br />
+ G&uuml;ltige Werte: true, false<br />
+ Default-Wert: true </td>
+ </tr>
+ </table>
+ <table border="0" cellspacing="3" cellpadding="2">
+ <tr id="TrustManager.RevocationChecking">
+ <th align="left">name: FrontendServlets.EnableHTTPConnection</th>
+ </tr>
+ <tr>
+ <td id="info">
+ <p>Standardm&auml;&szlig;ig k&ouml;nnen
+ die beiden Servlets &quot;StartAuthentication&quot;
+ und &quot;SelectBKU&quot; welche das
+ User-Frontend darstellen, aus Sicherheitsgr&uuml;nden,
+ nur &uuml;ber das Schema HTTPS aufgerufen
+ werden. </p>
+ <p>Wenn die beiden Servlets jedoch auch
+ Verbindungen nach dem Schema HTTP
+ entgegennehmen sollen, so kann mittels
+ dem Attribut &quot;EnableHTTPServletConnection&quot;
+ erlaubt werden.</p>
+ <p>Hinweis: Sicher und sinnvoll ist
+ das Erlauben der HTTP Verbindung nur
+ dann, wenn ein Vorgeschalteter Webserver
+ das HTTPS handling &uuml;bernimmt,
+ und eine Verbindung zu den Servlets
+ nur &uuml;ber diesen Webserver m&ouml;glich
+ ist.</p>
+ <hr />
+ <b>value: </b><br />
+ G&uuml;ltige Werte: true, false<br />
+ Default-Wert: false</td>
+ </tr>
+ </table>
+ <table border="0" cellspacing="3" cellpadding="2">
+ <tr id="TrustManager.RevocationChecking">
+ <th align="left"><a name="DataURLPrefix"></a>name:
+ FrontendServlets.DataURLPrefix</th>
+ </tr>
+ <tr>
+ <td id="info">
+ <p>Standardm&auml;&szlig;ig wird als
+ DataURL Prefix das URL Pr&auml;fix
+ unter dem die MOA-ID Servlets erreichbar
+ sind verwendet. Im Falle das sich
+ der MOA-ID Server hinter einer Firewall
+ befindet und die Requests von einem
+ vorgelagertem Webserver weitergereicht
+ werden, kann mit FrontendServlets.DataURLPrefix
+ ein alternatives URL Pr&auml;fix angegeben
+ werden. In diesem Fall muss der Webserver
+ so konfiguriert sein, dass er Request
+ auf diese URLs an den MOA-ID Server
+ weiterleitet.</p>
+ <hr />
+ <b>value: </b><br />
+ G&uuml;ltige Werte: URLs nach dem Schema
+ 'http://' und 'https://'<br />
+ Default-Wert: kein Default-Wert<br>
+ Beispiel: &lt;GenericConfiguration name=&quot;FrontendServlets.DataURLPrefix&quot;
+ value=&quot;https://&lt;your_webserver&gt;/moa-id-auth/&quot;/&gt;</td>
+ </tr>
+ </table>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </div>
+ </td>
+ </tr></table>
+
+
+<br /><br />
+<div id="oa-config" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration der Online-Applikation</p>
+<div id="block">
+Die Konfiguration der OA beschreibt die Art und Weise, wie die Proxykomponente die Anmeldung an der Online-Applikation
+durchf&uuml;hrt.
+<br /><br />
+Der Name der Konfigurationsdatei wird in der Konfiguration von MOA-ID als Wert des Attributs
+<tt>configFileURL</tt> des Elements <tt>MOA-IDConfiguration/OnlineApplication/ProxyComponent</tt> hinterlegt.
+<br/>Ist dieses Attribut nicht gesetzt, dann wird die Datei von <tt>http://&lt;realURLPrefix&gt;/MOAConfig.xml</tt> geladen,
+wobei <tt>&lt;realURLPrefix&gt;</tt> dem Konfigurationswert <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt> entspricht.
+<br /><br />
+Die Konfigurationsdatei ist eine XML-Datei, die dem Schema
+<a href="../MOA-ID-Configuration-1.4.xsd" target="_new">MOA-ID-Configuration-1.4.xsd</a> mit dem Wurzelelement
+<tt>Configuration</tt> entspricht.
+</div>
+
+<div id="LoginType" />
+<p id="block">
+<b>LoginType</b><br />
+Das Element <tt>LoginType</tt> gibt an, ob die Online-Applikation ein einmaliges Login erwartet (<tt>stateful</tt>),
+oder ob die Login-Parameter bei jedem Request mitgegeben werden m&uuml;ssen (<tt>stateless</tt>). Im Fall einer stateful
+Online-Applikation werden die in der HTTP-Session der Proxykomponente gespeicherten Anmeldedaten nur f&uuml;r den Aufruf
+des Login-Scripts verwendet. Unmittelbar nach dem Aufruf werden sie gel&ouml;scht.
+<br />
+Default-Wert: <tt>stateful</tt>
+</p>
+</div>
+
+<div id="ParamAuth" />
+<p id="block">
+<b>ParamAuth</b><br />
+Konfiguriert die &uuml;bergabe der Authentisierungs-Parameter an die Online-Applikation mittels URL-Parametern. Das Element
+kann ein oder mehrere Kind-Elemente <tt>&lt;Parameter&gt;</tt> beinhalten.
+</p>
+</div>
+
+<div id="Parameter" />
+<p id="block">
+<b>ParamAuth/Parameter</b><br />
+Das Element <tt>&lt;Paramter&gt;</tt> enth&auml;lt die Attribute <tt>Name</tt> und <tt>Value</tt>.
+<br /><br />
+Das Attribut <tt>Name</tt> beschreibt den Namen des Parameters und ist ein frei zu w&auml;hlender String.
+<br /><br />
+Das Attribut <tt>Value</tt> beschreibt den Inhalt des Parameters und kann einen der durch <tt>MOAAuthDataType</tt> beschriebenen
+Werte annehmen. G&uuml;ltige Werte von <tt>MOAAuthDataType</tt> sind:
+<ul>
+<li><tt>MOAGivenName</tt> - der Vorname des Benutzers, wie in der Personenbindung enthalten
+<li><tt>MOAFamilyName</tt> - der Nachname des Benutzers, wie in der Personenbindung enthalten
+<li><tt>MOADateOfBirth</tt> - das Geburtsdatum des Benutzers, wie in der Personenbindung enthalten
+<li><tt>MOABPK</tt> - die bereichsspezifische Personenkennzeichnung des Benutzers, wie von der
+Authentisierungskomponente berechnet
+<li><tt>MOAWBPK</tt> - das wirtschaftsbereichsspezifische Personenkennzeichen des Benutzers, wie von der
+B&uuml;gerkartenumgebung berechnet
+<li><tt>MOAPublicAuthority</tt> - wird durch <tt>true</tt> ersetzt, falls der Benutzer mit einem Zertifikat signierte,
+welches eine <a href="../OID-1-0-3.pdf">Beh&ouml;rdenerweiterung</a> beinhaltet. Andernfalls wird <tt>false</tt> gesetzt
+<li><tt>MOABKZ</tt> - das Beh&ouml;rdenkennzeichen (nur sinnvoll, wenn <tt>MOAPublicAuthority</tt> den Wert <tt>true</tt>
+ergibt)
+<li><tt>MOAQualifiedCertificate</tt> - wird durch <tt>true</tt> ersetzt, falls das Zertifikat des Benutzers
+qualifiziert ist, andernfalls wird <tt>false</tt> gesetzt
+<li><tt>MOAStammzahl</tt> - die Stammzahl des Benutzers; diese ist nur dann verf&uuml;gbar, wenn die Online-Applikation
+die Stammzahl bekommen darf (und daher in der Personenbindung enthalten ist)
+<li><tt>MOAIPAddress</tt> - IP-Adresse des Client des Benutzers.
+</ul>
+
+Anhand der <tt>&lt;Parameter&gt;</tt>-Elemente wird der Request f&uuml;r den Login-Vorgang (f&uuml;r stateful Online-Applikationen)
+folgenderma&szlig;en zusammenge-stellt:<br />
+<blockquote>
+<code>GET https://&lt;login-url&gt;?<br />
+&nbsp;&nbsp;&lt;p1.name=p1.resolvedValue&gt;&<br />
+&nbsp;&nbsp;&lt;p2.name=p2.resolvedValue&gt;...</code>
+</blockquote>
+<p id="block">
+Die <tt>&lt;login-url&gt;</tt> ergibt sich aus dem Parameter OA des <a href="id-anwendung_1.htm">Aufrufs von MOA-ID-AUTH</a>,
+zusammen mit der Konfiguration von <tt>OnlineApplication/@publicURLPrefix</tt> und von <tt>OnlineApplication/ProxyComponent/ConnectionParameter/@URL</tt>.
+<br/>Der Wert <tt>resolvedValue</tt> wird in MOA-ID-PROXY je nach Wert des Platzhalters eingesetzt.
+</p>
+<tt></tt></div><tt></tt>
+<div id="BasicAuth" />
+<p id="block">
+<b>BasicAuth</b><br />
+Das Element <tt>BasicAuth</tt> konfiguriert die &uuml;bergabe der Authentisierungs-Parameter an die Online-Appliktion
+mittels HTTP Basic Authentication. Es enth&auml;lt zwei Kind-Elemente.
+<br /><br />
+Das Element <tt>UserID</tt> gibt die UserId des zu authentisierenden Benutzers an und kann einen der durch
+<tt>MOAAuthDataType</tt> beschriebenen Werte annehmen.
+<br /><br />
+Das Element <tt>Password</tt> gibt das Passwort des zu authentisierenden Benutzers an und kann einen der durch
+<tt>MOAAuthDataType</tt> beschriebenen Werte annehmen.
+</p>
+</div>
+
+<div id="HeaderAuth" />
+<p id="block">
+<b>HeaderAuth</b><br />
+Das Element <tt>HeaderAuth</tt> konfiguriert die &uuml;bergabe der Authentisierungs-Parameter an die Online-Applikation
+in HTTP Request Headern. Das Element kann ein oder mehrere Kind-Elemente <tt>&lt;Header&gt;</tt> beinhalten.
+</p>
+</div>
+
+<div id="Header" />
+<p id="block">
+<b>HeaderAuth/Header</b><br />
+Das Element <tt>&lt;Header&gt;</tt> enth&auml;lt die Attribute Name und Value.
+<br /><br />
+Das Attribut <tt>Name</tt> beschreibt den Namen des Header und ist ein frei zu w&auml;hlender String.
+<br /><br />
+Das Attribut <tt>Value</tt> beschreibt den Inhalt des Header und kann einen der durch <tt>MOAAuthDataType</tt>
+beschriebenen Werte annehmen.
+<br /><br />
+Die Header werden folgenderma&szlig;en in den Request an die Online-Applikation eingef&uuml;gt:
+<blockquote><pre>
+&lt;h1.name&gt;:&lt;h1.resolvedValue&gt;
+&lt;h2.name&gt;:&lt;h2.resolvedValue&gt;
+...
+</pre></blockquote>
+Der Wert <tt>resolvedValue</tt> wird in der Proxykomponente je nach Wert des Platzhalters eingesetzt.
+Etwaige Header aus dem urspr&uuml;nglichen Request an die Proxykomponente, die denselben Namen haben, m&uuml;ssen
+&uuml;berschrieben werden.
+<p></p>
+</div>
+</tt></tt></td></tr></table>
+
+
+<div id="sp-config" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration von MOA-SP</p>
+<div id="block">
+
+ <p id="block"> MOA-ID &uuml;berpr&uuml;ft die Signaturen der Personenbindung und
+ des AUTH-Blocks mit dem <tt>VerifyXMLSignatureRequest</tt> von
+ MOA-SP. Dazu muss MOA-SP wie unten beschreiben konfiguriert werden.
+ <br />
+ <br />
+ <b>VerifyTransformsInfoProfile</b><br />
+ Der Request zum &uuml;berpr&uuml;fen der Signatur des AUTH-Blocks
+ verwendet ein vordefiniertes VerifyTransformsInfoProfile. Die
+ im Request verwendete Profil-ID wird in der MOA-ID Konfigurationsdatei
+ im Element <tt>/MOA-IDConfiguration/ AuthComponent/MOA-SP/VerifyAuthBlock/
+ VerifyTransformsInfoProfileID</tt> definiert. Entsprechend muss
+ am MOA-SP Server ein VerifyTransformsInfoProfile mit gleichlautender
+ ID definiert werden. Die Profiledefinition selbst ist in der Auslieferung
+ von MOA-ID in <tt>$MOA_ID_INST_AUTH/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml</tt>
+ enthalten. Diese Profildefinition muss unver&auml;ndert &uuml;bernommen
+ werden. </p>
+ <div id="verifytransformsInfoProfile" /></div>
+
+<div id="trustProfile" />
+<p id="block">
+<b>TrustProfile</b><br />
+Die Requests zur &uuml;berpr&uuml;fung der Signatur verwenden vordefinierte TrustProfile.
+Die im Request verwendete Profil-IDs werden in der MOA-ID Konfigurationsdatei
+in den Elementen <tt>/MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyIdentityLink/ TrustProfileID</tt> und
+<tt>/MOA-IDConfiguration/AuthComponent/MOA-SP/VerifyAuthBlock/TrustProfileID</tt> definiert. Diese beiden Elemente
+k&ouml;nnen unterschiedliche oder identische TrustProfileIDs enthalten.
+Am MOA-SP Server m&uuml;ssen TrustProfile mit gleichlautender ID definiert werden.
+Die Auslieferung von MOA-ID enth&auml;lt das Verzeichnis <tt>$MOA_ID_INST_AUTH/conf/moa-spss/trustprofiles/MOAIDBuergerkarteRoot</tt>,
+das als TrustProfile verwendet werden kann. Weitere Zertifikate k&ouml;nnen als vertrauensw&uuml;rdig hinzugef&uuml;gt werden.
+</p>
+</div>
+
+<div id="certstore" />
+<p id="block">
+<b>Certstore</b><br />
+Zum Aufbau eines Zertifikatspfades k&ouml;nnen ben&ouml;tigte Zertifikate aus einem Zertifikatsspeicher verwendet werden.
+Die Auslieferung von MOA-ID enth&auml;lt das Verzeichnis <tt>$MOA_ID_INST_AUTH/conf/moa-spss/certstore</tt>, das als initialer
+Zertifikatsspeicher verwendet werden kann.
+</p>
+</div>
+
+<div>
+Hinweis: Mit dem Wechsel auf Version 1.3 verwendet MOA SP/SS ein neues Format für die XML-Konfigurationsdatei.
+F&uuml;r die Konvertierung einer &auml;lteren Konfigurationsdatei auf das neue Format steht Ihnen ein Tool
+zur Verf&uuml;gung. Details dazu finden sie in der der Distribution von MOA-SP/SS beiligenden
+Dokumentation im Kapitel 'Konfiguration', Abschnitt 1.2.1.<br>
+
+</div>
+</td></tr></table>
+
+
+<div id="online-config" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">&Auml;nderung der Konfiguration w&auml;hrend des Betriebs</p>
+<div id="block">
+Der Inhalt dieser Konfiguration, bzw. jene Teile, auf die indirekt verwiesen wird, k&ouml;nnen w&auml;hrend des laufenden
+Betriebes des MOA-Servers ge&auml;ndert werden. Der Server selbst wird durch den Aufruf einer <a href="id-admin_1.htm#ConfigUpdate">URL</a>
+(im Applikationskontext von MOA ID) dazu veranlasst, die ge&auml;nderte Konfiguration neu einzulesen.
+Im Falle einer fehlerhaften neuen Konfiguration wird die urspr&uuml;ngliche Konfiguration beibehalten.
+</div>
+
+
+</td></tr></table>
+<br /><br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+</td></tr></table>
+<br />
+
+
+</div>
+</div></div></div></body>
+</html>
diff --git a/id/server/doc/moa_id/id-admin_3.htm b/id/server/doc/moa_id/id-admin_3.htm
new file mode 100644
index 000000000..14c8aecce
--- /dev/null
+++ b/id/server/doc/moa_id/id-admin_3.htm
@@ -0,0 +1,204 @@
+<html>
+<head>
+ <title>MOA ID-Administration</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><a href="id-admin_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Basis-Installation</b></a></div>
+<div id="klein"><a href="id-admin_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Konfiguration </b></a></div>
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Optionale<br />&#160; &#160;&#160;Komponenten</b></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zur&uuml;ck</b></a></div>
+<br />
+<div id="slogan">
+<b>Optionale <br />Komponenten</b><br />
+<a href="#IIS"><b>IIS </b></a><br />
+<a href="#Apache"><b>Apache </b></a><br />
+<a href="#SQL"><b>PostgreSQL </b></a><br />
+</div>
+</td>
+
+<div id="IIS" />
+<td valign="top">
+<p id="titel">Konfiguration der optionalen Komponenten</p>
+<p id="subtitel">Konfiguration des Microsoft Internet Information Server (optional)</p>
+<div id="block">
+Vor MOA-ID-AUTH oder MOA-ID-PROXY kann optional ein MS IIS vorgeschaltet sein. In diesem Fall &uuml;bernimmt der MS IIS die HTTP bzw. HTTPS-Kommunikation mit dem Aufrufer des Webservices. Die Kommunikation zwischen MS IIS und dem in Tomcat deployten Webservice wird durch Jakarta mod_jk durchgef&uuml;hrt.<br /><br />
+<b>Konfiguration von Jakarta mod_jk im MS IIS</b><br />
+F&uuml;r die Kommunikation des MS IIS mit dem im Tomcat deployten Webservice wird das ISAPI-Modul von Jakarta mod_jk im MS IIS installiert und konfiguriert. Eine detaillierte Installations- und Konfigurationsanleitung gibt das <a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/iishowto.html" target="_new">mod_jk IIS HowTo</a>. Beispiele f&uuml;r <tt>workers.properties</tt> und <tt>uriworkermap.properties</tt> Dateien liegen im ausgelieferten moa-id-auth-x.y.zip bzw. moa-id-proxy-x.y.zip, Verzeichnis tomcat bei.
+<br /><br />
+<b>Konfiguration von Tomcat</b><br />
+Damit Tomcat die Aufrufe, die von MS IIS mittels Jakarta mod_jk weiterleitet, entgegennehmen kann, muss in $CATALINA_HOME/conf/server.xml der AJP 1.3 Connector aktiviert werden. Im Gegenzug k&ouml;nnen die Connectoren f&uuml;r HTTP und HTTPS deaktiviert werden. Das geschieht am einfachsten durch ein- bzw. auskommentieren der entsprechenden <tt>Connector</tt> Konfigurations-Elemente in dieser Datei.
+<br /><br />
+</div>
+<div id="block">
+ <p><b>Konfiguration von SSL</b><br />
+ Die Dokumentation zum Einrichten von SSL auf dem MS IIS steht nach
+ Installation des IIS unter http://localhost/iisHelp/ bzw. <a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp" target="_new">online</a>
+ zur Verf&uuml;gung. </p>
+ <p><b><a name="Prefix"></a>Konfiguration des zu verwendenden DATA-URL
+ Pr&auml;fix</b><br>
+ Befindet sich der Rechner auf dem MOA-ID installiert wird hinter
+ einer Firewall welche zwar Zugriffe vom vorgelagerten Webserver
+ zul&auml;sst, nicht jedoch direkte Zugriffe (von den Rechnern von
+ MOA-ID Benutzern), so muss manuell in der Konfigurationsdatei von
+ MOA-ID ein s.g. DATA-URL Pr&auml;fix vergeben werden. An dieses
+ URL-Pr&auml;fix werden Daten von der verwendeten B&uuml;rgerkartenumgebung
+ gesendet. Details finden sie im Abschnitt <a href="./id-admin_2.htm#DataURLPrefix">Konfiguration</a>.
+ Requests an das DataURL-Pr&auml;fix&gt; m&uuml;ssen durch den Webserver
+ an https://&lt;moa-id-rechnername&gt;/moa-id-auth/ bzw. an http://&lt;moa-id-rechnername&gt;/moa-id-auth/
+ weitergeleitet werden.</p>
+ </div>
+</td></div></tr></table>
+<br /><br />
+
+
+<div id="Apache" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration des Apache Webservers (optional)</p>
+<div id="block">
+Vor MOA-ID-AUTH oder MOA-ID-PROXY kann ein Apache Webserver vorgeschaltet sein. Das Prinzip funktioniert wie bei MS IIS, auch hier wird Jakarta mod_jk f&uuml;r die Kommunikation zwischen Webserver und Tomcat eingesetzt.
+<br /><br />
+<b>Konfiguration von Jakarta mod_jk im Apache Webserver</b><br />
+ Um MOA-ID-AUTH oder MOA-ID-PROXY hinter einem Apache Webserver zu betreiben, ist die Konfiguration des Apache-Moduls mod_jk erforderlich. Eine detaillierte Installations- und Konfigurationsanleitung gibt das <a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/aphowto.html" target="_new">mod_jk Apache HowTo</a>. Ein Beispiel f&uuml;r eine <tt>workers.properties</tt> Datei liegt im Verzeichnis $MOA_SPSS_INST/conf/moa bei.<br />
+Um MOA-ID-AUTH oder MOA-ID-PROXY dem Apache Webserver bekannt zu machen, muss folgender Eintrag in die Apache Konfigurationsdatei gemacht werden:
+<pre>
+ JkMount /moa-id-auth/* moaworker
+</pre>
+oder f&uuml;r die Proxy-Komponente
+<pre>
+ JkMount /* moaworker
+</pre>
+ <br />
+<b>Konfiguration von Tomcat</b><br />
+Die Konfiguration von Tomcat ist analog wie im Abschnitt &uuml;ber den MS IIS durchzuf&uuml;hren.
+<br /><br />
+
+<b>Konfiguration von SSL mit mod_SSL </b><br />
+Apache kann in Verbindung mit mod_SSL als SSL-Endpunkt f&uuml;r das MOA-ID-AUTH Webservice fungieren. In diesem Fall entf&auml;llt die SSL-Konfiguration in Tomcat, da Apache und Tomcat auch im Fall von SSL Daten via mod_jk austauschen. Eine detaillierte Installations- und Konfigurationsanleitung von mod_SSL gibt die <a href="http://www.modssl.org/docs/" target="_new">Online-Dokumentation</a>.
+<br /><br />
+Bei der Verwendung von Client-Authentisierung muss darauf geachtet werden, dass mod_ssl die HTTP-Header mit den Informationen &uuml;ber das Client-Zertifikat exportiert. Dies wird durch Angabe der Option<br />
+<pre>
+ SSLOptions +ExportCertData +StdEnvVars
+</pre>
+in der Apache-Konfiguration erreicht.<br />
+Weiters muss Jakarta mod_jk angewiesen werden, die SSL Schl&uuml;ssell&auml;nge zu exportieren. Dies geschieht mit der Direktive:
+<pre>
+ JkOptions +ForwardKeySize
+ +ForwardURICompat
+ -ForwardDirectories
+</pre>
+ <p><b>Konfiguration des zu verwendenden DATA-URL Pr&auml;fix</b></p>
+ <p>siehe gleichnamige <a href="id-admin_3.htm#Prefix">&Uuml;berschrift
+ </a>in Abschnitt &quot;Konfiguration des Microsoft Internet Information
+ Server (optional)&quot;</p>
+ </div>
+</td></tr></table>
+<br /><br />
+
+
+<div id="SQL" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+</td>
+<td valign="top">
+<p id="subtitel">Konfiguration von PostgreSQL</p>
+<div id="block">
+MOA-ID-AUTH bzw. MOA-ID-PROXY kann PostgreSQL zum Abspeichern von Log-Meldungen verwenden. Hierf&uuml;r wird eine installierte und konfigurierte Datenbank vorausgesetzt. Eine detaillierte Übersicht &uuml;ber die Installation und Konfiguration von PostgreSQL gibt die <a href="http://techdocs.postgresql.org/">Online-Dokumentation</a>.<br /><br />
+<b>Logging</b><br />
+F&uuml;r das Logging in eine PostgreSQL Datenbank mittels Jakarta Log4j muss zun&auml;chst eine Tabelle f&uuml;r die Log-Meldungen angelegt werden. Dies kann mit folgendem SQL-Statement erreicht werden:
+<pre>
+ create table spss_log
+ (log_time timestamp,
+ log_level varchar(5),
+ log_msg varchar(256));
+</pre>
+Um das Logging in die Datenbank Log4j bekannt zu machen, muss die Log4j-Konfiguration adaptiert werden. Die Datei $MOA_SPSS_INST/conf/moa/log4.properties enth&auml;lt bereits eine beispielhafte Jakarta Log4j-Konfiguration f&uuml;r das Logging in eine PostgreSQL Datenbank, die standardm&auml;&szlig;ig ausgeschaltet ist. Hinweis: Bei Tests hat sich das Logging in eine Datenbank mit Jakarta Log4j als Performance-Engpa&szlig; herausgestellt. Es wird deshalb empfohlen, auf dieses Feature zu verzichten.
+<br /><br />
+</div>
+
+</td></tr></table>
+<br /><br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+</td></tr></table>
+<br />
+
+
+</div>
+</div></div></body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/moa_id/id-anwendung.htm b/id/server/doc/moa_id/id-anwendung.htm
new file mode 100644
index 000000000..6e33f40e8
--- /dev/null
+++ b/id/server/doc/moa_id/id-anwendung.htm
@@ -0,0 +1,104 @@
+<html>
+<head>
+ <title>MOA ID-Anwendung</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></div>
+<div id="klein"><a href="id-anwendung_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Aufruf MOA-ID-AUTH</b></a></div>
+<div id="klein"><a href="id-anwendung_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Abfrage MOA-ID-AUTH </b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+<br />
+</td>
+
+<td valign="top">
+<div id="titel">MOA ID-Anwendung</div>
+<p id="block">
+MOA-ID führt für eine Online-Applikation (OA) die Benutzeridentifizierung und -authentisierung mit Hilfe der Bürgerkarte durch.
+</p>
+<p id="titel">Übersicht </p>
+Um diese Funktionalität verfügbar zu machen, ist folgendermaßen vorzugehen:<br />
+</p>
+<ul>
+<li>Die OA muss als Webapplikation installiert werden.</li>
+<li>MOA-ID-AUTH muss als Webapplikation <a href="id-admin_1.htm">installiert</a> und für die OA <a href="id-admin_2.htm">konfiguriert</a> werden.</li>
+<li>MOA-ID-AUTH wird durch einen Verweis von einer Webseite aufgerufen.
+Diese Webseite kann z.B. Teil eines Portals sein.</li>
+<li>Nach erfolgter Authentisierung holt die OA die bereitgestellten Anmeldedaten zum Bürger von MOA-ID-AUTH ab.
+Dies kann unter Mithilfe der Webapplikation MOA-ID-PROXY geschehen, die für diesen Zweck <a href="id-admin_1.htm">installiert</a> und für die OA <a href="id-admin_2.htm">konfiguriert</a> werden muss.</li>
+</ul>
+</td></tr></table>
+<br />
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html>
diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm
new file mode 100644
index 000000000..27da073a5
--- /dev/null
+++ b/id/server/doc/moa_id/id-anwendung_1.htm
@@ -0,0 +1,205 @@
+<html>
+<head>
+ <title>MOA ID-Anwendung</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ pre { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-anwendung.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><a href="id-anwendung_1.htm"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Aufruf MOA-ID-AUTH</b></a></div>
+<div id="klein"><a href="id-anwendung_2.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Abfrage MOA-ID-AUTH </b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+</br /><br />
+</td>
+<td valign="top">
+<p id="titel">Aufruf von MOA-ID-AUTH </p>
+<div id="block">MOA-ID-AUTH wird immer durch eine andere (verweisende) Webseite aufgerufen. Diese Webseite kann z.B. Teil eines Portals sein.
+Der Aufruf erfolgt durch einen Verweis der Form: </div>
+<pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
+StartAuthentication?Target=&lt;geschäftsbereich&gt;
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;&quot;&gt;</pre>
+<table border="1"><tbody valign="baseline">
+<tr>
+<td id="klein">&lt;moa-id-server-und-pfad&gt;</td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td>
+</tr>
+<tr>
+<td id="klein">Target=&lt;geschäftsbereich&gt;</td><td id="klein">Angabe, f&uuml;r welches Verfahren der Benutzer authentisiert werden soll (siehe TODO: Link auf Verzeichnis der Geschäftsbereich)</td>
+</tr>
+<tr>
+<td id="klein">OA=&lt;oa-url&gt;</td><td id="klein">Webseite, auf die der Browser nach erfolgter Authentisierung weitergeleitet werden soll</td>
+</tr>
+<tr>
+<td id="klein">Template=&lt;template-url&gt;</td><td id="klein">optional; HTML-Vorlage f&uuml;r der Anmeldeseite von MOA-ID-AUTH, &uuml;ber die der B&uuml;rger den Authentisierungsvorgang startet. &Uuml;ber diesen Parameter kann das Aussehen der Anmeldeseite an das Aussehen der Online-Applikation angepasst werden.</td>
+</tr>
+</tbody></table>
+<br/><br/>
+
+<div id="block">
+<b>Template</b><br /><br />
+Ein <a href="examples/Template.html">Template</a> f&uuml;r die Anmeldeseite von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </div>
+<pre>&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;&gt;<br>&lt;html&gt;<br>&lt;head&gt;<br>&lt;title&gt;MOA ID - Identifizierter Zugang mit B&amp;uuml;rgerkarte&lt;/title&gt;
+ &lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot;&gt;<br>&lt;/head&gt;</pre>
+<p>&lt;form name=&quot;CustomizedForm&quot; action=&quot;&lt;BKU&gt;&quot; method=&quot;post&quot;&gt;<br>
+&lt;div align=&quot;center&quot;&gt;<br>
+&lt;input type=&quot;hidden&quot;<br>
+name=&quot;XMLRequest&quot;<br>
+value=&quot;&lt;XMLRequest&gt;&quot;/&gt;<br>
+&lt;input type=&quot;hidden&quot;<br>
+name=&quot;DataURL&quot;<br>
+value=&quot;&lt;DataURL&gt;&quot;/&gt;<br>
+&lt;input type=&quot;hidden&quot;<br>
+name=&quot;PushInfobox&quot<br>
+ value=&quot;&lt;PushInfobox&gt;&quot;/&gt;<br>
+&lt;input type=&quot;submit&quot; value=&quot;Anmeldung mit B&amp;uuml;rgerkarte&quot; name=&quot;submit&quot;/&gt;<br>
+&lt;/div&gt;<br>
+&lt;/form&gt;<br>
+&lt;form name=&quot;CustomizedInfoForm&quot;<br>
+action=&quot;&lt;BKU&gt;&quot;<br>
+method=&quot;post&quot;&gt;<br>
+&lt;input type=&quot;hidden&quot;<br>
+name=&quot;XMLRequest&quot;<br>
+value=&quot;&lt;CertInfoXMLRequest&gt;&quot;/&gt;<br>
+&lt;input type=&quot;hidden&quot;<br>
+name=&quot;DataURL&quot;<br>
+value=&quot;&lt;CertInfoDataURL&gt;&quot;/&gt;<br>
+</p>
+<p> &lt;input type=&quot;hidden&quot; value=&quot;Weitere Info&quot;/&gt;<br>
+&lt;/form&gt;</p><p>&lt;/body&gt;<br>
+&lt;/html&gt;<br>
+</p>
+Innerhalb dieser <tt>&lt;form&gt;</tt>-Elemente k&ouml;nnen Texte, Beschriftungen und Styles modifiziert werden,
+und es k&ouml;nnen zus&auml;tzliche Elemente darin aufgenommen werden.
+<br /><br />
+Die vorgegebene Grundstruktur ist aber in jedem Fall einzuhalten, und es m&uuml;ssen die speziellen
+Tags <tt>&lt;BKU&gt;</tt> (kommt 2x vor), <tt>&lt;XMLRequest&gt;</tt>, <tt>&lt;DataURL&gt;</tt>, <tt>&lt;CertInfoXMLRequest&gt;</tt> und <tt>&lt;CertInfoDataURL&gt;</tt>
+darin enthalten sein. Das Tag &lt;PushInfobox&gt; muss ab Version 1.4 vorhanden sein, wenn MOA-ID auch andere Infoboxen als die Personenbindung bearbeiten kann.
+<br /><br />
+
+<div id="block">
+<b>BKU-Auswahl</b><br /><br />
+MOA-ID-AUTH bietet die M&ouml;glichkeit, die B&uuml;rgerkartenumgebung (BKU) auszuw&auml;hlen, &uuml;ber die in weiterer Folge die B&uuml;rgerkarte ausgelesen wird. Der Aufruf erfolgt dann durch einen Verweis der Form: </div>
+<pre>&lt;a href=&quot;https://&lt;moa-id-server-und-pfad&gt;/
+SelectBKU?Target=&lt;geschäftsbereich&gt;
+&OA=&lt;oa-url&gt;&Template=&lt;template-url&gt;
+&BKUSelectionTemplate=&lt;bku-template-url&gt;&quot;&gt;</pre>
+<table border="1"><tbody valign="baseline">
+<tr><td id="klein">BKUSelectionTemplate= &lt;bku-template-url&gt;</td>
+<td id="klein">optional; HTML-Vorlage f&uuml;r der BKU-Auswahlseite von MOA-ID-AUTH.
+&Uuml;ber diesen Parameter kann das Aussehen der BKU-Auswahlseite an das Aussehen der Online-Applikation angepasst werden.</td>
+</tr>
+</tbody></table>
+<br/><br/>
+
+<div id="block">
+<b>BKUSelectionTemplate</b><br /><br />
+Ein <a href="examples/BKUSelectionTemplate.html">Template f&uuml;r die BKU-Auswahl</a> von MOA-ID-AUTH kann aus folgender Grundstruktur aufgebaut werden: </div>
+<pre>
+&lt;!DOCTYPE HTML PUBLIC &quot;-//W3C//DTD HTML 4.01 Transitional//EN&quot;&gt;<br>&lt;html&gt;<br>&lt;head&gt;<br>&lt;title&gt;MOA ID - Auswahl der B&amp;uuuml;rgerkartenumgebung&lt;/title&gt;
+ &lt;meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=utf-8&quot;&gt;<br>&lt;/head&gt;</pre><p>&lt;form name=&quot;CustomizedForm&quot; method=&quot;post&quot; action=&quot;&lt;StartAuth&gt;&quot;&gt;<br>
+&lt;BKUSelect&gt; <br>
+&lt;input type=&quot;submit&quot; value=&quot;Ausw&amp;auml;hlen&quot;/&gt;<br>
+&lt;/form&gt;<br>
+&lt;br/&gt;<br>
+&lt;p&gt;&lt;/p&gt;</p>
+<p> &lt;input type=&quot;hidden&quot; value=&quot;Weitere Info&quot;/&gt;<br>
+&lt;/form&gt;</p>
+<p>&lt;/body&gt;<br>
+&lt;/html&gt;<br>
+</p>
+<p>
+
+
+Innerhalb dieser <tt>&lt;form&gt;</tt>-Elemente k&ouml;nnen Texte, Beschriftungen und Styles modifiziert werden,
+und es k&ouml;nnen zus&auml;tzliche Elemente darin aufgenommen werden. <br />
+<br />
+Auch dabei ist die vorgegebene Grundstruktur einzuhalten, die speziellen Tags <tt>&lt;StartAuth&gt;</tt> und <tt>&lt;BKUSelect&gt;</tt> sind verpflichtend.</p>
+<p><strong>Wichtiger Hinweis:</strong> wenn die Templates &uuml;ber HTTPS geladen werden sollten, so muss das SSL/TLS Zertifikat des Servers in einem Java Truststore gespeichert werden und dieser beim Start von Tomcat angegeben werden. </p>
+<strong>Vorgeschlagene Vorgehensweise:<br>
+</strong>
+<pre>
+
+1. Webserver SSL/TLS Zertifikat speichern im .cer Format speichern (z.B. mittels Internet Explorer).<br>
+2. Mittels Java Keytool das Zertifikat in einen Java Truststore importieren. </pre>
+
+Im folgenden Beispiel wird in den Java Truststore &quot;truststore.jks&quot; mit dem Passwort &quot;changeit&quot; importiert.<br>
+<pre>keytool -import -trustcacerts -alias mytomcat -file tomcat_localhost.cer -keystore truststore.jks</pre>
+<p>3. Truststore beim Starten von Tomcat angeben (&uuml;ber das Hinzuf&uuml;gen folgender Parameter in
+ die Variable CATALINA_OPTS im Tomcat Startskript).</p>
+<p><br><pre>
+ -Djavax.net.ssl.trustStore=&lt;PFAD&gt;\truststore.jks<br>
+ -Djavax.net.ssl.trustStorePassword=changeit<br>
+ -Djavax.net.ssl.trustStoreType=jks <br /></pre>
+</p></td>
+</tr></table>
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html>
diff --git a/id/server/doc/moa_id/id-anwendung_2.htm b/id/server/doc/moa_id/id-anwendung_2.htm
new file mode 100644
index 000000000..45a815379
--- /dev/null
+++ b/id/server/doc/moa_id/id-anwendung_2.htm
@@ -0,0 +1,247 @@
+<html>
+<head>
+ <title>MOA ID-Anwendung</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#d8d8d8; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ pre { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ #info { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; padding:3px; border:solid 1px #c0c0c0 }
+ #infolist { font-family:"Verdana", "Arial"; font-size:8pt; color:#505060; }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><a href="id-anwendung.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Übersicht</b></a></div>
+<div id="klein"><a href="id-anwendung_1.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Aufruf MOA-ID-AUTH</b></a></div>
+<div id="klein"><a href="id-anwendung_2.htm"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Abfrage MOA-ID-AUTH </b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+</br /><br />
+<div id="slogan">
+<b>Abfragearten: </b>
+</br />
+<a href="#webservice"><b>Web Service</b></a><br />
+<a href="#proxy"><b>MOA-ID-PROXY</b></a><br />
+</div>
+</td>
+
+
+<td valign="top">
+<p id="titel">Abfrage der Anmeldedaten von MOA-ID-AUTH</p>
+<div id="block">Nach erfolgter Authentisierung stehen in MOA-ID-AUTH Anmeldedaten zum Abholen bereit,
+und MOA-ID-AUTH veranlasst einen Redirect zur Online-Applikation (OA).
+<br /><br />
+In diesem Redirect werden der Geschäftsbereich und ein SAML-Artifact als Parameter übergeben.
+</div>
+<pre>&lt;a href=&quot;https://&lt;oa-url&gt;
+?Target=&lt;geschäftsbereich&gt;
+&SAMLArtifact=&lt;saml-artifact&gt;&quot;&gt;</pre>
+
+<table border="1"><tbody valign="baseline">
+<tr><td>&lt;oa-url&gt;</td><td>URL, der beim Aufruf von MOA-ID-AUTH als Parameter &quot;OA&quot; übergeben wurde</td></tr>
+<tr><td>Target=&lt;geschäftsbereich&gt;</td><td>Parameter, der beim Aufruf von MOA-ID-AUTH übergeben wurde</td></tr>
+<tr><td>SAMLArtifact=&lt;saml-artifact&gt;</td><td>SAML-Artifact, das von MOA-ID-AUTH zu den Anmeldedaten erstellt wurde.
+Mithilfe dieses SAML-Artifacts kann die OA die Anmeldedaten von MOA-ID-AUTH abholen.</td></tr>
+</tbody></table>
+<br/><br/>
+<div id="block">Grundsätzlich stehen einer OA mehrere Arten zum Abholen der Anmeldedaten von MOA-ID-AUTH zur Verfügung: </div>
+<ol>
+<li>Die Applikation ruft selbst das MOA-ID-AUTH Web Service auf.
+<br/>Die Implementierung dieser Variante wird empfohlen, insbesondere für Online-Applikationen, die neu erstellt werden.
+</li>
+<li>Es wird die MOA-ID-PROXY Webapplikation eingesetzt, um die Anmeldedaten abzuholen und an die OA zu übergeben.
+<br/>Aus Sicht von MOA-ID-PROXY ist bedeutsam, ob die OA die Anmeldedaten nach Abarbeitung des HTTP-Requests behält.
+<ul>
+<li>Stateful OA: MOA-ID-PROXY übergibt einmalig die Anmeldedaten an die OA, und die OA speichert die Anmeldedaten, typischerweise unter Einsatz von Cookies.</li>
+<li>Stateless OA: MOA-ID-PROXY übergibt die Anmeldedaten bei jedem HTTP-Request vom Browser des Bürgers an die OA.</li>
+</ul>
+Diese Variante ist vorzuziehen, wenn
+<ul>
+<li>für die Plattform, auf der die OA aufbaut, Web Service-Schnittstellen nicht verfügbar sind</li>
+<li>das nötige Web Service-Know How nicht zur Verfügung steht</li>
+<li>die Implementierung von Variante 1 zu aufwändig wäre</li>
+<li>eine Anpassung der OA aus bestimmten Gründen nicht möglich ist</li>
+</ul>
+</li>
+</ol>
+</td></tr></table>
+
+
+
+<div id="webservice" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+
+<td valign="top">
+<p id="subtitel">Aufruf des MOA-ID-AUTH Web Service</p>
+<div id="block">Das MOA-ID-AUTH Web Service wird über einen &lt;samlp:Request&gt; aufgerufen.
+Der &lt;samlp:Request&gt; enthält in einem &lt;samlp:AssertionArtifact&gt; das von MOA-ID-AUTH übergebene SAML-Artifact.
+<br/><br/>
+MOA-ID-AUTH liefert als Antwort einen &lt;samlp:Response&gt;. Die Anmeldedaten sind im &lt;samlp:Response&gt; in Form einer &lt;saml:Assertion&gt; enthalten.
+<br/><br/>
+<a href="../cs-sstc-schema-protocol-01.xsd">SAML 1.0 Protocol Schema</a>
+<br/>
+<a href="../cs-sstc-schema-assertion-01.xsd">SAML 1.0 Assertion Schema</a>
+<br/>
+Der detaillierte Aufbau der &lt;saml:Assertion&gt; zu den Anmeldedaten ist in der <a href="../MOA_ID_1.4_20070306.pdf">Spezifikation MOA-ID 1.4</a> beschrieben.
+<br/><br/>
+<h4>Beispiel LoginServletExample</h4>
+Das Abholen der Anmeldedaten durch Aufruf des Web Service von MOA-ID-AUTH wird anhand eines beispielhaften Java Servlet gezeigt.
+Das LoginServletExample wird in einer Stateful OA von MOA-ID-AUTH nach erfolgter Authentisierung über Redirect aufgerufen.
+<br/><br/>
+Das Beispiel demonstriert insgesamt die Integration von MOA-ID-AUTH in die OA:
+</div>
+<ul>
+<li>Parameterübergabe von MOA-ID-AUTH an die OA</li>
+<li>Aufruf des MOA-ID-AUTH Web Service mittels des SOAP Frameworks "Apache AXIS"</li>
+<li>Parsen der Anmeldedaten mittels der XPath Engine "Jaxen"</li>
+<li>Speichern der Anmeldedaten in der HTTPSession</li>
+<li>Redirect auf die eigentliche Startseite der OA</li>
+</ul>
+
+
+<b>Voraussetzungen</b><br >
+<div id="block">Die folgende Liste enthält die für das Beispiel erforderlichen Java-Bibliotheken. Die angeführten Versionsnummern bezeichnen jene Versionen dieser Java-Bibliotheken, mit denen das Beispiel getestet wurde. </div>
+<br />
+<table border="1" width="100%" cellpadding="2" cellspacing="0">
+<tr>
+<th>Java-Bibliothek</th><th>Version</th><th>Bemerkung</th>
+</tr><tr>
+<tr valign="top">
+<td>JDK</td>
+<td>1.4.0+, 1.5.0</td>
+<td>Java Development Kit</td>
+</tr><tr valign="top">
+<td>Xerces <br />XML Parser</td><td>2.0.2+</td>
+<td id="klein">Download: <a href="http://xml.apache.org/xerces2-j/">xml.apache.org/xerces2-j</a> </td>
+</tr><tr valign="top">
+<td>AXIS <br />SOAP Framework</td><td>1.0+</td>
+<td id="klein">Download: <a href="http://xml.apache.org/axis/">xml.apache.org/axis</a> </td>
+</tr><tr valign="top">
+<td>Jaxen XPath Engine</td><td>1.0+</td>
+<td id="klein">Download: <a href="http://jaxen.sourceforge.net/">http://jaxen.sourceforge.net</a> </td>
+</tr><tr valign="top">
+<td>Servlet API</td><td>2.3+</td>
+<td id="klein">Download: <a href="http://java.sun.com/products/servlet/">java.sun.com/products/servlet</a> </td>
+</tr>
+</table>
+<br/>
+<b>Code</b><br />
+<a href="examples/LoginServletExample.txt">LoginServletExample</a>
+
+</td></tr></table>
+
+<DIV bla="hhalloo">
+
+
+
+<div id="proxy" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+<br /><br />
+</div>
+</td>
+<td valign="top">
+<p id="subtitel">Einsatz von MOA-ID-PROXY zum Abfragen der Anmeldedaten von MOA-ID-AUTH</p>
+<div id="block">
+Anstatt den Aufruf des MOA-ID-AUTH Web Service in der OA zu implementieren, kann die MOA-ID-PROXY Webapplikation eingesetzt werden, um dies für die OA zu erledigen. MOA-ID-PROXY muss für die OA konfiguriert werden, so wie in <a href="id-admin_2.htm#OnlineApplication/ProxyComponent">MOA-ID-Administration</a> beschrieben.
+<br/><br/>
+Bei der Konfiguration ist speziell zu beachten:
+<br/><br/>
+<b>Konfigurationsdatei zur OA</b><br />
+Der <a href="id-admin_2.htm#oa-config">LoginType</a> (stateful oder stateless) ist gemäß dem Applikationstyp zu setzen.
+<br/><br/>
+Die <a href="id-admin_2.htm#oa-config">Übergabe der Anmeldedaten</a> ist in Form und Inhalt zu konfigurieren.
+</div>
+<ul>
+<li>BasicAuth: HTTP Basic Authentication (<a href="examples/conf/OAConfBasicAuth.xml">Beispiel</a>)</li>
+<li>ParamAuth: Übergabe über Requestparameter (<a href="examples/conf/OAConfParamAuth.xml">Beispiel</a>)</li>
+<li>HeaderAuth: Übergabe über Requestheader (<a href="examples/conf/OAConfHeaderAuth.xml">Beispiel</a>)</li>
+</ul>
+
+<div id="block">
+<b>LoginParameterResolver</b><br />
+Das Übergabe der Anmeldedaten an die OA über Request Parameter oder Header geschieht in einer Standardimplementierung des Interface
+<pre>at.gv.egovernment.moa.proxy.LoginParameterResolver</pre>
+Falls die Erfordernisse der OA mittels <a href="id-admin_2.htm#oa-config">Konfiguration</a> nicht abgedeckt werden können,
+so kann eine maßgeschneiderte Implementierung von <tt>LoginParameterResolver</tt> erstellt und zusammen mit MOA-ID-PROXY zum Einsatz gebracht werden
+(siehe <a href="../api-doc/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.html">API</a>).
+<br/><br/>
+<b>ConnectionBuilder</b>
+Das Herstellen einer URL-Verbindung von MOA-ID-PROXY zur OA geschieht einer Standardimplementierung des Interface
+<pre>at.gv.egovernment.moa.proxy.ConnectionBuilder </pre>
+Falls nötig, kann eine maßgeschneiderte Implementierung von <tt>ConnectionBuilder</tt> erstellt und zusammen mit MOA-ID-PROXY zum Einsatz gebracht werden
+(siehe <a href="../api-doc/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.html">API</a>).
+</div>
+</td></tr></table>
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html>
diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm
new file mode 100644
index 000000000..c5a9b7113
--- /dev/null
+++ b/id/server/doc/moa_id/links.htm
@@ -0,0 +1,141 @@
+<html>
+<head>
+ <title>MOA Grundlagen</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ th { font-family:"Verdana", "Arial"; font-size:10pt; font-weight:bold; color:#c0c0c0; background:#505050}
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:6px }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module für Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA Links</div><br />
+<div id="klein"><a href="#Extern"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Ext. Komponenten</b></a></div>
+<div id="klein"><a href="#Administration"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Administration</b></a></div>
+<div id="klein"><a href="#Anwendung"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Anwendung</b></a></div>
+<div id="klein"><a href="#Spezifikationen"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Spezifikationen</b></a></div>
+<br />
+<div id="klein"><a href="moa.htm"><img src="../moa_images/west.gif" border="0" width="13" height="14" />
+ <b> Zurück</b></a></div>
+<br />
+<!-- div id="slogan">
+MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Trust und dem Institut für angewandte Informations- und Kom-munikationstechnik (IAIK) der Universität Graz
+</div -->
+</td>
+
+<td valign="top">
+<div id="titel">MOA Links </div>
+
+<div id="Administration" />
+<p id="subtitel">Externe Komponenten</p>
+
+<div id="klein">Apache <br />
+<a href="http://httpd.apache.org/docs-2.0/">http://httpd.apache.org/docs-2.0</a></div>
+
+<div id="klein">Internet Information Server <br />
+<a href="http://www.microsoft.com/windows2000/en/server/iis/default.asp">http://www.microsoft.com/windows2000/en/server/iis/default.asp</a></div>
+
+<div id="klein">Tomcat <br />
+<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc</a> </div>
+
+<div id="klein">Tomcat mod_SSL <br />
+<a href="http://httpd.apache.org/docs-2.0/ssl/">http://httpd.apache.org/docs-2.0/ssl</a></div>
+
+<div id="klein">Tomcat mod_jk <br />
+<a href="http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/">http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2</a></div>
+
+<div id="klein">Logging Toolkit <br />
+<a href="http://jakarta.apache.org/log4j/docs/index.html">http://jakarta.apache.org/log4j/docs/ </a></div>
+
+<div id="klein">IAIK JCE <br />
+<a href="http://jce.iaik.tugraz.at/products/index.php">http://jce.iaik.tugraz.at/products/index.php </a></div>
+
+<div id="klein">PostgreSQL <br />
+<a href="http://techdocs.postgresql.org/installguides.php">http://techdocs.postgresql.org </a></div>
+
+<div id="Spezifikationen" />
+<p id="subtitel">Spezifikationen</p>
+<p id="klein">
+<div id="klein">DOM <br />
+<a href="http://www.w3c.org/DOM/">http://www.w3c.org/DOM</a></div>
+
+<div id="klein">E-Government <br />
+<a href="http://reference.e-government.gv.at/">http://reference.e-government.gv.at</a></div>
+
+<div id="klein">Security Layer Version 1.1<br />
+<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20020831">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/2002083</a></div>
+
+<div id="klein">Personenbindung Version 1.1<br />
+<a href="http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506">http://www.buergerkarte.at/konzept/personenbindung/spezifikation/20020506</a></div>
+
+<div id="klein">Security Assertion Markup Language <br />
+<a href="http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security">http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=security</a></div>
+
+<div id="klein">Auswahl von Bürgerkartenumgebungen Version 1.0.0<br />
+<a href="../bku-auswahl.20030408.pdf">bku-auswahl.20030408.pdf</a></div>
+</p>
+
+</td></tr></table>
+
+
+
+
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2003 <!-- Development Center, BRZ GmbH --></div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/doc/moa_id/moa-id-ablauf.jpg b/id/server/doc/moa_id/moa-id-ablauf.jpg
new file mode 100644
index 000000000..0585664f4
--- /dev/null
+++ b/id/server/doc/moa_id/moa-id-ablauf.jpg
Binary files differ
diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm
new file mode 100644
index 000000000..05a2d3007
--- /dev/null
+++ b/id/server/doc/moa_id/moa.htm
@@ -0,0 +1,248 @@
+<html>
+<head>
+ <title>MOA Module fuer Online Applikationen</title>
+ <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type" />
+ <meta content="heinz.rosenkranz@brz.gv.at" name="author"/>
+
+<style type="text/css">
+ body { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ td { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; }
+ li { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ ul { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; margin-top:3px }
+ tt { font-size:9pt; color:#505060; }
+ #titel { font-family:"Verdana", "Arial"; font-size:18pt; color:#505060; }
+ #subtitel { font-family:"Verdana", "Arial"; font-size:12pt; font-weight:bold; color:#505060; }
+ #slogan { font-family:"Verdana", "Arial"; font-size:8pt; color:#808090; text-align:justify; width:160px }
+ #block { font-family:"Verdana", "Arial"; font-size:10pt; color:#505060; text-align:justify }
+ #klein { font-family:"Verdana", "Arial"; font-size:9pt; color:#505060; margin-top:3px }
+ a:link {color:#000090}
+ a:visited {color:#000090}
+ a:hover {color:#c03030}
+ a {text-decoration: none}
+</style>
+
+<script language="JavaScript">
+<!--
+function goWin(url) {
+ Fenster=window.open(url,"smallWin","toolbar=0,location=0,directories=0,status=0,menubar=0,resizable=yes,scrollbars=yes,width=500,height=480,top=20,screenY=0,left=20,screenX=0");
+ window.setTimeout("showWin()",300);
+}
+function showWin() { Fenster.focus(); }
+// -->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" >
+<div style="width:650px">
+
+
+
+<!-- Projekt-Logo -->
+<div style="height:42px; font-size:16pt; color:#b0b8c0; background:#003050">
+&#160;Module f&uuml;r Online-Applikationen
+</div>
+<div style="margin-left:8px; margin-top:3px; font-size:8pt; color:#707070; ">
+<!-- Development Center der BRZ GmbH, A-Trust und IAIK Graz -->&#160;
+</div>
+<div style="margin-top:-65px; text-align:right; font-size:8pt; font-weight:bold; color:#d04040;" >
+Projekt <span style="font-size:48pt; ">moa</span>&#160;
+</div>
+<br />
+
+
+
+<!-- First Section with Navigation -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top">
+<div style="font-weight:bold; margin-top:12px">MOA-ID</div><br />
+<div id="klein"><img src="../moa_images/select.gif" border="0" width="13" height="14" />
+ <b> Allgemein</b></div>
+<div id="klein"><a href="id-admin.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> ID Administration</b></a></div>
+<div id="klein"><a href="id-anwendung.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> ID Anwendung</b></a></div>
+<div id="klein"><a href="../api-doc/index.html" target="_javadoc">
+ <img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> API-Dokumentation</b></a></div>
+<div id="klein"><a href="faqs.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> FAQs</b></a></div>
+<div id="klein"><a href="links.htm"><img src="../moa_images/idle.gif" border="0" width="13" height="14" />
+ <b> Links</b></a></div>
+<br />
+<div> <a href="javascript:history.back()">
+ <img src="../moa_images/west.gif" border="0" width="13" height="14" /> &#160;
+ <b>Zur&uuml;ck </b></a></div>
+<br />
+<div id="slogan">
+</div>
+</td>
+
+<td valign="top">
+<img src="../moa_images/moa_thema.gif" align="right" />
+<div id="titel">Allgemein v.1.4</div>
+<p id="block">
+Dieses Dokument enth&auml;lt die Dokumentation f&uuml;r das Modul <br />
+<ul>
+<li>MOA-ID (Identifikation)</li>
+</ul></p>
+</td></tr></table>
+
+<div id="id" />
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top" id="klein">
+<p id="subtitel">&#160;</p>
+<div id="slogan">
+</div>
+</td>
+<td valign="top">
+<div id="block">
+Das Modul Identifikation stellt Online-Applikationen Funktionalit&auml;t zur Verf&uuml;gung zu stellen, damit diese
+eine Benutzer-Identifikation und -Authentisierung mit Hilfe der B&uuml;rgerkarte und deren Signaturfunktion
+realisieren k&ouml;nnen.
+<br /><br />
+Das Modul besteht aus zwei Komponenten:
+<ul>
+<li>Die Authentisierungskomponente (MOA-ID-AUTH) f&uuml;hrt die eigentliche Authentisierung des Benutzers durch und &uuml;bergibt der
+Proxykomponente die Anmeldedaten.</li>
+<li>Die Proxykomponente (MOA-ID-PROXY) &uuml;bernimmt die Anmeldedaten von der Authentisierungskomponente,
+f&uuml;hrt die Anmeldung an der Online Applikation durch und schleust in der Folge Daten an die Online-Applikation
+und Daten an den Benutzer durch.</li>
+</ul>
+Diese beiden Komponenten k&ouml;nnen auf unterschiedlichen Rechnern
+oder auf dem gleichen Rechner eingesetzt werden.
+<br /><br />
+Die Funktionalit&auml;t und der Aufbau der Schnittstelle zu MOA-ID ist in der
+<a href="../MOA_ID_1.4_20070306.pdf" target="_new">Spezifikation</a> detailliert beschrieben.
+<br />
+<br />
+F&uuml;r den Betrieb von MOA-ID ist der Einsatz von MOA-Signaturpr&uuml;fung (MOA-SP) erforderlich.
+</div>
+
+<br /><br />
+<div id="titel">Ablauf einer Anmeldung</div>
+<br />
+
+<img src="moa-id-ablauf.jpg" border="0" hspace="-200" width="500" />
+
+<table border="0" cellspacing="3" cellpadding="2">
+
+<tr>
+<td valign="top" width="30">1</td>
+<td id="block">Der Benutzer verbindet sich zu einem Web-Portal, &uuml;ber das die verf&uuml;gbaren Online-Applikationen (OA) erreichbar
+sind. Jeder Link zu einer OA verweist auf die Authentisierungs-komponente.
+</td>
+</tr>
+
+<tr>
+<td valign="top">2</td>
+<td id="block">Der Benutzer verbindet sich mit MOA-ID-AUTH, die die Authentisierung des
+Benutzers durchf&uuml;hrt:</td>
+</tr>
+
+<tr>
+<td valign="top">2.1</td>
+<td id="block">MOA-ID-AUTH bietet dem Benutzer optional eine Auswahl von verf&uuml;gbaren B&uuml;rgerkartenumgebungen (engl. Bezeichnung: Security-Layer) an.</td>
+</tr>
+
+<tr>
+<td valign="top">2.2</td>
+<td id="block">MOA-ID-AUTH erzeugt eine HTML-Seite mit einem <tt>&lt;InfoboxReadRequest&gt;</tt>
+ zum Auslesen der Personenbindung. Diese HTML-Seite wird an den Browser geschickt.</td>
+</tr>
+
+<tr>
+<td valign="top">2.3</td>
+<td id="block">Der Browser schickt den <tt>&lt;InfoboxReadRequest&gt;</tt> an den ausgew&auml;hlten Security-Layer. Der Security-Layer liest die
+Personenbindung von der B&uuml;rgerkarte und sendet diese an MOA-ID-AUTH, die die Signatur der Personenbindung durch
+einen Aufruf von MOA-SP &uuml;berpr&uuml;ft.
+</td>
+</tr>
+
+<tr>
+<td valign="top">2.4</td>
+<td id="block">MOA-ID-AUTH erstellt den AUTH-Block. Der AUTH-Block enth&auml;lt
+<ul>
+<li>Vor- und Nachname aus der Personenbindung,</li>
+<li>URL von MOA-ID-AUTH,</li>
+<li>URL und Gesch&auml;ftsbereich der Online-Applikation,</li>
+<li>die aktuelle Zeit.</li>
+</ul>
+Anschlie&szlig;end wird
+eine XML Antwortseite, die das Kommando zum Signieren (<tt>&lt;CreateXMLSignatureRequest&gt;</tt>) des generierten
+AUTH-Blocks enth&auml;lt, an den ausgew&auml;hlten Security-Layer gesendet.</td>
+</tr>
+
+<tr>
+<td valign="top">2.5</td>
+<td id="block">Der Request wird vom Security-Layer verarbeitet. Die signierten Daten werden an
+MOA-ID-AUTH zur&uuml;ckgesendet.</td>
+</tr>
+
+<tr>
+<td valign="top">2.6</td>
+<td id="block">MOA-ID-AUTH &uuml;berpr&uuml;ft den signierten AUTH-Block und legt f&uuml;r den Benutzer die Anmeldedaten
+an. Die Anmeldedaten enthalten
+<ul>
+<li>die bereichsspezifische Personenkennzeichen (bPK),</li>
+<li>den signierten AUTH-Block (optional),</li>
+<li>die Personenbindung (optional),</li>
+<li>die <tt>PersonData</tt>-Struktur aus der Personenbindung (optional),</li>
+<li>die Information, ob die Signatur des AUTH-Blocks mit einem qualifiziertem Zertifikat erfolgte,</li>
+<li>Informationen zur Beh&ouml;rde, falls die Signatur mit einem Beh&ouml;rdenzertifikat erzeugt wurde.</li>
+</ul>
+</td>
+</tr>
+
+<tr>
+<td valign="top">2.7</td>
+<td id="block">Ist der obige Authentisierungsvorgang erfolgreich, dann wird eine Redirect-Seite
+zum Browser gesendet.</td>
+</tr>
+
+<tr>
+<td valign="top">3</td>
+<td id="block">Der Browser f&uuml;hrt das Redirect zur Proxykomponente durch. Als Parameter wird das von MOA-ID-AUTH
+erzeugte SAML-Artifact &uuml;bergeben.</td>
+</tr>
+
+<tr>
+<td valign="top">4</td>
+<td id="block">Die Proxykomponente verwendet dieses eindeutige SAML-Artifact, um die Anmeldedaten
+von MOA-ID-AUTH zu erhal-ten. Danach werden die Anmeldedaten in MOA-ID-AUTH gel&ouml;scht.</td>
+</tr>
+
+<tr>
+<td valign="top">5</td>
+<td id="block">MOA-ID-PROXY liest die Konfigurationsdatei der zugeh&ouml;rigen Online-Applikation, die beschreibt, wie die Anmeldedaten
+an die nachfolgende Applikation &uuml;bergeben werden m&uuml;ssen, und meldet den Benutzer bei der Applikation an.</td>
+</tr>
+
+<tr>
+<td valign="top">6</td>
+<td id="block">Ist die betreffende OA als stateless konfiguriert, so werden in weiterer Folge die Antworten der OA
+an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weitergeleitet.</td>
+</tr>
+
+
+</table>
+
+
+</td></tr></table>
+<br /><br />
+
+<!-- Trailer -->
+<table width="650" border="0" cellpadding="10" cellspacing="0">
+<tr>
+<td width="170" valign="top"><br /></td>
+<td valign="top">
+<hr />
+<div style="font-size:8pt; color:#909090">&copy; 2004</div>
+</td></tr></table>
+<br />
+
+
+</div>
+</body>
+</html>
diff --git a/id/server/doc/moa_images/east.gif b/id/server/doc/moa_images/east.gif
new file mode 100644
index 000000000..e76117cb0
--- /dev/null
+++ b/id/server/doc/moa_images/east.gif
Binary files differ
diff --git a/id/server/doc/moa_images/idle.gif b/id/server/doc/moa_images/idle.gif
new file mode 100644
index 000000000..28b8148e5
--- /dev/null
+++ b/id/server/doc/moa_images/idle.gif
Binary files differ
diff --git a/id/server/doc/moa_images/moa_diagramm1.jpg b/id/server/doc/moa_images/moa_diagramm1.jpg
new file mode 100644
index 000000000..776331fb8
--- /dev/null
+++ b/id/server/doc/moa_images/moa_diagramm1.jpg
Binary files differ
diff --git a/id/server/doc/moa_images/moa_thema.gif b/id/server/doc/moa_images/moa_thema.gif
new file mode 100644
index 000000000..f59075528
--- /dev/null
+++ b/id/server/doc/moa_images/moa_thema.gif
Binary files differ
diff --git a/id/server/doc/moa_images/north.gif b/id/server/doc/moa_images/north.gif
new file mode 100644
index 000000000..b4316b5d7
--- /dev/null
+++ b/id/server/doc/moa_images/north.gif
Binary files differ
diff --git a/id/server/doc/moa_images/pfeil.gif b/id/server/doc/moa_images/pfeil.gif
new file mode 100644
index 000000000..e4eeb1740
--- /dev/null
+++ b/id/server/doc/moa_images/pfeil.gif
Binary files differ
diff --git a/id/server/doc/moa_images/print.gif b/id/server/doc/moa_images/print.gif
new file mode 100644
index 000000000..b8e59144e
--- /dev/null
+++ b/id/server/doc/moa_images/print.gif
Binary files differ
diff --git a/id/server/doc/moa_images/select.gif b/id/server/doc/moa_images/select.gif
new file mode 100644
index 000000000..59a1694c5
--- /dev/null
+++ b/id/server/doc/moa_images/select.gif
Binary files differ
diff --git a/id/server/doc/moa_images/south.gif b/id/server/doc/moa_images/south.gif
new file mode 100644
index 000000000..c70ab3e97
--- /dev/null
+++ b/id/server/doc/moa_images/south.gif
Binary files differ
diff --git a/id/server/doc/moa_images/transdot.gif b/id/server/doc/moa_images/transdot.gif
new file mode 100644
index 000000000..e31aba280
--- /dev/null
+++ b/id/server/doc/moa_images/transdot.gif
Binary files differ
diff --git a/id/server/doc/moa_images/west.gif b/id/server/doc/moa_images/west.gif
new file mode 100644
index 000000000..135698ee7
--- /dev/null
+++ b/id/server/doc/moa_images/west.gif
Binary files differ
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java
new file mode 100644
index 000000000..96a5e0673
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown during handling of AuthenticationSession
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationException extends MOAIDException {
+
+ /**
+ * Constructor for AuthenticationException.
+ * @param messageId
+ */
+ public AuthenticationException(String messageId, Object[] parameters) {
+ super(messageId, parameters, null);
+ }
+ /**
+ * Constructor for AuthenticationException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public AuthenticationException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java
new file mode 100644
index 000000000..785dce7a3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java
@@ -0,0 +1,34 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown while building an XML or HTML structure.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class BuildException extends MOAIDException {
+
+ /**
+ * Constructor for BuildException.
+ * @param messageId
+ * @param parameters
+ */
+ public BuildException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for BuildException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public BuildException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java
new file mode 100644
index 000000000..682395a83
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java
@@ -0,0 +1,34 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown while converting ECDSAKeys from/to an XML structure.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class ECDSAConverterException extends MOAIDException {
+
+ /**
+ * Constructor for ECDSAConverterException.
+ * @param messageId
+ * @param parameters
+ */
+ public ECDSAConverterException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ECDSAConverterException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ECDSAConverterException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java
new file mode 100644
index 000000000..bce2c4778
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java
@@ -0,0 +1,159 @@
+package at.gv.egovernment.moa.id;
+
+import java.io.PrintStream;
+import java.io.PrintWriter;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.DOMImplementation;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Base class of technical MOA exceptions.
+ *
+ * Technical exceptions are exceptions that originate from system failure (e.g.,
+ * a database connection fails, a component is not available, etc.)
+ *
+ * @author Patrick Peck, Ivancsics Paul
+ * @version $Id$
+ */
+public class MOAIDException extends Exception {
+ /** message ID */
+ private String messageId;
+ /** wrapped exception */
+ private Throwable wrapped;
+
+ /**
+ * Create a new <code>MOAIDException</code>.
+ *
+ * @param messageId The identifier of the message associated with this
+ * exception.
+ * @param parameters Additional message parameters.
+ */
+ public MOAIDException(String messageId, Object[] parameters) {
+ super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ this.messageId = messageId;
+ }
+
+ /**
+ * Create a new <code>MOAIDException</code>.
+ *
+ * @param messageId The identifier of the message associated with this
+ * <code>MOAIDException</code>.
+ * @param parameters Additional message parameters.
+ * @param wrapped The exception wrapped by this
+ * <code>MOAIDException</code>.
+ */
+ public MOAIDException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+
+ super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ this.messageId = messageId;
+ this.wrapped = wrapped;
+ }
+
+ /**
+ * Print a stack trace of this exception to <code>System.err</code>.
+ *
+ * @see java.lang.Throwable#printStackTrace()
+ */
+ public void printStackTrace() {
+ printStackTrace(System.err);
+ }
+
+ /**
+ * Print a stack trace of this exception, including the wrapped exception.
+ *
+ * @param s The stream to write the stack trace to.
+ * @see java.lang.Throwable#printStackTrace(java.io.PrintStream)
+ */
+ public void printStackTrace(PrintStream s) {
+ if (getWrapped() == null)
+ super.printStackTrace(s);
+ else {
+ s.print("Root exception: ");
+ getWrapped().printStackTrace(s);
+ }
+ }
+
+ /**
+ * Print a stack trace of this exception, including the wrapped exception.
+ *
+ * @param s The stream to write the stacktrace to.
+ * @see java.lang.Throwable#printStackTrace(java.io.PrintWriter)
+ */
+ public void printStackTrace(PrintWriter s) {
+ if (getWrapped() == null)
+ super.printStackTrace(s);
+ else {
+ s.print("Root exception: ");
+ getWrapped().printStackTrace(s);
+ }
+ }
+
+ /**
+ * @return message ID
+ */
+ public String getMessageId() {
+ return messageId;
+ }
+
+ /**
+ * @return wrapped exception
+ */
+ public Throwable getWrapped() {
+ return wrapped;
+ }
+
+ /**
+ * Convert this <code>MOAIDException</code> to an <code>ErrorResponse</code>
+ * element from the MOA namespace.
+ *
+ * @return An <code>ErrorResponse</code> element, containing the subelements
+ * <code>ErrorCode</code> and <code>Info</code> required by the MOA schema.
+ */
+ public Element toErrorResponse() {
+ DocumentBuilder builder;
+ DOMImplementation impl;
+ Document doc;
+ Element errorResponse;
+ Element errorCode;
+ Element info;
+
+ // create a new document
+ try {
+ builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ impl = builder.getDOMImplementation();
+ } catch (ParserConfigurationException e) {
+ return null;
+ }
+
+ // build the ErrorResponse element
+ doc = impl.createDocument(Constants.MOA_NS_URI, "ErrorResponse", null);
+ errorResponse = doc.getDocumentElement();
+
+ // add MOA namespace declaration
+ errorResponse.setAttributeNS(
+ Constants.XMLNS_NS_URI,
+ "xmlns",
+ Constants.MOA_NS_URI);
+
+ // build the child elements
+ errorCode = doc.createElementNS(Constants.MOA_NS_URI, "ErrorCode");
+ errorCode.appendChild(doc.createTextNode(messageId));
+ info = doc.createElementNS(Constants.MOA_NS_URI, "Info");
+ info.appendChild(doc.createTextNode(toString()));
+ errorResponse.appendChild(errorCode);
+ errorResponse.appendChild(info);
+ return errorResponse;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java
new file mode 100644
index 000000000..a5e0088d9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java
@@ -0,0 +1,34 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown while parsing an XML structure.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ParseException extends MOAIDException {
+
+ /**
+ * Constructor for ParseException.
+ * @param messageId
+ * @param parameters
+ */
+ public ParseException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ParseException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ParseException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java
new file mode 100644
index 000000000..9e6ab2361
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java
@@ -0,0 +1,34 @@
+package at.gv.egovernment.moa.id;
+
+
+/**
+ * Exception thrown while calling the MOA-SPSS web service.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ServiceException extends MOAIDException {
+
+ /**
+ * Constructor for ServiceException.
+ * @param messageId
+ * @param parameters
+ */
+ public ServiceException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ServiceException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ServiceException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
new file mode 100644
index 000000000..5f4ec2d29
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -0,0 +1,1019 @@
+package at.gv.egovernment.moa.id.auth;
+
+import iaik.pki.PKIException;
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.Vector;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * API for MOA ID Authentication Service.<br>
+ * {@link AuthenticationSession} is stored in a session store and retrieved
+ * by giving the session ID.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationServer implements MOAIDAuthConstants {
+
+ /** single instance */
+ private static AuthenticationServer instance;
+ /** session data store (session ID -> AuthenticationSession) */
+ private static Map sessionStore = new HashMap();
+ /** authentication data store (assertion handle -> AuthenticationData) */
+ private static Map authenticationDataStore = new HashMap();
+ /**
+ * time out in milliseconds used by {@link cleanup} for session store
+ */
+ private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data store
+ */
+ private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+
+ /**
+ * Returns the single instance of <code>AuthenticationServer</code>.
+ *
+ * @return the single instance of <code>AuthenticationServer</code>
+ */
+ public static AuthenticationServer getInstance() {
+ if (instance == null)
+ instance = new AuthenticationServer();
+ return instance;
+ }
+ /**
+ * Constructor for AuthenticationServer.
+ */
+ public AuthenticationServer() {
+ super();
+ }
+ /**
+ * Processes request to select a BKU.
+ * <br/>Processing depends on value of {@link AuthConfigurationProvider#getBKUSelectionType}.
+ * <br/>For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> for the
+ * "BKU Auswahl" service is returned.
+ * <br/>For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection is returned.
+ * @param authURL base URL of MOA-ID Auth component
+ * @param target "Gesch&auml;ftsbereich"
+ * @param oaURL online application URL requested
+ * @param bkuSelectionTemplateURL template for BKU selection form to be used
+ * in case of <code>HTMLSelect</code>; may be null
+ * @param templateURL URL providing an HTML template for the HTML form to be used
+ * for call <code>startAuthentication</code>
+ * @return for <code>bkuSelectionType==HTMLComplete</code>, the <code>returnURI</code> for the
+ * "BKU Auswahl" service;
+ * for <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU selection
+ * @throws WrongParametersException upon missing parameters
+ * @throws AuthenticationException when the configured BKU selection service cannot be reached,
+ * and when the given bkuSelectionTemplateURL cannot be reached
+ * @throws ConfigurationException on missing configuration data
+ * @throws BuildException while building the HTML form
+ */
+ public String selectBKU(
+ String authURL,
+ String target,
+ String oaURL,
+ String bkuSelectionTemplateURL,
+ String templateURL)
+ throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
+
+ //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication", "AuthURL");
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA);
+
+ ConnectionParameter bkuConnParam =
+ AuthConfigurationProvider.getInstance().getBKUConnectionParameter();
+ if (bkuConnParam == null)
+ throw new ConfigurationException(
+ "config.08",
+ new Object[] { "BKUSelection/ConnectionParameter" });
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { oaURL });
+
+ if (!oaParam.getBusinessService()) {
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ } else {
+ if (!isEmpty(target)) {
+ Logger.info("Ignoring target parameter thus application type is \"businessService\"");
+ }
+ target = null;
+ }
+
+ AuthenticationSession session = newSession();
+ Logger.info("MOASession " + session.getSessionID() + " angelegt");
+ session.setTarget(target);
+ session.setOAURLRequested(oaURL);
+ session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ session.setAuthURL(authURL);
+ session.setTemplateURL(templateURL);
+ session.setBusinessService(oaParam.getBusinessService());
+ String returnURL =
+ new DataURLBuilder().buildDataURL(authURL, REQ_START_AUTHENTICATION, session.getSessionID());
+ String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+ if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+ // bkuSelectionType==HTMLComplete
+ String redirectURL = bkuConnParam.getUrl() + "?" + AuthServlet.PARAM_RETURN + "=" + returnURL;
+ return redirectURL;
+ } else {
+ // bkuSelectionType==HTMLSelect
+ String bkuSelectTag;
+ try {
+ bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider.getInstance(), bkuConnParam);
+ } catch (Throwable ex) {
+ throw new AuthenticationException(
+ "auth.11",
+ new Object[] { bkuConnParam.getUrl(), ex.toString()},
+ ex);
+ }
+ String bkuSelectionTemplate = null;
+ // override template url by url from configuration file
+ if (oaParam.getBkuSelectionTemplateURL() != null) {
+ bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
+ }
+ if (bkuSelectionTemplateURL != null) {
+ try {
+ bkuSelectionTemplate = new String(FileUtils.readURL(bkuSelectionTemplateURL));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { bkuSelectionTemplateURL, ex.toString()},
+ ex);
+ }
+ }
+ String htmlForm =
+ new SelectBKUFormBuilder().build(bkuSelectionTemplate, returnURL, bkuSelectTag);
+ return htmlForm;
+ }
+ }
+ /**
+ * Method readBKUSelectTag.
+ * @param conf the ConfigurationProvider
+ * @param connParam the ConnectionParameter for that connection
+ * @return String
+ * @throws ConfigurationException on config-errors
+ * @throws PKIException on PKI errors
+ * @throws IOException on any data error
+ * @throws GeneralSecurityException on security errors
+ */
+ private String readBKUSelectTag(ConfigurationProvider conf, ConnectionParameter connParam)
+ throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ if (connParam.isHTTPSURL())
+ return SSLUtils.readHttpsURL(conf, connParam);
+ else
+ return HTTPUtils.readHttpURL(connParam.getUrl());
+ }
+ /**
+ * Processes the beginning of an authentication session.
+ * <ul>
+ * <li>Starts an authentication session</li>
+ * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>Creates an HTML form for querying the identity link from the
+ * security layer implementation.
+ * <br>Form parameters include
+ * <ul>
+ * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>the data URL where the security layer implementation sends it response to</li>
+ * </ul>
+ * </ul>
+ * @param authURL URL of the servlet to be used as data URL
+ * @param target "Gesch&auml;ftsbereich" of the online application requested
+ * @param oaURL online application URL requested
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used;
+ * may be <code>null</code>; in this case, the default location will be used
+ * @param templateURL URL providing an HTML template for the HTML form generated
+ * @return HTML form
+ * @throws AuthenticationException
+ * @see GetIdentityLinkFormBuilder
+ * @see InfoboxReadRequestBuilder
+ */
+ public String startAuthentication(
+ String authURL,
+ String target,
+ String oaURL,
+ String templateURL,
+ String bkuURL,
+ String sessionID)
+ throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {
+
+ if (isEmpty(sessionID)) {
+ if (isEmpty(authURL))
+ throw new WrongParametersException("StartAuthentication", "AuthURL");
+
+ //check if HTTP Connection may be allowed (through FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
+ String boolStr =
+ AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
+ if ((!authURL.startsWith("https:")) && (false == BoolUtils.valueOf(boolStr)))
+ throw new AuthenticationException("auth.07", new Object[] { authURL + "*" });
+ if (isEmpty(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA);
+ }
+ AuthenticationSession session;
+ OAAuthParameter oaParam;
+ if (sessionID != null) {
+ session = getSession(sessionID);
+ oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ } else {
+ oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { oaURL });
+ if (!oaParam.getBusinessService()) {
+ if (isEmpty(target))
+ throw new WrongParametersException("StartAuthentication", PARAM_TARGET);
+ } else {
+ target = null;
+ }
+ session = newSession();
+ Logger.info("MOASession " + session.getSessionID() + " angelegt");
+ session.setTarget(target);
+ session.setOAURLRequested(oaURL);
+ session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
+ session.setAuthURL(authURL);
+ session.setTemplateURL(templateURL);
+ session.setBusinessService(oaParam.getBusinessService());
+ }
+ // BKU URL has not been set yet, even if session already exists
+ if (bkuURL == null) {
+ bkuURL = DEFAULT_BKU;
+ }
+ session.setBkuURL(bkuURL);
+ String infoboxReadRequest =
+ new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(),
+ oaParam.getBusinessService(),
+ oaParam.getIdentityLinkDomainIdentifier());
+ String dataURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_VERIFY_IDENTITY_LINK,
+ session.getSessionID());
+ String template = null;
+ // override template url by url from configuration file
+ if (oaParam.getTemplateURL() != null) {
+ templateURL = oaParam.getTemplateURL();
+ } else {
+ templateURL = session.getTemplateURL();
+ }
+ if (templateURL != null) {
+ try {
+ template = new String(FileUtils.readURL(templateURL));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { templateURL, ex.toString()},
+ ex);
+ }
+ }
+ String pushInfobox = "";
+ VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
+ if (verifyInfoboxParameters != null) {
+ pushInfobox = verifyInfoboxParameters.getPushInfobox();
+ }
+ String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12());
+ String certInfoDataURL =
+ new DataURLBuilder().buildDataURL(
+ session.getAuthURL(),
+ REQ_START_AUTHENTICATION,
+ session.getSessionID());
+ String htmlForm =
+ new GetIdentityLinkFormBuilder().build(
+ template,
+ bkuURL,
+ infoboxReadRequest,
+ dataURL,
+ certInfoRequest,
+ certInfoDataURL,
+ pushInfobox);
+ return htmlForm;
+ }
+ /**
+ * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Parses identity link enclosed in <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Verifies identity link by calling the MOA SP component</li>
+ * <li>Checks certificate authority of identity link</li>
+ * <li>Stores identity link in the session</li>
+ * <li>Verifies all additional infoboxes returned from the BKU</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the
+ * security layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param infoboxReadResponseParameters The parameters from the response returned from
+ * the BKU including the <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String verifyIdentityLink(String sessionID, Map infoboxReadResponseParameters)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ValidateException,
+ ServiceException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+
+ String xmlInfoboxReadResponse = (String)infoboxReadResponseParameters.get(PARAM_XMLRESPONSE);
+ if (isEmpty(xmlInfoboxReadResponse))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
+
+ AuthenticationSession session = getSession(sessionID);
+ if (session.getTimestampIdentityLink() != null)
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });
+ session.setTimestampIdentityLink();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ // parses the <InfoboxReadResponse>
+ IdentityLink identityLink =
+ new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
+ // validates the identity link
+ IdentityLinkValidator.getInstance().validate(identityLink);
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest =
+ new VerifyXMLSignatureRequestBuilder().build(
+ identityLink,
+ authConf.getMoaSpIdentityLinkTrustProfileID());
+
+ // invokes the call
+ Element domVerifyXMLSignatureResponse =
+ new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse =
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+
+ if (identityLink.getIdentificationType().equalsIgnoreCase(Constants.URN_PREFIX_BASEID)) {
+ }
+
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+
+ // if OA is type is business service the manifest validation result has to be ignored
+ boolean ignoreManifestValidationResult = oaParam.getBusinessService() ? true : false;
+
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ verifyXMLSignatureResponse,
+ authConf.getIdentityLinkX509SubjectNames(),
+ VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
+ ignoreManifestValidationResult);
+
+ session.setIdentityLink(identityLink);
+ // now validate the extended infoboxes
+ verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl());
+ // builds the AUTH-block
+ String authBlock = buildAuthenticationBlock(session);
+// session.setAuthBlock(authBlock);
+ // builds the <CreateXMLSignatureRequest>
+ String[] transformsInfos = oaParam.getTransformsInfos();
+ if ((transformsInfos == null) || (transformsInfos.length == 0)) {
+ // no OA specific transforms specified, use default ones
+ transformsInfos = authConf.getTransformsInfos();
+ }
+ String createXMLSignatureRequest =
+ new CreateXMLSignatureRequestBuilder().build(authBlock,
+ oaParam.getKeyBoxIdentifier(),
+ transformsInfos,
+ oaParam.getSlVersion12());
+ return createXMLSignatureRequest;
+ }
+ /**
+ * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from given session data.
+ * @param session authentication session
+ *
+ * @return <code>&lt;saml:Assertion&gt;</code> as a String
+ *
+ * @throws BuildException If an error occurs on serializing an extended SAML attribute
+ * to be appended to the AUTH-Block.
+ */
+ private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException {
+ IdentityLink identityLink = session.getIdentityLink();
+ String issuer = identityLink.getName();
+ String gebDat = identityLink.getDateOfBirth();
+ String identificationValue = identityLink.getIdentificationValue();
+ String identificationType = identityLink.getIdentificationType();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ session.setIssueInstant(issueInstant);
+ String authURL = session.getAuthURL();
+ String target = session.getTarget();
+ String oaURL = session.getPublicOAURLPrefix();
+ List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ String authBlock = new AuthenticationBlockAssertionBuilder().buildAuthBlock(
+ issuer,
+ issueInstant,
+ authURL,
+ target,
+ identificationValue,
+ identificationType,
+ oaURL,
+ gebDat,
+ extendedSAMLAttributes,
+ session);
+
+ return authBlock;
+ }
+
+ /**
+ * Verifies the infoboxes (except of the identity link infobox) returned by the BKU by
+ * calling appropriate validator classes.
+ *
+ * @param session The actual authentication session.
+ * @param infoboxReadResponseParams The parameters returned from the BKU as response
+ * to an infobox read request (including the infobox
+ * tokens to be verified).
+ * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en)
+ * should be hidden in any SAML attribute that may be
+ * returned by a validator.
+ *
+ * @throws AuthenticationException If the verification of at least one infobox fails.
+ * @throws ConfigurationException If the OAuthParameter cannot be extracted.
+ */
+ private void verifyInfoboxes(
+ AuthenticationSession session, Map infoboxReadResponseParams, boolean hideStammzahl)
+ throws ValidateException, ConfigurationException
+ {
+
+ AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider.getInstance();
+ // get the default VerifyInfobox parameters
+ Map defaultInfoboxParameters = null;
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters =
+ authConfigurationProvider.getDefaultVerifyInfoboxParameters();
+ if (defaultVerifyInfoboxParameters != null) {
+ defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
+ }
+ // get the OA specific VerifyInfobox parameters
+ Map infoboxParameters = null;
+ OAAuthParameter oaParam =
+ authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters();
+ if (verifyInfoboxParameters != null) {
+ Vector authAttributes = new Vector();
+ Vector oaAttributes = new Vector();
+ infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
+ // get the list of infobox identifiers
+ List identifiers = verifyInfoboxParameters.getIdentifiers();
+ if (identifiers != null) {
+ // step through the identifiers and verify the infoboxes
+ Iterator it = identifiers.iterator();
+ while (it.hasNext()) {
+ String identifier = (String)it.next();
+ // get the infobox read response from the map of parameters
+ String infoboxReadResponse = (String)infoboxReadResponseParams.get(identifier);
+ // get the configuration parameters
+ VerifyInfoboxParameter verifyInfoboxParameter = null;
+ Object object = infoboxParameters.get(identifier);
+ // if not present, use default
+ if ((object == null) && (defaultInfoboxParameters != null)) {
+ object = defaultInfoboxParameters.get(identifier);
+ }
+ if (object != null) {
+ verifyInfoboxParameter = (VerifyInfoboxParameter)object;
+ }
+ if (infoboxReadResponse != null) {
+ if (verifyInfoboxParameter == null) {
+ // should not happen because of the pushinfobox mechanism; check it anyway
+ Logger.error("No validator for verifying \"" + identifier + "\"-infobox configured.");
+ throw new ValidateException("validator.41", new Object[] {identifier});
+ } else {
+ String friendlyName = verifyInfoboxParameter.getFriendlyName();
+ // get the class for validating the infobox
+ InfoboxValidator infoboxValidator = null;
+ try {
+ Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName());
+ infoboxValidator = (InfoboxValidator) validatorClass.newInstance();
+ } catch (Exception e) {
+ Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
+ "\" for \"" + identifier + "\"-infobox: " + e.getMessage());
+ throw new ValidateException("validator.42", new Object[] {friendlyName});
+ }
+ Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() +
+ "\" for \"" + identifier + "\"-infobox.");
+ // parse the infobox read reponse
+ List infoboxTokenList = null;
+ try {
+ infoboxTokenList =
+ ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName);
+ } catch (ParseException e) {
+ Logger.error("InfoboxReadResponse for \"" + identifier +
+ "\"-infobox could not be parsed successfully: " + e.getMessage());
+ throw new ValidateException("validator.43", new Object[] {friendlyName});
+ }
+ // build the parameters for validating the infobox
+ InfoboxValidatorParams infoboxValidatorParams =
+ InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams(
+ session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl);
+ // now validate the infobox
+ InfoboxValidationResult infoboxValidationResult = null;
+ try {
+ infoboxValidationResult = infoboxValidator.validate(infoboxValidatorParams);
+ } catch (ValidateException e) {
+ Logger.error("Error validating " + identifier + " infobox:" + e.getMessage());
+ throw new ValidateException(
+ "validator.44", new Object[] {friendlyName});
+ }
+ if (!infoboxValidationResult.isValid()) {
+ Logger.info("Validation of " + identifier + " infobox failed.");
+ throw new ValidateException(
+ "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()});
+ }
+
+ Logger.info(identifier + " infobox successfully validated.");
+
+ // get the SAML attributes to be appended to the AUTHBlock or to the final
+ // SAML Assertion
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes();
+ if (extendedSAMLAttributes != null) {
+ int length = extendedSAMLAttributes.length;
+ for (int i=0; i<length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+ String name = samlAttribute.getName();
+ if (name == null) {
+ Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"});
+ }
+ if (name == "") {
+ Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is empty.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"});
+ }
+ if (samlAttribute.getNameSpace() == null) {
+ Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"});
+ }
+ Object value = samlAttribute.getValue();
+ if (value == null) {
+ Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is null.");
+ throw new ValidateException(
+ "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"});
+ }
+ if ((value instanceof String) || (value instanceof Element)) {
+
+ switch (samlAttribute.getAddToAUTHBlock()) {
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+ authAttributes.add(samlAttribute);
+ oaAttributes.add(samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+ authAttributes.add(samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
+ oaAttributes.add(samlAttribute);
+ break;
+ default:
+ Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
+ + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number "
+ + (i+1) + " for infobox " + identifier);
+ throw new ValidateException(
+ "validator.47", new Object[] {friendlyName, String.valueOf((i+1))});
+ }
+ } else {
+ Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " +
+ identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" +
+ " or \"org.w3c.dom.Element\"");
+ throw new ValidateException(
+ "validator.46", new Object[] {identifier, String.valueOf((i+1))});
+
+ }
+ }
+
+ }
+ }
+ } else {
+ if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) {
+ Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU");
+ throw new ValidateException(
+ "validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()});
+
+ }
+ Logger.debug("Infobox \"" + identifier + "\" not returned from BKU.");
+ }
+ }
+ session.setExtendedSAMLAttributesAUTH(authAttributes);
+ session.setExtendedSAMLAttributesOA(oaAttributes);
+ }
+ }
+ }
+
+ /**
+ * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error codes</li>
+ * <li>Parses authentication block enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies authentication block by calling the MOA SP component</li>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store
+ * indexed by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @param xmlCreateXMLSignatureReadResponse String representation of the
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @return SAML artifact needed for retrieving authentication data, encoded BASE64
+ */
+ public String verifyAuthenticationBlock(
+ String sessionID,
+ String xmlCreateXMLSignatureReadResponse)
+ throws
+ AuthenticationException,
+ BuildException,
+ ParseException,
+ ConfigurationException,
+ ServiceException,
+ ValidateException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+ if (isEmpty(xmlCreateXMLSignatureReadResponse))
+ throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ AuthenticationSession session = getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ // parses <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse();
+ try {
+ String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());
+ session.setAuthBlock(serializedAssertion);
+ } catch (TransformerException e) {
+ throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ } catch (IOException e) {
+ throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ }
+ // validates <CreateXMLSignatureResponse>
+ new CreateXMLSignatureResponseValidator().validate(csresp, session);
+ // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
+ String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
+ Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
+ // debug output
+
+ // invokes the call
+ Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
+ // debug output
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ vsresp,
+ null,
+ VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
+ false);
+
+
+ // TODO See Bug #144
+ // Compare AuthBlock Data with information stored in session, especially date and time
+
+
+ // compares the public keys from the identityLink with the AuthBlock
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
+ vsresp,
+ session.getIdentityLink());
+
+ // builds authentication data and stores it together with a SAML artifact
+ AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ String samlArtifact =
+ new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID());
+ storeAuthenticationData(samlArtifact, authData);
+ // invalidates the authentication session
+ sessionStore.remove(sessionID);
+ Logger.info(
+ "Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact);
+ return samlArtifact;
+ }
+ /**
+ * Builds the AuthenticationData object together with the
+ * corresponding <code>&lt;saml:Assertion&gt;</code>
+ * @param session authentication session
+ * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP
+ * @return AuthenticationData object
+ * @throws ConfigurationException while accessing configuration data
+ * @throws BuildException while building the <code>&lt;saml:Assertion&gt;</code>
+ */
+ private AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp)
+ throws ConfigurationException, BuildException {
+
+ IdentityLink identityLink = session.getIdentityLink();
+ AuthenticationData authData = new AuthenticationData();
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ boolean businessService = oaParam.getBusinessService();
+ authData.setMajorVersion(1);
+ authData.setMinorVersion(0);
+ authData.setAssertionID(Random.nextRandom());
+ authData.setIssuer(session.getAuthURL());
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+
+ authData.setIdentificationType(identityLink.getIdentificationType());
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
+ authData.setBkuURL(session.getBkuURL());
+ boolean provideStammzahl = oaParam.getProvideStammzahl();
+ if (provideStammzahl) {
+ authData.setIdentificationValue(identityLink.getIdentificationValue());
+ }
+ String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl);
+ try {
+ String signerCertificateBase64 = "";
+ if (oaParam.getProvideCertifcate()) {
+ X509Certificate signerCertificate = verifyXMLSigResp.getX509certificate();
+ if (signerCertificate != null) {
+ signerCertificateBase64 = Base64Utils.encode(signerCertificate.getEncoded());
+ } else {
+ Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available");
+ }
+ }
+ authData.setSignerCertificate(signerCertificateBase64);
+ if (businessService) {
+ authData.setWBPK(identityLink.getIdentificationValue());
+ } else {
+ // only compute bPK if online applcation is a public service
+ String bpkBase64 =
+ new BPKBuilder().buildBPK(
+ identityLink.getIdentificationValue(),
+ session.getTarget());
+ authData.setBPK(bpkBase64);
+ }
+ String ilAssertion =
+ oaParam.getProvideIdentityLink()
+ ? identityLink.getSerializedSamlAssertion()
+ : "";
+ if (!oaParam.getProvideStammzahl()) {
+ ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink.getIdentificationValue(), "");
+ }
+ String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
+ String samlAssertion =
+ new AuthenticationDataAssertionBuilder().build(
+ authData,
+ prPerson,
+ authBlock,
+ ilAssertion,
+ session.getBkuURL(),
+ signerCertificateBase64,
+ businessService,
+ session.getExtendedSAMLAttributesOA());
+ authData.setSamlAssertion(samlAssertion);
+ return authData;
+ } catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "AuthenticationData", ex.toString()},
+ ex);
+ }
+ }
+ /**
+ * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact.
+ * The <code>AuthenticationData</code> is deleted from the store upon end of this call.
+ *
+ * @return <code>AuthenticationData</code>
+ */
+ public AuthenticationData getAuthenticationData(String samlArtifact)
+ throws AuthenticationException {
+ String assertionHandle;
+ try {
+ assertionHandle = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+ } catch (ParseException ex) {
+ throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString()});
+ }
+ AuthenticationData authData = null;
+ synchronized (authenticationDataStore) {
+ authData = (AuthenticationData) authenticationDataStore.get(assertionHandle);
+ if (authData == null) {
+ Logger.error("Assertion not found for SAML Artifact: " + samlArtifact);
+ throw new AuthenticationException("1206", new Object[] { samlArtifact });
+ }
+ authenticationDataStore.remove(assertionHandle);
+ }
+ long now = new Date().getTime();
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut)
+ throw new AuthenticationException("1207", new Object[] { samlArtifact });
+ Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact);
+ return authData;
+ }
+ /**
+ * Stores authentication data indexed by the assertion handle contained in the
+ * given saml artifact.
+ * @param samlArtifact SAML artifact
+ * @param authData authentication data
+ * @throws AuthenticationException when SAML artifact is invalid
+ */
+ private void storeAuthenticationData(String samlArtifact, AuthenticationData authData)
+ throws AuthenticationException {
+
+ try {
+ SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact);
+ // check type code 0x0001
+ byte[] typeCode = parser.parseTypeCode();
+ if (typeCode[0] != 0 || typeCode[1] != 1)
+ throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
+ String assertionHandle = parser.parseAssertionHandle();
+ synchronized (authenticationDataStore) {
+ Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact);
+ authenticationDataStore.put(assertionHandle, authData);
+ }
+ } catch (AuthenticationException ex) {
+ throw ex;
+ } catch (Throwable ex) {
+ throw new AuthenticationException("auth.06", new Object[] { samlArtifact });
+ }
+ }
+ /**
+ * Creates a new session and puts it into the session store.
+ *
+ * @param id Session ID
+ * @return AuthenticationSession created
+ * @exception AuthenticationException
+ * thrown when an <code>AuthenticationSession</code> is running
+ * already for the given session ID
+ */
+ private static AuthenticationSession newSession() throws AuthenticationException {
+ String sessionID = Random.nextRandom();
+ AuthenticationSession newSession = new AuthenticationSession(sessionID);
+ synchronized (sessionStore) {
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
+ if (session != null)
+ throw new AuthenticationException("auth.01", new Object[] { sessionID });
+ sessionStore.put(sessionID, newSession);
+ }
+ return newSession;
+ }
+ /**
+ * Retrieves a session from the session store.
+ *
+ * @param id session ID
+ * @return <code>AuthenticationSession</code> stored with given session ID,
+ * <code>null</code> if session ID unknown
+ */
+ public static AuthenticationSession getSession(String id) throws AuthenticationException {
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(id);
+ if (session == null)
+ throw new AuthenticationException("auth.02", new Object[] { id });
+ return session;
+ }
+ /**
+ * Cleans up expired session and authentication data stores.
+ */
+ public void cleanup() {
+ long now = new Date().getTime();
+ synchronized (sessionStore) {
+ Set keys = new HashSet(sessionStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext();) {
+ String sessionID = (String) iter.next();
+ AuthenticationSession session = (AuthenticationSession) sessionStore.get(sessionID);
+ if (now - session.getTimestampStart().getTime() > sessionTimeOut) {
+ Logger.info(
+ MOAIDMessageProvider.getInstance().getMessage(
+ "cleaner.02",
+ new Object[] { sessionID }));
+ sessionStore.remove(sessionID);
+ }
+ }
+ }
+ synchronized (authenticationDataStore) {
+ Set keys = new HashSet(authenticationDataStore.keySet());
+ for (Iterator iter = keys.iterator(); iter.hasNext();) {
+ String samlArtifact = (String) iter.next();
+ AuthenticationData authData =
+ (AuthenticationData) authenticationDataStore.get(samlArtifact);
+ if (now - authData.getTimestamp().getTime() > authDataTimeOut) {
+ Logger.info(
+ MOAIDMessageProvider.getInstance().getMessage(
+ "cleaner.03",
+ new Object[] { samlArtifact }));
+ authenticationDataStore.remove(samlArtifact);
+ }
+ }
+ }
+ }
+
+ /**
+ * Sets the sessionTimeOut.
+ * @param seconds Time out of the session in seconds
+ */
+ public void setSecondsSessionTimeOut(long seconds) {
+ sessionTimeOut = 1000 * seconds;
+ }
+ /**
+ * Sets the authDataTimeOut.
+ * @param seconds Time out for signing AuthData in seconds
+ */
+ public void setSecondsAuthDataTimeOut(long seconds) {
+ authDataTimeOut = 1000 * seconds;
+ }
+
+ /**
+ * Checks a parameter.
+ * @param param parameter
+ * @return true if the parameter is null or empty
+ */
+ private boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
new file mode 100644
index 000000000..7e5ed6ec7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -0,0 +1,52 @@
+package at.gv.egovernment.moa.id.auth;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Thread cleaning the <code>AuthenticationServer</code> session store
+ * and authentication data store from garbage.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationSessionCleaner implements Runnable {
+
+ /** interval the <code>AuthenticationSessionCleaner</code> is run in */
+ private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min
+
+ /**
+ * Runs the thread. Cleans the <code>AuthenticationServer</code> session store
+ * and authentication data store from garbage, then sleeps for given interval, and restarts.
+ */
+ public void run() {
+ while (true) {
+ try {
+ Logger.debug("AuthenticationSessionCleaner run");
+ AuthenticationServer.getInstance().cleanup();
+ }
+ catch (Exception e) {
+ Logger.error(MOAIDMessageProvider.getInstance().getMessage("cleaner.01", null), e);
+ }
+ try {
+ Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
+ }
+ catch (InterruptedException e) {
+ }
+ }
+ }
+
+ /**
+ * start the sessionCleaner
+ */
+ public static void start() {
+ // start the session cleanup thread
+ Thread sessionCleaner =
+ new Thread(new AuthenticationSessionCleaner());
+ sessionCleaner.setName("SessionCleaner");
+ sessionCleaner.setDaemon(true);
+ sessionCleaner.setPriority(Thread.MIN_PRIORITY);
+ sessionCleaner.start();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
new file mode 100644
index 000000000..43e88e7b5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -0,0 +1,75 @@
+package at.gv.egovernment.moa.id.auth;
+
+import iaik.asn1.ObjectID;
+
+
+/**
+ * Constants used throughout moa-id-auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public interface MOAIDAuthConstants {
+
+ /** servlet parameter &quot;Target&quot; */
+ public static final String PARAM_TARGET = "Target";
+ /** servlet parameter &quot;OA&quot; */
+ public static final String PARAM_OA = "OA";
+ /** servlet parameter &quot;bkuURI&quot; */
+ public static final String PARAM_BKU = "bkuURI";
+ /** servlet parameter &quot;BKUSelectionTemplate&quot; */
+ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";
+ /** default BKU URL */
+ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request";
+ /** servlet parameter &quot;returnURI&quot; */
+ public static final String PARAM_RETURN = "returnURI";
+ /** servlet parameter &quot;Template&quot; */
+ public static final String PARAM_TEMPLATE = "Template";
+ /** servlet parameter &quot;MOASessionID&quot; */
+ public static final String PARAM_SESSIONID = "MOASessionID";
+ /** servlet parameter &quot;XMLResponse&quot; */
+ public static final String PARAM_XMLRESPONSE = "XMLResponse";
+ /** servlet parameter &quot;SAMLArtifact&quot; */
+ public static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet} is mapped to */
+ public static final String REQ_START_AUTHENTICATION = "StartAuthentication";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */
+ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink";
+ /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */
+ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock";
+ /** Logging hierarchy used for controlling debug output of XML structures to files */
+ public static final String DEBUG_OUTPUT_HIERARCHY = "moa.id.auth";
+ /** Header Name for controlling the caching mechanism of the browser */
+ public static final String HEADER_EXPIRES = "Expires";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_EXPIRES = "Sat, 6 May 1995 12:00:00 GMT";
+ /** Header Name for controlling the caching mechanism of the browser */
+ public static final String HEADER_PRAGMA = "Pragma";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_PRAGMA = "no-cache";
+ /** Header Name for controlling the caching mechanism of the browser */
+ public static final String HEADER_CACHE_CONTROL = "Cache-control";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_CACHE_CONTROL = "no-store, no-cache, must-revalidate";
+ /** Header Value for controlling the caching mechanism of the browser */
+ public static final String HEADER_VALUE_CACHE_CONTROL_IE = "post-check=0, pre-check=0";
+ /**
+ * the identity link signer X509Subject names of those identity link signer certificates
+ * not including the identity link signer OID. The authorisation for signing the identity
+ * link must be checked by using their issuer names. After february 19th 2007 the OID of
+ * the certificate will be used fo checking the authorisation for signing identity links.
+ */
+ public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID =
+ new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission",
+ "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"};
+ /**
+ * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen"
+ */
+ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1";
+ /**
+ * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen);
+ * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007
+ */
+ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
new file mode 100644
index 000000000..7964e2fb6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -0,0 +1,163 @@
+package at.gv.egovernment.moa.id.auth;
+
+import iaik.pki.PKIException;
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import java.util.Properties;
+
+import javax.activation.CommandMap;
+import javax.activation.MailcapCommandMap;
+import javax.mail.Session;
+import javax.net.ssl.SSLSocketFactory;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+import at.gv.egovernment.moa.spss.server.config.ConfigurationProvider;
+import at.gv.egovernment.moa.spss.server.iaik.config.IaikConfigurator;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Web application initializer
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDAuthInitializer {
+
+ /** a boolean identifying if the MOAIDAuthInitializer has been startet */
+ public static boolean initialized = false;
+
+ /**
+ * Initializes the web application components which need initialization:
+ * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
+ */
+ public static void initialize() throws ConfigurationException,
+ PKIException, IOException, GeneralSecurityException {
+ if (initialized) return;
+ initialized = true;
+ Logger.setHierarchy("moa.id.auth");
+ Logger.info("Default java file.encoding: "
+ + System.getProperty("file.encoding"));
+
+ //JDK bug workaround according to:
+ // http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
+ // register content data handlers for S/MIME types
+ MailcapCommandMap mc = new MailcapCommandMap();
+ CommandMap.setDefaultCommandMap(mc);
+
+ // create some properties and get the default Session
+ Properties props = new Properties();
+ props.put("mail.smtp.host", "localhost");
+ Session session = Session.getDefaultInstance(props, null);
+
+ // Restricts TLS cipher suites
+ System.setProperty(
+ "https.cipherSuites",
+ "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+ // load some jsse classes so that the integrity of the jars can be
+ // verified
+ // before the iaik jce is installed as the security provider
+ // this workaround is only needed when sun jsse is used in conjunction
+ // with
+ // iaik-jce (on jdk1.3)
+ ClassLoader cl = MOAIDAuthInitializer.class.getClassLoader();
+ try {
+ cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
+ } catch (ClassNotFoundException e) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(
+ "init.01", null), e);
+ }
+
+ // Initializes SSLSocketFactory store
+ SSLUtils.initialize();
+
+ // Initializes Namespace Map
+ Constants.nSMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ Constants.nSMap.put(Constants.ECDSA_PREFIX,
+ "http://www.w3.org/2001/04/xmldsig-more#");
+ Constants.nSMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+
+ // Loads the configuration
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.reload();
+ ConnectionParameter moaSPConnParam = authConf
+ .getMoaSpConnectionParameter();
+
+ // If MOA-SP API calls: loads MOA-SP configuration and configures IAIK
+ if (moaSPConnParam == null) {
+ try {
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext("startup"));
+ ConfigurationProvider config = ConfigurationProvider
+ .getInstance();
+ new IaikConfigurator().configure(config);
+ } catch (at.gv.egovernment.moa.spss.server.config.ConfigurationException ex) {
+ throw new ConfigurationException("config.10", new Object[] { ex
+ .toString() }, ex);
+ }
+ }
+
+ // Initializes IAIKX509TrustManager logging
+ String log4jConfigURL = System.getProperty("log4j.configuration");
+ if (log4jConfigURL != null) {
+ IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
+ }
+
+ // Initializes the Axis secure socket factory for use in calling the
+ // MOA-SP web service
+ if (moaSPConnParam != null && moaSPConnParam.isHTTPSURL()) {
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf,
+ moaSPConnParam);
+ AxisSecureSocketFactory.initialize(ssf);
+ }
+
+ // sets the authentication session and authentication data time outs
+ String param = authConf
+ .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY);
+ if (param != null) {
+ long sessionTimeOut = 0;
+ try {
+ sessionTimeOut = new Long(param).longValue();
+ } catch (NumberFormatException ex) {
+ Logger
+ .error(MOAIDMessageProvider
+ .getInstance()
+ .getMessage(
+ "config.05",
+ new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY }));
+ }
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOut(sessionTimeOut);
+ }
+ param = authConf
+ .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY);
+ if (param != null) {
+ long authDataTimeOut = 0;
+ try {
+ authDataTimeOut = new Long(param).longValue();
+ } catch (NumberFormatException ex) {
+ Logger
+ .error(MOAIDMessageProvider
+ .getInstance()
+ .getMessage(
+ "config.05",
+ new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY }));
+ }
+ if (authDataTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsAuthDataTimeOut(authDataTimeOut);
+ }
+
+ }
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
new file mode 100644
index 000000000..3ce2798ea
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
@@ -0,0 +1,21 @@
+package at.gv.egovernment.moa.id.auth;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown when the <code>AuthenticationServer</code> API is
+ * called with wrong parameters provided.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class WrongParametersException extends MOAIDException {
+
+ /**
+ * Constructor
+ */
+ public WrongParametersException(String call, String parameter) {
+ super("auth.05", new Object[] {call, parameter});
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
new file mode 100644
index 000000000..241cf0afc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -0,0 +1,88 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.text.MessageFormat;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Base class for building authentication the AUTHBlock and final OA data SAML assertions.
+ * Encapsulates methods used by the two specific builders
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder AuthenticationBlockAssertionBuilder}
+ * and
+ * {@link at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder AuthenticationDataAssertionBuilder}
+ *
+ * @author Harald Bratko
+ */
+public class AuthenticationAssertionBuilder {
+
+ /** the NewLine representation in Java*/
+ protected static String NL = "\n";
+
+ protected static String SAML_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +
+ " <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>"+ NL;
+
+ /**
+ * Empty constructor
+ */
+ public AuthenticationAssertionBuilder() {
+ }
+
+ /**
+ * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion
+ * delivered to the online application.
+ * The method traverses through the list of given SAML attribute objects and builds an
+ * XML structure (String representation) for each of the attributes.
+ *
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or
+ * to the SAML assertion delivered to the online application.
+ * @return A string representation including the XML structures of
+ * the SAML attributes.
+ *
+ * @throws ParseException If an error occurs on serializing an SAML attribute.
+ */
+ protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException
+ {
+ StringBuffer sb = new StringBuffer();
+ if (extendedSAMLAttributes!=null) {
+ Iterator it = extendedSAMLAttributes.iterator();
+ while (it.hasNext()) {
+ ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+ Object value = extendedSAMLAttribute.getValue();
+ String name = extendedSAMLAttribute.getName();
+ String namespace = extendedSAMLAttribute.getNameSpace();
+ if (value instanceof String) {
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value}));
+ } else if (value instanceof Element) {
+ try {
+ String serializedValue = DOMUtils.serializeNode((Element)(value));
+ serializedValue = StringUtils.removeXMLDeclaration(serializedValue);
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, serializedValue}));
+ } catch (TransformerException e) {
+ Logger.error("Error on serializing SAML attribute \"" + name +
+ " (namespace: \"" + namespace + "\".");
+ throw new ParseException("parser.05", new Object[] { name, namespace});
+ } catch (IOException e) {
+ Logger.error("Error on serializing SAML attribute \"" + name +
+ " (namespace: \"" + namespace + "\".");
+ throw new ParseException("parser.05", new Object[] { name, namespace});
+ }
+ }
+ }
+ }
+ return sb.toString();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
new file mode 100644
index 000000000..60cd11ed6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -0,0 +1,146 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the authentication block <code>&lt;saml:Assertion&gt;</code>
+ * to be included in a <code>&lt;CreateXMLSignatureResponse&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+
+ /** template for the Auth-Block */
+ private static String AUTH_BLOCK =
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "''{0} MajorVersion=''1'' MinorVersion=''0'' AssertionID=''any'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier>{3}</saml:NameIdentifier>" + NL +
+ " </saml:Subject>" + NL +
+ "{4}" +
+ " <saml:Attribute AttributeName=''OA'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{5}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''Geburtsdatum'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{7}" +
+ " </saml:AttributeStatement>" + NL +
+ "</saml:Assertion>";
+
+ private static String GESCHAEFTS_BEREICH_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''Geschaeftsbereich'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
+ private static String WBPK_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''wbPK'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>" + NL +
+ " <pr:Identification>" + NL +
+ " <pr:Value>{0}</pr:Value>" + NL +
+ " <pr:Type>{1}</pr:Type>" + NL +
+ " </pr:Identification>" + NL +
+ " </saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
+ /**
+ * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
+ */
+ public static final int NUM_OF_SAML_ATTRIBUTES = 3;
+
+ /**
+ * Constructor for AuthenticationBlockAssertionBuilder.
+ */
+ public AuthenticationBlockAssertionBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the authentication block <code>&lt;saml:Assertion&gt;</code>
+ *
+ * @param issuer authentication block issuer; <code>"GivenName FamilyName"</code>
+ * @param issueInstant current timestamp
+ * @param authURL URL of MOA-ID authentication component
+ * @param target "Gesch&auml;ftsbereich"; maybe <code>null</code> if the application
+ * is a business application
+ * @param identityLinkValue the content of the <code>&lt;pr:Value&gt;</code>
+ * child element of the <code>&lt;pr:Identification&gt;</code>
+ * element derived from the Identitylink; this is the
+ * value of the <code>wbPK</code>;
+ * maybe <code>null</code> if the application is a public service
+ * @param identityLinkType the content of the <code>&lt;pr:Type&gt;</code>
+ * child element of the <code>&lt;pr:Identification&gt;</code>
+ * element derived from the Identitylink; this includes the
+ * URN prefix and the identification number of the business
+ * application used as input for wbPK computation;
+ * maybe <code>null</code> if the application is a public service
+ * @param oaURL public URL of online application requested
+ * @param gebDat The date of birth from the identity link.
+ * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock.
+ *
+ * @return String representation of authentication block
+ * <code>&lt;saml:Assertion&gt;</code> built
+ *
+ * @throws BuildException If an error occurs on serializing an extended SAML attribute
+ * to be appended to the AUTH-Block.
+ */
+ public String buildAuthBlock(
+ String issuer,
+ String issueInstant,
+ String authURL,
+ String target,
+ String identityLinkValue,
+ String identityLinkType,
+ String oaURL,
+ String gebDat,
+ List extendedSAMLAttributes,
+ AuthenticationSession session)
+ throws BuildException
+ {
+ session.setSAMLAttributeGebeORwbpk(true);
+ String gebeORwbpk = "";
+ String wbpkNSDeclaration = "";
+ if (target == null) {
+ // OA is a business application
+ if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) {
+ // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator
+ gebeORwbpk = MessageFormat.format(WBPK_ATTRIBUTE, new Object[] { identityLinkValue, identityLinkType });
+ wbpkNSDeclaration = " xmlns:pr=\"" + PD_NS_URI + "\"";
+ } else {
+ // We do not have a wbPK, therefore no SAML-Attribute is provided
+ session.setSAMLAttributeGebeORwbpk(false);
+ }
+ } else {
+ gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target });
+ }
+
+ String assertion;
+ try {
+ assertion = MessageFormat.format(
+ AUTH_BLOCK, new Object[] {
+ wbpkNSDeclaration,
+ issuer,
+ issueInstant,
+ authURL,
+ gebeORwbpk,
+ oaURL,
+ gebDat,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ } catch (ParseException e) {
+ Logger.error("Error on building AUTH-Block: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()});
+ }
+
+ return assertion;
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
new file mode 100644
index 000000000..53520c846
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -0,0 +1,156 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Builder for the authentication data <code>&lt;saml:Assertion&gt;</code>
+ * to be provided by the MOA ID Auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionBuilder implements Constants {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String NL = "\n";
+ /**
+ * XML template for the <code>&lt;saml:Assertion&gt;</code> to be built
+ */
+ private static final String AUTH_DATA =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + NL +
+ "<saml:Assertion xmlns:saml=''" + SAML_NS_URI + "'' xmlns:pr=''" + PD_NS_URI + "'' xmlns:xsi=''" + XSI_NS_URI + "''" +
+ " xmlns:si=''" + XSI_NS_URI + "''" +
+ " MajorVersion=''1'' MinorVersion=''0'' AssertionID=''{0}'' Issuer=''{1}'' IssueInstant=''{2}''>" + NL +
+ " <saml:AttributeStatement>" + NL +
+ " <saml:Subject>" + NL +
+ " <saml:NameIdentifier NameQualifier=''{3}''>{4}</saml:NameIdentifier>" + NL +
+ " <saml:SubjectConfirmation>" + NL +
+ " <saml:ConfirmationMethod>" + MOA_NS_URI + "cm</saml:ConfirmationMethod>" + NL +
+ " <saml:SubjectConfirmationData>{5}{6}</saml:SubjectConfirmationData>" + NL +
+ " </saml:SubjectConfirmation>" + NL +
+ " </saml:Subject>" + NL +
+ " <saml:Attribute AttributeName=''PersonData'' AttributeNamespace=''" + PD_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{7}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''isQualifiedCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{8}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ " <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL +
+ "{10}" +
+ "{11}" +
+ "{12}" +
+ " </saml:AttributeStatement>" + NL +
+ "</saml:Assertion>";
+ /**
+ * XML template for the <code>&lt;saml:Attribute&gt;</code> named <code>"isPublicAuthority"</code>,
+ * to be inserted into the <code>&lt;saml:Assertion&gt;</code>
+ */
+ private static final String PUBLIC_AUTHORITY_ATT =
+ " <saml:Attribute AttributeName=''isPublicAuthority'' AttributeNamespace=''urn:oid:1.2.40.0.10.1.1.1''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
+ private static final String SIGNER_CERTIFICATE_ATT =
+ " <saml:Attribute AttributeName=''SignerCertificate'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
+
+ /**
+ * Constructor for AuthenticationDataAssertionBuilder.
+ */
+ public AuthenticationDataAssertionBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the authentication data <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @param authData the <code>AuthenticationData</code> to build the
+ * <code>&lt;saml:Assertion&gt;</code> from
+ * @param xmlPersonData <code>lt;pr:Person&gt;</code> element as a String
+ * @param xmlAuthBlock authentication block to be included in a
+ * <code>lt;saml:SubjectConfirmationData&gt;</code> element; may include
+ * the <code>"Stammzahl"</code> or not; may be empty
+ * @param xmlIdentityLink the IdentityLink
+ * @param signerCertificateBase64 Base64 encoded certificate of the signer. Maybe
+ * an empty string if the signer certificate should not be provided.
+ * Will be ignored if the <code>businessService</code> parameter is
+ * set to <code>false</code>.
+ * @param businessService <code>true</code> if the online application is a
+ * business service, otherwise <code>false</code>
+ * @return the <code>&lt;saml:Assertion&gt;</code>
+ * @throws BuildException if an error occurs during the build process
+ */
+ public String build(
+ AuthenticationData authData,
+ String xmlPersonData,
+ String xmlAuthBlock,
+ String xmlIdentityLink,
+ String bkuURL,
+ String signerCertificateBase64,
+ boolean businessService,
+ List extendedSAMLAttributes)
+ throws BuildException
+ {
+
+ String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false";
+ String publicAuthorityAttribute = "";
+ if (authData.isPublicAuthority()) {
+ String publicAuthorityIdentification = authData.getPublicAuthorityCode();
+ if (publicAuthorityIdentification == null)
+ publicAuthorityIdentification = "True";
+ publicAuthorityAttribute = MessageFormat.format(
+ PUBLIC_AUTHORITY_ATT, new Object[] { publicAuthorityIdentification });
+ }
+
+
+ String signerCertificateAttribute = "";
+ if (signerCertificateBase64 != "") {
+ signerCertificateAttribute = MessageFormat.format(
+ SIGNER_CERTIFICATE_ATT, new Object[] { signerCertificateBase64 });
+ }
+
+ String pkType;
+ String pkValue;
+ if (businessService) {
+ pkType = authData.getIdentificationType();
+ pkValue = authData.getWBPK();
+
+ } else {
+ pkType = URN_PREFIX_BPK;
+ pkValue = authData.getBPK();
+ }
+
+ String assertion;
+ try {
+ assertion = MessageFormat.format(AUTH_DATA, new Object[] {
+ authData.getAssertionID(),
+ authData.getIssuer(),
+ authData.getIssueInstant(),
+ pkType,
+ pkValue,
+ StringUtils.removeXMLDeclaration(xmlAuthBlock),
+ StringUtils.removeXMLDeclaration(xmlIdentityLink),
+ StringUtils.removeXMLDeclaration(xmlPersonData),
+ isQualifiedCertificate,
+ bkuURL,
+ publicAuthorityAttribute,
+ signerCertificateAttribute,
+ buildExtendedSAMLAttributes(extendedSAMLAttributes)});
+ } catch (ParseException e) {
+ Logger.error("Error on building Authentication Data Assertion: " + e.getMessage());
+ throw new BuildException("builder.00", new Object[] { "Authentication Data Assertion", e.toString()});
+ }
+ return assertion;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
new file mode 100644
index 000000000..6cc8c1be8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -0,0 +1,49 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.security.MessageDigest;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the bPK, as defined in
+ * <code>&quot;Ableitung f&uml;r die bereichsspezifische Personenkennzeichnung&quot;</code>
+ * version <code>1.0.1</code> from <code>&quot;reference.e-government.gv.at&quot;</code>.
+ *
+ * @author Paul Schamberger
+ * @version $Id$
+ */
+public class BPKBuilder {
+
+ /**
+ * Builds the bPK from the given parameters.
+ * @param identificationValue Base64 encoded "Stammzahl"
+ * @param target "Bereich lt. Verordnung des BKA"
+ * @return bPK in a BASE64 encoding
+ * @throws BuildException if an error occurs on building the bPK
+ */
+ public String buildBPK(String identificationValue, String target)
+ throws BuildException {
+
+ if ((identificationValue == null ||
+ identificationValue.length() == 0 ||
+ target == null ||
+ target.length() == 0))
+ {
+ throw new BuildException("builder.00",
+ new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" +
+ identificationValue + ",target=" + target});
+ }
+ String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target;
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1"));
+ String hashBase64 = Base64Utils.encode(hash);
+ return hashBase64;
+ } catch (Exception ex) {
+ throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java
new file mode 100644
index 000000000..3a2ee07de
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java
@@ -0,0 +1,59 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Base class for HTML/XML builders providing commonly useful functions.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class Builder {
+
+ /**
+ * Replaces a given number of occurences of a special tag in an XML or HTML template by a value.
+ * @param template html template
+ * @param tag special tag
+ * @param value value replacing the tag
+ * @param expected specifies if the tag is expected to present; if <code>true</code> and the tag
+ * is not present, an exception is thrown; if <code>false</code> and the tag is
+ * not present, the original string is returned
+ * @param maxreplacements Set -1 to replace each occurence of tag, or limit replacements by a given positive number
+ * @return XML or HTML code, the tag replaced
+ * @throws BuildException when template does not contain the tag
+ */
+ protected String replaceTag(
+ String template,
+ String tag,
+ String value,
+ boolean expected,
+ int maxreplacements)
+ throws BuildException
+ {
+ String result = template;
+ int index = result.indexOf(tag);
+ if (index < 0) {
+ if (expected) {
+ // Substring not found but should
+ throw new BuildException(
+ "builder.01",
+ new Object[] {"&lt;" + tag.substring(1, tag.length() - 1) + "&gt;"});
+ }
+ } else {
+ // replace each occurence
+ if (maxreplacements == -1) {
+ return StringUtils.replaceAll(template, tag, value);
+ } else {
+ int found = 1;
+ while (index > -1 && (found <= maxreplacements)) {
+ result = result.substring(0, index) + value + result.substring(index + tag.length());
+ index = result.indexOf(tag);
+ if (index > -1) found += 1;
+ }
+ }
+ }
+ return result;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
new file mode 100644
index 000000000..06c81f49e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -0,0 +1,84 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.text.MessageFormat;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * Builder for the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure
+ * used for presenting certificate information in the secure viewer of the security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements Constants {
+
+ /** special tag in the VerifyXMLRequest template to be substituted for a <code>&lt;dsig:Signature&gt;</code> */
+ private static final String SIGNATURE_TAG = "<dsig:Signature/>";
+
+ /** private static String nl contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+
+ /**
+ * XML template for the CertInfoVerifyXMLSignatureRequest to be built
+ */
+ static final String CERTINFO_REQUEST =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl +
+ "<{0}:VerifyXMLSignatureRequest {2} xmlns:dsig=\"" + DSIG_NS_URI + "\">" + nl +
+ " <{0}:SignatureInfo>" + nl +
+ " <{0}:SignatureEnvironment>" + nl +
+ " <{1}:XMLContent xml:space=\"preserve\"><dsig:Signature/></{1}:XMLContent>" + nl +
+ " </{0}:SignatureEnvironment>" + nl +
+ " <{0}:SignatureLocation>//dsig:Signature</{0}:SignatureLocation>" + nl +
+ " </{0}:SignatureInfo>" + nl +
+ "</{0}:VerifyXMLSignatureRequest>";
+
+ /**
+ * Constructor
+ */
+ public CertInfoVerifyXMLSignatureRequestBuilder() {
+ super();
+ }
+ /**
+ * Builds the <code>&lt;VerifyXMLSignatureRequest&gt;</code> structure.
+ * @return the XML structure
+ * @throws BuildException
+ */
+ public String build(boolean slVersion12) throws BuildException {
+
+ String sl10Prefix;
+ String sl11Prefix;
+ String slNsDeclaration;
+
+ if (slVersion12) {
+
+ sl10Prefix = SL12_PREFIX;
+ sl11Prefix = SL12_PREFIX;
+ slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\"";
+
+ } else {
+
+ sl10Prefix = SL10_PREFIX;
+ sl11Prefix = SL11_PREFIX;
+ slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\"";
+
+ }
+
+ String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration});
+ String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml";
+
+
+ try {
+ String dsigSignature = FileUtils.readResource(resDsigSignature, "UTF-8");
+ certInfoRequest = replaceTag(certInfoRequest, SIGNATURE_TAG, dsigSignature, true, 1);
+ return certInfoRequest;
+ }
+ catch (IOException ex) {
+ throw new BuildException("auth.04", new Object[] {resDsigSignature, ex.toString()});
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
new file mode 100644
index 000000000..e9a9f308d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -0,0 +1,93 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Builder for the <code>&lt;CreateXMLSignatureRequest&gt;</code> structure
+ * used for requesting a signature under the authentication block from the
+ * security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CreateXMLSignatureRequestBuilder implements Constants {
+ /** private static String nl contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /**
+ * XML template for the <code>&lt;moa:CreateXMLSignatureRequest&gt;</code> to be built
+ */
+ private static final String CREATE_XML_SIGNATURE_REQUEST =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + nl +
+ "<{3}:CreateXMLSignatureRequest xmlns:dsig=''" + DSIG_NS_URI + "'' {5}>" + nl +
+ " <{3}:KeyboxIdentifier>{1}</{3}:KeyboxIdentifier>" + nl +
+ " <{3}:DataObjectInfo Structure=''detached''>" + nl +
+ " <{4}:DataObject Reference=''''/>" + nl +
+ "{2}" +
+ " </{3}:DataObjectInfo>" + nl +
+ " <{3}:SignatureInfo>" + nl +
+ " <{3}:SignatureEnvironment>" + nl +
+ " <{4}:XMLContent>{0}</{4}:XMLContent>" + nl +
+ " </{3}:SignatureEnvironment>" + nl +
+ " <{3}:SignatureLocation Index=''2''>/saml:Assertion</{3}:SignatureLocation>" + nl +
+ " </{3}:SignatureInfo>" + nl +
+ "</{3}:CreateXMLSignatureRequest>";
+
+
+ /**
+ * Constructor for CreateXMLSignatureRequestBuilder.
+ */
+ public CreateXMLSignatureRequestBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the <code>&lt;CreateXMLSignatureRequest&gt;</code>.
+ *
+ * @param authBlock String representation of XML authentication block
+ * @param keyBoxIdentifier the key box identifier which will be used (e.g. CertifiedKeypair)
+ * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not
+ * @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) {
+
+ String sl10Prefix;
+ String sl11Prefix;
+ String slNsDeclaration;
+
+ String dsigTransformInfosString = "";
+ for (int i = 0; i < dsigTransformInfos.length; i++) {
+ dsigTransformInfosString += dsigTransformInfos[i];
+ }
+
+ if (slVersion12) {
+
+ // replace the SecurityLayer namespace prefixes and URIs within the transforms
+ dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString,
+ SL10_PREFIX, SL12_PREFIX,
+ SL10_NS_URI, SL12_NS_URI);
+ sl10Prefix = SL12_PREFIX;
+ sl11Prefix = SL12_PREFIX;
+ slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'";
+
+ } else {
+
+ sl10Prefix = SL10_PREFIX;
+ sl11Prefix = SL11_PREFIX;
+ slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'";
+
+ }
+
+ String request = MessageFormat.format(
+ CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock,
+ keyBoxIdentifier,
+ dsigTransformInfosString,
+ sl11Prefix,
+ sl10Prefix,
+ slNsDeclaration });
+
+ return request;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
new file mode 100644
index 000000000..30cc1df5a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -0,0 +1,83 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Builds a DataURL parameter meant for the security layer implementation
+ * to respond to.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class DataURLBuilder {
+
+ /**
+ * Constructor for DataURLBuilder.
+ */
+ public DataURLBuilder() {
+ super();
+ }
+
+ /**
+ * Constructs a data URL for <code>VerifyIdentityLink</code> or <code>VerifyAuthenticationBlock</code>,
+ * including the <code>MOASessionID</code> as a parameter.
+ *
+ * @param authBaseURL base URL (context path) of the MOA ID Authentication component,
+ * including a trailing <code>'/'</code>
+ * @param authServletName request part of the data URL
+ * @param sessionID sessionID to be included in the dataURL
+ * @return String
+ */
+ public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
+
+ String individualDataURLPrefix = null;
+ String dataURL;
+ try {
+ //check if an individual prefix is configured
+ individualDataURLPrefix = AuthConfigurationProvider.getInstance().
+ getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX);
+
+ if (null != individualDataURLPrefix) {
+
+ //check individualDataURLPrefix
+ if(!individualDataURLPrefix.startsWith("http"))
+ throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix}));
+
+ //when ok then use it
+ dataURL = individualDataURLPrefix + authServletName;
+ } else
+ dataURL = authBaseURL + authServletName;
+
+ } catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } ));
+ dataURL = authBaseURL + authServletName;
+ }
+
+ dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID);
+ return dataURL;
+ }
+
+ /**
+ * Method addParameter.
+ * @param urlString represents the url
+ * @param paramname is the parameter to be added
+ * @param value is the value of that parameter
+ * @return String
+ */
+ private String addParameter(String urlString, String paramname, String value) {
+ String url = urlString;
+ if (paramname != null) {
+ if (url.indexOf("?") < 0)
+ url += "?";
+ else
+ url += "&";
+ url += paramname + "=" + value;
+ }
+ return url;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
new file mode 100644
index 000000000..0d0595b69
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -0,0 +1,150 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for HTML form requesting the security layer implementation
+ * to get the identity link from smartcard by a <code>&lt;InfoboxReadRequest&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetIdentityLinkFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /** special tag in the HTML template to be substituted for the BKU URL */
+ private static final String BKU_TAG = "<BKU>";
+ /** special tag in the HTML template to be substituted for the XML request */
+ private static final String XMLREQUEST_TAG = "<XMLRequest>";
+ /** special tag in the HTML template to be substituted for the data URL */
+ private static final String DATAURL_TAG = "<DataURL>";
+ /** special tag in the HTML template to be substituted for certificate info XML request */
+ private static final String CERTINFO_XMLREQUEST_TAG = "<CertInfoXMLRequest>";
+ /** special tag in the HTML template to be substituted for the certificate info data URL */
+ private static final String CERTINFO_DATAURL_TAG = "<CertInfoDataURL>";
+ /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+ private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
+ /** private static int all contains the representation to replace all tags*/
+ private static final int ALL = -1;
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ "<head>" + nl +
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<title>Anmeldung mit B&uuml;rgerkarte</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<form name=\"GetIdentityLinkForm\"" + nl +
+ " action=\"" + BKU_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"PushInfobox\"" + nl +
+ " value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+ " <input type=\"submit\" value=\"Anmeldung mit B&uuml;rgerkarte\"/>" + nl +
+ "</form>" + nl +
+ "<form name=\"CertificateInfoForm\"" + nl +
+ " action=\"" + BKU_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"" + CERTINFO_XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"" + CERTINFO_DATAURL_TAG + "\"/>" + nl +
+// " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+ " <input type=\"hidden\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+
+ /**
+ * Constructor for GetIdentityLinkFormBuilder.
+ */
+ public GetIdentityLinkFormBuilder() {
+ super();
+ }
+ /**
+ * Builds the HTML form, including XML Request and data URL as parameters.
+ *
+ * @param htmlTemplate template to be used for the HTML form;
+ * may be <code>null</code>, in this case a default layout will be produced
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String build(
+ String htmlTemplate,
+ String bkuURL,
+ String xmlRequest,
+ String dataURL,
+ String certInfoXMLRequest,
+ String certInfoDataURL,
+ String pushInfobox)
+ throws BuildException
+ {
+ String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+// String bku = bkuURL == null ? DEFAULT_BKU : bkuURL;
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, encodeParameter(xmlRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
+//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
+ htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
+ return htmlForm;
+ }
+ /**
+ * Encodes a string for inclusion as a parameter in the form.
+ * Double quotes are substituted by <code>"&amp;quot;"</code>.
+ * @param s the string to be encoded
+ * @return the string encoded
+ * @throws BuildException on any exception encountered
+ */
+ public static String encodeParameter(String s) throws BuildException {
+ StringReader in = new StringReader(s);
+ StringWriter out = new StringWriter();
+ try {
+ for (int ch = in.read(); ch >= 0; ch = in.read()) {
+ if (ch == '"')
+ out.write("&quot;");
+ else if (ch == '<')
+ out.write("&lt;");
+ else if (ch == '>')
+ out.write("&gt;");
+ else if (ch == 'ä')
+ out.write("&auml;");
+ else if (ch == 'ö')
+ out.write("&ouml;");
+ else if (ch == 'ü')
+ out.write("&uuml;");
+ else if (ch == 'Ä')
+ out.write("&Auml;");
+ else if (ch == 'Ö')
+ out.write("&Ouml;");
+ else if (ch == 'Ü')
+ out.write("&Uuml;");
+ else if (ch == 'ß')
+ out.write("&szlig;");
+ else
+ out.write(ch);
+ }
+ }
+ catch (IOException ex) {
+ throw new BuildException("builder.00", new Object[] {"GetIdentityLinkForm", ex.toString()});
+ }
+ return out.toString();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
new file mode 100644
index 000000000..c2bafe43b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
@@ -0,0 +1,86 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;InfoboxReadRequest&gt;</code> structure
+ * used for requesting the identity link from the security layer implementation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class InfoboxReadRequestBuilder implements Constants {
+
+
+ /**
+ * Constructor for InfoboxReadRequestBuilder.
+ */
+ public InfoboxReadRequestBuilder() {
+ }
+
+
+ /**
+ * Builds an <code>&lt;InfoboxReadRequest&gt;</code>.
+ *
+ * @param slVersion12 specifies whether the Security Layer version is
+ * version 1.2 or not
+ * @param businessService specifies whether the online application is a
+ * business service or not
+ * @param identityLinkDomainIdentifier the identification number of the business
+ * company; maybe <code>null</code> if the OA
+ * is a public service; must not be <code>null</code>
+ * if the OA is a business service
+ *
+ * @return <code>&lt;InfoboxReadRequest&gt;</code> as String
+ */
+ public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) {
+
+ String slPrefix;
+ String slNsDeclaration;
+
+ if (slVersion12) {
+ slPrefix = SL12_PREFIX;
+ slNsDeclaration = SL12_NS_URI;
+ } else {
+ slPrefix = SL10_PREFIX;
+ slNsDeclaration = SL10_NS_URI;
+ }
+
+ StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":InfoboxReadRequest xmlns:");
+ sb.append(slPrefix);
+ sb.append("=\"");
+ sb.append(slNsDeclaration);
+ sb.append("\">");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":InfoboxIdentifier>IdentityLink</");
+ sb.append(slPrefix);
+ sb.append(":InfoboxIdentifier>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":BinaryFileParameters ContentIsXMLEntity=\"true\"/>");
+ if (businessService) {
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":BoxSpecificParameters>");
+ sb.append("<");
+ sb.append(slPrefix);
+ sb.append(":IdentityLinkDomainIdentifier>");
+ sb.append(identityLinkDomainIdentifier);
+ sb.append("</sl:IdentityLinkDomainIdentifier>");
+ sb.append("</");
+ sb.append(slPrefix);
+ sb.append(":BoxSpecificParameters>");
+ }
+ sb.append("</");
+ sb.append(slPrefix);
+ sb.append(":InfoboxReadRequest>");
+
+ return sb.toString();
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
new file mode 100644
index 000000000..038e549be
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
@@ -0,0 +1,82 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * This class provides one method for building parameters needed for
+ * validating an infobox token.
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxValidatorParamsBuilder {
+
+ // hide the default constructor
+ private InfoboxValidatorParamsBuilder() {
+ }
+
+ /**
+ * Builds the parameters passed to the validator class for validating an infobox token.
+ *
+ * @param session The actual Authentication session.
+ * @param verifyInfoboxParameter The configuration parameters for the infobox.
+ * @param infoboxTokenList Contains the infobox token to be validated.
+ * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en)
+ * should be hidden in any SAML attributes returned by
+ * an infobox validator.
+ *
+ * @return Parameters for validating an infobox token.
+ */
+ public static InfoboxValidatorParams buildInfoboxValidatorParams(
+ AuthenticationSession session,
+ VerifyInfoboxParameter verifyInfoboxParameter,
+ List infoboxTokenList,
+ boolean hideStammzahl)
+ {
+ InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
+ IdentityLink identityLink = session.getIdentityLink();
+
+ // the infobox token to validate
+ infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
+ // configuration parameters
+ infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
+ infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
+ infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
+ // authentication session parameters
+ infoboxValidatorParams.setBkuURL(session.getBkuURL());
+ infoboxValidatorParams.setTarget(session.getTarget());
+ infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
+ // parameters from the identity link
+ infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
+ infoboxValidatorParams.setGivenName(identityLink.getGivenName());
+ infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
+ if (verifyInfoboxParameter.getProvideStammzahl()) {
+ infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
+ }
+ infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
+ infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
+ if (verifyInfoboxParameter.getProvideIdentityLink()) {
+ Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
+ if (!verifyInfoboxParameter.getProvideStammzahl()) {
+ Element identificationValueElem =
+ (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
+ if (identificationValueElem != null) {
+ identificationValueElem.getFirstChild().setNodeValue("");
+ }
+ }
+ infoboxValidatorParams.setIdentityLink(identityLinkElem);
+ }
+ infoboxValidatorParams.setHideStammzahl(hideStammzahl);
+ return infoboxValidatorParams;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
new file mode 100644
index 000000000..819ed79bb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -0,0 +1,59 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Builder for the <code>lt;pr:Person&gt;</code> element to be inserted
+ * in the authentication data <code>lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PersonDataBuilder {
+
+ /**
+ * Constructor for PersonDataBuilder.
+ */
+ public PersonDataBuilder() {
+ super();
+ }
+ /**
+ * Builds the <code>&lt;pr:Person&gt;</code> element.<br/>
+ * Utilizes the parsed <code>&lt;prPerson&gt;</code> from the identity link
+ * and the information regarding inclusion of <code>"Stammzahl"</code> in the
+ * <code>&lt;pr:Person&gt;</code> data.
+ *
+ * @param identityLink <code>IdentityLink</code> containing the
+ * attribute <code>prPerson</code>
+ * @param provideStammzahl true if <code>"Stammzahl"</code> is to be included;
+ * false otherwise
+ * @return the <code>&lt;pr:Person&gt;</code> element as a String
+ * @throws BuildException on any error
+ */
+ public String build(IdentityLink identityLink, boolean provideStammzahl)
+ throws BuildException {
+
+ try {
+ Element prPerson = (Element)identityLink.getPrPerson().cloneNode(true);
+ if (! provideStammzahl) {
+ Node prIdentification = XPathUtils.selectSingleNode(prPerson, "pr:Identification/pr:Value");
+ //remove IdentificationValue
+ prIdentification.getFirstChild().setNodeValue("");
+ }
+ String xmlString = DOMUtils.serializeNode(prPerson);
+ return xmlString;
+ }
+ catch (Exception ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"PersonData", ex.toString()},
+ ex);
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
new file mode 100644
index 000000000..27e19e830
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -0,0 +1,60 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.ByteArrayOutputStream;
+import java.security.MessageDigest;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Builder for the SAML artifact, as defined in the
+ * Browser/Artifact profile of SAML.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactBuilder {
+
+ /**
+ * Constructor for SAMLArtifactBuilder.
+ */
+ public SAMLArtifactBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the SAML artifact, encoded BASE64.
+ * <ul>
+ * <li><code>TypeCode</code>: <code>0x0001</code>.</li>
+ * <li><code>SourceID</code>: SHA-1 hash of the authURL</li>
+ * <li><code>AssertionHandle</code>: SHA-1 hash of the <code>MOASessionID</code></li>
+ * </ul>
+ * @param authURL URL auf the MOA-ID Auth component to be used for construction
+ * of <code>SourceID</code>
+ * @param sessionID <code>MOASessionID</code> to be used for construction
+ * of <code>AssertionHandle</code>
+ * @return the 42-byte SAML artifact, encoded BASE64
+ */
+ public String build(String authURL, String sessionID) throws BuildException {
+ try {
+ MessageDigest md = MessageDigest.getInstance("SHA-1");
+ byte[] sourceID = md.digest(authURL.getBytes());
+ byte[] assertionHandle = md.digest(sessionID.getBytes());
+ ByteArrayOutputStream out = new ByteArrayOutputStream(42);
+ out.write(0);
+ out.write(1);
+ out.write(sourceID, 0, 20);
+ out.write(assertionHandle, 0, 20);
+ byte[] samlArtifact = out.toByteArray();
+ String samlArtifactBase64 = Base64Utils.encode(samlArtifact);
+ return samlArtifactBase64;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"SAML Artifact, MOASessionID=" + sessionID, ex.toString()},
+ ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
new file mode 100644
index 000000000..64cb16181
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
@@ -0,0 +1,91 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * Builder for the <code>lt;samlp:Response&gt;</code> used for passing
+ * result and status information from the <code>GetAuthenticationData</code>
+ * web service.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLResponseBuilder implements Constants {
+ /** XML - Template for samlp:Response */
+ private static final String RESPONSE =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Response xmlns:samlp=\"" + SAMLP_NS_URI + "\" xmlns:saml=\"" + SAML_NS_URI + "\"" +
+ " ResponseID=\"{0}\" InResponseTo=\"{1}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{2}\">" +
+ " <samlp:Status>" +
+ " <samlp:StatusCode Value=\"{3}\">" +
+ " {4}" +
+ " </samlp:StatusCode>" +
+ " <samlp:StatusMessage>{5}</samlp:StatusMessage>" +
+ " </samlp:Status>" +
+ " {6}" +
+ "</samlp:Response>";
+ /** XML - Template for samlp:StatusCode */
+ private static final String SUB_STATUS_CODE =
+ "<samlp:StatusCode Value=\"{0}\"></samlp:StatusCode>";
+
+ /**
+ * Constructor for SAMLResponseBuilder.
+ */
+ public SAMLResponseBuilder() {
+ super();
+ }
+ /**
+ * Builds the SAML response.
+ * @param responseID response ID
+ * @param inResponseTo request ID of <code>lt;samlp:Request&gt;</code> responded to
+ * @param issueInstant current timestamp
+ * @param statusCode status code
+ * @param subStatusCode sub-status code refining the status code; may be <code>null</code>
+ * @param statusMessage status message
+ * @param samlAssertion SAML assertion representing authentication data
+ * @return SAML response as a DOM element
+ */
+ public Element build(
+ String responseID,
+ String inResponseTo,
+ String issueInstant,
+ String statusCode,
+ String subStatusCode,
+ String statusMessage,
+ String samlAssertion)
+ throws BuildException {
+
+ try {
+ String xmlSubStatusCode =
+ subStatusCode == null ?
+ "" :
+ MessageFormat.format(SUB_STATUS_CODE, new Object[] {subStatusCode});
+
+ String xmlResponse = MessageFormat.format(RESPONSE, new Object[] {
+ responseID,
+ inResponseTo,
+ issueInstant,
+ statusCode,
+ xmlSubStatusCode,
+ statusMessage,
+ StringUtils.removeXMLDeclaration(samlAssertion) });
+ Element domResponse = DOMUtils.parseDocument(xmlResponse, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ return domResponse;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "samlp:Response", ex.toString() },
+ ex);
+ }
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
new file mode 100644
index 000000000..312179e73
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
@@ -0,0 +1,63 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for the BKU selection form requesting the user to choose
+ * a BKU from a list.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SelectBKUFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /** special tag in the HTML template to be substituted for the form action which is
+ * a URL of MOA-ID Auth */
+ private static final String ACTION_TAG = "<StartAuth>";
+ /** special tag in the HTML template to be substituted for the <code>&lt;select;gt;</code> tag
+ * containing the BKU selection options */
+ private static final String SELECT_TAG = "<BKUSelect>";
+ /**
+ * Template for the default html-code to be returned as security-layer-selection to be built
+ */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ "<head>" + nl +
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<title>Auswahl der B&uuml;rgerkartenumgebung</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<form name=\"BKUSelectionForm\"" + nl +
+ " action=\"" + ACTION_TAG + "\"" + nl +
+ " method=\"post\">" + nl +
+ SELECT_TAG + nl +
+ " <input type=\"submit\" value=\"B&uuml;rgerkartenumgebung ausw&auml;hlen\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+
+ /**
+ * Constructor
+ */
+ public SelectBKUFormBuilder() {
+ super();
+ }
+ /**
+ * Method build. Builds the form
+ * @param htmlTemplate to be used
+ * @param startAuthenticationURL the url where the startAuthenticationServlet can be found
+ * @param bkuSelectTag if a special bku should be used
+ * @return String
+ * @throws BuildException on any error
+ */
+ public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag)
+ throws BuildException {
+
+ String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+ htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1);
+ htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1);
+ return htmlForm;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
new file mode 100644
index 000000000..758f28150
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -0,0 +1,206 @@
+package at.gv.egovernment.moa.id.auth.builder;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
+ * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestBuilder {
+
+ /** shortcut for XMLNS namespace URI */
+ private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
+ /** shortcut for MOA namespace URI */
+ private static final String MOA_NS_URI = Constants.MOA_NS_URI;
+ /** The DSIG-Prefix */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+ /** The document containing the <code>VerifyXMLsignatureRequest</code> */
+ private Document requestDoc_;
+ /** the <code>VerifyXMLsignatureRequest</code> root element */
+ private Element requestElem_;
+
+
+ /**
+ * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root
+ * element and namespace declarations.
+ *
+ * @throws BuildException If an error occurs on building the document.
+ */
+ public VerifyXMLSignatureRequestBuilder() throws BuildException {
+ try {
+ DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ requestDoc_ = docBuilder.newDocument();
+ requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
+ requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
+ requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ requestDoc_.appendChild(requestElem_);
+ } catch (Throwable t) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"VerifyXMLSignatureRequest", t.toString()},
+ t);
+ }
+ }
+
+
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from an IdentityLink with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param identityLink - The IdentityLink
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ *
+ * @return Element - The complete request as Dom-Element
+ *
+ * @throws ParseException
+ */
+ public Element build(IdentityLink identityLink, String trustProfileID)
+ throws ParseException
+ {
+ try {
+ // build the request
+ Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
+ requestElem_.appendChild(dateTimeElem);
+ Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
+ dateTimeElem.appendChild(dateTime);
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+ Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
+ verifySignatureEnvironmentElem.appendChild(base64ContentElem);
+ // insert the base64 encoded identity link SAML assertion
+ String serializedAssertion = identityLink.getSerializedSamlAssertion();
+ String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8"));
+ //replace all '\r' characters by no char.
+ StringBuffer replaced = new StringBuffer();
+ for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
+ char c = base64EncodedAssertion.charAt(i);
+ if (c != '\r') {
+ replaced.append(c);
+ }
+ }
+ base64EncodedAssertion = replaced.toString();
+ Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
+ base64ContentElem.appendChild(base64Content);
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
+ // add the transforms
+ Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+ signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+ Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
+ for (int i = 0; i < dsigTransforms.length; i++) {
+ Element verifyTransformsInfoProfileElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
+ referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
+ verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));
+ }
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
+ } catch (Throwable t) {
+ throw new ParseException("builder.00",
+ new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
+ }
+
+ return requestElem_;
+ }
+
+
+ /**
+ * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
+ * from the signed AUTH-Block with a known trustProfileID which
+ * has to exist in MOA-SP
+ * @param csr - signed AUTH-Block
+ * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID
+ * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
+ * @return Element - The complete request as Dom-Element
+ * @throws ParseException
+ */
+ public Element build(
+ CreateXMLSignatureResponse csr,
+ String[] verifyTransformsInfoProfileID,
+ String trustProfileID)
+ throws BuildException { //samlAssertionObject
+
+ try {
+ // build the request
+// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:"
+// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
+ Element verifiySignatureInfoElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
+ requestElem_.appendChild(verifiySignatureInfoElem);
+ Element verifySignatureEnvironmentElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
+ verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
+ Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
+ verifySignatureEnvironmentElem.appendChild(xmlContentElem);
+ xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
+ // insert the SAML assertion
+ xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true));
+ // specify the signature location
+ Element verifySignatureLocationElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
+ verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
+ Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
+ verifySignatureLocationElem.appendChild(signatureLocation);
+ // signature manifest params
+ Element signatureManifestCheckParamsElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
+ requestElem_.appendChild(signatureManifestCheckParamsElem);
+ signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
+ // add the transform profile IDs
+ Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
+ signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
+ for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
+ Element verifyTransformsInfoProfileIDElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
+ referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
+ verifyTransformsInfoProfileIDElem.appendChild(
+ requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
+ }
+ Element returnHashInputDataElem =
+ requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
+ requestElem_.appendChild(returnHashInputDataElem);
+ Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
+ trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
+ requestElem_.appendChild(trustProfileIDElem);
+
+ } catch (Throwable t) {
+ throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
+ }
+
+ return requestElem_;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
new file mode 100644
index 000000000..90d79a46d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -0,0 +1,383 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.util.Date;
+import java.util.List;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * Session data to be stored between <code>AuthenticationServer</code> API calls.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationSession {
+
+ private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
+
+ /**
+ * session ID
+ */
+ private String sessionID;
+ /**
+ * "Gesch&auml;ftsbereich" the online application belongs to; maybe <code>null</code>
+ * if the online application is a business application
+ */
+ private String target;
+ /**
+ * public online application URL requested
+ */
+ private String oaURLRequested;
+ /**
+ * public online application URL prefix
+ */
+ private String oaPublicURLPrefix;
+ /**
+ * URL of MOA ID authentication component
+ */
+ private String authURL;
+ /**
+ * HTML template URL
+ */
+ private String templateURL;
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+ /**
+ * identity link read from smartcard
+ */
+ private IdentityLink identityLink;
+ /**
+ * authentication block to be signed by the user
+ */
+ private String authBlock;
+ /**
+ * timestamp logging when authentication session has been created
+ */
+ private Date timestampStart;
+ /**
+ * timestamp logging when identity link has been received
+ */
+ private Date timestampIdentityLink;
+ /**
+ * Indicates whether the corresponding online application is a business
+ * service or not
+ */
+ private boolean businessService;
+
+ /**
+ * SAML attributes from an extended infobox validation to be appended
+ * to the SAML assertion delivered to the final online application.
+ */
+ private List extendedSAMLAttributesOA;
+
+ /**
+ * The boolean value for either a target or a wbPK is provided as
+ * SAML Attribute in the SAML Assertion or not.
+ */
+ private boolean samlAttributeGebeORwbpk;
+
+ /**
+ * SAML attributes from an extended infobox validation to be appended
+ * to the SAML assertion of the AUTHBlock.
+ */
+ private List extendedSAMLAttributesAUTH;
+
+ /**
+ * The issuing time of the AUTH-Block SAML assertion.
+ */
+ private String issueInstant;
+
+ /**
+ * Constructor for AuthenticationSession.
+ *
+ * @param id Session ID
+ */
+ public AuthenticationSession(String id) {
+ sessionID = id;
+ setTimestampStart();
+ }
+
+ /**
+ * Returns the identityLink.
+ * @return IdentityLink
+ */
+ public IdentityLink getIdentityLink() {
+ return identityLink;
+ }
+
+ /**
+ * Returns the sessionID.
+ * @return String
+ */
+ public String getSessionID() {
+ return sessionID;
+ }
+
+ /**
+ * Sets the identityLink.
+ * @param identityLink The identityLink to set
+ */
+ public void setIdentityLink(IdentityLink identityLink) {
+ this.identityLink = identityLink;
+ }
+
+ /**
+ * Sets the sessionID.
+ * @param sessionId The sessionID to set
+ */
+ public void setSessionID(String sessionId) {
+ this.sessionID = sessionId;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ * @return String
+ */
+ public String getOAURLRequested() {
+ return oaURLRequested;
+ }
+
+ /**
+ * Returns the oaURLRequested.
+ * @return String
+ */
+ public String getPublicOAURLPrefix() {
+ return oaPublicURLPrefix;
+ }
+
+ /**
+ * Returns the BKU URL.
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Returns the target.
+ * @return String
+ */
+ public String getTarget() {
+ return target;
+ }
+
+ /**
+ * Sets the oaURLRequested.
+ * @param oaURLRequested The oaURLRequested to set
+ */
+ public void setOAURLRequested(String oaURLRequested) {
+ this.oaURLRequested = oaURLRequested;
+ }
+
+ /**
+ * Sets the oaPublicURLPrefix
+ * @param oaPublicURLPrefix The oaPublicURLPrefix to set
+ */
+ public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
+ this.oaPublicURLPrefix = oaPublicURLPrefix;
+ }
+
+ /**
+ * Sets the bkuURL
+ * @param bkuURL The BKU URL to set
+ */
+ public void setBkuURL(String bkuURL) {
+ this.bkuURL = bkuURL;
+ }
+
+ /**
+ * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
+ * @param target The target to set
+ */
+ public void setTarget(String target) {
+ if (target != null && target.startsWith(TARGET_PREFIX_))
+ {
+ // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix
+ this.target = target.substring(TARGET_PREFIX_.length());
+ Logger.debug("Target prefix stripped off; resulting target: " + this.target);
+ }
+ else
+ {
+ this.target = target;
+ }
+ }
+
+ /**
+ * Returns the authURL.
+ * @return String
+ */
+ public String getAuthURL() {
+ return authURL;
+ }
+
+ /**
+ * Sets the authURL.
+ * @param authURL The authURL to set
+ */
+ public void setAuthURL(String authURL) {
+ this.authURL = authURL;
+ }
+
+ /**
+ * Returns the authBlock.
+ * @return String
+ */
+ public String getAuthBlock() {
+ return authBlock;
+ }
+
+ /**
+ * Sets the authBlock.
+ * @param authBlock The authBlock to set
+ */
+ public void setAuthBlock(String authBlock) {
+ this.authBlock = authBlock;
+ }
+
+ /**
+ * Returns the timestampIdentityLink.
+ * @return Date
+ */
+ public Date getTimestampIdentityLink() {
+ return timestampIdentityLink;
+ }
+
+ /**
+ * Returns the businessService.
+ * @return <code>true</code> if the corresponding online application is
+ * a business application, otherwise <code>false</code>
+ */
+ public boolean getBusinessService() {
+ return businessService;
+ }
+
+ /**
+ * Sets the businessService variable.
+ * @param businessService the value for setting the businessService variable.
+ */
+ public void setBusinessService(boolean businessService) {
+ this.businessService = businessService;
+ }
+
+ /**
+ * Returns the timestampStart.
+ * @return Date
+ */
+ public Date getTimestampStart() {
+ return timestampStart;
+ }
+
+ /**
+ * Sets the current date as timestampIdentityLink.
+ */
+ public void setTimestampIdentityLink() {
+ timestampIdentityLink = new Date();
+ }
+
+ /**
+ * Sets the current date as timestampStart.
+ */
+ public void setTimestampStart() {
+ timestampStart = new Date();
+ }
+
+ /**
+ * @return template URL
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+ /**
+ * @param string the template URL
+ */
+ public void setTemplateURL(String string) {
+ templateURL = string;
+ }
+
+ /**
+ * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
+ */
+ public List getExtendedSAMLAttributesAUTH() {
+ return extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the AUTHBlock.
+ *
+ * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock.
+ */
+ public void setExtendedSAMLAttributesAUTH(
+ List extendedSAMLAttributesAUTH) {
+ this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
+ }
+
+ /**
+ * Returns the SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application. Maybe <code>null</code>.
+ *
+ * @return The SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application
+ */
+ public List getExtendedSAMLAttributesOA() {
+ return extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Sets the SAML Attributes to be appended to the SAML assertion
+ * delivered to the online application.
+ *
+ * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML
+ * assertion delivered to the online application.
+ */
+ public void setExtendedSAMLAttributesOA(
+ List extendedSAMLAttributesOA) {
+ this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
+ }
+
+ /**
+ * Returns the boolean value for either a target or a wbPK is
+ * provided as SAML Attribute in the SAML Assertion or not.
+ *
+ * @return true either a target or a wbPK is provided as SAML Attribute
+ * in the SAML Assertion or false if not.
+ */
+ public boolean getSAMLAttributeGebeORwbpk() {
+ return this.samlAttributeGebeORwbpk;
+ }
+
+ /**
+ * Sets the boolean value for either a target or a wbPK is
+ * provided as SAML Attribute in the SAML Assertion or not.
+ *
+ * @param samlAttributeGebeORwbpk The boolean for value either a target or
+ * wbPK is provided as SAML Attribute in the SAML Assertion or not.
+ */
+ public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
+ this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
+ }
+
+ /**
+ * Returns the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @return The issuing time of the AUTH-Block SAML assertion.
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * Sets the issuing time of the AUTH-Block SAML assertion.
+ *
+ * @param issueInstant The issueInstant to set.
+ */
+ public void setIssueInstant(String issueInstant) {
+ this.issueInstant = issueInstant;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
new file mode 100644
index 000000000..d121f2c55
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * This bean saves all information of the CreateXMLSignature-Response:
+ * a {@link SAMLAttribute} array, the SamlAssertion-Element and the
+ * saml NameIdentifier
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class CreateXMLSignatureResponse {
+ /** the samlNameIdentifier */
+private String samlNameIdentifier;
+ /** an array of saml-attributes */
+private SAMLAttribute[] samlAttributes;
+ /**
+ * the original saml:Assertion-Element
+ */
+ private Element samlAssertion;
+/**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+public Element getSamlAssertion() {
+ return samlAssertion;
+}
+
+/**
+ * Returns the samlAttribute.
+ * @return SAMLAttribute[]
+ */
+public SAMLAttribute[] getSamlAttributes() {
+ return samlAttributes;
+}
+
+/**
+ * Returns the samlNameIdentifier.
+ * @return String
+ */
+public String getSamlNameIdentifier() {
+ return samlNameIdentifier;
+}
+
+/**
+ * Sets the samlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+public void setSamlAssertion(Element samlAssertion) {
+ this.samlAssertion = samlAssertion;
+}
+
+/**
+ * Sets the samlAttribute.
+ * @param samlAttributes The samlAttributes to set
+ */
+public void setSamlAttributes(SAMLAttribute[] samlAttributes) {
+ this.samlAttributes = samlAttributes;
+}
+
+/**
+ * Sets the samlNameIdentifier.
+ * @param samlNameIdentifier The samlNameIdentifier to set
+ */
+public void setSamlNameIdentifier(String samlNameIdentifier) {
+ this.samlNameIdentifier = samlNameIdentifier;
+}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
new file mode 100644
index 000000000..795079227
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
@@ -0,0 +1,73 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * A SAML-Attribute to be appended to the final SAML-Assertion
+ * that will be passed to the online application.
+ */
+public interface ExtendedSAMLAttribute {
+ /**
+ * Add this attribute only to the SAML-Assertion
+ * passed to the online application, but not to
+ * the AUTH-Block.
+ */
+ public final static int NOT_ADD_TO_AUTHBLOCK = 0;
+ /**
+ * Add this attribute to both, the AUTH-Block and the
+ * final SAML-Assertion passed to the online application.
+ */
+ public final static int ADD_TO_AUTHBLOCK = 1;
+ /**
+ * Add this attribute to only the AUTH-Block, but not
+ * to the final SAML-Assertion passed to the online application.
+ */
+ public final static int ADD_TO_AUTHBLOCK_ONLY = 2;
+
+ /**
+ * The value of the SAML-Attribute. This must be either a
+ * <code>org.w3c.Element</code> or a <code>java.lang.String</code>
+ * object. Each other type will be ignored. <br>
+ * If, for example, the type of the actual SAML-Attribute is a
+ * <code>&lt;xsd:boolean&gt;</code> the value must be either the String
+ * <code>&quot;true&quot;</code> or <code>&quot;false&quot;</code>.
+ * Or the <code>&lt;xsd:integer&gt;</code> number <code>273</code>
+ * has to be the String <code>&quot;273&quot;</code>.
+ *
+ * @return The value of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public Object getValue();
+
+ /**
+ * The name of the SAML-Attribute.
+ *
+ * @return The name of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public String getName();
+
+ /**
+ * The namespace of the SAML-Attribute.
+ * An application will use the context specific namespace URI for the attribute it returns.
+ * However, if the application cannot explicitely assign a namespace URI, the
+ * {@link at.gv.egovernment.moa.util.Constants#MOA_NS_URI default} MOA namespace URI
+ * should be used.
+ *
+ * @return The namespace of the SAML-Attribute. Must not be <code>null</code>.
+ */
+ public String getNameSpace();
+
+ /**
+ * Specifies if this SAML-Attribute should be added to the AUTH-Block.
+ * <br>
+ * Depending on the returned value, this SAML-Attribute should be only added to the
+ * final SAML-Assertion passed to the online application (0), to both, the final
+ * assertion and the AUTH-Block (1) or to the AUTH-Block only (2).
+ *
+ * @return <ul>
+ * <li>0 - add this SAML-Attribute to the final SAML-Assertion only</li>
+ * <li>1 - add this SAML-Attribute to both, the final SAML-Assertion and the
+ * AUTH-Block</li>
+ * <li>2 - add this SAML-Attribute to the AUTH-Block only
+ * </ul>
+ */
+ public int getAddToAUTHBlock();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
new file mode 100644
index 000000000..e7e490924
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -0,0 +1,137 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * This class contains SAML attributes to be appended to the SAML assertion delivered to
+ * the Online application.
+ *
+ * @author Harald Bratko
+ */
+public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute {
+
+ /**
+ * The value of this SAML attribute. Must be either of type <code>java.lang.String</code>
+ * or <code>org.w3c.Element</code>.
+ */
+ protected Object value_;
+
+ /**
+ * The name of this SAML attribute.
+ */
+ protected String name_;
+
+ /**
+ * The namespace URI of this SAML attribute.
+ */
+ protected String namespace_;
+
+ /**
+ * Specifies whether this SAML attribute should be appended to AUTH Block.
+ */
+ protected int addToAUTHBlock_;
+
+ /**
+ * Sets this ExtendedSAMLAttribute.
+ * @param name The name of this SAML Attribute.
+ * @param value The value of this SAML Attribute. Must be either of type
+ * <code>java.lang.String</code> or <code>org.w3c.dom.Element</code>.
+ * @param namespace The namespace of this SAML Attribute.
+ * @param addToAUTHBlock Specifies if this SAML Attribute should be added to the AUTHBlock.
+ * The following values are allowed:
+ * <ul>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * </li>
+ * </ul>
+ *
+ */
+ public ExtendedSAMLAttributeImpl(String name, Object value, String namespace, int addToAUTHBlock) {
+ name_ = name;
+ value_ = value;
+ namespace_ = namespace;
+ addToAUTHBlock_ = addToAUTHBlock;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getValue()
+ */
+ public Object getValue() {
+ return value_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getName()
+ */
+ public String getName() {
+ return name_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getNameSpace()
+ */
+ public String getNameSpace() {
+ return namespace_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#getAddToAUTHBlock()
+ */
+ public int getAddToAUTHBlock() {
+ return addToAUTHBlock_;
+ }
+
+ /**
+ * Specifies if this SAML Attribute should be added to the AUTHBlock.
+ *
+ * @param addToAUTHBlock One of the following values:
+ * <ul>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#NOT_ADD_TO_AUTHBLOCK}
+ * </li>
+ * <li>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK_ONLY}
+ * </li>
+ * </ul>
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute#ADD_TO_AUTHBLOCK}
+ */
+ public void setAddToAUTHBlock(int addToAUTHBlock) {
+ addToAUTHBlock_ = addToAUTHBlock;
+ }
+
+ /**
+ * Sets the name of this SAML attribute.
+ *
+ * @param name The name of this SAML attribute.
+ */
+ public void setName(String name) {
+ name_ = name;
+ }
+
+ /**
+ * Sets the namespace of this SAML attribute.
+ *
+ * @param namespace The namespace to set.
+ */
+ public void setNamespace(String namespace) {
+ namespace_ = namespace;
+ }
+
+ /**
+ * Sets the value of this SAML attribute.
+ *
+ * @param value The value of this SAML Attribute. Must be either of type
+ * <code>java.lang.String</code> or <code>org.w3c.dom.Element</code>.
+ */
+ public void setValue(Object value) {
+ value_ = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
new file mode 100644
index 000000000..844451035
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -0,0 +1,266 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.io.IOException;
+import java.security.PublicKey;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.DOMUtils;
+
+
+/**
+ * Data contained in an identity link issued by BMI, relevant to the MOA ID component.
+ * <br><code>"IdentityLink"</code> is the translation of <code>"Personenbindung"</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class IdentityLink {
+ /**
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+ */
+ private String identificationValue;
+ /**
+ * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+ */
+ private String identificationType;
+ /**
+ * first name
+ */
+ private String givenName;
+ /**
+ * family name
+ */
+ private String familyName;
+
+ /**
+ * The name as (givenName + familyName)
+ */
+ private String name;
+ /**
+ * date of birth
+ */
+ private String dateOfBirth;
+ /**
+ * the original saml:Assertion-Element
+ */
+ private Element samlAssertion;
+ /**
+ * the serializes saml:Assertion
+ */
+ private String serializedSamlAssertion;
+ /**
+ * Element /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person
+ */
+ private Element prPerson;
+ /**
+ * we need for each dsig:Reference Element all
+ * transformation elements
+ */
+ private Element[] dsigReferenceTransforms;
+
+ /**
+ * The issuing time of the identity link SAML assertion.
+ */
+ private String issueInstant;
+
+ /**
+ * we need all public keys stored in
+ * the identity link
+ */
+ private PublicKey[] publicKey;
+
+ /**
+ * Constructor for IdentityLink
+ */
+ public IdentityLink() {
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return Calendar
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Returns the name.
+ * @return The name.
+ */
+ public String getName() {
+ if (name == null) {
+ name = givenName + " " + familyName;
+ }
+ return name;
+ }
+
+ /**
+ * Returns the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+ * @return String
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Returns the identificationType.
+ * <code>"identificationType"</code> type of the identificationValue in the IdentityLink.
+ * @return String
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(String dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the Type of the identificationValue.
+ * @param identificationType The type of identificationValue to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ public Element getSamlAssertion() {
+ return samlAssertion;
+ }
+
+ /**
+ * Returns the samlAssertion.
+ * @return Element
+ */
+ public String getSerializedSamlAssertion() {
+ return serializedSamlAssertion;
+ }
+
+ /**
+ * Sets the samlAssertion and the serializedSamlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+ public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
+ this.samlAssertion = samlAssertion;
+ this.serializedSamlAssertion = DOMUtils.serializeNode(samlAssertion);
+ }
+
+ /**
+ * Returns the dsigReferenceTransforms.
+ * @return Element[]
+ */
+ public Element[] getDsigReferenceTransforms() {
+ return dsigReferenceTransforms;
+ }
+
+ /**
+ * Sets the dsigReferenceTransforms.
+ * @param dsigReferenceTransforms The dsigReferenceTransforms to set
+ */
+ public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
+ this.dsigReferenceTransforms = dsigReferenceTransforms;
+ }
+
+ /**
+ * Returns the publicKey.
+ * @return PublicKey[]
+ */
+ public PublicKey[] getPublicKey() {
+ return publicKey;
+ }
+
+ /**
+ * Sets the publicKey.
+ * @param publicKey The publicKey to set
+ */
+ public void setPublicKey(PublicKey[] publicKey) {
+ this.publicKey = publicKey;
+ }
+
+ /**
+ * Returns the prPerson.
+ * @return Element
+ */
+ public Element getPrPerson() {
+ return prPerson;
+ }
+
+ /**
+ * Sets the prPerson.
+ * @param prPerson The prPerson to set
+ */
+ public void setPrPerson(Element prPerson) {
+ this.prPerson = prPerson;
+ }
+
+ /**
+ * Returns the issuing time of the identity link SAML assertion.
+ *
+ * @return The issuing time of the identity link SAML assertion.
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * Sets the issuing time of the identity link SAML assertion.
+ *
+ * @param issueInstant The issueInstant to set.
+ */
+ public void setIssueInstant(String issueInstant) {
+ this.issueInstant = issueInstant;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
new file mode 100644
index 000000000..6b1f24aba
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * Contains an infobox token included in an <code>InfoboxReadResponse</code>.
+ * Depending on whether the token is extracted from an <code>XMLContent</code> or a
+ * <code>Base64Content</code> it is either returned as DOM element
+ * ({@link #getXMLToken()}) or base64 encoded string ({@link #getBase64Token()}).
+ *
+ * @author Harald Bratko
+ */
+public interface InfoboxToken {
+
+ /**
+ * The key of the corresponding infobox.
+ * This is the value of <code>Key</code> attribute of the <code>&lt;Pair&gt;</code> child
+ * element in an <code>&lt;AssocArrayData&gt;</code> content of an InfoboxReadResponse.
+ * Maybe <code>null</code> if the InfoboxReadResponse conatains <code>BinaryFileData</code>.
+ *
+ *
+ * @return The key identifier of the corresponding infobox.
+ */
+ public String getKey();
+
+ /**
+ * Specifies if this token is the first token (e.g in an array of tokens) included in an
+ * <code>InfoboxReadResponse</code>. If <code>true</code> this token is the token to be
+ * validated by a corresponding
+ * {@link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator InfoboxValidator}.
+ * If <code>false</code> this token maybe needed to validate the primary token.
+ *
+ * @return <code>True</code> if this token is the first token.
+ */
+ public boolean isPrimary();
+
+ /**
+ * Returns the infobox token.
+ * Maybe <code>null</code> if the token is returned by method {@link #getBase64Token()}
+ * as base64 encoded string.
+ * <br>
+ * Note that this token is <code><i><b>not</b></i></code> validated against the
+ * application specific schema (e.g. Mandates schema in the mandates context).
+ * Thus the validating application <code><i><b>has to</b></i></code> validate the token
+ * against the appropriate schema.
+ *
+ * @return The infobox token. If <code>null</code> the token is returned by method
+ * {@link #getBase64Token()} as base64 encoded string.
+ */
+ public Element getXMLToken();
+
+ /**
+ * Returns the infobox token.
+ * Maybe <code>null</code> if the token is returned by method {@link #getXMLToken()}
+ * as a DOM element.
+ * <br>
+ * Note, that the base64 encoded string actually may include more than one infobox
+ * elements.
+ *
+ * @return The infobox token. If <code>null</code> the token is returned by method
+ * {@link #getBase64Token()} as base64 encoded string.
+ */
+ public String getBase64Token();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
new file mode 100644
index 000000000..f1ff30a8a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
@@ -0,0 +1,129 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import org.w3c.dom.Element;
+
+/**
+ * This class contains an infobox token.
+ *
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxTokenImpl implements InfoboxToken {
+
+ /**
+ * The key of the infobox token.
+ */
+ private String key_;
+
+ /**
+ * Specifies whether this token is the primary (first in an array) token.
+ */
+ private boolean primary_;
+
+ /**
+ * The infobox token.
+ */
+ private Element xmlToken_;
+
+ /**
+ * The base64 encoded infobox token.
+ */
+ private String base64Token_;
+
+ /**
+ * Sets an XML infobox token.
+ *
+ * @param key The key of the infobox token.
+ * @param primary <code>True</code> this token is the primary (e.g .first in an array)
+ * token, otherwise <code>false</code>
+ * @param xmlToken The infobox token.
+ */
+ public InfoboxTokenImpl(String key, boolean primary, Element xmlToken) {
+ key_ = key;
+ primary_ = primary;
+ xmlToken_ = xmlToken;
+ base64Token_ = null;
+ }
+
+ /**
+ * Sets a base64 encoded infobox token.
+ *
+ * @param key The key of the infobox token.
+ * @param primary <code>True</code> this token is the primary (e.g .first in an array)
+ * token, otherwise <code>false</code>
+ * @param base64Token The base64 encoded infobox token.
+ */
+ public InfoboxTokenImpl(String key, boolean primary, String base64Token) {
+ key_ = key;
+ primary_ = primary;
+ base64Token_ = base64Token;
+ xmlToken_ = null;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getKey()
+ */
+ public String getKey() {
+ return key_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#isPrimary()
+ */
+ public boolean isPrimary() {
+ return primary_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getXMLToken()
+ */
+ public Element getXMLToken() {
+ return xmlToken_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxToken#getBase64Token()
+ */
+ public String getBase64Token() {
+ return base64Token_;
+ }
+
+ /**
+ * Sets the key of the infobox token.
+ *
+ * @param key The key of the infobox token.
+ */
+ public void setKey(String key) {
+ key_ = key;
+ }
+
+ /**
+ * Specifies whether this token is the primary (e.g. first in an array) token.
+ *
+ * @param primary <code>True</code> this token is the primary (e.g .first in an array)
+ * token, otherwise <code>false</code>.
+ */
+ public void setPrimary(boolean primary) {
+ primary_ = primary;
+ }
+
+ /**
+ * Sets the base64 encoded token.
+ *
+ * @param base64Token The base64 encoded token.
+ */
+ public void setBase64Token(String base64Token) {
+ base64Token_ = base64Token;
+ }
+
+ /**
+ * Sets the infobox token.
+ *
+ * @param xmlToken The infobox token.
+ */
+ public void setXmlToken(Element xmlToken) {
+ xmlToken_ = xmlToken;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
new file mode 100644
index 000000000..b8dd7f18e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
@@ -0,0 +1,57 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+
+/**
+ * Includes the result of an extended infobox validation.
+ *
+ * If validation succeeds, an array of
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute ExtendedSAMLAttributes}
+ * maybe provided. Each of these SAML-Attributes will be either appended to the
+ * final SAML-Assertion passed to the online application or to the AUTH-Block,
+ * or to both.
+ * <br>
+ * If validation fails the implementing class has to provide a short error message.
+ *
+ * @author Harald Bratko
+ */
+public interface InfoboxValidationResult {
+
+ /**
+ * The method returns <code>true</code> if validation succeeds. In that case
+ * method {@link #getExtendedSamlAttributes()} may provide an array of
+ * {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be appended to the final SAML-Assertion or the
+ * AUTH-Block or to both.
+ * <br>
+ * The method returns <code>false</code> if validation fails. In that case
+ * method {@link #getErrorMessage()} has to provide a short error description.
+ *
+ * @return <code>True</code> if validation succeeds,
+ * otherwise <code>false</code>.
+ */
+ public boolean isValid();
+
+ /**
+ * Returns an array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+ * provided to the online application.
+ * The SAML-Attributes in that array will be added to the final
+ * SAML-Assertion, the AUTH-Block, or both, exactly in the order as they are arranged
+ * in the array this method returns.
+ *
+ * @return An array of {@link at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute
+ * ExtendedSAMLAttributes} that should be added to the SAML-Assertion
+ * provided to the online application, the AUTH-Block, or both. If no attributes should
+ * be added this array maybe <code>null</code> or empty.
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes();
+
+ /**
+ * A short error description that should be displayed by MOA-ID if
+ * validation of the InfoBoxReadResponse fails.
+ *
+ * @return An short error message if validation fails.
+ */
+ public String getErrorMessage();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
new file mode 100644
index 000000000..97f52fb55
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
@@ -0,0 +1,101 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+
+/**
+ * Default implementation of the {@link InfoboxValidationResult} interface.
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxValidationResultImpl implements InfoboxValidationResult {
+
+ /**
+ * Indicates whether the validation was successful or not.
+ */
+ protected boolean valid_;
+
+ /**
+ * The error message.
+ */
+ protected String errorMessage_;
+
+ /**
+ * The SAML attributes returned by the infobox validator.
+ */
+ protected ExtendedSAMLAttribute[] extendedSamlAttributes_;
+
+ /**
+ * Empty constructor.
+ */
+ public InfoboxValidationResultImpl() {
+ }
+
+ /**
+ * Constructor to set all values.
+ *
+ * @param valid Global validation result.
+ * @param extendedSamlAttributes SAML attributes that should be appended to the final
+ * <code>SAML Assertion</code> or to the <code>AUTH Block</code>
+ * or to both.
+ * @param errorMessage An error message if infobox validation fails.
+ */
+ public InfoboxValidationResultImpl(
+ boolean valid,
+ ExtendedSAMLAttribute[] extendedSamlAttributes,
+ String errorMessage)
+ {
+ valid_ = valid;
+ extendedSamlAttributes_ = extendedSamlAttributes;
+ errorMessage_ = errorMessage;
+ }
+
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getErrorMessage()
+ */
+ public String getErrorMessage() {
+ return errorMessage_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#getExtendedSamlAttributes()
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+ return extendedSamlAttributes_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult#isValid()
+ */
+ public boolean isValid() {
+ return valid_;
+ }
+
+ /**
+ * Sets the error message if validation fails..
+ *
+ * @param errorMessage The error message to set.
+ */
+ public void setErrorMessage(String errorMessage) {
+ errorMessage_ = errorMessage;
+ }
+
+ /**
+ * Sets the SAML attributes returned by the infobox validatior..
+ *
+ * @param extendedSamlAttributes The SAML attributes returned by the infobox validator.
+ */
+ public void setExtendedSamlAttributes(ExtendedSAMLAttribute[] extendedSamlAttributes) {
+ extendedSamlAttributes_ = extendedSamlAttributes;
+ }
+
+ /**
+ * Sets validation result..
+ *
+ * @param valid <code>True</code> if the infobox could be validated successfully,
+ * otherwise <code>false</code>.
+ */
+ public void setValid(boolean valid) {
+ valid_ = valid;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
new file mode 100644
index 000000000..c7a557290
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
@@ -0,0 +1,172 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.PublicKey;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+/**
+ * Parameters for validating an infobox.
+ *
+ * This interface is used by MOA-ID to provide parameters to an
+ * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator
+ * InfoboxValidator}.
+ *
+ * @author Harald Bratko
+ */
+public interface InfoboxValidatorParams {
+
+ /**
+ * Returns a list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects. The first token in this list is the one to be validated. Each further token
+ * maybe needed to validate this first token.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects.
+ */
+ public List getInfoboxTokenList();
+
+ /**
+ * Returns the ID of the trust profile to be used for validating
+ * certificates. Maybe ignored by a validator, if no certificates
+ * has to be validated.
+ *
+ * @return The ID of a trust profile.
+ */
+ public String getTrustProfileID();
+
+ /**
+ * Returns schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link Schema} specifying the location
+ * of an XML schema.
+ *
+ * @return A list of {@link Schema} objects each of them specifying the
+ * location of an XML schema.
+ */
+ public List getSchemaLocations();
+
+ /**
+ * Returns the URL of the BKU.
+ * Maybe needed by a validator.
+ *
+ * @return The url of the BKU.
+ */
+ public String getBkuURL();
+
+ /**
+ * Returns the target parameter.
+ * <code>null</code> in the case of a business service.
+ *
+ * @return The target parameter.
+ */
+ public String getTarget();
+
+ /**
+ * Returns <code>true</code> if the application is a business
+ * service, otherwise <code>false</code>. This may be useful
+ * for the validating application.
+ *
+ * @return <code>True</code> if the application is a business
+ * service, otherwise <code>false</code>
+ */
+ public boolean getBusinessApplication();
+
+ /**
+ * Returns the family name from the identity link.
+ * Maybe needed by a validator.
+ *
+ * @return The family name from the identity link.
+ */
+ public String getFamilyName();
+
+ /**
+ * Returns the given name from the identity link.
+ * Maybe needed by a validator.
+ *
+ * @return The given name from the identity link.
+ */
+ public String getGivenName();
+
+ /**
+ * The date of birth from the identity link.
+ * The method returns the value of the <pr:DateOfBirth>
+ * element from the identity link.
+ * Maybe needed by a validator.
+ *
+ * @return The date of birth from the identity link.
+ */
+ public String getDateOfBirth();
+
+ /**
+ * Returns he identification value from the identity
+ * link. This may be the <code>Stammzahl</code>
+ * in the case of a public application or the
+ * <code>wbPK</code> in the case of a business
+ * application. This parameter is only returned
+ * if specified within the config file.
+ *
+ * @return The identification value from the identity link.
+ */
+ public String getIdentificationValue();
+
+ /**
+ * Returns the type of the identification value
+ * from the identity link. This may be
+ * especially of interest for business
+ * applications.
+ *
+ * @return The type of the identification value
+ * from the identity link.
+ */
+ public String getIdentificationType();
+
+ /**
+ * Returns the public keys from the identity link.
+ * Maybe needed by the application.
+ *
+ * @return PublicKey[] The public keys from the
+ * identity link.
+ */
+ public PublicKey[] getPublicKeys();
+
+ /**
+ * Returns the identity link.
+ * A validator may need other data from the identity link, than
+ * family name, given name, date of birth and identification value.
+ * The identity link element is only returned if specified within the
+ * config file.
+ *
+ * @return The identity link.
+ */
+ public Element getIdentityLink();
+
+ /**
+ * Indicates whether source pins (<code>Stammzahl</code>en) should be hidden or not.
+ * If an online application lying behind MOA-ID is not allowed to get source pins
+ * (<code>Stammzahl</code>en), any source pins within <code>SAML attributes</code>
+ * returned by the validator must suppressed:<br>
+ * If the parameter <code>getHideStammzahl</code> is <code>true</code>, then the validator
+ * <b>MUST</b> hide (replace by an empty string) any source pin (<code>Stammzahl</code>)
+ * that may be included in a <code>SAML attribute</code> returned by the validator.
+ *
+ * @return <code>true</code> if source pins (<code>Stammzahl</code>en) must be hidden,
+ * otherwise <code>false</code>.
+ */
+ public boolean getHideStammzahl();
+
+ /**
+ * Returns application specific parameters.
+ * Each child element of this element contains
+ * a validating application specific parameter. The
+ * element is passed as specified within the config
+ * file and its up to the implementing class to
+ * parse and interprete its children.
+ *
+ * @return Application specific parameters.
+ */
+ public Element getApplicationSpecificParams();
+
+}
+
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
new file mode 100644
index 000000000..80ba5995f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
@@ -0,0 +1,348 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import java.security.PublicKey;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+/**
+ * Parameters for validating an infobox.
+ *
+ * This interface is used by MOA-ID to provide parameters to an
+ * {link at.gv.egovernment.moa.id.auth.validator.InfoboxValidator
+ * InfoboxValidator}.
+ *
+ * @author Harald Bratko
+ */
+public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams {
+
+ /**
+ * A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects.
+ * The first token in this list is the one to be validated. Each further token
+ * maybe needed to validate this first token.
+ */
+ protected List infoboxTokenList_;
+
+ /**
+ * The ID of the trust profile used for validating certificates.
+ */
+ protected String trustProfileID_;
+
+ /**
+ * The locations of schemas that maybe needed for validating infobox tokens.
+ */
+ protected List schemaLocations_;
+
+ /**
+ * The URL of the BKU.
+ */
+ protected String bkuURL_;
+
+ /**
+ * Specifies whether the current online application is a business or a public application.
+ */
+ protected boolean businessApplication_;
+
+ /**
+ * The target parameter.
+ */
+ protected String target_;
+
+ /**
+ * The family name from the identity link.
+ */
+ protected String familyName_;
+
+ /**
+ * The given name from the identity link.
+ */
+ protected String givenName_;
+
+ /**
+ * The date of birth from the identity link.
+ */
+ protected String dateOfBirth_;
+
+ /**
+ * The date of identification value.
+ */
+ protected String identificationValue_;
+
+ /**
+ * The identification type.
+ */
+ protected String identificationType_;
+
+ /**
+ * The public keys from the identity link.
+ */
+ protected PublicKey[] publicKeys_;
+
+ /**
+ * The identity link.
+ */
+ protected Element identityLink_;
+
+ /**
+ * Indicates whether source pins (<code>Stammzahl</code>en) must be hidden or not.
+ */
+ protected boolean hideStammzahl_;
+
+ /**
+ * Application specific parameters.
+ */
+ protected Element applicationSpecificParams_;
+
+ /**
+ * Empty constructor.
+ */
+ public InfoboxValidatorParamsImpl() {
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getInfoboxTokenList()
+ */
+ public List getInfoboxTokenList() {
+ return infoboxTokenList_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTrustProfileID()
+ */
+ public String getTrustProfileID() {
+ return trustProfileID_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getSchemaLocations()
+ */
+ public List getSchemaLocations() {
+ return schemaLocations_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBkuURL()
+ */
+ public String getBkuURL() {
+ return bkuURL_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getTarget()
+ */
+ public String getTarget() {
+ return target_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication()
+ */
+ public boolean getBusinessApplication() {
+ return businessApplication_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getFamilyName()
+ */
+ public String getFamilyName() {
+ return familyName_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getGivenName()
+ */
+ public String getGivenName() {
+ return givenName_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDateOfBirth()
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationValue()
+ */
+ public String getIdentificationValue() {
+ return identificationValue_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentificationType()
+ */
+ public String getIdentificationType() {
+ return identificationType_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getPublicKeys()
+ */
+ public PublicKey[] getPublicKeys() {
+ return publicKeys_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getIdentityLink()
+ */
+ public Element getIdentityLink() {
+ return identityLink_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getHideStammzahl()
+ */
+ public boolean getHideStammzahl() {
+ return hideStammzahl_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getApplicationSpecificParams()
+ */
+ public Element getApplicationSpecificParams() {
+ return applicationSpecificParams_;
+ }
+
+ /**
+ * Sets the application specific parameters.
+ *
+ * @param applicationSpecificParams The application specific parameters to set.
+ */
+ public void setApplicationSpecificParams(Element applicationSpecificParams) {
+ applicationSpecificParams_ = applicationSpecificParams;
+ }
+
+ /**
+ * Sets the bku URL.
+ *
+ * @param bkuURL The bku URL to set.
+ */
+ public void setBkuURL(String bkuURL) {
+ bkuURL_ = bkuURL;
+ }
+
+ /**
+ * Sets the business application parameter.
+ *
+ * @param businessApplication The business application parameter to set.
+ * (<code>True</code> if the application is a business
+ * application, otherwies <code>false</code>).
+ */
+ public void setBusinessApplication(boolean businessApplication) {
+ businessApplication_ = businessApplication;
+ }
+
+ /**
+ * Sets the date of birth.
+ *
+ * @param dateOfBirth The date of birth.
+ */
+ public void setDateOfBirth(String dateOfBirth) {
+ dateOfBirth_ = dateOfBirth;
+ }
+
+ /**
+ * Sets the family name.
+ *
+ * @param familyName The family name.
+ */
+ public void setFamilyName(String familyName) {
+ familyName_ = familyName;
+ }
+
+ /**
+ * Sets the given name.
+ *
+ * @param givenName The given name.
+ */
+ public void setGivenName(String givenName) {
+ givenName_ = givenName;
+ }
+
+ /**
+ * Sets the identification type.
+ *
+ * @param identificationType The identification type.
+ */
+ public void setIdentificationType(String identificationType) {
+ identificationType_ = identificationType;
+ }
+
+ /**
+ * Sets the identification value.
+ *
+ * @param identificationValue The identification value.
+ */
+ public void setIdentificationValue(String identificationValue) {
+ identificationValue_ = identificationValue;
+ }
+
+ /**
+ * Sets the identity link.
+ *
+ * @param identityLink The identity link.
+ */
+ public void setIdentityLink(Element identityLink) {
+ identityLink_ = identityLink;
+ }
+
+ /**
+ * Sets the infobox token to be validated.
+ *
+ * @param infoboxTokenList A list {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects.
+ */
+ public void setInfoboxTokenList(List infoboxTokenList) {
+ infoboxTokenList_ = infoboxTokenList;
+ }
+
+ /**
+ * Sets the public Keys.
+ *
+ * @param publicKeys The public keys.
+ */
+ public void setPublicKeys(PublicKey[] publicKeys) {
+ publicKeys_ = publicKeys;
+ }
+
+ /**
+ * Sets the schema locations.
+ *
+ * @param schemaLocations The schema locations. A list of
+ * {@link Schema} objects.
+ */
+ public void setSchemaLocations(List schemaLocations) {
+ schemaLocations_ = schemaLocations;
+ }
+
+ /**
+ * Sets the target.
+ *
+ * @param target The target.
+ */
+ public void setTarget(String target) {
+ target_ = target;
+ }
+
+ /**
+ * Sets the ID of the trust profile used for validating certificates.
+ *
+ * @param trustProfileID the ID of the trust profile used for validating certificates.
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ trustProfileID_ = trustProfileID;
+ }
+
+ /**
+ * Sets the {@link #hideStammzahl_} parameter. This indicates whether source pins
+ * (<code>Stammzahl</code>en) must be hidden or not.
+ *
+ * @param hideStammzahl <code>True</code> if source pins (<code>Stammzahl</code>en) should
+ * be hidden, otherwise <code>false</code>.
+ */
+ public void setHideStammzahl(boolean hideStammzahl) {
+ hideStammzahl_ = hideStammzahl;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
new file mode 100644
index 000000000..76ba6366d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
@@ -0,0 +1,79 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * This bean saves all data of a single SAMLAttribute:
+ * the name, value and namespace
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class SAMLAttribute {
+
+ /** the name to be stored */
+ private String name;
+ /** the namespace to be stored */
+ private String namespace;
+ /** the value to be stored */
+ private Object value;
+
+ /**
+ * Constructor for SAMLAttribute.
+ */
+ public SAMLAttribute(String name, String namespace, Object value) {
+
+ this.name = name;
+ this.namespace = namespace;
+ this.value = value;
+
+ }
+
+ /**
+ * Returns the name.
+ * @return String
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * Returns the namespace.
+ * @return String
+ */
+ public String getNamespace() {
+ return namespace;
+ }
+
+ /**
+ * Returns the value.
+ * @return String
+ */
+ public Object getValue() {
+ return value;
+ }
+
+ /**
+ * Sets the name.
+ * @param name The name to set
+ */
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ /**
+ * Sets the namespace.
+ * @param namespace The namespace to set
+ */
+ public void setNamespace(String namespace) {
+ this.namespace = namespace;
+ }
+
+ /**
+ * Sets the value.
+ * @param value The value to set
+ */
+ public void setValue(Object value) {
+ this.value = value;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java
new file mode 100644
index 000000000..c113f16b8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java
@@ -0,0 +1,26 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * Specifies the location of a schema.
+ *
+ * @author Harald Bratko
+ */
+public interface Schema {
+
+ /**
+ * The namespace URI of this schema.
+ *
+ * @return The namespace of this schema.
+ */
+ public String getNamespace();
+
+ /**
+ * The location URI of this schema.
+ * Relative paths have to be interpreted relative to the
+ * location of the MOA-ID config file.
+ *
+ * @return The location URI of this schema.
+ */
+ public String getSchemaLocation();
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
new file mode 100644
index 000000000..964725416
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
@@ -0,0 +1,63 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+/**
+ * This class specifies the location of a schema.
+ *
+ * @author Harald Bratko
+ */
+public class SchemaImpl implements Schema {
+
+ /**
+ * The namespace of this schema.
+ */
+ protected String namespace_;
+
+ /**
+ * The location (URI) of this schema;
+ */
+ protected String schemaLocation_;
+
+ /**
+ * Sets the namespace and schema location URIS of this schema.
+ *
+ * @param namespace The namespace URI of this schema.
+ * @param schemaLocation The location URI of this schema.
+ */
+ public SchemaImpl(String namespace, String schemaLocation) {
+ namespace_ = namespace;
+ schemaLocation_ = schemaLocation;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.Schema#getNamespace()
+ */
+ public String getNamespace() {
+ return namespace_;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.auth.data.Schema#getSchemaLocation()
+ */
+ public String getSchemaLocation() {
+ return schemaLocation_;
+ }
+
+ /**
+ * Sets the namespace.
+ *
+ * @param namespace The namespace to set.
+ */
+ public void setNamespace(String namespace) {
+ namespace_ = namespace;
+ }
+
+ /**
+ * Sets the location URI of this schema.
+ *
+ * @param schemaLocation The schemaLocation to set.
+ */
+ public void setSchemaLocation(String schemaLocation) {
+ schemaLocation_ = schemaLocation;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
new file mode 100644
index 000000000..8233d1478
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -0,0 +1,177 @@
+package at.gv.egovernment.moa.id.auth.data;
+
+import iaik.x509.X509Certificate;
+
+/**
+ * This bean saves all information of the MOA-SP-Answer
+ * after the verification of any signature
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class VerifyXMLSignatureResponse {
+ /** The xmlDsigSubjectName to be stored */
+ private String xmlDsigSubjectName;
+ /** The signatureCheckCode to be stored */
+ private int signatureCheckCode;
+ /** The xmlDSIGManifestCheckCode to be stored */
+ private int xmlDSIGManifestCheckCode;
+ /** The xmlDSIGManigest to be stored */
+ private boolean xmlDSIGManigest;
+ /** The certificateCheckCode to be stored */
+ private int certificateCheckCode;
+ /** The publicAuthority to be stored */
+ private boolean publicAuthority;
+ /** The publicAuthorityCode to be stored */
+ private String publicAuthorityCode;
+ /** The qualifiedCertificate to be stored */
+ private boolean qualifiedCertificate;
+ /** The x509certificate to be stored */
+ private X509Certificate x509certificate;
+
+ /**
+ * Returns the certificateCheckCode.
+ * @return int
+ */
+ public int getCertificateCheckCode() {
+ return certificateCheckCode;
+ }
+
+ /**
+ * Returns the signatureCheckCode.
+ * @return int
+ */
+ public int getSignatureCheckCode() {
+ return signatureCheckCode;
+ }
+
+ /**
+ * Returns the xmlDSIGManifestCheckCode.
+ * @return int
+ */
+ public int getXmlDSIGManifestCheckCode() {
+ return xmlDSIGManifestCheckCode;
+ }
+
+ /**
+ * Returns the xmlDsigSubjectName.
+ * @return String
+ */
+ public String getXmlDsigSubjectName() {
+ return xmlDsigSubjectName;
+ }
+
+ /**
+ * Sets the certificateCheckCode.
+ * @param certificateCheckCode The certificateCheckCode to set
+ */
+ public void setCertificateCheckCode(int certificateCheckCode) {
+ this.certificateCheckCode = certificateCheckCode;
+ }
+
+ /**
+ * Sets the signatureCheckCode.
+ * @param signatureCheckCode The signatureCheckCode to set
+ */
+ public void setSignatureCheckCode(int signatureCheckCode) {
+ this.signatureCheckCode = signatureCheckCode;
+ }
+
+ /**
+ * Sets the xmlDSIGManifestCheckCode.
+ * @param xmlDSIGManifestCheckCode The xmlDSIGManifestCheckCode to set
+ */
+ public void setXmlDSIGManifestCheckCode(int xmlDSIGManifestCheckCode) {
+ this.xmlDSIGManifestCheckCode = xmlDSIGManifestCheckCode;
+ }
+
+ /**
+ * Sets the xmlDsigSubjectName.
+ * @param xmlDsigSubjectName The xmlDsigSubjectName to set
+ */
+ public void setXmlDsigSubjectName(String xmlDsigSubjectName) {
+ this.xmlDsigSubjectName = xmlDsigSubjectName;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return int
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityCode The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityCode) {
+ this.publicAuthorityCode = publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the x509certificate.
+ * @return X509Certificate
+ */
+ public X509Certificate getX509certificate() {
+ return x509certificate;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the x509certificate.
+ * @param x509certificate The x509certificate to set
+ */
+ public void setX509certificate(X509Certificate x509certificate) {
+ this.x509certificate = x509certificate;
+ }
+
+ /**
+ * Returns the xmlDSIGManigest.
+ * @return boolean
+ */
+ public boolean isXmlDSIGManigest() {
+ return xmlDSIGManigest;
+ }
+
+ /**
+ * Sets the xmlDSIGManigest.
+ * @param xmlDSIGManigest The xmlDSIGManigest to set
+ */
+ public void setXmlDSIGManigest(boolean xmlDSIGManigest) {
+ this.xmlDSIGManigest = xmlDSIGManigest;
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
new file mode 100644
index 000000000..a18cf7322
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -0,0 +1,92 @@
+package at.gv.egovernment.moa.id.auth.invoke;
+
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser;
+import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+
+/**
+ * Invoker of the <code>SignatureVerification</code> web service of MOA-SPSS.<br>
+ * Either invokes the web service, or calls the corresponding API, depending on configuration data.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class SignatureVerificationInvoker {
+ /** This QName Object identifies the SignatureVerification endpoint of the web service */
+ private static final QName SERVICE_QNAME = new QName("SignatureVerification");
+
+ /**
+ * Method verifyXMLSignature.
+ * @param request to be sent
+ * @return Element with the answer
+ * @throws ServiceException if an error occurs
+ */
+ public Element verifyXMLSignature(Element request) throws ServiceException {
+ return doCall(SERVICE_QNAME, request);
+ }
+
+ /**
+ * Method doCall.
+ * @param serviceName the name of the service
+ * @param request the request to be sent
+ * @return Element the answer
+ * @throws ServiceException if an error occurs
+ */
+ protected Element doCall(QName serviceName, Element request) throws ServiceException {
+ ConnectionParameter authConnParam = null;
+ try {
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+ SOAPBodyElement body = new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+ Vector responses;
+ SOAPBodyElement response;
+
+ String endPoint;
+ AuthConfigurationProvider authConfigProvider = AuthConfigurationProvider.getInstance();
+ authConnParam = authConfigProvider.getMoaSpConnectionParameter();
+ //If the ConnectionParameter do NOT exist, we try to get the api to work....
+ if (authConnParam != null) {
+ endPoint = authConnParam.getUrl();
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(serviceName, params);
+ response = (SOAPBodyElement) responses.get(0);
+ return response.getAsDOM();
+ }
+ else {
+ SignatureVerificationService svs = SignatureVerificationService.getInstance();
+ VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request);
+
+ VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest);
+ Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse);
+
+ Logger.setHierarchy("moa.id.auth");
+ return result.getDocumentElement();
+ }
+ }
+ catch (Exception ex) {
+ if (authConnParam != null) {
+ throw new ServiceException("service.00", new Object[] { ex.toString()}, ex);
+ } else {
+ throw new ServiceException("service.03", new Object[] { ex.toString()}, ex);
+ }
+ }
+ }
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
new file mode 100644
index 000000000..a8b870f04
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -0,0 +1,193 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses an <code>&lt;InfoboxReadResponse&gt;</code> returned from
+ * the security layer
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class CreateXMLSignatureResponseParser {
+ //
+ // XPath namespace prefix shortcuts
+ //
+
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static final String SAML = Constants.SAML_PREFIX + ":";
+ /** Xpath prefix for reaching XML-DSIG Namespaces */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = ":CreateXMLSignatureResponse/";
+ /** Xpath expression to the SAML:Assertion element */
+ private static final String SAML_ASSERTION_XPATH = ROOT + SAML + "Assertion";
+ /** Xpath expression to the SAML:NameIdentifier element */
+ private static final String SAML_SUBJECT_NAME_IDENTIFIER_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Subject/" + SAML + "NameIdentifier";
+ /** Xpath expression to the AttributeStatement element */
+ private static final String SAML_ATTRIBUTE_XPATH = SAML_ASSERTION_XPATH + "/" + SAML + "AttributeStatement/" + SAML + "Attribute";
+ /** Xpath expression to the AttributeValue element */
+ private static final String SAML_ATTRIBUTE_VALUE_XPATH = SAML + "AttributeValue";
+
+
+ /** This is the root element of the CreateXMLsignatureResponse */
+ private Element sigResponse_;
+
+ /**
+ * Parses and validates the document given as string and extracts the
+ * root element.
+ *
+ * @param xmlResponse <code>&lt;CreateXMLSignatureResponse&gt;</code> as String
+ *
+ * @throws AuthenticationException if any authentication error occurs
+ * @throws ParseException if an element cannot be parsed
+ */
+ public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException {
+ try {
+ InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+ init(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Parses and validates the document given as stream and extracts the
+ * root element.
+ *
+ * @param is <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ *
+ * @throws AuthenticationException If any authentication error occurs
+ * @throws ParseException If an element cannot be parsed
+ */
+ public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException {
+ init(is);
+ }
+
+ /**
+ * Constructor for CreateXMLSignatureResponseParser.
+ * The incoming Element will be used for further operations
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ */
+ public CreateXMLSignatureResponseParser(Element xmlResponse) {
+ sigResponse_ = xmlResponse;
+ }
+
+ /**
+ * Initializes the parser.
+ * Parses and validates the document given as stream and extracts the
+ * root element.
+ *
+ * @param is The CreateXMLSignatureResponse as stream.
+ * @throws AuthenticationException if an authentication error occurs.
+ * @throws ParseException If an error occurs on parsing the the document.
+ */
+ private void init(InputStream is) throws AuthenticationException, ParseException {
+ try {
+
+ Element responseElem = DOMUtils.parseXmlValidating(is);
+
+ if ("CreateXMLSignatureResponse".equals(responseElem.getLocalName())) {
+ sigResponse_ = responseElem;
+ } else {
+ ErrorResponseParser erp = new ErrorResponseParser(responseElem);
+ throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ }
+
+ } catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Unmarshalls the <@link sigResponse> to an
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code> object.
+ *
+ * @return a <code>&lt;CreateXMLSignatureResponse&gt;</code> object
+ * @throws ParseException
+ */
+
+ public CreateXMLSignatureResponse parseResponse() throws ParseException {
+ CreateXMLSignatureResponse cResp;
+ try {
+ cResp = new CreateXMLSignatureResponse();
+ String slPrefix = XPathUtils.getSlPrefix(sigResponse_);
+ cResp.setSamlNameIdentifier(XPathUtils.getElementValue(sigResponse_, "/" + slPrefix + SAML_SUBJECT_NAME_IDENTIFIER_XPATH, null));
+ cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse_, "/" + slPrefix + SAML_ASSERTION_XPATH));
+ NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse_, "/" + slPrefix + SAML_ATTRIBUTE_XPATH);
+ Element samlAttr;
+ List samlAttributes = new ArrayList();
+ while ((samlAttr = (Element) attrIter.nextNode()) != null) {
+ String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", "");
+ String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", "");
+ Object attrValue;
+ Element attrValueElem = (Element)XPathUtils.selectSingleNode(samlAttr, SAML_ATTRIBUTE_VALUE_XPATH);
+ attrValue = DOMUtils.getElementFromNodeList(attrValueElem.getChildNodes());
+ if (attrValue == null) {
+ if (null!=attrValueElem.getFirstChild()) {
+ attrValue = attrValueElem.getFirstChild().getNodeValue();
+ } else {
+ attrValue = "";
+ }
+ }
+ samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
+ }
+ SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
+ samlAttributes.toArray(result);
+ cResp.setSamlAttributes(result);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ return cResp;
+ }
+
+// public CreateXMLSignatureResponse parseResponse() throws ParseException {
+// CreateXMLSignatureResponse cResp;
+// try {
+// cResp = new CreateXMLSignatureResponse();
+// Element samlAssertion = (Element)sigResponse.getElementsByTagNameNS(Constants.SAML_NS_URI, "Assertion").item(0);
+// cResp.setSamlAssertion(samlAssertion);
+// Element samlAttributeStatement = (Element)samlAssertion.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeStatement").item(0);
+// Element samlSubject = (Element)samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Subject").item(0);
+// Element samlNameIdentifier = (Element)samlSubject.getElementsByTagNameNS(Constants.SAML_NS_URI, "NameIdentifier").item(0);
+// cResp.setSamlNameIdentifier(samlNameIdentifier.getFirstChild().getNodeValue());
+// NodeList nl = samlAttributeStatement.getElementsByTagNameNS(Constants.SAML_NS_URI, "Attribute");
+// List samlAttributes = new ArrayList();
+// for (int i=0; i<nl.getLength(); i++) {
+// Element samlAttribute = (Element)nl.item(i);
+// String attrName = samlAttribute.getAttribute("AttributeName");
+// String attrNamespace = samlAttribute.getAttribute("AttributeNamespace");
+// String attrValue = ((Element)samlAttribute.getElementsByTagNameNS(Constants.SAML_NS_URI, "AttributeValue").item(0)).getFirstChild().getNodeValue();
+// samlAttributes.add(new SAMLAttribute(attrName, attrNamespace, attrValue));
+// }
+// SAMLAttribute[] result = new SAMLAttribute[samlAttributes.size()];
+// samlAttributes.toArray(result);
+// cResp.setSamlAttributes(result);
+// }
+// catch (Throwable t) {
+// throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+// }
+// return cResp;
+// }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
new file mode 100644
index 000000000..e3c54095d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
@@ -0,0 +1,72 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Parses an <code>&lt;ErrorResponse&gt;</code>.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class ErrorResponseParser {
+
+ /**
+ * The error code included in this error response.
+ * <code>1000</code> is used as default value, if some problems occur on
+ * evaluating the error response.
+ */
+ private String errorCode_ = "1000";
+
+ /**
+ * The error info included in this error response.
+ * <code>&lt;Unklassifizierter Fehler.&gt;</code> is used as default value,
+ * if some problems occur on evaluating the error response.
+ */
+ private String errorInfo_ = "Unklassifizierter Fehler.";
+
+
+ /**
+ * This Constructor extracts the error code and error info included in this
+ * error response.
+ *
+ * @param errorElement The error element. This is the root element of
+ * the error response.
+ */
+ public ErrorResponseParser(Element errorElement) throws ParseException {
+ if (errorElement != null) {
+ String namespace = errorElement.getNamespaceURI();
+ NodeList nl = errorElement.getElementsByTagNameNS(namespace, "ErrorCode");
+ if (nl.getLength() == 1) {
+ errorCode_ = ((Element)nl.item(0)).getFirstChild().getNodeValue();
+ }
+ nl = errorElement.getElementsByTagNameNS(namespace, "Info");
+ if (nl.getLength() == 1) {
+ errorInfo_ = ((Element)nl.item(0)).getFirstChild().getNodeValue();
+ }
+ }
+ }
+
+ /**
+ * Returns the error code included in this error response.
+ */
+ public String getErrorCode() {
+ return errorCode_ ;
+ }
+
+ /**
+ * Returns the information included in this error response.
+ * @return The error infomation String
+ */
+ public String getErrorInfo() {
+ return errorInfo_ ;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
new file mode 100644
index 000000000..e493f07fb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
@@ -0,0 +1,157 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.util.Iterator;
+import java.util.List;
+import java.util.Vector;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
+import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * Parses and unmarshales <code>InfoboxReadResponse<code>.
+ * This parser is especially used for parsing additional responses (additional to that
+ * one containing the <code>IdentityLink</code> retuned from the BKU as an answer of
+ * a <code>&lt;PushInfobox&gt;</code> request.
+ */
+public class ExtendedInfoboxReadResponseParser {
+
+ /**
+ * Hide default constructor.
+ */
+ private ExtendedInfoboxReadResponseParser() {
+ }
+
+ /**
+ * Parses and unmarshales the given <code>infoboxReadResponse</code> to a list of
+ * {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken} objects.
+ * The method parses the given <code>infoboxReadResponse</code>
+ *
+ * @param infoboxReadResponse The infobox read response to be unmarshaled.
+ * @param infoboxName The name of the infobox the reponse corresponds to.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.InfoboxToken InfoboxToken}
+ * objects. Maybe empty.
+ *
+ * @throws ParseException If an error occurs on parsing and unmarshaling the response.
+ */
+ public static List parseInfoboxReadResponse(String infoboxReadResponse, String infoboxName)
+ throws ParseException
+ {
+ Element infoboxReadResponseElem = null;
+ try {
+ Document doc =
+ DOMUtils.parseDocument(infoboxReadResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null);
+ infoboxReadResponseElem = doc.getDocumentElement();
+ } catch (Exception e) {
+ Logger.error("InfoboxReadResponse for \"" + infoboxName +
+ "\"-infobox could not be parsed successfully: " + e.getMessage());
+ throw new ParseException("parser.01", new Object[] {infoboxName + "-InfoboxReadResponse"});
+ }
+
+ Vector infoboxTokenList = new Vector();
+
+ if (infoboxReadResponseElem != null) {
+ // avoid using namespace URI or prefix, because it might change within the response
+ // (e.g.: sl11-namespace, some child sl10-namespace
+ List infoboxReadResponseChildren = DOMUtils.getChildElements(infoboxReadResponseElem);
+ String key = null;
+ boolean primary = true;
+ Element infoboxReadResponseChild = (Element)infoboxReadResponseChildren.get(0);
+ String infoboxReadResponseChildName = infoboxReadResponseChild.getLocalName();
+ if (infoboxReadResponseChildName.equals("AssocArrayData")) {
+ // get the <Pair> child elements from the <AssocArrayData> element
+ List assocArrayPairs = DOMUtils.getChildElements(infoboxReadResponseChild);
+ Iterator assocArrayPairIt = assocArrayPairs.iterator();
+ int pairCount = 0;
+ // step through the <Pair> elemnts
+ while (assocArrayPairIt.hasNext()) {
+ Element assocArrayPair = (Element)assocArrayPairIt.next();
+ // check if the element actually a "Pair" element and not only a "key"
+ if (assocArrayPair.getLocalName().equals("Key")) {
+ // do not accept only a Key
+ throw new ParseException("parser.07", new Object[] {infoboxName});
+ }
+ key = assocArrayPair.getAttribute("Key");
+ if (pairCount > 0) {
+ primary = false;
+ }
+ pairCount++;
+ infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(assocArrayPair, infoboxName, key, primary));
+ }
+
+ } else if (infoboxReadResponseChildName.equals("BinaryFileData")) {
+ infoboxTokenList.addAll(getTokenFromXMLOrBase64Content(infoboxReadResponseChild, infoboxName, null, true));
+ }
+ }
+ return infoboxTokenList;
+ }
+
+ /**
+ * Unmarshales the <code>&lt;XMLContent&gt;</code> or
+ * <code>&lt;Base64Content&gt;</code> child of the given element to a list of
+ * infobox token.
+ *
+ * @param contentParent The elment including the <code>&lt;XMLContent&gt;</code> or
+ * <code>&lt;Base64Content&gt;</code> child to unmarshal the
+ * infobox token from.
+ * @param infoboxName The name of the infobox.
+ * @param key The key of an <code>AssocArrayData-Pair</code>.
+ * Maybe <code>null</code>.
+ * @param primary Specifies whether this token is the first (e.g. in an
+ * AssocArrayData) token.
+ *
+ * @return A infobox token list.
+ *
+ * @throws ParseException If the <code>contentParent</code> has no <code>&lt;XMLContent&gt;</code>
+ * or <code>&lt;Base64Content&gt;</code> child or the
+ * <code>&lt;XMLContent&gt;</code> is empty.
+ */
+ public static List getTokenFromXMLOrBase64Content(
+ Element contentParent,
+ String infoboxName,
+ String key,
+ boolean primary)
+ throws ParseException
+ {
+ Vector tokenList = new Vector();
+ // get the <XMLContent> or <Base64Content>
+ List content = DOMUtils.getChildElements(contentParent);
+ if (content.size() == 1) {
+ Element contentElem = (Element)content.get(0);
+ if (contentElem.getLocalName().equals("XMLContent")) {
+ List xmlContentChildren = DOMUtils.getChildElements(contentElem);
+ if (xmlContentChildren.size() == 0) {
+ throw new ParseException("parser.06", new Object[] {infoboxName, "Inhalt", "XMLContent"});
+ }
+ int xmlCount = 0;
+ Iterator contentIt = xmlContentChildren.iterator();
+ while (contentIt.hasNext()) {
+ Element xmlToken = (Element)contentIt.next();
+ if (xmlCount > 0) {
+ primary = false;
+ }
+ InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, xmlToken);
+ tokenList.add(infoboxToken);
+ xmlCount++;
+ }
+ } else {
+ String base64Token = contentElem.getFirstChild().getNodeValue();
+ InfoboxToken infoboxToken = new InfoboxTokenImpl(key, primary, base64Token);
+ tokenList.add(infoboxToken);
+ }
+ } else {
+ throw new ParseException("parser.06",
+ new Object[] {infoboxName, "XMLContent oder Base64Content", contentParent.getLocalName()});
+ }
+ return tokenList;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
new file mode 100644
index 000000000..d8a57fd2f
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -0,0 +1,319 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.ECDSAConverterException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses an identity link <code>&lt;saml:Assertion&gt;</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class IdentityLinkAssertionParser {
+
+ //
+ // XPath namespace prefix shortcuts
+ //
+
+ /** Xpath prefix for reaching PersonData Namespaces */
+ private static final String PDATA = Constants.PD_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static final String SAML = Constants.SAML_PREFIX + ":";
+ /** Xpath prefix for reaching XML-DSIG Namespaces */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+ /** Xpath prefix for reaching ECDS Namespaces */
+ private static final String ECDSA = Constants.ECDSA_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "";
+ /** Xpath expression to the SAMLSubjectConfirmationData element */
+ private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Subject/"
+ + SAML
+ + "SubjectConfirmation/"
+ + SAML
+ + "SubjectConfirmationData";
+ /** Xpath expression to the PersonData element */
+ private static final String PERSON_XPATH =
+ SAML_SUBJECT_CONFIRMATION_DATA_XPATH
+ + "/"
+ + PDATA
+ + "Person";
+ /** Xpath expression to the PersonData GivenName element */
+ private static final String PERSON_GIVEN_NAME_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Name/"
+ + PDATA
+ + "GivenName";
+ /** Xpath expression to the PersonData FamilyName element */
+ private static final String PERSON_FAMILY_NAME_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Name/"
+ + PDATA
+ + "FamilyName";
+ /** Xpath expression to the PersonData DateOfBirth element */
+ private static final String PERSON_DATE_OF_BIRTH_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "DateOfBirth";
+ /** Xpath expression to the Identification element */
+ private static final String PERSON_IDENT_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Identification";
+
+ /** Xpath expression to the Identification Value element */
+ public static final String PERSON_IDENT_VALUE_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Identification/"
+ + PDATA
+ + "Value";
+
+ /** Xpath expression to the Identification Value element */
+ private static final String PERSON_IDENT_TYPE_XPATH =
+ PERSON_XPATH
+ + "/"
+ + PDATA
+ + "Identification/"
+ + PDATA
+ + "Type";
+
+ /** Xpath expression to the RSAKeyValue element */
+ private static final String RSA_KEY_VALUE_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Attribute/"
+ + SAML
+ + "AttributeValue/"
+ + DSIG
+ + "RSAKeyValue";
+
+ /** Xpath expression to the ECKeyValue element */
+ private static final String ECDSA_KEY_VALUE_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Attribute/"
+ + SAML
+ + "AttributeValue/"
+ + ECDSA
+ + "ECDSAKeyValue";
+
+
+ /** Xpath expression to the RSA Modulus element */
+ private static final String RSA_KEY_MODULUS_XPATH = DSIG + "Modulus";
+ /** Xpath expression to the RSA Exponent element */
+ private static final String RSA_KEY_EXPONENT_XPATH = DSIG + "Exponent";
+ /** Xpath expression to the DSIG X509Certificate element */
+ private static final String DSIG_CERTIFICATES_XPATH =
+ ROOT
+ + DSIG
+ + "Signature/"
+ + DSIG
+ + "KeyInfo/"
+ + DSIG
+ + "X509Data/"
+ + DSIG
+ + "X509Certificate";
+ /** Xpath expression to the DSIG Transforms element */
+ private static final String DSIG_REFERENCE_TRANSFORMATION_XPATH =
+ ROOT
+ + DSIG
+ + "Signature/"
+ + DSIG
+ + "SignedInfo/"
+ + DSIG
+ + "Reference/"
+ + DSIG
+ + "Transforms";
+
+ /** The IssueInstant attribute of the SAML assertion */
+ private static final String ISSUE_INSTANT_ATTR = "IssueInstant";
+
+ /**This is the root element of the XML-Document provided by the Security Layer Card*/
+ private Element assertionElem;
+
+ /**
+ * Constructor for <code>IdentityLinkAssertionParser</code>.
+ * A DOM-representation of the incoming String will be created
+ * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+ public IdentityLinkAssertionParser(String xmlAssertion) throws ParseException {
+ try {
+ InputStream s = new ByteArrayInputStream(xmlAssertion.getBytes("UTF-8"));
+ assertionElem = DOMUtils.parseXmlValidating(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Sets the <@link assertionElem>.
+ * @param xmlAssertion the assertion element
+ * @throws ParseException on any parsing error
+ */
+ public IdentityLinkAssertionParser(Element xmlAssertion) throws ParseException {
+ assertionElem = xmlAssertion;
+ }
+
+ /**
+ * Constructor for <code>IdentityLinkAssertionParser</code>.
+ * A DOM-representation of the incoming Inputstream will be created
+ * @param xmlAssertion <code>&lt;saml:Assertion&gt;</code> as InputStream
+ * @throws ParseException on any parsing error
+ */
+ public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception {
+ try {
+ assertionElem = DOMUtils.parseXmlValidating(xmlAssertion);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ }
+
+ /**
+ * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
+ * @return Identity link
+ * @throws ParseException on any parsing error
+ */
+
+ public IdentityLink parseIdentityLink() throws ParseException {
+ IdentityLink identityLink;
+ try {
+ identityLink = new IdentityLink();
+ identityLink.setSamlAssertion(assertionElem);
+ identityLink.setIssueInstant(assertionElem.getAttribute(ISSUE_INSTANT_ATTR));
+ identityLink.setPrPerson((Element)
+ XPathUtils.selectSingleNode(assertionElem, PERSON_XPATH));
+ identityLink.setIdentificationValue(
+ XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, ""));
+ identityLink.setIdentificationType(
+ XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, ""));
+ identityLink.setGivenName(
+ XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""));
+ identityLink.setFamilyName(
+ XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""));
+ identityLink.setDateOfBirth(
+ XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, ""));
+ NodeIterator dsigRefTransforms =
+ XPathUtils.selectNodeIterator(assertionElem, DSIG_REFERENCE_TRANSFORMATION_XPATH);
+ List transElems = new ArrayList();
+ Element transformsElem;
+ while ((transformsElem = (Element) dsigRefTransforms.nextNode()) != null) {
+ transElems.add(transformsElem);
+ }
+ Element[] result = new Element[transElems.size()];
+ transElems.toArray(result);
+ identityLink.setDsigReferenceTransforms(result);
+
+ identityLink.setPublicKey(getPublicKeys());
+
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+
+ return identityLink;
+ }
+
+ /**
+ * Parses an array of Public Keys from the <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return RSAPublicKey[]
+ * @throws IOException can occur when decoding the base64 values of the modulus and exponent
+ */
+ public PublicKey[] getPublicKeys() throws IOException, ECDSAConverterException{
+
+
+ List pubKeys = new ArrayList();
+ //Try to get RSA-Keys
+ NodeIterator rsaIter =
+ XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, RSA_KEY_VALUE_XPATH);
+ Element rsaElem;
+
+ while ((rsaElem = (Element) rsaIter.nextNode()) != null) {
+ String modulus =
+ XPathUtils.getElementValue(rsaElem, RSA_KEY_MODULUS_XPATH, "");
+ String exponent =
+ XPathUtils.getElementValue(rsaElem, RSA_KEY_EXPONENT_XPATH, "");
+
+ RSAPublicKey resPub =
+ new iaik.security.rsa.RSAPublicKey(
+ new BigInteger(1, Base64Utils.decode(modulus, true)),
+ new BigInteger(1, Base64Utils.decode(exponent, true)));
+ pubKeys.add(resPub);
+ }
+
+ //Try to get ECDSA-Keys
+ NodeIterator ecdsaIter =
+ XPathUtils.selectNodeIterator(assertionElem, Constants.nSMap, ECDSA_KEY_VALUE_XPATH);
+ Element ecdsaElem;
+ PublicKey ecPubKey = null;
+ while ((ecdsaElem = (Element) ecdsaIter.nextNode()) != null) {
+ try {
+ ecPubKey = ECDSAKeyValueConverter.element2ECDSAPublicKey(ecdsaElem);
+ pubKeys.add(ecPubKey);
+ }
+ catch(Exception e) {
+ throw new ECDSAConverterException("parser.03", new Object[] { e.toString() }, e);
+ }
+ }
+
+ PublicKey[] result = new PublicKey[pubKeys.size()];
+ pubKeys.toArray(result);
+ return result;
+
+ }
+ /**
+ * Parses a string array of decoded base64 certificates from
+ * the <code>&lt;InfoboxReadResponse&gt;</code> found in the dsig-signature
+ * @return String[] with raw-certificates from the dsig-signature keyinfo
+ * @throws Exception
+ */
+ public String[] getCertificates() throws Exception {
+ List certs = new ArrayList();
+ NodeIterator rsaIter =
+ XPathUtils.selectNodeIterator(assertionElem, DSIG_CERTIFICATES_XPATH);
+ Element certElem;
+ while ((certElem = (Element) rsaIter.nextNode()) != null) {
+ String content = DOMUtils.getText(certElem);
+ certs.add(new String(Base64Utils.decode(content, true)));
+ }
+ String[] result = new String[certs.size()];
+ certs.toArray(result);
+ return result;
+
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
new file mode 100644
index 000000000..e59c88ddc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -0,0 +1,165 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses an <code>&lt;InfoboxReadResponse&gt;</code>.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class InfoboxReadResponseParser {
+
+ /** This is the root element of the XML-Document provided by the Security Layer Card*/
+ private Element infoBoxElem_;
+
+ /**
+ * Parses and validates the document given as string and extracts the
+ * root element.
+ *
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+ * @throws ParseException If an element cannot be parsed
+ * @throws AuthenticationException If any authentication error occurs
+ */
+ public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException {
+
+ try {
+ InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+ init(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Parses and validates the document given as stream and extracts the
+ * root element.
+ *
+ * @param is <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ * @throws ParseException If an element cannot be parsed
+ * @throws AuthenticationException If any authentication error occurs
+ */
+ public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException {
+ init(is);
+ }
+
+ /**
+ * Initializes the parser.
+ * Parses and validates the document given as stream and extracts the
+ * root element.
+ *
+ * @param is The InfoBoxReadResponse as stream.
+ * @throws AuthenticationException If an authentication error occurs.
+ * @throws ParseException If an error occurs on parsing the the document.
+ */
+ private void init(InputStream is) throws AuthenticationException, ParseException {
+ try {
+
+ Element responseElem = DOMUtils.parseXmlValidating(is);
+
+ if ("InfoboxReadResponse".equals(responseElem.getLocalName())) {
+ infoBoxElem_ = responseElem;
+ } else {
+ ErrorResponseParser erp = new ErrorResponseParser(responseElem);
+ throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ }
+
+ } catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+
+
+ /**
+ * Parses the embedded <code>&lt;saml:Assertion&gt;</code> element from <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return <code>&lt;saml:Assertion&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+// public String parseSAMLAssertion() throws ParseException {
+// try {
+//
+// String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_);
+// StringBuffer sb = new StringBuffer("/");
+// sb.append(slPrefix);
+// sb.append(":InfoboxReadResponse/");
+// sb.append(slPrefix);
+// sb.append(":BinaryFileData/");
+// sb.append(slPrefix);
+// sb.append(":XMLContent/");
+// sb.append(Constants.SAML_PREFIX);
+// sb.append(":Assertion");
+// String samlAssertionXPath = sb.toString();
+// Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath);
+// return DOMUtils.serializeNode(samlAssertion);
+//
+// }
+// catch (Throwable t) {
+// throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+// }
+// }
+
+ /**
+ * Parses the embedded <code>&lt;saml:Assertion&gt;</code> element from <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return <code>&lt;saml:Assertion&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+ public Element parseSAMLAssertion() throws ParseException {
+ try {
+
+ String slPrefix = XPathUtils.getSlPrefix(infoBoxElem_);
+ StringBuffer sb = new StringBuffer("/");
+ sb.append(slPrefix);
+ sb.append(":InfoboxReadResponse/");
+ sb.append(slPrefix);
+ sb.append(":BinaryFileData/");
+ sb.append(slPrefix);
+ sb.append(":XMLContent/");
+ sb.append(Constants.SAML_PREFIX);
+ sb.append(":Assertion");
+ String samlAssertionXPath = sb.toString();
+ Element samlAssertion = (Element) XPathUtils.selectSingleNode(infoBoxElem_, samlAssertionXPath);
+ return samlAssertion;
+
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ }
+ }
+
+ /**
+ * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
+ * @return Identity link
+ * @throws ParseException on any parsing error
+ */
+
+// public IdentityLink parseIdentityLink() throws ParseException {
+// String samlAssertionString = parseSAMLAssertion();
+// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertionString);
+// return ilParser.parseIdentityLink();
+// }
+
+ /**
+ * Parses the identity link from the <code>&lt;saml:Assertion&gt;</code>
+ * @return Identity link
+ * @throws ParseException on any parsing error
+ */
+ public IdentityLink parseIdentityLink() throws ParseException {
+ Element samlAssertion = parseSAMLAssertion();
+ IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
+ return ilParser.parseIdentityLink();
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
new file mode 100644
index 000000000..7c4c01abe
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.IOException;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Parser for a SAML artifact.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactParser {
+ /** byte array containing the SamlArtifact bytes */
+ private byte[] samlArtifactBytes;
+
+ /**
+ * Constructor
+ * @param samlArtifact as String
+ * @throws ParseException on any parsing error
+ */
+ public SAMLArtifactParser(String samlArtifact) throws ParseException {
+ try {
+ samlArtifactBytes = Base64Utils.decode(samlArtifact, false);
+ }
+ catch (IOException ex) {
+ throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
+ }
+ }
+ /**
+ * Parses the type code.
+ * @return type code
+ * @throws ParseException when SAML artifact is invalid
+ */
+ public byte[] parseTypeCode() throws ParseException {
+ try {
+ byte[] typeCode = new byte[] {samlArtifactBytes[0], samlArtifactBytes[1]};
+ return typeCode;
+ }
+ catch (Throwable ex) {
+ throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
+ }
+ }
+ /**
+ * Parses the assertion handle.
+ * @return assertion handle
+ * @throws ParseException when SAML artifact is invalid
+ */
+ public String parseAssertionHandle() throws ParseException {
+ try {
+ return new String(samlArtifactBytes, 22, 20);
+ }
+ catch (Throwable ex) {
+ throw new ParseException("parser.02", new Object[] {ex.toString()}, ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
new file mode 100644
index 000000000..4c49afb76
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -0,0 +1,156 @@
+package at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.utils.Base64InputStream;
+import iaik.x509.X509Certificate;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.*;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parses a <code>&lt;VerifyXMLSignatureResponse&gt;</code> returned by
+ * MOA-SPSS.
+ * This class implements the Singleton pattern
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+
+public class VerifyXMLSignatureResponseParser {
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** Xpath prefix for reaching MOA Namespaces */
+ private static final String MOA = Constants.MOA_PREFIX + ":";
+ /** Xpath prefix for reaching DSIG Namespaces */
+ private static final String DSIG = Constants.DSIG_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "/" + MOA + "VerifyXMLSignatureResponse/";
+
+ /** Xpath expression to the X509SubjectName element */
+ private static final String DSIG_SUBJECT_NAME_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ DSIG + "X509SubjectName";
+ /** Xpath expression to the X509Certificate element */
+ private static final String DSIG_X509_CERTIFICATE_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ DSIG + "X509Certificate";
+ /** Xpath expression to the PublicAuthority element */
+ private static final String PUBLIC_AUTHORITY_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ MOA + "PublicAuthority";
+ /** Xpath expression to the PublicAuthorityCode element */
+ private static final String PUBLIC_AUTHORITY_CODE_XPATH =
+ PUBLIC_AUTHORITY_XPATH + "/" + MOA + "Code";
+ /** Xpath expression to the QualifiedCertificate element */
+ private static final String QUALIFIED_CERTIFICATE_XPATH =
+ ROOT + MOA + "SignerInfo/" + DSIG + "X509Data/" +
+ MOA + "QualifiedCertificate";
+
+ /** Xpath expression to the SignatureCheckCode element */
+ private static final String SIGNATURE_CHECK_CODE_XPATH =
+ ROOT + MOA + "SignatureCheck/" + MOA + "Code";
+ /** Xpath expression to the XMLDSIGManifestCheckCode element */
+ private static final String XMLDSIG_MANIFEST_CHECK_CODE_XPATH =
+ ROOT + MOA + "XMLDSIGManifestCheck/" + MOA + "Code";
+ /** Xpath expression to the CertificateCheckCode element */
+ private static final String CERTIFICATE_CHECK_CODE_XPATH =
+ ROOT + MOA + "CertificateCheck/" + MOA + "Code";
+
+
+ /** This is the root element of the XML-Document provided by the Security Layer Card*/
+ private Element verifyXMLSignatureResponse;
+
+ /**
+ * Constructor for VerifyXMLSignatureResponseParser.
+ * A DOM-representation of the incoming String will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
+ * @throws ParseException on any parsing error
+ */
+ public VerifyXMLSignatureResponseParser(String xmlResponse) throws ParseException{
+ try {
+ InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
+
+ verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(s);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ }
+
+ /**
+ * Constructor for VerifyXMLSignatureResponseParser.
+ * A DOM-representation of the incoming Inputstream will be created
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
+ * @throws Exception on any parsing error
+ */
+ public VerifyXMLSignatureResponseParser(InputStream xmlResponse) throws Exception
+ {
+ try {
+ verifyXMLSignatureResponse = DOMUtils.parseXmlValidating(xmlResponse);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", null, t);
+ }
+ }
+
+ /**
+ * Constructor for VerifyXMLSignatureResponseParser.
+ * The incoming Element will be used for further operations
+ * @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as Element
+ */
+ public VerifyXMLSignatureResponseParser(Element xmlResponse)
+ {
+ verifyXMLSignatureResponse =xmlResponse;
+
+ }
+
+ /**
+ * Parse identity link from <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return Identity link
+ * @throws ParseException on any parsing error
+ */
+
+ public VerifyXMLSignatureResponse parseData() throws ParseException {
+
+ VerifyXMLSignatureResponse respData=new VerifyXMLSignatureResponse();
+
+ try {
+ respData.setXmlDsigSubjectName(XPathUtils.getElementValue(verifyXMLSignatureResponse,DSIG_SUBJECT_NAME_XPATH,""));
+ Element e = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,QUALIFIED_CERTIFICATE_XPATH);
+ respData.setQualifiedCertificate(e!=null);
+
+ Base64InputStream in = new Base64InputStream(new ByteArrayInputStream(XPathUtils.getElementValue(
+ verifyXMLSignatureResponse,DSIG_X509_CERTIFICATE_XPATH,"").getBytes("UTF-8")),true);
+
+ respData.setX509certificate(new X509Certificate(in));
+ Element publicAuthority = (Element)XPathUtils.selectSingleNode(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_XPATH);
+ respData.setPublicAuthority(publicAuthority != null);
+ respData.setPublicAuthorityCode(XPathUtils.getElementValue(verifyXMLSignatureResponse,PUBLIC_AUTHORITY_CODE_XPATH,""));
+ respData.setSignatureCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNATURE_CHECK_CODE_XPATH,"")).intValue());
+
+ String xmlDsigCheckCode = XPathUtils.getElementValue(verifyXMLSignatureResponse,XMLDSIG_MANIFEST_CHECK_CODE_XPATH,null);
+ if (xmlDsigCheckCode!=null)
+ {
+ respData.setXmlDSIGManigest(true);
+ respData.setXmlDSIGManifestCheckCode(new Integer(xmlDsigCheckCode).intValue());
+ }
+ else
+ respData.setXmlDSIGManigest(false);
+ respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue());
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", null, t);
+ }
+ return respData;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
new file mode 100644
index 000000000..96e8e6dd6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -0,0 +1,202 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileItem;
+import org.apache.commons.fileupload.FileItemFactory;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.fileupload.disk.DiskFileItemFactory;
+import org.apache.commons.fileupload.servlet.ServletFileUpload;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+/**
+ * Base class for MOA-ID Auth Servlets, providing standard error handling
+ * and constant names.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
+
+
+ /**
+ * Handles an error. <br>
+ * <ul>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request
+ * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
+ * </ul>
+ *
+ * @param errorMessage error message
+ * @param exceptionThrown exception thrown
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ protected void handleError(
+ String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+
+ if(null != errorMessage) {
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage );
+ }
+
+ if (null != exceptionThrown) {
+ if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ //forward this to errorpage-auth.jsp where the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+
+ }
+ /**
+ * Handles a <code>WrongParametersException</code>.
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) {
+ Logger.error(ex.toString());
+ req.setAttribute("WrongParameters", ex.getMessage());
+
+ // forward this to errorpage-auth.jsp where the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+ }
+
+ /**
+ * Logs all servlet parameters for debugging purposes.
+ */
+ protected void logParameters(HttpServletRequest req) {
+ for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) {
+ String parname = (String)params.nextElement();
+ Logger.debug("Parameter " + parname + req.getParameter(parname));
+ }
+ }
+
+ /**
+ * Parses the request input stream for parameters, assuming parameters are encoded UTF-8
+ * (no standard exists how browsers should encode them).
+ *
+ * @param req servlet request
+ *
+ * @return mapping parameter name -> value
+ *
+ * @throws IOException if parsing request parameters fails.
+ *
+ * @throws FileUploadException if parsing request parameters fails.
+ */
+ protected Map getParameters(HttpServletRequest req)
+ throws IOException, FileUploadException {
+
+ Map parameters = new HashMap();
+
+
+ if (ServletFileUpload.isMultipartContent(req))
+ {
+ // request is encoded as mulitpart/form-data
+ FileItemFactory factory = new DiskFileItemFactory();
+ ServletFileUpload upload = null;
+ upload = new ServletFileUpload(factory);
+ List items = null;
+ items = upload.parseRequest(req);
+ for (int i = 0; i < items.size(); i++)
+ {
+ FileItem item = (FileItem) items.get(i);
+ if (item.isFormField())
+ {
+ // Process only form fields - no file upload items
+ parameters.put(item.getFieldName(), item.getString("UTF-8"));
+ Logger.debug("Processed multipart/form-data request parameter: \nName: " +
+ item.getFieldName() + "\nValue: " +
+ item.getString("UTF-8"));
+ }
+ }
+ }
+
+ else
+ {
+ // request is encoded as application/x-www-urlencoded
+ InputStream in = req.getInputStream();
+
+ String paramName;
+ String paramValueURLEncoded;
+ do {
+ paramName = new String(readBytesUpTo(in, '='));
+ if (paramName.length() > 0) {
+ paramValueURLEncoded = readBytesUpTo(in, '&');
+ String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8");
+ parameters.put(paramName, paramValue);
+ }
+ }
+ while (paramName.length() > 0);
+ in.close();
+ }
+
+ return parameters;
+ }
+
+ /**
+ * Reads bytes up to a delimiter, consuming the delimiter.
+ * @param in input stream
+ * @param delimiter delimiter character
+ * @return String constructed from the read bytes
+ * @throws IOException
+ */
+ protected String readBytesUpTo(InputStream in, char delimiter) throws IOException {
+ ByteArrayOutputStream bout = new ByteArrayOutputStream();
+ boolean done = false;
+ int b;
+ while (! done && (b = in.read()) >= 0) {
+ if (b == delimiter)
+ done = true;
+ else
+ bout.write(b);
+ }
+ return bout.toString();
+ }
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
new file mode 100644
index 000000000..f33377547
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -0,0 +1,75 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Locale;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for updating the MOA-ID Auth configuration from configuration file
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationServlet extends HttpServlet {
+
+ /**
+ * Handle a HTTP GET request, used to indicated that the MOA
+ * configuration needs to be updated (reloaded).
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
+
+ try {
+ MOAIDAuthInitializer.initialized=false;
+ MOAIDAuthInitializer.initialize();
+ String message = msg.getMessage("config.00", new Object[]
+ { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
+
+ Logger.info(message);
+ HTTPRequestJSPForwarder.forwardNamed(message, "/message-auth.jsp", getServletContext(), request, response);
+
+ } catch (Throwable t) {
+ String errorMessage = msg.getMessage("config.04", null);
+ Logger.error(errorMessage, t);
+ HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-auth.jsp", getServletContext(), request, response);
+ }
+ }
+
+ /**
+ * Do the same as <code>doGet</code>.
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doGet(request, response);
+ }
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
+ }
+
+}
+
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
new file mode 100644
index 000000000..c41b514c8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.util.Calendar;
+
+import org.apache.axis.AxisFault;
+import org.w3c.dom.Element;
+
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Web service for picking up authentication data created in the MOA-ID Auth component.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData
+ */
+public class GetAuthenticationDataService implements Constants {
+
+ /**
+ * Constructor for GetAuthenticationDataService.
+ */
+ public GetAuthenticationDataService() {
+ super();
+ }
+
+ /**
+ * Takes a <code>lt;samlp:Request&gt;</code> containing a
+ * <code>SAML artifact</code> and returns the corresponding
+ * authentication data <code>lt;saml:Assertion&gt;</code>
+ * (obtained from the <code>AuthenticationServer</code>),
+ * enclosed in a <code>lt;samlp:Response&gt;</code>.
+ * <br/>Bad requests are mapped into various <code>lt;samlp:StatusCode&gt;</code>s,
+ * possibly containing enclosed sub-<code>lt;samlp:StatusCode&gt;</code>s.
+ * The status codes are defined in the SAML specification.
+ *
+ * @param requests request elements of type <code>lt;samlp:Request&gt;</code>;
+ * only 1 request element is allowed
+ * @return response element of type <code>lt;samlp:Response&gt;</code>,
+ * packed into an <code>Element[]</code>
+ * @throws AxisFault thrown when an error occurs in assembling the
+ * <code>lt;samlp:Response&gt;</code>
+ */
+ public Element[] Request(Element[] requests)
+ throws AxisFault {
+
+ Element request = requests[0];
+ Element[] responses = new Element[1];
+ String requestID = "";
+ String statusCode = "";
+ String subStatusCode = null;
+ String statusMessageCode = null;
+ String statusMessage = null;
+ String samlAssertion = "";
+ if (requests.length > 1) {
+ // more than 1 request given as parameter
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1201";
+ }
+ else {
+ try {
+ DOMUtils.validateElement(request, ALL_SCHEMA_LOCATIONS, null);
+ NodeList samlArtifactList = XPathUtils.selectNodeList(request, "samlp:AssertionArtifact");
+ if (samlArtifactList.getLength() == 0) {
+ // no SAML artifact given in request
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1202";
+ }
+ else if (samlArtifactList.getLength() > 1) {
+ // too many SAML artifacts given in request
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:TooManyResponses";
+ statusMessageCode = "1203";
+ }
+ else {
+ Element samlArtifactElem = (Element)samlArtifactList.item(0);
+ requestID = samlArtifactElem.getAttribute("RequestID");
+ String samlArtifact = DOMUtils.getText(samlArtifactElem);
+ try {
+ AuthenticationData authData = AuthenticationServer.getInstance().
+ getAuthenticationData(samlArtifact);
+ // success
+ samlAssertion = authData.getSamlAssertion();
+ statusCode = "samlp:Success";
+ statusMessageCode = "1200";
+ }
+ catch (AuthenticationException ex) {
+ // no authentication data for given SAML artifact
+ statusCode = "samlp:Requester";
+ subStatusCode = "samlp:ResourceNotRecognized";
+ statusMessage = ex.toString();
+ }
+ }
+ }
+ catch (Throwable t) {
+ // invalid request format
+ statusCode = "samlp:Requester";
+ statusMessageCode = "1204";
+ }
+ }
+ try {
+ String responseID = Random.nextRandom();
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ if (statusMessage == null)
+ statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
+ responses[0] = new SAMLResponseBuilder().build(
+ responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion);
+ }
+ catch (MOAIDException e) {
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ catch (Throwable t) {
+ MOAIDException e = new MOAIDException("1299", null, t);
+ AxisFault fault = AxisFault.makeFault(e);
+ fault.setFaultDetail(new Element[] { e.toErrorResponse()});
+ throw fault;
+ }
+ return responses;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
new file mode 100644
index 000000000..4dc69c70b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
@@ -0,0 +1,99 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStreamWriter;
+import java.io.Writer;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for selecting a BKU.
+ * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete,
+ * the browser is redirected to the configured "BKU-Auswahl-URL".
+ * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect,
+ * the list of available BKU's is fetched from a BKU-Auswahl server, and presented
+ * to the user in an HTML form.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SelectBKUServlet extends AuthServlet {
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+ /**
+ * Responds with an HTML form which requests the user to choose a BKU.
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET SelectBKU");
+ String authURL =
+ req.getScheme() + "://" +
+ req.getServerName() + ":" +
+ req.getServerPort() +
+ req.getContextPath() + "/";
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+
+ try {
+ String returnValue = AuthenticationServer.getInstance().selectBKU(
+ authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
+ String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
+ if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
+ // bkuSelectionType==HTMLComplete
+ String redirectURL = returnValue;
+ resp.setContentType("text/html");
+ resp.sendRedirect(redirectURL);
+ Logger.info("REDIRECT TO: " + redirectURL);
+ } else {
+ // bkuSelectionType==HTMLSelect
+ String htmlForm = returnValue;
+ resp.setContentType("text/html;charset=UTF-8");
+ Logger.debug("HTML-Form: " + htmlForm);
+ Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
+ out.write(htmlForm);
+ out.flush();
+ Logger.debug("Finished GET SelectBKU");
+ }
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (Throwable ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
new file mode 100644
index 000000000..6098f5138
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java
@@ -0,0 +1,103 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for starting a MOA ID authentication session.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ * @see AuthenticationServer#startAuthentication
+ */
+public class StartAuthenticationServlet extends AuthServlet {
+
+ /**
+ * Responds with an HTML form which upon submit requests the identity link
+ * from the security layer implementation.
+ * <br>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/html"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET StartAuthentication");
+ String authURL =
+ req.getScheme() + "://" +
+ req.getServerName() + ":" +
+ req.getServerPort() +
+ req.getContextPath() + "/";
+ String target = req.getParameter(PARAM_TARGET);
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);
+ resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);
+ resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL);
+ resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE);
+ try {
+ String getIdentityLinkForm =
+ AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, sessionID);
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out = new PrintWriter(resp.getOutputStream());
+ out.print(getIdentityLinkForm);
+ out.flush();
+ Logger.debug("Finished GET StartAuthentication");
+ }
+ catch (WrongParametersException ex) {
+ handleWrongParameters(ex, req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+
+ /**
+ * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ doGet(req, resp);
+ }
+
+
+ /**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+ public void init(ServletConfig servletConfig) throws ServletException {
+ try {
+ super.init(servletConfig);
+ MOAIDAuthInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
+ throw new ServletException(ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
new file mode 100644
index 000000000..6ec4a247d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -0,0 +1,120 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for verifying the signed authentication block
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class VerifyAuthenticationBlockServlet extends AuthServlet {
+
+
+ /**
+ * Constructor for VerifyAuthenticationBlockServlet.
+ */
+ public VerifyAuthenticationBlockServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyAuthenticationBlock");
+ }
+
+ /**
+ * Verifies the signed authentication block and redirects the browser
+ * to the online application requested, adding a parameter needed for
+ * retrieving the authentication data.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Status: <code>302</code></li>
+ * <li>Header <code>"Location"</code>: URL of the online application requested, with
+ * parameters <code>"Target"</code>(only if the online application is
+ * a public service) and <code>"SAMLArtifact"</code> added</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see AuthenticationServer#verifyAuthenticationBlock
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyAuthenticationBlock");
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ String samlArtifactBase64 =
+ AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ String redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+
+ }
+ /**
+ * Adds a parameter to a URL.
+ * @param url the URL
+ * @param paramname parameter name
+ * @param paramvalue parameter value
+ * @return the URL with parameter added
+ */
+ private static String addURLParameter(String url, String paramname, String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
new file mode 100644
index 000000000..2134c1444
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -0,0 +1,107 @@
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Enumeration;
+import java.util.Map;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.fileupload.FileUploadException;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for verifying the identity link
+ * provided by the security layer implementation.
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class VerifyIdentityLinkServlet extends AuthServlet {
+
+ /**
+ * Constructor for VerifyIdentityLinkServlet.
+ */
+ public VerifyIdentityLinkServlet() {
+ super();
+ }
+
+ /**
+ * GET requested by security layer implementation to verify
+ * that data URL resource is available.
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET VerifyIdentityLink");
+ }
+
+ /**
+ * Verifies the identity link and responds with a new
+ * <code>CreateXMLSignatureRequest</code>.
+ * <br>
+ * Request parameters:
+ * <ul>
+ * <li>MOASessionID: ID of associated authentication session</li>
+ * <li>XMLResponse: <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * </ul>
+ * Response:
+ * <ul>
+ * <li>Content type: <code>"text/xml"</code></li>
+ * <li>Content: see return value of {@link AuthenticationServer#verifyIdentityLink}</li>
+ * <li>Error status: <code>500</code>
+ * </ul>
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST VerifyIdentityLink");
+ Map parameters;
+ try
+ {
+ parameters = getParameters(req);
+ } catch (FileUploadException e)
+ {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+
+ String createXMLSignatureRequest =
+ AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters);
+ resp.setStatus(307);
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ resp.addHeader("Location", dataURL);
+
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequest.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST VerifyIdentityLink");
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
new file mode 100644
index 000000000..e6c9f4bee
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -0,0 +1,274 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import java.util.Iterator;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ *
+ * This class is used to validate an {@link CreateXMLSignatureResponse}
+ * returned by the security layer.
+ * This class implements the Singleton pattern.
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class CreateXMLSignatureResponseValidator {
+
+
+ /** Xpath expression to the dsig:Signature element */
+ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature";
+
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static CreateXMLSignatureResponseValidator instance;
+
+ /**
+ * Constructor for a singleton CreateXMLSignatureResponseValidator.
+ * @return an instance of CreateXMLSignatureResponseValidator
+ * @throws ValidateException if no instance can be created
+ */
+ public static synchronized CreateXMLSignatureResponseValidator getInstance()
+ throws ValidateException {
+ if (instance == null) {
+ instance = new CreateXMLSignatureResponseValidator();
+ }
+ return instance;
+ }
+
+
+ /**
+ * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse}
+ * @param createXMLSignatureResponse
+ * @param session
+ * @throws ValidateException
+ */
+ public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session)
+ throws ValidateException {
+
+ // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier
+
+ String gbTarget = session.getTarget();
+ String oaURL = session.getPublicOAURLPrefix();
+ boolean businessService = session.getBusinessService();
+
+ IdentityLink identityLink = session.getIdentityLink();
+
+ Element samlAssertion = createXMLSignatureResponse.getSamlAssertion();
+ String issuer = samlAssertion.getAttribute("Issuer");
+ if (issuer == null) {
+ // should not happen, because parser would dedect this
+ throw new ValidateException("validator.32", null);
+ }
+ String issueInstant = samlAssertion.getAttribute("IssueInstant");
+ if (!issueInstant.equals(session.getIssueInstant())) {
+ throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()});
+ }
+
+ String name = identityLink.getName();
+ if (!issuer.equals(name)) {
+ throw new ValidateException("validator.33", new Object[] {issuer, name});
+ }
+
+ SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes();
+
+ boolean foundOA = false;
+ boolean foundGB = false;
+ boolean foundWBPK = false;
+ int offset = 0;
+
+ // check number of SAML aatributes
+ List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ int extendedSAMLAttributesNum = 0;
+ if (extendedSAMLAttributes != null) {
+ extendedSAMLAttributesNum = extendedSAMLAttributes.size();
+ }
+ int expectedSAMLAttributeNumber =
+ AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum;
+ if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--;
+ int actualSAMLAttributeNumber = samlAttributes.length;
+ if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) {
+ Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " +
+ expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber);
+ throw new ValidateException(
+ "validator.36",
+ new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)});
+ }
+
+ SAMLAttribute samlAttribute;
+ if (session.getSAMLAttributeGebeORwbpk()) {
+ // check the first attribute ("Geschaeftsbereich" or "wbPK")
+ samlAttribute = samlAttributes[0];
+ if (businessService) {
+ if (!samlAttribute.getName().equals("wbPK")) {
+ if (samlAttribute.getName().equals("Geschaeftsbereich")) {
+ throw new ValidateException("validator.26", null);
+ } else {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)});
+ }
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundWBPK = true;
+ try {
+ Element attrValue = (Element)samlAttribute.getValue();
+ String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue();
+ String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue();
+ if (!value.equals(identityLink.getIdentificationValue())) {
+ throw new ValidateException("validator.28", null);
+ }
+ if (!type.equals(identityLink.getIdentificationType())) {
+ throw new ValidateException("validator.28", null);
+ }
+ } catch (Exception ex) {
+ throw new ValidateException("validator.29", null);
+ }
+ } else {
+ throw new ValidateException("validator.30", null);
+ }
+ } else {
+ if (!samlAttribute.getName().equals("Geschaeftsbereich")) {
+ if (samlAttribute.getName().equals("wbPK")) {
+ throw new ValidateException("validator.26", null);
+ } else {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)});
+ }
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundGB = true;
+ if (!gbTarget.equals((String)samlAttribute.getValue())) {
+ throw new ValidateException("validator.13", null);
+ }
+ } else {
+ throw new ValidateException("validator.12", null);
+ }
+ }
+ } else {
+ offset--;
+ }
+
+ // check the second attribute (must be "OA")
+ samlAttribute = samlAttributes[1 + offset];
+ if (!samlAttribute.getName().equals("OA")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ foundOA = true;
+ if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch
+ throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()});
+ }
+ } else {
+ throw new ValidateException("validator.15", null);
+ }
+
+ // check the third attribute (must be "Geburtsdatum")
+ samlAttribute = samlAttributes[2 + offset];
+ if (!samlAttribute.getName().equals("Geburtsdatum")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String samlDateOfBirth = (String)samlAttribute.getValue();
+ String dateOfBirth = identityLink.getDateOfBirth();
+ if (!samlDateOfBirth.equals(dateOfBirth)) {
+ throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
+
+ // now check the extended SAML attributes
+ int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
+ if (extendedSAMLAttributes != null) {
+ Iterator it = extendedSAMLAttributes.iterator();
+ while (it.hasNext()) {
+ ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
+ samlAttribute = samlAttributes[i];
+ String actualName = samlAttribute.getName();
+ String expectedName = extendedSAMLAttribute.getName();
+ if (!actualName.equals(expectedName)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName });
+ }
+ String actualNamespace = samlAttribute.getNamespace();
+ String expectedNamespace = extendedSAMLAttribute.getNameSpace();
+ if (!actualNamespace.equals(expectedNamespace)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, });
+ }
+ Object expectedValue = extendedSAMLAttribute.getValue();
+ Object actualValue = samlAttribute.getValue();
+ try {
+ if (expectedValue instanceof String) {
+ // replace \r\n because text might be base64-encoded
+ String expValue = StringUtils.replaceAll((String)expectedValue,"\r","");
+ expValue = StringUtils.replaceAll(expValue,"\n","");
+ String actValue = StringUtils.replaceAll((String)actualValue,"\r","");
+ actValue = StringUtils.replaceAll(actValue,"\n","");
+ if (!expValue.equals(actValue)) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue });
+ }
+ } else if (expectedValue instanceof Element) {
+ // only check the name of the element
+ String actualElementName = ((Element)actualValue).getNodeName();
+ String expectedElementName = ((Element)expectedValue).getNodeName();
+ if (!(expectedElementName.equals(actualElementName))){
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName});
+ }
+ } else {
+ // should not happen
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()});
+ }
+ } catch (ClassCastException e) {
+ throw new ValidateException(
+ "validator.38",
+ new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()});
+ }
+ i++;
+ }
+ }
+
+
+ if (!foundOA) throw new ValidateException("validator.14", null);
+ if (businessService) {
+ if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) throw new ValidateException("validator.31", null);
+ } else {
+ if (!foundGB) throw new ValidateException("validator.11", null);
+ }
+
+ //Check if dsig:Signature exists
+// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+// if (nl.getLength() != 1) {
+// throw new ValidateException("validator.05", null);
+// }
+ Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH);
+ if (dsigSignature == null) {
+ throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
new file mode 100644
index 000000000..444f706e4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -0,0 +1,159 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * This class is used to validate an {@link IdentityLink}
+ * returned by the security layer
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class IdentityLinkValidator implements Constants {
+
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** Xpath prefix for reaching PersonData Namespaces */
+ private static final String PDATA = PD_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static final String SAML = SAML_PREFIX + ":";
+ /** Xpath prefix for reaching XML-DSIG Namespaces */
+ private static final String DSIG = DSIG_PREFIX + ":";
+ /** Xpath prefix for reaching ECDSA Namespaces */
+ private static final String ECDSA = ECDSA_PREFIX + ":";
+ /** Xpath expression to the root element */
+ private static final String ROOT = "";
+ /** Xpath expression to the SAML:SubjectConfirmationData element */
+ private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Subject/"
+ + SAML
+ + "SubjectConfirmation/"
+ + SAML
+ + "SubjectConfirmationData";
+/** Xpath expression to the PersonData:Person element */
+ private static final String PERSON_XPATH =
+ SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person";
+ /** Xpath expression to the SAML:Attribute element */
+ private static final String ATTRIBUTE_XPATH =
+ ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
+ /** Xpath expression to the SAML:AttributeName attribute */
+ private static final String ATTRIBUTE_NAME_XPATH =
+ ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
+ /** Xpath expression to the SAML:AttributeNamespace attribute */
+ private static final String ATTRIBUTE_NAMESPACE_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Attribute/@AttributeNamespace";
+ /** Xpath expression to the SAML:AttributeValue element */
+ private static final String ATTRIBUTE_VALUE_XPATH =
+ ROOT
+ + SAML
+ + "AttributeStatement/"
+ + SAML
+ + "Attribute/"
+ + SAML
+ + "AttributeValue";
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static IdentityLinkValidator instance;
+
+ /**
+ * Constructor for a singleton IdentityLinkValidator.
+ * @return a new IdentityLinkValidator instance
+ * @throws ValidateException if no instance can be created
+ */
+ public static synchronized IdentityLinkValidator getInstance()
+ throws ValidateException {
+ if (instance == null) {
+ instance = new IdentityLinkValidator();
+ }
+ return instance;
+ }
+
+ /**
+ * Method validate. Validates the {@link IdentityLink}
+ * @param identityLink The identityLink to validate
+ * @throws ValidateException on any validation error
+ */
+ public void validate(IdentityLink identityLink) throws ValidateException {
+
+ Element samlAssertion = identityLink.getSamlAssertion();
+ //Search the SAML:ASSERTION Object (A2.054)
+ if (samlAssertion == null) {
+ throw new ValidateException("validator.00", null);
+ }
+
+ // Check how many saml:Assertion/saml:AttributeStatement/
+ // saml:Subject/ saml:SubjectConfirmation/
+ // saml:SubjectConfirmationData/pr:Person of type
+ // PhysicalPersonType exist (A2.056)
+ NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH);
+ // If we have just one Person-Element we don't need to check the attributes
+ int counterPhysicalPersonType = 0;
+ if (nl.getLength() > 1)
+ for (int i = 0; i < nl.getLength(); i++) {
+ String xsiType =
+ ((Element) nl.item(i))
+ .getAttributeNodeNS(
+ "http://www.w3.org/2001/XMLSchema-instance",
+ "type")
+ .getNodeValue();
+ // We have to check if xsiType contains "PhysicalPersonType"
+ // An equal-check will fail because of the Namespace-prefix of the attribute value
+ if (xsiType.indexOf("PhysicalPersonType") > -1)
+ counterPhysicalPersonType++;
+ }
+ if (counterPhysicalPersonType > 1)
+ throw new ValidateException("validator.01", null);
+
+ //Check the SAML:ATTRIBUTES
+ nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH);
+ for (int i = 0; i < nl.getLength(); i++) {
+ String attributeName =
+ XPathUtils.getAttributeValue(
+ (Element) nl.item(i),
+ "@AttributeName",
+ null);
+ String attributeNS =
+ XPathUtils.getAttributeValue(
+ (Element) nl.item(i),
+ "@AttributeNamespace",
+ null);
+ if (attributeName.equals("CitizenPublicKey")) {
+
+ if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") ||
+ attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) {
+ Element attributeValue =
+ (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue");
+ if (attributeValue==null)
+ attributeValue =
+ (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
+ if (attributeValue == null)
+ throw new ValidateException("validator.02", null);
+
+ }
+ else
+ throw new ValidateException("validator.03", new Object [] {attributeNS} );
+ }
+ else
+ throw new ValidateException("validator.04", new Object [] {attributeName} );
+ }
+
+ //Check if dsig:Signature exists
+ Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature");
+ if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"});
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
new file mode 100644
index 000000000..c776418ab
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
@@ -0,0 +1,32 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+
+/**
+ * Validates an InfoboxReadResponse.
+ * An implementing class has to validate the content of the InfoboxReadResponse
+ * according to the type specific rules and guidelines of the underlying
+ * application.
+ */
+public interface InfoboxValidator {
+
+ /**
+ * This method validates an InfoboxReadResponse.
+ * The method validates the content of the passed <code>infoboxReadResponse</code>
+ * according to the type specific rules and guidelines of the underlying
+ * application.
+ *
+ * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams
+ * Parameters} needed by the validator.
+ *
+ * @return <code>True</code> if validation succeeds,
+ * otherwise <code>false</code>.
+ *
+ * @throws ValidateException If an error occurs on validating the
+ * InfoboxReadResponse.
+ */
+ public InfoboxValidationResult validate (InfoboxValidatorParams params)
+ throws ValidateException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
new file mode 100644
index 000000000..a6685fca8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while validating an incoming XML structure
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ValidateException extends MOAIDException {
+
+ /**
+ * Constructor for ValidateException.
+ * @param messageId
+ * @param parameters
+ */
+ public ValidateException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ValidateException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ValidateException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
new file mode 100644
index 000000000..1f2ebc37c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -0,0 +1,177 @@
+package at.gv.egovernment.moa.id.auth.validator;
+
+import iaik.asn1.structures.Name;
+import iaik.security.ecc.ecdsa.ECPublicKey;
+import iaik.utils.RFC2253NameParserException;
+import iaik.x509.X509Certificate;
+import iaik.x509.X509ExtensionInitException;
+
+import java.security.PublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * This class is used to validate an {@link VerifyXMLSignatureResponse}
+ * returned by MOA-SPSS
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureResponseValidator {
+
+ /** Identification string for checking identity link */
+ public static final String CHECK_IDENTITY_LINK = "IdentityLink";
+ /** Identification string for checking authentication block */
+ public static final String CHECK_AUTH_BLOCK = "AuthBlock";
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static VerifyXMLSignatureResponseValidator instance;
+
+ /**
+ * Constructor for a singleton VerifyXMLSignatureResponseValidator.
+ */
+ public static synchronized VerifyXMLSignatureResponseValidator getInstance()
+ throws ValidateException {
+ if (instance == null) {
+ instance = new VerifyXMLSignatureResponseValidator();
+ }
+ return instance;
+ }
+
+ /**
+ * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS.
+ *
+ * @param verifyXMLSignatureResponse the <code>&lt;VerifyXMLSignatureResponse&gt;</code>
+ * @param identityLinkSignersSubjectDNNames subject names configured
+ * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
+ * @param ignoreManifestValidationResult specifies whether the validation result of the
+ * manifest has to be ignored (identityLink validation if
+ * the OA is a business service) or not
+ * @throws ValidateException on any validation error
+ */
+ public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse,
+ List identityLinkSignersSubjectDNNames,
+ String whatToCheck,
+ boolean ignoreManifestValidationResult)
+ throws ValidateException {
+
+ if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
+ throw new ValidateException("validator.06", null);
+
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
+ String checkFailedReason ="";
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1)
+ checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null);
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2)
+ checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null);
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3)
+ checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null);
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4)
+ checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
+ if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5)
+ checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
+
+ if (whatToCheck.equals(CHECK_IDENTITY_LINK))
+ throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
+ else
+ throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
+ }
+
+ if (ignoreManifestValidationResult) {
+ Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result");
+ } else {
+ if (verifyXMLSignatureResponse.isXmlDSIGManigest())
+ if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
+ throw new ValidateException("validator.08", null);
+ }
+
+
+ // TODO See Bug #322
+ // Check result of SignatureManifestCheck
+
+
+ //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
+ if (identityLinkSignersSubjectDNNames != null) {
+ String subjectDN = "";
+ X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
+ try {
+ subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
+ }
+ catch (RFC2253NameParserException e) {
+ throw new ValidateException("validator.17", null);
+ }
+ // check the authorisation to sign the identity link
+ if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
+ // subject DN check failed, try OID check:
+ try {
+ if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) {
+ throw new ValidateException("validator.18", new Object[] { subjectDN });
+ } else {
+ Logger.debug("Identity link signer cert accepted for signing identity link: " +
+ "subjectDN check failed, but OID check successfully passed.");
+ }
+ } catch (X509ExtensionInitException e) {
+ throw new ValidateException("validator.49", null);
+ }
+ } else {
+ Logger.debug("Identity link signer cert accepted for signing identity link: " +
+ "subjectDN check successfully passed.");
+ }
+
+ }
+ }
+
+ /**
+ * Method validateCertificate.
+ * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
+ * @param idl The Identitylink
+ * @throws ValidateException
+ */
+ public void validateCertificate(
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse,
+ IdentityLink idl)
+ throws ValidateException {
+
+ X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
+ PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
+
+ PublicKey pubKeySignature = x509Response.getPublicKey();
+
+ boolean found = false;
+ for (int i = 0; i < pubKeysIdentityLink.length; i++) {
+
+ //compare RSAPublicKeys
+ if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) &&
+ (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) {
+
+ RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature;
+ RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
+
+ if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus())
+ && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent()))
+ found = true;
+ }
+
+ //compare ECDSAPublicKeys
+ if((idl.getPublicKey()[i] instanceof iaik.security.ecc.ecdsa.ECPublicKey) &&
+ (pubKeySignature instanceof iaik.security.ecc.ecdsa.ECPublicKey)) {
+
+ ECPublicKey ecdsaPubKeySignature = (ECPublicKey) pubKeySignature;
+ ECPublicKey ecdsakey = (ECPublicKey) pubKeysIdentityLink[i];
+
+ if(ecdsakey.equals(ecdsaPubKeySignature))
+ found = true;
+ }
+ }
+
+ if (!found)
+ throw new ValidateException("validator.09", null);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
new file mode 100644
index 000000000..90b780526
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java
@@ -0,0 +1,894 @@
+package at.gv.egovernment.moa.id.config;
+
+import iaik.pki.pathvalidation.ChainingModes;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.id.auth.data.SchemaImpl;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
+import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.egovernment.moa.util.XPathException;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class that builds configuration data from a DOM based representation.
+ *
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConfigurationBuilder {
+
+ //
+ // XPath namespace prefix shortcuts
+ //
+ /** an XPATH-Expression */
+ protected static final String CONF = Constants.MOA_ID_CONFIG_PREFIX + ":";
+ /** an XPATH-Expression */
+ protected static final String DSIG = Constants.DSIG_PREFIX + ":";
+
+ //
+ // chaining mode constants appearing in the configuration file
+ //
+ /** an XPATH-Expression */
+ protected static final String CM_CHAINING = "chaining";
+ /** an XPATH-Expression */
+ protected static final String CM_PKIX = "pkix";
+ /** an XPATH-Expression */
+ protected static final String DEFAULT_ENCODING = "UTF-8";
+
+ //
+ // XPath expressions to select certain parts of the configuration
+ //
+ /** an XPATH-Expression */
+ protected static final String ROOT = "/" + CONF + "MOA-IDConfiguration/";
+
+ /** an XPATH-Expression */
+ protected static final String AUTH_BKU_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "BKUSelection";
+ /** an XPATH-Expression */
+ protected static final String AUTH_BKUSELECT_TEMPLATE_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL";
+ /** an XPATH-Expression */
+ protected static final String AUTH_TEMPLATE_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL";
+ /** an XPATH-Expression */
+ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename";
+ /** an XPATH-Expression */
+ protected static final String AUTH_MOA_SP_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP";
+ /** an XPATH-Expression */
+ protected static final String AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyIdentityLink/" + CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ protected static final String AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ protected static final String AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "MOA-SP/" + CONF + "VerifyAuthBlock/" + CONF + "VerifyTransformsInfoProfileID";
+
+ /** an XPATH-Expression */
+ protected static final String AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "IdentityLinkSigners/" + CONF + "X509SubjectName";
+
+ /** an XPATH-Expression */
+ public static final String AUTH_VERIFY_INFOBOXES_XPATH =
+ ROOT + CONF + "AuthComponent/" + CONF + "VerifyInfoboxes";
+
+ /** an XPATH-Expression */
+ protected static final String OA_XPATH = ROOT + CONF + "OnlineApplication";
+ /** an XPATH-Expression */
+ protected static final String OA_LOGIN_XPATH = ROOT + CONF + "OnlineApplication/@loginURL";
+ /** an XPATH-Expression */
+ protected static final String OA_AUTH_COMPONENT_XPATH = CONF + "AuthComponent";
+ /** an XPATH-Expression */
+ protected static final String OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH = CONF + "IdentificationNumber";
+ /** an XPATH-Expression */
+ protected static final String OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH =
+ CONF + "Templates/" + CONF + "BKUSelectionTemplate/@URL";
+ /** an XPATH-Expression */
+ protected static final String OA_AUTH_COMPONENT_TEMPLATE_XPATH =
+ CONF + "Templates/" + CONF + "Template/@URL";
+ /** an XPATH-Expression */
+ protected static final String OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH = CONF + "TransformsInfo/@filename";
+ /** an XPATH-Expression */
+ protected static final String OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH = CONF + "VerifyInfoboxes";
+ /** an XPATH-Expression */
+ protected static final String CONNECTION_PARAMETER_URL_XPATH =
+ CONF + "ConnectionParameter/@URL";
+ /** an XPATH-Expression */
+ protected static final String CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH =
+ CONF + "ConnectionParameter/" + CONF + "AcceptedServerCertificates";
+ /** an XPATH-Expression */
+ protected static final String CONNECTION_PARAMETERN_KEYSTORE_XPATH =
+ CONF + "ConnectionParameter/" + CONF + "ClientKeyStore";
+ /** an XPATH-Expression */
+ protected static final String CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH =
+ CONNECTION_PARAMETERN_KEYSTORE_XPATH + "/@password";
+ /** an XPATH-Expression */
+ protected static final String GENERIC_CONFIGURATION_XPATH =
+ ROOT + CONF + "GenericConfiguration";
+
+ /** an XPATH-Expression */
+ protected static final String CHAINING_MODES_XPATH =
+ ROOT + CONF + "ChainingModes";
+ /** an XPATH-Expression */
+ protected static final String CHAINING_MODES_DEFAULT_XPATH =
+ CHAINING_MODES_XPATH + "/@systemDefaultMode";
+ /** an XPATH-Expression */
+ protected static final String TRUST_ANCHOR_XPATH =
+ ROOT + CONF + "ChainingModes/" + CONF + "TrustAnchor";
+ /** an XPATH-Expression */
+ protected static final String ISSUER_XPATH = DSIG + "X509IssuerName";
+ /** an XPATH-Expression */
+ protected static final String SERIAL_XPATH = DSIG + "X509SerialNumber";
+ /** an XPATH-Expression */
+ protected static final String TRUSTED_CA_CERTIFICATES_XPATH =
+ ROOT + CONF + "TrustedCACertificates";
+
+ /** an XPATH-Expression */
+ protected static final String VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH = CONF + "DefaultTrustProfile";
+ /** an XPATH-Expression */
+ protected static final String VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH = CONF + "TrustProfileID";
+ /** an XPATH-Expression */
+ protected static final String VERIFY_INFOBOXES_INFOBOX_XPATH = CONF + "Infobox";
+
+
+
+
+ /**
+ * main configuration file directory name used to configure MOA-ID
+ */
+ protected String rootConfigFileDir_;
+
+ /** The root element of the MOA-ID configuration */
+ protected Element configElem_;
+
+ /**
+ * Creates a new <code>MOAConfigurationProvider</code>.
+ *
+ * @param configElem The root element of the MOA-ID configuration.
+ */
+ public ConfigurationBuilder(Element configElem, String rootConfigDir) {
+ configElem_ = configElem;
+ rootConfigFileDir_ = rootConfigDir;
+ }
+
+ /**
+ * Returns the root element of the MOA-ID configuration.
+ *
+ * @return The root element of the MOA-ID configuration.
+ */
+ public Element getConfigElem() {
+ return configElem_;
+ }
+
+ /**
+ * Build a ConnectionParameter object containing all information
+ * of the moa-sp element in the authentication component
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter buildAuthBKUConnectionParameter() {
+
+ Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH);
+ if (authBKU==null) return null;
+ return buildConnectionParameter(authBKU);
+ }
+
+ /**
+ * Method buildAuthBKUSelectionType.
+ *
+ * Build a string with the configuration value of BKUSelectionAlternative
+ *
+ * @return String
+ */
+ public String buildAuthBKUSelectionType() {
+
+ Element authBKU = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_BKU_XPATH);
+ if (authBKU==null) return null;
+ return (authBKU).getAttribute("BKUSelectionAlternative");
+ }
+
+ /**
+ * Build a string array with all filenames leading
+ * to the Transforms Information for the Security Layer
+ * @param contextNode The node from which should be searched
+ * @param xpathExpr The XPATH expression for the search
+ * @return String[] of filenames to the Security Layer Transforms Information
+ * or <code>null</code> if no transforms are included
+ */
+ public String[] buildTransformsInfoFileNames(Node contextNode, String xpathExpr) {
+
+ List transformsInfoFileNames = new ArrayList();
+
+ try {
+ NodeIterator tiIter = XPathUtils.selectNodeIterator(contextNode, xpathExpr);
+
+ Attr tiElem;
+ while ((tiElem = (Attr) tiIter.nextNode()) != null) {
+ String tiFileName = tiElem.getNodeValue();
+ transformsInfoFileNames.add(tiFileName);
+ }
+
+ String[] result = new String[transformsInfoFileNames.size()];
+ transformsInfoFileNames.toArray(result);
+
+ return result;
+ } catch (XPathException xpe) {
+ return new String[0];
+ }
+ }
+
+
+ /**
+ * Loads the <code>transformsInfos</code> from files.
+ * @throws Exception on any exception thrown
+ */
+ public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
+
+ String[] transformsInfos = new String[transformsInfoFileNames.length];
+ for (int i = 0; i < transformsInfoFileNames.length; i++) {
+ String fileURL = transformsInfoFileNames[i];
+
+ //if fileURL is relative to rootConfigFileDir make it absolute
+ fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_);
+ String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
+ transformsInfos[i] = transformsInfo;
+ }
+ return transformsInfos;
+ }
+
+ /**
+ * Build a ConnectionParameter bean containing all information
+ * of the authentication component moa-sp element
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter buildMoaSpConnectionParameter() {
+
+ Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, AUTH_MOA_SP_XPATH);
+ if (connectionParameter==null) return null;
+ return buildConnectionParameter(connectionParameter);
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyIdentityLink trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ */
+ public String getMoaSpIdentityLinkTrustProfileID() {
+ return XPathUtils.getElementValue(
+ configElem_,
+ AUTH_MOA_SP_VERIFY_IDENTITY_TRUST_ID_XPATH,
+ "");
+ }
+ /**
+ * Return a string representation of an URL pointing to trusted CA Certificates
+ * @return String representation of an URL pointing to trusted CA Certificates
+ */
+ public String getTrustedCACertificates() {
+ return XPathUtils.getElementValue(
+ configElem_,
+ TRUSTED_CA_CERTIFICATES_XPATH,null);
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyAuthBlock trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String getMoaSpAuthBlockTrustProfileID() {
+ return XPathUtils.getElementValue(
+ configElem_,
+ AUTH_MOA_SP_VERIFY_AUTH_TRUST_ID_XPATH,
+ "");
+ }
+ /**
+ * Build a string array with references to all verify transform info
+ * IDs within the moa-sp part of the authentication component
+ * @return A string array containing all urls to the
+ * verify transform info IDs
+ */
+ public String[] buildMoaSpAuthBlockVerifyTransformsInfoIDs() {
+
+ List verifyTransformsInfoIDs = new ArrayList();
+ NodeIterator vtIter =
+ XPathUtils.selectNodeIterator(
+ configElem_,
+ AUTH_MOA_SP_VERIFY_AUTH_VERIFY_ID_XPATH);
+ Element vtElem;
+
+ while ((vtElem = (Element) vtIter.nextNode()) != null) {
+
+ String vtInfoIDs = DOMUtils.getText(vtElem);
+ verifyTransformsInfoIDs.add(vtInfoIDs);
+ }
+ String[] result = new String[verifyTransformsInfoIDs.size()];
+ verifyTransformsInfoIDs.toArray(result);
+
+ return result;
+ }
+
+
+ /**
+ * Returns a list containing all X509 Subject Names
+ * of the Identity Link Signers
+ * @return a list containing the configured identity-link signer X509 subject names
+ */
+ public List getIdentityLink_X509SubjectNames() {
+
+ Vector x509SubjectNameList = new Vector();
+ NodeIterator x509Iter =
+ XPathUtils.selectNodeIterator(
+ configElem_,
+ AUTH_IDENTITY_LINK_X509SUBJECTNAME_XPATH);
+ Element x509Elem;
+
+ while ((x509Elem = (Element) x509Iter.nextNode()) != null) {
+ String vtInfoIDs = DOMUtils.getText(x509Elem);
+ x509SubjectNameList.add(vtInfoIDs);
+ }
+
+ // now add the default identity link signers
+ String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
+ for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
+ String identityLinkSigner = identityLinkSignersWithoutOID[i];
+ if (!x509SubjectNameList.contains(identityLinkSigner)) {
+ x509SubjectNameList.add(identityLinkSigner);
+ }
+ }
+
+ return x509SubjectNameList;
+ }
+
+ /**
+ * Build an array of the OnlineApplication Parameters containing information
+ * about the authentication component
+ *
+ * @param defaultVerifyInfoboxParameters Default parameters for verifying additional
+ * infoboxes. Maybe <code>null</code>.
+ * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+ * the identity link signer certificate. Needed for
+ * checking if this ID is not used for validating other
+ * infoboxes.
+ *
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the authentication component of the online
+ * application
+ */
+ public OAAuthParameter[] buildOnlineApplicationAuthParameters(
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters, String moaSpIdentityLinkTrustProfileID)
+ throws ConfigurationException
+ {
+
+ String bkuSelectionTemplateURL =
+ XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null);
+ String templateURL =
+ XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null);
+
+ List OA_set = new ArrayList();
+ NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
+
+ for (int i = 0; i < OAIter.getLength(); i++) {
+ Element oAElem = (Element) OAIter.item(i);
+ Element authComponent =
+ (Element) XPathUtils.selectSingleNode(oAElem, OA_AUTH_COMPONENT_XPATH);
+
+ OAAuthParameter oap = new OAAuthParameter();
+ String publicURLPrefix = oAElem.getAttribute("publicURLPrefix");
+ oap.setPublicURLPrefix(publicURLPrefix);
+ oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier"));
+
+ // get the type of the online application
+ String oaType = oAElem.getAttribute("type");
+ oap.setOaType(oaType);
+ String slVersion = "1.1";
+ if ("businessService".equalsIgnoreCase(oaType)) {
+ if (authComponent==null) {
+ Logger.error("Missing \"AuthComponent\" for OA of type \"businessService\"");
+ throw new ConfigurationException("config.02", null);
+ }
+ Element identificationNumberElem =
+ (Element) XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_IDENT_NUMBER_XPATH);
+ if (identificationNumberElem==null) {
+ Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
+ throw new ConfigurationException("config.02", null);
+ }
+ Element identificationNumberChild = DOMUtils.getElementFromNodeList(identificationNumberElem.getChildNodes());
+ if (identificationNumberChild == null) {
+ Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\"");
+ throw new ConfigurationException("config.02", null);
+ }
+ if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) {
+ oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild));
+ } else {
+ // If we have business service and want to dealt with GDA, the security layer can be advised to calulate
+ // the Health Professional Identifier HPI instead of the wbPK
+ Logger.info("OA uses HPI for Identification");
+ oap.setIdentityLinkDomainIdentifier(Constants.URN_PREFIX_HPI);
+ }
+
+ // if OA type is "businessSErvice" set slVersion to 1.2 and ignore parameter in config file
+ Logger.info("OA type is \"businessService\"; setting Security Layer version to 1.2");
+ slVersion = "1.2";
+
+ } else {
+
+ if (authComponent!=null) {
+ slVersion = authComponent.getAttribute("slVersion");
+ }
+
+ }
+ oap.setSlVersion(slVersion);
+ //Check if there is an Auth-Block to read from configuration
+
+ if (authComponent!=null)
+ {
+ oap.setProvideStammzahl(BoolUtils.valueOf(authComponent.getAttribute("provideStammzahl")));
+ oap.setProvideAuthBlock(BoolUtils.valueOf(authComponent.getAttribute("provideAUTHBlock")));
+ oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));
+ oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));
+ oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));
+ oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));
+ // load OA specific transforms if present
+ String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH);
+ try {
+ oap.setTransformsInfos(loadTransformsInfos(transformsInfoFileNames));
+ } catch (Exception ex) {
+ Logger.error("Error loading transforms specified for OA \"" + publicURLPrefix + "\"; using default transforms.");
+ }
+ Node verifyInfoboxParamtersNode = XPathUtils.selectSingleNode(authComponent, OA_AUTH_COMPONENT_VERIFY_INFOBOXES_XPATH);
+ oap.setVerifyInfoboxParameters(buildVerifyInfoboxParameters(
+ verifyInfoboxParamtersNode, defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID));
+ }
+ OA_set.add(oap);
+ }
+ OAAuthParameter[] result =
+ new OAAuthParameter[OA_set.size()];
+ OA_set.toArray(result);
+
+ return result;
+
+ }
+
+ /**
+ * Builds the URL for a BKUSelectionTemplate or a Template. The method selects
+ * the uri string from the MOA ID configuration file via the given xpath expression
+ * and returns either this string or the default value.
+ *
+ * @param oaAuthComponent The AuthComponent element to get the template from.
+ * @param xpathExpr The xpath expression for selecting the template uri.
+ * @param defaultURL The default template url.
+ * @return The template url. This may either the via xpath selected uri
+ * or, if no template is specified within the online appliacation,
+ * the default url. Both may be <code>null</code>.
+ */
+ protected String buildTemplateURL(Element oaAuthComponent, String xpathExpr, String defaultURL) {
+ String templateURL = XPathUtils.getAttributeValue(oaAuthComponent, xpathExpr, defaultURL);
+ if (templateURL != null) {
+ templateURL = FileUtils.makeAbsoluteURL(templateURL, rootConfigFileDir_);
+ }
+ return templateURL;
+ }
+
+
+ /**
+ * Method buildConnectionParameter: internal Method for creating a
+ * ConnectionParameter object with all data found in the incoming element
+ * @param root This Element contains the ConnectionParameter
+ * @return ConnectionParameter
+ */
+ protected ConnectionParameter buildConnectionParameter(Element root)
+ {
+ ConnectionParameter result = new ConnectionParameter();
+ result.setAcceptedServerCertificates(
+ XPathUtils.getElementValue(root,CONNECTION_PARAMETER_ACCEPTED_CERTS_XPATH,null));
+
+ result.setAcceptedServerCertificates(FileUtils.makeAbsoluteURL(
+ result.getAcceptedServerCertificates(), rootConfigFileDir_));
+
+ result.setUrl(
+ XPathUtils.getAttributeValue(root, CONNECTION_PARAMETER_URL_XPATH, ""));
+ result.setClientKeyStore(
+ XPathUtils.getElementValue(root,CONNECTION_PARAMETERN_KEYSTORE_XPATH,null));
+
+ result.setClientKeyStore(FileUtils.makeAbsoluteURL(
+ result.getClientKeyStore(), rootConfigFileDir_));
+
+ result.setClientKeyStorePassword(
+ XPathUtils.getAttributeValue(root,CONNECTION_PARAMETER_KEYSTORE_PASS_XPATH,""));
+
+ if ((result.getAcceptedServerCertificates()==null)
+ && (result.getUrl()=="")
+ && (result.getClientKeyStore()==null)
+ && (result.getClientKeyStorePassword()==""))
+ return null;
+
+ return result;
+ }
+
+
+ /**
+ * Build the mapping of generic configuration properties.
+ *
+ * @return a {@link Map} of generic configuration properties (a name to value
+ * mapping) from the configuration.
+ */
+ public Map buildGenericConfiguration() {
+
+ Map genericConfiguration = new HashMap();
+ NodeIterator gcIter =
+ XPathUtils.selectNodeIterator(
+ configElem_,
+ GENERIC_CONFIGURATION_XPATH);
+ Element gcElem;
+
+ while ((gcElem = (Element) gcIter.nextNode()) != null) {
+ String gcName = gcElem.getAttribute("name");
+ String gcValue = gcElem.getAttribute("value");
+
+ genericConfiguration.put(gcName, gcValue);
+ }
+
+ return genericConfiguration;
+ }
+
+
+ /**
+ * Returns the default chaining mode from the configuration.
+ *
+ * @return The default chaining mode.
+ */
+ public String getDefaultChainingMode() {
+ String defaultChaining =
+ XPathUtils.getAttributeValue(
+ configElem_,
+ CHAINING_MODES_DEFAULT_XPATH,
+ CM_CHAINING);
+
+ return translateChainingMode(defaultChaining);
+
+ }
+ /**
+ * Build the chaining modes for all configured trust anchors.
+ *
+ * @return The mapping from trust anchors to chaining modes.
+ */
+ public Map buildChainingModes() {
+ Map chainingModes = new HashMap();
+ NodeIterator trustIter =
+ XPathUtils.selectNodeIterator(configElem_, TRUST_ANCHOR_XPATH);
+ Element trustAnchorElem;
+
+ while ((trustAnchorElem = (Element) trustIter.nextNode()) != null) {
+ IssuerAndSerial issuerAndSerial = buildIssuerAndSerial(trustAnchorElem);
+ String mode = trustAnchorElem.getAttribute("mode");
+
+ if (issuerAndSerial != null) {
+ chainingModes.put(issuerAndSerial, translateChainingMode(mode));
+ }
+ }
+
+ return chainingModes;
+ }
+
+ /**
+ * Build an <code>IssuerAndSerial</code> from the DOM representation.
+ *
+ * @param root The root element (being of type <code>dsig:
+ * X509IssuerSerialType</code>.
+ * @return The issuer and serial number contained in the <code>root</code>
+ * element or <code>null</code> if could not be built for any reason.
+ */
+ protected IssuerAndSerial buildIssuerAndSerial(Element root) {
+ String issuer = XPathUtils.getElementValue(root, ISSUER_XPATH, null);
+ String serial = XPathUtils.getElementValue(root, SERIAL_XPATH, null);
+
+ if (issuer != null && serial != null) {
+ try {
+ RFC2253NameParser nameParser = new RFC2253NameParser(issuer);
+ Principal issuerDN = nameParser.parse();
+
+ return new IssuerAndSerial(issuerDN, new BigInteger(serial));
+ } catch (RFC2253NameParserException e) {
+ warn("config.09", new Object[] { issuer, serial }, e);
+ return null;
+ } catch (NumberFormatException e) {
+ warn("config.09", new Object[] { issuer, serial }, e);
+ return null;
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Translate the chaining mode from the configuration file to one used in the
+ * IAIK MOA API.
+ *
+ * @param chainingMode The chaining mode from the configuration.
+ * @return The chaining mode as provided by the <code>ChainingModes</code>
+ * interface.
+ * @see iaik.pki.pathvalidation.ChainingModes
+ */
+ protected String translateChainingMode(String chainingMode) {
+ if (chainingMode.equals(CM_CHAINING)) {
+ return ChainingModes.CHAIN_MODE;
+ } else if (chainingMode.equals(CM_PKIX)) {
+ return ChainingModes.PKIX_MODE;
+ } else {
+ return ChainingModes.CHAIN_MODE;
+ }
+ }
+
+ /**
+ * Builds the IdentityLinkDomainIdentifier as needed for providing it to the
+ * SecurityLayer for computation of the wbPK.
+ * <p>e.g.:<br>
+ * input element:
+ * <br>
+ * <code>&lt;pr:Firmenbuchnummer Identifier="FN"&gt;000468 i&lt;/pr:Firmenbuchnummer&gt;</code>
+ * <p>
+ * return value: <code>urn:publicid:gv.at+wbpk+FN468i</code>
+ *
+ * @param number The element holding the identification number of the business
+ * company.
+ * @return The domain identifier
+ */
+ protected String buildIdentityLinkDomainIdentifier(Element number) {
+ if (number == null) {
+ return null;
+ }
+ String identificationNumber = number.getFirstChild().getNodeValue();
+ String identifier = number.getAttribute("Identifier");
+ // remove all blanks
+ identificationNumber = StringUtils.removeBlanks(identificationNumber);
+ if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) {
+ // delete zeros from the beginning of the number
+ identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber);
+ // remove hyphens
+ identificationNumber = StringUtils.removeToken(identificationNumber, "-");
+ }
+ StringBuffer identityLinkDomainIdentifier = new StringBuffer(Constants.URN_PREFIX_WBPK);
+ identityLinkDomainIdentifier.append("+");
+ if (!identificationNumber.startsWith(identifier)) {
+ identityLinkDomainIdentifier.append(identifier);
+ }
+ identityLinkDomainIdentifier.append("+");
+ identityLinkDomainIdentifier.append(identificationNumber);
+ return identityLinkDomainIdentifier.toString();
+ }
+
+ /**
+ * Builds the parameters for verifying additional infoboxes (additional to the
+ * IdentityLink infobox).
+ *
+ * @param verifyInfoboxesElem The <code>VerifyInfoboxes</code> element from the
+ * config file. This maybe the global element or the
+ * elment from an Online application.
+ * @param defaultVerifyInfoboxParameters Default parameters to be used, if no
+ * <code>VerifyInfoboxes</code> element is present.
+ * This only applies to parameters
+ * of an specific online application and is set to
+ * <code>null</code> when building the global parameters.
+ * @param moaSpIdentityLinkTrustProfileID The ID of the trust profile used for validating
+ * the identity link signer certificate. Needed for
+ * checking if this ID is not used for validating other
+ * infoboxes.
+ *
+ * @return A {@link at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters VerifyInfoboxParameters}
+ * object needed for verifying additional infoboxes.
+ *
+ * @throws ConfigurationException If the trust profile for validating the identity link
+ * signer certificate is used for validating another infobox.
+ */
+ public VerifyInfoboxParameters buildVerifyInfoboxParameters(
+ Node verifyInfoboxesElem,
+ VerifyInfoboxParameters defaultVerifyInfoboxParameters,
+ String moaSpIdentityLinkTrustProfileID)
+ throws ConfigurationException
+ {
+
+ if ((verifyInfoboxesElem == null) && (defaultVerifyInfoboxParameters == null)) {
+ return null;
+ }
+ Vector identifiers = new Vector();
+ List defaultIdentifiers = null;
+ Map defaultInfoboxParameters = null;
+ if (defaultVerifyInfoboxParameters != null) {
+ defaultIdentifiers = defaultVerifyInfoboxParameters.getIdentifiers();
+ defaultInfoboxParameters = defaultVerifyInfoboxParameters.getInfoboxParameters();
+ }
+ Hashtable infoboxParameters = new Hashtable();
+ if (verifyInfoboxesElem != null) {
+ // get the DefaultTrustProfileID
+ String defaultTrustProfileID = null;
+ Node defaultTrustProfileNode =
+ XPathUtils.selectSingleNode(verifyInfoboxesElem, VERIFY_INFOBOXES_DEFAULT_TRUST_PROFILE_XPATH);
+ if (defaultTrustProfileNode != null) {
+ Node trustProfileIDNode =
+ XPathUtils.selectSingleNode(defaultTrustProfileNode, VERIFY_INFOBOXES_TRUST_PROFILE_ID_XPATH);
+ defaultTrustProfileID = trustProfileIDNode.getFirstChild().getNodeValue();
+ if (defaultTrustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+ throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+ }
+ }
+ // get the Infoboxes
+ NodeList infoboxes =
+ XPathUtils.selectNodeList(verifyInfoboxesElem, VERIFY_INFOBOXES_INFOBOX_XPATH);
+ for (int i=0; i<infoboxes.getLength(); i++) {
+ Element infoBoxElem = (Element)infoboxes.item(i);
+ // get the identifier of the infobox
+ String identifier = infoBoxElem.getAttribute("Identifier");
+ identifiers.add(identifier);
+ VerifyInfoboxParameter verifyInfoboxParameter = new VerifyInfoboxParameter(identifier);
+ verifyInfoboxParameter.setFriendlyName(identifier);
+ // get the attributes
+ // (1) required: override global value in any case
+ verifyInfoboxParameter.setRequired(BoolUtils.valueOf(
+ infoBoxElem.getAttribute("required")));
+ // (2) provideStammzahl: override global value in any case
+ verifyInfoboxParameter.setProvideStammzahl(BoolUtils.valueOf(
+ infoBoxElem.getAttribute("provideStammzahl")));
+ // (3) proviedIdentityLink: override global value in any case
+ verifyInfoboxParameter.setProvideIdentityLink(BoolUtils.valueOf(
+ infoBoxElem.getAttribute("provideIdentityLink")));
+ // set default trustprofileID
+ if (defaultTrustProfileID != null) {
+ verifyInfoboxParameter.setTrustProfileID(defaultTrustProfileID);
+ }
+ // get the parameter elements
+ boolean localValidatorClass = false;
+ boolean localFriendlyName = false;
+ List params = DOMUtils.getChildElements(infoBoxElem);
+ Iterator it = params.iterator();
+ while (it.hasNext()) {
+ Element paramElem = (Element)it.next();
+ String paramName = paramElem.getLocalName();
+ if (paramName.equals("FriendlyName")) {
+ verifyInfoboxParameter.setFriendlyName(paramElem.getFirstChild().getNodeValue());
+ localFriendlyName = true;
+ } else if (paramName.equals("TrustProfileID")) {
+ String trustProfileID = paramElem.getFirstChild().getNodeValue();
+ if (trustProfileID != null) {
+ if (trustProfileID.equals(moaSpIdentityLinkTrustProfileID)) {
+ throw new ConfigurationException("config.15", new Object[] {moaSpIdentityLinkTrustProfileID});
+ }
+ verifyInfoboxParameter.setTrustProfileID(trustProfileID);
+ }
+ } else if (paramName.equals("ValidatorClass")) {
+ String validatorClassName = paramElem.getFirstChild().getNodeValue();
+ if (validatorClassName != null) {
+ verifyInfoboxParameter.setValidatorClassName(validatorClassName);
+ localValidatorClass = true;
+ }
+ } else if (paramName.equals("SchemaLocations")) {
+ List schemaElems = DOMUtils.getChildElements(paramElem);
+ List schemaLocations = new Vector(schemaElems.size());
+ Iterator schemaIterator = schemaElems.iterator();
+ while (schemaIterator.hasNext()) {
+ Element schemaElem = (Element)schemaIterator.next();
+ String namespace = schemaElem.getAttribute("namespace");
+ String schemaLocation = schemaElem.getAttribute("schemaLocation");
+ // avoid adding the same schema twice
+ Iterator schemaLocationIterator = schemaLocations.iterator();
+ boolean add = true;
+ while (schemaLocationIterator.hasNext()) {
+ String existingNamespace = ((Schema)schemaLocationIterator.next()).getNamespace();
+ if (namespace.equals(existingNamespace)) {
+ Logger.warn("Multiple schemas specified for namespace \"" + namespace +
+ "\"; only using the first one.");
+ add = false;
+ break;
+ }
+ }
+ if (add) {
+ schemaLocations.add(new SchemaImpl(namespace, schemaLocation));
+ }
+ }
+ verifyInfoboxParameter.setSchemaLocations(schemaLocations);
+ } else if (paramName.equals("ApplicationSpecificParameters")) {
+ verifyInfoboxParameter.setApplicationSpecificParams(paramElem);
+ }
+ }
+ // use default values for those parameters not yet set by local configuration
+ if (defaultInfoboxParameters != null) {
+ Object defaultVerifyIP = defaultInfoboxParameters.get(identifier);
+ if (defaultVerifyIP != null) {
+ VerifyInfoboxParameter defaultVerifyInfoboxParameter =
+ (VerifyInfoboxParameter)defaultVerifyIP;
+ // if no friendly is set, use default
+ if (!localFriendlyName) {
+ verifyInfoboxParameter.setFriendlyName(
+ defaultVerifyInfoboxParameter.getFriendlyName());
+ }
+ // if no TrustProfileID is set, use default, if available
+ if (verifyInfoboxParameter.getTrustProfileID() == null) {
+ verifyInfoboxParameter.setTrustProfileID(
+ defaultVerifyInfoboxParameter.getTrustProfileID());
+ }
+ // if no local validator class is set, use default
+ if (!localValidatorClass) {
+ verifyInfoboxParameter.setValidatorClassName(
+ defaultVerifyInfoboxParameter.getValidatorClassName());
+ }
+ // if no schema locations set, use default
+ if (verifyInfoboxParameter.getSchemaLocations() == null) {
+ verifyInfoboxParameter.setSchemaLocations(
+ defaultVerifyInfoboxParameter.getSchemaLocations());
+ }
+ // if no application specific parameters set, use default
+ if (verifyInfoboxParameter.getApplicationSpecificParams() == null) {
+ verifyInfoboxParameter.setApplicationSpecificParams(
+ defaultVerifyInfoboxParameter.getApplicationSpecificParams());
+ }
+ }
+ }
+ infoboxParameters.put(identifier, verifyInfoboxParameter);
+ }
+ // add the infobox identifiers not present within the local configuration to the
+ // identifier list
+ if (defaultIdentifiers != null) {
+ Iterator identifierIterator = defaultIdentifiers.iterator();
+ while (identifierIterator.hasNext()) {
+ String defaultIdentifier = (String)identifierIterator.next();
+ if (!identifiers.contains(defaultIdentifier)) {
+ identifiers.add(defaultIdentifier);
+ }
+ }
+ }
+ return new VerifyInfoboxParameters(identifiers, infoboxParameters);
+ } else {
+ return new VerifyInfoboxParameters(defaultIdentifiers, infoboxParameters);
+ }
+ }
+
+ /**
+ * Method warn.
+ * @param messageId to identify a country-specific message
+ * @param parameters for the logger
+ */
+ //
+ // various utility methods
+ //
+
+ protected static void warn(String messageId, Object[] parameters) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ }
+
+ /**
+ * Method warn.
+ * @param messageId to identify a country-specific message
+ * @param args for the logger
+ * @param t as throwabl
+ */
+ protected static void warn(String messageId, Object[] args, Throwable t) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage(messageId, args), t);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
new file mode 100644
index 000000000..2ebec0398
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
@@ -0,0 +1,31 @@
+package at.gv.egovernment.moa.id.config;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception signalling an error in the configuration.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class ConfigurationException extends MOAIDException {
+
+ /**
+ * Create a <code>MOAConfigurationException</code>.
+ */
+ public ConfigurationException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Create a <code>MOAConfigurationException</code>.
+ */
+ public ConfigurationException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
new file mode 100644
index 000000000..e65c47bad
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -0,0 +1,128 @@
+package at.gv.egovernment.moa.id.config;
+
+import java.math.BigInteger;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.data.IssuerAndSerial;
+
+/**
+ * Base class for <code>AuthConfigurationProvider</code> and <code>ProxyConfigurationProvider</code>,
+ * providing functions common to both of them.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationProvider {
+
+ /**
+ * Constructor
+ */
+ public ConfigurationProvider() {
+ super();
+ }
+
+ /**
+ * The name of the system property which contains the file name of the
+ * configuration file.
+ */
+ public static final String CONFIG_PROPERTY_NAME =
+ "moa.id.configuration";
+
+ /**
+ * The name of the generic configuration property giving the certstore directory path.
+ */
+ public static final String DIRECTORY_CERTSTORE_PARAMETER_PROPERTY =
+ "DirectoryCertStoreParameters.RootDir";
+
+ /**
+ * The name of the generic configuration property switching the ssl revocation checking on/off
+ */
+ public static final String TRUST_MANAGER_REVOCATION_CHECKING =
+ "TrustManager.RevocationChecking";
+
+
+ /**
+ * A <code>Map</code> which contains generic configuration information. Maps a
+ * configuration name (a <code>String</code>) to a configuration value (also a
+ * <code>String</code>).
+ */
+ protected Map genericConfiguration;
+
+ /** The default chaining mode. */
+ protected String defaultChainingMode;
+
+ /**
+ * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to
+ * chaining mode (a <code>String</code>) mapping.
+ */
+ protected Map chainingModes;
+
+ /**
+ * the URL for the trusted CA Certificates
+ */
+ protected String trustedCACertificates;
+
+ /**
+ * main configuration file directory name used to configure MOA-ID
+ */
+ protected String rootConfigFileDir;
+
+ /**
+ * Returns the main configuration file directory used to configure MOA-ID
+ *
+ * @return the directory
+ */
+ public String getRootConfigFileDir() {
+ return rootConfigFileDir;
+ }
+
+ /**
+ * Returns the mapping of generic configuration properties.
+ *
+ * @return The mapping of generic configuration properties (a name to value
+ * mapping) from the configuration.
+ */
+ public Map getGenericConfiguration() {
+ return genericConfiguration;
+ }
+
+ /**
+ * Returns the value of a parameter from the generic configuration section.
+ *
+ * @return the parameter value; <code>null</code> if no such parameter
+ */
+ public String getGenericConfigurationParameter(String parameter) {
+ if (! genericConfiguration.containsKey(parameter))
+ return null;
+ return (String)genericConfiguration.get(parameter);
+ }
+
+ /**
+ * Return the chaining mode for a given trust anchor.
+ *
+ * @param trustAnchor The trust anchor for which the chaining mode should be
+ * returned.
+ * @return The chaining mode for the given trust anchor. If the trust anchor
+ * has not been configured separately, the system default will be returned.
+ */
+ public String getChainingMode(X509Certificate trustAnchor) {
+ Principal issuer = trustAnchor.getIssuerDN();
+ BigInteger serial = trustAnchor.getSerialNumber();
+ IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial);
+
+ String mode = (String) chainingModes.get(issuerAndSerial);
+ return mode != null ? mode : defaultChainingMode;
+ }
+
+ /**
+ * Returns the trustedCACertificates.
+ * @return String
+ */
+ public String getTrustedCACertificates() {
+
+ return trustedCACertificates;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
new file mode 100644
index 000000000..30b09cfe0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -0,0 +1,106 @@
+package at.gv.egovernment.moa.id.config;
+
+/**
+ * This bean class is used to store data for various connectionParameter
+ * within the MOA-ID configuration
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class ConnectionParameter {
+
+ /**
+ * Server URL
+ */
+ private String url;
+ /**
+ * File URL for a directory containing PKCS#12 server SSL certificates.
+ * From these certificates, a X509 trust store will be assembled for use
+ * by a JSSE <code>TrustManager</code>.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String acceptedServerCertificates;
+ /**
+ * File URL of a X509 key store containing the private key to be used
+ * for an HTTPS connection when the server requires client authentication.
+ * This field will only be used in case of an HTTPS URL.
+ */
+ private String clientKeyStore;
+ /**
+ * Password protecting the client key store.
+ */
+ private String clientKeyStorePassword;
+
+ /**
+ * Checks whether the URL scheme is <code>"https"</code>.
+ * @return true in case of an URL starting with <code>"https"</code>
+ */
+ public boolean isHTTPSURL() {
+ return getUrl().indexOf("https") == 0;
+ }
+
+ /**
+ * Returns the url.
+ * @return String
+ */
+ public String getUrl() {
+ return url;
+ }
+
+ /**
+ * Returns the acceptedServerCertificates.
+ * @return String
+ */
+ public String getAcceptedServerCertificates() {
+ return acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the acceptedServerCertificates.
+ * @param acceptedServerCertificates The acceptedServerCertificates to set
+ */
+ public void setAcceptedServerCertificates(String acceptedServerCertificates) {
+ this.acceptedServerCertificates = acceptedServerCertificates;
+ }
+
+ /**
+ * Sets the url.
+ * @param url The url to set
+ */
+ public void setUrl(String url) {
+ this.url = url;
+ }
+
+ /**
+ * Returns the clientKeyStore.
+ * @return String
+ */
+ public String getClientKeyStore() {
+ return clientKeyStore;
+ }
+
+ /**
+ * Returns the clientKeyStorePassword.
+ * @return String
+ */
+ public String getClientKeyStorePassword() {
+ return clientKeyStorePassword;
+ }
+
+ /**
+ * Sets the clientKeyStore.
+ * @param clientKeyStore The clientKeyStore to set
+ */
+ public void setClientKeyStore(String clientKeyStore) {
+ this.clientKeyStore = clientKeyStore;
+ }
+
+ /**
+ * Sets the clientKeyStorePassword.
+ * @param clientKeyStorePassword The clientKeyStorePassword to set
+ */
+ public void setClientKeyStorePassword(String clientKeyStorePassword) {
+ this.clientKeyStorePassword = clientKeyStorePassword;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
new file mode 100644
index 000000000..19a27b463
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -0,0 +1,76 @@
+package at.gv.egovernment.moa.id.config;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to be used within both, the MOA ID Auth and the
+ * MOA ID PROXY component.
+ *
+ * @author Harald Bratko
+ */
+public class OAParameter {
+
+ /**
+ * type of the online application (maybe "PublicService" or "BusinessService")
+ */
+ private String oaType;
+
+ /**
+ * specifies whether the online application is a business application or not
+ * (<code>true</code> if value of {@link #oaType} is "businessService"
+ */
+ private boolean businessService;
+
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+
+ /**
+ * Returns the type of the online application.
+ * @return the type of the online application.
+ */
+ public String getOaType() {
+ return oaType;
+ }
+
+ /**
+ * Returns <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>.
+ * @return <code>true</code> is the OA is a businss application, otherwise
+ * <code>false</code>
+ */
+ public boolean getBusinessService() {
+ return this.businessService;
+ }
+
+ /**
+ * Returns the publicURLPrefix.
+ * @return String
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ *
+ * Sets the type of the online application.
+ * If the type is "businessService" the value of <code>businessService</code>
+ * ({@link #getBusinessService()}) is also set to <code>true</code>
+ * @param oaType The type of the online application.
+ */
+ public void setOaType(String oaType) {
+ this.oaType = oaType;
+ if ("businessService".equalsIgnoreCase(oaType)) {
+ this.businessService = true;
+ }
+ }
+
+ /**
+ * Sets the publicURLPrefix.
+ * @param publicURLPrefix The publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String publicURLPrefix) {
+ this.publicURLPrefix = publicURLPrefix;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
new file mode 100644
index 000000000..b4af6592c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -0,0 +1,414 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.MalformedURLException;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * A class providing access to the Auth Part of the MOA-ID configuration data.
+ *
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.id.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>AuthConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>AuthConfigurationProvider</code> local to that request.</p>
+ *
+ * @author Patrick Peck
+ * @author Stefan Knirsch
+ *
+ * @version $Id$
+ */
+public class AuthConfigurationProvider extends ConfigurationProvider {
+
+ /** DEFAULT_ENCODING is "UTF-8" */
+ private static final String DEFAULT_ENCODING="UTF-8";
+ /**
+ * The name of the generic configuration property giving the authentication session time out.
+ */
+ public static final String AUTH_SESSION_TIMEOUT_PROPERTY =
+ "AuthenticationSession.TimeOut";
+ /**
+ * The name of the generic configuration property giving the authentication data time out.
+ */
+ public static final String AUTH_DATA_TIMEOUT_PROPERTY =
+ "AuthenticationData.TimeOut";
+
+ /**
+ * BKUSelectionType HTMLComplete, according to schema type <code>BKUSelectionType</code>
+ */
+ public static final String BKU_SELECTION_TYPE_HTMLCOMPLETE =
+ "HTMLComplete";
+
+ /**
+ * BKUSelectionType HTMLSelect, according to schema type <code>BKUSelectionType</code>
+ */
+ public static final String BKU_SELECTION_TYPE_HTMLSELECT =
+ "HTMLSelect";
+
+ /**
+ * The name of the generic configuration property allowing https connection to
+ * the user frontend servlets ("StartAuthentication" and "SelectBKU" servlets)
+ */
+ public static final String FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY =
+ "FrontendServlets.EnableHTTPConnection";
+
+ /**
+ * The name of the generic configuration property allowing to set a individual
+ * DATA URL used to communicate with the BKU (SecurityLayer)
+ */
+ public static final String INDIVIDUAL_DATA_URL_PREFIX =
+ "FrontendServlets.DataURLPrefix";
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static AuthConfigurationProvider instance;
+
+ //
+ // configuration data
+ //
+
+ /**
+ * configuration files containing transformations for rendering in the
+ * secure viewer of the security layer implementation;
+ * multiple files can be given for different mime types
+ */
+ private String[] transformsInfoFileNames;
+
+ /**
+ * transformations for rendering in the secure viewer of the security layer implementation,
+ * read from {@link transformsInfoFileNames};
+ * multiple transformation can be given for different mime types
+ */
+ private String[] transformsInfos;
+
+ /**
+ * parameters for connection to MOA SP component
+ */
+ private ConnectionParameter moaSpConnectionParameter;
+ /**
+ * trust profile ID to be used for verifying the identity link signature via MOA ID SP
+ */
+ private String moaSpIdentityLinkTrustProfileID;
+ /**
+ * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP
+ */
+ private String moaSpAuthBlockTrustProfileID;
+ /**
+ * transformations to be used for verifying the AUTH block signature via MOA ID SP
+ */
+ private String[] moaSpAuthBlockVerifyTransformsInfoIDs;
+ /**
+ * X509 SubjectNames which will be trusted
+ */
+ private List identityLinkX509SubjectNames;
+ /**
+ * default parameters for verifying additional infoboxes.
+ */
+ private VerifyInfoboxParameters defaultVerifyInfoboxParameters;
+
+ /**
+ * configuration parameters for online applications
+ */
+ private OAAuthParameter[] onlineApplicationAuthParameters;
+ /**
+ * the Selection Type of the bku Selection Element
+ */
+ private String bKUSelectionType;
+ /**
+ * is the bku Selection Element present?
+ */
+ private boolean bKUSelectable;
+ /**
+ * the bku Selection Connection Parameters
+ */
+ private ConnectionParameter bKUConnectionParameter;
+
+ /**
+ * Return the single instance of configuration data.
+ *
+ * @return AuthConfigurationProvider The current configuration data.
+ * @throws ConfigurationException
+ */
+ public static synchronized AuthConfigurationProvider getInstance()
+ throws ConfigurationException {
+
+ if (instance == null) {
+ reload();
+ }
+ return instance;
+ }
+
+ /**
+ * Reload the configuration data and set it if successful.
+ *
+ * @return AuthConfigurationProvider The loaded configuration data.
+ * @throws ConfigurationException Failure to load the configuration data.
+ */
+ public static synchronized AuthConfigurationProvider reload()
+ throws ConfigurationException {
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+ if (fileName == null) {
+ throw new ConfigurationException("config.01", null);
+ }
+ Logger.info("Loading MOA-ID-AUTH configuration " + fileName);
+
+ instance = new AuthConfigurationProvider(fileName);
+ return instance;
+ }
+
+ /**
+ * Constructor for AuthConfigurationProvider.
+ * @param fileName
+ * @throws ConfigurationException
+ */
+ public AuthConfigurationProvider(String fileName)
+ throws ConfigurationException {
+
+ load(fileName);
+ }
+
+ /**
+ * Load the configuration data from XML file with the given name and build
+ * the internal data structures representing the MOA ID configuration.
+ *
+ * @param fileName The name of the XML file to load.
+ * @throws ConfigurationException The MOA configuration could not be
+ * read/built.
+ */
+ private void load(String fileName) throws ConfigurationException {
+ InputStream stream = null;
+ Element configElem;
+ ConfigurationBuilder builder;
+
+ try {
+ // load the main config file
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseXmlValidating(stream);
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ } catch (IOException e) {
+ }
+ }
+ try {
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
+ try {
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ // build the internal datastructures
+ builder = new ConfigurationBuilder(configElem, rootConfigFileDir);
+ bKUConnectionParameter = builder.buildAuthBKUConnectionParameter();
+ bKUSelectable = (bKUConnectionParameter!=null);
+ bKUSelectionType = builder.buildAuthBKUSelectionType();
+ genericConfiguration = builder.buildGenericConfiguration();
+ transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH);
+ transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames);
+ moaSpConnectionParameter = builder.buildMoaSpConnectionParameter();
+ moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID();
+ moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID();
+ moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs();
+ defaultVerifyInfoboxParameters = null;
+ Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH);
+ if (defaultVerifyInfoboxParamtersElem != null) {
+ defaultVerifyInfoboxParameters =
+ builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID);
+ }
+ onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID);
+ identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames();
+ defaultChainingMode = builder.getDefaultChainingMode();
+ chainingModes = builder.buildChainingModes();
+ trustedCACertificates = builder.getTrustedCACertificates();
+ trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ /**
+ * Loads the <code>transformsInfos</code> from files.
+ * @throws Exception on any exception thrown
+ */
+// private void loadTransformsInfos() throws Exception {
+//
+// transformsInfos = new String[transformsInfoFileNames.length];
+// for (int i = 0; i < transformsInfoFileNames.length; i++) {
+// String fileURL = transformsInfoFileNames[i];
+//
+// //if fileURL is relative to rootConfigFileDir make it absolute
+// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
+// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
+// transformsInfos[i] = transformsInfo;
+// }
+// }
+
+ /**
+ * Loads the <code>transformsInfos</code> from files.
+ * @throws Exception on any exception thrown
+ */
+ private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception {
+
+ String[] transformsInfos = new String[transformsInfoFileNames.length];
+ for (int i = 0; i < transformsInfoFileNames.length; i++) {
+ String fileURL = transformsInfoFileNames[i];
+
+ //if fileURL is relative to rootConfigFileDir make it absolute
+ fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir);
+ String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING);
+ transformsInfos[i] = transformsInfo;
+ }
+ return transformsInfos;
+ }
+ /**
+ * Return a string array with all filenames leading
+ * to the Transforms Information for the Security Layer
+ * @return String[] of filenames to the Security Layer Transforms Information
+ */
+ public String[] getTransformsInfoFileNames() {
+ return transformsInfoFileNames;
+ }
+
+ /**
+ * Build an array of the OnlineApplication Parameters containing information
+ * about the authentication component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for theauthentication component of the online
+ * application
+ */
+ public OAAuthParameter[] getOnlineApplicationParameters() {
+ return onlineApplicationAuthParameters;
+ }
+
+ /**
+ * Provides configuration information regarding the online application behind
+ * the given URL, relevant to the MOA-ID Auth component.
+ *
+ * @param oaURL URL requested for an online application
+ * @return an <code>OAAuthParameter</code>, or <code>null</code>
+ * if none is applicable
+ */
+ public OAAuthParameter getOnlineApplicationParameter(String oaURL) {
+ OAAuthParameter[] oaParams = getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAAuthParameter oaParam = oaParams[i];
+ if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0)
+ return oaParam;
+ }
+ return null;
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyAuthBlock trust
+ * profile id within the moa-sp part of the authentication component
+ *
+ * @return String with a url-reference to the VerifyAuthBlock trust profile ID
+ */
+ public String getMoaSpAuthBlockTrustProfileID() {
+ return moaSpAuthBlockTrustProfileID;
+ }
+
+ /**
+ * Return a string array with references to all verify transform info
+ * IDs within the moa-sp part of the authentication component
+ * @return A string array containing all urls to the
+ * verify transform info IDs
+ */
+ public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() {
+ return moaSpAuthBlockVerifyTransformsInfoIDs;
+ }
+
+ /**
+ * Return a ConnectionParameter bean containing all information
+ * of the authentication component moa-sp element
+ * @return ConnectionParameter of the authentication component moa-sp element
+ */
+ public ConnectionParameter getMoaSpConnectionParameter() {
+ return moaSpConnectionParameter;
+ }
+
+ /**
+ * Return a string with a url-reference to the VerifyIdentityLink trust
+ * profile id within the moa-sp part of the authentication component
+ * @return String with a url-reference to the VerifyIdentityLink trust profile ID
+ */
+ public String getMoaSpIdentityLinkTrustProfileID() {
+ return moaSpIdentityLinkTrustProfileID;
+ }
+ /**
+ * Returns the transformsInfos.
+ * @return String[]
+ */
+ public String[] getTransformsInfos() {
+ return transformsInfos;
+ }
+
+ /**
+ * Returns the identityLinkX509SubjectNames.
+ * @return List
+ */
+ public List getIdentityLinkX509SubjectNames() {
+ return identityLinkX509SubjectNames;
+ }
+
+ /**
+ * Returns the bKUConnectionParameter.
+ * @return ConnectionParameter
+ */
+ public ConnectionParameter getBKUConnectionParameter() {
+ return bKUConnectionParameter;
+ }
+
+ /**
+ * Returns the bKUSelectable.
+ * @return boolean
+ */
+ public boolean isBKUSelectable() {
+ return bKUSelectable;
+ }
+
+ /**
+ * Returns the bKUSelectionType.
+ * @return String
+ */
+ public String getBKUSelectionType() {
+ return bKUSelectionType;
+ }
+
+ /**
+ * Returns the defaultVerifyInfoboxParameters.
+ *
+ * @return The defaultVerifyInfoboxParameters.
+ */
+ public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() {
+ return defaultVerifyInfoboxParameters;
+ }
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
new file mode 100644
index 000000000..ba3b61f9d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -0,0 +1,268 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import at.gv.egovernment.moa.id.config.OAParameter;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Auth component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+/**
+ *
+ *
+ * @author Harald Bratko
+ */
+public class OAAuthParameter extends OAParameter {
+ /**
+ * Sercurity Layer version
+ */
+ private String slVersion;
+ /**
+ * true, if the Security Layer version is version 1.2, otherwise false
+ */
+ private boolean slVersion12;
+ /**
+ * identityLinkDomainIdentifier
+ * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer")
+ * <br>
+ * only used within a business application context for providing it to the
+ * security layer as input for wbPK computation
+ */
+ private String identityLinkDomainIdentifier;
+ /**
+ * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair)
+ */
+ private String keyBoxIdentifier;
+ /**
+ * transformations for rendering in the secure viewer of the security layer
+ * implementation; multiple transformation can be given for different mime types
+ */
+ private String[] transformsInfos;
+ /**
+ * determines whether "Stammzahl" is to be included in the authentication data
+ */
+ private boolean provideStammzahl;
+ /**
+ * determines whether AUTH block is to be included in the authentication data
+ */
+ private boolean provideAuthBlock;
+ /**
+ * determines whether identity link is to be included in the authentication data
+ */
+ private boolean provideIdentityLink;
+ /**
+ * determines whether the certificate is to be included in the authentication data
+ */
+ private boolean provideCertificate;
+ /**
+ * url to a template for web page "Auswahl der B&uuml;rgerkartenumgebung"
+ */
+ private String bkuSelectionTemplateURL;
+ /**
+ * template for web page "Anmeldung mit B&uuml;rgerkarte"
+ */
+ private String templateURL;
+ /**
+ * Parameters for verifying infoboxes.
+ */
+ private VerifyInfoboxParameters verifyInfoboxParameters;
+
+ /**
+ * Returns <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>.
+ * @return <code>true</code> if the Security Layer version is version 1.2,
+ * otherwise <code>false</code>
+ */
+ public boolean getSlVersion12() {
+ return slVersion12;
+ }
+
+ /**
+ * Returns the security layer version.
+ * @return the security layer version.
+ */
+ public String getSlVersion() {
+ return slVersion;
+ }
+
+ /**
+ * Returns the identityLinkDomainIdentifier.
+ * @return the identityLinkDomainIdentifier.
+ */
+ public String getIdentityLinkDomainIdentifier() {
+ return identityLinkDomainIdentifier;
+ }
+
+ /**
+ * Returns the transformsInfos.
+ * @return the transformsInfos.
+ */
+ public String[] getTransformsInfos() {
+ return transformsInfos;
+ }
+
+ /**
+ * Returns the provideAuthBlock.
+ * @return String
+ */
+ public boolean getProvideAuthBlock() {
+ return provideAuthBlock;
+ }
+
+ /**
+ * Returns the provideIdentityLink.
+ * @return String
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink;
+ }
+
+ /**
+ * Returns the provideStammzahl.
+ * @return String
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl;
+ }
+
+ /**
+ * Returns <code>true</code> if the certificate should be provided within the
+ * authentication data, otherwise <code>false</code>.
+ * @return <code>true</code> if the certificate should be provided,
+ * otherwise <code>false</code>
+ */
+ public boolean getProvideCertifcate() {
+ return provideCertificate;
+ }
+
+ /**
+ * Returns the key box identifier.
+ * @return String
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
+
+ /**
+ * Returns the BkuSelectionTemplate url.
+ * @return The BkuSelectionTemplate url or <code>null</code> if no url for
+ * a BkuSelectionTemplate is set.
+ */
+ public String getBkuSelectionTemplateURL() {
+ return bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Returns the TemplateURL url.
+ * @return The TemplateURL url or <code>null</code> if no url for
+ * a Template is set.
+ */
+ public String getTemplateURL() {
+ return templateURL;
+ }
+
+ /**
+ * Returns the parameters for verifying additional infoboxes.
+ *
+ * @return The parameters for verifying additional infoboxes.
+ * Maybe <code>null</code>.
+ */
+ public VerifyInfoboxParameters getVerifyInfoboxParameters() {
+ return verifyInfoboxParameters;
+ }
+
+ /**
+ * Sets the security layer version.
+ * Also sets <code>slVersion12</code> ({@link #getSlVersion12()})
+ * to <code>true</code> if the Security Layer version is 1.2.
+ * @param slVersion The security layer version to be used.
+ */
+ public void setSlVersion(String slVersion) {
+ this.slVersion = slVersion;
+ if ("1.2".equals(slVersion)) {
+ this.slVersion12 = true;
+ }
+ }
+ /**
+ * Sets the IdentityLinkDomainIdentifier.
+ * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application.
+ */
+ public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) {
+ this.identityLinkDomainIdentifier = identityLinkDomainIdentifier;
+ }
+ /**
+ * Sets the transformsInfos.
+ * @param transformsInfos The transformsInfos to be used.
+ */
+ public void setTransformsInfos(String[] transformsInfos) {
+ this.transformsInfos = transformsInfos;
+ }
+ /**
+ * Sets the provideAuthBlock.
+ * @param provideAuthBlock The provideAuthBlock to set
+ */
+ public void setProvideAuthBlock(boolean provideAuthBlock) {
+ this.provideAuthBlock = provideAuthBlock;
+ }
+
+ /**
+ * Sets the provideIdentityLink.
+ * @param provideIdentityLink The provideIdentityLink to set
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ this.provideIdentityLink = provideIdentityLink;
+ }
+
+ /**
+ * Sets the provideStammzahl.
+ * @param provideStammzahl The provideStammzahl to set
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ this.provideStammzahl = provideStammzahl;
+ }
+
+ /**
+ * Sets the provideCertificate variable.
+ * @param provideCertificate The provideCertificate value to set
+ */
+ public void setProvideCertificate(boolean provideCertificate) {
+ this.provideCertificate = provideCertificate;
+ }
+
+ /**
+ * Sets the key box identifier.
+ * @param keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
+
+ /**
+ * Sets the BkuSelectionTemplate url.
+ * @param bkuSelectionTemplateURL The url string specifying the location
+ * of a BkuSelectionTemplate.
+ */
+ public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) {
+ this.bkuSelectionTemplateURL = bkuSelectionTemplateURL;
+ }
+
+ /**
+ * Sets the Template url.
+ * @param templateURL The url string specifying the location
+ * of a Template.
+ */
+ public void setTemplateURL(String templateURL) {
+ this.templateURL = templateURL;
+ }
+
+ /**
+ * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes.
+ *
+ * @param verifyInfoboxParameters The verifyInfoboxParameters to set.
+ */
+ public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) {
+ this.verifyInfoboxParameters = verifyInfoboxParameters;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
new file mode 100644
index 000000000..fbd42f975
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
@@ -0,0 +1,360 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.io.IOException;
+import java.util.Iterator;
+import java.util.List;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.Schema;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class is a container for parameters that maybe needed for verifying an infobox.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameter {
+
+ /**
+ * The default package name (first part) of a infobox validator class.
+ */
+ public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator.";
+
+ /**
+ * The identifier of the infobox to be verified. This identifier must exactly the
+ * identifier of the infobox returned by BKU.
+ */
+ protected String identifier_;
+
+ /**
+ * The friendly name of the infobox.
+ * This name is used within browser messages, thus it should be the german equivalent of
+ * the {@link #identifier_ infobox identifier} (e.g. &quot;<code>Stellvertretungen</code>&quot;
+ * for &quot;<code>Mandates</code>&quot; or &quot;<code>GDAToken</code>&quot; for
+ * &quot;<code>EHSPToken</code>&quot;.
+ * <br>If not specified within the config file the {@link #identifier_ infobox identifier}
+ * will be used.
+ */
+ protected String friendlyName_;
+
+ /**
+ * The Id of the TrustProfile to be used for validating certificates.
+ */
+ protected String trustProfileID_;
+
+ /**
+ * The full name of the class to be used for verifying the infobox.
+ */
+ protected String validatorClassName_;
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ */
+ protected List schemaLocations_;
+
+ /**
+ * Application specific parameters that may be needed for verifying an infobox.
+ */
+ protected Element applicationSpecificParams_;
+
+ /**
+ * Specifies if the infobox is be required to be returned by the BKU.
+ */
+ protected boolean required_;
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideStammzahl_;
+
+ /**
+ * Specifies whether the <code>identity link</code> should be passed to the verifying
+ * application or not.
+ */
+ protected boolean provideIdentityLink_;
+
+ /**
+ * Initializes this VerifiyInfoboxParamater with the given identifier and a default
+ * validator class name.
+ *
+ * @param identifier The identifier of the infobox to be verified.
+ */
+ public VerifyInfoboxParameter(String identifier) {
+ identifier_ = identifier;
+ StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK);
+ sb.append(identifier.toLowerCase());
+ sb.append(".");
+ sb.append(identifier.substring(0, 1).toUpperCase());
+ sb.append(identifier.substring(1));
+ sb.append("Validator");
+ validatorClassName_ = sb.toString();
+ }
+
+ /**
+ * Returns application specific parameters.
+ * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_}
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @return Application specific parameters.
+ */
+ public Element getApplicationSpecificParams() {
+ return applicationSpecificParams_;
+ }
+
+ /**
+ * Sets the application specific parameters.
+ *
+ * @see #applicationSpecificParams_
+ *
+ * @param applicationSpecificParams The application specific parameters to set.
+ */
+ public void setApplicationSpecificParams(Element applicationSpecificParams) {
+ applicationSpecificParams_ = applicationSpecificParams;
+ }
+
+ /**
+ * Returns the friendly name.
+ *
+ * @see #friendlyName_
+ *
+ * @return The friendly name.
+ */
+ public String getFriendlyName() {
+ return friendlyName_;
+ }
+
+ /**
+ * Sets the friendly name.
+ *
+ * @param friendlyName The friendly name to set.
+ */
+ public void setFriendlyName(String friendlyName) {
+ friendlyName_ = friendlyName;
+ }
+
+ /**
+ * Returns the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @return The infobox identifier.
+ */
+ public String getIdentifier() {
+ return identifier_;
+ }
+
+ /**
+ * Sets the the infobox identifier.
+ *
+ * @see #identifier_
+ *
+ * @param identifier The infobox identifier to set.
+ */
+ public void setIdentifier(String identifier) {
+ identifier_ = identifier;
+ }
+
+ /**
+ * Specifies whether the identity link should be passed to the verifying application
+ * or not.
+ *
+ * @return <code>True</code> if the identity link should be passed to the verifying
+ * application, otherwise <code>false</code>.
+ */
+ public boolean getProvideIdentityLink() {
+ return provideIdentityLink_;
+ }
+
+ /**
+ * Sets the {@link #provideIdentityLink_} parameter.
+ *
+ * @param provideIdentityLink <code>True</code> if the identity link should be passed to
+ * the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ provideIdentityLink_ = provideIdentityLink;
+ }
+
+ /**
+ * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
+ * application or not.
+ *
+ * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the
+ * verifying application, otherwise <code>false</code>.
+ */
+ public boolean getProvideStammzahl() {
+ return provideStammzahl_;
+ }
+
+ /**
+ * Sets the {@link #provideStammzahl_} parameter.
+ *
+ * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be
+ * passed to the verifying application, otherwise <code>false</code>.
+ */
+ public void setProvideStammzahl(boolean provideStammzahl) {
+ provideStammzahl_ = provideStammzahl;
+ }
+
+ /**
+ * Specifies whether the infobox is required or not.
+ *
+ * @return <code>True</code> if the infobox is required to be returned by the BKU,
+ * otherwise <code>false</code>.
+ */
+ public boolean isRequired() {
+ return required_;
+ }
+
+ /**
+ * Sets the {@link #required_} parameter.
+ *
+ * @param required <code>True</code> if the infobox is required to be returned by the
+ * BKU, otherwise <code>false</code>.
+ */
+ public void setRequired(boolean required) {
+ required_ = required;
+ }
+
+ /**
+ * Schema location URIs that may be needed by the
+ * validator to parse infobox tokens.
+ * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
+ * specifying the location of an XML schema.
+ *
+ * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects
+ * each of them specifying the location of an XML schema.
+ */
+ public List getSchemaLocations() {
+ return schemaLocations_;
+ }
+
+ /**
+ * Sets the schema locations.
+ *
+ * @see #schemaLocations_
+ *
+ * @param schemaLocations The schema location list to be set.
+ */
+ public void setSchemaLocations(List schemaLocations) {
+ schemaLocations_ = schemaLocations;
+ }
+
+ /**
+ * Returns the ID of the trust profile to be used for verifying certificates.
+ *
+ * @return The ID of the trust profile to be used for verifying certificates.
+ * Maybe <code>null</code>.
+ */
+ public String getTrustProfileID() {
+ return trustProfileID_;
+ }
+
+ /**
+ * Sets the ID of the trust profile to be used for verifying certificates.
+ *
+ * @param trustProfileID The ID of the trust profile to be used for verifying certificates.
+ */
+ public void setTrustProfileID(String trustProfileID) {
+ trustProfileID_ = trustProfileID;
+ }
+
+ /**
+ * Returns the name of the class to be used for verifying this infobox.
+ *
+ * @return The name of the class to be used for verifying this infobox.
+ */
+ public String getValidatorClassName() {
+ return validatorClassName_;
+ }
+
+ /**
+ * Sets the name of the class to be used for verifying this infobox.
+ *
+ * @param validatorClassName The name of the class to be used for verifying this infobox.
+ */
+ public void setValidatorClassName(String validatorClassName) {
+ validatorClassName_ = validatorClassName;
+ }
+
+ /**
+ * Get a string representation of this object.
+ * This method is for debugging purposes only.
+ *
+ * @return A string representation of this object.
+ */
+ public String toString() {
+
+ StringBuffer buffer = new StringBuffer(1024);
+
+ buffer.append(" <Infobox Identifier=\"");
+ buffer.append(identifier_);
+ buffer.append("\" required=\"");
+ buffer.append(required_);
+ buffer.append("\" provideStammzahl=\"");
+ buffer.append(provideStammzahl_);
+ buffer.append("\" provideIdentityLink=\"");
+ buffer.append(provideIdentityLink_);
+ buffer.append("\">");
+ buffer.append("\n");
+ if (friendlyName_ != null) {
+ buffer.append(" <FriendlyName>");
+ buffer.append(friendlyName_);
+ buffer.append("</FriendlyName>");
+ buffer.append("\n");
+ }
+ if (trustProfileID_ != null) {
+ buffer.append(" <TrustProfileID>");
+ buffer.append(trustProfileID_);
+ buffer.append("</TrustProfileID>");
+ buffer.append("\n");
+ }
+ if (validatorClassName_ != null) {
+ buffer.append(" <ValidatorClass>");
+ buffer.append(validatorClassName_);
+ buffer.append("</ValidatorClass>");
+ buffer.append("\n");
+ }
+ if (schemaLocations_ != null) {
+ buffer.append(" <SchemaLocations>");
+ buffer.append("\n");
+ Iterator it = schemaLocations_.iterator();
+ while (it.hasNext()) {
+ buffer.append(" <Schema namespace=\"");
+ Schema schema = (Schema)it.next();
+ buffer.append(schema.getNamespace());
+ buffer.append("\" schemaLocation=\"");
+ buffer.append(schema.getSchemaLocation());
+ buffer.append("\"/>\n");
+ }
+ buffer.append(" </SchemaLocations>");
+ buffer.append("\n");
+ }
+ if (applicationSpecificParams_ != null) {
+ try {
+ String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_);
+ buffer.append(" ");
+ buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams));
+ buffer.append("\n");
+ } catch (TransformerException e) {
+ // do nothing
+ } catch (IOException e) {
+ // do nothing
+ }
+ }
+ buffer.append(" </Infobox>");
+
+
+ return buffer.toString() ;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
new file mode 100644
index 000000000..15c0c328c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
@@ -0,0 +1,135 @@
+package at.gv.egovernment.moa.id.config.auth;
+
+import java.util.Hashtable;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * This class contains the parameters for verifying all the infoboxes configured for an
+ * online application.
+ *
+ * @author Harald Bratko
+ */
+public class VerifyInfoboxParameters {
+
+ /**
+ * A map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ */
+ protected Map infoboxParameters_;
+
+ /**
+ * A list of the identifiers of the infoboxes supported by this
+ * VerifyInfoboxParameters;
+ */
+ protected List identifiers_;
+
+ /**
+ * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate
+ * in the context of the actual online application.
+ * The string will be added as value of the <code>PushInfobox</code> parameter in the
+ * HTML form used for reading the infoboxes from the BKU.
+ */
+ protected String pushInfobox_;
+
+ /**
+ * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_}
+ * map.
+ */
+ public VerifyInfoboxParameters() {
+ infoboxParameters_ = new Hashtable();
+ pushInfobox_ = "";
+ }
+
+ /**
+ * Initializes this VerifyInfoboxParameters with the given
+ * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string
+ * from the keys of the given map.
+ */
+ public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) {
+ identifiers_ = identifiers;
+ infoboxParameters_ = infoboxParameters;
+ // build the pushInfobox string
+ if ((identifiers != null) && (!identifiers.isEmpty())) {
+ StringBuffer identifiersSB = new StringBuffer();
+ int identifiersNum = identifiers.size();
+ int i = 1;
+ Iterator it = identifiers.iterator();
+ while (it.hasNext()) {
+ identifiersSB.append((String)it.next());
+ if (i != identifiersNum) {
+ identifiersSB.append(",");
+ }
+ i++;
+ }
+ pushInfobox_ = identifiersSB.toString();
+ } else {
+ pushInfobox_ = "";
+ }
+ }
+
+ /**
+ * Returns the (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ *
+ * @see #pushInfobox_
+ *
+ * @return The (comma separated) identifiers of the infoboxes configured for the actual
+ * online application.
+ */
+ public String getPushInfobox() {
+ return pushInfobox_;
+ }
+
+ /**
+ * Sets the {@link #pushInfobox_} string.
+ *
+ * @param pushInfobox The pushInfobox string to be set.
+ */
+ public void setPushInfobox(String pushInfobox) {
+ pushInfobox_ = pushInfobox;
+ }
+
+ /**
+ * Returns map of {@link VerifyInfoboxParameter} objects.
+ * Each of these objects contains parameters that maybe needed for validating an
+ * infobox.
+ *
+ * @return The map of {@link VerifyInfoboxParameter} objects.
+ */
+ public Map getInfoboxParameters() {
+ return infoboxParameters_;
+ }
+
+ /**
+ * Sets the map of {@link VerifyInfoboxParameter} objects.
+ *
+ * @see #infoboxParameters_
+ *
+ * @param infoboxParameters The infoboxParameters to set.
+ */
+ public void setInfoboxParameters(Map infoboxParameters) {
+ infoboxParameters_ = infoboxParameters;
+ }
+
+ /**
+ * Returns the identifiers of the supported infoboxes.
+ *
+ * @return The identifiers.
+ */
+ public List getIdentifiers() {
+ return identifiers_;
+ }
+
+ /**
+ * Sets the identifiers.
+ *
+ * @param identifiers The identifiers to set.
+ */
+ public void setIdentifiers(List identifiers) {
+ identifiers_ = identifiers;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
new file mode 100644
index 000000000..d25cb3b2b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
@@ -0,0 +1,173 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * Holds configuration data concerning an online application for use by the MOA-ID Proxy component.
+ * These include the login type (stateful or stateless), the HTTP authentication type,
+ * and information needed to add authentication parameters or headers for a URL connection
+ * to the remote online application.
+ * @see <code>MOAIDConfiguration-1.1.xsd</code>, element <code>Configuration</code>
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAConfiguration {
+
+ /** Constant for an login method */
+ public static final String LOGINTYPE_STATEFUL = "stateful";
+ /** Constant for an login method */
+ public static final String LOGINTYPE_STATELESS = "stateless";
+
+ /** Constant for an auth method */
+ public static final String BASIC_AUTH = "basic";
+ /** Constant for an auth method */
+ public static final String HEADER_AUTH = "header";
+ /** Constant for an auth method */
+ public static final String PARAM_AUTH = "param";
+
+
+ /** Constant for binding */
+ public static final String BINDUNG_USERNAME = "userName";
+ /** Constant for binding */
+ public static final String BINDUNG_FULL = "full";
+ /** Constant for binding */
+ public static final String BINDUNG_NONE = "none";
+ /** Constant for binding */
+ public static final String BINDUNG_NOMATCH = "noMatch";
+
+ /** login type: stateful or stateless */
+ String loginType;
+ /** authentication type: basic, header, or param */
+ String authType;
+ /**
+ * mapping of parameter names to AuthenticationData field names
+ * in case of authentication type <code>"header-auth"</code>
+ */
+ Map paramAuthMapping;
+ /**
+ * mapping of parameter names to AuthenticationData field names
+ * in case of authentication type <code>"param-auth"</code>
+ */
+ Map headerAuthMapping;
+ /** mapping for user ID to be used in case of authentication type <code>"basic-auth"</code> */
+ String basicAuthUserIDMapping;
+ /** mapping for password to be used in case of authentication type <code>"basic-auth"</code> */
+ String basicAuthPasswordMapping;
+ /** Binding for basic authentication */
+ String binding;
+
+ /**
+ * Returns the basicAuthPasswordMapping.
+ * @return String
+ */
+ public String getBasicAuthPasswordMapping() {
+ return basicAuthPasswordMapping;
+ }
+
+ /**
+ * Returns the basicAuthUserIDMapping.
+ * @return String
+ */
+ public String getBasicAuthUserIDMapping() {
+ return basicAuthUserIDMapping;
+ }
+
+ /**
+ * Returns the headerAuthMapping.
+ * @return HashMap
+ */
+ public Map getHeaderAuthMapping() {
+ return headerAuthMapping;
+ }
+
+ /**
+ * Returns the loginType.
+ * @return String
+ */
+ public String getLoginType() {
+ return loginType;
+ }
+
+ /**
+ * Returns the paramAuthMapping.
+ * @return HashMap
+ */
+ public Map getParamAuthMapping() {
+ return paramAuthMapping;
+ }
+
+ /**
+ * Returns the binding.
+ * @return String
+ */
+ public String getBinding() {
+ return binding;
+ }
+
+ /**
+ * Sets the basicAuthPasswordMapping.
+ * @param basicAuthPassword The basicAuthPasswordMapping to set
+ */
+ public void setBasicAuthPasswordMapping(String basicAuthPassword) {
+ this.basicAuthPasswordMapping = basicAuthPassword;
+ }
+
+ /**
+ * Sets the basicAuthUserIDMapping.
+ * @param basicAuthUserID The basicAuthUserIDMapping to set
+ */
+ public void setBasicAuthUserIDMapping(String basicAuthUserID) {
+ this.basicAuthUserIDMapping = basicAuthUserID;
+ }
+
+ /**
+ * Sets the headerAuthMapping.
+ * @param headerAuth The headerAuthMapping to set
+ */
+ public void setHeaderAuthMapping(HashMap headerAuth) {
+ this.headerAuthMapping = headerAuth;
+ }
+
+ /**
+ * Sets the loginType.
+ * @param loginType The loginType to set
+ */
+ public void setLoginType(String loginType) {
+ this.loginType = loginType;
+ }
+
+ /**
+ * Sets the paramAuthMapping.
+ * @param paramAuth The paramAuthMapping to set
+ */
+ public void setParamAuthMapping(HashMap paramAuth) {
+ this.paramAuthMapping = paramAuth;
+ }
+
+ /**
+ * Returns the authType.
+ * @return String
+ */
+ public String getAuthType() {
+ return authType;
+ }
+
+ /**
+ * Sets the authType.
+ * @param authLoginType The authType to set
+ */
+ public void setAuthType(String authLoginType) {
+ this.authType = authLoginType;
+ }
+
+ /**
+ * Sets the binding.
+ * @param binding The binding to be set.
+ */
+ public void setBinding (String binding) {
+ this.binding = binding;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
new file mode 100644
index 000000000..83ab73dcd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -0,0 +1,184 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.OAParameter;
+
+/**
+ * Configuration parameters belonging to an online application,
+ * to use with the MOA ID Proxy component.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class OAProxyParameter extends OAParameter {
+
+// /**
+// * public URL prefix of the online application
+// */
+// private String publicURLPrefix;
+ /**
+ * URL of online application configuration file;
+ * defaults to relative URL <code>/moaconfig.xml</code>
+ */
+ private String configFileURL;
+ /**
+ * implementation of {@link at.gv.egovernment.moa.id.proxy.LoginParameterResolver} interface
+ * to be used for authenticating the online application;
+ * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver}
+ */
+ private String loginParameterResolverImpl;
+
+ /**
+ * Configuration Parameter of LoginParameterResolver
+ */
+ private String loginParameterResolverConfiguration;
+
+ /**
+ * implementation of {@link at.gv.egovernment.moa.id.proxy.ConnectionBuilder} interface
+ * to be used for connecting to the online application;
+ * defaults to {@link at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder}
+ */
+ private String connectionBuilderImpl;
+ /**
+ * session time out to be used in case of a stateless online application
+ */
+ private int sessionTimeOut;
+ /**
+ * parameters regarding the connection from the proxy to the online application
+ */
+ private ConnectionParameter connectionParameter;
+ /**
+ * parameters for logging into the online application
+ */
+ private OAConfiguration oaConfiguration;
+
+
+ /**
+ * Returns the configFileURL.
+ * @return String
+ */
+ public String getConfigFileURL() {
+ return configFileURL;
+ }
+
+ /**
+ * Returns the sessionTimeOut.
+ * @return int
+ */
+ public int getSessionTimeOut() {
+ return sessionTimeOut;
+ }
+
+ /**
+ * Returns the connectionParameter.
+ * @return ConnectionParameter
+ */
+ public ConnectionParameter getConnectionParameter() {
+ return connectionParameter;
+ }
+
+ /**
+ * Sets the configFileURL for the proxy.
+ * @param oaProxyConfigFileURL The configFileURL to set
+ */
+ public void setConfigFileURL(String oaProxyConfigFileURL) {
+ this.configFileURL = oaProxyConfigFileURL;
+ }
+
+ /**
+ * Sets the sessionTimeOut for the proxy.
+ * @param oaProxySessionTimeOut The sessionTimeOut to set
+ */
+ public void setSessionTimeOut(int oaProxySessionTimeOut) {
+ this.sessionTimeOut = oaProxySessionTimeOut;
+ }
+
+ /**
+ * Sets the connectionParameter for the proxy.
+ * @param proxyConnectionParameter The connectionParameter to set
+ */
+ public void setConnectionParameter(ConnectionParameter proxyConnectionParameter) {
+ this.connectionParameter = proxyConnectionParameter;
+ }
+
+// /**
+// * Returns the publicURLPrefix.
+// * @return String
+// */
+// public String getPublicURLPrefix() {
+// return publicURLPrefix;
+// }
+//
+// /**
+// * Sets the publicURLPrefix.
+// * @param publicURLPrefix The publicURLPrefix to set
+// */
+// public void setPublicURLPrefix(String url) {
+// this.publicURLPrefix = url;
+// }
+
+ /**
+ * Returns the connectionBuilderImpl.
+ * @return String
+ */
+ public String getConnectionBuilderImpl() {
+ return connectionBuilderImpl;
+ }
+
+ /**
+ * Returns the loginParameterResolverImpl.
+ * @return String
+ */
+ public String getLoginParameterResolverImpl() {
+ return loginParameterResolverImpl;
+ }
+
+ /**
+ * Returns the loginParameterResolverConfiguration.
+ * @return String
+ */
+ public String getLoginParameterResolverConfiguration() {
+ return loginParameterResolverConfiguration;
+ }
+
+ /**
+ * Sets the connectionBuilderImpl for the proxy.
+ * @param connectionBuilderImpl The connectionBuilderImpl to set
+ */
+ public void setConnectionBuilderImpl(String connectionBuilderImpl) {
+ this.connectionBuilderImpl = connectionBuilderImpl;
+ }
+
+ /**
+ * Sets the loginParameterResolverImpl for the proxy.
+ * @param loginParameterResolverImpl The loginParameterResolverImpl to set
+ */
+ public void setLoginParameterResolverImpl(String loginParameterResolverImpl) {
+ this.loginParameterResolverImpl = loginParameterResolverImpl;
+ }
+
+ /**
+ * Sets the loginParameterResolverConfiguration for the proxy.
+ * @param loginParameterResolverConfiguration The loginParameterResolverImpl to set
+ */
+ public void setLoginParameterResolverConfiguration(String loginParameterResolverConfiguration) {
+ this.loginParameterResolverConfiguration = loginParameterResolverConfiguration;
+ }
+
+ /**
+ * Returns the oaConfiguration.
+ * @return OAConfiguration
+ */
+ public OAConfiguration getOaConfiguration() {
+ return oaConfiguration;
+ }
+
+ /**
+ * Sets the oaConfiguration.
+ * @param oaConfiguration The oaConfiguration to set
+ */
+ public void setOaConfiguration(OAConfiguration oaConfiguration) {
+ this.oaConfiguration = oaConfiguration;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
new file mode 100644
index 000000000..f578ea634
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
@@ -0,0 +1,268 @@
+// Copyright (C) 2002 IAIK
+// http://jce.iaik.tugraz.at
+//
+// Copyright (C) 2007 Stiftung Secure Information and
+// Communication Technologies SIC
+// http://www.sic.st
+//
+// All rights reserved.
+//
+// This source is provided for inspection purposes and recompilation only,
+// unless specified differently in a contract with IAIK. This source has to
+// be kept in strict confidence and must not be disclosed to any third party
+// under any circumstances. Redistribution in source and binary forms, with
+// or without modification, are <not> permitted in any case!
+//
+// THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+// ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+// ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+// OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+// HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+// LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+// OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+// SUCH DAMAGE.
+
+package at.gv.egovernment.moa.id.config.proxy;
+
+import java.io.ByteArrayInputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.traversal.NodeIterator;
+
+import at.gv.egovernment.moa.id.config.ConfigurationBuilder;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Builds the configuration for MOA-ID Proxy.
+ */
+public class ProxyConfigurationBuilder extends ConfigurationBuilder {
+
+ /**
+ * Default online application configuration file name
+ * (used when <code>/OnlineApplication/ProxyComponent@configFileURL</code> is <code>null</code>).
+ */
+ public static final String DEFAULT_OA_CONFIG_FILENAME = "MOAConfig.xml";
+
+ /** an XPATH-Expression */
+ private static final String PROXY_AUTH_XPATH =
+ ROOT + CONF + "ProxyComponent/" + CONF + "AuthComponent";
+ /** an XPATH-Expression */
+ protected static final String ROOTOA = "/" + CONF + "Configuration/";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_COMPONENT_XPATH = CONF + "ProxyComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_COMPONENT_ABSOLUTE_XPATH = ROOT + CONF + "OnlineApplication/" + CONF + "ProxyComponent";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_URL_XPATH = CONF + "ProxyComponent/@configFileURL";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_SESSION_TIMEOUT_XPATH = CONF + "ProxyComponent/@sessionTimeOut";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
+ /** an XPATH-Expression */
+ protected static final String OACONF_LOGIN_TYPE_XPATH =
+ ROOTOA + CONF + "LoginType";
+ /** an XPATH-Expression */
+ protected static final String OACONF_BINDING_TYPE_XPATH =
+ ROOTOA + CONF + "Binding";
+ /** an XPATH-Expression */
+ protected static final String OACONF_PARAM_AUTH_PARAMETER_XPATH =
+ ROOTOA + CONF + "ParamAuth/" + CONF + "Parameter";
+ /** an XPATH-Expression */
+ protected static final String OACONF_USER_ID_XPATH =
+ ROOTOA + CONF + "BasicAuth/" + CONF + "UserID";
+ /** an XPATH-Expression */
+ protected static final String OACONF_PASSWORD_XPATH =
+ ROOTOA + CONF + "BasicAuth/" + CONF + "Password";
+ /** an XPATH-Expression */
+ protected static final String OACONF_HEADER_AUTH_HEADER_XPATH =
+ ROOTOA + CONF + "HeaderAuth/" + CONF + "Header";
+
+ /**
+ * Creates a new <code>MOAConfigurationProvider</code>.
+ *
+ * @param configElem The root element of the MOA-ID configuration.
+ */
+ public ProxyConfigurationBuilder(Element configElem, String rootConfigDir) {
+ super(configElem, rootConfigDir);
+ }
+
+ /**
+ * Method buildOAConfiguration.
+ *
+ * Build an {@link OAConfiguration} Object from the given configuration DOM element
+ *
+ * @param root
+ * @return OAConfiguration
+ * @throws ConfigurationException
+ */
+ public OAConfiguration buildOAConfiguration(Element root) throws ConfigurationException{
+
+ OAConfiguration oaConfiguration = new OAConfiguration();
+
+ //The LoginType hast to be "stateless" or "stateful" to be valid
+
+ oaConfiguration.setLoginType(
+ XPathUtils.getElementValue(root, OACONF_LOGIN_TYPE_XPATH, null));
+
+ oaConfiguration.setBinding(
+ XPathUtils.getElementValue(root, OACONF_BINDING_TYPE_XPATH, OAConfiguration.BINDUNG_FULL));
+
+ //Try to build the Parameter Auth Parameters
+ NodeIterator paramAuthIter =
+ XPathUtils.selectNodeIterator(
+ root,
+ OACONF_PARAM_AUTH_PARAMETER_XPATH);
+ Element paramAuthElem;
+ HashMap paramAuthMap = new HashMap();
+ while ((paramAuthElem = (Element) paramAuthIter.nextNode()) != null) {
+ String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null);
+ String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null);
+ if (paramAuthMap.containsKey(name))
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ paramAuthMap.put(name, value);
+ }
+ oaConfiguration.setParamAuthMapping(paramAuthMap);
+ // Try to build the BasicAuthParameters
+ oaConfiguration.setBasicAuthUserIDMapping(
+ XPathUtils.getElementValue(root, OACONF_USER_ID_XPATH, null));
+ oaConfiguration.setBasicAuthPasswordMapping(
+ XPathUtils.getElementValue(root, OACONF_PASSWORD_XPATH, null));
+
+ //Try to build the Parameter Auth Parameters
+ NodeIterator headerAuthIter = XPathUtils.selectNodeIterator(root,OACONF_HEADER_AUTH_HEADER_XPATH);
+
+ Element headerAuthElem;
+ HashMap headerAuthMap = new HashMap();
+ while ((headerAuthElem = (Element) headerAuthIter.nextNode()) != null) {
+ String name =
+ XPathUtils.getAttributeValue(headerAuthElem, "@Name", null);
+ String value =
+ XPathUtils.getAttributeValue(headerAuthElem, "@Value", null);
+ // Contains Key (Neue Config-Exception: doppelte werte)
+ if (headerAuthMap.containsKey(name))
+ throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"});
+ headerAuthMap.put(name, value);
+ }
+ oaConfiguration.setHeaderAuthMapping(headerAuthMap);
+
+ if (paramAuthMap.size() == 0) {
+ if (oaConfiguration.getBasicAuthUserIDMapping() == null) {
+ oaConfiguration.setAuthType(OAConfiguration.HEADER_AUTH);
+ }
+ else
+ oaConfiguration.setAuthType(OAConfiguration.BASIC_AUTH);
+ }
+ else
+ oaConfiguration.setAuthType(OAConfiguration.PARAM_AUTH);
+
+ return oaConfiguration;
+ }
+
+
+ /**
+ * Build an array of OnlineApplication Parameter Beans containing information
+ * about the proxy component
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the proxy component of the online
+ * application
+ */
+ public OAProxyParameter[] buildOnlineApplicationProxyParameters() throws ConfigurationException{
+
+ List oA_list = new ArrayList();
+ NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH);
+
+ for (int i = 0; i < OAIter.getLength(); i++) {
+ Element oAElem = (Element) OAIter.item(i);
+
+ Element proxyComponentElem = (Element) XPathUtils.selectSingleNode(oAElem,OA_PROXY_COMPONENT_XPATH);
+ if (proxyComponentElem != null) {
+ OAProxyParameter oap = new OAProxyParameter();
+
+ oap.setPublicURLPrefix(oAElem.getAttribute("publicURLPrefix"));
+ oap.setOaType(oAElem.getAttribute("type"));
+ oap.setConfigFileURL(XPathUtils.getAttributeValue(oAElem, OA_PROXY_URL_XPATH, null));
+ oap.setConfigFileURL(FileUtils.makeAbsoluteURL(oap.getConfigFileURL(), rootConfigFileDir_));
+ // default session time out: 3600 sec = 1 h
+ oap.setSessionTimeOut(new Integer(XPathUtils.getAttributeValue(oAElem,OA_PROXY_SESSION_TIMEOUT_XPATH,"3600")).intValue());
+ oap.setLoginParameterResolverImpl(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_XPATH, null));
+ oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
+ oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_));
+ oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
+
+ ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
+ oap.setConnectionParameter(conPara);
+
+ OAConfiguration oaConf = buildOAConfiguration(getOAConfigElement(oap));
+ oap.setOaConfiguration(oaConf);
+
+ oA_list.add(oap);
+ }
+ }
+ OAProxyParameter[] result =
+ new OAProxyParameter[oA_list.size()];
+ oA_list.toArray(result);
+
+ return result;
+
+ }
+
+ /**
+ * Reads the configuration file of the online application, and creates a DOM tree from it.
+ * If <code>/OnlineApplication/ProxyComponent@configFileURL</code> is not given,
+ * uses default configuration file location.
+ *
+ * @param oap configuration data of online application, meant for use by MOA-ID-PROXY
+ * @return Element DOM tree root element
+ * @throws ConfigurationException on any exception thrown
+ */
+ private Element getOAConfigElement(OAProxyParameter oap) throws ConfigurationException
+ {
+ try {
+ String configFileURL = oap.getConfigFileURL();
+ if (configFileURL == null) {
+ // use default config file URL, when config file URL is not given
+ configFileURL = oap.getConnectionParameter().getUrl();
+ if (configFileURL.charAt(configFileURL.length() - 1) != '/')
+ configFileURL += "/";
+ configFileURL += DEFAULT_OA_CONFIG_FILENAME;
+ }
+ Logger.info("Loading MOA-OA configuration " + configFileURL);
+ Element configElem = DOMUtils.parseXmlValidating(
+ new ByteArrayInputStream(FileUtils.readURL(configFileURL)));
+ return configElem;
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.03", new Object[] {"OAConfiguration"} , t);
+ }
+ }
+
+ /**
+ * Build a bean containing all information about the ProxyComponent
+ * @return The ConnectionParameter for the Proxy Component
+ */
+ public ConnectionParameter buildAuthComponentConnectionParameter()
+ {
+
+ Element connectionParameter = (Element) XPathUtils.selectSingleNode(configElem_, PROXY_AUTH_XPATH);
+ if (connectionParameter==null) return null;
+ return buildConnectionParameter(connectionParameter);
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
new file mode 100644
index 000000000..572ce5708
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -0,0 +1,188 @@
+package at.gv.egovernment.moa.id.config.proxy;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.MalformedURLException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * A class providing access to the Proxy Part of the MOA-ID configuration data.
+ *
+ * <p>Configuration data is read from an XML file, whose location is given by
+ * the <code>moa.id.configuration</code> system property.</p>
+ * <p>This class implements the Singleton pattern. The <code>reload()</code>
+ * method can be used to update the configuration data. Therefore, it is not
+ * guaranteed that consecutive calls to <code>getInstance()</code> will return
+ * the same <code>ProxyConfigurationProvider</code> all the time. During the
+ * processing of a web service request, the current
+ * <code>TransactionContext</code> should be used to obtain the
+ * <code>ProxyConfigurationProvider</code> local to that request.</p>
+ *
+ * @author Stefan Knirsch
+ */
+public class ProxyConfigurationProvider extends ConfigurationProvider {
+
+ /** Singleton instance. <code>null</code>, if none has been created. */
+ private static ProxyConfigurationProvider instance;
+
+
+ //
+ // configuration data
+ //
+ /**
+ * connection parameters for connection to MOA ID Auth component
+ */
+ private ConnectionParameter authComponentConnectionParameter;
+ /**
+ * configuration parameters for online applications
+ */
+ private OAProxyParameter[] onlineApplicationProxyParameter;
+
+ /**
+ * Return the single instance of configuration data.
+ *
+ * @return ProxyConfigurationProvider The current configuration data.
+ * @throws ConfigurationException
+ */
+ public static synchronized ProxyConfigurationProvider getInstance()
+ throws ConfigurationException {
+
+ if (instance == null) {
+ reload();
+ }
+ return instance;
+ }
+
+ /**
+ * Reload the configuration data and set it if successful.
+ *
+ * @return ProxyConfigurationProvider The loaded configuration data.
+ * @throws ConfigurationException Failure to load the configuration data.
+ */
+ public static synchronized ProxyConfigurationProvider reload()
+ throws ConfigurationException {
+ String fileName = System.getProperty(CONFIG_PROPERTY_NAME);
+ if (fileName == null) {
+ throw new ConfigurationException("config.01", null);
+ }
+ Logger.info("Loading MOA-ID-PROXY configuration " + fileName);
+
+ instance = new ProxyConfigurationProvider(fileName);
+ return instance;
+ }
+
+ /**
+ * Constructor for ProxyConfigurationProvider.
+ */
+ public ProxyConfigurationProvider(String fileName)
+ throws ConfigurationException {
+
+ load(fileName);
+ }
+
+ /**
+ * Load the configuration data from XML file with the given name and build
+ * the internal data structures representing the MOA configuration.
+ *
+ * @param fileName The name of the XML file to load.
+ * @throws ConfigurationException The MOA configuration could not be
+ * read/built.
+ */
+ private void load(String fileName) throws ConfigurationException {
+ FileInputStream stream = null;
+ Element configElem;
+ ProxyConfigurationBuilder builder;
+
+ try {
+ // load the main config file
+ stream = new FileInputStream(fileName);
+ configElem = DOMUtils.parseXmlValidating(stream);
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+ finally {
+ try {
+ if (stream != null) {
+ stream.close();
+ }
+ }
+ catch (IOException e) {
+ }
+ }
+ try {
+ // determine the directory of the root config file
+ rootConfigFileDir = new File(fileName).getParent();
+ try {
+ rootConfigFileDir = new File(rootConfigFileDir).toURL().toString();
+ } catch (MalformedURLException t) {
+ throw new ConfigurationException("config.03", null, t);
+ }
+
+ // build the internal datastructures
+ builder = new ProxyConfigurationBuilder(configElem, rootConfigFileDir);
+ authComponentConnectionParameter = builder.buildAuthComponentConnectionParameter();
+
+ onlineApplicationProxyParameter = builder.buildOnlineApplicationProxyParameters();
+ for(int i = 0; i < onlineApplicationProxyParameter.length; i++) {
+ onlineApplicationProxyParameter[i].setConfigFileURL(FileUtils.makeAbsoluteURL(onlineApplicationProxyParameter[i].getConfigFileURL(), rootConfigFileDir));
+ }
+
+ genericConfiguration = builder.buildGenericConfiguration();
+ defaultChainingMode = builder.getDefaultChainingMode();
+ chainingModes = builder.buildChainingModes();
+ trustedCACertificates = builder.getTrustedCACertificates();
+ trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
+
+ }
+ catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+
+ /**
+ * Return a bean containing all information about the ProxyComponent
+ * @return The ConnectionParameter for the Proxy Component
+ */
+ public ConnectionParameter getAuthComponentConnectionParameter() {
+ return authComponentConnectionParameter;
+ }
+
+ /**
+ * Build an array of OnlineApplication Parameter Beans containing all
+ * information about the proxy component of the online application
+ * @return An OAProxyParameter array containing beans
+ * with all relevant information for the proxy component of the online
+ * application
+ */
+ public OAProxyParameter[] getOnlineApplicationParameters() {
+ return onlineApplicationProxyParameter;
+ }
+ /**
+ * Provides configuration information regarding the online application behind
+ * the given URL, relevant to the MOA-ID Proxy component.
+ *
+ * @param oaURL URL requested for an online application
+ * @return an <code>OAProxyParameter</code>, or <code>null</code>
+ * if none is applicable
+ */
+ public OAProxyParameter getOnlineApplicationParameter(String oaURL) {
+ OAProxyParameter[] oaParams = getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAProxyParameter oaParam = oaParams[i];
+ if (oaURL.startsWith(oaParam.getPublicURLPrefix()))
+ return oaParam;
+ }
+ return null;
+ }
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
new file mode 100644
index 000000000..4fc35c1e6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -0,0 +1,394 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.util.Date;
+
+/**
+ * Encapsulates authentication data contained in a <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+
+public class AuthenticationData {
+ /**
+ * major version number of the SAML assertion
+ */
+ private int majorVersion;
+ /**
+ * minor version number of the SAML assertion
+ */
+ private int minorVersion;
+ /**
+ * identifier for this assertion
+ */
+ private String assertionID;
+ /**
+ * URL of the MOA-ID Auth component issueing this assertion
+ */
+ private String issuer;
+ /**
+ * time instant of issue of this assertion
+ */
+ private String issueInstant;
+ /**
+ * user identification value (Stammzahl); <code>null</code>,
+ * if the authentication module is configured not to return this data
+ */
+ private String identificationValue;
+ /**
+ * user identification type
+ */
+ private String identificationType;
+ /**
+ * application specific user identifier (bPK)
+ */
+ private String bPK;
+ /**
+ * private sector-specific personal identifier (wbPK)
+ */
+ private String wbPK;
+ /**
+ * given name of the user
+ */
+ private String givenName;
+ /**
+ * family name of the user
+ */
+ private String familyName;
+ /**
+ * date of birth of the user
+ */
+ private String dateOfBirth;
+ /**
+ * says whether the certificate is a qualified certificate or not
+ */
+ private boolean qualifiedCertificate;
+ /**
+ * says whether the certificate is a public authority or not
+ */
+ private boolean publicAuthority;
+ /**
+ * public authority code (Beh&ouml;rdenkennzeichen - BKZ)
+ */
+ private String publicAuthorityCode;
+ /**
+ * The base64 encoded signer certificate.
+ */
+ private String signerCertificate;
+ /**
+ * URL of the BKU
+ */
+ private String bkuURL;
+ /**
+ * the corresponding <code>lt;saml:Assertion&gt;</code>
+ */
+ private String samlAssertion;
+ /**
+ * creation timestamp
+ */
+ Date timestamp;
+
+ /**
+ * Constructor for AuthenticationData.
+ */
+ public AuthenticationData() {
+ timestamp = new Date();
+ }
+
+ /**
+ * Returns the minorVersion.
+ * @return int
+ */
+ public int getMinorVersion() {
+ return minorVersion;
+ }
+
+ /**
+ * Returns the publicAuthority.
+ * @return boolean
+ */
+ public boolean isPublicAuthority() {
+ return publicAuthority;
+ }
+
+ /**
+ * Returns the publicAuthorityCode.
+ * @return String
+ */
+ public String getPublicAuthorityCode() {
+ return publicAuthorityCode;
+ }
+
+ /**
+ * Returns the qualifiedCertificate.
+ * @return boolean
+ */
+ public boolean isQualifiedCertificate() {
+ return qualifiedCertificate;
+ }
+
+ /**
+ * Returns the bPK.
+ * @return String
+ */
+ public String getBPK() {
+ return bPK;
+ }
+
+ /**
+ * Returns the wbPK.
+ * @return String the wbPK.
+ */
+ public String getWBPK() {
+ return wbPK;
+ }
+
+ /**
+ * Sets the minorVersion.
+ * @param minorVersion The minorVersion to set
+ */
+ public void setMinorVersion(int minorVersion) {
+ this.minorVersion = minorVersion;
+ }
+
+ /**
+ * Sets the publicAuthority.
+ * @param publicAuthority The publicAuthority to set
+ */
+ public void setPublicAuthority(boolean publicAuthority) {
+ this.publicAuthority = publicAuthority;
+ }
+
+ /**
+ * Sets the publicAuthorityCode.
+ * @param publicAuthorityIdentification The publicAuthorityCode to set
+ */
+ public void setPublicAuthorityCode(String publicAuthorityIdentification) {
+ this.publicAuthorityCode = publicAuthorityIdentification;
+ }
+
+ /**
+ * Sets the qualifiedCertificate.
+ * @param qualifiedCertificate The qualifiedCertificate to set
+ */
+ public void setQualifiedCertificate(boolean qualifiedCertificate) {
+ this.qualifiedCertificate = qualifiedCertificate;
+ }
+
+ /**
+ * Sets the bPK.
+ * @param bPK The bPK to set
+ */
+ public void setBPK(String bPK) {
+ this.bPK = bPK;
+ }
+
+ /**
+ * Sets the wbPK.
+ * @param wbPK The wbPK to set
+ */
+ public void setWBPK(String wbPK) {
+ this.wbPK = wbPK;
+ }
+
+ /**
+ * Returns the assertionID.
+ * @return String
+ */
+ public String getAssertionID() {
+ return assertionID;
+ }
+
+ /**
+ * Returns the dateOfBirth.
+ * @return String
+ */
+ public String getDateOfBirth() {
+ return dateOfBirth;
+ }
+
+ /**
+ * Returns the familyName.
+ * @return String
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * Returns the givenName.
+ * @return String
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * Returns the identificationValue.
+ * @return String
+ */
+ public String getIdentificationValue() {
+ return identificationValue;
+ }
+
+ /**
+ * Returns the identificationType
+ * @return String
+ */
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ /**
+ * Returns the issueInstant.
+ * @return String
+ */
+ public String getIssueInstant() {
+ return issueInstant;
+ }
+
+ /**
+ * Returns the issuer.
+ * @return String
+ */
+ public String getIssuer() {
+ return issuer;
+ }
+
+ /**
+ * Returns the majorVersion.
+ * @return int
+ */
+ public int getMajorVersion() {
+ return majorVersion;
+ }
+
+ /**
+ * Returns the BKU URL.
+ * @return String
+ */
+ public String getBkuURL() {
+ return bkuURL;
+ }
+
+ /**
+ * Returns the signer certificate.
+ * @return String
+ */
+ public String getSignerCertificate() {
+ return signerCertificate;
+ }
+
+ /**
+ * Sets the assertionID.
+ * @param assertionID The assertionID to set
+ */
+ public void setAssertionID(String assertionID) {
+ this.assertionID = assertionID;
+ }
+
+ /**
+ * Sets the dateOfBirth.
+ * @param dateOfBirth The dateOfBirth to set
+ */
+ public void setDateOfBirth(String dateOfBirth) {
+ this.dateOfBirth = dateOfBirth;
+ }
+
+ /**
+ * Sets the familyName.
+ * @param familyName The familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * Sets the givenName.
+ * @param givenName The givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * Sets the identificationValue.
+ * @param identificationValue The identificationValue to set
+ */
+ public void setIdentificationValue(String identificationValue) {
+ this.identificationValue = identificationValue;
+ }
+
+ /**
+ * Sets the identificationType.
+ * @param identificationType The identificationType to set
+ */
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * Sets the issueInstant.
+ * @param issueInstant The issueInstant to set
+ */
+ public void setIssueInstant(String issueInstant) {
+ this.issueInstant = issueInstant;
+ }
+
+ /**
+ * Sets the issuer.
+ * @param issuer The issuer to set
+ */
+ public void setIssuer(String issuer) {
+ this.issuer = issuer;
+ }
+
+ /**
+ * Sets the majorVersion.
+ * @param majorVersion The majorVersion to set
+ */
+ public void setMajorVersion(int majorVersion) {
+ this.majorVersion = majorVersion;
+ }
+
+ /**
+ * Sets the bkuURL
+ * @param url The BKU URL to set
+ */
+ public void setBkuURL(String url) {
+ this.bkuURL = url;
+ }
+
+ /**
+ * Sets the signer certificate
+ * @param signerCertificate The signer certificate
+ */
+ public void setSignerCertificate(String signerCertificate) {
+ this.signerCertificate = signerCertificate;
+ }
+
+ /**
+ * Returns the samlAssertion.
+ * @return String
+ */
+ public String getSamlAssertion() {
+ return samlAssertion;
+ }
+
+ /**
+ * Sets the samlAssertion.
+ * @param samlAssertion The samlAssertion to set
+ */
+ public void setSamlAssertion(String samlAssertion) {
+ this.samlAssertion = samlAssertion;
+ }
+
+ /**
+ * Returns the timestamp.
+ * @return Date
+ */
+ public Date getTimestamp() {
+ return timestamp;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java
new file mode 100644
index 000000000..6ed133c5a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.data;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.StringTokenizer;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * The Cookie-class provides methods to save and return cookies for
+ * each single session
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Cookie {
+ /** A HahsMap containing all our cookies */
+ HashMap cookies = new HashMap();
+ /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication
+ * to send them back to the client/browser as soon as possible */
+ HashMap cookies401 = new HashMap();
+
+ /**
+ * Adds a Cookie from a response with response-code 401 to the cookie-pool
+ * for sending it back to the browser / client
+ * @param cookieString The complete 'Set-Cookie' - String
+ */
+ public void add401(String cookieString)
+ {
+ cookies401.put(getKey(cookieString),cookieString);
+ }
+
+ /**
+ * Get the HashMap containing all cookies to be sent to the browser / client
+ * @return HashMap with all cookies
+ */
+ public HashMap get401()
+ {
+ return cookies401;
+ }
+
+ /**
+ * Clear the 401 cookie-pool
+ */
+ public void clear401()
+ {
+ cookies401.clear();
+ }
+
+ /**
+ * Set a cookie that comes from the Online-Application
+ * and save it in our "normal" cookie-pool
+ * @param value The complete "Set-Cookie" - String from the Online-Application
+ */
+ public void setCookie(String value) {
+ cookies.put(getKey(value), getValue(value));
+ }
+
+ /**
+ * Method saveOldCookies.
+ * @param value The complete "Set-Cookie" - String from the Online-Application
+ */
+ public void saveOldCookies(String value) {
+ StringTokenizer st = new StringTokenizer(value,";");
+ while (st.hasMoreTokens())
+ {
+ // We have to trim because the Tokenizer returns cookies including spaces at the beginning
+ StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"=");
+ String cookieKey = st2.nextToken().trim();
+ if (st2.hasMoreTokens())
+ {
+ String cookieValue = st2.nextToken().trim();
+ if (!cookies.containsKey(cookieKey))
+ cookies.put(cookieKey , cookieValue);
+ }
+ }
+ Logger.debug("Found these cookies: " + getCookies());
+ }
+
+ /**
+ * Get a String containing all cookies saved in that session seperated by '; '
+ * to be sent back to the Online-Application
+ * @return String containing all cookies saved in that session seperated by '; '
+ */
+ public String getCookies() {
+ String result = "";
+ if (cookies.size()==0)
+ return null;
+ Iterator i = cookies.keySet().iterator();
+ while (i.hasNext()) {
+ String key = (String) i.next();
+ result += key + "=" + (String)cookies.get(key) + "; ";
+ }
+ return result.substring(0, result.length() - 2);
+ }
+
+ /**
+ * Returns the key of a key-value-pair of a cookie
+ * getKey("CookieA=1234") returns CookieA
+ * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
+ * @return String the key of a key-value-pair of a cookie
+ */
+ private String getKey(String input) {
+ return input.substring(0, input.indexOf("="));
+ }
+
+ /**
+ * Returns the value of a key-value-pair of a cookie
+ * getKey("CookieA=1234") returns 1234
+ * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
+ * @return String the value of a key-value-pair of a cookie
+ */
+ private String getValue(String input) {
+ if (input.indexOf(";") == -1)
+ return input.substring(input.indexOf("=") + 1, input.getBytes().length);
+ return input.substring(input.indexOf("=") + 1, input.indexOf(";"));
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java
new file mode 100644
index 000000000..1762a52b7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java
@@ -0,0 +1,114 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.util.HashMap;
+
+/**
+ * The CookieManager is a singleton to manage a Cookie-Object for
+ * each session
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class CookieManager {
+ /** the singleton instance of the CookieManager */
+ private static CookieManager instance;
+ /** a HashMap to bind a Cookie-object to every single session*/
+ private static HashMap cookies = new HashMap();
+
+ /**
+ * Create a singleton of the CookieManager
+ * @return CookieManager
+ */
+ public static CookieManager getInstance()
+ {
+ if(instance==null) instance=new CookieManager();
+ return instance;
+ }
+
+ /**
+ * Save a cookie to a specified session-id
+ * @param id The session id
+ * @param cookie_string The complete 'Set-Cookie' String from the OnlineApplication
+ */
+ public void saveCookie(String id, String cookie_string)
+ {
+ getCookieWithID(id).setCookie(cookie_string);
+ }
+
+ /**
+ * Method saveOldCookies.
+ * @param id
+ * @param cookie_string
+ */
+ public void saveOldCookies(String id,String cookie_string)
+ {
+ getCookieWithID(id).saveOldCookies(cookie_string);
+ }
+
+ /**
+ * Get a Cookie-Object for a specified session-id
+ * @param id The session id
+ * @return Cookie object containing all saved cookies for this session
+ */
+ public Cookie getCookieWithID(String id)
+ {
+ Cookie c = null;
+ if(cookies.containsKey(id))
+ c = (Cookie)cookies.get(id);
+ else
+ {
+ c = new Cookie();
+ cookies.put(id,c);
+ }
+ return c;
+ }
+
+
+ /**
+ * Get a String containing all cookies of a specified session-id
+ * saved in that session seperated by '; ' to be sent back to
+ * the Online-Application
+ * @param id the session-id
+ * @return String containing all cookies saved in that session seperated by '; '
+ */
+ public String getCookie(String id)
+ {
+ Cookie result = (Cookie)cookies.get((String)id);
+ if (result==null)
+ return null;
+ return result.getCookies();
+
+ }
+
+ /**
+ * Adds a Cookie for a special session from a response with
+ * response-code 401 to the cookie-pool for sending it back
+ * to the browser / client
+ * @param id The session-id
+ * @param value The complete 'Set-Cookie' - String
+ */
+ public void add401(String id,String value)
+ {
+ getCookieWithID(id).add401(value);
+ }
+
+ /**
+ * Clear the 401 cookie-pool of a session
+ * @param id the session-id
+ */
+ public void clear401(String id)
+ {
+ getCookieWithID(id).clear401();
+ }
+
+ /**
+ * Get the HashMap containing all cookies of a session to be sent to the browser / client
+ * @param id the session-id
+ * @return HashMap with all cookies
+ */
+ public HashMap get401(String id)
+ {
+ return getCookieWithID(id).get401();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
new file mode 100644
index 000000000..a47dd8b29
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
@@ -0,0 +1,111 @@
+package at.gv.egovernment.moa.id.data;
+
+import java.math.BigInteger;
+import java.security.Principal;
+
+import iaik.asn1.structures.Name;
+import iaik.utils.RFC2253NameParser;
+import iaik.utils.RFC2253NameParserException;
+
+/**
+ * A class containing the issuer and serial number of a certificate, which can
+ * be used to uniquely identify the certificate.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class IssuerAndSerial {
+ /** store the issuer as String*/
+ private String issuerDN;
+ /** store the serial as BigInteger*/
+ private BigInteger serial;
+
+ /**
+ * Create an <code>IssuerAndSerial</code> object.
+ *
+ * The name of the issuer is converted to RFC2253. If it cannot be parsed, the
+ * DN contained in the <code>issuer</code> is set.
+ *
+ * @param issuer The isser of a certificate.
+ * @param serial The serial number of the certificate.
+ */
+ public IssuerAndSerial(Principal issuer, BigInteger serial) {
+ RFC2253NameParser parser = new RFC2253NameParser(issuer.getName());
+
+ try {
+ this.issuerDN = ((Name) parser.parse()).getRFC2253String();
+ } catch (RFC2253NameParserException e) {
+ this.issuerDN = issuer.getName();
+ }
+ this.serial = serial;
+ }
+
+ /**
+ * Create an <code>IssuerAndSerial</code> object.
+ *
+ * @param issuerDN The issuer distinguished name. Should be an RFC2253 name.
+ * @param serial The serial number of the certificate.
+ */
+ public IssuerAndSerial(String issuerDN, BigInteger serial) {
+ this.issuerDN = issuerDN;
+ this.serial = serial;
+ }
+
+ /**
+ * Return the issuer DN in RFC2253 format.
+ *
+ * @return The issuer part of this object.
+ */
+ public String getIssuerDN() {
+ return issuerDN;
+ }
+
+ /**
+ * Return the serial number.
+ *
+ * @return The serial number of this object.
+ */
+ public BigInteger getSerial() {
+ return serial;
+ }
+
+ /**
+ * Compare this <code>IssuerAndSerial</code> to another object.
+ *
+ * @return <code>true</code>, if <code>other</code> is an
+ * <code>IssuerAndSerial</code> object and the <code>issuer</code> and
+ * <code>serial</code> fields are both equal. <code>false</code> otherwise.
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object other) {
+ if (other instanceof IssuerAndSerial) {
+ IssuerAndSerial ias = (IssuerAndSerial) other;
+ return getIssuerDN().equals(ias.getIssuerDN())
+ && getSerial().equals(ias.getSerial());
+ }
+ return false;
+ }
+
+ /**
+ * Return the hash code of this <code>IssuerAndSerial</code>.
+ *
+ * @return The hash code of this <code>IssuerAndSerial</code>.
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ return issuerDN.hashCode() ^ serial.hashCode();
+ }
+
+ /**
+ * Return a <code>String</code> representation of this
+ * <code>IssuerAndSerial</code> object.
+ *
+ * @return The <code>String</code> representation.
+ * @see java.lang.Object#toString()
+ */
+ public String toString() {
+ return ("(IssuerAndSerial - Issuer<" + getIssuerDN())
+ + ("> Serial<" + serial.toString() + ">)");
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java
new file mode 100644
index 000000000..ed61827b6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java
@@ -0,0 +1,59 @@
+package at.gv.egovernment.moa.id.data;
+
+/**
+ * Data contained in a <code>&lt;samlp:Status&gt;</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLStatus {
+
+ /** main status code */
+ private String statusCode;
+ /** sub status code */
+ private String subStatusCode;
+ /** status message */
+ private String statusMessage;
+
+ /**
+ * @return status code
+ */
+ public String getStatusCode() {
+ return statusCode;
+ }
+
+ /**
+ * @return status message
+ */
+ public String getStatusMessage() {
+ return statusMessage;
+ }
+
+ /**
+ * @return enclosed sub-status code
+ */
+ public String getSubStatusCode() {
+ return subStatusCode;
+ }
+
+ /**
+ * @param string the status code
+ */
+ public void setStatusCode(String string) {
+ statusCode = string;
+ }
+
+ /**
+ * @param string the status message
+ */
+ public void setStatusMessage(String string) {
+ statusMessage = string;
+ }
+
+ /**
+ * @param string the enclosed sub-status code
+ */
+ public void setSubStatusCode(String string) {
+ subStatusCode = string;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
new file mode 100644
index 000000000..c338e96fc
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -0,0 +1,96 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import java.io.File;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
+import at.gv.egovernment.moa.util.FileUtils;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.certstore.CertStoreParameters;
+import iaik.pki.store.certstore.CertStoreTypes;
+import iaik.pki.store.certstore.directory.DirectoryCertStoreParameters;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CertStoreConfigurationImpl extends ObservableImpl
+ implements CertStoreConfiguration, DirectoryCertStoreParameters {
+ /** identifies the rootDirectory */
+ private String rootDirectory;
+ /** ConfigurationProvider */
+ private ConfigurationProvider conf;
+ /** Array for storing all CertStoreParameters */
+ private CertStoreParameters[] parameters;
+
+ /**
+ * Create a new <code>CertStoreConfigurationImpl</code>.
+ *
+ * @param conf The MOA configuration from which the configuration data is
+ * @throws ConfigurationException an any config-error
+ * being read.
+ */
+ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+ this.conf=conf;
+ String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY;
+ String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName);
+ if (certStoreRootDirParam == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {paramName});
+
+ rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir());
+ if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6);
+ File f = new File(rootDirectory);
+ if (!f.isDirectory())
+ throw new ConfigurationException(
+ "config.05", new Object[] {paramName});
+
+ parameters = new CertStoreParameters[] { this };
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreConfiguration#getParameters()
+ */
+ public CertStoreParameters[] getParameters() {
+ return parameters;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#getRootDirectory()
+ */
+ public String getRootDirectory() {
+ return rootDirectory;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.directory.DirectoryCertStoreParameters#createNew()
+ */
+ public boolean createNew() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#getId()
+ */
+ public String getId() {
+ return "MOA ID Directory CertStore";
+ }
+
+ /**
+ * @see iaik.pki.store.certstore.CertStoreParameters#isReadOnly()
+ */
+ public boolean isReadOnly() {
+ return false;
+ }
+
+ /**
+ * @return <code>CertStoreTypes.DIRECTORY</code>
+ * @see iaik.pki.store.certstore.CertStoreParameters#getType()
+ */
+ public String getType() {
+ return CertStoreTypes.DIRECTORY;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
new file mode 100644
index 000000000..3cd02a2b5
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import iaik.logging.LogConfigurationException;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.util.Properties;
+
+/**
+ * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class LoggerConfigImpl implements iaik.logging.LoggerConfig {
+
+ /** logging properties **/
+ private Properties loggingProperties;
+
+ /**
+ * Constructor
+ */
+ public LoggerConfigImpl(String propertyFileURL) throws IOException {
+ InputStream in = new URL(propertyFileURL).openStream();
+ loggingProperties = new Properties();
+ loggingProperties.load(in);
+ in.close();
+ }
+
+ /**
+ * @see iaik.logging.LoggerConfig#getFactory()
+ */
+ public String getFactory() {
+ return "iaik.logging.impl.Log4jFactory";
+ }
+
+ /**
+ * @see iaik.logging.LoggerConfig#getProperties()
+ */
+ public Properties getProperties() throws LogConfigurationException {
+ return loggingProperties;
+ }
+
+ /**
+ * @see iaik.logging.LoggerConfig#getNodeId()
+ */
+ public String getNodeId() {
+ return "iaik";
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
new file mode 100644
index 000000000..b41de3c44
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
@@ -0,0 +1,66 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import iaik.pki.PKIConfiguration;
+import iaik.pki.pathvalidation.ValidationConfiguration;
+import iaik.pki.revocation.RevocationConfiguration;
+import iaik.pki.store.certstore.CertStoreConfiguration;
+import iaik.pki.store.revocation.archive.ArchiveConfiguration;
+
+/**
+ * Implementation of interface <code>PKIConfiguration</code> needed to
+ * initialize an IAIK JSSE <code>TrustManager</code>
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIConfigurationImpl implements PKIConfiguration {
+ /** The configuration for the CertStore */
+ private CertStoreConfiguration certStoreConfiguration;
+ /** The configuration for the RevocationChecks */
+ private RevocationConfiguration revocationConfiguration;
+ /** The configuration for the Validation */
+ private ValidationConfiguration validationConfiguration;
+
+ /**
+ * Constructor
+ * @param conf the Configuration for the PKIConfig
+ * @throws ConfigurationException for any config error
+ */
+ public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException {
+
+ certStoreConfiguration = new CertStoreConfigurationImpl(conf);
+ revocationConfiguration = new RevocationConfigurationImpl();
+ validationConfiguration = new ValidationConfigurationImpl(conf);
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getCertStoreConfiguration()
+ */
+ public CertStoreConfiguration getCertStoreConfiguration() {
+ return certStoreConfiguration;
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getRevocationConfiguration()
+ */
+ public RevocationConfiguration getRevocationConfiguration() {
+ return revocationConfiguration;
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getArchiveConfiguration()
+ */
+ public ArchiveConfiguration getArchiveConfiguration() {
+ return null;
+ }
+
+ /**
+ * @see iaik.pki.PKIConfiguration#getValidationConfiguration()
+ */
+ public ValidationConfiguration getValidationConfiguration() {
+ return validationConfiguration;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
new file mode 100644
index 000000000..fff75775d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
@@ -0,0 +1,36 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import iaik.pki.revocation.RevocationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Date;
+import java.util.Set;
+
+import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class RevocationConfigurationImpl extends ObservableImpl implements RevocationConfiguration {
+
+ /**
+ * @see iaik.pki.revocation.RevocationConfiguration#getAlternativeDistributionPoints(java.security.cert.X509Certificate, java.security.cert.X509Certificate, java.util.Date)
+ */
+ public Set getAlternativeDistributionPoints(
+ X509Certificate arg0,
+ X509Certificate arg1,
+ Date arg2) {
+ return Collections.EMPTY_SET;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationConfiguration#archiveRevocationInfo(java.lang.String, java.lang.String)
+ */
+ public boolean archiveRevocationInfo(String arg0, String arg1) {
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
new file mode 100644
index 000000000..c500e2e8e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.iaik.config;
+
+import iaik.pki.pathvalidation.ValidationConfiguration;
+
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
+
+/**
+ * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ValidationConfigurationImpl extends ObservableImpl
+ implements ValidationConfiguration {
+ /** The ConfigurationProvider for the validation*/
+ private ConfigurationProvider conf;
+
+ /**
+ * Constructor
+ * @param conf with the configuration
+ */
+ public ValidationConfigurationImpl(ConfigurationProvider conf) {
+ this.conf = conf;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate)
+ */
+ public String getChainingMode(X509Certificate trustAnchor) {
+ String chainingMode = conf.getChainingMode(trustAnchor);
+ return chainingMode;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsSpec(java.security.cert.X509Certificate)
+ */
+ public AlgorithmParameterSpec getPublicKeyParamsAsSpec(X509Certificate arg0) {
+ return null;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationConfiguration#getPublicKeyParamsAsCert(java.security.cert.X509Certificate)
+ */
+ public X509Certificate getPublicKeyParamsAsCert(X509Certificate arg0) {
+ return null;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
new file mode 100644
index 000000000..3c37706e1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
@@ -0,0 +1,186 @@
+package at.gv.egovernment.moa.id.iaik.pki;
+
+import java.security.cert.X509Certificate;
+import java.util.Collections;
+import java.util.Set;
+
+import iaik.pki.PKIProfile;
+import iaik.pki.pathvalidation.ValidationProfile;
+import iaik.pki.revocation.RevocationProfile;
+import iaik.pki.revocation.RevocationSourceTypes;
+import iaik.pki.store.truststore.TrustStoreProfile;
+import iaik.pki.store.truststore.TrustStoreTypes;
+
+import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl;
+
+/**
+ * Implementation of the <code>PKIProfile</code> interface and subinterfaces
+ * providing information needed for certificate path validation.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PKIProfileImpl extends ObservableImpl
+ implements PKIProfile, RevocationProfile, TrustStoreProfile, ValidationProfile {
+
+ /**
+ * URI to the truststore
+ */
+ private String trustStoreURI;
+
+ /**
+ * revocation checking;
+ */
+ private boolean revocationChecking;
+
+ /**
+ * The trust profile identifier.
+ */
+ private String id;
+
+
+ /**
+ * Create a new <code>PKIProfileImpl</code>.
+ *
+ * @param trustStoreURI trust store URI
+ */
+ public PKIProfileImpl(String trustStoreURI, boolean revocationChecking) {
+ this.trustStoreURI = trustStoreURI;
+ this.revocationChecking = revocationChecking;
+ String id = String.valueOf(System.currentTimeMillis());
+ setId("id-" + id);
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#autoAddCertificates()
+ */
+ public boolean autoAddCertificates() {
+ return true;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getRevocationProfile()
+ */
+ public RevocationProfile getRevocationProfile() {
+ return this;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getTrustStoreProfile()
+ */
+ public TrustStoreProfile getTrustStoreProfile() {
+ return this;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#getValidationProfile()
+ */
+ public ValidationProfile getValidationProfile() {
+ return this;
+ }
+
+ /**
+ * @see iaik.pki.PKIProfile#useAuthorityInfoAccess()
+ */
+ public boolean useAuthorityInfoAccess() {
+ return true;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationProfile#getMaxRevocationAge(java.lang.String)
+ */
+ public long getMaxRevocationAge(String arg0) {
+ return 0;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationProfile#getOCSPRequestHashAlgorithm()
+ */
+ public String getOCSPRequestHashAlgorithm() {
+ return null;
+ }
+
+ /**
+ * @see iaik.pki.revocation.RevocationProfile#getPreferredServiceOrder(java.security.cert.X509Certificate)
+ */
+ public String[] getPreferredServiceOrder(X509Certificate arg0) {
+ return new String[] {RevocationSourceTypes.CRL};
+ }
+
+ /**
+ * @see iaik.pki.store.truststore.TrustStoreProfile#getType()
+ */
+ public String getType() {
+ return TrustStoreTypes.DIRECTORY;
+ }
+
+ /**
+ * @see iaik.pki.store.truststore.TrustStoreProfile#getURI()
+ */
+ public String getURI() {
+ return trustStoreURI;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialAnyPolicyInhibit()
+ */
+ public boolean getInitialAnyPolicyInhibit() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialExplicitPolicy()
+ */
+ public boolean getInitialExplicitPolicy() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicyMappingInhibit()
+ */
+ public boolean getInitialPolicyMappingInhibit() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getInitialPolicySet()
+ */
+ public Set getInitialPolicySet() {
+ return Collections.EMPTY_SET;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getNameConstraintsProcessing()
+ */
+ public boolean getNameConstraintsProcessing() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getPolicyProcessing()
+ */
+ public boolean getPolicyProcessing() {
+ return false;
+ }
+
+ /**
+ * @see iaik.pki.pathvalidation.ValidationProfile#getRevocationChecking()
+ */
+ public boolean getRevocationChecking() {
+ return this.revocationChecking;
+ }
+
+ /**
+ * @see iaik.pki.store.truststore.TrustStoreProfile#getId()
+ */
+ public String getId() {
+ return id;
+ }
+ /**
+ * Sets the trust profile identifier.
+ * @param id The id to set.
+ */
+ public void setId(String id) {
+ this.id = id;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
new file mode 100644
index 000000000..9da006d35
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
@@ -0,0 +1,119 @@
+package at.gv.egovernment.moa.id.iaik.pki.jsse;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.logging.LoggingContext;
+import at.gv.egovernment.moa.logging.LoggingContextManager;
+
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+/**
+ * <code>TrustManager</code> implementation featuring CRL checking (inherited from
+ * <code>IAIKX509TrustManager</code>), plus server-end-SSL-certificate checking.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDTrustManager extends IAIKX509TrustManager {
+
+ /** an x509Certificate array containing all accepted server certificates*/
+ private X509Certificate[] acceptedServerCertificates;
+
+ /**
+ * Constructor
+ * @param acceptedServerCertificateStoreURL the url leading to the acceptedServer cert store
+ * @throws GeneralSecurityException occurs on security errors
+ * @throws IOException occurs on IO errors
+ */
+ public MOAIDTrustManager(String acceptedServerCertificateStoreURL)
+ throws IOException, GeneralSecurityException {
+
+ if (acceptedServerCertificateStoreURL != null)
+ buildAcceptedServerCertificates(acceptedServerCertificateStoreURL);
+ else
+ acceptedServerCertificates = null;
+ }
+
+
+ /**
+ * Initializes the LoggingContextManager logging context.
+ * Fixes a bug occuring in the case MOA-SP is called by API.
+ * In this case, IAIKX509TrustManager uses the LogginConfig of MOA-SP.
+ * This method must be called before a MOAIDTrustManager is constructed,
+ * from every thread.
+ */
+ public static void initializeLoggingContext() {
+ if (LoggingContextManager.getInstance().getLoggingContext() == null)
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext(Thread.currentThread().getName()));
+ }
+
+
+ /**
+ * Builds an Array of accepted server certificates from an URL,
+ * and stores it in <code>acceptedServerCertificates</code>.
+ * @param acceptedServerCertificateStoreURL file URL pointing to the directory
+ * containing accepted server X509 certificates
+ * @throws GeneralSecurityException on security errors
+ * @throws IOException on any IO errors
+ */
+ private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
+ throws IOException, GeneralSecurityException {
+
+ List certList = new ArrayList();
+ URL storeURL = new URL(acceptedServerCertificateStoreURL);
+ File storeDir = new File(storeURL.getFile());
+ // list certificate files in directory
+ File[] certFiles = storeDir.listFiles();
+ for (int i = 0; i < certFiles.length; i++) {
+ // for each: create an X509Certificate and store it in list
+ File certFile = certFiles[i];
+ FileInputStream fis = new FileInputStream(certFile.getPath());
+ CertificateFactory certFact = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate)certFact.generateCertificate(fis);
+ fis.close();
+ certList.add(cert);
+ }
+ // store acceptedServerCertificates
+ acceptedServerCertificates = (X509Certificate[]) certList.toArray(new X509Certificate[0]);
+ }
+
+ /**
+ * Does additional server-end-SSL-certificate checking.
+ * @see com.sun.net.ssl.X509TrustManager#isServerTrusted(java.security.cert.X509Certificate[])
+ */
+ public boolean isServerTrusted(X509Certificate[] certChain) {
+ boolean trusted = super.isServerTrusted(certChain);
+ if (! trusted || acceptedServerCertificates == null)
+ return trusted;
+ else {
+ // check server-end-SSL-certificate with acceptedServerCertificates
+ X509Certificate serverCert = certChain[0];
+ for (int i = 0; i < acceptedServerCertificates.length; i++) {
+ X509Certificate acceptedServerCert = acceptedServerCertificates[i];
+ if (serverCert.equals(acceptedServerCert))
+ return true;
+ }
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null));
+ return false;
+ }
+ }
+ /**
+ * In rare cases, this method is being called although it should not be.
+ * @see com.sun.net.ssl.X509TrustManager#isClientTrusted(X509Certificate[])
+ */
+ public boolean isClientTrusted(java.security.cert.X509Certificate arg0[])
+ {
+ return true;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
new file mode 100644
index 000000000..8f36ac5c0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
@@ -0,0 +1,46 @@
+package at.gv.egovernment.moa.id.iaik.servertools.observer;
+
+import iaik.pki.store.observer.NotificationData;
+import iaik.pki.store.observer.Observable;
+import iaik.pki.store.observer.Observer;
+
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+
+/**
+ * Implementation of interface <needed to initialize an IAIK JSSE <code>TrustManager</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ObservableImpl implements Observable {
+ /** a List for all observers */
+ private List observers = new ArrayList();
+
+ /**
+ * @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
+ */
+ public void addObserver(Observer observer) {
+ observers.add(observer);
+ }
+
+ /**
+ * @see iaik.pki.store.observer.Observable#removeObserver(iaik.pki.store.observer.Observer)
+ */
+ public boolean removeObserver(Observer observer) {
+ return observers.remove(observer);
+ }
+
+ /**
+ * @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
+ */
+ public void notify(NotificationData data) {
+ Iterator iter = observers.iterator();
+ for (iter = observers.iterator(); iter.hasNext();) {
+ Observer observer = (Observer) iter.next();
+ observer.notify(data);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
new file mode 100644
index 000000000..731212ef8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
@@ -0,0 +1,64 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.util.Vector;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * Builder for {@link java.net.URLConnection} objects used to forward requests
+ * to the remote online application.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+
+public interface ConnectionBuilder {
+
+ /**
+ * Builds an HttpURLConnection to a {@link java.net.URL} which is derived
+ * from an {@link HttpServletRequest} URL, by substitution of a
+ * public URL prefix for the real URL prefix.<br>
+ * The HttpURLConnection has been created by {@link java.net.URL#openConnection}, but
+ * it has not yet been connected to by {@link java.net.URLConnection#connect}.<br>
+ * The field settings of the HttpURLConnection are:
+ * <ul>
+ * <li><code>allowUserInteraction = false</code></li>
+ * <li><code>doInput = true</code></li>
+ * <li><code>doOutput = true</code></li>
+ * <li><code>requestMethod = request.getMethod()</code></li>
+ * <li><code>useCaches = false</code></li>
+ * </ul>
+ *
+ * @param request the incoming request which shall be forwarded
+ * @param publicURLPrefix the public URL prefix to be substituted by the real URL prefix
+ * @param realURLPrefix the URL prefix to substitute the public URL prefix
+ * @param sslSocketFactory factory to be used for creating an SSL socket in case
+ * of a URL for scheme <code>"https:"</code>;
+ * <br>if <code>null</code>, the default SSL socket factory would be used
+ * @param parameters parameters to be forwarded
+ * @return a URLConnection created by {@link java.net.URL#openConnection}, connecting to
+ * the requested URL with <code>publicURLPrefix</code> substituted by <code>realURLPrefix</code>
+ * @throws IOException if an I/O exception occurs during opening the connection
+ * @see java.net.URL#openConnection()
+ * @see com.sun.net.ssl.HttpsURLConnection#getDefaultSSLSocketFactory()
+ */
+ public HttpURLConnection buildConnection(
+ HttpServletRequest request,
+ String publicURLPrefix,
+ String realURLPrefix,
+ SSLSocketFactory sslSocketFactory,
+ Vector parameters) throws IOException;
+
+
+ /**
+ * Disconnects the HttpURLConnection if necessary.
+ * The implementation of the Connectionbuilder decides wether
+ * if this should be happen or not.
+ *
+ * @param con the HttpURLConnection which is normaly to be closed
+ */
+ public void disconnect(HttpURLConnection con);
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
new file mode 100644
index 000000000..ff7787839
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
@@ -0,0 +1,68 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+
+/**
+ * Factory delivering a {@link ConnectionBuilder} implementation for
+ * an online application, initialized from configuration data.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConnectionBuilderFactory {
+
+ /** default connection builder to be used for online application
+ * where no special implementation of the <code>ConnectionBuilder</code>
+ * interface is configured
+ */
+ private static ConnectionBuilder defaultConnectionBuilder;
+ /** mapping from online application public URL prefix to an implementation
+ * of the <code>ConnectionBuilder</code> interface to be used;
+ * if no mapping is given for an online application, the
+ * <code>DefaultConnectionBuilder</code> will be used */
+ private static Map connectionBuilderMap;
+
+ /**
+ * Initializes the <code>ConnectionBuilder</code> map from the configuration data.
+ * @throws ConfigurationException when the configuration cannot be read,
+ * or when a class name configured cannot be instantiated
+ */
+ public static void initialize() throws ConfigurationException {
+ defaultConnectionBuilder = new DefaultConnectionBuilder();
+ connectionBuilderMap = new HashMap();
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
+ String publicURLPrefix = oaParam.getPublicURLPrefix();
+ String className = oaParam.getConnectionBuilderImpl();
+ if (className != null) {
+ try {
+ ConnectionBuilder cb = (ConnectionBuilder)Class.forName(className).newInstance();
+ connectionBuilderMap.put(publicURLPrefix, cb);
+ }
+ catch (Throwable ex) {
+ throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
+ }
+ }
+ }
+ }
+
+ /**
+ * Gets the <code>ConnectionBuilder</code> implementation to be used for the given
+ * online application.
+ * @param publicURLPrefix public URL prefix of the online application
+ * @return <code>ConnectionBuilder</code> implementation
+ */
+ public static ConnectionBuilder getConnectionBuilder(String publicURLPrefix) {
+ ConnectionBuilder cb = (ConnectionBuilder) connectionBuilderMap.get(publicURLPrefix);
+ if (cb == null)
+ return defaultConnectionBuilder;
+ else
+ return cb;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
new file mode 100644
index 000000000..151b1cec3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -0,0 +1,149 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder;
+import java.util.Iterator;
+import java.util.Vector;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * Defaultimplementierung von <code>ConnectionBuilder</code>.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class DefaultConnectionBuilder implements ConnectionBuilder {
+
+ /** a boolean to disable the HostnameVerification (default = false)*/
+ private static boolean cbDisableHostnameVerification = false;
+
+ /**
+ * Constructor for DefaultConnectionBuilder.
+ * @throws ConfigurationException on any config error
+ */
+ public DefaultConnectionBuilder() throws ConfigurationException {
+ cbDisableHostnameVerification = BoolUtils.valueOf(
+ ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ "ProxyComponent.DisableHostnameVerification"));
+ //TODO MOA-ID BRZ undocumented feature
+ if (cbDisableHostnameVerification)
+ Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
+ */
+ public HttpURLConnection buildConnection(
+ HttpServletRequest req,
+ String publicURLPrefix,
+ String realURLPrefix,
+ SSLSocketFactory sslSocketFactory,
+ Vector parameters)
+ throws IOException {
+
+ String requestedURL = req.getRequestURL().toString();
+ // check whether requested URL starts with publicURLPrefix
+
+ //Temporary allow http:// urls instead of the https:// in publicURLPrefix
+ //if (req.getSession().getAttribute("authorizationkey")==null) {
+ // if (! requestedURL.startsWith(publicURLPrefix))
+ // throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
+ // "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
+ //}
+
+ // in case of GET request, append query string to requested URL;
+ // otherwise, HttpURLConnection would perform a POST request
+ if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
+ requestedURL = appendQueryString(requestedURL, parameters);
+ }
+ // build real URL in online application
+ String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
+ URL url = new URL(realURLString);
+ Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
+
+ HttpURLConnection conn = (HttpURLConnection)url.openConnection();
+ conn.setRequestMethod(req.getMethod());
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ //conn.setUseCaches(false);
+ //conn.setAllowUserInteraction(true);
+ conn.setInstanceFollowRedirects(false);
+ if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
+ HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
+ httpsConn.setSSLSocketFactory(sslSocketFactory);
+ if (cbDisableHostnameVerification)
+ httpsConn.setHostnameVerifier(new HostnameNonVerifier());
+ }
+ return conn;
+ }
+
+
+ /**
+ * Disconnects the HttpURLConnection if necessary.
+ * The implementation of the Connectionbuilder decides wether
+ * if this should be happen or not.
+ *
+ * @param conn the HttpURLConnection which is normaly to be closed
+ */
+ public void disconnect(HttpURLConnection conn) {
+ conn.disconnect();
+ }
+
+
+ /**
+ * @param requestedURL
+ * @param parameters
+ * @return
+ */
+ private String appendQueryString(String requestedURL, Vector parameters) {
+ String newURL = requestedURL;
+ String parameter[] = new String[2];
+ String paramValue ="";
+ String paramName ="";
+ String paramString ="";
+ for (Iterator iter = parameters.iterator(); iter.hasNext();) {
+ try {
+ parameter = (String[]) iter.next();
+ //next two lines work not with OWA-SSL-Login-form
+ paramName = URLEncoder.encode((String) parameter[0], "UTF-8");
+ paramValue = URLEncoder.encode((String) parameter[1], "UTF-8");
+
+ } catch (UnsupportedEncodingException e) {
+ //UTF-8 should be supported
+ }
+ paramString = "&" + paramName + "=" + paramValue + paramString;
+ }
+ if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1);
+ return newURL;
+ }
+
+ /**
+ * @author Stefan Knirsch
+ * @version $Id$
+ * A private class to change the standard HostName verifier to disable the
+ * Hostname Verification Check
+ */
+ private class HostnameNonVerifier implements HostnameVerifier {
+
+ /**
+ * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
+ */
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
new file mode 100644
index 000000000..3df76656b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -0,0 +1,142 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * Implementation of interface <code>LoginParameterResolver</code>
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class DefaultLoginParameterResolver implements LoginParameterResolver {
+
+ /**
+ * Constructor
+ */
+ public DefaultLoginParameterResolver() {
+ }
+
+ /**
+ * Configuration mehtod (not used)
+ */
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
+ }
+
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String)
+ */
+ public Map getAuthenticationHeaders(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress,
+ boolean businessService,
+ String publicURLPrefix) {
+
+ Map result = new HashMap();
+
+ if (oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH)) {
+ String useridPredicate = oaConf.getBasicAuthUserIDMapping();
+ String userid = resolveValue(useridPredicate, authData, clientIPAddress);
+ String passwordPredicate = oaConf.getBasicAuthPasswordMapping();
+ String password = resolveValue(passwordPredicate, authData, clientIPAddress);
+
+ try {
+ String userIDPassword = userid + ":" + password;
+ String credentials = Base64Utils.encode(userIDPassword.getBytes());
+ result.put("Authorization", "Basic " + credentials);
+ }
+ catch (IOException ignore) {
+ }
+ }
+ else if (oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH)) {
+ for (Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext();) {
+ String key = (String) iter.next();
+ String predicate = (String) oaConf.getHeaderAuthMapping().get(key);
+ String resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ result.put(key, resolvedValue);
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String)
+ */
+ public Map getAuthenticationParameters(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress,
+ boolean businessService,
+ String publicURLPrefix) {
+
+ Map result = new HashMap();
+
+ if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
+ for (Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext();) {
+ String key = (String) iter.next();
+ String predicate = (String) oaConf.getParamAuthMapping().get(key);
+ String resolvedValue;
+ try {
+ resolvedValue =
+ URLEncoder.encode(resolveValue(predicate, authData, clientIPAddress), "ISO-8859-1");
+ } catch (UnsupportedEncodingException e) {
+ //ISO-8859-1 is supported
+ resolvedValue = null;
+ }
+ result.put(key, resolvedValue);
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Resolves a login header or parameter value.
+ * @param predicate header or parameter predicate name from online application configuration
+ * @param authData authentication data for current login
+ * @param clientIPAddress client IP address
+ * @return header or parameter value resolved; <code>null</code> if unknown name is given
+ */
+ private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) {
+ if (predicate.equals(MOAGivenName))
+ return authData.getGivenName();
+ if (predicate.equals(MOAFamilyName))
+ return authData.getFamilyName();
+ if (predicate.equals(MOADateOfBirth))
+ return authData.getDateOfBirth();
+ if (predicate.equals(MOABPK))
+ return authData.getBPK();
+ if (predicate.equals(MOAWBPK))
+ return authData.getWBPK();
+ if (predicate.equals(MOAPublicAuthority))
+ if (authData.isPublicAuthority())
+ return "true";
+ else
+ return "false";
+ if (predicate.equals(MOABKZ))
+ return authData.getPublicAuthorityCode();
+ if (predicate.equals(MOAQualifiedCertificate))
+ if (authData.isQualifiedCertificate())
+ return "true";
+ else
+ return "false";
+ if (predicate.equals(MOAStammzahl))
+ return authData.getIdentificationValue();
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
+ if (predicate.equals(MOAIPAddress))
+ return clientIPAddress;
+ else return null;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
new file mode 100644
index 000000000..909e2d51e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -0,0 +1,249 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.net.HttpURLConnection;
+
+import com.ibm.webdav.HTTPHeaders;
+import com.ibm.webdav.protocol.URLStreamHandlerFactory;
+import com.ibm.webdav.protocol.http.WebDAVURLConnection;
+import java.util.StringTokenizer;
+import java.net.URL;
+import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder;
+import java.net.URLStreamHandler;
+import java.util.Iterator;
+import java.util.Vector;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * Defaultimplementierung von <code>ConnectionBuilder</code>.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ElakConnectionBuilder implements ConnectionBuilder {
+
+ /** a boolean to disable the HostnameVerification (default = false)*/
+ private static boolean cbDisableHostnameVerification = false;
+
+ /** a boolean to indicat if webdav protocol handler was already set */
+ private static boolean webdavPHSet = false;
+
+ /**
+ * The system property name used to register a protocol handler.
+ */
+ public final static String PROTOCOL_HANDLER_PROPERTY_NAME = "java.protocol.handler.pkgs";
+
+ /**
+ * The package providing the ldap protocol handler.
+ */
+ public final static String WEBDAV_PROTOCOL_HANDLER = "com.ibm.webdav.protocol";
+
+ /**
+ * The pipe character used to sepearte different protocol handlers.
+ */
+ public final static char PIPE_CHAR = '|';
+
+
+
+
+
+ /**
+ * Constructor for ElakConnectionBuilder.
+ * @throws ConfigurationException on any config error
+ */
+ public ElakConnectionBuilder() throws ConfigurationException {
+ cbDisableHostnameVerification = BoolUtils.valueOf(
+ ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ "ProxyComponent.DisableHostnameVerification"));
+ //TODO MOA-ID BRZ undocumented feature
+ if (cbDisableHostnameVerification)
+ Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
+ */
+ public HttpURLConnection buildConnection(
+ HttpServletRequest req,
+ String publicURLPrefix,
+ String realURLPrefix,
+ SSLSocketFactory sslSocketFactory,
+ Vector parameters)
+ throws IOException {
+
+ String requestedURL = req.getRequestURL().toString();
+ // check whether requested URL starts with publicURLPrefix
+ if (! requestedURL.startsWith(publicURLPrefix))
+ throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
+ "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
+
+
+
+ // in case of GET request, append query string to requested URL;
+ // otherwise, HttpURLConnection would perform a POST request
+ //FIXME right parameters
+ /*
+ if ("get".equalsIgnoreCase(req.getMethod()) && ! parameters.isEmpty()) {
+ requestedURL = appendQueryString(requestedURL, parameters);
+ }
+ */
+ //TODO RSCH check functionality
+ if (null != req.getQueryString() && 0 != req.getQueryString().length() ) {
+ String query = req.getQueryString();
+ requestedURL = requestedURL + "?" + query;
+
+ String parameter[] = new String[2];
+ for (Iterator iter = parameters.iterator(); iter.hasNext();) {
+ parameter = (String[]) iter.next();
+ if(query.indexOf(parameter[0]) >= 0) iter.remove();
+ }
+ }
+
+ // build real URL in online application
+ String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
+
+
+ Logger.info("Registering WebDAV protocol handler");
+ String protocolHandlers = System.getProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME);
+ if (protocolHandlers == null) {
+ protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER;
+ System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
+ } else {
+ // check, if WEBDAV protocol handler is already configured
+ boolean isConfigured = false;
+ StringTokenizer tokenizer = new StringTokenizer(protocolHandlers, "| ");
+ while (tokenizer.hasMoreTokens()) {
+ String protocolHandler = tokenizer.nextToken();
+ if (protocolHandler.equals(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER)) {
+ isConfigured = true;
+ break;
+ }
+ }
+ // if it has not been configured yet, configure it
+ if (!isConfigured) {
+ protocolHandlers = ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ElakConnectionBuilder.PIPE_CHAR + protocolHandlers;
+ System.setProperty(ElakConnectionBuilder.PROTOCOL_HANDLER_PROPERTY_NAME, protocolHandlers);
+ }
+ }
+ Logger.info("Registered protocol handlers: " + protocolHandlers);
+ Class webdavSH = null;
+ try
+ {
+ webdavSH = Class.forName(ElakConnectionBuilder.WEBDAV_PROTOCOL_HANDLER + ".http.Handler");
+ }
+ catch (ClassNotFoundException e)
+ {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ URLStreamHandler urlStreamHandler = null;
+ try
+ {
+ urlStreamHandler = (URLStreamHandler) webdavSH.newInstance();
+ }
+ catch (InstantiationException e1)
+ {
+ // TODO Auto-generated catch block
+ e1.printStackTrace();
+ }
+ catch (IllegalAccessException e1)
+ {
+ // TODO Auto-generated catch block
+ e1.printStackTrace();
+ }
+ //URL testURL = new URL("http", realURLString.substring("http://localhost:82".length()), 82, "", urlStreamHandler);
+ //WebDAVURLConnection webDavTest = (WebDAVURLConnection) testURL.openConnection();
+
+
+ URL testURL = new URL(realURLString);
+ Logger.debug("TEST URL ist von der Klasse: " + testURL.getClass().getName());
+
+ //URL url = new URL(realURLString);
+ URL testURL2 = new URL(realURLString);
+
+ URL url = new URL("http", "localhost", 82, realURLString.substring("http://localhost:82".length()), urlStreamHandler);
+
+ Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
+ WebDAVURLConnection webDavConn = (WebDAVURLConnection) url.openConnection();
+ HttpURLConnection conn = (HttpURLConnection)webDavConn;
+ webDavConn.setRequestMethod(req.getMethod());
+ webDavConn.setDoInput(true);
+ webDavConn.setDoOutput(true);
+ //conn.setUseCaches(false);
+ webDavConn.setAllowUserInteraction(true);
+ webDavConn.setInstanceFollowRedirects(false);
+ if (conn instanceof HttpsURLConnection && sslSocketFactory != null) {
+ HttpsURLConnection httpsConn = (HttpsURLConnection) conn;
+ httpsConn.setSSLSocketFactory(sslSocketFactory);
+ if (cbDisableHostnameVerification)
+ httpsConn.setHostnameVerifier(new HostnameNonVerifier());
+ }
+ return conn;
+ }
+
+ /**
+ * Disconnects the HttpURLConnection if necessary.
+ * The implementation of the Connectionbuilder decides wether
+ * if this should be happen or not.
+ *
+ * @param conn the HttpURLConnection which is normaly to be closed
+ */
+ public void disconnect(HttpURLConnection conn) {
+ conn.disconnect();
+ }
+
+ /**
+ * @param requestedURL
+ * @param parameters
+ * @return
+ */
+ private String appendQueryString(String requestedURL, Vector parameters) {
+ String newURL = requestedURL;
+ String parameter[] = new String[2];
+ String paramValue ="";
+ String paramName ="";
+ String paramString ="";
+ for (Iterator iter = parameters.iterator(); iter.hasNext();) {
+ try {
+ parameter = (String[]) iter.next();
+ //Following two lines do not work with OWA-SSL-Login-form
+ paramName = URLEncoder.encode((String) parameter[0], "UTF-8");
+ paramValue = URLEncoder.encode((String) parameter[1], "UTF-8");
+
+ } catch (UnsupportedEncodingException e) {
+ //UTF-8 should be supported
+ }
+ paramString = "&" + paramName + "=" + paramValue + paramString;
+ }
+ if (paramString.length()>0) newURL = newURL + "?" + paramString.substring(1);
+ return newURL;
+ }
+
+ /**
+ * @author Stefan Knirsch
+ * @version $Id$
+ * A private class to change the standard HostName verifier to disable the
+ * Hostname Verification Check
+ */
+ private class HostnameNonVerifier implements HostnameVerifier {
+
+ /**
+ * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
+ */
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
new file mode 100644
index 000000000..f934ab80b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -0,0 +1,211 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.io.IOException;
+import java.net.URL;
+import java.net.URLStreamHandler;
+import java.util.Iterator;
+import java.util.Vector;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+
+import com.sun.net.ssl.HostnameVerifier;
+import HTTPClient.HttpURLConnection;
+import HTTPClient.HTTPConnection;
+
+
+/**
+ * Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>.
+ * uses the HTTP(s)Client from Ronald Tschalär.
+ * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/
+ *
+ * @author pdanner
+ */
+public class EnhancedConnectionBuilder implements ConnectionBuilder {
+
+ /** a boolean to disable the HostnameVerification (default = false)*/
+ private static boolean cbDisableHostnameVerification = false;
+ /** Name of the Parameter for the Target */
+ private static final String PARAM_TARGET = "Target";
+ /** Name of the Parameter for the SAMLArtifact */
+ private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+ /** Name of the Attribute for marking the session as authenticated*/
+ private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
+
+ static {
+ HTTPConnection.setDefaultTimeout(0);
+ try {
+ HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.AuthorizationModule"));
+ HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RedirectionModule"));
+ HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.CookieModule"));
+ //HTTPConnection.removeDefaultModule(Class.forName("HTTPClient.RetryModule"));
+ } catch (ClassNotFoundException e) {
+
+ }
+ }
+
+ /**
+ * Constructor for OWAConnectionBuilder.
+ * @throws ConfigurationException on any config error
+ */
+ public EnhancedConnectionBuilder() throws ConfigurationException {
+ cbDisableHostnameVerification = BoolUtils.valueOf(
+ ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter(
+ "ProxyComponent.DisableHostnameVerification"));
+ //TODO MOA-ID BRZ undocumented feature
+ if (cbDisableHostnameVerification)
+ Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification);
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.ConnectionBuilder#buildConnection
+ */
+ public java.net.HttpURLConnection buildConnection(HttpServletRequest req, String publicURLPrefix, String realURLPrefix, SSLSocketFactory sslSocketFactory, Vector parameters) throws IOException {
+
+ String requestedURL = req.getRequestURL().toString();
+ // check whether requested URL starts with publicURLPrefix
+
+ if (! requestedURL.startsWith(publicURLPrefix.substring(0,5)))
+ throw new IOException(MOAIDMessageProvider.getInstance().getMessage(
+ "proxy.01", new Object[] {requestedURL, publicURLPrefix}));
+
+ String query = req.getQueryString();
+ if (req.getSession().getAttribute(ATT_AUTHDATAFETCHED)!=null) {
+ query = removeParameter(query, PARAM_SAMLARTIFACT);
+ query = removeParameter(query, PARAM_TARGET);
+ req.getSession().removeAttribute(ATT_AUTHDATAFETCHED);
+ }
+ if (null != query && 0 != query.length() ) {
+ requestedURL = requestedURL + "?" + query;
+
+ String parameter[] = new String[2];
+ for (Iterator iter = parameters.iterator(); iter.hasNext();) {
+ parameter = (String[]) iter.next();
+ if(query.indexOf(parameter[0]) >= 0) iter.remove();
+ }
+ }
+
+ // build real URL in online application
+ String realURLString = realURLPrefix + requestedURL.substring(publicURLPrefix.length());
+
+ // build real URL in online application
+ URLStreamHandler urlStreamHandler = null;
+
+ //URL url = new URL(realURLString);
+ if (realURLString.startsWith("https")) {
+ urlStreamHandler = new HTTPClient.https.Handler();
+ } else{
+ urlStreamHandler = new HTTPClient.http.Handler();
+ }
+ URL url = new URL(null, realURLString, urlStreamHandler);
+ Logger.debug("OA Request: " + req.getMethod() + " " + url.toString());
+
+ HttpURLConnection conn = (HttpURLConnection)url.openConnection();
+
+ conn.setRequestMethod(req.getMethod());
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ //conn.setUseCaches(false);
+ //conn.setAllowUserInteraction(true);
+ conn.setInstanceFollowRedirects(false);
+
+ if (realURLString.startsWith("https") && sslSocketFactory != null) {
+ conn.setSSLSocketFactory(sslSocketFactory);
+ //Not available in HTTPClient
+ //if (cbDisableHostnameVerification)
+ // conn.setHostnameVerifier(new HostnameNonVerifier());
+ }
+
+ return conn;
+
+ }
+
+ /**
+ * Disconnects the HttpURLConnection if necessary.
+ * The implementation of the Connectionbuilder decides wether
+ * if this should be happen or not.
+ *
+ * @param conn the HttpURLConnection which is normaly to be closed
+ */
+ public void disconnect(java.net.HttpURLConnection conn) {
+ // In HTTPClient there must not be an diconnect!
+ // conn.disconnect();
+ }
+
+ /**
+ * @author Stefan Knirsch
+ * @version $Id$
+ * A private class to change the standard HostName verifier to disable the
+ * Hostname Verification Check
+ */
+ private class HostnameNonVerifier implements HostnameVerifier {
+
+ /**
+ * @see com.sun.net.ssl.HostnameVerifier#verify(String, String)
+ */
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+
+ /**
+ * Removes parameters from the query-URL recursively
+ *
+ * @param query the query from which the parameter is to be removed
+ * @param parameter the parameter to be removed
+ * @return the parameterclean query
+ */
+ private String removeParameter(String query, String parameter) {
+ return removeParameter(query, parameter, true);
+ }
+
+ /**
+ * Removes one parameter from the query-URL recursively
+ *
+ * @param query the query from which the parameter is to be removed
+ * @param parameter the parameter to be removed
+ * @param remove. Boolean value wether a parameter was removed in last call or not. In initial call set to true to check for new occurrences
+ * @return the parameterclean query
+ */
+ private String removeParameter(String query, String parameter, boolean remove) {
+ String result = query;
+ if (remove && query!=null && !query.equals("") && parameter!=null && !parameter.equals("")) {
+ String param = parameter;
+ int capEnd=0;
+ if (!param.endsWith("=")) param=param+"=";
+ if (query.startsWith(param)) {
+ //remove leading
+ result="";
+ } else {
+ if (!param.startsWith("&")) param="&"+param;
+ capEnd = query.indexOf(param);
+ if (capEnd!=-1) {
+ //leading part
+ result=query.substring(0, capEnd);
+ }
+ }
+ if (capEnd!=-1) {
+ //trailing part
+ capEnd += param.length();
+ int capBegin = -1;
+ if (capEnd <query.length()) capBegin = query.indexOf("&", capEnd);
+ if (capBegin!=-1) {
+ if (capBegin<query.length()) {
+ result=result + query.substring(capBegin);
+ if (result.startsWith("&")) result = result.substring(1); //if now is leading part
+ }
+ }
+ }
+ result = removeParameter(result, parameter, !query.equals(result));
+ }
+ return result;
+ }
+
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
new file mode 100644
index 000000000..b47389950
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -0,0 +1,86 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+/**
+ * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection}
+ * to the remote online application.
+ * Utilizes {@link OAConfiguration} and {@link AuthenticationData}.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public interface LoginParameterResolver {
+
+ /** Constants used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code>,
+ * naming predicates used by the <code>LoginParameterResolver</code>. */
+ public static final String MOAGivenName = "MOAGivenName";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAFamilyName = "MOAFamilyName";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOADateOfBirth = "MOADateOfBirth";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOABPK = "MOABPK";
+ /** Constant used in <code>MOAIDConfiguration-1.3.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAWBPK = "MOAWBPK";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAPublicAuthority = "MOAPublicAuthority";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOABKZ = "MOABKZ";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAQualifiedCertificate = "MOAQualifiedCertificate";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAStammzahl = "MOAStammzahl";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAIdentificationValueType = "MOAIdentificationValueType";
+ /** Constant used in <code>MOAIDConfiguration-1.2.xsd</code>, type <code>MOAAuthDataType</code> */
+ public static final String MOAIPAddress = "MOAIPAddress";
+
+ /**
+ * Returns authentication headers to be added to a URLConnection.
+ *
+ * @param oaConf configuration data
+ * @param authData authentication data
+ * @param clientIPAddress client IP address
+ * @param businessService boolean value for recognizing (w)bPK-mode
+ * @param publicURLPrefix to distinguish different online applications
+ * @return A map, the keys being header names and values being corresponding header values.
+ * <br>In case of authentication type <code>"basic-auth"</code>, header fields
+ * <code>username</code> and <code>password</code>.
+ * <br>In case of authentication type <code>"header-auth"</code>, header fields
+ * derived from parameter mapping and authentication data provided.
+ * <br>Otherwise, an empty map.
+ */
+ public Map getAuthenticationHeaders(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress,
+ boolean businessService,
+ String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
+
+ /**
+ * Returns request parameters to be added to a URLConnection.
+ *
+ * @param oaConf configuration data
+ * @param authData authentication data
+ * @param clientIPAddress client IP address
+ * @param businessService boolean value for recognizing (w)bPK-mode
+ * @param publicURLPrefix to distinguish different online applications
+ * @return A map, the keys being parameter names and values being corresponding parameter values.
+ * <br>In case of authentication type <code>"param-auth"</code>, parameters
+ * derived from parameter mapping and authentication data provided.
+ * <br>Otherwise, an empty map.
+ */
+ public Map getAuthenticationParameters(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress,
+ boolean businessService,
+ String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException;
+
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
new file mode 100644
index 000000000..3aa2368bf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
@@ -0,0 +1,37 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class LoginParameterResolverException extends MOAIDException {
+
+ /**
+ * Constructor for LoginParameterResolverException.
+ * @param messageId
+ * @param parameters
+ */
+ public LoginParameterResolverException(
+ String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for LoginParameterResolverException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public LoginParameterResolverException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
new file mode 100644
index 000000000..8edd23438
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
@@ -0,0 +1,82 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+
+/**
+ * Factory delivering a {@link LoginParameterResolver} implementation for
+ * an online application, initialized from configuration data.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class LoginParameterResolverFactory {
+
+ /** default login parameter resolver to be used for online application
+ * where no special implementation of the <code>LoginParameterResolver</code>
+ * interface is configured
+ */
+ private static LoginParameterResolver defaultLoginParameterResolver;
+ /** mapping from online application public URL prefix to an implementation
+ * of the <code>LoginParameterResolver</code> interface to be used;
+ * if no mapping is given for an online application, the
+ * <code>DefaultLoginParameterResolver</code> will be used */
+ private static Map loginParameterResolverMap;
+
+ /**
+ * Initializes the <code>LoginParameterResolver</code> map from the configuration data.
+ * @throws ConfigurationException when the configuration cannot be read,
+ * or when a class name configured cannot be instantiated
+ */
+ public static void initialize() throws ConfigurationException {
+ defaultLoginParameterResolver = new DefaultLoginParameterResolver();
+ loginParameterResolverMap = new HashMap();
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ for (int i = 0; i < proxyConf.getOnlineApplicationParameters().length; i++) {
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameters()[i];
+ String publicURLPrefix = oaParam.getPublicURLPrefix();
+ String className = oaParam.getLoginParameterResolverImpl();
+ String configuration = oaParam.getLoginParameterResolverConfiguration();
+ if (className != null) {
+ try {
+ Class lprClass = Class.forName(className);
+ LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
+
+ Class[] argumentTypes = { String.class, Boolean.class };
+ Method confMethod = lprClass.getMethod( "configure", argumentTypes );
+
+ Object[] arguments = { new String(configuration), new Boolean(oaParam.getBusinessService()) };
+ confMethod.invoke( lpr, arguments );
+
+ loginParameterResolverMap.put(publicURLPrefix, lpr);
+ }
+ catch (InvocationTargetException lpex) {
+ throw new ConfigurationException("config.11", new Object[] {className}, lpex);
+ }
+ catch (Throwable ex) {
+ throw new ConfigurationException("config.07", new Object[] {publicURLPrefix}, ex);
+ }
+ }
+ }
+ }
+
+ /**
+ * Gets the <code>LoginParameterResolver</code> implementation to be used for the given
+ * online application.
+ * @param publicURLPrefix public URL prefix of the online application
+ * @return <code>LoginParameterResolver</code> implementation
+ */
+ public static LoginParameterResolver getLoginParameterResolver(String publicURLPrefix) {
+ LoginParameterResolver lpr = (LoginParameterResolver) loginParameterResolverMap.get(publicURLPrefix);
+ if (lpr == null)
+ return defaultLoginParameterResolver;
+ else
+ return lpr;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
new file mode 100644
index 000000000..3f615b01c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -0,0 +1,95 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import iaik.pki.PKIException;
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Web application initializer
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDProxyInitializer {
+
+ /**
+ * Initializes the web application components which need initialization:
+ * logging, JSSE, MOA-ID Auth configuration, Axis, session cleaner.
+ */
+ public static void initialize()
+ throws ConfigurationException, IOException, GeneralSecurityException, PKIException {
+
+ Logger.setHierarchy("moa.id.proxy");
+
+ // Restricts TLS cipher suites
+ System.setProperty("https.cipherSuites", "SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_3DES_EDE_CBC_SHA");
+
+ // load some jsse classes so that the integrity of the jars can be verified
+ // before the iaik jce is installed as the security provider
+ // this workaround is only needed when sun jsse is used in conjunction with
+ // iaik-jce (on jdk1.3)
+ ClassLoader cl = MOAIDProxyInitializer.class.getClassLoader();
+ try {
+ cl.loadClass("javax.security.cert.Certificate"); // from jcert.jar
+ }
+ catch (ClassNotFoundException e) {
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("init.01", null), e);
+ }
+
+ // Initializes the SSLSocketFactory store
+ SSLUtils.initialize();
+
+ // Initializes IAIKX509TrustManager logging
+ String log4jConfigURL = System.getProperty("log4j.configuration");
+ if (log4jConfigURL != null) {
+ IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL));
+ }
+
+ // Loads the configuration
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.reload();
+
+ // Initializes the Axis secure socket factory for use in calling the MOA-Auth web service,
+ // using configuration data
+ ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
+ if (connParamAuth!=null) {
+ if (connParamAuth.isHTTPSURL()) {
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+ AxisSecureSocketFactory.initialize(ssf);
+ }
+ } else {
+ throw new ConfigurationException("config.16", null);
+ }
+
+ // Initializes the Axis secure socket factories for use in calling the online applications,
+ // using configuration data
+ OAProxyParameter[] oaParams = proxyConf.getOnlineApplicationParameters();
+ for (int i = 0; i < oaParams.length; i++) {
+ OAProxyParameter oaParam = oaParams[i];
+ ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
+ if (oaConnParam.isHTTPSURL())
+ SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ }
+
+ // Initializes the ConnectionBuilderFactory from configuration data
+ ConnectionBuilderFactory.initialize();
+
+ // Initializes the LoginParameterResolverFactory from configuration data
+ LoginParameterResolverFactory.initialize();
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
new file mode 100644
index 000000000..849160a7b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ * Reason for this exception: the dedicated LoginParameterResolver does
+ * not allow access to the desired ressource.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class NotAllowedException extends MOAIDException {
+
+ /**
+ * Constructor for NotAllowedException.
+ * @param messageId
+ * @param parameters
+ */
+ public NotAllowedException(
+ String messageId,
+ Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for NotAllowedException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public NotAllowedException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
new file mode 100644
index 000000000..9bfd9de9b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -0,0 +1,678 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import iaik.security.provider.IAIK;
+
+import java.io.BufferedInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Key;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.IvParameterSpec;
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * XMLLoginParameterResolver an implementation of implementation of interface
+ * <code>LoginParameterResolver</code>
+ * This implementation used to map identities stored in an XML file to parameters
+ * which are given to OAs.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class XMLLoginParameterResolverEncryptedData implements LoginParameterResolver {
+
+ //file which is parsed and interpreted for paremeter resolving.
+ private String identityFile;
+
+ private Cipher blowfishCipher;
+ private Key key;
+ /**
+ * inner class used to store mapped parameters
+ */
+ class LPRParams {
+
+ /**
+ * getter method for parameter Enabled.
+ * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
+ */
+ public boolean getEnabled() {
+ return enabled.booleanValue();
+ }
+
+ /**
+ * getter method for parameter UN (username)
+ * @return Parameter UN or <code>null</code> not set.
+ */
+ public String getUN() {
+ return UN;
+ }
+
+ /**
+ * getter method for parameter UN (username)
+ * @return Parameter UN or <code>null</code> not set.
+ */
+ //TODO XMLLPR decrypt
+ public String getPlainUN() {
+ //Security.addProvider();
+
+
+ return UN;
+ }
+
+
+ /**
+ * getter method for parameter PW (password)
+ * @return Parameter PW or <code>null</code> not set.
+ */
+ public String getPW() {
+ return PW;
+ }
+
+ /**
+ * getter method for generic parameter Param1
+ * @return Parameter Param1 or <code>null</code> not set.
+ */
+ public String getParam1() {
+ return Param1;
+ }
+
+ /**
+ * getter method for generic parameter Param2
+ * @return Parameter Param2 or <code>null</code> not set.
+ */
+ public String getParam2() {
+ return Param2;
+ }
+
+ /**
+ * getter method for generic parameter Param3
+ * @return Parameter Param3 or <code>null</code> not set.
+ */
+ public String getParam3() {
+ return Param3;
+ }
+
+ /**
+ * Returns a string representation of LPRParams
+ *
+ * @return a <code>String</code> representation of this object.
+ * @see XMLLoginParameterResolver.LPRParams
+ */
+ public String toString() {
+ return "Enabled: "
+ + enabled.toString()
+ + "UN: '"
+ + UN
+ + "' PW: '"
+ + PW
+ + "' Param1: '"
+ + Param1
+ + "' Param2: '"
+ + Param2
+ + "' Param3: '"
+ + Param3
+ + "'\n";
+ }
+
+ //private member variables used to store the parameters
+ private Boolean enabled = null;
+ private String UN = null;
+ private String PW = null;
+ private String Param1 = null;
+ private String Param2 = null;
+ private String Param3 = null;
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
+ *
+ * @param enabled enable user mapping to parameter set for the parameter set.
+ * @param UN username used in HTTP 401 - BasicAuthentication
+ * @param PW password used in HTTP 401 - BasicAuthentication
+ * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
+ * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
+ * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
+ **/
+ LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
+ this.enabled = new Boolean(enabled);
+ this.UN = UN;
+ this.PW = PW;
+ this.Param1 = Param1;
+ this.Param2 = Param2;
+ this.Param3 = Param3;
+ }
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
+ *
+ * @param enabled enable user mapping to parameter set for the parameter set.
+ * @param UN username used in HTTP 401 - BasicAuthentication
+ * @param PW password used in HTTP 401 - BasicAuthentication
+ **/
+ LPRParams(boolean enabled, String UN, String PW) {
+ this(enabled, UN, PW, null, null, null);
+ }
+ }
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver</code> object.
+ **/
+ public XMLLoginParameterResolverEncryptedData() {
+ bPKMap = new HashMap();
+ namedMap = new HashMap();
+ }
+
+ /**
+ * configuration method
+ * @param configuration enabled enable user mapping to parameter set for the parameter set.
+ */
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
+ File idFile;
+ Element rootElement;
+
+ Security.addProvider(new IAIK());
+ try {
+ blowfishCipher = Cipher.getInstance("Blowfish/CBC/PKCS5Padding", "IAIK");
+
+ } catch (NoSuchPaddingException e) {
+ throw new LoginParameterResolverException("config.11",
+ new Object[] { "XMLLoginParameterResolver: NoSuchPaddingException \n" + e.toString()});
+ } catch (NoSuchProviderException e) {
+ throw new LoginParameterResolverException("config.11",
+ new Object[] { "XMLLoginParameterResolver: NoSuchProviderException \n" + e.toString()});
+ } catch (NoSuchAlgorithmException e) {
+ throw new LoginParameterResolverException("config.11",
+ new Object[] { "XMLLoginParameterResolver: NoSuchAlgorithmException \n" + e.toString()});
+ }
+
+ String plaintext = "start";
+ String encrypted = encryptData(plaintext, "1234567890123456", "123hochgeheim");
+ String decrypted = decryptData(encrypted, "1234567890123456", "123hochgeheim");
+ Logger.debug("plaintext: " + plaintext);
+ Logger.debug("encrypted: " + encrypted);
+ Logger.debug("decrypted: " + decrypted);
+
+ //make file name absolut (if it is relative to main config file)
+ //TODO MOAID XMLLPR check
+ String moaIDConfigFileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+ String rootConfigFileDir = new File(moaIDConfigFileName).getParent();
+ this.identityFile = FileUtils.makeAbsoluteURL(configuration, rootConfigFileDir);
+
+ if (null == identityFile || false == (idFile = new File(identityFile)).canRead()) {
+ throw new LoginParameterResolverException("config.11",
+ new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
+ }
+ try {
+ rootElement = readXMLFile(identityFile);
+ } catch (IOException lex) {
+ Logger.error(lex.toString());
+ throw new LoginParameterResolverException("config.11",
+ new Object[] { "XMLLoginParameterResolver: could not read '" + identityFile + "' " });
+
+ } catch (SAXException sex) {
+ Logger.error(sex.toString());
+ throw new LoginParameterResolverException("config.11",
+ new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", sex.toString() });
+ } catch (ParserConfigurationException e) {
+ // TODO XMLPR Auto-generated catch block
+ Logger.error(e.toString());
+ throw new LoginParameterResolverException("config.11",
+ new Object[] { "XMLLoginParameterResolver: parsing problem in file:'" + identityFile + "' ", e.toString() });
+ }
+ buildInfo(rootElement, businessService.booleanValue());
+ isConfigured = true;
+ }
+
+ /**
+ * encryptData method uses parameters masterSecret and bPK as key information to encrypt plaintext
+ * @param plaintext
+ * @param bPK
+ * @param masterSecret
+ * @return encrypted data (blowfish encrypted, base64 encoded)
+ * @throws LoginParameterResolverException
+ */
+ public String encryptData(String plaintext, String bPK, String masterSecret) throws LoginParameterResolverException
+ {
+ try {
+ String keyString = bPK + masterSecret;
+ key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
+ IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
+
+ blowfishCipher.init(Cipher.ENCRYPT_MODE, key, param);
+ byte [] cipherText = blowfishCipher.doFinal(plaintext.getBytes("UTF-8"));
+ return Base64Utils.encode(cipherText);
+ } catch (UnsupportedEncodingException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (InvalidKeyException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (BadPaddingException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (IllegalBlockSizeException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (IllegalStateException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (IOException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ }
+ }
+
+
+ /**
+ * encryptData method uses parameters masterSecret and bPK as key information to decrypt ciphertext
+ * @param ciphertext (blowfish encrypted, base64encoded)
+ * @param bPK
+ * @param masterSecret
+ * @return decrypted Data (plaintext)
+ * @throws LoginParameterResolverException
+ */
+ public String decryptData(String ciphertext, String bPK, String masterSecret) throws LoginParameterResolverException
+ {
+ try {
+ String keyString = bPK + masterSecret;
+ key = new iaik.security.cipher.SecretKey(keyString.getBytes("UTF-8"), "Blowfish");
+ IvParameterSpec param = new IvParameterSpec(new byte [] {0,0,0,0,0,0,0,0});
+ blowfishCipher.init(Cipher.DECRYPT_MODE, key, param);
+ byte [] plaintext = blowfishCipher.doFinal(Base64Utils.decode(ciphertext, true));
+ return new String(plaintext);
+ } catch (UnsupportedEncodingException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (InvalidKeyException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (BadPaddingException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (IllegalBlockSizeException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (IllegalStateException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (InvalidAlgorithmParameterException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ } catch (IOException e) {
+ throw new LoginParameterResolverException("config.14", new Object [] {"Blowfish: " + e.toString()});
+ }
+ }
+
+
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationHeaders(OAConfiguration, AuthenticationData, String, boolean, String)
+ */
+ public Map getAuthenticationHeaders(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress,
+ boolean businessService,
+ String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
+ Map result = new HashMap();
+
+ if (!isConfigured) {
+ //TODO XMLLPR
+ throw new LoginParameterResolverException("XMLLoginParameterResolver with configuration '" +
+ identityFile + "' is not configured!", null);
+ }
+
+ //get the Identity of the user
+ String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
+ String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
+ String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
+ String bPK ="";
+ String wType= "";
+ if (businessService) {
+ bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
+ wType = "w";
+ } else {
+ bPK = resolveValue(MOABPK, authData, clientIPAddress);
+ }
+ String userid = "";
+ String password = "";
+ LPRParams params = null;
+ boolean userFound = false;
+
+ //try (w)bPK and named search
+ params = bPKIdentitySearch(bPK, wType);
+
+ if (null == params)
+ params = namedIdentitySearch(famName, givenName, dateOfBirth);
+
+ //if both searches failed, report error.
+ if(null == params)
+ throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
+
+ //HTTP 401 - Basic Authentication
+ if (oaConf.getAuthType().equals("basic")) {
+ userid = (null != params.getUN()) ? params.getUN() : "";
+ password = (null != params.getPW()) ? params.getPW() : "";
+
+ try {
+ String userIDPassword = userid + ":" + password;
+ String credentials = Base64Utils.encode(userIDPassword.getBytes("UTF-8"));
+ Logger.debug("XMLLoginParameterResolver: calculated credentials: " + credentials);
+ result.put("Authorization", "Basic " + credentials);
+ } catch (IOException ignore) {
+ throw new LoginParameterResolverException("config.14", new Object[] {"internal error while encoding in Base64"});
+ }
+ } else if (oaConf.getAuthType().equals("header")) { //HTTP Authentication
+ String key;
+ String resolvedValue;
+ //TODO MOAID XMLLPR select value through OA-ConfigFile;
+ if(null != params.getUN()) result.put("UN", params.getUN());
+ if(null != params.getPW()) result.put("UN", params.getPW());
+ if(null != params.getParam1()) result.put("UN", params.getParam1());
+ if(null != params.getParam2()) result.put("UN", params.getParam2());
+ if(null != params.getParam3()) result.put("UN", params.getParam3());
+
+ } else {
+ throw new LoginParameterResolverException("config.14", new Object[] {"AuthType not supported"});
+ }
+
+ return result;
+ }
+
+ /**
+ * @see at.gv.egovernment.moa.id.proxy.LoginParameterResolver#getAuthenticationParameters(OAConfiguration, AuthenticationData, String, boolean, String)
+ */
+ public Map getAuthenticationParameters(
+ OAConfiguration oaConf,
+ AuthenticationData authData,
+ String clientIPAddress,
+ boolean businessService,
+ String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException {
+
+ Map result = new HashMap();
+
+ if (!isConfigured) {
+ Logger.warn("XMLLoginParameterResolver with configuration '" + identityFile + " is not configured");
+ return result;
+ }
+
+ String famName = resolveValue("MOAFamilyName", authData, clientIPAddress);
+ String givenName = resolveValue("MOAGivenName", authData, clientIPAddress);
+ String dateOfBirth = resolveValue("MOADateOfBirth", authData, clientIPAddress);
+ String bPK ="";
+ String wType= "";
+ if (businessService) {
+ bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
+ wType = "w";
+ } else {
+ bPK = resolveValue(MOABPK, authData, clientIPAddress);
+ }
+ String userid = "";
+ String password = "";
+ LPRParams params = null;
+
+ //try (w)bPK and named search
+ params = bPKIdentitySearch(bPK, wType);
+
+ if (null == params)
+ params = namedIdentitySearch(famName, givenName, dateOfBirth);
+
+ //if both searches failed, report error.
+ if(null == params)
+ throw new NotAllowedException("User:_" + wType + "bPK:'" +bPK+ ", " + famName + ", " + givenName + "' not authorized.", null);
+
+ //TODO MOAID XMLLPR URLEncoder.encode
+ if (oaConf.getAuthType().equals("param")) {
+ try {
+ if(null != params.getUN()) result.put(XSD_UNATTR, URLEncoder.encode(params.getUN(),"ISO-8859-1"));
+ if(null != params.getPW()) result.put(XSD_PWATTR, URLEncoder.encode(params.getPW(),"ISO-8859-1"));
+ if(null != params.getParam1()) result.put(XSD_PARAM1ATTR, URLEncoder.encode(params.getParam1(),"ISO-8859-1"));
+ if(null != params.getParam2()) result.put(XSD_PARAM2ATTR, URLEncoder.encode(params.getParam2(),"ISO-8859-1"));
+ if(null != params.getParam3()) result.put(XSD_PARAM3ATTR, URLEncoder.encode(params.getParam3(),"ISO-8859-1"));
+ } catch (UnsupportedEncodingException e) {
+ // ISO-8859-1 is supported
+ throw new LoginParameterResolverException("URLEncoder error", null);
+ }
+ } else {
+ throw new LoginParameterResolverException("AuthType not supported", null);
+ }
+ return result;
+ }
+
+ /**
+ * Resolves a login header or parameter value.
+ * @param predicate header or parameter predicate name from online application configuration
+ * @param authData authentication data for current login
+ * @param clientIPAddress client IP address
+ * @return header or parameter value resolved; <code>null</code> if unknown name is given
+ */
+ private static String resolveValue(
+ String predicate,
+ AuthenticationData authData,
+ String clientIPAddress) {
+ if (predicate.equals("MOAGivenName"))
+ return authData.getGivenName();
+ if (predicate.equals("MOAFamilyName"))
+ return authData.getFamilyName();
+ if (predicate.equals("MOADateOfBirth"))
+ return authData.getDateOfBirth();
+ if (predicate.equals("MOABPK"))
+ return authData.getBPK();
+ if (predicate.equals("MOAWBPK"))
+ return authData.getWBPK();
+ if (predicate.equals("MOAPublicAuthority"))
+ if (authData.isPublicAuthority())
+ return "true";
+ else
+ return "false";
+ if (predicate.equals("MOABKZ"))
+ return authData.getPublicAuthorityCode();
+ if (predicate.equals("MOAQualifiedCertificate"))
+ if (authData.isQualifiedCertificate())
+ return "true";
+ else
+ return "false";
+ if (predicate.equals("MOAStammzahl"))
+ return authData.getIdentificationValue();
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
+ if (predicate.equals("MOAIPAddress"))
+ return clientIPAddress;
+ else
+ return null;
+ }
+
+ /**
+ * reads, parses the configuration file of XMLLoginParameterResolver and returns the document element.
+ * @param fileName of the configuration file.
+ */
+ private Element readXMLFile(String fileName) throws ParserConfigurationException, SAXException, IOException {
+ Logger.info("XMLLoginParameterResolver: Loading and parsing XMLPLoginParameterConfiguration configuration: " + fileName);
+
+ InputStream stream = null;
+ Element configElem;
+
+ stream = new BufferedInputStream(new FileInputStream(fileName));
+ configElem = DOMUtils.parseDocument(stream, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ return configElem;
+ }
+
+ /**
+ * buildInfo builds up the internal data mapping between the "Identities" and the "Parameters" from the parsed XML file.
+ * @param root document root element.
+ */
+ private void buildInfo(Element root, boolean businessService) {
+ NodeList idList = root.getElementsByTagName(XSD_IDELEM);
+ NodeList paramList = root.getElementsByTagName(XSD_PARAMELEM);
+ String wType ="";
+ if (businessService) wType = "w";
+ for (int i = 0; i < idList.getLength(); i++)
+ Logger.debug("XMLLoginParameterResolver: LocalName idList: " + idList.item(i).getLocalName());
+
+ for (int i = 0; i < paramList.getLength(); i++)
+ Logger.debug("XMLLoginParameterResolver: LocalName paramList: " + paramList.item(i).getLocalName());
+
+ for (int i = 0; i < idList.getLength(); i++) {
+ Element tmpElem = (Element) idList.item(i);
+ NodeList tmpList = tmpElem.getElementsByTagName(XSD_NAMEDIDELEM);
+ for (int j = 0; j < tmpList.getLength(); j++)
+ Logger.debug("XMLLoginParameterResolver: LocalName tmp: " + tmpList.item(j).getLocalName());
+
+ //Search for NamedIdentity Elements
+ if (1 == tmpList.getLength()) {
+ tmpElem = (Element) tmpList.item(0);
+ String tmpStr = tmpElem.getAttribute(XSD_SURNAMEATTR) + "," +
+ tmpElem.getAttribute(XSD_GIVENNAMEATTR) + "," +
+ tmpElem.getAttribute(XSD_BIRTHDATEATTR);
+ boolean tmpBool = false;
+ if (tmpElem.getFirstChild() != null
+ && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
+ tmpBool = true;
+ //TODO XMLLPR remove
+ Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
+ tmpElem = (Element) paramList.item(i);
+ Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
+ " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
+ " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
+ " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
+ " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
+ namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
+ tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
+ tmpElem.getAttribute(XSD_PARAM3ATTR)) );
+ } else {
+
+ //(w)bPKIdentity Elements
+ if (businessService) {
+ tmpList = tmpElem.getElementsByTagName(XSD_WBPKIDELEM);
+ } else {
+ tmpList = tmpElem.getElementsByTagName(XSD_BPKIDELEM);
+ }
+ if (1 == tmpList.getLength()) {
+ tmpElem = (Element) tmpList.item(0);
+ String tmpStr = "";
+ if (businessService) {
+ tmpStr = tmpElem.getAttribute(XSD_WBPKATTR);
+ } else {
+ tmpStr = tmpElem.getAttribute(XSD_BPKATTR);
+ }
+ boolean tmpBool = false;
+ if (tmpElem.getFirstChild() != null
+ && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
+ tmpBool = true;
+ Logger.debug("XMLLoginParameterResolver: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
+ tmpElem = (Element) paramList.item(i);
+ Logger.debug("XMLLoginParameterResolver: attribute UN: " + tmpElem.getAttribute(XSD_UNATTR) +
+ " attribute PW: " + tmpElem.getAttribute(XSD_PWATTR) +
+ " attribute Param1: " + tmpElem.getAttribute(XSD_PARAM1ATTR) +
+ " attribute Param2: " + tmpElem.getAttribute(XSD_PARAM2ATTR) +
+ " attribute Param3: " + tmpElem.getAttribute(XSD_PARAM3ATTR) );
+ namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute(XSD_UNATTR), tmpElem.getAttribute(XSD_PWATTR),
+ tmpElem.getAttribute(XSD_PARAM1ATTR), tmpElem.getAttribute(XSD_PARAM2ATTR),
+ tmpElem.getAttribute(XSD_PARAM3ATTR)) );
+ } else {
+ if (businessService) {
+ Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_WBPKIDELEM + " found");
+ } else {
+ Logger.warn("XMLLoginParameterResolver: wrong format no Elements " + XSD_NAMEDIDELEM + " or " + XSD_BPKIDELEM + " found");
+ }
+ }
+ }
+ }
+
+ Logger.debug("namedMap:" + namedMap.toString());
+ Logger.debug(wType + "bPKMap:" + bPKMap.toString());
+ }
+
+
+
+
+ /**
+ * searches for a given bPK and returns the appropriate LPRParams structure
+ * @param bPK search argument
+ * @return LPRParams if bPK could be found in internal mappings or null otherwise.
+ */
+ LPRParams bPKIdentitySearch(String bPK, String wType) {
+ //search for mapping with (w)bPK of the user
+ Logger.info("XMLLoginParameterResolver: search for login data mapped to " + wType + "bPK:" + bPK);
+ LPRParams params = (LPRParams) bPKMap.get(bPK);
+ if (null == params) {
+ Logger.info("XMLLoginParameterResolver: params for " + wType + "bPK: " + bPK + " not found!");
+ return null;
+ } else if (params.getEnabled()) {
+ Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
+ return params;
+ }
+ Logger.info("XMLLoginParameterResolver: " + wType + "bPK: " + bPK + "found in list but user is NOT enabled");
+ return null;
+ }
+
+ /**
+ * searches for a given namedIdentity and returns the appropriate LPRParams structure
+ * @param surName surname search argument
+ * @param givenName givenname search argument
+ * @param dateOfBirth dateofbirth search argument
+ * @return LPRParams if (w)bPK could be found in internal mappings or null otherwise.
+ */
+ LPRParams namedIdentitySearch(String surName, String givenName, String dateOfBirth) {
+ Logger.info("XMLLoginParameterResolver: search for login data for SurName:" + surName + " GivenName: " + givenName + " DateOfBirth" + dateOfBirth);
+ //try first a search with surname, givenname and birthdate
+ LPRParams params = (LPRParams) namedMap.get(surName + "," + givenName + "," + dateOfBirth);
+ if (null == params) {
+ Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + "BirthDate: " + dateOfBirth + " not found!");
+ //try a search with surname, givenname only
+ params = (LPRParams) namedMap.get(surName + "," + givenName + "," + XSD_BIRTHDATEBLANKATTR);
+ if(null == params) {
+ Logger.debug("XMLLoginParameterResolver: params for Surname: " + surName + " GivenName: " + givenName + " not found!");
+ return null;
+ }
+ }
+
+ if (params.getEnabled()) {
+ Logger.info("XMLLoginParameterResolver: Surname:" + surName + " GivenName: " + givenName + " found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolver: using: " + params.toString());
+ return params;
+ }
+ Logger.info("XMLLoginParameterResolver: SurName:" + surName + " GivenName: " + givenName + "found in list; user is NOT enabled");
+ return null;
+ }
+
+ //public static final String XSD_MAPPING = "Mapping";
+ //public static final String XSD_DOCELEM = "MOAIdentities";
+ public static final String XSD_IDELEM = "Identity";
+ public static final String XSD_NAMEDIDELEM = "NamedIdentity";
+ public static final String XSD_BPKIDELEM = "bPKIdentity";
+ public static final String XSD_WBPKIDELEM = "wbPKIdentity";
+ public static final String XSD_PARAMELEM = "Parameters";
+ public static final String XSD_SURNAMEATTR = "SurName";
+ public static final String XSD_GIVENNAMEATTR = "GivenName";
+ public static final String XSD_BIRTHDATEATTR = "BirthDate";
+ public static final String XSD_BIRTHDATEBLANKATTR = "any";
+ public static final String XSD_BPKATTR = "bPK";
+ public static final String XSD_WBPKATTR = "wbPK";
+ public static final String XSD_UNATTR = "UN";
+ public static final String XSD_PWATTR = "PW";
+ public static final String XSD_PARAM1ATTR = "Param1";
+ public static final String XSD_PARAM2ATTR = "Param2";
+ public static final String XSD_PARAM3ATTR = "Param3";
+ private Map bPKMap;
+ private Map namedMap;
+ private boolean isConfigured = false;
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
new file mode 100644
index 000000000..aedafdf85
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -0,0 +1,422 @@
+package at.gv.egovernment.moa.id.proxy;
+
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import java.io.IOException;
+import java.util.*;
+import org.apache.xerces.parsers.DOMParser;
+import org.w3c.dom.*;
+
+// Referenced classes of package at.gv.egovernment.moa.id.proxy:
+//
+// TODO MOA-ID test full functionality
+
+public class XMLLoginParameterResolverPlainData
+ implements LoginParameterResolver
+{
+ private String configuration;
+
+ /**
+ * inner class used to store mapped parameters
+ */
+ class LPRParams {
+
+ /**
+ * getter method for parameter Enabled.
+ * Parameter Enabled decides if mapped parameters should be used by XMLLoginParameterResolver
+ */
+ public boolean getEnabled() {
+ return enabled.booleanValue();
+ }
+
+ /**
+ * getter method for parameter UN (username)
+ * @return Parameter UN or <code>null</code> not set.
+ */
+ public String getUN() {
+ return UN;
+ }
+
+ /**
+ * getter method for parameter UN (username)
+ * @return Parameter UN or <code>null</code> not set.
+ */
+ public String getPlainUN() {
+ return UN;
+ }
+
+
+ /**
+ * getter method for parameter PW (password)
+ * @return Parameter PW or <code>null</code> not set.
+ */
+ public String getPW() {
+ return PW;
+ }
+
+ /**
+ * getter method for generic parameter Param1
+ * @return Parameter Param1 or <code>null</code> not set.
+ */
+ public String getParam1() {
+ return Param1;
+ }
+
+ /**
+ * getter method for generic parameter Param2
+ * @return Parameter Param2 or <code>null</code> not set.
+ */
+ public String getParam2() {
+ return Param2;
+ }
+
+ /**
+ * getter method for generic parameter Param3
+ * @return Parameter Param3 or <code>null</code> not set.
+ */
+ public String getParam3() {
+ return Param3;
+ }
+
+ /**
+ * Returns a string representation of LPRParams
+ *
+ * @return a <code>String</code> representation of this object.
+ * @see XMLLoginParameterResolver.LPRParams
+ */
+ public String toString() {
+ return "Enabled: "
+ + enabled.toString()
+ + "UN: '"
+ + UN
+ + "' PW: '"
+ + PW
+ + "' Param1: '"
+ + Param1
+ + "' Param2: '"
+ + Param2
+ + "' Param3: '"
+ + Param3
+ + "'\n";
+ }
+
+ //private member variables used to store the parameters
+ private Boolean enabled = null;
+ private String UN = null;
+ private String PW = null;
+ private String Param1 = null;
+ private String Param2 = null;
+ private String Param3 = null;
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
+ *
+ * @param enabled enable user mapping to parameter set for the parameter set.
+ * @param UN username used in HTTP 401 - BasicAuthentication
+ * @param PW password used in HTTP 401 - BasicAuthentication
+ * @param Param1 generic parameter1 used in HeaderAuthentication and ParameterAuthentication
+ * @param Param2 generic parameter2 used in HeaderAuthentication and ParameterAuthentication
+ * @param Param3 generic parameter3 used in HeaderAuthentication and ParameterAuthentication
+ **/
+ LPRParams(boolean enabled, String UN, String PW, String Param1, String Param2, String Param3) {
+ this.enabled = new Boolean(enabled);
+ this.UN = UN;
+ this.PW = PW;
+ this.Param1 = Param1;
+ this.Param2 = Param2;
+ this.Param3 = Param3;
+ }
+
+ /**
+ * Constructs a newly allocated <code>XMLLoginParameterResolver.LPRParams</code> object.
+ *
+ * @param enabled enable user mapping to parameter set for the parameter set.
+ * @param UN username used in HTTP 401 - BasicAuthentication
+ * @param PW password used in HTTP 401 - BasicAuthentication
+ **/
+ LPRParams(boolean enabled, String UN, String PW) {
+ this(enabled, UN, PW, null, null, null);
+ }
+ }
+
+ //TODO document
+ public XMLLoginParameterResolverPlainData()
+ {
+ bPKMap = new HashMap();
+ namedMap = new HashMap();
+
+ }
+
+ //TODO document
+ public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException
+ {
+ Map result = new HashMap();
+ if(oaConf.getAuthType().equals("basic"))
+ {
+ String famName = resolveValue(MOAFamilyName, authData, clientIPAddress);
+ String givenName = resolveValue(MOAGivenName, authData, clientIPAddress);
+ String dateOfBirth = resolveValue(MOADateOfBirth, authData, clientIPAddress);
+ String bPK ="";
+ String wType= "";
+ if (businessService) {
+ bPK = resolveValue(MOAWBPK, authData, clientIPAddress);
+ wType = "w";
+ } else {
+ bPK = resolveValue(MOABPK, authData, clientIPAddress);
+ }
+ String userid = "";
+ String password = "";
+ String param1 = "";
+ String param2 = "";
+ String param3 = "";
+
+ LPRParams params = null;
+ boolean userFound = false;
+
+ //first step: search for (w)bPK entry in user list
+ Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for "+ wType + "bPK:" + bPK);
+ params = (LPRParams)bPKMap.get(bPK);
+ if(params == null)
+ Logger.debug("XMLLoginParameterResolverPlainData: params for "+ wType + "bPK: " + bPK + " not found in file!");
+ else
+ if(params.getEnabled())
+ { //if user is enabled: get related parameters
+ Logger.debug("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
+ userid = params.getUN();
+ password = params.getPW();
+ param1 = params.getParam1();
+ param2 = params.getParam2();
+ param3 = params.getParam3();
+ userFound = true;
+ } else
+ {
+ Logger.info("XMLLoginParameterResolverPlainData: "+ wType + "bPK: " + bPK + " found in list; user is NOT enabled");
+ }
+ if(!userFound) //secound step: search for name entry in user list
+ {
+ Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth);
+ params = (LPRParams)namedMap.get(famName + "," + givenName + "," + dateOfBirth);
+ if(params == null) {
+ Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " not found in file!");
+ //try also with wildcard ("*") birthdate
+ params = (LPRParams)namedMap.get(famName + "," + givenName + "," + "*");
+ if(params != null) Logger.debug("XMLLoginParameterResolverPlainData: params for Surname: " + famName + " GivenName: " + givenName + " DateOfBirth: " + "*" + " found!");
+ }
+
+ if(null != params && params.getEnabled())
+ {
+ Logger.debug("XMLLoginParameterResolverPlainData: SurName:" + famName + " GivenName: " + givenName + " DateOfBirth: " + dateOfBirth + " found in file; user is enabled");
+ Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
+ userid = params.getUN();
+ password = params.getPW();
+ param1 = params.getParam1();
+ param2 = params.getParam2();
+ param3 = params.getParam3();
+ userFound = true;
+ }
+ }
+ if(!userFound) //third step: search for default user in user list
+ {
+ //third step: search for (w)bPK for the default user entry in user list
+ Logger.debug("XMLLoginParameterResolverPlainData: search for automatic login data for default user");
+ params = (LPRParams)bPKMap.get("default");
+ if(params == null)
+ Logger.debug("XMLLoginParameterResolverPlainData: params for default user not found in file!");
+ else
+ if(params.getEnabled())
+ { //if user is enabled: get related parameters
+ Logger.debug("XMLLoginParameterResolverPlainData: default user found in list; user is enabled");
+ Logger.debug("XMLLoginParameterResolverPlainData: using: " + params.toString());
+ userid = params.getUN();
+ password = params.getPW();
+ param1 = params.getParam1();
+ param2 = params.getParam2();
+ param3 = params.getParam3();
+ userFound = true;
+ } else
+ {
+ Logger.info("XMLLoginParameterResolverPlainData: default user found in list; user is NOT enabled");
+ }
+ }
+
+ if(!userFound) //if user is not found then throw NotAllowedException exception
+ {
+ //TODO MOA-ID proove this with testcases!
+ Logger.info("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login");
+ throw new NotAllowedException("XMLLoginParameterResolverPlainData: Person is not allowed No automatic login ", new Object[] { });
+ }
+ try //if user was found: generate Authorization header entry with associated credemtials
+ {
+ String userIDPassword = userid + ":" + password;
+ String credentials = Base64Utils.encode(userIDPassword.getBytes());
+ Logger.debug("XMLLoginParameterResolverPlainData: calculated credentials: " + credentials);
+ result.put("Authorization", "Basic " + credentials);
+ }
+ catch(IOException ignore) { }
+ } else
+ if(oaConf.getAuthType().equals("header"))
+ {
+ String key;
+ String resolvedValue;
+ for(Iterator iter = oaConf.getHeaderAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
+ {
+ key = (String)iter.next();
+ String predicate = (String)oaConf.getHeaderAuthMapping().get(key);
+ resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ }
+
+ }
+ return result;
+ }
+
+ public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix)
+ {
+ Map result = new HashMap();
+ if(oaConf.getAuthType().equals("param"))
+ {
+ String key;
+ String resolvedValue;
+ for(Iterator iter = oaConf.getParamAuthMapping().keySet().iterator(); iter.hasNext(); result.put(key, resolvedValue))
+ {
+ key = (String)iter.next();
+ String predicate = (String)oaConf.getParamAuthMapping().get(key);
+ resolvedValue = resolveValue(predicate, authData, clientIPAddress);
+ }
+
+ }
+ return result;
+ }
+
+ private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress)
+ {
+ if(predicate.equals(MOAGivenName))
+ return authData.getGivenName();
+ if(predicate.equals(MOAFamilyName))
+ return authData.getFamilyName();
+ if(predicate.equals(MOADateOfBirth))
+ return authData.getDateOfBirth();
+ if(predicate.equals(MOABPK))
+ return authData.getBPK();
+ if(predicate.equals(MOAWBPK))
+ return authData.getWBPK();
+ if(predicate.equals(MOAPublicAuthority))
+ if(authData.isPublicAuthority())
+ return "true";
+ else
+ return "false";
+ if(predicate.equals(MOABKZ))
+ return authData.getPublicAuthorityCode();
+ if(predicate.equals(MOAQualifiedCertificate))
+ if(authData.isQualifiedCertificate())
+ return "true";
+ else
+ return "false";
+ if(predicate.equals(MOAStammzahl))
+ return authData.getIdentificationValue();
+ if (predicate.equals(MOAIdentificationValueType))
+ return authData.getIdentificationType();
+ if(predicate.equals(MOAIPAddress))
+ return clientIPAddress;
+ else
+ return null;
+ }
+
+ private Document readXMLFile(String fileName) throws LoginParameterResolverException
+ {
+ Logger.info("XMLLoginParameterResolverPlainData: Loading MOA-OA configuration " + fileName);
+ DOMParser parser = new DOMParser();
+ try
+ {
+ parser.setFeature("http://xml.org/sax/features/validation", true);
+ parser.setFeature("http://apache.org/xml/features/validation/schema", true);
+ parser.parse(fileName);
+ return parser.getDocument();
+ }
+ catch(Exception e)
+ {
+ String msg = e.toString();
+ throw new LoginParameterResolverException("proxy.13", new Object[] {"<noURL>: XMLLoginParameterResolverPlainData: Error parsing file " + fileName, "detail problem: " + msg});
+ }
+ }
+
+ private void buildInfo(Document doc, boolean businessService)
+ {
+ Element root = doc.getDocumentElement();
+ NodeList idList = root.getElementsByTagName("Identity");
+ NodeList paramList = root.getElementsByTagName("Parameters");
+ String wType ="";
+ if (businessService) wType = "w";
+ for(int i = 0; i < idList.getLength(); i++)
+ Logger.debug("XMLLoginParameterResolverPlainData: LocalName idList: " + idList.item(i).getLocalName());
+
+ for(int i = 0; i < paramList.getLength(); i++)
+ Logger.debug("XMLLoginParameterResolverPlainData: LocalName paramList: " + paramList.item(i).getLocalName());
+
+ for(int i = 0; i < idList.getLength(); i++)
+ {
+ Element tmpElem = (Element)idList.item(i);
+ NodeList tmpList = tmpElem.getElementsByTagName("NamedIdentity");
+ for(int j = 0; j < tmpList.getLength(); j++)
+ Logger.debug("XMLLoginParameterResolverPlainData: LocalName tmp: " + tmpList.item(j).getLocalName());
+
+ if(1 == tmpList.getLength())
+ {
+ tmpElem = (Element)tmpList.item(0);
+ String tmpStr = tmpElem.getAttribute("SurName") + "," + tmpElem.getAttribute("GivenName") + "," + tmpElem.getAttribute("BirthDate");
+ boolean tmpBool = false;
+ if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
+ tmpBool = true;
+ Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
+ tmpElem = (Element)paramList.item(i);
+ Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW"));
+ namedMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
+ } else
+ {
+ tmpList = tmpElem.getElementsByTagName(wType + "bPKIdentity");
+ if(1 == tmpList.getLength())
+ {
+ tmpElem = (Element)tmpList.item(0);
+ String tmpStr = tmpElem.getAttribute(wType + "bPK");
+ boolean tmpBool = false;
+ if(tmpElem.getFirstChild() != null && "1".compareTo(tmpElem.getFirstChild().getNodeValue()) == 0)
+ tmpBool = true;
+ Logger.debug("XMLLoginParameterResolverPlainData: tmpStr: " + tmpStr + " value: " + (new Boolean(tmpBool)).toString());
+ tmpElem = (Element)paramList.item(i);
+ Logger.debug("XMLLoginParameterResolverPlainData: attribute UN: " + tmpElem.getAttribute("UN") + " attribute PW: " + tmpElem.getAttribute("PW") + " attribute Param1: " + tmpElem.getAttribute("Param1"));
+ bPKMap.put(tmpStr, new LPRParams(tmpBool, tmpElem.getAttribute("UN"), tmpElem.getAttribute("PW")));
+ } else
+ {
+ Logger.warn("XMLLoginParameterResolverPlainData: wrong format or incorrect mode; no NamedIdentity or " + wType + "bPKIdentity found");
+ }
+ }
+ }
+
+ Logger.debug("namedMap:" + namedMap.toString());
+ Logger.debug(wType + "bPKMap:" + bPKMap.toString());
+ }
+
+ //public static final String XSD_DOCELEM = "MOAIdentities";
+ //public static final String XSD_IDELEM = "Identity";
+ //public static final String XSD_NAMEDIDELEM = "NamedIdentity";
+ //public static final String XSD_BPKIDELEM = "bPKIdentity";
+ //public static final String XSD_PARAMELEM = "Parameters";
+ //public static final String XML_LPR_CONFIG_PROPERTY_NAME1 = "moa.id.xmllpr1.configuration";
+ private Map bPKMap;
+ private Map namedMap;
+
+
+ public void configure(String configuration, Boolean businessService) throws LoginParameterResolverException {
+ Logger.info("XMLLoginParameterResolverPlainData: initialization string: " + configuration);
+ this.configuration = configuration;
+ String fileName = configuration;
+ if(fileName == null) {
+ fileName = "file:conf/moa-id/Identities.xml";
+ Logger.info("XMLLoginParameterResolverPlainData: used file name string: " + fileName);
+ }
+ Document doc = readXMLFile(fileName);
+ buildInfo(doc, businessService.booleanValue() );
+ }
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
new file mode 100644
index 000000000..e0e1fde4a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
@@ -0,0 +1,55 @@
+package at.gv.egovernment.moa.id.proxy.builder;
+
+import java.text.MessageFormat;
+import java.util.Calendar;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * Builder for the <code>&lt;samlp:Request&gt;</code> used for querying
+ * the authentication data <code>&lt;saml:Assertion&gt;</code>.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLRequestBuilder implements Constants {
+ /** samlp-Request template */
+ private static final String REQUEST =
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"{0}\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"{1}\">" +
+ "<samlp:AssertionArtifact>{2}</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+
+ /**
+ * Constructor for SAMLRequestBuilder.
+ */
+ public SAMLRequestBuilder() {
+ super();
+ }
+
+ /**
+ * Builds the <code>&lt;samlp:Request&gt;</code>.
+ * @param requestID request ID
+ * @param samlArtifactBase64 SAML artifact, encoded BASE64
+ * @return the DOM element
+ */
+ public Element build(String requestID, String samlArtifactBase64) throws BuildException {
+ try {
+ String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance());
+ String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
+ Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ return requestElem;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] {"samlp:Request", ex.toString()},
+ ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
new file mode 100644
index 000000000..f7e5299ab
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -0,0 +1,143 @@
+package at.gv.egovernment.moa.id.proxy.invoke;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
+import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
+import at.gv.egovernment.moa.id.util.Random;
+
+/**
+ * Invoker of
+ * <ul>
+ * <li>either the GetAuthenticationData web service of MOA-ID Auth</li>
+ * <li>or the API call {@link at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData},</li>
+ * </ul>
+ * depending of the configuration.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetAuthenticationDataInvoker {
+ /** Create a new QName object for the webservice endpoint */
+ private static final QName SERVICE_QNAME = new QName("GetAuthenticationData");
+
+ /** invoked object for API call of MOA-ID Auth */
+ private static Object apiServer = null;
+ /** invoked method for API call of MOA-ID Auth */
+ private static Method apiMethod = null;
+
+ /**
+ * Invokes the service passing domain model objects.
+ * @param samlArtifact SAML artifact
+ * @return AuthenticationData object
+ * @throws ServiceException on any exception thrown
+ */
+ /**
+ * Get authentication data from the MOA-ID Auth component,
+ * either via API call or via web service call.
+ * @param samlArtifact SAML artifact to be used as a parameter
+ * @return AuthenticationData
+ */
+ public AuthenticationData getAuthenticationData(String samlArtifact)
+ throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
+
+ ConnectionParameter authConnParam =
+ ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
+ if (authConnParam == null) {
+ try {
+ if (apiServer == null) {
+ Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
+ Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
+ apiServer = getInstanceMethod.invoke(null, (Object[]) null);
+ apiMethod = serverClass.getMethod(
+ "getAuthenticationData", new Class[] {String.class});
+ }
+ AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
+ return authData;
+ }
+ catch (InvocationTargetException ex) {
+ Throwable targetEx = ex.getTargetException();
+ if (targetEx instanceof AuthenticationException)
+ throw (AuthenticationException) targetEx;
+ else
+ throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
+ }
+ catch (Throwable ex) {
+ throw new ProxyException("proxy.09", new Object[] {ex.toString()});
+ }
+ }
+ else {
+ Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact);
+ Element samlpResponse = getAuthenticationData(samlpRequest);
+ SAMLResponseParser srp = new SAMLResponseParser(samlpResponse);
+ SAMLStatus status = srp.parseStatusCode();
+ if (! "samlp:Success".equals(status.getStatusCode())) {
+ // on error status throw exception
+ String code = status.getStatusCode();
+ if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+ code += "(" + status.getSubStatusCode() + ")";
+ throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+ }
+ return srp.parseAuthenticationData();
+ }
+ }
+
+ /**
+ * Invokes the service passing DOM elements.
+ * @param request request DOM element
+ * @return response DOM element
+ * @throws ServiceException on any exception thrown
+ */
+ public Element getAuthenticationData(Element request) throws ServiceException {
+ try {
+ Service service = ServiceFactory.newInstance().createService(SERVICE_QNAME);
+ Call call = service.createCall();
+ SOAPBodyElement body =
+ new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] {body};
+ Vector responses;
+ SOAPBodyElement response;
+
+ String endPoint;
+ ConnectionParameter authConnParam =
+ ProxyConfigurationProvider.getInstance().getAuthComponentConnectionParameter();
+
+ //If the ConnectionParameter do NOT exist, we throw an exception ....
+ if (authConnParam!=null) {
+ endPoint = authConnParam.getUrl();
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(SERVICE_QNAME, params);
+ response = (SOAPBodyElement) responses.get(0);
+ return response.getAsDOM();
+ }
+ else
+ {
+ throw new ServiceException("service.01", null);
+ }
+ }
+ catch (Exception ex) {
+ throw new ServiceException("service.00", new Object[] {ex.toString()}, ex);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
new file mode 100644
index 000000000..6bf5da02b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -0,0 +1,158 @@
+package at.gv.egovernment.moa.id.proxy.parser;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parser for the <code>&lt;saml:Assertion&gt;</code> returned by the
+ * <code>GetAuthenticationData</code> web service.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationDataAssertionParser implements Constants {
+
+ /** Prefix for SAML-Xpath-expressions */
+ private static String SAML = SAML_PREFIX + ":";
+ /** Prefix for PersonData-Xpath-expressions */
+ private static String PR = PD_PREFIX + ":";
+ /** Prefix for Attribute MajorVersion in an Xpath-expression */
+ private static String MAJOR_VERSION_XPATH =
+ "@MajorVersion";
+ /** Prefix for Attribute MinorVersion in an Xpath-expression */
+ private static String MINOR_VERSION_XPATH =
+ "@MinorVersion";
+ /** Prefix for Attribute AssertionID in an Xpath-expression */
+ private static String ASSERTION_ID_XPATH =
+ "@AssertionID";
+ /** Prefix for Attribute Issuer in an Xpath-expression */
+ private static String ISSUER_XPATH =
+ "@Issuer";
+ /** Prefix for Attribute IssueInstant in an Xpath-expression */
+ private static String ISSUE_INSTANT_XPATH =
+ "@IssueInstant";
+ /** Prefix for Element AttributeStatement in an Xpath-expression */
+ private static String ATTRIBUTESTATEMENT_XPATH =
+ SAML + "AttributeStatement/";
+ /** Prefix for Element NameIdentifier in an Xpath-expression */
+ private static String PK_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Subject/" +
+ SAML + "NameIdentifier";
+ private static String NAME_QUALIFIER_XPATH =
+ PK_XPATH + "/@NameQualifier";
+ /** Prefix for Element Person in an Xpath-expression */
+ private static String PERSONDATA_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Attribute[@AttributeName=\"PersonData\"]/" +
+ SAML + "AttributeValue/" +
+ PR + "Person/";
+ /** Prefix for Element Value in an Xpath-expression */
+ private static String IDENTIFICATION_VALUE_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Identification/" +
+ PR + "Value";
+ private static String IDENTIFICATION_TYPE_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Identification/" +
+ PR + "Type";
+ /** Prefix for Element GivenName in an Xpath-expression */
+ private static String GIVEN_NAME_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Name/" +
+ PR + "GivenName";
+ /** Prefix for Element FamilyName in an Xpath-expression */
+ private static String FAMILY_NAME_XPATH =
+ PERSONDATA_XPATH +
+ PR + "Name/" +
+ PR + "FamilyName";
+ /** Prefix for Element DateOfBirth in an Xpath-expression */
+ private static String DATE_OF_BIRTH_XPATH =
+ PERSONDATA_XPATH +
+ PR + "DateOfBirth";
+ /** Prefix for Element AttributeValue in an Xpath-expression */
+ private static String IS_QUALIFIED_CERT_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Attribute[@AttributeName=\"isQualifiedCertificate\"]/" +
+ SAML + "AttributeValue";
+ /** Prefix for Element AttributeValue in an Xpath-expression */
+ private static String PUBLIC_AUTHORITY_XPATH =
+ ATTRIBUTESTATEMENT_XPATH +
+ SAML + "Attribute[@AttributeName=\"isPublicAuthority\"]/" +
+ SAML + "AttributeValue";
+ /** Element samlAssertion represents the SAML:Assertion */
+ private Element samlAssertion;
+
+ /**
+ * Constructor
+ * @param samlAssertion samlpResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
+ */
+ public AuthenticationDataAssertionParser(Element samlAssertion) {
+ this.samlAssertion = samlAssertion;
+ }
+
+ /**
+ * Parses the <code>&lt;saml:Assertion&gt;</code>.
+ * @return <code>AuthenticationData</code> object
+ * @throws ParseException on any error
+ */
+ public AuthenticationData parseAuthenticationData()
+ throws ParseException {
+
+ try {
+ AuthenticationData authData = new AuthenticationData();
+ //ÄNDERN: NUR der Identification-Teil
+ authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion));
+ authData.setMajorVersion(new Integer(
+ XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue());
+ authData.setMinorVersion(new Integer(
+ XPathUtils.getAttributeValue(samlAssertion, MINOR_VERSION_XPATH, "-1")).intValue());
+ authData.setAssertionID(
+ XPathUtils.getAttributeValue(samlAssertion, ASSERTION_ID_XPATH, ""));
+ authData.setIssuer(
+ XPathUtils.getAttributeValue(samlAssertion, ISSUER_XPATH, ""));
+ authData.setIssueInstant(
+ XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
+ String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
+ if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
+ authData.setBPK(pkValue);
+ } else {
+ authData.setWBPK(pkValue);
+ }
+ authData.setIdentificationValue(
+ XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, ""));
+ authData.setIdentificationType(
+ XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, ""));
+ authData.setGivenName(
+ XPathUtils.getElementValue(samlAssertion, GIVEN_NAME_XPATH, ""));
+ authData.setFamilyName(
+ XPathUtils.getElementValue(samlAssertion, FAMILY_NAME_XPATH, ""));
+ authData.setDateOfBirth(
+ XPathUtils.getElementValue(samlAssertion, DATE_OF_BIRTH_XPATH, ""));
+ authData.setQualifiedCertificate(BoolUtils.valueOf(
+ XPathUtils.getElementValue(samlAssertion, IS_QUALIFIED_CERT_XPATH, "")));
+ String publicAuthority =
+ XPathUtils.getElementValue(samlAssertion, PUBLIC_AUTHORITY_XPATH, null);
+ if (publicAuthority == null) {
+ authData.setPublicAuthority(false);
+ authData.setPublicAuthorityCode("");
+ }
+ else {
+ authData.setPublicAuthority(true);
+ if (! publicAuthority.equalsIgnoreCase("true"))
+ authData.setPublicAuthorityCode(publicAuthority);
+ }
+ return authData;
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
new file mode 100644
index 000000000..9f77578fd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
@@ -0,0 +1,100 @@
+package at.gv.egovernment.moa.id.proxy.parser;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Parser for the <code>&lt;samlp:Response&gt;</code> returned by the
+ * <code>GetAuthenticationData</code> web service.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLResponseParser implements Constants {
+ /** Element containing the samlResponse */
+ private Element samlResponse;
+ /** Xpath prefix for reaching SAMLP Namespaces */
+ private static String SAMLP = SAMLP_PREFIX + ":";
+ /** Xpath prefix for reaching SAML Namespaces */
+ private static String SAML = SAML_PREFIX + ":";
+ /** Xpath prefix for reaching PersonData Namespaces */
+ private static String PR = PD_PREFIX + ":";
+ /** Xpath expression for reaching the SAMLP:Response element */
+ private static final String ROOT =
+ "/" + SAMLP + "Response/";
+ /** Xpath expression for reaching the SAMLP:Status element */
+ private static final String STATUS_XPATH =
+ ROOT +
+ SAMLP + "Status/";
+ /** Xpath expression for reaching the SAMLP:StatusCode_Value attribute */
+ private static final String STATUSCODE_XPATH =
+ STATUS_XPATH +
+ SAMLP + "StatusCode/@Value";
+ /** Xpath expression for reaching the SAMLP:SubStatusCode_Value attribute */
+ private static final String SUBSTATUSCODE_XPATH =
+ STATUS_XPATH +
+ SAMLP + "StatusCode/" +
+ SAMLP + "StatusCode/@Value";
+ /** Xpath expression for reaching the SAMLP:StatusMessage element */
+ private static final String STATUSMESSAGE_XPATH =
+ STATUS_XPATH +
+ SAMLP + "StatusMessage";
+ /** Xpath expression for reaching the SAML:Assertion element */
+ private static String ASSERTION_XPATH =
+ ROOT +
+ SAML + "Assertion";
+
+ /**
+ * Constructor
+ * @param samlResponse the <code>&lt;samlp:Response&gt;</code> as a DOM element
+ */
+ public SAMLResponseParser(Element samlResponse) {
+ this.samlResponse = samlResponse;
+ }
+
+ /**
+ * Parses the <code>&lt;samlp:StatusCode&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
+ * @return <code>AuthenticationData</code> object
+ * @throws ParseException on any parsing error
+ */
+ public SAMLStatus parseStatusCode()
+ throws ParseException {
+
+ SAMLStatus status = new SAMLStatus();
+ try {
+ status.setStatusCode(
+ XPathUtils.getAttributeValue(samlResponse, STATUSCODE_XPATH, ""));
+ status.setSubStatusCode(
+ XPathUtils.getAttributeValue(samlResponse, SUBSTATUSCODE_XPATH, ""));
+ status.setStatusMessage(
+ XPathUtils.getElementValue(samlResponse, STATUSMESSAGE_XPATH, ""));
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ return status;
+ }
+
+ /**
+ * Parses the <code>&lt;saml:Assertion&gt;</code> from the <code>&lt;samlp:Response&gt;</code>.
+ * @return <code>AuthenticationData</code> object
+ * @throws ParseException on any parsing error
+ */
+ public AuthenticationData parseAuthenticationData()
+ throws ParseException {
+
+ Element samlAssertion;
+ try {
+ samlAssertion = (Element)XPathUtils.selectSingleNode(samlResponse, ASSERTION_XPATH);
+ }
+ catch (Throwable t) {
+ throw new ParseException("parser.01", new Object[] { t.toString() }, t);
+ }
+ return new AuthenticationDataAssertionParser(samlAssertion).parseAuthenticationData();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
new file mode 100644
index 000000000..4ab2e2cf7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
@@ -0,0 +1,71 @@
+package at.gv.egovernment.moa.id.proxy.servlet;
+
+import java.io.IOException;
+import java.text.DateFormat;
+import java.util.Date;
+import java.util.Locale;
+
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.util.HTTPRequestJSPForwarder;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Servlet requested for updating the MOA-ID Auth configuration from configuration file
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ConfigurationServlet extends HttpServlet {
+
+ /**
+ * Handle a HTTP GET request, used to indicated that the MOA
+ * configuration needs to be updated (reloaded).
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ public void doGet(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+
+ MOAIDMessageProvider msg = MOAIDMessageProvider.getInstance();
+ try {
+ MOAIDProxyInitializer.initialize();
+
+ String message = msg.getMessage("config.00", new Object[]
+ { DateFormat.getTimeInstance(DateFormat.MEDIUM, Locale.GERMAN).format(new Date())} );
+ Logger.info(message);
+
+ HTTPRequestJSPForwarder.forwardNamed(message, "/message-proxy.jsp", getServletContext(), request, response);
+ } catch (Throwable t) {
+ String errorMessage = msg.getMessage("config.04", null);
+ Logger.error(errorMessage, t);
+ HTTPRequestJSPForwarder.forwardNamed(errorMessage, "/message-proxy.jsp", getServletContext(), request, response);
+ }
+ }
+
+ /**
+ * Do the same as <code>doGet</code>.
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ public void doPost(HttpServletRequest request, HttpServletResponse response)
+ throws ServletException, IOException {
+ doGet(request, response);
+ }
+
+/**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
+}
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
new file mode 100644
index 000000000..0080c010e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.proxy.servlet;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+
+/**
+ * Exception thrown while proxying a request to the online application
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ProxyException extends MOAIDException {
+
+ /**
+ * Constructor for ProxyException.
+ * @param messageId
+ * @param parameters
+ */
+ public ProxyException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * Constructor for ProxyException.
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public ProxyException(
+ String messageId,
+ Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
new file mode 100644
index 000000000..6d215c35e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -0,0 +1,879 @@
+package at.gv.egovernment.moa.id.proxy.servlet;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.PrintWriter;
+import java.io.StringWriter;
+import java.net.HttpURLConnection;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Enumeration;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Vector;
+
+import javax.net.ssl.SSLSocketFactory;
+import javax.servlet.RequestDispatcher;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.CookieManager;
+import at.gv.egovernment.moa.id.proxy.ConnectionBuilder;
+import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolverException;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
+import at.gv.egovernment.moa.id.proxy.MOAIDProxyInitializer;
+import at.gv.egovernment.moa.id.proxy.NotAllowedException;
+import at.gv.egovernment.moa.id.proxy.invoke.GetAuthenticationDataInvoker;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * Servlet requested for logging in at an online application,
+ * and then for proxying requests to the online application.
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class ProxyServlet extends HttpServlet {
+ /** Name of the Parameter for the Target */
+ private static final String PARAM_TARGET = "Target";
+ /** Name of the Parameter for the SAMLArtifact */
+ private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+
+ /** Name of the Attribute for marking the session as authenticated*/
+ private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
+ /** Name of the Attribute for the PublicURLPrefix */
+ private static final String ATT_PUBLIC_URLPREFIX = "PublicURLPrefix";
+ /** Name of the Attribute for the RealURLPrefix */
+ private static final String ATT_REAL_URLPREFIX = "RealURLPrefix";
+ /** Name of the Attribute for the SSLSocketFactory */
+ private static final String ATT_SSL_SOCKET_FACTORY = "SSLSocketFactory";
+ /** Name of the Attribute for the LoginHeaders */
+ private static final String ATT_LOGIN_HEADERS = "LoginHeaders";
+ /** Name of the Attribute for the LoginParameters */
+ private static final String ATT_LOGIN_PARAMETERS = "LoginParameters";
+ /** Name of the Attribute for the SAMLARTIFACT */
+ private static final String ATT_SAML_ARTIFACT = "SamlArtifact";
+ /** Name of the Attribute for the state of the browser request for login dialog*/
+ private static final String ATT_BROWSERREQU = "BrowserLoginRequest";
+ /** Name of the Attribute for the state of the browser request for login dialog*/
+ private static final String ATT_OA_CONF = "oaConf";
+ /** Name of the Attribute for the Logintype of the OnlineApplication*/
+ private static final String ATT_OA_LOGINTYPE = "LoginType";
+ /** Name of the Attribute for the number of the try to login into the OnlineApplication*/
+ private static final String ATT_OA_LOGINTRY = "LoginTry";
+ /** Maximum permitted login tries */
+ private static final int MAX_OA_LOGINTRY = 3;
+ /** Name of the Attribute for authorization value for further connections*/
+ private static final String ATT_OA_AUTHORIZATION_HEADER = "authorizationkey";
+ /** Name of the Attribute for user binding */
+ private static final String ATT_OA_USER_BINDING = "UserBinding";
+ /** For extended internal debug messages */
+ private static final boolean INTERNAL_DEBUG = false;
+ /** Message to be given if browser login failed */
+ private static final String RET_401_MSG = "<html><head><title>Ein Fehler ist aufgetreten</title></head><body><h1>Fehler bei der Anmeldung</h1><p>Bei der Anmeldung ist ein Fehler aufgetreten.</p><p>Fehler bei der Anmeldung. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.<br><b>Abbruch durch den Benutzer.</b><br></p></body></html>";
+
+ /**
+ * @see javax.servlet.http.HttpServlet#service(HttpServletRequest, HttpServletResponse)
+ */
+ protected void service(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
+
+ Logger.debug("getRequestURL:" + req.getRequestURL().toString());
+ try {
+ if (req.getParameter(PARAM_SAMLARTIFACT) != null) {
+ // check if SAML Artifact was already used in this session (in case of page reload)
+ HttpSession session = req.getSession();
+ if (null != session && req.getParameter(PARAM_SAMLARTIFACT).equals(session.getAttribute(ATT_SAML_ARTIFACT))) {
+ if (session.getAttribute(ATT_BROWSERREQU)==null) {
+ tunnelRequest(req, resp);
+ }else{
+ login(req, resp); //login after browser login dialog
+ }
+ } else
+ // it is the first time that the SAML Artifact was used
+ login(req, resp);
+ }
+ else
+ tunnelRequest(req, resp);
+ }
+ catch (MOAIDException ex) {
+ handleError(ex.getMessage(), ex, req, resp);
+ }
+ catch (Throwable ex) {
+ handleError(ex.getMessage(), ex, req, resp);
+ }
+ }
+
+ /**
+ * Login to online application at first call of servlet for a user session.<br/>
+ * <ul>
+ * <li>Acquires authentication data from the MOA-ID Auth component.</li>
+ * <li>Reads configuration data for the online application.</li>
+ * <li>Resolves login parameters.</li>
+ * <li>Sets up an SSLSocketFactory in case of a secure connection to the online application.</li>
+ * <li>For a stateless online application, stores data in the HttpSession.</li>
+ * <li>Tunnels the request to the online application.</li>
+ * </ul>
+ * @param req
+ * @param resp
+ * @throws ConfigurationException when wrong configuration is encountered
+ * @throws ProxyException when wrong configuration is encountered
+ * @throws BuildException while building the request for MOA-ID Auth
+ * @throws ServiceException while invoking MOA-ID Auth
+ * @throws ParseException while parsing the response from MOA-ID Auth
+ */
+ private void login(HttpServletRequest req, HttpServletResponse resp) throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
+
+ HttpSession session = req.getSession();
+ String samlArtifact = "";
+ Map loginHeaders = null;
+ Map loginParameters = null;
+ String publicURLPrefix = "";
+ String realURLPrefix = "";
+ SSLSocketFactory ssf = null;
+ String urlRequested = req.getRequestURL().toString();
+ OAConfiguration oaConf = null;
+ String loginType = "";
+ String binding = "";
+
+ if (session.getAttribute(ATT_BROWSERREQU)==null) {
+
+ samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
+ Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
+ // String target = req.getParameter(PARAM_TARGET); parameter given but not processed
+ // boolean targetprovided = req.getParameter(PARAM_TARGET) != null;
+
+ // get authentication data from the MOA-ID Auth component
+ AuthenticationData authData;
+ try {
+ authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
+ } catch (ServiceException ex) {
+ throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+ } catch (ProxyException ex) {
+ throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+ }
+ session.setAttribute(ATT_AUTHDATAFETCHED, "true");
+
+ // read configuration data
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
+ if (oaParam == null) {
+ throw new ProxyException("proxy.02", new Object[] { urlRequested });
+ }
+ publicURLPrefix = oaParam.getPublicURLPrefix();
+ Logger.debug("OA: " + publicURLPrefix);
+ oaConf = oaParam.getOaConfiguration();
+ ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
+ realURLPrefix = oaConnParam.getUrl();
+
+ // resolve login parameters to be forwarded to online application
+ LoginParameterResolver lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+ String clientIPAddress = req.getRemoteAddr();
+ boolean businessService = oaParam.getBusinessService();
+ try {
+ if (oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH)) {
+ loginParameters = lpr.getAuthenticationParameters(oaConf, authData, clientIPAddress, businessService, publicURLPrefix);
+ } else {
+ loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, clientIPAddress, businessService, publicURLPrefix);
+ for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
+ //extract user-defined bindingValue
+ String headerKey = (String) iter.next();
+ String headerKeyValue = (String) loginHeaders.get(headerKey);
+ if (headerKey.equalsIgnoreCase("binding")) {
+ binding = (String) loginHeaders.get(headerKey);
+ }
+ for (int i = 1; i <= 3; i++) {
+ if (headerKey.equalsIgnoreCase("param" + i)) {
+ int sep = headerKeyValue.indexOf("=");
+ if (sep>-1) {
+ if (sep>0) {
+ String value = "";
+ if (headerKeyValue.length()>sep+1) value = headerKeyValue.substring(sep+1);
+ if (loginParameters == null) loginParameters = new HashMap();
+ loginParameters.put(headerKeyValue.substring(0,sep) , value);
+ }
+ } else {
+ loginParameters.put(headerKey, "");
+ }
+ }
+ }
+ }
+ loginHeaders.remove("binding");
+ loginHeaders.remove("param1");
+ loginHeaders.remove("param2");
+ loginHeaders.remove("param3");
+ }
+ } catch (LoginParameterResolverException ex) {
+ throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+ } catch (NotAllowedException e) {
+ throw new ProxyException("proxy.15", new Object[] { });
+ }
+
+ // setup SSLSocketFactory for communication with the online application
+ if (oaConnParam.isHTTPSURL()) {
+ try {
+ ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ } catch (Throwable ex) {
+ throw new ProxyException(
+ "proxy.05",
+ new Object[] { oaConnParam.getUrl(), ex.toString()},
+ ex);
+ }
+ }
+
+ // for stateless online application, store data in HttpSession
+ loginType = oaConf.getLoginType();
+ if ("".equalsIgnoreCase(binding)) {
+ binding = oaConf.getBinding();
+ if ("".equalsIgnoreCase(binding)) binding = "full";
+ }
+ Logger.debug("Login type: " + loginType);
+ if (loginType.equals(OAConfiguration.LOGINTYPE_STATELESS)) {
+ int sessionTimeOut = oaParam.getSessionTimeOut();
+ if (sessionTimeOut == 0)
+ sessionTimeOut = 60 * 60; // default 1 h
+
+ session.setMaxInactiveInterval(sessionTimeOut);
+ session.setAttribute(ATT_PUBLIC_URLPREFIX, publicURLPrefix);
+ session.setAttribute(ATT_REAL_URLPREFIX, realURLPrefix);
+ session.setAttribute(ATT_SSL_SOCKET_FACTORY, ssf);
+ session.setAttribute(ATT_LOGIN_HEADERS, loginHeaders);
+ session.setAttribute(ATT_LOGIN_PARAMETERS, loginParameters);
+ session.setAttribute(ATT_SAML_ARTIFACT, samlArtifact);
+ session.setAttribute(ATT_OA_CONF, oaConf);
+ session.setAttribute(ATT_OA_LOGINTYPE, loginType);
+ session.setAttribute(ATT_OA_USER_BINDING, binding);
+ session.removeAttribute(ATT_BROWSERREQU);
+ session.removeAttribute(ATT_OA_AUTHORIZATION_HEADER);
+ session.removeAttribute(ATT_OA_LOGINTRY);
+ Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " angelegt");
+ }
+
+ } else {
+ loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
+ publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
+ realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
+ ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
+ loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
+ loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS);
+ samlArtifact = (String) session.getAttribute(ATT_SAML_ARTIFACT);
+ oaConf = (OAConfiguration) session.getAttribute(ATT_OA_CONF);
+ loginType = (String) session.getAttribute(ATT_OA_LOGINTYPE);
+ binding = (String) session.getAttribute(ATT_OA_USER_BINDING);
+ session.removeAttribute(ATT_BROWSERREQU);
+ Logger.debug("moa-id-proxy: HTTPSession " + session.getId() + " aufgenommen");
+ }
+
+ try {
+ int respcode = 0;
+
+ // tunnel request to the online application
+ respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding);
+ if (respcode == 401) {
+ if (OAConfiguration.BINDUNG_FULL.equals(binding) && oaConf.getLoginType().equals(OAConfiguration.LOGINTYPE_STATELESS)) {
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+ }
+ }
+ } catch (ProxyException ex) {
+ throw new ProxyException("proxy.12", new Object[] { realURLPrefix });
+ } catch (Throwable ex) {
+ throw new ProxyException("proxy.04", new Object[] { urlRequested, ex.toString()}, ex);
+ }
+ }
+
+ /**
+ * Tunnels a request to the stateless online application using data stored in the HTTP session.
+ * @param req HTTP request
+ * @param resp HTTP response
+ * @throws IOException if an I/O error occurs
+ */
+ private void tunnelRequest(HttpServletRequest req, HttpServletResponse resp) throws ProxyException, IOException {
+
+ //Logger.debug("Tunnel request (stateless)");
+ HttpSession session = req.getSession(false);
+
+ if (session == null)
+ throw new ProxyException("proxy.07", null);
+ String publicURLPrefix = (String) session.getAttribute(ATT_PUBLIC_URLPREFIX);
+ //A session is automatically created when forwarded 1st time to errorpage-proxy.jsp (with the handleError method)
+ //additional check if publicURLPrefix is OK, if not throw an Exception
+ if (publicURLPrefix == null)
+ throw new ProxyException("proxy.07", null);
+
+ String realURLPrefix = (String) session.getAttribute(ATT_REAL_URLPREFIX);
+ SSLSocketFactory ssf = (SSLSocketFactory) session.getAttribute(ATT_SSL_SOCKET_FACTORY);
+ Map loginHeaders = (Map) session.getAttribute(ATT_LOGIN_HEADERS);
+ Map loginParameters = (Map) session.getAttribute(ATT_LOGIN_PARAMETERS);
+ String binding = (String) session.getAttribute(ATT_OA_USER_BINDING);
+ if (publicURLPrefix == null || realURLPrefix == null)
+ throw new ProxyException("proxy.08", new Object[] { req.getRequestURL().toString()});
+
+ int respcode = tunnelRequest(req, resp, loginHeaders, loginParameters, publicURLPrefix, realURLPrefix, ssf, binding);
+ if (respcode == -401) // #tries to login exceeded
+ throw new ProxyException("proxy.16", new Object[] {realURLPrefix, Integer.toString(MAX_OA_LOGINTRY)});
+ }
+
+/**
+ * Tunnels a request to the online application using given URL mapping and SSLSocketFactory.
+ * This method returns the ResponseCode of the request to the online application.
+ * @param req HTTP request
+ * @param resp HTTP response
+ * @param loginHeaders header field/values to be inserted for purposes of authentication;
+ * may be <code>null</code>
+ * @param loginParameters parameter name/values to be inserted for purposes of authentication;
+ * may be <code>null</code>
+ * @param publicURLPrefix prefix of request URL to be substituted for the <code>realURLPrefix</code>
+ * @param realURLPrefix prefix of online application URL to substitute the <code>publicURLPrefix</code>
+ * @param ssf SSLSocketFactory to use
+ * @throws IOException if an I/O error occurs
+ */
+private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map loginHeaders, Map loginParameters, String publicURLPrefix, String realURLPrefix, SSLSocketFactory ssf, String binding)
+ throws IOException {
+
+ String originBinding = binding;
+ String browserUserID = "";
+ String browserPassword = "";
+ //URL url = new URL(realURLPrefix);
+ //String realURLHost = url.getHost();
+ if (INTERNAL_DEBUG && !binding.equals("")) Logger.debug("Binding: " + binding);
+
+ // collect headers from request
+ Map headers = new HashMap();
+ for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) {
+ String headerKey = (String) enu.nextElement();
+ String headerKeyValue = req.getHeader(headerKey);
+ if (INTERNAL_DEBUG) Logger.debug("Incoming:" + headerKey + "=" + headerKeyValue);
+ //Analyze Basic-Auth-Headers from the client
+ if (headerKey.equalsIgnoreCase("Authorization")) {
+ if (headerKeyValue.substring(0,6).equalsIgnoreCase("Basic ")) {
+ String credentials = headerKeyValue.substring(6);
+ byte [] bplaintextcredentials = Base64Utils. decode(credentials, true);
+ String plaintextcredentials = new String(bplaintextcredentials);
+ browserUserID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
+ browserPassword = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
+ //deactivate following line for security
+ //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword );
+ }
+ if (headerKeyValue.substring(0,9).equalsIgnoreCase("Negotiate")) {
+ //deactivate following line for security
+ //if (INTERNAL_DEBUG) Logger.debug("Analyzing authorization-header from browser: Found NTLM Aut.: " + headerKeyValue + "gives UN:PW=" + browserUserID + ":" + browserPassword );
+ }
+ }
+ else
+ {
+ /* Headers MUST NOT be repaced according to our Spec.
+ if (headerKey.equalsIgnoreCase("Host")) {
+ headerKeyValue = realURLHost;
+ //headerKeyValue= realURLPrefix.substring(hoststartpos);
+ if (INTERNAL_DEBUG) Logger.debug("replaced:" + headerKey + "=" + headerKeyValue);
+ }
+ */
+ headers.put(headerKey, headerKeyValue);
+ }
+ }
+
+
+ // collect login headers, possibly overwriting headers from request
+ String authorizationvalue="";
+ if (req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) {
+
+ if (OAConfiguration.BINDUNG_NOMATCH.equals(binding)) {
+ int loginTry = getLoginTry(req);
+ Logger.debug("Binding: mode = " + OAConfiguration.BINDUNG_NOMATCH + "(try #" + Integer.toString(loginTry) + ")");
+ if (loginTry==1) {
+ binding = OAConfiguration.BINDUNG_FULL;
+ } else {
+ binding = OAConfiguration.BINDUNG_USERNAME;
+ }
+ }
+
+ /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können:
+ //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first
+ // full binding will be covered by next block
+ if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) {
+ //1st try: if we have a password, try this one first
+ for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
+ String headerKey = (String) iter.next();
+ String headerKeyValue = (String) loginHeaders.get(headerKey);
+ if (isBasicAuthenticationHeader(headerKey, headerKeyValue)) {
+ String credentials = headerKeyValue.substring(6);
+ byte [] bplaintextcredentials = Base64Utils.decode(credentials, true);
+ String plaintextcredentials = new String(bplaintextcredentials);
+ String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
+ if (password!=null && !password.equals("")) {
+ Logger.debug("Binding: found predefined password. Trying full binding first");
+ binding = OAConfiguration.BINDUNG_FULL;
+ break;
+ }
+ }
+ }
+ }
+ */
+
+
+
+ //we have a connection with not having logged on
+ if (loginHeaders != null && (browserPassword.length()!=0 || browserUserID.length()!=0 || OAConfiguration.BINDUNG_FULL.equals(binding))) {
+ for (Iterator iter = loginHeaders.keySet().iterator(); iter.hasNext();) {
+ String headerKey = (String) iter.next();
+ String headerKeyValue = (String) loginHeaders.get(headerKey);
+ //customize loginheaders if necessary
+ if (isBasicAuthenticationHeader(headerKey, headerKeyValue))
+ {
+ if (OAConfiguration.BINDUNG_FULL.equals(binding)) {
+ authorizationvalue = headerKeyValue;
+ Logger.debug("Binding: full binding to user established");
+ } else {
+ String credentials = headerKeyValue.substring(6);
+ byte [] bplaintextcredentials = Base64Utils.decode(credentials, true);
+ String plaintextcredentials = new String(bplaintextcredentials);
+ String userID = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
+ String password = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
+ String userIDPassword = ":";
+ if (OAConfiguration.BINDUNG_USERNAME.equals(binding)) {
+ Logger.debug("Binding: Access with necessary binding to user");
+ userIDPassword = userID + ":" + browserPassword;
+ } else if (OAConfiguration.BINDUNG_NONE.equals(binding)) {
+ Logger.debug("Binding: Access without binding to user");
+ //If first time
+ if (browserUserID.length()==0) browserUserID = userID;
+ if (browserPassword.length()==0) browserPassword = password;
+ userIDPassword = browserUserID + ":" + browserPassword;
+ } else {
+ userIDPassword = userID + ":" + password;
+ }
+ credentials = Base64Utils.encode(userIDPassword.getBytes());
+ authorizationvalue = "Basic " + credentials;
+ headerKeyValue = authorizationvalue;
+ }
+ }
+ headers.put(headerKey, headerKeyValue);
+ }
+ }
+ }else{
+ //if OA needs Authorization header in each further request
+ authorizationvalue = (String) req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER);
+ if (loginHeaders != null) headers.put("Authorization", authorizationvalue);
+ }
+
+
+ Vector parameters = new Vector();
+
+ for (Enumeration enu = req.getParameterNames(); enu.hasMoreElements();) {
+ String paramName = (String) enu.nextElement();
+ if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
+ if (INTERNAL_DEBUG) Logger.debug("Req Parameter-put: " + paramName + ":" + req.getParameter(paramName));
+ String parameter[] = new String[2];
+ parameter[0]= paramName;
+ parameter[1]= req.getParameter(paramName);
+ parameters.add(parameter);
+ }
+ }
+ // collect login parameters, possibly overwriting parameters from request
+ if (loginParameters != null) {
+ for (Iterator iter = loginParameters.keySet().iterator(); iter.hasNext();) {
+ String paramName = (String) iter.next();
+ if (!(paramName.equals(PARAM_SAMLARTIFACT) || paramName.equals(PARAM_TARGET))) {
+ if (INTERNAL_DEBUG) Logger.debug("Req Login-Parameter-put: " + paramName + ":" + loginParameters.get(paramName));
+ String parameter[] = new String[2];
+ parameter[0]= paramName;
+ parameter[1]= (String) loginParameters.get(paramName);
+ parameters.add(parameter);
+ }
+ }
+ }
+
+ ConnectionBuilder cb = ConnectionBuilderFactory.getConnectionBuilder(publicURLPrefix);
+ HttpURLConnection conn = cb.buildConnection(req, publicURLPrefix, realURLPrefix, ssf, parameters);
+
+ // set headers as request properties of URLConnection
+ for (Iterator iter = headers.keySet().iterator(); iter.hasNext();) {
+ String headerKey = (String) iter.next();
+ String headerValue = (String) headers.get(headerKey);
+ String LogStr = "Req header " + headerKey + ": " + headers.get(headerKey);
+ if (isBasicAuthenticationHeader(headerKey, headerValue)) {
+ String credentials = headerValue.substring(6);
+ byte [] bplaintextcredentials = Base64Utils. decode(credentials, true);
+ String plaintextcredentials = new String(bplaintextcredentials);
+ String uid = plaintextcredentials.substring(0,plaintextcredentials.indexOf(":"));
+ String pwd = plaintextcredentials.substring(plaintextcredentials.indexOf(":")+1);
+ //Sollte AuthorizationInfo vom HTTPClient benutzt werden: cb.addBasicAuthorization(publicURLPrefix, uid, pwd);
+ //deactivate following line for security
+ //if (INTERNAL_DEBUG && Logger.isDebugEnabled()) LogStr = LogStr + " >UserID:Password< >" + uid + ":" + pwd + "<";
+ }
+ conn.setRequestProperty(headerKey, headerValue);
+ if (INTERNAL_DEBUG) Logger.debug(LogStr);
+ }
+
+ StringWriter sb = new StringWriter();
+
+ // Write out parameters into output stream of URLConnection.
+ // On GET request, do not send parameters in any case,
+ // otherwise HttpURLConnection would send a POST.
+ if (!"get".equalsIgnoreCase(req.getMethod()) && !parameters.isEmpty()) {
+ boolean firstParam = true;
+ String parameter[] = new String[2];
+ for (Iterator iter = parameters.iterator(); iter.hasNext();) {
+ parameter = (String[]) iter.next();
+ String paramName = parameter[0];
+ String paramValue = parameter[1];
+ if (firstParam)
+ firstParam = false;
+ else
+ sb.write("&");
+ sb.write(paramName);
+ sb.write("=");
+ sb.write(paramValue);
+ if (INTERNAL_DEBUG) Logger.debug("Req param " + paramName + ": " + paramValue);
+ }
+ }
+
+ // For WebDAV and POST: copy content
+ if (!"get".equalsIgnoreCase(req.getMethod())) {
+ if (INTERNAL_DEBUG && !"post".equalsIgnoreCase(req.getMethod())) Logger.debug("---- WEBDAV ---- copying content");
+ try {
+ OutputStream out = conn.getOutputStream();
+ InputStream in = req.getInputStream();
+ if (!parameters.isEmpty()) out.write(sb.toString().getBytes()); //Parameter nicht mehr mittels Printwriter schreiben
+ copyStream(in, out, null, req.getMethod());
+ out.flush();
+ out.close();
+ } catch (IOException e) {
+ if (!"post".equalsIgnoreCase(req.getMethod()))
+ Logger.debug("---- WEBDAV ---- streamcopy problem");
+ else
+ Logger.debug("---- POST ---- streamcopy problem");
+ }
+ }
+
+ // connect
+ if (INTERNAL_DEBUG) Logger.debug("Connect Request");
+ conn.connect();
+ if (INTERNAL_DEBUG) Logger.debug("Connect Response");
+
+ // check login tries
+ if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
+ int loginTry = getLoginTry(req);
+ req.getSession().setAttribute(ATT_OA_LOGINTRY, Integer.toString(loginTry));
+ if (loginTry > MAX_OA_LOGINTRY) {
+ Logger.debug("Found 401 UNAUTHORIZED, maximum tries exceeded; leaving...");
+ cb.disconnect(conn);
+ return -401;
+ }
+ }
+
+
+
+ if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED && OAConfiguration.BINDUNG_FULL.equals(originBinding)) {
+ Logger.debug("Found 401 UNAUTHORIZED, leaving...");
+ cb.disconnect(conn);
+ return conn.getResponseCode();
+ }
+
+
+ resp.setStatus(conn.getResponseCode());
+ resp.setContentType(conn.getContentType());
+
+ if (loginHeaders != null && (conn.getResponseCode()==HttpURLConnection.HTTP_OK || conn.getResponseCode()==HttpURLConnection.HTTP_MOVED_TEMP) && req.getSession().getAttribute(ATT_OA_AUTHORIZATION_HEADER)==null) {
+ req.getSession().setAttribute(ATT_OA_AUTHORIZATION_HEADER, authorizationvalue);
+ Logger.debug("Login OK. Saving authorization header to remember in further requests");
+ }
+
+ // Read response headers
+ // Omit response header "content-length" if response header "Transfer-encoding: chunked" is set.
+ // Otherwise, the connection will not be kept alive, resulting in subsequent missing requests.
+ // See JavaDoc of javax.servlet.http.HttpServlet:
+ // When using HTTP 1.1 chunked encoding (which means that the response has a Transfer-Encoding header), do not set the Content-Length header.
+ Vector respHeaders = new Vector();
+
+ boolean chunked = false;
+ String contentLengthKey = null;
+ String transferEncodingKey = null;
+ int i = 1;
+ String headerKey;
+ String loginType = (String) req.getSession().getAttribute(ATT_OA_LOGINTYPE);
+ while ((headerKey = conn.getHeaderFieldKey(i)) != null) {
+ String headerValue = conn.getHeaderField(i);
+ // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen)
+ if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) {
+ headerValue = "Basic realm=\"" + publicURLPrefix + "\"";
+ if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) {
+ headerValue = "Basic realm=\"Bitte Passwort eingeben\"";
+ } else if (OAConfiguration.BINDUNG_NONE.equals(originBinding)) {
+ headerValue = "Basic realm=\"Bitte Benutzername und Passwort eingeben\"";
+ }
+ }
+ String respHeader[] = new String[2];
+ if ((conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) && headerKey.equalsIgnoreCase("content-length")) {
+ //alter the unauthorized message with template for login
+ //TODO: supply a special login form on unauthorized messages with bindings!=full
+ headerValue = Integer.toString(RET_401_MSG.length());
+ }
+ respHeader[0]= headerKey;
+ respHeader[1]= headerValue;
+
+ if (!(OAConfiguration.BINDUNG_FULL.equals(originBinding) && OAConfiguration.LOGINTYPE_STATELESS.equals(loginType) && headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\""))) {
+ respHeaders.add(respHeader);
+ if (INTERNAL_DEBUG) Logger.debug("Resp header " + headerKey + ": " + headerValue);
+ } else {
+ Logger.debug("Resp header ---REMOVED--- " + headerKey + ": " + headerValue);
+ }
+ if (isTransferEncodingChunkedHeader(headerKey, headerValue)) {
+ chunked = true;
+ transferEncodingKey = headerKey;
+ }
+ if ("content-length".equalsIgnoreCase(headerKey))
+ contentLengthKey = headerKey;
+ i++;
+ }
+ if (chunked && contentLengthKey != null) {
+ respHeaders.remove(transferEncodingKey);
+ Logger.debug("Resp header " + transferEncodingKey + " REMOVED");
+ }
+
+ String headerValue;
+ String respHeader[] = new String[2];
+
+ //write out all Responseheaders
+ for (Iterator iter = respHeaders.iterator(); iter.hasNext();) {
+ respHeader = (String[]) iter.next();
+ headerKey = respHeader[0];
+ headerValue = respHeader[1];
+ resp.addHeader(headerKey, headerValue);
+ }
+
+ //Logger.debug(">>>> Copy Content");
+ //Logger.debug(" from ()" + conn.getURL());
+ //Logger.debug(" to (" + req.getRemoteAddr() + ":"+ ") " +req.getRequestURL());
+
+ // read response stream
+ Logger.debug("Resp from " + conn.getURL().toString() + ": status " + conn.getResponseCode());
+ // Load content unless the server lets us know that the content is NOT MODIFIED...
+ if (conn.getResponseCode()!=HttpURLConnection.HTTP_NOT_MODIFIED ) {
+ BufferedInputStream respIn = new BufferedInputStream(conn.getInputStream());
+ //Logger.debug("Got Inputstream");
+ BufferedOutputStream respOut = new BufferedOutputStream(resp.getOutputStream());
+ //Logger.debug("Got Outputstream");
+
+ byte [] buffer = new byte[4096];
+ if (respOut != null) {
+ int bytesRead;
+ while ((bytesRead = respIn.read(buffer)) >= 0) {
+ if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(buffer, 0, bytesRead);
+ }
+ } else {
+ while (respIn.read(buffer) >= 0);
+ }
+
+
+ /*
+ int ch;
+ StringBuffer strBuf = new StringBuffer("");
+ while ((ch = respIn.read()) >= 0) {
+ if (conn.getResponseCode()!=HttpURLConnection.HTTP_UNAUTHORIZED) respOut.write(ch);
+ strBuf.append((char)ch);
+ }
+ Logger.debug("Resp Content:");
+ if (strBuf.toString().length()>500)
+ Logger.debug(strBuf.toString().substring(0,500));
+ else
+ Logger.debug(strBuf.toString());
+ */
+
+
+ if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
+ respOut.write(RET_401_MSG.getBytes());
+ }
+ respOut.flush();
+ respOut.close();
+ respIn.close();
+ if (conn.getResponseCode()==HttpURLConnection.HTTP_UNAUTHORIZED) {
+ Logger.debug("Found 401 UNAUTHORIZED...");
+ cb.disconnect(conn);
+ return conn.getResponseCode();
+ }
+ } else {
+ //if (conn.getResponseCode()==HttpURLConnection.HTTP_NOT_MODIFIED)
+ Logger.debug("Found 304 NOT MODIFIED...");
+ }
+
+ cb.disconnect(conn);
+ Logger.debug("Request done");
+
+ return conn.getResponseCode();
+}
+
+/**
+ * Gets the current amount of the login try at the online application
+ *
+ * @param req the HttpServletRequest
+ * @return the number off the current login try
+ */
+private int getLoginTry(HttpServletRequest req) {
+ String oa_loginTry = (String) req.getSession().getAttribute(ATT_OA_LOGINTRY);
+ int loginTry = 1;
+ if (oa_loginTry!=null) loginTry = Integer.parseInt(oa_loginTry)+1;
+ return loginTry;
+}
+/**
+ * Determines whether a HTTP header is a basic authentication header of the kind "Authorization: Basic ..."
+ *
+ * @param headerKey header name
+ * @param headerValue header value
+ * @return true for a basic authentication header
+ */
+private boolean isBasicAuthenticationHeader(String headerKey, String headerValue) {
+ if (!"authorization".equalsIgnoreCase(headerKey))
+ return false;
+ if (headerValue.length() < "basic".length())
+ return false;
+ String authenticationSchema = headerValue.substring(0, "basic".length());
+ return "basic".equalsIgnoreCase(authenticationSchema);
+}
+/**
+ * Determines whether a basic authentication header of the kind "Authorization: Basic ..."
+ * is included in a HTTP request
+ * @param req HTTP request
+ * @return true for a basic authentication header provided
+ */
+private boolean isBasicAuthenticationHeaderProvided(HttpServletRequest req) {
+ for (Enumeration enu = req.getHeaderNames(); enu.hasMoreElements();) {
+ String headerKey = (String) enu.nextElement();
+ String headerValue = req.getHeader(headerKey);
+ if (isBasicAuthenticationHeader(headerKey, headerValue))
+ return true;
+ }
+ return false;
+}
+/**
+ * Determines whether a HTTP header is "Transfer-encoding" header with value containing "chunked"
+ *
+ * @param headerKey header name
+ * @param headerValue header value
+ * @return true for a "Transfer-encoding: chunked" header
+ */
+private boolean isTransferEncodingChunkedHeader(String headerKey, String headerValue) {
+ if (!"transfer-encoding".equalsIgnoreCase(headerKey))
+ return false;
+ return headerValue.indexOf("chunked") >= 0 || headerValue.indexOf("Chunked") >= 0 || headerValue.indexOf("CHUNKED") >= 0;
+}
+
+/**
+ * Calls the web application initializer.
+ *
+ * @see javax.servlet.Servlet#init(ServletConfig)
+ */
+public void init(ServletConfig servletConfig) throws ServletException {
+ super.init(servletConfig);
+ try {
+ MOAIDProxyInitializer.initialize();
+ Logger.info(MOAIDMessageProvider.getInstance().getMessage("proxy.00", null));
+ }
+ catch (Exception ex) {
+ Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("proxy.06", null), ex);
+ throw new ServletException(ex);
+ }
+}
+
+/**
+ * Handles an error. <br>
+ * <ul>
+ * <li>Logs the error</li>
+ * <li>Places error message and exception thrown into the request
+ * as request attributes (to be used by <code>"/errorpage-proxy.jsp"</code>)</li>
+ * <li>Sets HTTP status 500 (internal server error)</li>
+ * </ul>
+ *
+ * @param errorMessage error message
+ * @param exceptionThrown exception thrown
+ * @param req servlet request
+ * @param resp servlet response
+ */
+protected void handleError(
+ String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) {
+
+
+ if(null != errorMessage) {
+ Logger.error(errorMessage);
+ req.setAttribute("ErrorMessage", errorMessage );
+ }
+
+ if (null != exceptionThrown) {
+ if(null == errorMessage) errorMessage = exceptionThrown.getMessage();
+ Logger.error(errorMessage, exceptionThrown);
+ //req.setAttribute("ExceptionThrown", exceptionThrown);
+ }
+
+ //forward this to errorpage-proxy.jsp where the HTML error page is generated
+ ServletContext context = getServletContext();
+ RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-proxy.jsp");
+ try {
+ dispatcher.forward(req, resp);
+ } catch (ServletException e) {
+ Logger.error(e);
+ } catch (IOException e) {
+ Logger.error(e);
+ }
+
+}
+
+
+// * taken from iaik.utils.util.copyStream:
+/**
+ * Reads all data (until EOF is reached) from the given source to the
+ * destination stream. If the destination stream is null, all data is dropped.
+ * It uses the given buffer to read data and forward it. If the buffer is
+ * null, this method allocates a buffer.
+ *
+ * @param source The stream providing the data.
+ * @param destination The stream that takes the data. If this is null, all
+ * data from source will be read and discarded.
+ * @param buffer The buffer to use for forwarding. If it is null, the method
+ * allocates a buffer.
+ * @exception IOException If reading from the source or writing to the
+ * destination fails.
+ */
+private static void copyStream(InputStream source, OutputStream destination, byte[] buffer, String method) throws IOException {
+ if (source == null) {
+ throw new NullPointerException("Argument \"source\" must not be null.");
+ }
+ if (buffer == null) {
+ buffer = new byte[4096];
+ }
+
+ if (destination != null) {
+ int bytesRead;
+ while ((bytesRead = source.read(buffer)) >= 0) {
+ destination.write(buffer, 0, bytesRead);
+ //if (method.equalsIgnoreCase("POST")) Logger.debug(buffer.toString());
+ }
+ } else {
+ while (source.read(buffer) >= 0);
+ }
+}
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
new file mode 100644
index 000000000..954a87e62
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
@@ -0,0 +1,212 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.BufferedWriter;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import java.io.PrintWriter;
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.util.Hashtable;
+
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
+
+import org.apache.axis.components.net.BooleanHolder;
+import org.apache.axis.components.net.DefaultSocketFactory;
+import org.apache.axis.components.net.SecureSocketFactory;
+import org.apache.axis.components.net.TransportClientProperties;
+import org.apache.axis.components.net.TransportClientPropertiesFactory;
+import org.apache.axis.utils.Messages;
+import org.apache.axis.utils.XMLUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Secure socket factory for Axis webs service clients of the MOA-ID component,
+ * which are the MOA-SP calls from MOA-ID Auth,
+ * and the MOA-ID Auth calls from MOA-ID Proxy.
+ * <br/>Use this initialization code:<br/>
+ * <code> // ConnectionParameter connParam = ... get from ConfigurationProvider
+ * AxisSecureSocketFactory.initialize(connParam);</code>
+ * <br/>See the Apache Axis documentation on how to configure this class
+ * as the default secure socket factory to be used by Axis.
+ * <br/>
+ * This code has been copied from <code>JSSESocketFactory</code>, the
+ * method <code>initialize()</code> has been added.
+ *
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AxisSecureSocketFactory
+ extends DefaultSocketFactory implements SecureSocketFactory {
+
+ /** Field sslFactory */
+ private static SSLSocketFactory sslFactory;
+
+ /**
+ * Constructor for AxisSecureSocketFactory.
+ * @param attributes ???
+ */
+ public AxisSecureSocketFactory(Hashtable attributes) {
+ super(attributes);
+ }
+ /**
+ * Initializes the factory by setting the connection parameters to be used for
+ * setting the secure socket factory, and by setting the system property
+ * <code>axis.socketSecureFactory</code>.
+ * @param ssf <code>SSLSocketFactory</code> to initialize with
+ */
+ public static void initialize(SSLSocketFactory ssf)
+ throws IOException, GeneralSecurityException {
+
+ Logger.debug("Initialize AxisSecureSocketFactory");
+ sslFactory = ssf;
+ }
+
+ /**
+ * creates a secure socket
+ *
+ * @param host
+ * @param port
+ * @param otherHeaders
+ * @param useFullURL
+ *
+ * @return Socket
+ * @throws Exception
+ */
+ public Socket create(
+ String host,
+ int port,
+ StringBuffer otherHeaders,
+ BooleanHolder useFullURL)
+ throws Exception {
+ if (port == -1) {
+ port = 443;
+ }
+
+ TransportClientProperties tcp =
+ TransportClientPropertiesFactory.create("https");
+
+ boolean hostInNonProxyList =
+ isHostInNonProxyList(host, tcp.getNonProxyHosts());
+
+ Socket sslSocket = null;
+ if (tcp.getProxyHost().length() == 0 || hostInNonProxyList) {
+ // direct SSL connection
+ sslSocket = sslFactory.createSocket(host, port);
+ }
+ else {
+
+ // Default proxy port is 80, even for https
+ int tunnelPort =
+ (tcp.getProxyPort().length() != 0)
+ ? Integer.parseInt(tcp.getProxyPort())
+ : 80;
+ if (tunnelPort < 0)
+ tunnelPort = 80;
+
+ // Create the regular socket connection to the proxy
+ Socket tunnel = new Socket(tcp.getProxyHost(), tunnelPort);
+
+ // The tunnel handshake method (condensed and made reflexive)
+ OutputStream tunnelOutputStream = tunnel.getOutputStream();
+ PrintWriter out =
+ new PrintWriter(
+ new BufferedWriter(new OutputStreamWriter(tunnelOutputStream)));
+
+ // More secure version... engage later?
+ // PasswordAuthentication pa =
+ // Authenticator.requestPasswordAuthentication(
+ // InetAddress.getByName(tunnelHost),
+ // tunnelPort, "SOCK", "Proxy","HTTP");
+ // if(pa == null){
+ // printDebug("No Authenticator set.");
+ // }else{
+ // printDebug("Using Authenticator.");
+ // tunnelUser = pa.getUserName();
+ // tunnelPassword = new String(pa.getPassword());
+ // }
+ out.print(
+ "CONNECT "
+ + host
+ + ":"
+ + port
+ + " HTTP/1.0\r\n"
+ + "User-Agent: AxisClient");
+ if (tcp.getProxyUser().length() != 0
+ && tcp.getProxyPassword().length() != 0) {
+
+ // add basic authentication header for the proxy
+ String encodedPassword =
+ XMLUtils.base64encode(
+ (tcp.getProxyUser() + ":" + tcp.getProxyPassword()).getBytes());
+
+ out.print("\nProxy-Authorization: Basic " + encodedPassword);
+ }
+ out.print("\nContent-Length: 0");
+ out.print("\nPragma: no-cache");
+ out.print("\r\n\r\n");
+ out.flush();
+ InputStream tunnelInputStream = tunnel.getInputStream();
+
+ if (log.isDebugEnabled()) {
+ log.debug(
+ Messages.getMessage(
+ "isNull00",
+ "tunnelInputStream",
+ "" + (tunnelInputStream == null)));
+ }
+ String replyStr = "";
+
+ // Make sure to read all the response from the proxy to prevent SSL negotiation failure
+ // Response message terminated by two sequential newlines
+ int newlinesSeen = 0;
+ boolean headerDone = false; /* Done on first newline */
+
+ while (newlinesSeen < 2) {
+ int i = tunnelInputStream.read();
+
+ if (i < 0) {
+ throw new IOException("Unexpected EOF from proxy");
+ }
+ if (i == '\n') {
+ headerDone = true;
+ ++newlinesSeen;
+ }
+ else if (i != '\r') {
+ newlinesSeen = 0;
+ if (!headerDone) {
+ replyStr += String.valueOf((char) i);
+ }
+ }
+ }
+ if (!replyStr.startsWith("HTTP/1.0 200")
+ && !replyStr.startsWith("HTTP/1.1 200")) {
+ throw new IOException(
+ Messages.getMessage(
+ "cantTunnel00",
+ new String[] { tcp.getProxyHost(), "" + tunnelPort, replyStr }));
+ }
+
+ // End of condensed reflective tunnel handshake method
+ sslSocket = sslFactory.createSocket(tunnel, host, port, true);
+ if (log.isDebugEnabled()) {
+ log.debug(
+ Messages.getMessage(
+ "setupTunnel00",
+ tcp.getProxyHost(),
+ "" + tunnelPort));
+ }
+ }
+
+ ((SSLSocket) sslSocket).startHandshake();
+ if (log.isDebugEnabled()) {
+ log.debug(Messages.getMessage("createdSSL00"));
+ }
+ return sslSocket;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java
new file mode 100644
index 000000000..c5dad8bc4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java
@@ -0,0 +1,36 @@
+/*
+ * Created on 20.01.2005
+ *
+ * @author rschamberger
+ * $ID$
+ */
+package at.gv.egovernment.moa.id.util;
+
+
+/**
+ * Class used to define Constants used in Class ECDSAKeyValueConverter
+ *
+ * * @author rschamberger
+ */
+public class ECDSAConstants {
+
+ /* ECDSA Namespace
+ */
+ static String NAMESPACE_ECDSAKEYVALUE_ = "http://www.w3.org/2001/04/xmldsig-more#";
+
+ /* Schema instance NS
+ */
+ static String NAMESPACE_XSI_ = "http://www.w3.org/2001/XMLSchema-instance";
+
+ /* ecdsa prefix value
+ */
+ static String NS_PREFIX_ECDSAKEYVALUE_ = "ecdsa";
+
+ /* namespace namespace
+ */
+ static String NAMESPACE_NAMESPACES_ = "http://www.w3.org/XML/1998/namespace";
+
+ /* si prefix value
+ */
+ static String NS_PREFIX_XSI_ = "si";
+};
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
new file mode 100644
index 000000000..6fb78edb7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -0,0 +1,572 @@
+package at.gv.egovernment.moa.id.util;
+
+import iaik.security.ecc.ecdsa.ECDSAParameter;
+import iaik.security.ecc.ecdsa.ECPublicKey;
+import iaik.security.ecc.math.ecgroup.AffineCoordinate;
+import iaik.security.ecc.math.ecgroup.Coordinate;
+import iaik.security.ecc.math.ecgroup.CoordinateTypes;
+import iaik.security.ecc.math.ecgroup.ECGroupFactory;
+import iaik.security.ecc.math.ecgroup.ECPoint;
+import iaik.security.ecc.math.ecgroup.EllipticCurve;
+import iaik.security.ecc.math.field.Field;
+import iaik.security.ecc.math.field.FieldElement;
+import iaik.security.ecc.math.field.PrimeField;
+import iaik.security.ecc.parameter.ECCParameterFactory;
+import iaik.security.ecc.spec.ECCParameterSpec;
+
+import java.math.BigInteger;
+import java.security.PublicKey;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Vector;
+
+import org.w3c.dom.Attr;
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+public class ECDSAKeyValueConverter
+{
+
+
+ //TODO enhance javadoc
+
+ /**
+ * converter class which can be used to convert ECDSA keys encoded in XML
+ * to a PublicKey data structure
+ * @param keyValueElem ECDSAKeyValue Element
+ * @return ECPublicKey encoded in PublicKey data structure
+ * @throws Exception
+ */
+ public static PublicKey element2ECDSAPublicKey(Element keyValueElem) throws Exception
+ {
+ String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_;
+
+ // Domain parameters
+ Element domainParams = getChildElement(keyValueElem, ecdsaNS, "DomainParameters", 1);
+ if (domainParams == null) throw new Exception("Domain parameters must not be implicit.");
+
+ Element namedCurve = getChildElement(domainParams, ecdsaNS, "NamedCurve", 1);
+ ECCParameterSpec eccParameterSpec;
+
+ if (namedCurve != null)
+ {
+ // URL curveNameURN = new URL(namedCurve.getAttributeNS(null, "URN"));
+ String curveNameOID = namedCurve.getAttributeNS(null, "URN").substring(8);
+ ECCParameterFactory eccParamFactory = ECCParameterFactory.getInstance();
+ // eccParameterSpec = eccParamFactory.getParameterByOID(curveNameURN.getPath().substring(4));
+ eccParameterSpec = eccParamFactory.getParameterByOID(curveNameOID);
+ }
+ else
+ {
+ Element excplicitParams = getChildElement(domainParams, ecdsaNS, "ExplicitParams", 1);
+ Element fieldParams = getChildElement(excplicitParams, ecdsaNS, "FieldParams", 1);
+ Element curveParams = getChildElement(excplicitParams, ecdsaNS, "CurveParams", 1);
+ Element basePointParams = getChildElement(excplicitParams, ecdsaNS, "BasePointParams", 1);
+
+ // Field parameters
+ String fieldParamsTypeStr = fieldParams.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type");
+ String ecdsaNSPrefix = getECDSANSPrefix(fieldParams);
+ BigInteger p = null;
+ int fieldParamsType = 0;
+ final int FIELD_TYPE_PRIME = 1;
+ final int FIELD_TYPE_TNB = 2;
+ final int FIELD_TYPE_PNB = 3;
+ int m = -1, k = -1, k1 = -1, k2 = -1, k3 = -1;
+ if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PrimeFieldParamsType"))
+ {
+ fieldParamsType = FIELD_TYPE_PRIME;
+ String pStr = getChildElementText(fieldParams, ecdsaNS, "P", 1);
+ p = new BigInteger(pStr, 10);
+ }
+ else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":TnBFieldParamsType"))
+ {
+ fieldParamsType = FIELD_TYPE_TNB;
+ String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
+ m = Integer.parseInt(mStr);
+ String kStr = getChildElementText(fieldParams, ecdsaNS, "K", 1);
+ k = Integer.parseInt(kStr);
+ }
+ else if (fieldParamsTypeStr.equals(ecdsaNSPrefix + ":PnBFieldParamsType"))
+ {
+ fieldParamsType = FIELD_TYPE_PNB;
+ String mStr = getChildElementText(fieldParams, ecdsaNS, "M", 1);
+ m = Integer.parseInt(mStr);
+ String k1Str = getChildElementText(fieldParams, ecdsaNS, "K1", 1);
+ k1 = Integer.parseInt(k1Str);
+ String k2Str = getChildElementText(fieldParams, ecdsaNS, "K2", 1);
+ k2 = Integer.parseInt(k2Str);
+ String k3Str = getChildElementText(fieldParams, ecdsaNS, "K3", 1);
+ k3 = Integer.parseInt(k3Str);
+ }
+ else throw new Exception("Unknown field parameters.");
+
+ // Curve parameters
+ Element aElem = getChildElement(curveParams, ecdsaNS, "A", 1);
+ String aStr = aElem.getAttributeNS(null, "Value");
+ Element bElem = getChildElement(curveParams, ecdsaNS, "B", 1);
+ String bStr = bElem.getAttributeNS(null, "Value");
+ String seedStr = getChildElementText(curveParams, ecdsaNS, "Seed", 1);
+ BigInteger seed = (seedStr != null) ? new BigInteger(seedStr, 10) : null;
+
+ // Base point parameters
+ Element basePoint = getChildElement(basePointParams, ecdsaNS, "BasePoint", 1);
+ Element basePointXElem = getChildElement(basePoint, ecdsaNS, "X", 1);
+ String basePointXStr = basePointXElem.getAttributeNS(null, "Value");
+ Element basePointYElem = getChildElement(basePoint, ecdsaNS, "Y", 1);
+ String basePointYStr = basePointYElem.getAttributeNS(null, "Value");
+ String orderStr = getChildElementText(basePointParams, ecdsaNS, "Order", 1);
+ BigInteger order = new BigInteger(orderStr, 10);
+ String cofactorStr = getChildElementText(basePointParams, ecdsaNS, "Cofactor", 1);
+ BigInteger cofactor = (cofactorStr != null) ? new BigInteger(cofactorStr, 10) : null;
+
+ if (fieldParamsType == FIELD_TYPE_PRIME)
+ {
+ BigInteger a = new BigInteger(aStr, 10);
+ BigInteger b = new BigInteger(bStr, 10);
+ BigInteger basePointX = new BigInteger(basePointXStr, 10);
+ BigInteger basePointY = new BigInteger(basePointYStr, 10);
+ eccParameterSpec = new ECCParameterSpec(p, cofactor, order, seed, null, a, b, basePointX,
+ basePointY, null);
+ }
+ else
+ {
+ int[] irreducible = new int[m/32 + ((m % 32 != 0) ? 1 : 0)];
+ if (fieldParamsType == FIELD_TYPE_TNB)
+ {
+ irreducible[m/32] = 1 << m % 32;
+ irreducible[k/32] += 1 << k % 32;
+ irreducible[0] += 1;
+ }
+ else
+ {
+ irreducible[m/32] = 1 << m % 32;
+ irreducible[k3/32] += 1 << k3 % 32;
+ irreducible[k2/32] += 1 << k2 % 32;
+ irreducible[k1/32] += 1 << k1 % 32;
+ irreducible[0] += 1;
+ }
+ eccParameterSpec = new ECCParameterSpec(irreducible, cofactor, order, octetString2IntArray(aStr),
+ octetString2IntArray(bStr), octetString2IntArray(basePointXStr),
+ octetString2IntArray(basePointYStr), null);
+ }
+ }
+
+ // Public key
+ Element publicKeyElem = getChildElement(keyValueElem, ecdsaNS, "PublicKey", 1);
+ Element publicKeyXElem = getChildElement(publicKeyElem, ecdsaNS, "X", 1);
+ String publicKeyXStr = publicKeyXElem.getAttributeNS(null, "Value");
+ Element publicKeyYElem = getChildElement(publicKeyElem, ecdsaNS, "Y", 1);
+ String publicKeyYStr = publicKeyYElem.getAttributeNS(null, "Value");
+
+ ECDSAParameter ecdsaParams = new ECDSAParameter(eccParameterSpec, CoordinateTypes.PROJECTIVE_COORDINATES);
+ ECGroupFactory ecGroupFactory = ECGroupFactory.getInstance();
+ EllipticCurve eCurve = ecGroupFactory.getCurve(eccParameterSpec.getA(),
+ eccParameterSpec.getB(), eccParameterSpec.getR(), CoordinateTypes.PROJECTIVE_COORDINATES);
+ Field field = eCurve.getField();
+
+ // Detect type of public key field elements
+ String elementType = publicKeyXElem.getAttributeNS(ECDSAConstants.NAMESPACE_XSI_, "type");
+ String elementTypeLocalName = elementType.substring(elementType.indexOf(':') + 1);
+ int FIELD_TYPE_PRIME = 1, FIELD_TYPE_CHAR_TWO = 2;
+ int fieldElemType = ("PrimeFieldElemType".equals(elementTypeLocalName))
+ ? FIELD_TYPE_PRIME
+ : FIELD_TYPE_CHAR_TWO;
+
+ FieldElement publicKeyPointX, publicKeyPointY;
+ if (fieldElemType == FIELD_TYPE_PRIME)
+ {
+
+// Value xValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyXStr, 10));
+// publicKeyPointX = field.newElement(xValue);
+ PrimeField pf = (PrimeField) field;
+ publicKeyPointX = pf.newElement(new BigInteger(publicKeyXStr, 10));
+// Value yValue = FieldFactory.getInstance().getPrimeFieldValue(new BigInteger(publicKeyYStr, 10));
+// publicKeyPointY = field.newElement(yValue);
+ publicKeyPointY = pf.newElement(new BigInteger(publicKeyYStr, 10));
+ }
+ else
+ {
+ publicKeyPointX = field.newElement(octetString2ByteArray(publicKeyXStr));
+ publicKeyPointY = field.newElement(octetString2ByteArray(publicKeyYStr));
+ }
+// ProjectiveCoordinate publicKeyPointCoordinate = new ProjectiveCoordinate(publicKeyPointX,
+// publicKeyPointY, field.getONEelement());
+ Coordinate publicKeyPointCoordinate = new AffineCoordinate(publicKeyPointX,
+ publicKeyPointY).toProjective();
+ ECPoint publicKeyPoint = eCurve.newPoint(publicKeyPointCoordinate);
+ ECPublicKey publicKey = new ECPublicKey(ecdsaParams, publicKeyPoint);
+
+ return publicKey;
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ /*
+ public static Element publicKey2ECDSAKeyValueElement(boolean implParams, String curveOID,
+ ECDSAPublicKey publicKey, Document factoryDoc)
+ {
+ String ecdsaNS = ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_;
+ String ecdsaNSP = ECDSAConstants.NS_PREFIX_ECDSAKEYVALUE_;
+ String nsNS = ECDSAConstants.NAMESPACE_NAMESPACES_;
+ String xsiNS = ECDSAConstants.NAMESPACE_XSI_;
+ String xsiNSP = ECDSAConstants.NS_PREFIX_XSI_;
+
+ ECDSAParameter params = (ECDSAParameter)publicKey.getParameter();
+ EllipticCurve curve = params.getG().getCurve();
+ Field field = curve.getField();
+ int fieldId = curve.getField().getFieldId();
+
+ Element eCDSAKeyValue = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ECDSAKeyValue");
+ eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + ecdsaNSP, ecdsaNS);
+ eCDSAKeyValue.setAttributeNS(nsNS, "xmlns:" + xsiNSP, xsiNS);
+
+ // Detect field type
+ int coeffPositions[] = new int[3];
+ int fieldType = 0;
+ String fieldElemTypeString = null;
+ final int FT_PRIME = 1, FT_TNB = 2, FT_PNB = 3;
+ if (fieldId == Field.PRIME_FIELD)
+ {
+ fieldType = FT_PRIME;
+ fieldElemTypeString = ecdsaNSP + ":PrimeFieldElemType";
+ }
+ else
+ {
+ // Get irreducible polynomal
+ BinaryField binaryField = (BinaryField)field;
+ BinaryFieldValue irreducible = binaryField.getIrreducible();
+
+ // Get coefficients of irreducible polynomal
+ int order = irreducible.getOrder();
+ int coeffCount = 2;
+ for (int i = 1; i < order - 1; i++)
+ {
+ if (irreducible.testBit(i))
+ {
+ coeffPositions[coeffCount - 2] = i;
+ coeffCount++;
+ if (coeffCount == 5) break;
+ }
+ }
+
+ // Set polynomal type (TNB or
+ fieldType = (coeffCount == 3) ? FT_TNB : FT_PNB;
+ fieldElemTypeString = ecdsaNSP + ":CharTwoFieldElemType";
+ }
+
+ if (!implParams)
+ {
+ Element domainParameters = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":DomainParameters");
+ eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
+ eCDSAKeyValue.appendChild(domainParameters);
+
+ if (curveOID != null)
+ {
+ // Named curve
+ Element namedCurve = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":NamedCurve");
+ namedCurve.setAttributeNS(null, "URN", "urn:oid:" + curveOID);
+ domainParameters.appendChild(factoryDoc.createTextNode("\n "));
+ domainParameters.appendChild(namedCurve);
+ domainParameters.appendChild(factoryDoc.createTextNode("\n "));
+ }
+ else
+ {
+ // Explicit parameters
+ Element explicitParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":ExplicitParams");
+
+ // Field parameters
+ Element fieldParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":FieldParams");
+ explicitParams.appendChild(factoryDoc.createTextNode("\n "));
+ explicitParams.appendChild(fieldParams);
+
+ if (fieldType == FT_PRIME)
+ {
+ fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PrimeFieldParamsType");
+ Element p = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":P");
+ p.appendChild(factoryDoc.createTextNode(curve.getField().getSize().toString(10)));
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ fieldParams.appendChild(p);
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ }
+ else if (fieldType == FT_TNB)
+ {
+ fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":TnBFieldParamsType");
+ Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M");
+ m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder())));
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ fieldParams.appendChild(m);
+
+ Element k = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K");
+ k.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0], 10)));
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ fieldParams.appendChild(k);
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ }
+ else
+ {
+ fieldParams.setAttributeNS(xsiNS, xsiNSP + ":type", ecdsaNSP + ":PnBFieldParamsType");
+ Element m = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":M");
+ m.appendChild(factoryDoc.createTextNode(Integer.toString(curve.getField().getOrder())));
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ fieldParams.appendChild(m);
+
+ Element k1 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K1");
+ k1.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[0])));
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ fieldParams.appendChild(k1);
+
+ Element k2 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K2");
+ k2.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[1])));
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ fieldParams.appendChild(k2);
+
+ Element k3 = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":K3");
+ k3.appendChild(factoryDoc.createTextNode(Integer.toString(coeffPositions[2])));
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ fieldParams.appendChild(k3);
+ fieldParams.appendChild(factoryDoc.createTextNode("\n "));
+ }
+
+ // Curve parameters
+ Element curveParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":CurveParams");
+ explicitParams.appendChild(factoryDoc.createTextNode("\n "));
+ explicitParams.appendChild(curveParams);
+
+ Element a = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":A");
+ a.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
+ a.setAttributeNS(null, "Value",
+ (fieldId == Field.PRIME_FIELD)
+ ? curve.getA().getValue().toBigInt().toString(10)
+ : evenStringLength(curve.getA().getValue().toBigInt().toString(16)));
+ curveParams.appendChild(factoryDoc.createTextNode("\n "));
+ curveParams.appendChild(a);
+
+ Element b = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":B");
+ b.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
+ b.setAttributeNS(null, "Value",
+ (fieldId == Field.PRIME_FIELD)
+ ? curve.getB().getValue().toBigInt().toString(10)
+ : evenStringLength(curve.getB().getValue().toBigInt().toString(16)));
+ curveParams.appendChild(factoryDoc.createTextNode("\n "));
+ curveParams.appendChild(b);
+
+ if (params.getS() != null)
+ {
+ Element seed = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Seed");
+ seed.appendChild(factoryDoc.createTextNode(evenStringLength(params.getS().toString(16))));
+ curveParams.appendChild(factoryDoc.createTextNode("\n "));
+ curveParams.appendChild(seed);
+ }
+
+ curveParams.appendChild(factoryDoc.createTextNode("\n "));
+
+ // Base point params
+ Element basePointParams = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePointParams");
+ explicitParams.appendChild(factoryDoc.createTextNode("\n "));
+ explicitParams.appendChild(basePointParams);
+
+ Element basePoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":BasePoint");
+ basePointParams.appendChild(factoryDoc.createTextNode("\n "));
+ basePointParams.appendChild(basePoint);
+
+ Element x = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X");
+ x.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
+ x.setAttributeNS(null, "Value",
+ (fieldId == Field.PRIME_FIELD)
+ ? params.getG().getCoordinates().getX().getValue().toBigInt().toString(10)
+ : evenStringLength(params.getG().getCoordinates().getX().getValue().toBigInt().toString(16)));
+ basePoint.appendChild(factoryDoc.createTextNode("\n "));
+ basePoint.appendChild(x);
+
+ Element y = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y");
+ y.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
+ y.setAttributeNS(null, "Value",
+ (fieldId == Field.PRIME_FIELD)
+ ? params.getG().getCoordinates().getY().getValue().toBigInt().toString(10)
+ : evenStringLength(params.getG().getCoordinates().getY().getValue().toBigInt().toString(16)));
+ basePoint.appendChild(factoryDoc.createTextNode("\n "));
+ basePoint.appendChild(y);
+ basePoint.appendChild(factoryDoc.createTextNode("\n "));
+
+ Element order = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Order");
+ order.appendChild(factoryDoc.createTextNode(params.getR().toString(10)));
+ basePointParams.appendChild(factoryDoc.createTextNode("\n "));
+ basePointParams.appendChild(order);
+
+ if (params.getK() != null)
+ {
+ Element cofactor = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Cofactor");
+ cofactor.appendChild(factoryDoc.createTextNode(params.getK().toString(10)));
+ basePointParams.appendChild(factoryDoc.createTextNode("\n "));
+ basePointParams.appendChild(cofactor);
+ }
+
+ basePointParams.appendChild(factoryDoc.createTextNode("\n "));
+ explicitParams.appendChild(factoryDoc.createTextNode("\n "));
+
+ domainParameters.appendChild(factoryDoc.createTextNode("\n "));
+ domainParameters.appendChild(explicitParams);
+ domainParameters.appendChild(factoryDoc.createTextNode("\n "));
+ }
+ }
+
+ // Public key point
+ Element publicKeyPoint = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":PublicKey");
+
+ Element publicKeyX = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":X");
+ publicKeyX.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
+ publicKeyX.setAttributeNS(null, "Value",
+ (fieldId == Field.PRIME_FIELD)
+ ? publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(10)
+ : evenStringLength(publicKey.getW().getCoordinates().getX().getValue().toBigInt().toString(16)));
+ publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
+ publicKeyPoint.appendChild(publicKeyX);
+
+ Element publicKeyY = factoryDoc.createElementNS(ecdsaNS, ecdsaNSP + ":Y");
+ publicKeyY.setAttributeNS(xsiNS, xsiNSP + ":type", fieldElemTypeString);
+ publicKeyY.setAttributeNS(null, "Value",
+ (fieldId == Field.PRIME_FIELD)
+ ? publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(10)
+ : evenStringLength(publicKey.getW().getCoordinates().getY().getValue().toBigInt().toString(16)));
+ publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
+ publicKeyPoint.appendChild(publicKeyY);
+ publicKeyPoint.appendChild(factoryDoc.createTextNode("\n "));
+
+ eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
+ eCDSAKeyValue.appendChild(publicKeyPoint);
+ eCDSAKeyValue.appendChild(factoryDoc.createTextNode("\n "));
+
+ return eCDSAKeyValue;
+ }
+ */
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ private static String getECDSANSPrefix(Element element)
+ {
+ // FIXXME: Review this function (GK, 11.06.2002) - should return a list of strings, since more than
+ // one NS prefix can be bound to the ECDSA namespace
+
+ HashMap inScopeNSAttrs = getInScopeNSAttrs(element);
+ Iterator inScopeNSAttrsIt = inScopeNSAttrs.keySet().iterator();
+ while (inScopeNSAttrsIt.hasNext())
+ {
+ Attr currentAttr = (Attr)inScopeNSAttrs.get(inScopeNSAttrsIt.next());
+ if (ECDSAConstants.NAMESPACE_ECDSAKEYVALUE_.equals(currentAttr.getValue()))
+ {
+ return ("xmlns".equals(currentAttr.getNodeName())) ? "" : currentAttr.getNodeName().substring(6);
+ }
+ }
+ return null;
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ // Converts an octet string representation into an int array as needed for the IAIK ECC library
+ // String: rightmost byte is least significant byte
+ // IntArray: rightmost byte is LEAST significant byte
+ private static int[] octetString2IntArray(String octetString)
+ {
+ int byteCount = octetString.length()/2;
+ int[] intArray = new int[byteCount/4 + ((byteCount % 4 != 0) ? 1 : 0)];
+ for (int i = 0; i < byteCount; i++)
+ {
+ int oSStartPos = octetString.length() - (i + 1) * 2;
+ int currentByte = Integer.parseInt(octetString.substring(oSStartPos, oSStartPos + 2), 16);
+ intArray[i/4] += (currentByte & 0xFF) << ((i % 4) * 8);
+ }
+ return intArray;
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ // Converts an octet string representation into a byte array as needed for the IAIK ECC library
+ // String: rightmost byte is least significant byte
+ // ByteArray: rightmost byte is MOST significant byte
+ private static byte[] octetString2ByteArray(String octetString)
+ {
+ int byteCount = octetString.length()/2;
+ byte[] byteArray = new byte[byteCount];
+ for (int i = 0; i < byteCount; i++)
+ {
+ int oSStartPos = octetString.length() - (i + 1) * 2;
+ byteArray[byteCount - i - 1] = (byte) Integer.parseInt(octetString.substring(
+ oSStartPos, oSStartPos + 2), 16);
+ }
+ return byteArray;
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ private static String evenStringLength(String hexString)
+ {
+ return (hexString.length() % 2 != 0) ? "0" + hexString : hexString;
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ private static Element getChildElement(Element parent, String namespace, String localName,
+ int instance)
+ {
+ NodeList namedElements = parent.getElementsByTagNameNS(namespace, localName);
+ if (namedElements.getLength() < instance) return null;
+ return (Element)namedElements.item(instance - 1);
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ private static String getChildElementText(Element parent, String namespace, String localName,
+ int instance)
+ {
+ Element child = getChildElement(parent, namespace, localName, instance);
+ if (child == null) return null;
+ NodeList childNodes = child.getChildNodes();
+ int nodeCount = 0;
+ while (nodeCount < childNodes.getLength())
+ {
+ Node currentNode = childNodes.item(nodeCount);
+ if (currentNode.getNodeType() == Node.TEXT_NODE) return currentNode.getNodeValue();
+ nodeCount++;
+ }
+ return null;
+ }
+
+ /* ---------------------------------------------------------------------------------------------------- */
+
+ public static HashMap getInScopeNSAttrs(Element element)
+ {
+ // Get all ancestors of element
+ Vector ancestors = new Vector();
+ ancestors.add(element);
+ Node currentAncestor = element;
+ while ((currentAncestor = currentAncestor.getParentNode()) != null &&
+ currentAncestor.getNodeType() == Node.ELEMENT_NODE)
+ {
+ ancestors.add(currentAncestor);
+ }
+
+ // Scan all ancestors for NS attributes
+ HashMap inScopeNSAttrs = new HashMap();
+ for (int i = ancestors.size() - 1; i >= 0; i--)
+ {
+ Element currentAncestorElem = (Element)ancestors.get(i);
+ NamedNodeMap attrs = currentAncestorElem.getAttributes();
+ for (int j = 0; j < attrs.getLength(); j++)
+ {
+ Attr currentAttr = (Attr)attrs.item(j);
+ String currentAttrName = currentAttr.getNodeName();
+ if ("xmlns".equals(currentAttrName) || currentAttrName.startsWith("xmlns:"))
+ {
+ inScopeNSAttrs.put(currentAttrName, currentAttr);
+ }
+ }
+ }
+
+ // Check if default NS attribute is in list; if value is empty remove it from list
+ Attr defaultNSAttr = (Attr)inScopeNSAttrs.get("xmlns");
+ if (defaultNSAttr != null && "".equals(defaultNSAttr.getValue())) inScopeNSAttrs.remove("xmlns");
+
+ return inScopeNSAttrs;
+ }
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
new file mode 100644
index 000000000..7c4731555
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
@@ -0,0 +1,76 @@
+/*
+ * Created on 17.02.2004
+ *
+ * To change the template for this generated file go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author rschamberger
+ *
+ * To change the template for this generated type comment go to
+ * Window>Preferences>Java>Code Generation>Code and Comments
+ */
+public class HTTPRequestJSPForwarder {
+
+ /**
+ * Forwards the HttpServletRequest to a customizable JSP Page and serves the Response. <br>
+ * <ul>
+ * <li>Logs the message</li>
+ * </ul>
+ *
+ * @param message message text
+ * @param jspPageURI URI of the JSP page
+ * @param context the servlet context of the servlet belonging to the req, resp
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ public static void forwardNamed(
+ String message,
+ String jspPageURI,
+ ServletContext context,
+ HttpServletRequest req,
+ HttpServletResponse resp) {
+
+ if (null != message) {
+ Logger.info(message);
+ req.setAttribute("Message", message);
+ }
+
+ //forward this to the given jsp page where the HTML response is generated
+ try {
+ context.getRequestDispatcher(jspPageURI).forward(req, resp);
+ } catch (IOException e) {
+ Logger.error(e);
+ } catch (ServletException e) {
+ Logger.error(e);
+ }
+ }
+
+ /**
+ * Forwards the HttpServletRequest to the customizable JSP Page 'message.jsp' and serves the Response. <br>
+ * <ul>
+ * <li>Logs the message</li>
+ * </ul>
+ *
+ * @param message message text
+ * @param context the servlet context of the servlet belonging to the req, resp
+ * @param req servlet request
+ * @param resp servlet response
+ */
+ public static void forwardDefault(
+ String message,
+ ServletContext context,
+ HttpServletRequest req,
+ HttpServletResponse resp) {
+ forwardNamed(message, "/message.jsp", context, req, resp);
+ }
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
new file mode 100644
index 000000000..035c47eb9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -0,0 +1,68 @@
+package at.gv.egovernment.moa.id.util;
+
+/**
+ * HTTP Utilities
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+import org.apache.regexp.RE;
+import org.apache.regexp.RESyntaxException;
+
+/**
+ *
+ * @author Rudolf Schamberger
+ *
+ */
+public class HTTPUtils {
+
+ /**
+ * Utility used to obtainin correct encoded HTTP content.
+ * Reads a given Content adressed by HTTP-URL into String.
+ * Content encoding is considered by using the Content-Type HTTP header charset value.
+ * @param URL HTTP URL to read from.
+ * @return String representation of content
+ * @throws IOException on data-reading problems
+ */
+ public static String readHttpURL(String URL)
+ throws IOException {
+
+ URL url = new URL(URL);
+ HttpURLConnection conn = (HttpURLConnection)url.openConnection();
+ conn.setRequestMethod("GET");
+ String contentType = conn.getContentType();
+ RE regExp = null;
+ try {
+ regExp = new RE("(;.*charset=)(\"*)(.*[^\"])");
+ } catch (RESyntaxException e) {
+ //RESyntaxException is not possible = expr. is costant
+ }
+ boolean charsetSupplied = regExp.match(contentType);
+ String encoding = "ISO-8859-1"; //default HTTP encoding
+ if (charsetSupplied) {
+ encoding = regExp.getParen(3);
+ }
+ InputStream instream = new BufferedInputStream(conn.getInputStream());
+ InputStreamReader isr = new InputStreamReader(instream, encoding);
+ Reader in = new BufferedReader(isr);
+ int ch;
+ StringBuffer buffer = new StringBuffer();
+ while ((ch = in.read()) > -1) {
+ buffer.append((char)ch);
+ }
+ in.close();
+ conn.disconnect();
+ return buffer.toString();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
new file mode 100644
index 000000000..4330133f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
@@ -0,0 +1,374 @@
+/*
+ * Created on 01.10.2004
+ *
+ * @author rschamberger
+ * $ID$
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.util.Enumeration;
+import java.util.Hashtable;
+import java.util.StringTokenizer;
+import java.util.Vector;
+
+import javax.servlet.ServletInputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.URLDecoder;
+
+/**
+ * Special ServletRequestWrapper class which provides a more precise implementation of the getParameter*
+ * family. This implementation cares about the order of the parameters from Query String and HTTP POST
+ * Body. Use this as Filter class for Servlets which such needs.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class InOrderServletRequestWrapper extends HttpServletRequestWrapper {
+
+ /**
+ * standard encoding used to decode the URL string.
+ */
+ //
+ public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1";
+ /**
+ * Vector that stores the order of the query paramters
+ */
+ private Vector queryParamOrder;
+
+ /**
+ * Hashtable that stores the content of the query paramters
+ */
+ private Hashtable queryParameters;
+
+ /**
+ * Vector that stores the order of the HTTP body paramters
+ */
+ private Vector bodyParamOrder;
+
+ /**
+ * Hashtable that stores the content of the HTTP body paramters
+ */
+ private Hashtable bodyParameters;
+
+ /**
+ * ServletContext
+ */
+ private ServletContext context;
+
+ /**
+ * Identifier used to identify query parameters
+ */
+ public static final int QUERY_PARAM = 1;
+
+ /**
+ * Identifier used to identify HTTP body parameters
+ */
+ public static final int BODY_PARAM = 2;
+
+ /**
+ * @see HttpServletRequestWrapper
+ */
+ public InOrderServletRequestWrapper(final HttpServletRequest request, final ServletContext sContext) {
+ super(request);
+ this.context = sContext;
+ }
+
+ /**
+ * parses the Query and if availlable also HTTP POST parameters
+ *
+ * @param req a <code>HttpServletRequest</code> which should be parsed
+ */
+ protected final void parseParameters(final HttpServletRequest req)
+ {
+ queryParamOrder = new Vector();
+ queryParameters = new Hashtable();
+ bodyParamOrder = new Vector();
+ bodyParameters = new Hashtable();
+
+ //Insert code for Query string parsing
+ String rawQuery = req.getQueryString();
+ queryParameters = tokenize(queryParameters, queryParamOrder, rawQuery, DEFAULT_CHARACTER_ENCODING, true);
+
+ //analyze HTTP Post body parameters
+ if (req.getMethod().equalsIgnoreCase("POST"))
+ {
+ //get body encoding
+ String enc = req.getCharacterEncoding();
+ if (enc == null) enc = DEFAULT_CHARACTER_ENCODING;
+
+ if (req.getContentType().equals("application/x-www-form-urlencoded"))
+ {
+ try
+ {
+ bodyParameters = parsePostData(bodyParameters, req.getContentLength(), req.getInputStream(), enc);
+ }
+ catch (IOException e)
+ {
+ context.log("could not open input stream of reqest \n" + e.toString());
+ }
+ }
+ else
+ {
+ //TODO add multipart code
+ context.log(
+ "ERROR other Content-Types than 'application/x-www-form-urlencoded' not supported!");
+ }
+
+ }// end POST
+ }
+
+ /**
+ * parses the HTTP POST parameters
+ *
+ * @param ht parameter Hashtable to put parameters in.
+ * @param length of content
+ * @param instream the ServletInputStream of the request
+ * @param encoding encoding of the instream
+ *
+ * @return the Hashtable with the parsed data
+ */
+ private Hashtable parsePostData(Hashtable ht, final int length, final ServletInputStream instream,
+ final String encoding)
+ {
+ int inputLen, offset;
+ byte[] postedBytes = null;
+ boolean dataRemaining = true;
+ String postedBody;
+
+ StringBuffer sb = new StringBuffer();
+
+ if (length <= 0)
+ {
+ return null;
+ }
+
+ postedBytes = new byte[length];
+ try
+ {
+ offset = 0;
+ while (dataRemaining)
+ {
+ inputLen = instream.read(postedBytes, offset, length - offset);
+ if (inputLen <= 0)
+ {
+ throw new IOException("read error during reading the HTTP POST body");
+ }
+ offset += inputLen;
+ if ((length - offset) == 0)
+ {
+ dataRemaining = false;
+ }
+ }
+ }
+ catch (IOException e)
+ {
+ System.out.println("Exception =" + e);
+ return null;
+ }
+
+ postedBody = new String(postedBytes);
+ Hashtable ht2 = tokenize(ht, bodyParamOrder, postedBody, encoding, false);
+ return ht2;
+ }
+
+
+ /**
+ * tokenizes parameter strings
+ *
+ * @param ht parameter Hashtable to put parameters in.
+ * @param order Vector in which the order of the tokenized parameters will be stored.
+ * @param parameterString String to tokenize.
+ * @param encoding which will be used to decode the parameterString.
+ *
+ * @return the Hashtable with the parsed data
+ */
+ private Hashtable tokenize(Hashtable ht, Vector order, final String parameterString, final String encoding, boolean decode)
+ {
+ String[] valArray = null;
+
+ if (null == parameterString) return ht;
+
+ StringTokenizer st = new StringTokenizer(parameterString, "&");
+
+ String key = null;
+ String val = null;
+
+ while (st.hasMoreTokens())
+ {
+ String pair = (String) st.nextToken();
+ int pos = pair.indexOf('=');
+ if (pos == -1)
+ {
+ throw new IllegalArgumentException();
+ }
+ try
+ {
+ if (decode) {
+ key = URLDecoder.decode(pair.substring(0, pos), encoding);
+ val = URLDecoder.decode(pair.substring(pos + 1, pair.length()), encoding);
+ } else {
+ key = pair.substring(0, pos);
+ val = pair.substring(pos + 1, pair.length());
+ }
+ //Logger.debug("(" + Integer.toString(key.length()) + "=" + Integer.toString(pair.substring(0, pos).length()) + ")"+key+"|--|"+pair.substring(0, pos));
+ //Logger.debug("(" + Integer.toString(val.length()) + "=" + Integer.toString(pair.substring(pos + 1, pair.length()).length()) + ")"+val+"|--|"+pair.substring(pos + 1, pair.length()));
+ }
+ catch (Exception e)
+ {
+ throw new IllegalArgumentException();
+ }
+ if (ht.containsKey(key))
+ {
+ String oldVals[] = (String[]) ht.get(key);
+ valArray = new String[oldVals.length + 1];
+ for (int i = 0; i < oldVals.length; i++)
+ {
+ valArray[i] = oldVals[i];
+ }
+ valArray[oldVals.length] = val;
+ }
+ else
+ {
+ valArray = new String[1];
+ valArray[0] = val;
+ }
+ ht.put(key, valArray);
+ order.addElement(key);
+ }
+ return ht;
+
+ }
+
+ /**
+ * Returns the value of a request parameter as a <code>String</code>, or <code>null</code> if the
+ * parameter does not exist. Request parameters are extra information sent with the request. For HTTP
+ * servlets, parameters are contained in the query string or posted form data.
+ *
+ * <p>
+ * You should only use this method when you are sure the parameter has only one value. If the parameter
+ * might have more than one value, use {@link #getParameterValues(String, int)}.
+ *
+ * <p>
+ * If you use this method with a multivalued parameter, the value returned is equal to the first value in
+ * the array returned by <code>getParameterValues</code>.
+ *
+ * <p>
+ * If the parameter data was sent in the request body, such as occurs with an HTTP POST request, then
+ * reading the body directly via {@link #getInputStream} or {@link #getReader}can interfere with the
+ * execution of this method.
+ *
+ * @param name a <code>String</code> containing the name of the parameter whose value is requested
+ *
+ * @return a <code>String</code> representing the single value of the parameter
+ *
+ * @see #getParameterValues(String, int)
+ *
+ */
+ public final String getParameter(final String name) {
+ String val = getParameter(name, QUERY_PARAM);
+ return (null != val) ? val : getParameter(name, BODY_PARAM);
+ }
+
+ /**
+ * Returns the value of a request parameter as a <code>String</code>, or <code>null</code> if the
+ * parameter does not exist.
+ *
+ * @param name a <code>String</code> containing the name of the parameter whose value is requested
+ * @param parameterType type of parameter
+ * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM
+ * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM
+ * @see #getParameterValues(String)
+ * @return value of the (single) parameter or null if not availlable
+ **/
+ public final String getParameter(final String name, final int parameterType)
+ {
+
+ Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters;
+ String[] vals = (String[]) parameters.get(name);
+ if (vals == null)
+ {
+ return null;
+ }
+ return vals[0];
+ }
+
+
+ /**
+ * Returns an array of <code>String</code> objects containing all of the values the given request
+ * parameter has, or <code>null</code> if the parameter does not exist.
+ *
+ * <p>
+ * If the parameter has a single value, the array has a length of 1.
+ *
+ * @param name a <code>String</code> containing the name of the parameter whose value is requested
+ * @param parameterType type of parameter
+ * @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#QUERY_PARAM
+ * and @see at.gv.egovernment.moa.id.util.InOrderServletRequestWrapper#BODY_PARAM
+ * @return an array of <code>String</code> objects containing the parameter's values or null
+ *
+ * @see #getParameter
+ */
+ public final String getParameterValues(final String name, final int parameterType)
+ {
+ Hashtable parameters = (parameterType == QUERY_PARAM) ? queryParameters : bodyParameters;
+ String[] vals = (String[]) parameters.get(name);
+ if (vals == null)
+ {
+ return null;
+ }
+ String vallist = vals[0];
+ for (int i = 1; i < vals.length; i++)
+ {
+ vallist = vallist + "," + vals[i];
+ }
+ return vallist;
+ }
+
+ /**
+ *
+ * Returns an <code>Enumeration</code> of <code>String</code> objects containing the names of the
+ * parameters. If there are no parameters, the method returns an empty
+ * <code>Enumeration</code>.
+ *
+ * @return an <code>Enumeration</code> of <code>String</code> objects, each <code>String</code>
+ * containing the name of a request parameter; or an empty <code>Enumeration</code> if the
+ * request has no parameters
+ *
+ */
+ public final Enumeration getParameterNames()
+ {
+ Vector FullParamOrder = new Vector();
+ for (Enumeration enu = queryParamOrder.elements(); enu.hasMoreElements();) {
+ FullParamOrder.addElement(enu.nextElement());
+ }
+ for (Enumeration enu = bodyParamOrder.elements(); enu.hasMoreElements();) {
+ FullParamOrder.addElement(enu.nextElement());
+ }
+ return FullParamOrder.elements();
+ }
+
+ /**
+ *
+ * Returns an <code>Enumeration</code> of <code>String</code> objects containing the names of the
+ * parameters contained in this request. If the request has no parameters, the method returns an empty
+ * <code>Enumeration</code>.
+ * @param parameterType type of parameter
+ *
+ * @return an <code>Enumeration</code> of <code>String</code> objects, each <code>String</code>
+ * containing the name of a request parameter; or an empty <code>Enumeration</code> if the
+ * request has no parameters
+ *
+ */
+ public final Enumeration getParameterNames(final int parameterType)
+ {
+ if (QUERY_PARAM == parameterType)
+ return queryParamOrder.elements();
+ else
+ return bodyParamOrder.elements();
+ }
+} //End InOrderServletRequestWrapper \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
new file mode 100644
index 000000000..d31aa6ec1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
@@ -0,0 +1,58 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Locale;
+
+import at.gv.egovernment.moa.util.Messages;
+
+/**
+ * A singleton wrapper around a <code>Message</code> object, providing the messages used in MOA-ID.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDMessageProvider {
+
+ /** DEFAULT_MESSAGE_RESOURCES are resources/properties/id_messages */
+ private static final String[] DEFAULT_MESSAGE_RESOURCES =
+ { "resources/properties/id_messages" };
+ /** DEFAULT_MESSAGE_LOCALES are "de", "AT" */
+ private static final Locale[] DEFAULT_MESSAGE_LOCALES =
+ new Locale[] { new Locale("de", "AT") };
+ /** The instance for our singleton */
+ private static MOAIDMessageProvider instance;
+ /** The Messages */
+ private Messages messages;
+
+ /**
+ * Returns the single instance of <code>MOAIDMessageProvider</code>.
+ *
+ * @return the single instance of <code>MOAIDMessageProvider</code>
+ */
+ public static MOAIDMessageProvider getInstance() {
+ if (instance == null)
+ instance = new MOAIDMessageProvider(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES);
+ return instance;
+ }
+
+ /**
+ * Create a <code>MOAIDMessageProvider</code>.
+ *
+ * @param resourceNames The names of the resources containing the messages.
+ * @param locales The corresponding locales.
+ */
+ protected MOAIDMessageProvider(String[] resourceNames, Locale[] locales) {
+ this.messages = new Messages(resourceNames, locales);
+ }
+
+ /**
+ * Get the message corresponding to a given message ID.
+ *
+ * @param messageId The ID of the message.
+ * @param parameters The parameters to fill in into the message arguments.
+ * @return The formatted message.
+ */
+ public String getMessage(String messageId, Object[] parameters) {
+ return messages.getMessage(messageId, parameters);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
new file mode 100644
index 000000000..3f5fddba2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
@@ -0,0 +1,62 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ * @author rschamberger
+ *
+ */
+/**
+ * A Filter class wich uses the InOrderServletRequestWrapper to provide servlets a more precise
+ * implementation of the getParameter* family. This implementation cares about the order of the parameters
+ * from Query String and HTTP POST Body. Use this as Filter class for Servlets which such needs.
+ *
+ * @author Rudolf Schamberger
+ * @version $Id$
+ */
+public class ParameterInOrderFilter implements Filter
+{
+
+ /**
+ * filterConfig
+ */
+ private FilterConfig filterConfig;
+
+ /**
+ * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
+ */
+ public final void init(final FilterConfig config)
+ {
+ this.filterConfig = config;
+ }
+
+ /**
+ * @see javax.servlet.Filter#destroy()
+ */
+ public final void destroy()
+ {
+ };
+
+ /**
+ * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse,
+ * javax.servlet.FilterChain)
+ */
+ public final void doFilter(final ServletRequest request, final ServletResponse response,
+ final FilterChain chain) throws IOException, ServletException
+ {
+ InOrderServletRequestWrapper sRequ = new InOrderServletRequestWrapper((HttpServletRequest) request,
+ filterConfig.getServletContext());
+ //parse the Query (and Body) parameters
+ sRequ.parseParameters((HttpServletRequest) request);
+ //process the rest of filter chain
+ chain.doFilter(sRequ, response);
+ }
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
new file mode 100644
index 000000000..da75b4213
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.util;
+
+import java.util.Date;
+
+/**
+ * Random number generator used to generate ID's
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class Random {
+
+ /** random number generator used */
+ private static java.util.Random random = new java.util.Random(new Date().getTime());
+ /**
+ * Creates a new random number, to be used as an ID.
+ *
+ * @return random long as a String
+ */
+ public static String nextRandom() {
+ return "" + random.nextLong();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
new file mode 100644
index 000000000..9fa0803c4
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -0,0 +1,180 @@
+package at.gv.egovernment.moa.id.util;
+
+import iaik.pki.PKIConfiguration;
+import iaik.pki.PKIException;
+import iaik.pki.PKIFactory;
+import iaik.pki.PKIProfile;
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.io.BufferedInputStream;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+import java.io.Reader;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Security;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import org.apache.regexp.RE;
+import org.apache.regexp.RESyntaxException;
+
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
+import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
+import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>.
+ * This <code>TrustManager</code> implementation features CRL checking.<br/>
+ * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtils {
+
+ /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
+ private static Map sslSocketFactories = new HashMap();
+
+ /**
+ * Initializes the SSLSocketFactory store.
+ */
+ public static void initialize() {
+ sslSocketFactories = new HashMap();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ }
+
+ /**
+ * Creates an <code>SSLSocketFactory</code> which utilizes an
+ * <code>IAIKX509TrustManager</code> for the given trust store,
+ * and the given key store.
+ *
+ * @param conf configuration provider providing a generic properties pointing
+ * to trusted CA store and certificate store root
+ * @param connParam connection parameter containing the client key store settings
+ * to be used in case of client authentication;
+ * if <code>connParam.getClientKeyStore() == null</code>, client authentication
+ * is assumed to be disabled
+ * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code>
+ * @throws IOException thrown while reading key store file
+ * @throws GeneralSecurityException thrown while creating the socket factory
+ * @throws ConfigurationException on invalid configuration data
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ public static SSLSocketFactory getSSLSocketFactory(
+ ConfigurationProvider conf,
+ ConnectionParameter connParam)
+ throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
+
+ Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
+ // retrieve SSLSocketFactory if already created
+ SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl());
+ if (ssf != null)
+ return ssf;
+ // else create new SSLSocketFactory
+ String trustStoreURL = conf.getTrustedCACertificates();
+ if (trustStoreURL == null)
+ throw new ConfigurationException(
+ "config.08", new Object[] {"TrustedCACertificates"});
+ String acceptedServerCertURL = connParam.getAcceptedServerCertificates();
+ TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL);
+ KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers(
+ "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword());
+ SSLContext ctx = SSLContext.getInstance("TLS");
+ ctx.init(kms, tms, null);
+ ssf = ctx.getSocketFactory();
+ // store SSLSocketFactory
+ sslSocketFactories.put(connParam.getUrl(), ssf);
+ return ssf;
+ }
+
+ /**
+ * Initializes an <code>IAIKX509TrustManager</code> for a given trust store,
+ * using configuration data.
+ *
+ * @param conf MOA-ID configuration provider
+ * @param trustStoreURL trust store URL
+ * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates
+ * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code>
+ * @throws ConfigurationException on invalid configuration data
+ * @throws IOException on data-reading problems
+ * @throws PKIException while initializing the <code>IAIKX509TrustManager</code>
+ */
+ public static TrustManager[] getTrustManagers(
+ ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL)
+ throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ PKIConfiguration cfg = null;
+ if (! PKIFactory.getInstance().isAlreadyConfigured())
+ cfg = new PKIConfigurationImpl(conf);
+ String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING);
+ //not using BoolUtils because default value hast to be true!
+ boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString));
+ PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation);
+ // This call fixes a bug occuring when PKIConfiguration is
+ // initialized by the MOA-SP initialization code, in case
+ // MOA-SP is called by API
+ MOAIDTrustManager.initializeLoggingContext();
+ IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL);
+ tm.init(cfg, profile);
+ return new TrustManager[] {tm};
+ }
+ /**
+ * Reads a file, given by URL, into a byte array,
+ * securing the connection by IAIKX509TrustManager.
+ * @param connParam containing URL and accepted server certificates
+ * @param conf ConfigurationProvider for reading
+ * @return String representation of content
+ * @throws ConfigurationException on invalid configuration data
+ * @throws PKIException on invalid configuration data
+ * @throws IOException on data-reading problems
+ * @throws GeneralSecurityException on security issues
+ */
+ public static String readHttpsURL(ConfigurationProvider conf, ConnectionParameter connParam)
+ throws ConfigurationException, PKIException, IOException, GeneralSecurityException {
+
+ URL url = new URL(connParam.getUrl());
+ HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
+ conn.setRequestMethod("GET");
+ conn.setDoInput(true);
+ SSLSocketFactory sslSocketFactory = getSSLSocketFactory(conf, connParam);
+ conn.setSSLSocketFactory(sslSocketFactory);
+ conn.connect();
+ String contentType = conn.getContentType();
+ RE regExp = null;
+ try {
+ regExp = new RE("(;.*charset=)(\"*)(.*[^\"])");
+ } catch (RESyntaxException e) {
+ //RESyntaxException is not possible = expr. is costant
+ }
+ boolean charsetSupplied = regExp.match(contentType);
+ String encoding = "ISO-8859-1"; //default HTTP encoding
+ if (charsetSupplied) {
+ encoding = regExp.getParen(3);
+ }
+ InputStream instream = new BufferedInputStream(conn.getInputStream());
+ InputStreamReader isr = new InputStreamReader(instream, encoding);
+ Reader in = new BufferedReader(isr);
+ int ch;
+ StringBuffer buffer = new StringBuffer();
+ while ((ch = in.read()) > -1) {
+ buffer.append((char)ch);
+ }
+ in.close();
+ conn.disconnect();
+ return buffer.toString();
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
new file mode 100644
index 000000000..725fa1386
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/MOAIDTestCase.java
@@ -0,0 +1,203 @@
+package test;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+import iaik.ixsil.algorithms.Transform;
+import iaik.ixsil.algorithms.TransformImplExclusiveCanonicalXML;
+import iaik.ixsil.exceptions.AlgorithmException;
+import iaik.ixsil.exceptions.InitException;
+import iaik.ixsil.exceptions.URIException;
+import iaik.ixsil.init.IXSILInit;
+import iaik.ixsil.util.URI;
+import test.at.gv.egovernment.moa.MOATestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDTestCase extends MOATestCase implements Constants {
+
+ public static final String XML_DECL =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";
+ protected static final String nl = "\n";
+
+ public MOAIDTestCase(String name) {
+ super(name);
+ }
+
+ protected void initIxsil() throws InitException, URIException {
+ IXSILInit.init(new URI("init/properties/init.properties"));
+ // Switch on debug information
+ IXSILInit.setPrintDebugLog(true);
+ }
+ //STRING <==> STRING
+ protected void assertXmlEquals(String xml1, String xml2)
+ throws AlgorithmException, IOException, InitException, URIException{
+ initIxsil();
+ String canXml1 = canonicalTransform(xml1);
+ String canXml2 = canonicalTransform(xml2);
+ assertEquals(canXml1, canXml2); }
+ // ELEMENT <==> ELEMENT
+ protected void assertXmlEquals(Element xml1, Element xml2)
+ throws AlgorithmException, IOException, InitException , URIException, TransformerException{
+ initIxsil();
+ assertEquals(canonicalTransform(DOMUtils.serializeNode(xml1)),canonicalTransform(DOMUtils.serializeNode(xml2)));
+ }
+ // INPUTSTREAM <==> INPUTSTREAM
+ protected void assertXmlEquals(InputStream xml1, InputStream xml2)
+ throws AlgorithmException, IOException, InitException , URIException{
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+ // ELEMENT <==> STRING
+ protected void assertXmlEquals(Element xml1, String xml2)
+ throws AlgorithmException, IOException, InitException , URIException, TransformerException {
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+ // ELEMENT <==> INPUTSTREAM
+ protected void assertXmlEquals(Element xml1, InputStream xml2)
+ throws AlgorithmException, IOException, InitException , URIException, TransformerException{
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+ // STRING <==> INPUTSTREAM
+ protected void assertXmlEquals(String xml1, InputStream xml2)
+ throws AlgorithmException, IOException, InitException , URIException{
+ initIxsil();
+ assertEquals(canonicalTransform(xml1),canonicalTransform(xml2));
+ }
+
+ /**
+ * Method canonicalTransform.
+ * @param input as STRING
+ * @return String
+ */
+ protected String canonicalTransform(String input)
+ throws AlgorithmException, IOException {
+
+ Transform tr = new TransformImplExclusiveCanonicalXML();
+ InputStream s = new ByteArrayInputStream(input.getBytes("UTF-8"));
+ tr.setInput(s, null);
+ ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
+ return killWhiteSpace(readString(transResult));
+ }
+ /**
+ * Method canonicalTransform.
+ * @param input as Element
+ * @return String
+ */
+ protected String canonicalTransform(Element input)
+ throws AlgorithmException, IOException {
+
+ Transform tr = new TransformImplExclusiveCanonicalXML();
+ tr.setInput(XPathUtils.selectNodeList(input, XPathUtils.ALL_NODES_XPATH), null);
+ ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
+
+ return killWhiteSpace(readString(transResult));
+ }
+
+ /**
+ * Method canonicalTransform.
+ * @param input as InputStream
+ * @return String
+ */
+ protected String canonicalTransform(InputStream input)
+ throws AlgorithmException, IOException {
+
+ Transform tr = new TransformImplExclusiveCanonicalXML(); tr.setInput(input, null);
+ ByteArrayInputStream transResult = (ByteArrayInputStream) tr.transform();
+
+ return killWhiteSpace(readString(transResult));
+ }
+
+ public static String killWhiteSpace(String input)
+ {
+ int start=0;
+ int ende;
+ String result;
+ String middle;
+ result = input;
+ do {
+ start = result.indexOf(">", start);
+ ende = result.indexOf("<", start);
+ middle = result.substring(start+1,ende).trim();
+ result = result.substring(0,start+1) +middle + result.substring(ende,result.length());
+ start++;
+ } while (result.indexOf("<", ende + 1)>0);
+
+ return result;
+ }
+
+ /**
+ * Method killExclusive.: The values startsWith and endsWith will be included into the answer.
+ * @param input
+ * @param startsWith
+ * @param endsWith
+ * @param newValue
+ * @return String
+ */
+ public static String killExclusive(String input, String startsWith, String endsWith, String newValue)
+ {
+ int start=0;
+ int ende;
+ String result;
+ result = input;
+ do {
+ start = result.indexOf(startsWith, start) + startsWith.length();
+ ende = result.indexOf(endsWith, start);
+ result = result.substring(0,start) + newValue + result.substring(ende,result.length());
+ start++;
+ } while (result.indexOf(startsWith, ende + 1)>0);
+
+ return result;
+ }
+
+ /**
+ * Method killInclusive. : The values startsWith and endsWith will NOT be included into the answer.
+ * @param input
+ * @param startsWith
+ * @param endsWith
+ * @param newValue
+ * @return String
+ */
+ public static String killInclusive(String input, String startsWith, String endsWith, String newValue)
+ {
+ int start=0;
+ int ende;
+ String result;
+ result = input;
+ do {
+ start = result.indexOf(startsWith, start) + startsWith.length();
+ ende = result.indexOf(endsWith, start);
+ result = result.substring(0,start - startsWith.length() ) + newValue + result.substring(ende + endsWith.length(),result.length());
+ start++;
+ } while (result.indexOf(startsWith, ende + 1)>0);
+
+ return result;
+ }
+
+ protected String readFile(String filename) throws IOException {
+ return readFile(filename, "UTF-8");
+ }
+ protected String readFile(String filename, String encoding) throws IOException {
+ return FileUtils.readFile(filename, encoding);
+ }
+ protected String readString(InputStream input) throws IOException
+ {
+ return StreamUtils.readStream(input, "UTF-8");
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
new file mode 100644
index 000000000..0d72691aa
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java
@@ -0,0 +1,171 @@
+package test.abnahme.A;
+
+import test.abnahme.AbnahmeTestCase;
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.WrongParametersException;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Test100StartAuthentication extends AbnahmeTestCase {
+
+ public Test100StartAuthentication(String name) {
+ super(name);
+ }
+
+ public void testA101() throws Exception {
+ try {
+ String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ "file:" + findXmldata("AuthTemplate.html"),
+ "http://localhost:3495/http-security-layer-request",
+ null);
+ htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
+ //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
+ assertEquals(readXmldata("htmlForm.html"),htmlForm);
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA102() throws Exception {
+ try {
+ String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ null,
+ "http://localhost:3495/http-security-layer-request", null);
+ htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
+ //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
+ assertEquals(readXmldata("htmlForm.html"),htmlForm);
+
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA103() throws Exception {
+ try {
+ String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ "file:" + findXmldata("AuthTemplate.html"),
+ null,
+ null);
+ htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");
+ //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));
+ assertEquals(readXmldata("htmlForm.html"),htmlForm);
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA151() throws Exception {
+ try {
+ try {
+ server.startAuthentication(null, //authURL
+ "gb", //target
+ "http://localhost:9080/", //oaURL
+ null, null, null);
+ //assertEquals("",htmlForm);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (WrongParametersException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA152() throws Exception {
+ try {
+ try {
+ server.startAuthentication("http://localhost:8080/auth", //authURL
+ "gb", "http://localhost:9080/", //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA153() throws Exception {
+ try {
+ try {
+ server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", "http://host_not_in_config/", //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA154() throws Exception {
+ try {
+ try {
+ server.startAuthentication("https://localhost:8443/auth", //authURL
+ "gb", null, //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (WrongParametersException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA155() throws Exception {
+ try {
+ try {
+ server.startAuthentication("https://localhost:8443/auth", //authURL
+ null, "http://localhost:9080/", //oaURL
+ null, null, null);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (WrongParametersException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ //assertEquals("",htmlForm);
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test200VerifyIdentityLink.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test200VerifyIdentityLink.java
new file mode 100644
index 000000000..043f51398
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test200VerifyIdentityLink.java
@@ -0,0 +1,369 @@
+package test.abnahme.A;
+
+import java.util.HashMap;
+import java.util.Vector;
+
+import org.w3c.dom.Element;
+
+import test.abnahme.AbnahmeTestCase;
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Test200VerifyIdentityLink extends AbnahmeTestCase {
+
+ public Test200VerifyIdentityLink(String name) {
+ super(name);
+ }
+
+ public void testA201() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, parameters);
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, true);
+
+ /*
+ * HINWEIS: clearSamlAssertion löscht aus einer beliebiegen String-Repräsentation einer XML-Struktur
+ * AUSSLIESSLICH die Attribute IssueInstand und die AssertionID heraus, von dem her ist diese
+ * Method hier verwendbar
+ */
+
+ assertXmlEquals(clearSamlAssertion(readXmldata("CreateXMLSignatureRequest.xml")), clearSamlAssertion(createXMLSignatureRequest));
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ }
+ public void testA251() throws Exception {
+ try {
+ startAuthentication();
+ String sessionID = "0";
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA252() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+
+ server.setSecondsSessionTimeOut(-100);
+ server.cleanup();
+ server.setSecondsSessionTimeOut(1000);
+
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA253() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA254() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA255() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA256() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA257() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA258() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA259() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA260() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA261() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA262() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ new InfoboxReadResponseParser(infoboxReadResponse).parseIdentityLink();
+ // System.out.println(infoboxReadResponse);
+
+ try {
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA263() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ VerifyXMLSignatureResponseParser respParser = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+
+ // String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ // System.out.println(createXMLSignatureRequest);
+ // String createXMLSignatureResponse = readFile(TESTDATA_ROOT + "xmldata/standard/"+"CreateXMLSignatureResponse.xml");
+ // String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ Vector identityLinkSigners = new Vector();
+ identityLinkSigners.add("CN=TEST,OU=TEST,O=TEST,C=AT");
+ try {
+ VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), identityLinkSigners, VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, true);
+ System.err.println(this.getName() + " hat KEINE FEHLER geworfen");
+ fail(this.getName() + " hat KEINE FEHLER geworfen");
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
new file mode 100644
index 000000000..9bf92e54b
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -0,0 +1,609 @@
+package test.abnahme.A;
+
+import java.util.Calendar;
+import java.util.HashMap;
+
+import org.w3c.dom.Element;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+
+public class Test300VerifyAuthBlock extends AbnahmeTestCase {
+
+ public Test300VerifyAuthBlock(String name) {
+ super(name);
+ }
+
+ public void testA301() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ //authDataWriter(authData,this.getName()+"new.xml");
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA302() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ //authDataWriter(authData,this.getName()+"new.xml");
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA303() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA304() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA305() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA306() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA307() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA308() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ }
+
+ public void testA309() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA310() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA311() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA351() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // nicht existierende Session....
+ try {
+ server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA352() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ server.setSecondsSessionTimeOut(-100);
+ server.cleanup();
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // abgelaufene Session....
+ server.setSecondsSessionTimeOut(1000);
+ try {
+ server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA353() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // Session for VerifyIdentityLink-Aufruf
+ try {
+
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ fail();
+ }
+ //NOCH SEHR UNSCHÖN..... (fliegt raus im AuthenticationServer, Methode buildAuthenticationData
+ // ( IdentityLink identityLink = session.getIdentityLink(); ==> liefert dann NULL...
+ catch (NullPointerException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA354() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // nicht existierende Session....
+
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ try {
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA355() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA356() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA357() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA358() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA359() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA360() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA361() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA362() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA363() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA364() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ /* public void testA365() throws Exception {
+ String sessionID = startAuthentication();
+ try {
+ // wegen sinnlosigkeit gestrichen
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }*/
+
+ public void testA366() throws Exception {
+
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }
+ public void testA367() throws Exception {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }
+
+
+ private AuthenticationData initServer(String sessionID) throws Exception {
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
+ String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ AuthenticationData authData = server.getAuthenticationData(samlArtifact);
+ return authData;
+ }
+
+ private AuthenticationData initServerWithoutValidateAuthBlock(String sessionID) throws Exception {
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
+
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ // parses <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse();
+ // validates <CreateXMLSignatureResponse>
+ new CreateXMLSignatureResponseValidator().validate(csresp, session);
+ // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
+ String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
+ Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
+ // invokes the call
+ Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, true);
+ // compares the public keys from the identityLink with the AuthBlock
+
+ // builds authentication data and stores it together with a SAML artifact
+ AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ return authData;
+ }
+ private AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp)
+ throws ConfigurationException, BuildException {
+
+ IdentityLink identityLink = session.getIdentityLink();
+ AuthenticationData authData = new AuthenticationData();
+ authData.setMajorVersion(1);
+ authData.setMinorVersion(0);
+ authData.setAssertionID(Random.nextRandom());
+ authData.setIssuer(session.getAuthURL());
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ String vpkBase64 = new BPKBuilder().buildBPK(
+ identityLink.getIdentificationValue(), session.getTarget());
+ authData.setBPK(vpkBase64);
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ String prPerson = new PersonDataBuilder().build(
+ identityLink, oaParam.getProvideStammzahl());
+
+ try {
+ String ilAssertion =
+ oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
+ String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
+ String samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null);
+ authData.setSamlAssertion(samlAssertion);
+ return authData;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "AuthenticationData", ex.getMessage() },
+ ex);
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test400GetAuthenticationData.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test400GetAuthenticationData.java
new file mode 100644
index 000000000..3db0a6d69
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test400GetAuthenticationData.java
@@ -0,0 +1,137 @@
+package test.abnahme.A;
+
+import java.util.HashMap;
+
+import org.w3c.dom.Element;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class Test400GetAuthenticationData extends AbnahmeTestCase {
+
+ private String samlArtifact;
+
+ public Test400GetAuthenticationData(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ String sessionID = startAuthentication();
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+ server.verifyIdentityLink(sessionID, parameters);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(), session);
+ samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ }
+
+ public void testA401() throws Exception {
+ try {
+
+ AuthenticationData authData = server.getAuthenticationData(samlArtifact);
+// authDataWriter(authData,"NEWA401");
+ assertXmlEquals(clearSamlAssertion(authData.getSamlAssertion()), readXmldata("AuthenticationData.xml"));
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA451() throws Exception {
+ try {
+ try {
+ AuthenticationData authData = server.getAuthenticationData("AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi");
+ authDataWriter(authData, "A45");
+ if (authData != null)
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA452() throws Exception {
+ try {
+ server.getAuthenticationData(samlArtifact);
+ try {
+ server.getAuthenticationData(samlArtifact);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA453() throws Exception {
+ try {
+ server.setSecondsAuthDataTimeOut(-1000);
+ server.cleanup();
+ try {
+ server.getAuthenticationData(samlArtifact);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA454() throws Exception {
+ try {
+ try {
+ server.getAuthenticationData("blabla123");
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "\n-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test500StartAuthenticationServlet.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test500StartAuthenticationServlet.java
new file mode 100644
index 000000000..f4f37a871
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test500StartAuthenticationServlet.java
@@ -0,0 +1,305 @@
+package test.abnahme.A;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.Security;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Test500StartAuthenticationServlet extends AbnahmeTestCase {
+
+ private String testdataRoot = TESTDATA_ROOT + "xmldata/standard/";
+ SSLSocketFactory ssf;
+ public Test500StartAuthenticationServlet(String name) {
+ super(name);
+ }
+ protected void setUp() throws Exception {
+ super.setUp();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+ public void testA501() throws Exception {
+ //NUR einmal für alle folgenden Testfälle
+ //----------------------------------------
+
+ //----------------------------------------
+
+ try {
+ String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(targetURL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ String contentType = conn.getHeaderField("Content-Type");
+ if (resultCode != 200)
+ fail("Wrong HTTP-Code");
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA502() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ String contentType = conn.getHeaderField("Content-Type");
+ if (resultCode != 200)
+ fail("Wrong HTTP-Code: expected '200' and was '" + resultCode + "'");
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ System.out.println("File gelesen, Daten in Outputstream einpflegen");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+
+ System.out.println("Verbinden zu " + URL);
+ conn.connect();
+ resultCode = conn.getResponseCode();
+ System.out.println("resultCode :" + resultCode);
+ String redirectLoc = conn.getHeaderField("Location");
+ System.out.println("redirectLoc :" + redirectLoc);
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA503() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+
+ assertEquals(200,conn.getResponseCode());
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ URL = parseDataURL(result);
+
+ conn.disconnect();
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+
+ conn = giveConnection(redirectLoc, "POST");
+ System.out.println("Redirect Location: " + redirectLoc);
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("XMLResponse=" +createXMLSignatureResponse).getBytes());
+ out.flush();
+ out.close();
+
+ System.out.println("Sending Data to " + redirectLoc);
+ conn.connect();
+
+ redirectLoc = conn.getHeaderField("Location");
+ System.out.println("redirectLoc: " + redirectLoc);
+ /* RandomAccessFile raf = new RandomAccessFile("C://503.xml", "rw");
+ raf.write(StreamUtils.readStream(conn.getInputStream()));
+ raf.close();*/
+ conn.disconnect();
+ assertEquals(302, conn.getResponseCode());
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA551() throws Exception {
+ try {
+ String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", "");
+ HttpsURLConnection conn = giveConnection(targetURL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ assertTrue(result.indexOf("Die Angabe der Parameter ist unvollst&auml;ndig") >= 0);
+ conn.disconnect();
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Die Angabe der Parameter ist unvollständig.\n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA552() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ assertEquals(200, resultCode);
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ URL = "https://localhost:8443/moa-id-auth/" + "VerifyIdentityLink?MOASessionID=0000";
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0);
+ System.out.println("Fehler in testA552 erfolgreich abgefangen: MOASessionID ist unbekannt");
+ conn.disconnect();
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA553() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ assertEquals(200,resultCode);
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ URL = parseDataURL(result);
+ conn.disconnect();
+
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String redirectLoc = conn.getHeaderField("Location");
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ conn = giveConnection(redirectLoc + "XXX", "POST");
+ System.out.println("Redirect Location: " + redirectLoc + "XXX");
+ String createXMLSignatureResponse = "XMLResponse=" + URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+
+ out = conn.getOutputStream();
+ out.write(new String("MOASessionID=" + MOASessionID + "&").getBytes());
+ out.write(createXMLSignatureResponse.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ System.out.println("Sending Data to " + redirectLoc);
+ conn.connect();
+ resultCode = conn.getResponseCode();
+
+ result = new String(StreamUtils.readStream(conn.getInputStream()));
+ conn.disconnect();
+ assertEquals(200, resultCode);
+ assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0);
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ private String parseDataURL(String input) {
+ String ret = getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\"");
+ return ret;
+ }
+
+ private String getSubString(String input, String startsWith, String endsWith) {
+ return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length()));
+ }
+ private String getURL(String authURL, String target, String oaURL) {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+
+ private class HostnameVerifierHack implements HostnameVerifier {
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+ private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ URL url = new URL(targetURL);
+ HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
new file mode 100644
index 000000000..b44852346
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
@@ -0,0 +1,281 @@
+package test.abnahme.A;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.Security;
+import java.util.Calendar;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class Test600GetAuthenticationDataService extends AbnahmeTestCase {
+
+ private String moaSessionID;
+ private String samlArtifact;
+ private static final QName SERVICE_QNAME = new QName("SignatureCreation");
+
+ public Test600GetAuthenticationDataService(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+ public void testA601() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+
+ Element erg = doCall(srb.build(moaSessionID,URLDecoder.decode(samlArtifact, "UTF-8")));
+ result = DOMUtils.serializeNode(erg);
+ result = killInclusive(result,"IssueInstant=\"","\"","");
+ result = killInclusive(result,"AssertionID=\"","\"","");
+ result = killInclusive(result,"ResponseID=\"","\"","");
+
+// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+
+ assertEquals(result,readXmldata("GetAuthenticationDataWebServiceResponse.xml"));
+
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA651() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = "AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi";
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+ Element samlPRequest = srb.build(moaSessionID,samlArtifact);
+
+ assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("unbekanntes SAML-Artifakt")!=-1);
+
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt\n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA652() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+ String request =
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
+ moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" +
+ DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" +
+ "</samlp:Request>";
+
+ Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("Fehlerhaftes Requestformat")!=-1);
+// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehlerhaftes Requestformat\n-----------------------"); }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ protected Element doCall(Element request)
+ throws Exception {
+ QName serviceName = new QName("GetAuthenticationData");
+ String endPoint = "http://localhost:8080/moa-id-auth/services/GetAuthenticationData";
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+ SOAPBodyElement body =
+ new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] {body};
+ Vector responses;
+ SOAPBodyElement response;
+
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(params);
+ response = (SOAPBodyElement) responses.get(0);
+
+ return response.getAsDOM();
+ }
+
+ private String parseDataURL(String input)
+ {
+ return getSubString(input.substring(input.indexOf("DataURL"),input.length()),"value=\"","\"");
+ }
+ private String parseSamlArtifact(String input)
+ {
+ return getSubString(input+"@@@","SAMLArtifact=","@@@");
+ }
+ private String getSubString(String input, String startsWith, String endsWith)
+ {
+ return input.substring(input.indexOf(startsWith)+startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith)+startsWith.length()));
+ }
+ private String getURL(String authURL, String target, String oaURL)
+ {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue(
+ "HTML Form enthält keine SessionID",
+ htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+ private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+ private class HostnameVerifierHack implements HostnameVerifier {
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test700SelectBKU.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test700SelectBKU.java
new file mode 100644
index 000000000..9cfa47033
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test700SelectBKU.java
@@ -0,0 +1,63 @@
+package test.abnahme.A;
+
+import test.abnahme.AbnahmeTestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class Test700SelectBKU extends AbnahmeTestCase {
+
+ public Test700SelectBKU(String name) {
+ super(name);
+ }
+
+ public void testA701() throws Exception {
+ try {
+ String form = server.selectBKU(
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ "file:" + getTestCaseDirectory() + "BKUSelectionTemplate.html",
+ "file:" + getTestCaseDirectory() + "Template.html");
+ //writeXmldata("SelectBKUForm_out.html", form.getBytes());
+ assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form);
+ }
+ catch (Exception ex) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage());
+ throw ex;
+ }
+ }
+ public void testA702() throws Exception {
+ try {
+ String form = server.selectBKU(
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ null,
+ null);
+ //writeXmldata("SelectBKUForm_out.html", form.getBytes());
+ assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form);
+ }
+ catch (Exception ex) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage());
+ throw ex;
+ }
+ }
+ public void testA703() throws Exception {
+ try {
+ String form = server.selectBKU(
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ null,
+ null);
+ //writeXmldata("SelectBKUForm_out.html", form.getBytes());
+ assertEqualsIgnoreSessionID(readXmldata("SelectBKUForm.html"), form);
+ }
+ catch (Exception ex) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + ex.getLocalizedMessage());
+ throw ex;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
new file mode 100644
index 000000000..e0e6fc183
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java
@@ -0,0 +1,163 @@
+package test.abnahme;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.RandomAccessFile;
+
+import test.MOAIDTestCase;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+/**
+ * Base class for MOA ID test cases.
+ *
+ * Provides some utility functions.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class AbnahmeTestCase extends MOAIDTestCase {
+
+ protected static final String TESTDATA_ROOT = "data/abnahme-test/";
+ protected static final String TESTDATA_XMLDATA = "data/abnahme-test/xmldata/";
+ protected static final String AUTH_ENDPOINT = "http://localhost:8080/moa-id-auth/";
+ protected AuthenticationServer server;
+
+ /**
+ * Constructor for MOATestCase.
+ * @param arg0
+ */
+ public AbnahmeTestCase(String name) {
+ super(name);
+ }
+ /**
+ * Set up a transaction context with a test configuration.
+ */
+ protected void setUp() throws Exception {
+
+ System.out.print("--------S-T-A-R-T----V-O-N----");
+ System.out.print(getName().toUpperCase().substring(4,getName().length()));
+ System.out.print("-----------------------------\n");
+
+ // Set moa.spss.server.configuration property
+ System.setProperty("moa.spss.server.configuration",TESTDATA_ROOT + "conf/moa/ConfigurationTest.xml");
+
+ // Set moa.id.configuration property
+ String pathname = findXmldata("Configuration.xml");
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, pathname);
+ System.out.println("Konfiguration " + pathname);
+ AuthConfigurationProvider.reload();
+
+ server = AuthenticationServer.getInstance();
+ }
+ /** Test case z.B. "A153" */
+ protected String getID() {
+ return getName().toUpperCase().substring(4,getName().length());
+ }
+ /** Test group z.B. "A100" */
+ protected String getTestGroup() {
+ return getID().substring(0, 2) + "00";
+ }
+ /** Test case data directory */
+ protected String getTestCaseDirectory() {
+ return getTestGroupDirectory() + getID() + "/";
+ }
+ /** Test group data directory */
+ protected String getTestGroupDirectory() {
+ return TESTDATA_XMLDATA + getTestGroup() + "/";
+ }
+ /** Finds a file in the xmldata directory */
+ protected String findXmldata(String filename) {
+ String pathname = getTestCaseDirectory() + filename;
+ if (! new File(pathname).exists()) {
+ pathname = getTestGroupDirectory() + filename;
+ if (! new File(pathname).exists()) {
+ pathname = TESTDATA_XMLDATA + filename;
+ }
+ }
+ return pathname;
+ }
+ /** Finds and reads a file in the xmldata directory */
+ protected String readXmldata(String filename) throws IOException {
+ String pathname = findXmldata(filename);
+ System.out.println("Read file " + pathname);
+ return readFile(pathname);
+ }
+ protected void writeXmldata(String filename, byte[] content) throws Exception {
+ String pathname = getTestCaseDirectory() + filename;
+ System.out.println("Write file " + pathname);
+ RandomAccessFile raf = new RandomAccessFile(pathname, "rw");
+ byte[] data = content;
+ raf.write(data);
+ raf.setLength(data.length);
+ raf.close();
+ }
+
+ /**
+ * Creates a session using standard parameters,
+ * and returns the session ID.
+ */
+ protected String startAuthentication() throws MOAIDException {
+ return startAuthentication("https://localhost:9443/");
+ }
+ /**
+ * Creates a session using standard parameters,
+ * and returns the session ID.
+ */
+ protected String startAuthentication(String oaURL) throws MOAIDException {
+ String htmlForm = AuthenticationServer.getInstance().startAuthentication(
+ "https://localhost:8443/auth",
+ "gb",
+ oaURL,
+ null,
+ null,
+ null);
+ String sessionID = parseSessionIDFromForm(htmlForm);
+ return sessionID;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue(
+ "HTML Form enthält keine SessionID",
+ htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = i1;
+ while(i2 < htmlForm.length() &&
+ (htmlForm.charAt(i2) == '-' || (htmlForm.charAt(i2) >= '0' && htmlForm.charAt(i2) <= '9')))
+ i2++;
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+ protected String clearSessionID(String htmlForm) {
+ String sessionID = parseSessionIDFromForm(htmlForm);
+ int i1 = htmlForm.indexOf(sessionID);
+ int i2 = i1 + sessionID.length();
+ return htmlForm.substring(0, i1) + htmlForm.substring(i2);
+ }
+ protected void assertEqualsIgnoreSessionID(String s1, String s2) {
+ String ss1 = clearSessionID(s1);
+ String ss2 = clearSessionID(s2);
+ assertEquals(ss1, ss2);
+ }
+ protected void authDataWriter(AuthenticationData authData, String filename) throws Exception
+ {
+ writeXmldata("AuthenticationDataNEW.xml", clearSamlAssertion(authData.getSamlAssertion()).getBytes("UTF-8"));
+ }
+
+ /**
+ * clearSamlAssertion löscht aus einer beliebiegen String-Repräsentation einer XML-Struktur
+ * AUSSLIESSLICH die Attribute 'IssueInstant' und 'AssertionID' heraus.
+ * @param samlAssertion
+ * @return String
+ */
+ protected String clearSamlAssertion(String samlAssertion)
+ {
+ String result = killInclusive(samlAssertion,"IssueInstant='", "'","");
+ result = killInclusive(result,"AssertionID='", "'","");
+ return result;
+ }
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AllTests.java b/id/server/idserverlib/src/test/java/test/abnahme/AllTests.java
new file mode 100644
index 000000000..56a38be28
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/AllTests.java
@@ -0,0 +1,49 @@
+package test.abnahme;
+
+import junit.awtui.TestRunner;
+import junit.framework.*;
+
+import test.abnahme.A.Test100StartAuthentication;
+import test.abnahme.A.Test200VerifyIdentityLink;
+import test.abnahme.A.Test300VerifyAuthBlock;
+import test.abnahme.A.Test400GetAuthenticationData;
+import test.abnahme.A.Test500StartAuthenticationServlet;
+import test.abnahme.A.Test600GetAuthenticationDataService;
+import test.abnahme.A.Test700SelectBKU;
+import test.abnahme.C.Test100Konfiguration;
+import test.abnahme.P.Test100LoginParameterResolver;
+
+
+
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(Test100StartAuthentication.class);
+ suite.addTestSuite(Test200VerifyIdentityLink.class);
+ suite.addTestSuite(Test300VerifyAuthBlock.class);
+ suite.addTestSuite(Test400GetAuthenticationData.class);
+ suite.addTestSuite(Test500StartAuthenticationServlet.class);
+ suite.addTestSuite(Test600GetAuthenticationDataService.class);
+ suite.addTestSuite(Test700SelectBKU.class);
+
+ suite.addTestSuite(Test100LoginParameterResolver.class);
+
+ suite.addTestSuite(Test100Konfiguration.class);
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/C/Test100Konfiguration.java b/id/server/idserverlib/src/test/java/test/abnahme/C/Test100Konfiguration.java
new file mode 100644
index 000000000..7da5a7449
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/C/Test100Konfiguration.java
@@ -0,0 +1,60 @@
+package test.abnahme.C;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+import test.abnahme.AbnahmeTestCase;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+
+public class Test100Konfiguration extends AbnahmeTestCase {
+
+ public Test100Konfiguration(String name) {
+ super(name);
+ }
+
+ public void testC001() throws Exception {
+ try {
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testC002() throws Exception {
+ try {
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testC003() throws Exception {
+ try {
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testC051() throws Exception {
+ try {
+ // Set moa.id.configuration property
+ String pathname = findXmldata("ConfigurationC051.xml");
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, pathname);
+ System.out.println("Konfiguration " + pathname);
+ AuthConfigurationProvider.reload();
+ }
+ catch (Exception e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ // AuthConfigurationProvider.getInstance().getBKUConnectionParameter().getAcceptedServerCertificates()
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
new file mode 100644
index 000000000..21958a367
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/P/Test100LoginParameterResolver.java
@@ -0,0 +1,146 @@
+package test.abnahme.P;
+import java.util.Map;
+
+import sun.misc.BASE64Decoder;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolver;
+import at.gv.egovernment.moa.id.proxy.LoginParameterResolverFactory;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+
+public class Test100LoginParameterResolver extends AbnahmeTestCase {
+
+ private static final String CLIENT_IP_ADDRESS = "56.246.75.11";
+ private OAConfiguration oaConf;
+ private LoginParameterResolver lpr;
+
+ public Test100LoginParameterResolver(String name) {
+ super(name);
+ }
+
+ private void setUp(String publicURLPrefix)
+ throws Exception {
+
+ // get configuration data
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
+ oaConf = oaParam.getOaConfiguration();
+ System.out.println("Parameterübergabe: " + oaConf.getAuthType());
+
+ // get login parameter resolver
+ LoginParameterResolverFactory.initialize();
+ lpr = LoginParameterResolverFactory.getLoginParameterResolver(publicURLPrefix);
+ }
+ public void testP101() throws Exception {
+ try {
+ // read configuration and set up LoginParameterResolver
+ setUp("https://testP101:9443/");
+ if (! oaConf.getAuthType().equals(OAConfiguration.BASIC_AUTH))
+ fail();
+
+ // assemble authentication data
+ AuthenticationData authData = new AuthenticationData();
+ authData.setFamilyName("Huber");
+ authData.setGivenName("Hugo");
+
+ // resolve login headers
+ Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+
+ // validate login headers
+ assertEquals(1, loginHeaders.keySet().size());
+ System.out.println("Header Authorization: " + loginHeaders.get("Authorization"));
+ System.out.println("Decoded UserID:Password " +
+ new String(new BASE64Decoder().decodeBuffer(((String)loginHeaders.get("Authorization")).substring(6))));
+ String userIDPassword = "Hugo:Huber";
+ String credentials = Base64Utils.encode(userIDPassword.getBytes());
+ assertEquals("Basic " + credentials, loginHeaders.get("Authorization"));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ }
+ public void testP102() throws Exception {
+ try {
+ // read configuration and set up LoginParameterResolver
+ setUp("https://testP102:9443/");
+ if (! oaConf.getAuthType().equals(OAConfiguration.PARAM_AUTH))
+ fail();
+
+ // assemble authentication data
+ AuthenticationData authData = new AuthenticationData();
+ String DATE_OF_BIRTH = "1963-12-29";
+ String VPK = "kp6hOq6LRAkLtrqm6EvDm6bMwJw=";
+ authData.setDateOfBirth(DATE_OF_BIRTH);
+ authData.setBPK(VPK);
+
+ // resolve login parameters
+ Map loginParameters = lpr.getAuthenticationParameters(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+
+ // validate login headers
+ assertEquals(2, loginParameters.keySet().size());
+ System.out.println("Param1: " + loginParameters.get("Param1"));
+ System.out.println("Param2: " + loginParameters.get("Param2"));
+ assertEquals(DATE_OF_BIRTH, loginParameters.get("Param1"));
+ assertEquals(VPK, loginParameters.get("Param2"));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testP103() throws Exception {
+ try {
+ // read configuration and set up LoginParameterResolver
+ setUp("https://localhost:9443/");
+ if (! oaConf.getAuthType().equals(OAConfiguration.HEADER_AUTH))
+ fail();
+
+ // assemble authentication data
+ AuthenticationData authData = new AuthenticationData();
+ boolean PUBLIC_AUTH = true;
+ String BKZ = "FinanzamtWien23Leitstelle";
+ boolean QUAL_CERT = false;
+ String STAMMZAHL = "3456789012";
+ authData.setPublicAuthority(PUBLIC_AUTH);
+ authData.setPublicAuthorityCode(BKZ);
+ authData.setQualifiedCertificate(QUAL_CERT);
+ authData.setIdentificationValue(STAMMZAHL);
+
+ // resolve login headers
+ Map loginHeaders = lpr.getAuthenticationHeaders(oaConf, authData, CLIENT_IP_ADDRESS, false, "");
+
+ // validate login headers
+ assertEquals(5, loginHeaders.keySet().size());
+ System.out.println("Header Param1: " + loginHeaders.get("Param1"));
+ System.out.println("Header Param2: " + loginHeaders.get("Param2"));
+ System.out.println("Header Param3: " + loginHeaders.get("Param3"));
+ System.out.println("Header Param4: " + loginHeaders.get("Param4"));
+ System.out.println("Header Param5: " + loginHeaders.get("Param5"));
+ assertEquals(String.valueOf(PUBLIC_AUTH), loginHeaders.get("Param1"));
+ assertEquals(BKZ, loginHeaders.get("Param2"));
+ assertEquals(String.valueOf(QUAL_CERT), loginHeaders.get("Param3"));
+ assertEquals(STAMMZAHL, loginHeaders.get("Param4"));
+ assertEquals(CLIENT_IP_ADDRESS, loginHeaders.get("Param5"));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/AllTests.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/AllTests.java
new file mode 100644
index 000000000..69ed3d12b
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/AllTests.java
@@ -0,0 +1,41 @@
+package test.at.gv.egovernment.moa.id;
+
+import test.at.gv.egovernment.moa.id.auth.AuthenticationServerTest;
+import test.at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataServiceTest;
+import test.at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationTest;
+import test.at.gv.egovernment.moa.id.config.auth.MOAIDAuthConfigurationProviderTest;
+import test.at.gv.egovernment.moa.id.config.proxy.MOAIDProxyConfigurationProviderTest;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(AuthenticationServerTest.class);
+ suite.addTest(test.at.gv.egovernment.moa.id.auth.builder.AllTests.suite());
+ suite.addTest(test.at.gv.egovernment.moa.id.auth.parser.AllTests.suite());
+ suite.addTestSuite(GetAuthenticationDataServiceTest.class);
+ suite.addTestSuite(SignatureVerificationTest.class);
+ suite.addTestSuite(MOAIDAuthConfigurationProviderTest.class);
+ suite.addTestSuite(MOAIDProxyConfigurationProviderTest.class);
+ suite.addTest(test.at.gv.egovernment.moa.id.proxy.AllTests.suite());
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java
new file mode 100644
index 000000000..8309a4f7e
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/UnitTestCase.java
@@ -0,0 +1,35 @@
+package test.at.gv.egovernment.moa.id;
+
+import test.MOAIDTestCase;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+
+/**
+ * Base class for MOA ID test cases.
+ *
+ * Provides some utility functions.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class UnitTestCase extends MOAIDTestCase {
+
+ protected static final String TESTDATA_ROOT = "data/test/";
+
+ /**
+ * Constructor for MOATestCase.
+ * @param arg0
+ */
+ public UnitTestCase(String name) {
+ super(name);
+ }
+ /**
+ * Set up a transaction context with a test configuration.
+ */
+ protected void setUp() throws Exception {
+ System.setProperty(
+ ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+ }
+
+} \ No newline at end of file
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
new file mode 100644
index 000000000..5acb23dc2
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java
@@ -0,0 +1,56 @@
+package test.at.gv.egovernment.moa.id.auth;
+
+import java.util.HashMap;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationServerTest extends UnitTestCase {
+
+ public AuthenticationServerTest(String name) {
+ super(name);
+ }
+
+ public void testStandard() throws Exception {
+ doTest(
+ "standard",
+ "https://localhost:8443/auth",
+ "gb",
+ "https://localhost:9443/",
+ null,
+ null);
+ }
+ public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {
+ String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";
+ AuthenticationServer server = AuthenticationServer.getInstance();
+ String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null);
+ String sessionID = parseSessionIDFromForm(htmlForm);
+ String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");
+ HashMap parameters = new HashMap(1);
+ parameters.put(MOAIDAuthConstants.PARAM_XMLRESPONSE, infoboxReadResponse);
+
+ String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, parameters);
+ String createXMLSignatureRequestShould = readFile(testdataRoot + "CreateXMLSignatureRequest.xml");
+ assertXmlEquals(createXMLSignatureRequestShould, createXMLSignatureRequest);
+ String createXMLSignatureResponse = readFile(testdataRoot + "CreateXMLSignatureResponse.xml");
+ String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ AuthenticationData authData = server.getAuthenticationData(samlArtifact);
+ String authDataShould = readFile(testdataRoot + "AuthenticationDataAssertion.xml");
+ assertXmlEquals(authDataShould, authData.getSamlAssertion());
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
new file mode 100644
index 000000000..81cdfb9f8
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java
@@ -0,0 +1,47 @@
+package test.at.gv.egovernment.moa.id.auth;
+
+import java.security.KeyStore;
+import java.util.Enumeration;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class MOAIDAuthInitialiserTest extends UnitTestCase {
+
+ public MOAIDAuthInitialiserTest(String name) {
+ super(name);
+ }
+
+ public void testInit() throws Exception
+ {
+// System.setProperty(
+// ConfigurationProvider.CONFIG_PROPERTY_NAME,"C://Programme/ApacheGroup/abnahme/conf/moa-id/SampleMOAIDConfiguration.xml");
+// System.setProperty(
+// ConfigurationProvider.CONFIG_PROPERTY_NAME,"D://Daten/_Projects/moa_id_maengel/SampleMOAIDConfiguration.xml");
+ SSLUtils.initialize();
+
+ try {
+ KeyStore s = KeyStoreUtils.loadKeyStore("pkcs12","file:C:/Programme/ApacheGroup/abnahme/cert/keystore.p12","changeit");
+ System.out.println(s.getProvider().getClass().getName());
+ Enumeration aliases = s.aliases();
+ while (aliases.hasMoreElements()) {
+ String element = (String) aliases.nextElement();
+ System.out.print(element+":");
+ System.out.println(s.getCertificate(element).getPublicKey().getAlgorithm());
+ System.out.println(s.getCertificate(element).getType());
+ }
+
+
+ System.out.println(s.getCertificate("pc41408").getPublicKey().getFormat());
+
+ }
+ catch (Exception e) {e.printStackTrace();};
+
+ }
+
+ }
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java
new file mode 100644
index 000000000..2940f0ec7
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java
@@ -0,0 +1,33 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author patrick
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+// suite.addTestSuite(AuthenticationBlockAssertionBuilderTest.class);
+ suite.addTestSuite(CreateXMLSignatureBuilderTest.class);
+// suite.addTestSuite(GetIdentityLinkFormBuilderTest.class);
+// suite.addTestSuite(InfoboxReadRequestBuilderTest.class);
+// suite.addTestSuite(PersonDataBuilderTest.class);
+// suite.addTestSuite(SAMLArtifactBuilderTest.class);
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
new file mode 100644
index 000000000..8cc8797ef
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java
@@ -0,0 +1,47 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase {
+ private static final String nl = "\n";
+ private static final String ISSUER = "Hugo Mustermann";
+ private static final String ISSUE_INSTANT = "2003-03-15T22:50:21+01:00";
+ private static final String AUTH_URL = "https://auth.moa.gv.at/";
+ private static final String TARGET = "Grundbuch";
+ private static final String OA_URL = "https://grundbuch.gv.at/";
+ private static final String GEB_DAT = "2004-01-02";
+
+ // wird auch von CreateXMLSignatureBuilderTest verwendet !
+ public static final String ASSERTION_SHOULD =
+"<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='" + ISSUER + "' IssueInstant='" + ISSUE_INSTANT + "'>" + nl +
+" <saml:AttributeStatement>" + nl +
+" <saml:Subject>" + nl +
+" <saml:NameIdentifier>" + AUTH_URL + "</saml:NameIdentifier>" + nl +
+" </saml:Subject>" + nl +
+" <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl +
+" <saml:AttributeValue>" + TARGET + "</saml:AttributeValue>" + nl +
+" </saml:Attribute>" + nl +
+" <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl +
+" <saml:AttributeValue>" + OA_URL + "</saml:AttributeValue>" + nl +
+" </saml:Attribute>" + nl +
+" </saml:AttributeStatement>" + nl +
+"</saml:Assertion>";
+
+ public AuthenticationBlockAssertionBuilderTest(String name) {
+ super(name);
+ }
+
+ public void testBuild() throws Exception {
+ AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder();
+ String assertionBuilt = builder.buildAuthBlock(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, "", "", OA_URL, GEB_DAT, null, null);
+ assertionBuilt = XML_DECL + assertionBuilt;
+ String assertionShould = XML_DECL + ASSERTION_SHOULD;
+ assertXmlEquals(assertionShould, assertionBuilt);
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java
new file mode 100644
index 000000000..1f4890dc9
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java
@@ -0,0 +1,105 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class CreateXMLSignatureBuilderTest extends UnitTestCase {
+ private static final String nl = "\n";
+ public static final String TRANSFORMS_INFO =
+ " <sl10:TransformsInfo>" + nl +
+ " <dsig:Transforms>" + nl +
+ " <dsig:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'/>" + nl +
+ " <dsig:Transform Algorithm='http://www.w3.org/TR/1999/REC-xslt-19991116'>" + nl +
+"<xsl:stylesheet version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' >" + nl +
+"<xsl:template match='/'>" + nl +
+"<html>" + nl +
+"<body>" + nl +
+"</body>" + nl +
+"</html>" + nl +
+"</xsl:template>" + nl +
+"</xsl:stylesheet>" + nl +
+ " </dsig:Transform>" + nl +
+ " </dsig:Transforms>" + nl +
+ " <sl10:FinalDataMetaInfo>" + nl +
+ " <sl10:MimeType>text/html</sl10:MimeType>" + nl +
+ " </sl10:FinalDataMetaInfo>" + nl +
+ " </sl10:TransformsInfo>" + nl;
+ public static final String REQUEST_SHOULD =
+"<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl +
+"<sl11:CreateXMLSignatureRequest xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sl10=\"http://www.buergerkarte.at/namespaces/securitylayer/20020225#\" xmlns:sl11=\"http://www.buergerkarte.at/namespaces/securitylayer/20020831#\">" + nl +
+" <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl +
+" <sl11:DataObjectInfo Structure=\"detached\">" + nl +
+" <sl10:DataObject Reference=\"\"/>" + nl +
+TRANSFORMS_INFO +
+" </sl11:DataObjectInfo>" + nl +
+" <sl11:SignatureInfo>" + nl +
+" <sl11:SignatureEnvironment>" + nl +
+" <sl10:XMLContent>" + AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD + "</sl10:XMLContent>" + nl +
+" </sl11:SignatureEnvironment>" + nl +
+" <sl11:SignatureLocation Index=\"2\">/saml:Assertion</sl11:SignatureLocation>" + nl +
+" </sl11:SignatureInfo>" + nl +
+"</sl11:CreateXMLSignatureRequest>";
+
+
+ public static final String TRANSFORMS_INFO_SL12 =
+ " <sl:TransformsInfo>" + nl +
+ " <dsig:Transforms>" + nl +
+ " <dsig:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'/>" + nl +
+ " <dsig:Transform Algorithm='http://www.w3.org/TR/1999/REC-xslt-19991116'>" + nl +
+"<xsl:stylesheet version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' >" + nl +
+"<xsl:template match='/'>" + nl +
+"<html>" + nl +
+"<body>" + nl +
+"</body>" + nl +
+"</html>" + nl +
+"</xsl:template>" + nl +
+"</xsl:stylesheet>" + nl +
+ " </dsig:Transform>" + nl +
+ " </dsig:Transforms>" + nl +
+ " <sl:FinalDataMetaInfo>" + nl +
+ " <sl:MimeType>text/html</sl:MimeType>" + nl +
+ " </sl:FinalDataMetaInfo>" + nl +
+ " </sl:TransformsInfo>" + nl;
+ public static final String REQUEST_SHOULD_SL12 =
+"<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl +
+"<sl:CreateXMLSignatureRequest xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" + nl +
+" <sl:KeyboxIdentifier>SecureSignatureKeypair</sl:KeyboxIdentifier>" + nl +
+" <sl:DataObjectInfo Structure=\"detached\">" + nl +
+" <sl:DataObject Reference=\"\"/>" + nl +
+TRANSFORMS_INFO_SL12 +
+" </sl:DataObjectInfo>" + nl +
+" <sl:SignatureInfo>" + nl +
+" <sl:SignatureEnvironment>" + nl +
+" <sl:XMLContent>" + AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD + "</sl:XMLContent>" + nl +
+" </sl:SignatureEnvironment>" + nl +
+" <sl:SignatureLocation Index=\"2\">/saml:Assertion</sl:SignatureLocation>" + nl +
+" </sl:SignatureInfo>" + nl +
+"</sl:CreateXMLSignatureRequest>";
+
+
+
+
+ public CreateXMLSignatureBuilderTest(String name) {
+ super(name);
+ }
+
+ public void testBuild() throws Exception {
+ // test build for Security Layer version 1.1 and 1.0
+ String request = new CreateXMLSignatureRequestBuilder().build(
+ AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD, "SecureSignatureKeypair",
+ new String[] {TRANSFORMS_INFO},
+ false);
+ assertXmlEquals(REQUEST_SHOULD, request);
+ // test build for Security Layer version 1.2
+ String requestSL12 = new CreateXMLSignatureRequestBuilder().build(
+ AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD, "SecureSignatureKeypair",
+ new String[] {TRANSFORMS_INFO},
+ true);
+ assertXmlEquals(REQUEST_SHOULD_SL12, requestSL12);
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java
new file mode 100644
index 000000000..c146984d0
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java
@@ -0,0 +1,73 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import java.text.MessageFormat;
+
+import junit.framework.TestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetIdentityLinkFormBuilderTest extends TestCase {
+ private static String nl = "\n";
+ public static String FORM =
+ "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
+ "<html>" + nl +
+ "<head>" + nl +
+ "<title>Auslesen der Personenbindung</title>" + nl +
+ "</head>" + nl +
+ "<body>" + nl +
+ "<form name=\"GetIdentityLinkForm\"" + nl +
+ " action=\"{0}\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"{1}\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"{2}\"/>" + nl +
+ " <input type=\"submit\" value=\"Auslesen der Personenbindung\"/>" + nl +
+ "</form>" + nl +
+ "<form name=\"CertificateInfoForm\"" + nl +
+ " action=\"{0}\"" + nl +
+ " method=\"post\">" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"XMLRequest\"" + nl +
+ " value=\"{3}\"/>" + nl +
+ " <input type=\"hidden\" " + nl +
+ " name=\"DataURL\"" + nl +
+ " value=\"{4}\"/>" + nl +
+ " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl +
+ "</form>" + nl +
+ "</body>" + nl +
+ "</html>";
+ public static String BKU =
+ "http://localhost:3495/http-security-layer-request";
+
+ public void testBuild() throws Exception {
+ String xmlRequest = new InfoboxReadRequestBuilder().build(false, false, null);
+ String dataURL = "https://1.2.3.4/auth/VerifyIdentityLink?MOASessionID=1234567";
+ String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(false);
+ String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/";
+ String form = new GetIdentityLinkFormBuilder().build(null, null, xmlRequest, dataURL, infoRequest, infoDataURL, null);
+ String formShould = MessageFormat.format(
+ FORM, new Object[] { BKU, xmlRequest, dataURL, infoRequest, infoDataURL });
+ assertEquals(formShould, form);
+ }
+ public void testBuildCustomBKU() throws Exception {
+ String xmlRequest = new InfoboxReadRequestBuilder().build(false, false, null);
+ String dataURL = "https://1.2.3.4/auth/AuthServlet/StartAuthentication?MOASessionID=1234567";
+ String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(false);
+ String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/";
+ String bkuURL = "http://bku.at/";
+ String form = new GetIdentityLinkFormBuilder().build(null, bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL, null);
+ String formShould = MessageFormat.format(
+ FORM, new Object[] { bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL });
+ assertEquals(formShould, form);
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
new file mode 100644
index 000000000..24d01f96f
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java
@@ -0,0 +1,29 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import org.w3c.dom.Document;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class InfoboxReadRequestBuilderTest extends UnitTestCase implements Constants {
+
+ public InfoboxReadRequestBuilderTest(String name) {
+ super(name);
+ }
+
+ public void testBuild() throws Exception {
+ InfoboxReadRequestBuilder builder = new InfoboxReadRequestBuilder();
+ String xmlBuilt = builder.build(false, false, null);
+ Document docBuilt = DOMUtils.parseDocument(xmlBuilt, false, ALL_SCHEMA_LOCATIONS, null);
+ String xmlBuiltSerialized = DOMUtils.serializeNode(docBuilt);
+ // xmlShould was generated by Hot:Sign Tester
+ String xmlShould = "<?xml version='1.0' encoding='utf-8'?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>";
+ assertXmlEquals(xmlShould, xmlBuiltSerialized);
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
new file mode 100644
index 000000000..504679fd5
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java
@@ -0,0 +1,51 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.util.Constants;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class PersonDataBuilderTest extends UnitTestCase implements Constants {
+
+ /**
+ * Constructor for PersonDataBuilderTest.
+ */
+ public PersonDataBuilderTest(String arg) {
+ super(arg);
+ }
+ public void testBuild() throws Exception {
+ String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml");
+ IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
+ String xmlPersonData = new PersonDataBuilder().build(il, true);
+ String xmlPersonDataShould = "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Identification><pr:Value>123456789012</pr:Value><pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type></pr:Identification><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>";
+ assertPersonDataEquals(xmlPersonDataShould, xmlPersonData);
+ }
+ public void testBuildNoZMRZahl() throws Exception {
+ String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml");
+ IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink();
+ String xmlPersonData = new PersonDataBuilder().build(il, false);
+ String xmlPersonDataShould = XML_DECL + "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>";
+ assertPersonDataEquals(xmlPersonDataShould, xmlPersonData);
+ }
+ private void assertPersonDataEquals(String s1, String s2) throws Exception {
+ String ss1 = insertPrNS(s1);
+ String ss2 = insertPrNS(s2);
+ assertXmlEquals(ss1, ss2);
+ }
+ private String insertPrNS(String xmlPersonData) {
+ int startNS = xmlPersonData.indexOf("Person") + "Person".length() + 1;
+ String s =
+ xmlPersonData.substring(0, startNS) +
+ "xmlns:pr=\"" + PD_NS_URI + "\" " +
+ "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " +
+ xmlPersonData.substring(startNS);
+ return s;
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
new file mode 100644
index 000000000..3ec73ee4c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java
@@ -0,0 +1,52 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactBuilderTest extends UnitTestCase {
+
+ private static final String AUTH_URL = "https://moa.gv.at/auth/";
+ private static final String SESSION_ID_1 = "123456";
+ private static final String SESSION_ID_2 = "123457";
+ private static final String SESSION_ID_3 = "1234567";
+
+ private SAMLArtifactBuilder builder;
+ private byte[] artifact1;
+ private byte[] artifact2;
+ private byte[] artifact3;
+
+ public SAMLArtifactBuilderTest(String name) {
+ super(name);
+ }
+ protected void setUp() throws Exception {
+ builder = new SAMLArtifactBuilder();
+ artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false);
+ artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2), false);
+ artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3), false);
+ }
+
+ public void testBuildArtifactLength() throws BuildException {
+ assertEquals(42, artifact1.length);
+ assertEquals(42, artifact2.length);
+ assertEquals(42, artifact3.length);
+ }
+ public void testBuildSameArtifact() throws Exception {
+ byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false);
+ assertEquals(new String(artifact1), new String(artifact1Clone));
+ }
+ public void testBuildDifferentArtifacts() throws BuildException {
+ String msg = "SAML Artifacts should be different";
+ assertFalse(msg, new String(artifact1).equals(new String(artifact2)));
+ assertFalse(msg, new String(artifact1).equals(new String(artifact3)));
+ assertFalse(msg, new String(artifact3).equals(new String(artifact2)));
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java
new file mode 100644
index 000000000..5b3bb5906
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java
@@ -0,0 +1,93 @@
+package test.at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.FileInputStream;
+import java.io.RandomAccessFile;
+
+import org.w3c.dom.Element;
+import test.at.gv.egovernment.moa.id.auth.invoke.MOASPSSTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+
+
+
+/**
+ * Test case for the signature verification web service.
+ *
+ * This test requires a running SignatureVerification web service.
+ *
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class VerifyXMLSignatureRequestBuilderTest extends MOASPSSTestCase {
+
+
+ private SignatureVerificationInvoker caller;
+
+ public VerifyXMLSignatureRequestBuilderTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+ System.setProperty(
+ ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ "data/test/conf/ConfigurationTest.xml");
+ caller = new SignatureVerificationInvoker();
+ }
+
+ public void testVerifyXMLSignatureRequestBuilderIdentityLink() throws Exception {
+
+ RandomAccessFile infoBox = new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r");
+ byte[] b = new byte[(int) infoBox.length()];
+ infoBox.read(b);
+ infoBox.close();
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+
+ RandomAccessFile vr = new RandomAccessFile(
+ "data/test/xmldata/standard/VerifyXMLSignatureRequestIdentityLink.xml","r");
+ b = new byte[(int) vr.length()];
+ vr.read(b);
+ vr.close();
+ String xmlResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element requestBuild = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID());
+
+ assertXmlEquals(requestBuild, xmlResponse);
+
+ }
+
+ public void testVerifyXMLSignature2() throws Exception {
+
+ RandomAccessFile s = new RandomAccessFile("data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ s.close();
+ String xmlCreateXMLSignatureResponse = new String(b, "UTF-8");
+
+ CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse csr = cXMLsrp.parseResponse();
+
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID());
+
+ // check the result
+ assertXmlEquals(request, new FileInputStream("data/test/xmldata/standard/VerifyXMLSignatureRequestCreateXML.xml"));
+
+ }
+ }
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java
new file mode 100644
index 000000000..7ae6f70ef
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java
@@ -0,0 +1,38 @@
+package test.at.gv.egovernment.moa.id.auth.invoke;
+
+import java.security.Security;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/**
+ * Base class for end-to-end tests of MOA web-services.
+ *
+ * Initializes the test system and provides some properties.
+ *
+ * @author Patrick Peck
+ * @version $Id$
+ */
+public class MOASPSSTestCase extends UnitTestCase {
+
+ public MOASPSSTestCase(String name) {
+ super(name);
+ }
+
+
+ protected void setupSSL() {
+ System.setProperty("javax.net.debug", "all");
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty(
+ "java.protocol.handler.pkgs",
+ "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty(
+ "javax.net.ssl.keyStore",
+ "data/test/security/client.keystore");
+ System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
+ System.setProperty(
+ "javax.net.ssl.trustStore",
+ "data/test/security/client.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java
new file mode 100644
index 000000000..0648163d5
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java
@@ -0,0 +1,166 @@
+package test.at.gv.egovernment.moa.id.auth.invoke;
+
+import java.io.RandomAccessFile;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+
+
+/**
+ * Test case for the signature verification web service.
+ *
+ * This test requires a running SignatureVerification web service.
+ *
+ * @author Patrick Peck
+ * @author Fatemeh Philippi
+ * @version $Id$
+ */
+public class SignatureVerificationTest extends MOASPSSTestCase {
+
+
+ private SignatureVerificationInvoker caller;
+
+ public SignatureVerificationTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+System.setProperty(
+ ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ "data/test/conf/ConfigurationTest.xml");
+ caller = new SignatureVerificationInvoker();
+ }
+
+/* public void testVerifyCMSSignature() throws Exception {
+ Element request =
+ parseXml("data/test/xml/VCSQ000.xml").getDocumentElement();
+ Element result;
+
+ // call the service
+ result = caller.verifyXMLSignature(request);
+
+ // check the result
+ assertEquals("VerifyCMSSignatureResponse", result.getTagName());
+ }*/
+
+ public void testVerifyXMLSignature1() throws Exception {
+
+ //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum
+ //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse =new String(b,"UTF8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element request = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID());
+ s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithInfoboxReadResponse.xml","rw");
+ s.write(DOMUtils.serializeNode(request).getBytes("UTF-8"));
+ s.close();
+// Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement();
+// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement();
+// call the service
+ Element response = caller.verifyXMLSignature(request);
+ VerifyXMLSignatureResponseParser vParser = new VerifyXMLSignatureResponseParser(response);
+ VerifyXMLSignatureResponse vData = vParser.parseData();
+ VerifyXMLSignatureResponseValidator vValidate = VerifyXMLSignatureResponseValidator.getInstance();
+ vValidate.validate(vData, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, true);
+ vValidate.validateCertificate(vData,idl);
+
+ // check the result
+ assertXmlEquals(response, request);
+
+ }
+
+ public void testVerifyXMLSignature2() throws Exception {
+ // Prüft den 2. Aufruf mit dem CreateXMLSIgnatureResponse als Parameter
+ //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum
+ //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlCreateXMLSignatureResponse = new String(b, "UTF8");
+
+ CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+// CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse csr = cXMLsrp.parseResponse();
+
+ VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder();
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+
+ Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID());
+ // Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement();
+// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement();
+ Element result;
+/*s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithAuthBlock.xml","rw");
+ s.write(DOMUtils.serializeNode(request).getBytes("UTF-8"));
+ s.close();*/
+ // call the service
+ result = caller.verifyXMLSignature(request);
+ // check the result
+ assertEquals("VerifyXMLSignatureResponse", result.getTagName());
+
+ }
+
+
+ public void testParseCreateXMLSignatureResponse() throws Exception {
+
+ //Später soll die Datei direkt vom Server geholt werden...
+
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/standard/CreateXMLSignatureResponse.xml",
+
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlCreateXMLSignatureResponse = new String(b, "UTF-8");
+
+ CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse csr = cXMLsrp.parseResponse();
+
+ }
+
+ public void testParseVerifyXMLSignatureResponse() throws Exception {
+
+ //Später soll die Datei direkt vom Server geholt werden...
+
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/standard/VerifyXMLSignaterResponse.xml",
+
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlVerifyXMLSignatureResponse = new String(b, "UTF-8");
+
+ VerifyXMLSignatureResponseParser vXMLsrp = new VerifyXMLSignatureResponseParser(xmlVerifyXMLSignatureResponse);
+ VerifyXMLSignatureResponse vsr = vXMLsrp.parseData();
+
+ }
+
+
+ }
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java
new file mode 100644
index 000000000..84f5110b0
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java
@@ -0,0 +1,29 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(IdentityLinkAssertionParserTest.class);
+ suite.addTestSuite(SAMLArtifactParserTest.class);
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
new file mode 100644
index 000000000..c29c1eedf
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java
@@ -0,0 +1,137 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import iaik.security.rsa.RSAPublicKey;
+
+import java.io.FileOutputStream;
+import java.io.RandomAccessFile;
+import java.security.PublicKey;
+
+import org.w3c.dom.Document;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class IdentityLinkAssertionParserTest extends UnitTestCase {
+
+ IdentityLinkAssertionParser ilap;
+
+ public IdentityLinkAssertionParserTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+ try {
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public void testParseIdentityLink() throws Exception {
+ IdentityLink idl = ilap.parseIdentityLink();
+ System.out.println(idl.getGivenName());
+ System.out.println(idl.getFamilyName());
+ System.out.println(idl.getDateOfBirth());
+ System.out.println(idl.getIdentificationValue());
+
+ VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder();
+
+ // Element zurück bekommen: vx.build(idl.getSamlAssertion());
+
+ IdentityLinkValidator idVali = IdentityLinkValidator.getInstance();
+ idVali.validate(idl);
+
+ }
+
+// public void testParseIdentityLinkECC() throws Exception {
+// RandomAccessFile s =
+// new RandomAccessFile(
+// "data/test/xmldata/IL.ResponseToRequest.01.ECDSA.xml",
+// "r");
+// byte[] b = new byte[(int) s.length()];
+// s.read(b);
+// String xmlInfoboxReadResponse = new String(b);
+// InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+// String SAML = irrp.parseSAMLAssertion();
+// ilap = new IdentityLinkAssertionParser(SAML);
+// IdentityLink idl = ilap.parseIdentityLink();
+// System.out.println(idl.getGivenName());
+// System.out.println(idl.getFamilyName());
+// System.out.println(idl.getDateOfBirth());
+// System.out.println(idl.getIdentificationValue());
+//
+// VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder();
+//
+// // Element zurück bekommen: vx.build(idl.getSamlAssertion());
+//
+// IdentityLinkValidator idVali = IdentityLinkValidator.getInstance();
+// idVali.validate(idl);
+//
+// }
+
+ public void testRSAPublicKeys() throws Exception {
+ if (ilap.getPublicKeys()[0].getClass().getName().equals("iaik.security.rsa.RSAPublicKey"))
+ {
+
+ for (int i = 0; i < ilap.getPublicKeys().length; i++) {
+ RSAPublicKey result = (RSAPublicKey)ilap.getPublicKeys()[i];
+ System.out.println("RSA Public Key No" + i);
+ System.out.println("Modulus: " + result.getModulus());
+ System.out.println("Exponent: " + result.getPublicExponent());
+ }
+
+ }
+ }
+
+ public void testECDSAPublicKeys() throws Exception {
+
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/ECDSAKeyExample.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String ecdsaKey = new String(b, "UTF-8");
+ Document e = DOMUtils.parseDocument(ecdsaKey,true,Constants.ALL_SCHEMA_LOCATIONS, null);
+ PublicKey p = ECDSAKeyValueConverter.element2ECDSAPublicKey(e.getDocumentElement());
+
+ }
+
+
+ public void testDsigCertificates() throws Exception {
+
+ String[] result = ilap.getCertificates();
+ for (int i = 0; i < result.length; i++) {
+
+ System.out.println("DSIG Certificate Length: " + result[i].length() + " No" + i + "\n" + result[i]);
+ FileOutputStream raf = new FileOutputStream("data/test/certs/cert" + i + ".cer");
+ raf.write(result[i].getBytes());
+ raf.flush();
+ raf.close();
+ }
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
new file mode 100644
index 000000000..9a878be2c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java
@@ -0,0 +1,67 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import java.io.RandomAccessFile;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class InfoboxReadResponseParserTest extends UnitTestCase {
+
+ IdentityLinkAssertionParser ilap;
+
+ public InfoboxReadResponseParserTest(String name) {
+ super(name);
+ }
+
+ public void setUp() {
+ }
+
+ public void testParseInfoboxReadResponse() throws Exception {
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/testperson1/InfoboxReadResponse.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
+
+ IdentityLink idl = ilap.parseIdentityLink();
+ System.out.println(idl.getGivenName());
+ System.out.println(idl.getFamilyName());
+ System.out.println(idl.getDateOfBirth());
+ System.out.println(idl.getIdentificationValue());
+
+ }
+
+ public void testParseInfoboxReadResponseError() throws Exception {
+ RandomAccessFile s =
+ new RandomAccessFile(
+ "data/test/xmldata/ErrorResponse.xml",
+ "r");
+ byte[] b = new byte[(int) s.length()];
+ s.read(b);
+ String xmlInfoboxReadResponse = new String(b, "UTF-8");
+
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse);
+ ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion());
+
+ IdentityLink idl = ilap.parseIdentityLink();
+ System.out.println(idl.getGivenName());
+ System.out.println(idl.getFamilyName());
+ System.out.println(idl.getDateOfBirth());
+ System.out.println(idl.getIdentificationValue());
+
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
new file mode 100644
index 000000000..992e799bd
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java
@@ -0,0 +1,55 @@
+package test.at.gv.egovernment.moa.id.auth.parser;
+
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
+import at.gv.egovernment.moa.id.util.Random;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLArtifactParserTest extends UnitTestCase {
+
+ private static String URL1 = "http://moa.gv.at/auth";
+ private static String URL2 = "https://moa.gv.at/auth";
+
+ public SAMLArtifactParserTest(String name) {
+ super(name);
+ }
+
+ public void testParseTypeCode() throws Exception {
+ String sessionID = Random.nextRandom();
+ String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID);
+ byte[] typeCode = new SAMLArtifactParser(samlArtifact).parseTypeCode();
+ assertEquals(typeCode[0], 0);
+ assertEquals(typeCode[1], 1);
+ }
+ public void testParseAssertionHandleSameSessionID() throws Exception {
+ // SAML artifacts for different authURL's but same sessionID MUST give same assertion handle
+ String sessionID = Random.nextRandom();
+ String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID);
+ String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID);
+ String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle();
+ String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle();
+ assertEquals(assertionHandle1, assertionHandle2);
+ }
+ public void testParseAssertionHandleSameURL() throws Exception {
+ // SAML artifacts for same authURL but different sessionID's MUST give different assertion handles
+ String sessionID1 = Random.nextRandom();
+ String sessionID2 = Random.nextRandom();
+ String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1);
+ String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2);
+ String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle();
+ String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle();
+ assertFalse(assertionHandle1.equals(assertionHandle2));
+ }
+ public void testParseAssertionHandleSameSAMLArtifact() throws Exception {
+ // SAML artifact parsed twice MUST give same assertion handle each time
+ String sessionID = Random.nextRandom();
+ String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID);
+ String assertionHandle1 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+ String assertionHandle2 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle();
+ assertEquals(assertionHandle1, assertionHandle2);
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java
new file mode 100644
index 000000000..c78651fdb
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java
@@ -0,0 +1,91 @@
+package test.at.gv.egovernment.moa.id.auth.servlet;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.XPathUtils;
+
+/**
+ * Test case instantiates GetAuthenticationDataService and calls the Request() method.
+ * It DOES NOT call the web service via Axis.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class GetAuthenticationDataServiceTest extends UnitTestCase implements Constants {
+
+ private GetAuthenticationDataService service;
+
+ public GetAuthenticationDataServiceTest(String arg0) {
+ super(arg0);
+ }
+ protected void setUp() throws Exception {
+ service = new GetAuthenticationDataService();
+ }
+
+ public void testService2Requests() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<saml:AssertionIDReference>123</saml:AssertionIDReference>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request, request})[0];
+ assertStatus(response, "samlp:Requester", "samlp:TooManyResponses");
+ }
+ public void testServiceNoSAMLArtifact() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<saml:AssertionIDReference>123</saml:AssertionIDReference>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", null);
+ }
+ public void testService2SAMLArtifacts() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>123</samlp:AssertionArtifact>" +
+ "<samlp:AssertionArtifact>456</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", "samlp:TooManyResponses");
+ }
+ public void testServiceWrongFormat() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", null);
+ }
+ public void testServiceWrongSAMLArtifact() throws Exception {
+ String requestString =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" +
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" +
+ "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ Element response = service.Request(new Element[] {request})[0];
+ assertStatus(response, "samlp:Requester", "samlp:ResourceNotRecognized");
+ }
+ private void assertStatus(Element response, String statusCodeShould, String subStatusCodeShould) throws Exception {
+ Element statusCodeNode = (Element)XPathUtils.selectSingleNode(response, "//samlp:StatusCode");
+ String statusCode = statusCodeNode.getAttribute("Value");
+ Element subStatusCodeNode = (Element)XPathUtils.selectSingleNode(statusCodeNode, "//samlp:StatusCode/samlp:StatusCode");
+ String subStatusCode = subStatusCodeNode == null ? null : subStatusCodeNode.getAttribute("Value");
+ System.out.println(statusCode + subStatusCode);
+ assertEquals(statusCodeShould, statusCode);
+ assertEquals(subStatusCodeShould, subStatusCode);
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java
new file mode 100644
index 000000000..655c33fd9
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java
@@ -0,0 +1,112 @@
+package test.at.gv.egovernment.moa.id.config.auth;
+
+import java.util.Map;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class MOAIDAuthConfigurationProviderTest extends UnitTestCase {
+ private AuthConfigurationProvider provider;
+
+ /**
+ * Constructor for MOAAuthConfigTest.
+ * @param name
+ */
+ public MOAIDAuthConfigurationProviderTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+
+ provider =
+ new AuthConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+
+ }
+ public void testGetTransformsInfoFileNames() {
+ String[] transformsInfoFileNames;
+ transformsInfoFileNames = provider.getTransformsInfoFileNames();
+// for (int i = 0; i < transformsInfoFileNames.length; i++) {
+// System.out.println(
+// "getTransformsInfoFileNames: " + transformsInfoFileNames[i]);
+ assertEquals(transformsInfoFileNames[0],"http://StringsecLayerTranformsInfo1");
+ assertEquals(transformsInfoFileNames[1],"http://StringsecLayerTranformsInfo2");
+// }
+
+ }
+
+ public void testGetMOASPConnectionParameters() {
+ ConnectionParameter cp;
+ cp = provider.getMoaSpConnectionParameter();
+ assertEquals(cp.getUrl(),"MOA-SP-URL");
+ assertEquals(cp.getAcceptedServerCertificates(),"http://AcceptedServerCertificates");
+ assertEquals(cp.getClientKeyStorePassword(),"Keystore Pass");
+ assertEquals(cp.getClientKeyStore(),"URLtoClientKeystoreAUTH");
+/* System.out.println();
+ System.out.println("getMoaSpConnectionParameter :" + cp.getUrl());
+ System.out.println(
+ "getMoaSpConnectionParameter :" + cp.getAcceptedServerCertificates());
+ System.out.println(
+ "getMoaSpConnectionParameter :" + cp.getClientKeyStorePassword());
+ System.out.println(
+ "getMoaSpConnectionParameter :" + cp.getClientKeyStore());*/
+ }
+ public void testGetMoaSpIdentityLinkTrustProfileID() {
+
+ assertEquals(provider.getMoaSpIdentityLinkTrustProfileID(),"StringVerifyIdentiyLinkTrustID");
+
+ }
+ public void testGetMoaSpAuthBlockTrustProfileID() {
+ assertEquals(provider.getMoaSpAuthBlockTrustProfileID(),"StringVerifyAuthBlockTransformID");
+ }
+
+ public void testGetMoaSpAuthBlockVerifyTransformsInfoIDs() {
+ String[] result = provider.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ assertEquals(result[0],"StringVerifyTransformsInfoID1");
+ assertEquals(result[1],"StringVerifyTransformsInfoID2");
+
+ }
+
+ public void testGetOnlineApplicationAuthParameter() {
+ OAAuthParameter[] result = provider.getOnlineApplicationParameters();
+
+ assertEquals(result[0].getPublicURLPrefix(),"StringOALoginURL");
+ assertEquals(result[0].getProvideStammzahl(),false);
+ assertEquals(result[0].getProvideAuthBlock(),false);
+ assertEquals(result[0].getProvideIdentityLink(),false);
+
+ assertEquals(result[1].getPublicURLPrefix(),"StringOALoginURL2");
+ assertEquals(result[1].getProvideStammzahl(),true);
+ assertEquals(result[1].getProvideAuthBlock(),true);
+ assertEquals(result[1].getProvideIdentityLink(),true);
+
+
+/* for (int i = 0; i < result.length; i++) {
+ System.out.println();
+ System.out.println("getOnlineApplicationParameters Url: " + result[i].getUrl());
+ System.out.println("getOnlineApplicationParameters ProvideStammzahl: " + result[i].getProvideStammzahl());
+ System.out.println("getOnlineApplicationParameters ProvideAuthBlock: " + result[i].getProvideAuthBlock());
+ System.out.println("getOnlineApplicationParameters ProvideIdentityLink: " + result[i].getProvideIdentityLink());
+ }*/
+ }
+
+ public void testGetGenericConfiguration() {
+ Map result = provider.getGenericConfiguration();
+ assertEquals(result.containsKey("Generic Name 1"),true);
+ assertEquals(result.containsKey("Generic Name 2"),true);
+ assertEquals(result.get("Generic Name 1"),"Value1");
+ assertEquals(result.get("Generic Name 2"),"Value2");
+ /* for (Iterator iter = result.keySet().iterator(); iter.hasNext();) {
+ String element = (String) iter.next();
+ System.out.println("getGenericConfiguration Key:" + element);
+ System.out.println("getGenericConfiguration Value:" + result.get(element));
+ }*/
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java
new file mode 100644
index 000000000..ec6a65581
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java
@@ -0,0 +1,127 @@
+package test.at.gv.egovernment.moa.id.config.proxy;
+
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+public class MOAIDProxyConfigurationProviderTest extends UnitTestCase {
+ private ProxyConfigurationProvider provider;
+
+ /**
+ * Constructor for MOAProxyConfigTest.
+ * @param name
+ */
+ public MOAIDProxyConfigurationProviderTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+
+ provider =
+// new ProxyConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+ new ProxyConfigurationProvider("data/deploy/conf/moa-id/ConfigurationTest.xml");
+ }
+ public void testGetAuthComponentConnectionParameter()
+ {
+ ConnectionParameter cp;
+ cp = provider.getAuthComponentConnectionParameter();
+ assertEquals(cp.getUrl(),"AuthComponentURL");
+ assertEquals( cp.getAcceptedServerCertificates(),"http://www.altova.com");
+ assertEquals(cp.getClientKeyStorePassword(),"String");
+ assertEquals(cp.getClientKeyStore(),"http://www.altova.com");
+ /* System.out.println();
+ System.out.println("getProxyComponentConnectionParameter :" + cp.getUrl());
+ System.out.println(
+ "getProxyComponentConnectionParameter :" + cp.getAcceptedServerCertificates());
+ System.out.println(
+ "getProxyComponentConnectionParameter :" + cp.getClientKeyStorePassword());
+ System.out.println(
+ "getProxyComponentConnectionParameter :" + cp.getClientKeyStore());*/
+}
+
+ public void testGetOAProxyParameter() {
+ OAProxyParameter[] result = provider.getOnlineApplicationParameters();
+
+ assertEquals("http://localhost:9080/", result[0].getPublicURLPrefix());
+ assertEquals("file:data/test/conf/OAConfParamAuth.xml", result[0].getConfigFileURL());
+ assertEquals(10, result[0].getSessionTimeOut());
+ assertEquals("StringloginParameterResolverImpl1", result[0].getLoginParameterResolverImpl());
+ assertEquals("StringconnectionBuilderImpl1", result[0].getConnectionBuilderImpl());
+
+ assertEquals("ProxyComponentURL", result[0].getConnectionParameter().getUrl());
+ assertEquals("url:AcceptedServerCertificates", result[0].getConnectionParameter().getAcceptedServerCertificates());
+ assertEquals("URL:toClientKeystoreOA", result[0].getConnectionParameter().getClientKeyStore());
+ assertEquals("ClientKeystoreOAPAss", result[0].getConnectionParameter().getClientKeyStorePassword());
+
+ assertEquals("StringOALoginURL2", result[1].getPublicURLPrefix());
+ assertEquals("file:data/test/conf/OAConfHeaderAuth.xml", result[1].getConfigFileURL());
+ assertEquals(20, result[1].getSessionTimeOut());
+ assertEquals("StringloginParameterResolverImpl2",result[1].getLoginParameterResolverImpl());
+ assertEquals("StringconnectionBuilderImpl2", result[1].getConnectionBuilderImpl());
+
+ assertEquals("ProxyComponentURL2", result[1].getConnectionParameter().getUrl());
+ assertEquals("url:AcceptedServerCertificates2", result[1].getConnectionParameter().getAcceptedServerCertificates());
+ assertEquals("URL:toClientKeystoreOA2", result[1].getConnectionParameter().getClientKeyStore());
+ assertEquals("ClientKeystoreOAPAss2", result[1].getConnectionParameter().getClientKeyStorePassword());
+
+ assertEquals("StringOALoginURL3", result[2].getPublicURLPrefix());
+ assertEquals("file:data/test/conf/OAConfBasicAuth.xml", result[2].getConfigFileURL());
+ assertEquals(20, result[2].getSessionTimeOut());
+ assertEquals("StringloginParameterResolverImpl3",result[2].getLoginParameterResolverImpl());
+ assertEquals("StringconnectionBuilderImpl3", result[2].getConnectionBuilderImpl());
+
+ assertEquals("ProxyComponentURL3", result[2].getConnectionParameter().getUrl());
+ assertEquals("url:AcceptedServerCertificates3", result[2].getConnectionParameter().getAcceptedServerCertificates());
+ assertEquals("URL:toClientKeystoreOA3", result[2].getConnectionParameter().getClientKeyStore());
+ assertEquals("ClientKeystoreOAPAss3", result[2].getConnectionParameter().getClientKeyStorePassword());
+ }
+
+ public void testGetGenericConfiguration() {
+ Map result = provider.getGenericConfiguration();
+ assertEquals(true, result.containsKey("authenticationSessionTimeOut"));
+ assertEquals(true, result.containsKey("authenticationDataTimeOut"));
+ assertEquals("600", result.get("authenticationSessionTimeOut"));
+ assertEquals("120", result.get("authenticationDataTimeOut"));
+ }
+
+ public void testOAConfigurationProvider() throws Exception
+ {
+ OAProxyParameter[] result = provider.getOnlineApplicationParameters();
+ // für jeden Parameter müsste theoretisch bereits ein Provider instanziiert worden sein,
+ // aus diesem Grund braucht man NICHT mehr die File-URL anzugeben, PublicURLPrefix reicht
+
+ // sollte ParamAuth sein
+ OAConfiguration oac1 = result[0].getOaConfiguration();
+ assertEquals(OAConfiguration.PARAM_AUTH, oac1.getAuthType());
+ assertEquals("MOADateOfBirth", oac1.getParamAuthMapping().get("Param1"));
+ assertEquals("MOABPK", oac1.getParamAuthMapping().get("Param2"));
+ // sollte HeaderAuth sein
+ OAConfiguration oac2 = result[1].getOaConfiguration();
+ assertEquals(OAConfiguration.HEADER_AUTH, oac2.getAuthType());
+ assertEquals("MOAPublicAuthority", oac2.getHeaderAuthMapping().get("Param1"));
+ assertEquals("MOABKZ", oac2.getHeaderAuthMapping().get("Param2"));
+ assertEquals("MOAQualifiedCertificate", oac2.getHeaderAuthMapping().get("Param3"));
+ assertEquals("MOAStammzahl", oac2.getHeaderAuthMapping().get("Param4"));
+ assertEquals("MOAIPAddress", oac2.getHeaderAuthMapping().get("Param5"));
+
+ // sollte BasicAuth sein
+ OAConfiguration oac3 = result[2].getOaConfiguration();
+ assertEquals(OAConfiguration.BASIC_AUTH, oac3.getAuthType());
+ assertEquals("MOAGivenName", oac3.getBasicAuthUserIDMapping());
+ assertEquals("MOAFamilyName", oac3.getBasicAuthPasswordMapping());
+ //Fehlerfall:
+
+
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/AllTests.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/AllTests.java
new file mode 100644
index 000000000..2dd6cd35e
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/AllTests.java
@@ -0,0 +1,31 @@
+package test.at.gv.egovernment.moa.id.proxy;
+
+import test.at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilderTest;
+import test.at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParserTest;
+import junit.awtui.TestRunner;
+import junit.framework.Test;
+import junit.framework.TestSuite;
+
+/**
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class AllTests {
+
+ public static Test suite() {
+ TestSuite suite = new TestSuite();
+
+ suite.addTestSuite(SAMLRequestBuilderTest.class);
+ suite.addTestSuite(SAMLResponseParserTest.class);
+
+ return suite;
+ }
+
+ public static void main(String[] args) {
+ try {
+ TestRunner.run(AllTests.class);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java
new file mode 100644
index 000000000..aec14ce1c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java
@@ -0,0 +1,462 @@
+package test.at.gv.egovernment.moa.id.proxy.builder;
+
+import java.io.PrintStream;
+import java.util.ArrayList;
+
+import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.Text;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+
+/**
+ * @author Administrator
+ *
+ * To change this generated comment edit the template variable "typecomment":
+ * Window>Preferences>Java>Templates.
+ * To enable and disable the creation of type comments go to
+ * Window>Preferences>Java>Code Generation.
+ */
+public class DOMTreeCompare {
+
+ boolean debug = true;
+
+ private static PrintStream Log = null;
+
+ static
+ {
+ Log = System.out;
+ }
+
+ public boolean compareElements(Element root1, Element root2)
+ {
+ //Log.println("----- Compare Elements:"+root1.getNodeName()+" "+root2.getNodeName());
+ filterTree(root1);
+ filterTree(root2);
+ return compareNodes(root1,root2,0,"root/",false);
+ }
+
+ private boolean compareNodes(Node n1, Node n2, int level,String path,boolean attribute)
+ {
+ /*try {
+ Log.println(DOMUtils.serializeNode(n1));
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }*/
+ boolean equal = false;
+ //Log.println("----- Compare Node "+level+":"+n1+" "+n2);
+ //Log.println("----- Compare Node "+level+":"+n1.getNodeName()+" "+n2.getNodeName());
+ //Log.println("----- Checking:"+path+getPathString(n1));
+ NodeList nl1 = n1.getChildNodes();
+ NodeList nl2 = n2.getChildNodes();
+
+ int size1 = nl1.getLength();
+ int size2 = nl2.getLength();
+
+ if(debug)display_one(n1);
+ if(debug)display_one(n2);
+
+
+ if(debug)
+ if(n1.getNodeName().equals("Base64Content") && n2.getNodeName().equals("Base64Content"))
+ {
+ try {
+ Log.println("CONT:"+new String(Base64Utils.decode(strip(n1.getChildNodes().item(0).getNodeValue()),false)));
+ Log.println("CONT:"+new String(Base64Utils.decode(strip(n2.getChildNodes().item(0).getNodeValue()),false)));
+ }
+ catch(Exception e)
+ {
+ e.printStackTrace();
+ }
+ }
+
+ if(size1 != size2)
+ {
+ Log.println("----- Anzahl der Kinder nicht gleich:"+path+getPathString(n1)+":"+getPathString(n2));
+ return false;
+ }
+
+ equal = compareNodeExact(n1,n2,level,path+getPathString(n1)+"/");
+ if(!equal)
+ {
+ Log.println("----- Knoten sind nicht identisch:"+path+getPathString(n1));
+ return false;
+ }
+
+ if(n1.hasAttributes() || n2.hasAttributes())
+ {
+ equal = compareNodeAttriubtes(n1,n2,level+1,path+getPathString(n1)+"/(a)");
+ if(!equal)
+ {
+ Log.println("----- Attribute stimmen nicht überein:"+path+getPathString(n1));
+ return false;
+ }
+ }
+ if(size1==0)
+ {
+ return true;
+ }
+
+ for(int counter=0;counter<size1;counter++)
+ {
+ boolean found = false;
+ Node comp_n1 = nl1.item(counter);
+
+ //if(comp_n1==null) return false;
+
+ Node comp_n2 = null;
+ size2 = nl2.getLength();
+ for(int counter2=0;counter2<size2;counter2++)
+ {
+ comp_n2 = nl2.item(counter2);
+
+ /*equal = compareNodeExact(comp_n1,comp_n2,level+1);
+ if(equal) return false;*/
+ //Log.println("COMP_N1:"+comp_n1);
+ //Log.println("COMP_N2:"+comp_n2);
+ equal = compareNodes(comp_n1,comp_n2,level+1,path+getPathString(comp_n1)+"/",false);
+ if(equal)
+ {
+ n2.removeChild(comp_n2);
+ counter2=size2;
+ nl2 = n2.getChildNodes();
+ size2 = nl2.getLength();
+ }
+
+ }
+
+ if(!equal)
+ {
+ Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(comp_n1));
+ return false;
+ }
+ }
+ return true;
+ }
+
+ private boolean compareNodeExact(Node n1,Node n2,int level,String path)
+ {
+ if(n1.getNodeType() == Node.TEXT_NODE)
+ {
+ Text textnode = (Text)n1;
+ /*Log.println("----- *****"+textnode.getNodeName());
+ Log.println("----- *****"+textnode.getParentNode().getNodeName());
+ Log.println("----- *****"+textnode.getNodeValue());*/
+ }
+
+ //Log.println("----- Checking:"+path);
+ String n1_name = n1.getNodeName();
+ String n2_name = n2.getNodeName();
+ /*Log.println("----- !!!!!"+n1.getNodeName());
+ Log.println("----- !!!!!"+n1.getNodeValue());
+ Log.println("----- !!!!!"+n1.getLocalName());
+ Log.println("----- !!!!!"+n1.getPrefix());
+ Log.println("----- !!!!!"+n1.getNextSibling());
+ Log.println("----- !!!!!"+n1.getPreviousSibling());*/
+
+ //Log.println("----- Compare Node "+level+":"+n1_name+" "+n2_name);
+ if(!((n1_name==null && n2_name==null) ||
+ (n1_name!=null && n2_name!=null && n1_name.equals(n2_name))))
+ {
+ Log.println("----- Name stimmt nicht überein:"+path);
+ return false;
+ }
+
+ //Log.println("----- Compare Node "+level+":"+n1.getNodeType()+" "+n2.getNodeType());
+ if(n1.getNodeType() != n2.getNodeType())
+ {
+ Log.println("----- Knotentyp stimmt nicht überein:"+path);
+ return false;
+ }
+
+ String n1_ns = n1.getPrefix();
+ String n2_ns = n2.getPrefix();
+ //Log.println("----- Compare Node "+level+":"+n1_ns+" "+n2_ns);
+ if(!((n1_ns==null && n2_ns==null) ||
+ (n1_ns!=null && n2_ns!=null && n1_ns.equals(n2_ns))))
+ {
+ Log.println("----- NameSpace stimmt nicht überein:"+path);
+ return false;
+ }
+
+ String n1_value = n1.getNodeValue();
+ String n2_value = n2.getNodeValue();
+
+ boolean special = false;
+ special = specialValues(n1_value,n2_value,path);
+ if(special) return true;
+
+ //Log.println("----- Compare Node "+level+":"+n1_value+" "+n2_value);
+ if(!((n1_value==null && n2_value==null) ||
+ (n1_value!=null && n2_value!=null && n1_value.equals(n2_value))))
+ {
+ Log.println("----- Wert stimmt nicht überein:"+path);
+ Log.println("----- Value1:\n"+n1_value);
+ Log.println("----- Value2:\n"+n2_value);
+ return false;
+ }
+
+
+ return true;
+ }
+
+ private boolean compareNodeAttriubtesWithoutSize(Node n1, Node n2, int level,String path)
+ {
+ return true;
+ }
+
+ private boolean compareNodeAttriubtes(Node n1, Node n2, int level,String path)
+ {
+ //Log.println("----- Compare NodeAttributes "+level+":"+n1.getNodeName()+" "+n2.getNodeName());
+ Element n1elem = (Element)n1;
+ Element n2elem = (Element)n2;
+
+ NamedNodeMap nnm1 = n1.getAttributes();
+ NamedNodeMap nnm2 = n2.getAttributes();
+
+ int size1 = 0;
+ int size2 = 0;
+
+ boolean specialattrs = specialAttributesSize(path);
+
+ if(!specialattrs)
+ {
+
+ if(nnm1==null && nnm2==null) return true;
+ if(nnm1==null || nnm2==null)
+ {
+ Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1));
+ return false;
+ }
+ size1 = nnm1.getLength();
+ size2 = nnm2.getLength();
+
+ if(size1 != size2)
+ {
+ Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1));
+ return false;
+ }
+
+ }
+ else
+ {
+ return compareNodeAttriubtesWithoutSize(n1,n2,level,path);
+ }
+
+ for(int counter=0;counter<size1;counter++)
+ {
+ Node attribute_node1 = nnm1.item(counter);
+ Node attribute_node2 = nnm2.item(counter);
+
+ String attr1_name = attribute_node1.getNodeName();
+ String attr2_name = attribute_node2.getNodeName();
+
+ String value1 = n1elem.getAttribute(attr1_name);
+ String value2 = n2elem.getAttribute(attr2_name);
+
+ boolean special = false;
+
+ special = specialAttributes(path,attr1_name,value1,attr2_name,value2);
+ if(special)
+ {
+ return special;
+ }
+
+ if(!value1.equals(value2))
+ {
+ Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(n1));
+ return false;
+ }
+ }
+
+ return true;
+ }
+
+ private boolean checkNode(Node base,String name)
+ {
+ if(base.getNodeName().equals(name))
+ {
+ return true;
+ }
+
+ NodeList children = base.getChildNodes();
+ int size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ boolean found = checkNode(children.item(counter),name);
+ if(found) return true;
+ }
+ return false;
+ }
+
+ private void display_one(Node base)
+ {
+ int att_size=0;
+ if(base.getAttributes()!=null)
+ {
+ att_size=base.getAttributes().getLength();
+ }
+ if(base.getNodeName().equals("#text"))
+ Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")");
+ else
+ Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size);
+ }
+
+ private void display(Node base)
+ {
+ display(base,1);
+ }
+
+ private void display(Node base,int level)
+ {
+ String spacer = "";
+ for(int counter=0;counter<level;counter++)
+ {
+ spacer+=" ";
+ }
+
+ int att_size=0;
+ if(base.getAttributes()!=null)
+ {
+ att_size=base.getAttributes().getLength();
+ }
+ if(base.getNodeName().equals("#text"))
+ Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")");
+ else
+ Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size);
+
+ NodeList children = base.getChildNodes();
+ int size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ display(children.item(counter),level+1);
+ }
+ }
+
+ private void filterTree(Node base)
+ {
+ ArrayList removeList = new ArrayList();
+
+ NodeList children = base.getChildNodes();
+ int size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ Node child1 = children.item(counter);
+ if(child1.getNodeType() == Node.TEXT_NODE && child1.getNodeValue().trim().equals(""))
+ {
+ removeList.add(child1);
+ }
+ }
+
+ size = removeList.size();
+ for(int counter=0;counter<size;counter++)
+ {
+ base.removeChild((Node)removeList.get(counter));
+ }
+
+ children = base.getChildNodes();
+ size = children.getLength();
+ for(int counter=0;counter<size;counter++)
+ {
+ filterTree(children.item(counter));
+ }
+
+ }
+
+ private String getPathString(Node n)
+ {
+ if(n.getNodeType()==Node.TEXT_NODE)
+ {
+ return n.getParentNode().getNodeName()+"(text)";
+ }
+ else
+ {
+ return n.getNodeName();
+ }
+
+ }
+
+ public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2)
+ {
+ //if(value1.startsWith("reference-") && value2.startsWith("reference-")) return true;
+ //if(value1.startsWith("signature-") && value2.startsWith("signature-")) return true;
+
+ return false;
+ }
+
+ public boolean specialAttributesSize(String path)
+ {
+ //if(path.endsWith("/xsl:template/(a)")) return true;
+ return false;
+ }
+
+ public boolean specialValues(String value1,String value2,String path)
+ {
+
+ //Log.println(path);
+ /*if(ignoreSignatureValue)
+ {
+ if(path.endsWith("/dsig:SignatureValue(text)/"))
+ {
+ return true;
+ }
+ }
+ else
+ {
+ if(path.endsWith("/dsig:SignatureValue(text)/"))
+ {
+ String stripped_1 = strip(value1);
+ String stripped_2 = strip(value2);
+ return stripped_1.equals(stripped_2);
+ }
+ }*/
+
+ return false;
+ }
+
+ private String strip(String input)
+ {
+ String output = replaceStringAll(input," ","");
+ output = replaceStringAll(output,"\n","");
+ output = replaceStringAll(output,"\r","");
+ return output;
+ }
+
+ private static String replaceStringAll(
+ String input,
+ String oldPart,
+ String newPart)
+ {
+
+ String erg = null;
+
+ int pos = input.indexOf(oldPart);
+ if(pos==-1) return input;
+
+ while(true)
+ {
+
+ //First Part
+ pos = input.indexOf(oldPart);
+ if(pos==-1) break;
+ erg = input.substring(0, pos);
+
+ //Insert new Part
+ erg += newPart;
+
+ //insert REST
+ erg
+ += input.substring(
+ input.indexOf(oldPart) + oldPart.length(),
+ input.length());
+
+ input = erg;
+ }
+ return erg;
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
new file mode 100644
index 000000000..b6eda3c39
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java
@@ -0,0 +1,32 @@
+package test.at.gv.egovernment.moa.id.proxy.builder;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLRequestBuilderTest extends UnitTestCase {
+
+ public SAMLRequestBuilderTest(String arg0) {
+ super(arg0);
+ }
+
+ public void testBuild() throws Exception {
+ String requestID = "123";
+ String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890");
+ String REQUEST_SHOULD = "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
+ requestID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"IGNORE\">" +
+ "<samlp:AssertionArtifact>" + samlArtifact + "</samlp:AssertionArtifact>" +
+ "</samlp:Request>";
+ Element request = new SAMLRequestBuilder().build(requestID, samlArtifact);
+ Element requestShould = DOMUtils.parseDocument(REQUEST_SHOULD, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ assertTrue(new SAMLRequestCompare().compareElements(requestShould, request));
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java
new file mode 100644
index 000000000..5685129a1
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java
@@ -0,0 +1,19 @@
+package test.at.gv.egovernment.moa.id.proxy.builder;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLRequestCompare extends test.at.gv.egovernment.moa.id.proxy.builder.DOMTreeCompare {
+
+
+ /*
+ * @see at.gv.egovernment.moa.util.SAMLRequestCompare#specialAttributes(java.lang.String, java.lang.String)
+ */
+ public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) {
+ if(attr1_name.equals("IssueInstant"))
+ return true;
+ return false;
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
new file mode 100644
index 000000000..68b5d4ee3
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -0,0 +1,180 @@
+package test.at.gv.egovernment.moa.id.proxy.parser;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLResponseParserTest extends UnitTestCase {
+
+ public SAMLResponseParserTest(String arg0) {
+ super(arg0);
+ }
+
+ public void testParse() throws Exception {
+ String samlResponse =
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+ "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" +
+ " ResponseID=\"\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-03-29T06:00:00+02:00\">" +
+ "<samlp:Status>" +
+ "<samlp:StatusCode Value=\"samlp:Success\"><samlp:StatusCode Value=\"samlp:Success\"></samlp:StatusCode></samlp:StatusCode>" +
+ "<samlp:StatusMessage>Ollas leiwand</samlp:StatusMessage>" +
+ "</samlp:Status>" +
+"<saml:Assertion xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"-4633313027464114584\" Issuer=\"http://localhost:8080/moa-id-auth/\" IssueInstant=\"2003-04-02T14:55:42+02:00\">" +
+ "<saml:AttributeStatement>" +
+ "<saml:Subject>" +
+ "<saml:NameIdentifier NameQualifier=\"http://reference.e-government.gv.at/names/vpk/20020221#\">MTk2OC0xMC0yMmdi</saml:NameIdentifier>" +
+ "<saml:SubjectConfirmation>" +
+ "<saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>" +
+ "<saml:SubjectConfirmationData>" +
+ "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"any\" Issuer=\"Hermann Muster\" IssueInstant=\"2003-04-02T14:55:27+02:00\">" +
+ "<saml:AttributeStatement>" +
+ "<saml:Subject>" +
+ "<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>" +
+ "</saml:Subject>" +
+ "<saml:Attribute AttributeName=\"Geschäftsbereich\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+ "<saml:AttributeValue>gb</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "<saml:Attribute AttributeName=\"OA\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+ "<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "</saml:AttributeStatement>" +
+ "</saml:Assertion>" +
+ "<saml:Assertion AssertionID=\"zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474\" IssueInstant=\"2003-02-12T20:28:34.474\" Issuer=\"http://zmr.bmi.gv.at/zmra/names#Issuer\" MajorVersion=\"1\" MinorVersion=\"0\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" +
+ "<saml:AttributeStatement>" +
+ "<saml:Subject>" +
+ "<saml:SubjectConfirmation>" +
+ "<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>" +
+ "<saml:SubjectConfirmationData>" +
+ "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" +
+ "<pr:Identification>" +
+ "<pr:Value>123456789012</pr:Value>" +
+ "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" +
+ "</pr:Identification>" +
+ "<pr:Name>" +
+ "<pr:GivenName>Hermann</pr:GivenName>" +
+ "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" +
+ "</pr:Name>" +
+ "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" +
+ "</pr:Person>" +
+ "</saml:SubjectConfirmationData>" +
+ "</saml:SubjectConfirmation>" +
+ "</saml:Subject>" +
+ "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" +
+ "<saml:AttributeValue>" +
+ "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+ "<dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>" +
+ "<dsig:Exponent>AQAB</dsig:Exponent>" +
+ "</dsig:RSAKeyValue>" +
+ "</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" +
+ "<saml:AttributeValue>" +
+ "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+ "<dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>" +
+ "<dsig:Exponent>AQAB</dsig:Exponent>" +
+ "</dsig:RSAKeyValue>" +
+ "</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "</saml:AttributeStatement>" +
+ "<dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+ "<dsig:SignedInfo>" +
+ "<dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" +
+ "<dsig:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" +
+ "<dsig:Reference URI=\"\">" +
+ "<dsig:Transforms>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" +
+ "<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>" +
+ "</dsig:Transform>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
+ "</dsig:Transforms>" +
+ "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+ "<dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>" +
+ "</dsig:Reference>" +
+ "<dsig:Reference Type=\"http://www.w3.org/2000/09/xmldsig#Manifest\" URI=\"\">" +
+ "<dsig:Transforms>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" +
+ "<dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>" +
+ "</dsig:Transform>" +
+ "</dsig:Transforms>" +
+ "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+ "<dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>" +
+ "</dsig:Reference>" +
+ "</dsig:SignedInfo>" +
+ "<dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>" +
+ "<dsig:KeyInfo>" +
+ "<dsig:X509Data>" +
+ "<dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>" +
+ "<dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>" +
+ "<dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>" +
+ "</dsig:X509Data>" +
+ "</dsig:KeyInfo>" +
+ "<dsig:Object>" +
+ "<dsig:Manifest>" +
+ "<dsig:Reference URI=\"\">" +
+ "<dsig:Transforms>" +
+ "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
+ "</dsig:Transforms>" +
+ "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+ "<dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>" +
+ "</dsig:Reference>" +
+ "</dsig:Manifest>" +
+ "</dsig:Object>" +
+ "</dsig:Signature>" +
+ "</saml:Assertion>" +
+ "</saml:SubjectConfirmationData>" +
+ "</saml:SubjectConfirmation>" +
+ "</saml:Subject>" +
+ "<saml:Attribute AttributeName=\"PersonData\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\">" +
+ "<saml:AttributeValue>" +
+ "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" +
+ "<pr:Identification>" +
+ "<pr:Value>123456789012</pr:Value>" +
+ "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" +
+ "</pr:Identification>" +
+ "<pr:Name>" +
+ "<pr:GivenName>Hermann</pr:GivenName>" +
+ "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" +
+ "</pr:Name>" +
+ "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" +
+ "</pr:Person>" +
+ "</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "<saml:Attribute AttributeName=\"isQualifiedCertificate\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+ "<saml:AttributeValue>true</saml:AttributeValue>" +
+ "</saml:Attribute>" +
+ "</saml:AttributeStatement>" +
+"</saml:Assertion>" +
+ "</samlp:Response>";
+
+ Element samlResponseElem =
+ DOMUtils.parseDocument(samlResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+ SAMLResponseParser parser = new SAMLResponseParser(samlResponseElem);
+ SAMLStatus status = parser.parseStatusCode();
+ assertEquals("samlp:Success", status.getStatusCode());
+ assertEquals("samlp:Success", status.getSubStatusCode());
+ assertEquals("Ollas leiwand", status.getStatusMessage());
+ AuthenticationData authData = parser.parseAuthenticationData();
+ assertEquals(1, authData.getMajorVersion());
+ assertEquals(0, authData.getMinorVersion());
+ assertEquals("-4633313027464114584", authData.getAssertionID());
+ assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer());
+ assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant());
+ assertEquals("123456789012", authData.getIdentificationValue());
+ assertEquals("MTk2OC0xMC0yMmdi", authData.getBPK());
+ assertEquals("Hermann", authData.getGivenName());
+ assertEquals("Muster", authData.getFamilyName());
+ assertEquals("1968-10-22", authData.getDateOfBirth());
+ assertTrue(authData.isQualifiedCertificate());
+ assertFalse(authData.isPublicAuthority());
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java
new file mode 100644
index 000000000..351ca0bd5
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java
@@ -0,0 +1,92 @@
+package test.at.gv.egovernment.moa.id.util;
+
+import iaik.pki.jsse.IAIKX509TrustManager;
+
+import java.net.URL;
+import java.security.Security;
+
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLSocketFactory;
+
+import com.sun.net.ssl.HttpsURLConnection;
+
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter;
+import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
+import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SSLUtilsTest extends UnitTestCase {
+
+ public SSLUtilsTest(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ //System.setProperty("javax.net.debug", "all");
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ IAIKX509TrustManager.initLog(new LoggerConfigImpl("file:" + TESTDATA_ROOT + "conf/log4j.properties"));
+ System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5");
+ }
+
+ public void testVerisignOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://verisign.moa.gv.at/", true, null);
+ }
+ public void testATrustOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://a-trust.moa.gv.at/", true, null);
+ }
+ public void testBaltimoreOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://baltimore.moa.gv.at/", true, null);
+ }
+ public void testCIOOK() throws Exception {
+ doTestOA("conf/ConfigurationTest.xml", "http://cio.moa.gv.at/", true, null);
+ }
+ public void testMOASPOK() throws Exception {
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ TESTDATA_ROOT + "conf/ConfigurationTest.xml");
+ ConnectionParameter connParam = AuthConfigurationProvider.getInstance().getMoaSpConnectionParameter();
+ doTest(connParam, true, null);
+ }
+ private void doTestOA(String configFile, String publicURLPrefix, boolean shouldOK, String exMessageFragment) throws Exception {
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME,
+ TESTDATA_ROOT + configFile);
+ ProxyConfigurationProvider proxyConf =
+ ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix);
+ ConnectionParameter connParam = oaParam.getConnectionParameter();
+ doTest(connParam, shouldOK, exMessageFragment);
+ }
+ private void doTest(ConnectionParameter connParam, boolean shouldOK, String exMessageFragment) throws Exception {
+ SSLUtils.initialize();
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, connParam);
+ URL url = new URL(connParam.getUrl());
+ HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
+ conn.setRequestMethod("GET");
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setSSLSocketFactory(ssf);
+ try {
+ conn.connect();
+ assertTrue(shouldOK);
+ assertEquals(200, conn.getResponseCode());
+ conn.disconnect();
+ }
+ catch (SSLException ex) {
+ ex.printStackTrace();
+ assertFalse(shouldOK);
+ assertTrue(ex.getMessage().indexOf(exMessageFragment) >= 0);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/test/java/test/lasttest/Dispatcher.java b/id/server/idserverlib/src/test/java/test/lasttest/Dispatcher.java
new file mode 100644
index 000000000..ad8f10fb4
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/lasttest/Dispatcher.java
@@ -0,0 +1,64 @@
+package test.lasttest;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Dispatcher extends Thread {
+ private LasttestClient parent = null;
+ private int max;
+ private int turns;
+ private int turn_counter;
+ private int turn;
+ private int time;
+ private long sum;
+ private int turnnum;
+
+ public Dispatcher(LasttestClient parent, int max, int turns, int time, long sum) {
+ this.parent = parent;
+ this.max = max;
+ this.turns = turns;
+ this.time = time;
+ this.sum = sum;
+ turnnum=0;
+ }
+
+ public void run() {
+ this.setPriority(Thread.NORM_PRIORITY + 1);
+ System.out.println("Dispatcher wird gestartet...");
+ TestThread[] old_reqs = buildRequests(0);
+ for (turn_counter = 0; turns == 0 ? true : (turn_counter < turns); turn_counter++) {
+ try {
+// LasttestClient.Log.write(("Starte Durchlauf " + turn_counter + "\n").getBytes());
+ }
+ catch (Exception e) {}
+
+// System.out.println("Starte Durchlauf " + turn_counter);
+ turn = turn_counter;
+ if (turns == 0)
+ turn_counter--;
+ TestThread[] reqs = buildRequests(turn_counter);
+ for (int counter = 0; counter < max; counter++) {
+ old_reqs[counter].start();
+ }
+ old_reqs = reqs;
+ try {
+ Thread.sleep(time);
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+ parent.stop = true;
+ }
+
+ public TestThread[] buildRequests(int turnNo) {
+ TestThread[] ret = new TestThread[max];
+ for (int counter = 0; counter < max; counter++) {
+// turnnum ++;
+ ret[counter] = new TestThread(parent, turnNo);
+ }
+ return ret;
+ }
+}
diff --git a/id/server/idserverlib/src/test/java/test/lasttest/HostnameVerifierHack.java b/id/server/idserverlib/src/test/java/test/lasttest/HostnameVerifierHack.java
new file mode 100644
index 000000000..cf34b621a
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/lasttest/HostnameVerifierHack.java
@@ -0,0 +1,13 @@
+package test.lasttest;
+
+import com.sun.net.ssl.HostnameVerifier;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class HostnameVerifierHack implements HostnameVerifier{
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }}
diff --git a/id/server/idserverlib/src/test/java/test/lasttest/LasttestClient.java b/id/server/idserverlib/src/test/java/test/lasttest/LasttestClient.java
new file mode 100644
index 000000000..bad5161ba
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/lasttest/LasttestClient.java
@@ -0,0 +1,218 @@
+package test.lasttest;
+
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.io.PrintStream;
+import java.security.Security;
+import java.util.Date;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Sven
+ *
+ * To change this generated comment edit the template variable "typecomment":
+ * Window>Preferences>Java>Templates.
+ * To enable and disable the creation of type comments go to
+ * Window>Preferences>Java>Code Generation.
+ *
+ * Aufruf: Requestdatei (==null), ServerURL, Anzahl der Requests pro Sekunde, Anzahl der Wiederholungen
+ * z.b. "data/CX0/TestGeneratorCX0.001.Req.xml" "http://127.0.0.1:8080/" 5 100
+ *
+ * ==> GEÄNDERT: ersten 2 Parameter gekillt... nur noch 5 100
+ */
+public class LasttestClient {
+
+ protected static final String TESTDATA_ROOT = "data/abnahme-test/";
+ protected static final String MOA_AUTH_SERVER = "https://localhost:8443/moa-id-auth/";
+ protected AuthenticationServer server;
+
+ public int max_thread_count = 300;
+ public int thread_counter = 0;
+ public int error_count = 0;
+ public int turns = 0;
+ public long sum = 0;
+ public long max = 0;
+ public long min = Long.MAX_VALUE;
+
+ public static PrintStream Log = null;
+
+ public boolean stop = false;
+
+ public static final String trustStore = "javax.net.ssl.trustStore";
+ public static final String trustStorePassword = "javax.net.ssl.trustStorePassword";
+ public static final String handler = "java.protocol.handler.pkgs";
+
+ public void startTest(int req_per_second, int turns, int time) throws Exception {
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+
+ System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, TESTDATA_ROOT + "xmldata/L000/Configuration.xml");
+
+ AuthConfigurationProvider.reload();
+
+ this.turns = turns;
+
+ boolean result = new TestThread(this,0).doRequest(0);// doTestRequest();
+ if (result) {
+ System.out.println("TestRequest OK. Lasttest wird gestartet.");
+ sum=0;
+ max=0;
+ Dispatcher dp = new Dispatcher(this, req_per_second, turns, time, sum);
+ dp.start();
+ while (!stop) {
+ try {
+ Log.println(new String(("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")")));
+ Log.flush();
+ }
+ catch (Exception e) {}
+
+ System.out.println("Checking Stop Condition ...(Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")");
+ Thread.sleep(10000);
+ }
+ System.out.println("Fehler:" + error_count + " (Running " + thread_counter + ", Min " + (min) + ", Max " + (max) + ", " + new Date(System.currentTimeMillis()) + ")");
+ }
+ else {
+ System.out.println("TestRequest lieferte einen Fehler. Lasttest wird nicht gestartet.");
+ }
+ }
+
+
+ public boolean doTestRequest() throws Exception {
+
+ try {
+
+ TestThread tt = new TestThread(null,0);
+
+ // Anmelden
+ String URL = tt.getURL(MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/");
+ HttpsURLConnection conn = tt.giveConnection(URL, "GET");
+
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = tt.parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = tt.parseDataURL(result);
+ // Verify Identity Link
+ conn = tt.giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = tt.readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = tt.giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(tt.readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ String samlArtifact = tt.parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+
+ conn.disconnect();
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+
+ Element erg = tt.doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")),MOA_AUTH_SERVER);
+ result = DOMUtils.serializeNode(erg);
+ if (result.indexOf("saml:Assertion")<0)
+ {
+ System.err.println("Falsche Antwort vom Webservice:\n" + result);
+ throw new Exception("Falsche Antwort vom Webservice");
+
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN LASTTEST :" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ return true;
+
+ }
+
+ public String replaceString(String input, String oldPart, String newPart) throws Exception {
+ String erg = null;
+
+ //First Part
+ erg = input.substring(0, input.indexOf(oldPart));
+ //Insert new Part
+ erg += newPart;
+
+ //insert REST
+ erg += input.substring(input.indexOf(oldPart) + oldPart.length(), input.length());
+
+ return erg;
+ }
+
+ public static void main(String[] args) throws Exception {
+ Log = new PrintStream(new FileOutputStream("C:/Lasttest.log"));
+ int time = 0;
+ int sek = 0;
+ int turns = 0;
+
+ if (args.length != 3) {
+ System.out.println("Parameteranzahl falsch. Bitte verwenden Sie die Syntax <Request_pro_Zeiteinheit(Zahl)> <Anzahl_der_Durchläufe(Zahl oder INF)> <Zeit_zwischen_Aufrufen_in_ms(Zahl)>");
+ return;
+ }
+
+ try {
+ sek = Integer.parseInt(args[0]);
+ time = Integer.parseInt(args[2]);
+ if (args[1].equals("INF")) {
+ turns = 0;
+ }
+ else
+ turns = Integer.parseInt(args[1]);
+ }
+ catch (NumberFormatException e) {
+ System.out.println("Einer der Parameter (Requestanzahl oder Testanzahl) ist keine Zahl !");
+ return;
+ }
+
+ System.out.println("Starte Lastest mit folgenden Parametern ...");
+ System.out.println("ServerURL: " + MOA_AUTH_SERVER);
+ double reqPerSek = sek*1000;
+ System.out.println("Requests pro Sekunde: " + reqPerSek/time);
+ System.out.println("Durchläufe: " + (turns == 0 ? "INF" : turns + ""));
+
+ Log.println("Starte Lastest mit folgenden Parametern ...");
+ Log.println("ServerURL: " + MOA_AUTH_SERVER);
+ Log.println("Requests pro Sekunde: " + reqPerSek / time);
+ Log.println("Durchläufe: " + (turns == 0 ? "INF" : turns + ""));
+
+
+ try {
+ LasttestClient lc = new LasttestClient();
+ //lc.startTest("data/CX0/TestGeneratorCX0.001.Req.xml","http://161.106.2.255:8080/",10,1000);
+ lc.startTest(sek, turns, time);
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+}
+
diff --git a/id/server/idserverlib/src/test/java/test/lasttest/TestThread.java b/id/server/idserverlib/src/test/java/test/lasttest/TestThread.java
new file mode 100644
index 000000000..0d2973c7f
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/lasttest/TestThread.java
@@ -0,0 +1,251 @@
+package test.lasttest;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
+import at.gv.egovernment.moa.util.FileUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class TestThread extends Thread {
+ private LasttestClient parent = null;
+ private int turn_no;
+ private Dispatcher disp = null;
+
+ public TestThread( LasttestClient parent, int durchlauf_nr) {
+ turn_no = durchlauf_nr;
+ this.parent = parent;
+
+ }
+
+ protected Element doCall(Element request, String server) throws Exception {
+
+ /* QName serviceName = new QName("GetAuthenticationData");
+
+ String endPoint = server + "services/GetAuthenticationData";
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+ SOAPBodyElement body = new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+ Vector responses;
+ SOAPBodyElement response;
+
+
+ System.out.println(DOMUtils.serializeNode(body.getAsDOM()));
+ call.setTargetEndpointAddress(endPoint);
+ System.out.println("Rufe WS auf: " + endPoint);
+ responses = (Vector) call.invoke(params);
+ System.out.println("WS aufgerufen.");
+ response = (SOAPBodyElement) responses.get(0);
+ System.out.println(DOMUtils.serializeNode(response.getAsDOM()));
+ return response.getAsDOM();*/
+
+ QName serviceName = new QName("GetAuthenticationData");
+ String endPoint = server + "services/GetAuthenticationData";
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ SOAPBodyElement body = new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] { body };
+ Vector responses;
+ SOAPBodyElement response;
+
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(params);
+ response = (SOAPBodyElement) responses.get(0);
+ return response.getAsDOM();
+ }
+
+ public boolean doRequest(int turnNo) throws Exception {
+ long start = System.currentTimeMillis();
+
+ try {
+ LasttestClient.Log.write(("Starte Durchlauf " + turnNo + "\n").getBytes());
+ }
+ catch (Exception e) {}
+
+ System.out.println("Starte Durchlauf " + turnNo);
+ // Anmelden
+ String URL = getURL(LasttestClient.MOA_AUTH_SERVER, "gb", "http://10.16.126.28:9080/moa-id-proxy/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ /*
+ * FOR DEBUG ONLY
+ */
+ // System.out.println(URL);
+ // System.out.println(result);
+ //----------------
+
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+
+ /*
+ * FOR DEBUG ONLY
+ */
+ // System.out.println(URL);
+ // System.out.println(new String(StreamUtils.readStream(conn.getInputStream())));
+ //----------------
+
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+
+ /*
+ * FOR DEBUG ONLY
+ */
+ // System.out.println(redirectLoc);
+ // System.out.println(new String(StreamUtils.readStream(conn.getInputStream())));
+ //----------------
+ String samlArtifact = parseSamlArtifact(redirectLoc);
+
+ // System.out.println("SamlArtifact: " + samlArtifact);
+
+ AxisSecureSocketFactory.initialize(conn.getSSLSocketFactory());
+ conn.disconnect();
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+
+ doCall(srb.build(MOASessionID, URLDecoder.decode(samlArtifact, "UTF-8")), LasttestClient.MOA_AUTH_SERVER);
+ // writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+
+ long end = System.currentTimeMillis();
+ long diff = end - start;
+ parent.sum +=diff;
+ if (parent.max < diff) {
+ parent.max = diff;
+ }
+ if (parent.min > diff) {
+ parent.min = diff;
+ }
+ if (turnNo>0) {
+ long totalmem = Runtime.getRuntime().totalMemory();
+ long freemem = Runtime.getRuntime().freeMemory();
+ try {
+ LasttestClient.Log.write(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem + "\n").getBytes());
+ LasttestClient.Log.flush();
+ }
+ catch (Exception e) {}
+ System.out.println(new String("Ende Durchlauf: " + turnNo + " ==> Dauer:" + diff + " Schnitt: " + (parent.sum/turnNo/2) + " Total-Mem: " + totalmem + " Free-Mem: " + freemem));
+ }
+ return true;
+
+ }
+
+ public String getSubString(String input, String startsWith, String endsWith) {
+ return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length()));
+ }
+
+ public String getURL(String authURL, String target, String oaURL) {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+
+ public HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+
+ public String killInclusive(String input, String startsWith, String endsWith, String newValue) {
+ int start = 0;
+ int ende;
+ String result;
+ result = input;
+ do {
+ start = result.indexOf(startsWith, start) + startsWith.length();
+ ende = result.indexOf(endsWith, start);
+ result = result.substring(0, start - startsWith.length()) + newValue + result.substring(ende + endsWith.length(), result.length());
+ start++;
+ }
+ while (result.indexOf(startsWith, ende + 1) > 0);
+
+ return result;
+ }
+
+ public String parseDataURL(String input) {
+ return getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\"");
+ }
+
+ public String parseSamlArtifact(String input) {
+// System.out.println(input);
+ return getSubString(input + "@@@", "SAMLArtifact=", "@@@");
+ }
+
+ public String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ return htmlForm.substring(i1, i2);
+ }
+
+ public String readXmldata(String filename) throws Exception {
+
+ return FileUtils.readFile(LasttestClient.TESTDATA_ROOT + "xmldata/L000/" + filename, "UTF-8");
+ }
+
+ /**
+ * @see java.lang.Runnable#run()
+ */
+ public void run() {
+ parent.thread_counter++;
+
+ try {
+ if (!doRequest(turn_no)) {
+ parent.error_count++;
+ }
+ }
+ catch (Exception e) {
+ e.printStackTrace();
+ parent.error_count++;
+ }
+ parent.thread_counter--;
+ }
+
+}
diff --git a/id/server/proxy/src/main/webapp/WEB-INF/web.xml b/id/server/proxy/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 000000000..b11606fe0
--- /dev/null
+++ b/id/server/proxy/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
+<web-app>
+ <display-name>MOA ID Proxy</display-name>
+ <description>MOA ID Proxy Service</description>
+
+ <filter>
+ <filter-name>ParameterInOrder Filter</filter-name>
+ <filter-class>at.gv.egovernment.moa.id.util.ParameterInOrderFilter</filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>ParameterInOrder Filter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <servlet>
+ <servlet-name>Proxy</servlet-name>
+ <display-name>Proxy</display-name>
+ <description>Forwards requests to the online application</description>
+ <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ProxyServlet</servlet-class>
+ <load-on-startup>0</load-on-startup>
+ </servlet>
+ <servlet>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <display-name>ConfigurationUpdate</display-name>
+ <description>Update MOA-ID Proxy configuration from the configuration file</description>
+ <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ConfigurationServlet</servlet-class>
+ </servlet>
+
+ <!-- JSP servlet -->
+ <servlet>
+ <servlet-name>jspservlet</servlet-name>
+ <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
+ </servlet>
+
+ <!-- servlet mapping for jsp pages -->
+ <!-- errorpage.jsp (customizeable) -->
+ <servlet-mapping>
+ <servlet-name>jspservlet</servlet-name>
+ <url-pattern>/errorpage-proxy.jsp</url-pattern>
+ </servlet-mapping>
+ <!-- message-proxy.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) -->
+ <servlet-mapping>
+ <servlet-name>jspservlet</servlet-name>
+ <url-pattern>/message-proxy.jsp</url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name>ConfigurationUpdate</servlet-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </servlet-mapping>
+ <servlet-mapping>
+ <servlet-name>Proxy</servlet-name>
+ <url-pattern>/*</url-pattern>
+ </servlet-mapping>
+ <session-config>
+ <session-timeout>30</session-timeout>
+ </session-config>
+ <error-page>
+ <error-code>500</error-code>
+ <location>/errorpage.jsp</location>
+ </error-page>
+ <security-constraint>
+ <web-resource-collection>
+ <web-resource-name>ConfigurationUpdate</web-resource-name>
+ <url-pattern>/ConfigurationUpdate</url-pattern>
+ </web-resource-collection>
+ <auth-constraint>
+ <role-name>moa-admin</role-name>
+ </auth-constraint>
+ </security-constraint>
+ <login-config>
+ <auth-method>BASIC</auth-method>
+ <realm-name>UserDatabase</realm-name>
+ </login-config>
+ <security-role>
+ <description>
+ The role that is required to log in to the moa Application
+ </description>
+ <role-name>moa-admin</role-name>
+ </security-role>
+</web-app>
diff --git a/id/server/proxy/src/main/webapp/errorpage-proxy.jsp b/id/server/proxy/src/main/webapp/errorpage-proxy.jsp
new file mode 100644
index 000000000..07f3e7f69
--- /dev/null
+++ b/id/server/proxy/src/main/webapp/errorpage-proxy.jsp
@@ -0,0 +1,50 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>Ein Fehler ist aufgetreten</title>
+</head>
+<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
+ String errorMessage = (String)request.getAttribute("ErrorMessage");
+ String wrongParameters = (String)request.getAttribute("WrongParameters");
+%>
+
+<body>
+<h1>Fehler bei der Anmeldung</h1>
+<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
+
+<% if (errorMessage != null) { %>
+<p>
+<%= errorMessage%><br>
+</p>
+<% } %>
+<% if (exceptionThrown != null) { %>
+<p>
+<%= exceptionThrown.getMessage()%>
+</p>
+<% } %>
+<% if (wrongParameters != null) { %>
+<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
+<b> <%= wrongParameters %> </b><br>
+<p>
+ Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>
+<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
+</p>
+<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
+<% } %>
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/proxy/src/main/webapp/message-proxy.jsp b/id/server/proxy/src/main/webapp/message-proxy.jsp
new file mode 100644
index 000000000..0d970898a
--- /dev/null
+++ b/id/server/proxy/src/main/webapp/message-proxy.jsp
@@ -0,0 +1,20 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<%@ page contentType="text/html; charset=UTF-8" %>
+<html>
+<head>
+<title>MOA-ID Proxy</title>
+</head>
+<% String message = (String)request.getAttribute("Message");
+%>
+
+<body>
+<h1>MOA-ID Proxy</h1>
+
+<% if (message != null) { %>
+<p>
+<%= message%><br>
+</p>
+<% } %>
+
+</body>
+</html> \ No newline at end of file
diff --git a/id/server/resources/properties/id_messages_de.properties b/id/server/resources/properties/id_messages_de.properties
new file mode 100644
index 000000000..4dc2ac3ae
--- /dev/null
+++ b/id/server/resources/properties/id_messages_de.properties
@@ -0,0 +1,158 @@
+# This file contains exception messages in the standard Java properties
+# format. The messages may contain formatting patterns as definied in the
+# java.text.MessageFormat class.
+
+#
+# Error messages: the key corresponds to the error code
+#
+
+# status messages included in <samlp:Response> of GetAuthenticationDataService
+1200=Anfrage erfolgreich beantwortet
+1201=Fehlerhaftes Requestformat: mehr als 1 Request übergeben
+1202=Fehlerhaftes Requestformat: kein SAML-Artifakt übergeben
+1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt übergeben
+1204=Fehlerhaftes Requestformat
+1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1}
+1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0})
+1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0})
+1299=Interner Server-Fehler
+
+auth.00=Anmeldung an dieser Applikation wird nicht unterstützt (URL={0})
+auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0})
+auth.02=MOASessionID ist unbekannt (MOASessionID={0})
+auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1}
+auth.04=Fehler beim Auslesen der Resource "{0}": {1}
+auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
+auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
+auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
+auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <i>{0}</i>: {1}
+auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
+auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
+auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
+
+init.00=MOA ID Authentisierung wurde erfolgreich gestartet
+init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
+init.02=Fehler beim Starten des Service MOA ID Authentisierung
+
+config.00=MOA ID Konfiguration erfolgreich geladen: {0}
+config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
+config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details)
+config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details)
+config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet
+config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration
+config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0}
+config.07=Klasse {0} kann nicht instanziert werden
+config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration
+config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1})
+config.10=Fehler in der MOA SPSS Konfiguration: {0}
+config.11=LoginParameterResolver konnte nicht konfiguriert werden {0}
+config.12=Standard DATA URL Prefix "{0}" wird anstatt des konfigurierten DATA URL Prefix verwendet
+config.13=Konfiguriertes DATA URL Prefix "{0}" muss mit http:// bzw. https:// beginnen
+config.14=LoginParameterResolver-Fehler: {0}
+config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden.
+config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
+
+
+parser.00=Leichter Fehler beim Parsen: {0}
+parser.01=Fehler beim Parsen: {0}
+parser.02=Schwerer Fehler beim Parsen: {0}
+parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels: {0}
+parser.04=Fehler beim Serialisieren: {0}
+parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden.
+parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollständig ({1} im {2} fehlt)
+parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element).
+
+builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
+builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
+
+service.00=Fehler beim Aufruf des Web Service: {0}
+service.01=Fehler beim Aufruf des Web Service: kein Endpoint
+service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
+service.03=Fehler beim Aufruf des SPSS-API: {0}
+
+cleaner.00=AuthenticationSessionCleaner wurde gestartet
+cleaner.01=Fehler im AuthenticationSessionCleaner
+cleaner.02=MOASession {0} ist abgelaufen
+cleaner.03=Anmeldedaten zu SAML-Artifakt {0} sind abgelaufen
+
+proxy.00=MOA ID Proxy wurde erfolgreich gestartet
+proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
+proxy.02=Unbekannter URL {0}. <br>Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
+proxy.04=URL {0} : {1}
+proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} : {1}
+proxy.06=Fehler beim Starten des Service MOA ID Proxy
+proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an.
+proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0})
+proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0}
+proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy)
+proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten.
+proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. <br>Pr&uuml;fen Sie bitte ihre Berechtigung.
+proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Präfix: {0}
+proxy.14=<p> Folgende Ursachen können zu dem Fehler geführt haben:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
+proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die benötigte Berechtigung.
+proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht m&ouml;glich. Die maximale Anzahl von {1} ung&uuml;ltigen Loginversuchen wurde &uuml;berschritten.<br>Pr&uuml;fen Sie bitte ihre Berechtigung.
+
+validator.00=Kein SAML:Assertion Objekt gefunden {0}
+validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
+validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0}
+validator.03=Der Namespace eines öffentlichen Schlüssels ist ungültig {0}
+validator.04=Es wurde ein SAML:Attribut ohne öffentlichen Schlüssel gefunden {0}
+validator.05=Es wurde {0} keine DSIG:Signature gefunden
+
+validator.06=Die Signatur ist ungültig
+validator.07=Das Zertifikat der Personenbindung ist ungültig.<br>{0}
+validator.08=Das Manifest ist ungültig
+validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein
+
+validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0}
+validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0}
+validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0}
+validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
+validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0}
+validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
+
+validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0}
+#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als gültiger SubjectDN-Name für eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
+validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
+
+validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.<br>{0}
+
+validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.
+validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette fällt der Prüfzeitpunkt nicht in das Gültigkeitsintervall.
+validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
+validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen.
+validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt.
+
+validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten
+validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
+validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
+validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ungültig {0}
+validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
+
+
+validator.32="Issuer" im AUTH-Block nicht vorhanden.
+validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein.
+validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein.
+validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig.
+validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert: {0} statt der erwarteten {1}
+validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
+validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig: "{3}" anstelle von "{4}"
+validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
+
+
+validator.40=Überprüfung der {0}-Infobox fehlgeschlagen: {1}
+validator.41=Überprüfung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur Überprüfung der {0}-Infobox vorhanden.
+validator.42=Überprüfung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
+validator.43=Überprüfung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse für die {0}-Infobox konnte nicht erfolgreich geparst werden.
+validator.44=Überprüfung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Prüfapplikation ist ein Fehler aufgetreten.
+validator.45=Überprüfung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Prüfapplikation zurückgegebenen SAML-Attributes Nummer {2} ist {3}.
+validator.46=Überprüfung der {0}-Infobox fehlgeschlagen: Der Wert des von der Prüfapplikation zurückgegebenen SAML-Attributes Nummer {1} ist ungültig.
+validator.47=Überprüfung der {0}-Infobox fehlgeschlagen: Das von der Prüfapplikation zurückgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
+validator.48={0}-Infobox wurde nicht von der BKU übermittelt: Für die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
+
+validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten.
+
+
+ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
diff --git a/id/server/resources/wsdl/MOA-ID-1.0.wsdl b/id/server/resources/wsdl/MOA-ID-1.0.wsdl
new file mode 100644
index 000000000..5751b3e58
--- /dev/null
+++ b/id/server/resources/wsdl/MOA-ID-1.0.wsdl
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-20020812.xsd"/>
+ <message name="GetAuthenticationDataInput">
+ <part name="body" element="samlp:Request"/>
+ </message>
+ <message name="GetAuthenticationDataOutput">
+ <part name="body" element="samlp:Response"/>
+ </message>
+ <message name="MOAFault">
+ <part name="body" element="moa:ErrorResponse"/>
+ </message>
+ <portType name="IdentificationPortType">
+ <operation name="getAuthenticationData">
+ <input message="tns:GetAuthenticationDataInput"/>
+ <output message="tns:GetAuthenticationDataOutput"/>
+ <fault name="MOAFault" message="tns:MOAFault"/>
+ </operation>
+ </portType>
+ <binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="getAuthenticationData">
+ <soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+ <input>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </input>
+ <output>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </output>
+ <fault name="MOAFault">
+ <soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </fault>
+ </operation>
+ </binding>
+ <service name="GetAuthenticationDataService">
+ <port name="IdentificationPort" binding="tns:IdentificationBinding">
+ <soap:address location="http://localhost/moa-id-auth/services/GetAuthenticationData"/>
+ </port>
+ </service>
+</definitions>
diff --git a/id/server/resources/wsdl/MOA-ID-1.x.wsdl b/id/server/resources/wsdl/MOA-ID-1.x.wsdl
new file mode 100644
index 000000000..45152cb38
--- /dev/null
+++ b/id/server/resources/wsdl/MOA-ID-1.x.wsdl
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.2.xsd"/>
+ <message name="GetAuthenticationDataInput">
+ <part name="body" element="samlp:Request"/>
+ </message>
+ <message name="GetAuthenticationDataOutput">
+ <part name="body" element="samlp:Response"/>
+ </message>
+ <message name="MOAFault">
+ <part name="body" element="moa:ErrorResponse"/>
+ </message>
+ <portType name="IdentificationPortType">
+ <operation name="getAuthenticationData">
+ <input message="tns:GetAuthenticationDataInput"/>
+ <output message="tns:GetAuthenticationDataOutput"/>
+ <fault name="MOAFault" message="tns:MOAFault"/>
+ </operation>
+ </portType>
+ <binding name="IdentificationBinding" type="tns:IdentificationPortType" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/soap/ http://schemas.xmlsoap.org/wsdl/soap/">
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="getAuthenticationData">
+ <soap:operation soapAction="urn:GetAuthenticationDataAction"/>
+ <input>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </input>
+ <output>
+ <soap:body use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </output>
+ <fault name="MOAFault">
+ <soap:fault name="MOAFault" use="literal" namespace="http://reference.e-government.gv.at/namespace/moa/20020822#"/>
+ </fault>
+ </operation>
+ </binding>
+ <service name="GetAuthenticationDataService">
+ <port name="IdentificationPort" binding="tns:IdentificationBinding">
+ <soap:address location="http://localhost/Identification"/>
+ </port>
+ </service>
+</definitions>
diff --git a/id/server/resources/wsdl/MOA-SPSS-1.2.xsd b/id/server/resources/wsdl/MOA-SPSS-1.2.xsd
new file mode 100644
index 000000000..d7a06d6e7
--- /dev/null
+++ b/id/server/resources/wsdl/MOA-SPSS-1.2.xsd
@@ -0,0 +1,454 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ MOA SP/SS 1.2 Schema
+-->
+<xsd:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.2">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://www.w3.org/XML/1998/namespace" schemaLocation="http://www.w3.org/2001/xml.xsd"/>
+ <!--########## Create XML Signature ###-->
+ <!--### Create XML Signature Request ###-->
+ <xsd:element name="CreateXMLSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="CreateXMLSignatureRequestType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="CreateXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="KeyIdentifier" type="KeyIdentifierType"/>
+ <xsd:element name="SingleSignatureInfo" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ermöglichung der Stapelsignatur durch wiederholte Angabe dieses Elements</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="DataObjectInfo" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="DataObjectInfoType">
+ <xsd:attribute name="ChildOfManifest" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="CreateSignatureInfo" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureEnvironment" type="ContentOptionalRefType"/>
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe des Signaturorts sowie ggf. sinnvoller Supplements im Zshg. mit der Signaturumgebung, oder Verweis auf ein benanntes Profil</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateSignatureEnvironmentProfile"/>
+ <xsd:element name="CreateSignatureEnvironmentProfileID" type="ProfileIdentifierType"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="SecurityLayerConformity" type="xsd:boolean" use="optional" default="true"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Create XML Signature Response ###-->
+ <xsd:complexType name="CreateXMLSignatureResponseType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Kardinalität 1..oo erlaubt die Antwort auf eine Stapelsignatur-Anfrage</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="SignatureEnvironment">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung erfolgreich war</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element ref="ErrorResponse"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="CreateXMLSignatureResponse" type="CreateXMLSignatureResponseType"/>
+ <!--########## Verify CMS Signature ###-->
+ <!--### Verifiy CMS Signature Request ###-->
+ <xsd:element name="VerifyCMSSignatureRequest">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="VerifyCMSSignatureRequestType">
+ <xsd:attribute name="Signatories" type="SignatoriesType" use="optional" default="1"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="VerifyCMSSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="CMSSignature" type="xsd:base64Binary"/>
+ <xsd:element name="DataObject" type="CMSDataObjectOptionalMetaType" minOccurs="0"/>
+ <xsd:element name="TrustProfileID">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify CMS Signature Response ###-->
+ <xsd:element name="VerifyCMSSignatureResponse" type="VerifyCMSSignatureResponseType"/>
+ <xsd:complexType name="VerifyCMSSignatureResponseType">
+ <xsd:sequence maxOccurs="unbounded">
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any;publicAuthority is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SignatureCheck" type="CheckResultType"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Verify XML Signature ###-->
+ <!--### Verify XML Signature Request ###-->
+ <xsd:element name="VerifyXMLSignatureRequest" type="VerifyXMLSignatureRequestType"/>
+ <xsd:complexType name="VerifyXMLSignatureRequestType">
+ <xsd:sequence>
+ <xsd:element name="DateTime" type="xsd:dateTime" minOccurs="0"/>
+ <xsd:element name="VerifySignatureInfo">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="VerifySignatureEnvironment" type="ContentOptionalRefType"/>
+ <xsd:element name="VerifySignatureLocation" type="xsd:token"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice minOccurs="0" maxOccurs="unbounded">
+ <xsd:element ref="SupplementProfile"/>
+ <xsd:element name="SupplementProfileID" type="xsd:string"/>
+ </xsd:choice>
+ <xsd:element name="SignatureManifestCheckParams" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ReferenceInfo" type="VerifyTransformsDataType" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Pro dsig:Reference-Element in der zu überprüfenden XML-Signatur muss hier ein ReferenceInfo-Element erscheinen. Die Reihenfolge der einzelnen ReferenceInfo Elemente entspricht jener der dsig:Reference Elemente in der XML-Signatur.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="ReturnReferenceInputData" type="xsd:boolean" use="optional" default="true"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ReturnHashInputData" minOccurs="0"/>
+ <xsd:element name="TrustProfileID">
+ <xsd:annotation>
+ <xsd:documentation>mit diesem Profil wird eine Menge von vertrauenswürdigen Wurzelzertifikaten spezifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--### Verify XML Signature Response ###-->
+ <xsd:element name="VerifyXMLSignatureResponse" type="VerifyXMLSignatureResponseType"/>
+ <xsd:complexType name="VerifyXMLSignatureResponseType">
+ <xsd:sequence>
+ <xsd:element name="SignerInfo" type="dsig:KeyInfoType">
+ <xsd:annotation>
+ <xsd:documentation>only ds:X509Data and ds:RetrievalMethod is supported; QualifiedCertificate is included as X509Data/any; PublicAuthority is included as X509Data/any</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="HashInputData" type="ContentExLocRefBaseType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferenceInputData" type="ContentExLocRefBaseType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="SignatureCheck" type="ReferencesCheckResultType"/>
+ <xsd:element name="SignatureManifestCheck" type="ReferencesCheckResultType" minOccurs="0"/>
+ <xsd:element name="XMLDSIGManifestCheck" type="ManifestRefsCheckResultType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="CertificateCheck" type="CheckResultType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="ProfileIdentifierType">
+ <xsd:restriction base="xsd:token"/>
+ </xsd:simpleType>
+ <xsd:complexType name="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="MimeType" type="MimeTypeType"/>
+ <xsd:element name="Description" type="xsd:anyURI" minOccurs="0"/>
+ <xsd:any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="FinalDataMetaInfoType">
+ <xsd:complexContent>
+ <xsd:extension base="MetaInfoType">
+ <xsd:sequence>
+ <xsd:element name="Type" type="xsd:anyURI" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="DataObjectInfoType">
+ <xsd:sequence>
+ <xsd:element name="DataObject">
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="ContentOptionalRefType"/>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:annotation>
+ <xsd:documentation>Auswahl: Entweder explizite Angabe EINER Transformationskette inklusive ggf. sinnvoller Supplements oder Verweis auf ein benanntes Profil</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="CreateTransformsInfoProfile"/>
+ <xsd:element name="CreateTransformsInfoProfileID" type="ProfileIdentifierType"/>
+ </xsd:choice>
+ </xsd:sequence>
+ <xsd:attribute name="Structure" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="detached"/>
+ <xsd:enumeration value="enveloping"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+ <xsd:element name="FinalDataMetaInfo" type="FinalDataMetaInfoType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLDataObjectAssociationType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+ <xsd:element name="Content" type="ContentRequiredRefType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSDataObjectOptionalMetaType">
+ <xsd:sequence>
+ <xsd:element name="MetaInfo" type="MetaInfoType" minOccurs="0"/>
+ <xsd:element name="Content" type="CMSContentBaseType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="CMSContentBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="AnyChildrenType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="ReferencesCheckResultInfoType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ReferencesCheckResultInfoType" mixed="true">
+ <xsd:complexContent mixed="true">
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultType">
+ <xsd:complexContent>
+ <xsd:restriction base="CheckResultType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:nonNegativeInteger"/>
+ <xsd:element name="Info" type="ManifestRefsCheckResultInfoType"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ManifestRefsCheckResultInfoType" mixed="true">
+ <xsd:complexContent mixed="true">
+ <xsd:restriction base="AnyChildrenType">
+ <xsd:sequence>
+ <xsd:any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="FailedReference" type="xsd:positiveInteger" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="ReferringSigReference" type="xsd:positiveInteger"/>
+ </xsd:sequence>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <!--########## Error Response ###-->
+ <xsd:element name="ErrorResponse" type="ErrorResponseType">
+ <xsd:annotation>
+ <xsd:documentation>Resultat, falls die Signaturerstellung gescheitert ist</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:complexType name="ErrorResponseType">
+ <xsd:sequence>
+ <xsd:element name="ErrorCode" type="xsd:integer"/>
+ <xsd:element name="Info" type="xsd:string"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <!--########## Auxiliary Types ###-->
+ <xsd:simpleType name="KeyIdentifierType">
+ <xsd:restriction base="xsd:string"/>
+ </xsd:simpleType>
+ <xsd:simpleType name="KeyStorageType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="Software"/>
+ <xsd:enumeration value="Hardware"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MimeTypeType">
+ <xsd:restriction base="xsd:token"/>
+ </xsd:simpleType>
+ <xsd:complexType name="AnyChildrenType" mixed="true">
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="XMLContentType" mixed="true">
+ <xsd:complexContent mixed="true">
+ <xsd:extension base="AnyChildrenType">
+ <xsd:attribute ref="xml:space" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:complexType name="ContentExLocRefBaseType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentBaseType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ </xsd:choice>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentOptionalRefType">
+ <xsd:complexContent>
+ <xsd:extension base="ContentBaseType">
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="optional"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="ContentRequiredRefType">
+ <xsd:complexContent>
+ <xsd:restriction base="ContentOptionalRefType">
+ <xsd:choice minOccurs="0">
+ <xsd:element name="Base64Content" type="xsd:base64Binary"/>
+ <xsd:element name="XMLContent" type="XMLContentType"/>
+ <xsd:element name="LocRefContent" type="xsd:anyURI"/>
+ </xsd:choice>
+ <xsd:attribute name="Reference" type="xsd:anyURI" use="required"/>
+ </xsd:restriction>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyTransformsDataType">
+ <xsd:choice maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Ein oder mehrere Transformationswege können von der Applikation an MOA mitgeteilt werden. Die zu prüfende Signatur hat zumindest einem dieser Transformationswege zu entsprechen. Die Angabe kann explizit oder als Profilbezeichner erfolgen.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element ref="VerifyTransformsInfoProfile"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string">
+ <xsd:annotation>
+ <xsd:documentation>Profilbezeichner für einen Transformationsweg</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ <xsd:element name="QualifiedCertificate"/>
+ <xsd:element name="PublicAuthority" type="PublicAuthorityType"/>
+ <xsd:complexType name="PublicAuthorityType">
+ <xsd:sequence>
+ <xsd:element name="Code" type="xsd:string" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:simpleType name="SignatoriesType">
+ <xsd:union memberTypes="AllSignatoriesType">
+ <xsd:simpleType>
+ <xsd:list itemType="xsd:positiveInteger"/>
+ </xsd:simpleType>
+ </xsd:union>
+ </xsd:simpleType>
+ <xsd:simpleType name="AllSignatoriesType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="all"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:complexType name="CreateSignatureLocationType">
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:token">
+ <xsd:attribute name="Index" type="xsd:nonNegativeInteger" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ <xsd:complexType name="TransformParameterType">
+ <xsd:choice minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Die Angabe des Transformationsparameters (explizit oder als Hashwert) kann unterlassen werden, wenn die Applikation von der Unveränderlichkeit des Inhalts der in "Transformationsparamter", Attribut "URI" angegebenen URI ausgehen kann.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:element name="Base64Content" type="xsd:base64Binary">
+ <xsd:annotation>
+ <xsd:documentation>Der Transformationsparameter explizit angegeben.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="Hash">
+ <xsd:annotation>
+ <xsd:documentation>Der Hashwert des Transformationsparameters.</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:DigestMethod"/>
+ <xsd:element ref="dsig:DigestValue"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ <xsd:attribute name="URI" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:element name="CreateSignatureEnvironmentProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateSignatureLocation" type="CreateSignatureLocationType"/>
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyTransformsInfoProfile">
+ <xsd:annotation>
+ <xsd:documentation>Explizite Angabe des Transformationswegs</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="dsig:Transforms" minOccurs="0"/>
+ <xsd:element name="TransformParameter" type="TransformParameterType" minOccurs="0" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Alle impliziten Transformationsparameter, die zum Durchlaufen der oben angeführten Transformationskette bekannt sein müssen, müssen hier angeführt werden. Das Attribut "URI" bezeichnet den Transformationsparameter in exakt jener Weise, wie er in der zu überprüfenden Signatur gebraucht wird.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Supplement" type="XMLDataObjectAssociationType"/>
+ <xsd:element name="SupplementProfile" type="XMLDataObjectAssociationType"/>
+ <xsd:element name="CreateTransformsInfoProfile">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="CreateTransformsInfo" type="TransformsInfoType"/>
+ <xsd:element ref="Supplement" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+</xsd:schema>
diff --git a/id/server/resources/xmldata/CertInfoDsigSignature.xml b/id/server/resources/xmldata/CertInfoDsigSignature.xml
new file mode 100644
index 000000000..bf35dc73f
--- /dev/null
+++ b/id/server/resources/xmldata/CertInfoDsigSignature.xml
@@ -0,0 +1,139 @@
+<dsig:Signature Id="HS_signature" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-data-1" URI="#signed-data"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;signed-data&apos;)/node()</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>C0hW5jQojphweuFzPb+CNkHwhe4=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903/v1.1.1#SignedProperties" URI="#refetsi"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"><xf2:XPath Filter="intersect" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#" xmlns:xf2="http://www.w3.org/2002/06/xmldsig-filter2">id(&apos;refetsi&apos;)/etsi:QualifyingProperties/etsi:SignedProperties</xf2:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Bdsc7wAfyMyZ21ChcF+tRh3D7sU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>lCz3hDQMbqRMmCieG3fQFax3f8JX86gDi7mf4h03J7vlJjSOJQ4Wh/3Kd81ntKuh
+qFphj2cEhQYX08e6SeaU+7H7qdRa+xFRDRGav8L5x5xCUQT2SV+2/hx0C7UuJt+p
+tewtbqVAcNxgKPlBuIzyXGOrBdiinp1KftEQoVCpPCI=</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIFJTCCBA2gAwIBAgICGTcwDQYJKoZIhvcNAQEFBQAwgaExCzAJBgNVBAYTAkFU
+MUgwRgYDVQQKEz9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGlt
+IGVsZWt0ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsTGmEtc2lnbi1URVNU
+LVByZW1pdW0tRW5jLTAxMSMwIQYDVQQDExphLXNpZ24tVEVTVC1QcmVtaXVtLUVu
+Yy0wMTAeFw0wMzAyMTAxMzIwNThaFw0wNjAyMTAxMzIwNThaMGoxCzAJBgNVBAYT
+AkFUMRwwGgYDVQQDExNUZXN0cGVyc29uIE1PQTQgQlJaMQwwCgYDVQQEEwNCUlox
+GDAWBgNVBCoTD1Rlc3RwZXJzb24gTU9BNDEVMBMGA1UEBRMMNzkwMTg3NDYxNjMz
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDS/UW1/tZeCh7HHQmj8auUTEc4
+edAgRDkUVKOm0tF3kE3WZlhGDZL0p84xsdIKyI+bwDCMATATkQwDo/Xxn9jJMi4/
+t80bNyRsHk9giA0wcvz9NgmEcDwKNqawGsR9gNeK8TyIC8AuDkj1EwtkAObMvtp/
+Z1phi47x3JxDDfGDpQIDAQABo4ICHzCCAhswEwYDVR0jBAwwCoAIS7OAw3GTPNgw
+JwYIKwYBBQUHAQMBAf8EGDAWMAgGBgQAjkYBATAKBggrBgEFBQcLATCBggYIKwYB
+BQUHAQEEdjB0MCkGCCsGAQUFBzABhh1odHRwOi8vd3d3LmEtdHJ1c3QuYXQ6ODIv
+b2NzcDBHBggrBgEFBQcwAoY7aHR0cDovL3d3dy5hLXRydXN0LmF0L2NlcnRzL2Et
+c2lnbi1URVNULVByZW1pdW0tU2lnLTAxYS5jcnQwgZQGA1UdIASBjDCBiTB9BgYq
+KAARAQQwczA1BggrBgEFBQcCARYpaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3Mv
+Y3AvYS1zaWduLVRFU1QwOgYIKwYBBQUHAgIwLhosRGllc2VzIFplcnRpZmlrYXQg
+ZGllbnQgbnVyIHp1IFRlc3R6d2Vja2VuICEwCAYGBACLMAEBMG8GA1UdHwRoMGYw
+ZKBioGCGXmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQvb3U9YS1zaWduLVRFU1QtUHJl
+bWl1bS1FbmMtMDEsbz1BLVRydXN0LGM9QVQ/Y2VydGlmaWNhdGVyZXZvY2F0aW9u
+bGlzdD8wEQYDVR0OBAoECE4DxL9ky4M+MA4GA1UdDwEB/wQEAwIGwDAgBgNVHREE
+GTAXgRV0ZXN0cGVyc29uNEBicnouZ3YuYXQwCQYDVR0TBAIwADANBgkqhkiG9w0B
+AQUFAAOCAQEAioVvsZN+NnQxXMTGdjKveTBMRTYzHflkSC8lI9XXltP5+mjIuoB2
+Tn6voovA8dXz9jTsnQt8f8ye0CL2bSS9UVD1jv8So3bavquW+HlkZBAZvL39APNL
+PjUUnWn0QOnrQAJ6W47UwGAUgEw3KcBcJaEa4Xb/8kUj618xGzWl6X0mKsVpxkrf
++5Cj+nmwDqChll08/90MmhSY4M5FrvmQ9GjAN5FHVsk0FPp02tKCRzoBJtzpB1DW
+KHlgiDHUAXy5eD0XI7PXebPNZ4InvY/jC/IH8PRLdJT249YQmUxZ4neTtFDvb8C1
+Qh6k725fh3hVxqX8ZwwWj9+iGQVk53K3CA==</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="signed-data"><html>
+<head>
+<title>Überprüfung des Namen des Anmelde-Servers</title>
+</head>
+<body>
+<h2>Prüfung der Identität des MOA-ID Servers</h2>
+
+Bevor Sie sich in den folgenden Schritten an eine Online-Applikation anmelden,
+wird empfohlen den Namen des Anmelde-Servers zu überprüfen.
+Zu diesem Zweck identifiziert Ihr Webbrowser den Anmelde-Server mit Hilfe eines Zertifikates.
+Ihre Aufgabe ist es zu überprüfen, ob das Server-Zertifikat von einem Unternehmen ausgestellt
+wurde, dem Sie vertrauen.
+<p>
+Die folgenden Absätze beschreiben, wie Sie diese Überprüfung durchführen können.
+Führen Sie jene Arbeitsschritte durch, die für den von Ihnen verwendeten Webbrowser zutreffend sind.
+</p>
+<h3>Microsoft Internet Explorer 6.0</h3>
+
+<ol>
+<li>Öffnen Sie (durch Doppel-Klicken) das Symbol mit dem gelben Vorhangschloß am unteren Rand des Browsers.</li>
+<li>Selektieren Sie im nun geöffnetem Fenster &quot;Zertifikat&quot; den Karteireiter &quot;Zertifizierungspfad&quot;.</li>
+<li>Öffnen Sie (durch Doppel-Klicken) das an oberster Stelle gereihte Zertifikat.</li>
+<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Karteireiter &quot;Details&quot;, Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li>
+<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den
+Fingerabdruck (Karteireiter &quot;Details&quot;, unterster Eintrag) des Zertifikats überprüfen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt.
+<ul>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li>
+</ul></li>
+<li>Ist das in Schritt 3. geöffnete Zertifikat nicht im Internet Explorer installiert erscheint das Zertifikat mit
+einem roten Kreuz. Sie können das Zertifikat installieren, indem Sie die Schaltfläche &quot;Zertifikat installieren ...&quot;
+(Karteireiter &quot;Allgemein&quot;) aktivieren. In der Folge werden alle von dieser Zertifizierungsstelle ausgestellten Zertifikate
+vom Internet Explorer als vertrauenswürdig erkannt.</li>
+</ol>
+<h3>Netscape Navigator 7.0</h3>
+<ol>
+<li>Öffnen Sie (durch Klicken) das Symbol mit dem Vorhangschloss am rechten, unteren Rand des Browsers</li>
+<li>Aktivieren Sie die Schaltfläche &quot;Anzeigen&quot;</li>
+<li>Selektieren Sie im nun geöffnetem Fenster &quot;Zertifikatsanzeige&quot; den Karteireiter &quot;Detail&quot;.</li>
+<li>Aktivieren Sie (durch Klicken) das an oberster Stelle gereihte Zertifikat.</li>
+<li>Überprüfen Sie ob als Aussteller dieses Zertifikat (Eintrag &quot;Aussteller&quot;)
+ein Unternehmen aufscheint, dem Sie vertrauen den Namen des Anmelde-Servers zu überprüfen.</li>
+<li>Überprüfen Sie, ob dieses Zertifikat authentisch vom angegebene Unternehmen stammt. Dazu können Sie den
+Fingerabdruck des Zertifikats überprüfen. Am Ende dieses Dokuments ist
+eine von der IKT-Stabsstelle überprüfte Liste von Zertifikaten und deren Fingerabdruck aufgelistet.
+Überprüfen Sie ob das von Ihnen zu überprüfende Zertifikat
+in dieser Liste enthalten ist und der Fingerabruck mit dem Wert in der Liste übereinstimmt.
+<ul>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten und stimmt der Wert des Fingerabdrucks mit dem Wert
+in der Liste überein, dann ist das Zertifikat authentisch und der Anmeldevorgang kann fortgesetzt werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat in der Liste enthalten aber stimmt der Wert des Fingerabdrucks nicht mit dem Wert
+in der Liste überein, dann ist das Zertifikat nicht authentisch und der Anmeldevorgang muss abgebrochen werden.</li>
+<li>Ist Ihr zu prüfendes Zertifikat nicht in der Liste enthalten müssen Sie eine andere verlässliche Quelle für den
+Vergleich des Fingerabdrucks finden. Sofern das Zertifikat authentisch ist, kann der Anmeldevorgang fortgesetzt werden.</li>
+</ul></li>
+<li>Ist das Aussteller-Zertifikat nicht im Netscape Navigator installiert können Sie das Zertifikat installieren,
+indem Sie die &quot;*.cer&quot; Datei mit Netscape Navigator öffnen. In der Folge werden alle von dieser Zertifizierungsstelle
+ausgestellten Zertifikate vom Internet Explorer als vertrauenswürdig erkannt.</li>
+</ol>
+
+<h2>Zertifikate und ihr Fingerabdruck</h2>
+
+<table>
+<tr>
+<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td>
+</tr>
+<tr>
+<td>Seriennummer</td><td>111 (0x6f)</td>
+</tr>
+<tr>
+<td>Fingerabdruck</td><td>SHA-1: e6 e6 fc 88 71 91 77 c9 b7 42 18 25 75 7c 5e 47 bc ac 85 f6</td>
+</tr>
+</table>
+
+<p/>
+<table>
+<tr>
+<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td>
+</tr>
+<tr>
+<td>Seriennummer</td><td>531 (0x213)</td>
+</tr>
+<tr>
+<td>Fingerabdruck</td><td>SHA-1: 9e 05 12 dd 61 da 59 49 d1 d8 63 1c 3f 19 d7 5f 49 6c 37 33</td>
+</tr>
+</table>
+
+<p/>
+<table>
+<tr>
+<td>Aussteller</td><td>CN=A-Trust-nQual-01,OU=A-Trust-nQual-01,O=A-Trust,C=AT</td>
+</tr>
+<tr>
+<td>Seriennummer</td><td>536 (0x0218)</td>
+</tr>
+<tr>
+<td>Fingerabdruck</td><td>SHA-1: 0f 5a 03 42 f5 cd 44 87 99 c3 c6 d1 78 60 7e 3f 2b 5b cb 8f</td>
+</tr>
+</table>
+
+</body>
+</html></dsig:Object><dsig:Object Id="refetsi"><etsi:QualifyingProperties Target="#HS_signature" xmlns:etsi="http://uri.etsi.org/01903/v1.1.1#"><etsi:SignedProperties><etsi:SignedSignatureProperties><etsi:SigningTime>2003-05-06T07:09:50Z</etsi:SigningTime><etsi:SigningCertificate><etsi:Cert><etsi:CertDigest><etsi:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><etsi:DigestValue>Frhu1o4mL4gQHdJcU0xSA/h4COE=</etsi:DigestValue></etsi:CertDigest><etsi:IssuerSerial><dsig:X509IssuerName>CN=a-sign-TEST-Premium-Enc-01,OU=a-sign-TEST-Premium-Enc-01,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT</dsig:X509IssuerName><dsig:X509SerialNumber>6455</dsig:X509SerialNumber></etsi:IssuerSerial></etsi:Cert></etsi:SigningCertificate><etsi:SignaturePolicyIdentifier><etsi:SignaturePolicyImplied/></etsi:SignaturePolicyIdentifier></etsi:SignedSignatureProperties><etsi:SignedDataObjectProperties><etsi:DataObjectFormat ObjectReference="#reference-data-1"><etsi:MimeType>text/html</etsi:MimeType></etsi:DataObjectFormat></etsi:SignedDataObjectProperties></etsi:SignedProperties></etsi:QualifyingProperties></dsig:Object></dsig:Signature> \ No newline at end of file
diff --git a/id/server/services/org.apache.axis.components.net.SecureSocketFactory b/id/server/services/org.apache.axis.components.net.SecureSocketFactory
new file mode 100644
index 000000000..c4547e804
--- /dev/null
+++ b/id/server/services/org.apache.axis.components.net.SecureSocketFactory
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.util.AxisSecureSocketFactory
diff --git a/id/templates/src/main/webapp/SampleBKUSelectionTemplate.html b/id/templates/src/main/webapp/SampleBKUSelectionTemplate.html
new file mode 100644
index 000000000..5536226a8
--- /dev/null
+++ b/id/templates/src/main/webapp/SampleBKUSelectionTemplate.html
@@ -0,0 +1,52 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Auswahl der B&uuuml;rgerkartenumgebung</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
+</head>
+
+<body>
+<img src="/moaid-templates/SampleLogo.gif" alt='Organisation XY'>
+<h1 align="center">Auswahl der B&uuml;rgerkartenumgebung</h1>
+<p></p>
+<p>Sie haben sich f&uuml;r Anmeldung mit Ihrer B&uuml;rgerkarte entschieden. Da es verschiedene Formen der B&uuml;rgerkarte gibt, m&uuml;ssen Sie nun w&auml;hlen, welche Sie bei der Anmeldung verwenden wollen.</p>
+<h3>Auswahl der B&uuml;rgerkarte</h3>
+<form name="CustomizedForm" method="post" action="<StartAuth>">
+ <BKUSelect>
+ <input type="submit" value="Ausw&auml;hlen"/>
+</form>
+<br/>
+<p></p>
+
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+<h4>Hinweise: </h4>
+<ul>
+ <li>
+ <p>Wollen Sie eine A-Trust B&uuml;rgerkarte erwerben? Hier finden Sie Informationen
+ dazu: <a href="http://www.a-trust.at/info.asp?node=337" target="_blank">A-Trust
+ B&uuml;rgerkarte.</a> Bei der Anmeldung mit der A-Trust B&uuml;rgerkarte
+ ben&ouml;tigen Sie eine funktionsf&auml;hige B&uuml;rgerkartensoftware sowie
+ einen passenden Kartenleser.</p>
+ </li>
+ <li>
+ <p>Wollen Sie ein A1-Signatur erwerben? Wenden Sie sich an 0800-664 680 um
+ Informationen zur A1-Signatur zu erhalten.
+ Hier finden Sie ebenfalls Informationen dazu: <a href="http://www.a1.net/signatur" target="_blank">A1-Signatur</a>.
+ Bei der Anmeldung mit der A1-Signatur wird keine B&uuml;rgerkartensoftware und
+ kein Kartenleser ben&ouml;tigt.</p>
+ </li>
+</ul>
+<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleBKUSElectionTemplate.html"><img border="0"
+ src="/moaid-templates/valid-html401.gif"
+ alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
+<p align="right">&nbsp; </p>
+
+
+</body>
+</html>
diff --git a/id/templates/src/main/webapp/SampleLogo.gif b/id/templates/src/main/webapp/SampleLogo.gif
new file mode 100644
index 000000000..4b7c682b1
--- /dev/null
+++ b/id/templates/src/main/webapp/SampleLogo.gif
Binary files differ
diff --git a/id/templates/src/main/webapp/SampleTemplate.html b/id/templates/src/main/webapp/SampleTemplate.html
new file mode 100644
index 000000000..e9756a036
--- /dev/null
+++ b/id/templates/src/main/webapp/SampleTemplate.html
@@ -0,0 +1,62 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit B&uuml;rgerkarte</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
+</head>
+
+<body>
+<img src="/moaid-templates/SampleLogo.gif" alt='Organisation XY'>
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit B&uuml;rgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt &uuml;ber die Module f&uuml;r Online Applikationen (MOA) unter Verwendung einer B&uuml;rgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Wenn Sie in Folge die Schaltfl&auml;che "Anmeldung mit B&uuml;rgerkarte"
+aktivieren, so werden zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+
+<form name="CustomizedForm" action="<BKU>" method="post">
+ <div align="center">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<XMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<DataURL>"/>
+ <input type="hidden"
+ name="PushInfobox"
+ value="<PushInfobox>"/>
+ <input type="submit" value="Anmeldung mit B&uuml;rgerkarte" name="submit"/>
+ </div>
+</form>
+<form name="CustomizedInfoForm"
+ action="<BKU>"
+ method="post">
+ <input type="hidden"
+ name="XMLRequest"
+ value="<CertInfoXMLRequest>"/>
+ <input type="hidden"
+ name="DataURL"
+ value="<CertInfoDataURL>"/>
+
+
+<br/>
+<p></p>
+
+ <input type="hidden" value="Weitere Info"/>
+</form>
+
+<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleTemplate.html"><img border="0"
+ src="/moaid-templates/valid-html401.gif"
+ alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
+<p align="right">&nbsp; </p>
+
+</body>
+</html>
diff --git a/id/templates/src/main/webapp/WEB-INF/web.xml b/id/templates/src/main/webapp/WEB-INF/web.xml
new file mode 100644
index 000000000..6954e9c87
--- /dev/null
+++ b/id/templates/src/main/webapp/WEB-INF/web.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
+
+<web-app>
+ <display-name>Sample MOA-ID Templates</display-name>
+ <description>>Sample MOA-ID Templates</description>
+</web-app>
+
diff --git a/id/templates/src/main/webapp/css/display.css b/id/templates/src/main/webapp/css/display.css
new file mode 100644
index 000000000..fc6da85b0
--- /dev/null
+++ b/id/templates/src/main/webapp/css/display.css
@@ -0,0 +1,52 @@
+/* Beispiel Display-Stylesheet */
+
+span.printText {
+ font-size:80%;
+ margin-left:1em;
+ margin-top:-1.2em;
+ margin-bottom:1em;
+ font-weight:bold;
+ float:right
+}
+
+#mainmenu {
+ padding-left: 8px
+}
+
+#currentcontext {
+ background-color:#eff3ff;
+ border-top: 1px solid #76769f;
+ border-bottom: 1px solid #76769f;
+}
+
+#contextmenu {
+ position: absolute;
+ padding-top: 0.5em;
+ margin-top: 1em;
+ background: #e7e9f6;
+ width: 12.5em;
+}
+
+#contextmenubottom {
+ padding-top:1em;
+ background:white;
+ background-image:url(/style/img/mnv.gif);
+ background-repeat:repeat-x;
+}
+
+#contentcontainer {
+ position: absolute;
+ padding: 0px;
+ margin-left: 13.5em;
+ margin-top: 1em;
+ width: 40em;
+ text-align: justify;
+}
+
+#content {
+ margin-top:0em;
+ margin-left:1em;
+}
+
+
+/* #z_location { font-size:80%; margin-left:1em; padding-top:1em; } */
diff --git a/id/templates/src/main/webapp/css/main.css b/id/templates/src/main/webapp/css/main.css
new file mode 100644
index 000000000..bcad5589c
--- /dev/null
+++ b/id/templates/src/main/webapp/css/main.css
@@ -0,0 +1,74 @@
+/* Haupt-Stylesheet fuer z.B. für CIO/ciointern/iktintern/WSIS Webseite sowie in MOA-ID Templates*/
+/* Original design by Tinfish Media Lab */
+/* Additional design by Bernd Martin, Arno Hollosi */
+
+body {
+ margin-bottom:0.5em;
+ margin-right:2em;
+ margin-left:0.5em;
+ margin-top:0.5em;
+ background-color:#FFFFFF;
+ color:#000000;
+}
+
+/* Font */
+body,table,td,th
+{
+ font-family:arial,sans-serif;
+ font-size:small;
+}
+th { background-color:#ffffbb; color:#000000; }
+
+
+/* Ueberschriften */
+h1,h2,h3,h4,h5
+{
+ color:#336699;
+ background-color:#FFFFFF;
+}
+h1 { font-size:140%; }
+h2 { font-size:120%; }
+h3 { font-size:110%; }
+
+/* Links */
+a:link { color:#336699; text-decoration:none; }
+a:visited { color:#660066; text-decoration:none; }
+a:active { color:#336699; text-decoration:none; }
+a:hover { color:#000000; text-decoration:underline; }
+
+dt { font-weight:bold; }
+
+dl.filelist dt { font-weight: normal; }
+dl.filelist dd { margin-bottom: 0.5em; }
+
+
+div.pic { font-size:80%; color:#888888; background-color:#FFFFFF; }
+
+div.verz0 { margin-left:0em; }
+div.verz1 { margin-left:1em; }
+div.verz2 { margin-left:2em; }
+div.verz3 { margin-left:3em; }
+div.verz4 { margin-left:4em; }
+div.verz5 { margin-left:5em; }
+div.verz6 { margin-left:6em; }
+div.verz7 { margin-left:7em; }
+
+div.backLink { font-size:70%; margin-left:0em; margin-bottom:0em; font-weight:bold }
+div.noJavaScript { font-size:70%; margin-top:1.2em; margin-bottom:1.2em; font-weight:bold }
+
+div.newsDate { font-size:70%; margin-left:0em; margin-bottom:0em; margin-top:1em; font-weight:bold }
+div.newsTitle { font-size:100%; margin-left:0em; margin-bottom:0.1em; font-weight:bold }
+div.newsDesc { font-size:90%; margin-left:2em; margin-bottom:0em; }
+div.newsCreator { font-size:70%; margin-left:2.6em; margin-bottom:1em; }
+div.newsResultDesc { font-size:90%; margin-left:2em; margin-bottom:1em; }
+
+div.indentSmall { margin-left:1em }
+div.indentNormal { margin-left:1.5em }
+div.indentHigh { margin-left:2em }
+
+div.pic { font-size:80%; color:#888888; background-color:#FFFFFF; }
+
+span.hinw { color:#993333; background-color:#FFFFFF; }
+span.filesizeinfo { font-size:75% }
+span.imprintText { font-size:80%; margin-left:1em; float:right }
+span.footer { font-size:80%; margin-left:1em; margin-bottom:1em;}
diff --git a/id/templates/src/main/webapp/valid-html401.gif b/id/templates/src/main/webapp/valid-html401.gif
new file mode 100644
index 000000000..1270561e1
--- /dev/null
+++ b/id/templates/src/main/webapp/valid-html401.gif
Binary files differ