diff options
| author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-20 11:51:18 +0100 |
|---|---|---|
| committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2017-11-20 11:51:18 +0100 |
| commit | 1b5e11112af6bbe48bfb5c95c8b75ae90f3edb22 (patch) | |
| tree | bffeb1e4042eff3da78c8ebb054ad68e823805a2 /id | |
| parent | 26ed8e3cf67094f8348993b6a87210c49334cb97 (diff) | |
| parent | 71680a1b57a22f64237bfaacb4511057f7637f8d (diff) | |
| download | moa-id-spss-1b5e11112af6bbe48bfb5c95c8b75ae90f3edb22.tar.gz moa-id-spss-1b5e11112af6bbe48bfb5c95c8b75ae90f3edb22.tar.bz2 moa-id-spss-1b5e11112af6bbe48bfb5c95c8b75ae90f3edb22.zip | |
Merge branch 'development_preview' into eIDAS_node_implementation
Diffstat (limited to 'id')
12 files changed, 164 insertions, 411 deletions
diff --git a/id/history.txt b/id/history.txt index 3c42241e6..cffdd6ae3 100644 --- a/id/history.txt +++ b/id/history.txt @@ -45,7 +45,8 @@ Version MOA-ID Release 3.2.2: Änderungen seit Version MOA-ID 3.2.1 - Bug-Fix - Problem with SSL certificate path-construction in case of worker threads
- Bug-Fix - Problems with configuration entries in some special cases
- Bug-Fix - Problem with RandomNumberGeneration in combination with IAIK_JCE and JAVA JDK >= 8u111
- - Bug-Fix - Problem with Statistic Logger if persist operation on database failes
+ - Bug-Fix - Problem with Statistic Logger if persist operation on database failes
+ - Bug-Fix - Problem with empty scope parameter in openID Connect request
------------------------------------------------------------------------------
Version MOA-ID Release 3.2.1: Änderungen seit Version MOA-ID 3.2.0
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html index 4ea9a4873..45c183215 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html @@ -33,7 +33,7 @@ <div> #if($RelayState) <input type="hidden" name="RelayState" value="${RelayState}"/> #end #if($SAMLRequest) <input type="hidden" name="SAMLRequest" value="${SAMLRequest}" /> #end - #if($SAMLResponse) <inputtype="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end + #if($SAMLResponse) <input type="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end </div> <noscript> <div> diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html index b3eb18082..4d9277152 100644 --- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html +++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html @@ -77,7 +77,7 @@ <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" - src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> + src="$contextPath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border: 0; width: 88px; height: 31px" src="http://jigsaw.w3.org/css-validator/images/vcss-blue" diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java index 353261085..5f74d8fdd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java @@ -29,6 +29,7 @@ import java.io.StringWriter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.ExceptionHandler; @@ -48,7 +49,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.data.ExceptionContainer; import at.gv.egovernment.moa.id.moduls.IRequestStorage; @@ -166,8 +166,9 @@ public abstract class AbstractController extends MOAIDAuthConstants { return; - } catch (MOADatabaseException e) { - Logger.warn("Exception can not be stored to Database.", e); + } catch (Exception e) { + Logger.warn("Default error-handling FAILED. Exception can not be stored to Database.", e); + Logger.info("Switch to generic generic backup error-handling ... "); handleErrorNoRedirect(loggedException, req, resp, true); } @@ -231,7 +232,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); String code = utils.mapInternalErrorToExternalError( ((InvalidProtocolRequestException)e).getMessageId()); - String descr = e.getMessage(); + String descr = StringEscapeUtils.escapeHtml(e.getMessage()); resp.setContentType(MediaType.HTML_UTF_8.toString()); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + "(Errorcode=" + code + @@ -248,7 +249,7 @@ public abstract class AbstractController extends MOAIDAuthConstants { null); //add errorcode and errormessage - config.putCustomParameter("errorMsg", msg); + config.putCustomParameter("errorMsg", StringEscapeUtils.escapeHtml(msg)); config.putCustomParameter("errorCode", errorCode); //add stacktrace if debug is enabled diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 73d6e978e..95e3c5bc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -22,13 +22,19 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; +import at.gv.egovernment.moa.id.data.Trible; + public interface PVPConstants { public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider"; - + public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256; @@ -54,8 +60,12 @@ public interface PVPConstants { public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID; public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION"; public static final String PVP_VERSION_2_1 = "2.1"; + + public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110"; public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS"; + public static final String SECCLASS_NAME = URN_OID_PREFIX + SECCLASS_OID; + public static final int SECCLASS_MAX_LENGTH = 128; public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20"; public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID; @@ -136,9 +146,13 @@ public interface PVPConstants { public static final String ROLES_FRIENDLY_NAME = "ROLES"; public static final int ROLES_MAX_LENGTH = 32767; - public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94"; - public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID; - public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL"; + @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94"; + @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID; + @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL"; + + public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108"; + public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID; + public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL"; public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32"; public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; @@ -283,4 +297,81 @@ public interface PVPConstants { public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx"; public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID; public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE"; + + + + public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category"; + public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken"; + public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken"; + + /** + * + * Get required PVP attributes for egovtoken + * First : PVP attribute name (OID) + * Second: FriendlyName + * Third: Required + * + */ + public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { + private static final long serialVersionUID = 1L; + { + //currently supported attributes + add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); + + //currently not supported attributes + add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false)); + add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false)); + add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false)); + add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false)); + add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false)); + add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false)); + + + } + }); + + /** + * + * Get required PVP attributes for citizenToken + * First : PVP attribute name (OID) + * Second: FriendlyName + * Third: Required + * + */ + public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { + private static final long serialVersionUID = 1L; + { + //required attributes - eIDAS minimal-data set + add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true)); + add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true)); + + + //not required attributes + add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false)); + add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false)); + add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false)); + add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false)); + + + + } + }); + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index 1d94e5da0..c94222ea0 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -396,10 +396,16 @@ public interface Constants { /* Prefix and Schema definition for eIDAS specific SAML2 extensions*/ - public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas"; + public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas"; public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions"; public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd"; + + /* Prefix and Schema for SAML2 Entity Attributes */ + public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr"; + public static final String SAML2_MDATTR_EXTENSIONS = "urn:oasis:names:tc:SAML:metadata:attribute"; + public static final String SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "sstc-metadata-attr.xsd"; + /** * Contains all namespaces and local schema locations for XML schema * definitions relevant for MOA. For use in validating XML parsers. @@ -433,8 +439,9 @@ public interface Constants { + (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ") + (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ") + (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ") - + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION) - + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION); + + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION + " ") + + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION + " ") + + (SAML2_MDATTR_EXTENSIONS + " " + SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION); /** URN prefix for bPK and wbPK. */ public static final String URN_PREFIX = "urn:publicid:gv.at"; diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java index da38e3bef..15bc92a54 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java @@ -27,6 +27,8 @@ import java.io.InputStream; import java.util.HashMap; import java.util.Map; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; @@ -100,7 +102,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU); if (pendingReq != null) { - params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID()); + params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID())); //add service-provider specific GUI parameters IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java index 2c2792b84..0c07ad3fb 100644 --- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java +++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java @@ -26,6 +26,8 @@ import java.io.InputStream; import java.util.HashMap; import java.util.Map; +import org.apache.commons.lang.StringEscapeUtils; + import at.gv.egovernment.moa.id.commons.api.IRequest; /** @@ -68,6 +70,13 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo } + /** + * Add a key/value pair into Velocity context.<br> + * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally + * + * @param key velocity context key + * @param value of this key + */ public void putCustomParameter(String key, Object value) { if (customParameters == null) customParameters = new HashMap<String, Object>(); @@ -82,7 +91,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo public Map<String, Object> getSpecificViewParameters() { Map<String, Object> params = new HashMap<String, Object>(); if (pendingReq != null) { - params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID()); + params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID())); } if (customParameters != null) diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 0a2371575..c9bc31f6c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -945,10 +945,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setAuthBlock(serializedAssertion); } catch (TransformerException e) { throw new ParseException("parser.04", new Object[]{ - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}, e); } catch (IOException e) { throw new ParseException("parser.04", new Object[]{ - REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}); + REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}, e); } // validates <CreateXMLSignatureResponse> if (pendingReq.needSingleSignOnFunctionality()) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index 490dc9dcf..a2ec47a45 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -189,8 +189,18 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider } } for (String el : nonValidMetadataProvider) { - loadedproviders.remove(el); - isUpdateRequired = true; + HTTPMetadataProvider provider = loadedproviders.get(el); + + //destroy metadata provider + if (provider != null) { + provider.destroy(); + loadedproviders.remove(el); + isUpdateRequired = true; + + } else { + Logger.error("Can not destroy eIDAS metadata for: " + el + " Reason: !!!!!NOT FOUND ANY MORE!!!!!!"); + + } } @@ -257,6 +267,8 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider } + Logger.debug("Find #" + loadedproviders.size() + " eIDAS metadata provider"); + return loadedproviders; } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html index 962faa58f..c2195d300 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html @@ -3,379 +3,9 @@ <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <!-- MOA-ID 2.x BKUSelection Layout CSS --> - <style type="text/css"> - @media screen and (min-width: 650px) { - - body { - margin:0; - padding:0; - color : #000; - background-color : #fff; - text-align: center; - background-color: #6B7B8B; - } - - #page { - display: block; - border: 2px solid rgb(0,0,0); - width: 650px; - height: 460px; - margin: 0 auto; - margin-top: 5%; - position: relative; - border-radius: 25px; - background: rgb(255,255,255); - } - - #page1 { - text-align: center; - } - - #main { - /* clear:both; */ - position:relative; - margin: 0 auto; - width: 250px; - text-align: center; - } - - .OA_header { - /* background-color: white;*/ - font-size: 20pt; - margin-bottom: 25px; - margin-top: 25px; - } - - #leftcontent { - /*float:left; */ - width:250px; - margin-bottom: 25px; - text-align: left; - /*border: 1px solid rgb(0,0,0);*/ - } - - #leftcontent { - width: 300px; - margin-top: 30px; - } - - h2#tabheader{ - font-size: 1.1em; - padding-left: 2%; - padding-right: 2%; - position: relative; - } - - .setAssertionButton_full { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 100px; - height: 30px - } - - #leftbutton { - width: 30%; - float:left; - margin-left: 40px; - } - - #rightbutton { - width: 30%; - float:right; - margin-right: 45px; - text-align: right; - } - - button { - height: 25px; - width: 75px; - margin-bottom: 10px; - } - - #validation { - position: absolute; - bottom: 0px; - margin-left: 270px; - padding-bottom: 10px; - } - - } - - @media screen and (max-width: 205px) { - #localBKU p { - font-size: 0.6em; - } - - #localBKU input { - font-size: 0.6em; - min-width: 60px; - /* max-width: 65px; */ - min-height: 1.0em; - /* border-radius: 5px; */ - } - - } - - @media screen and (max-width: 249px) and (min-width: 206px) { - #localBKU p { - font-size: 0.7em; - } - - #localBKU input { - font-size: 0.7em; - min-width: 70px; - /* max-width: 75px; */ - min-height: 0.95em; - /* border-radius: 6px; */ - } - - } - - @media screen and (max-width: 299px) and (min-width: 250px) { - #localBKU p { - font-size: 0.9em; - } - - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - } - - @media screen and (max-width: 399px) and (min-width: 300px) { - #localBKU p { - font-size: 0.9em; - } - - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 75px; */ - /* border-radius: 6px; */ - } - - } - - @media screen and (max-width: 649px) and (min-width: 400px) { - #localBKU p { - font-size: 0.9em; - } - - #localBKU input { - font-size: 0.8em; - min-width: 70px; - /* max-width: 80px; */ - /* border-radius: 6px; */ - } - - } - - - - @media screen and (max-width: 649px) { - - body { - margin:0; - padding:0; - color : #000; - text-align: center; - font-size: 100%; - background-color: #MAIN_BACKGOUNDCOLOR#; - } - - #page { - visibility: hidden; - margin-top: 0%; - } - - #page1 { - visibility: hidden; - } - - #main { - visibility: hidden; - } - - #validation { - visibility: hidden; - display: none; - } - - .OA_header { - margin-bottom: 0px; - margin-top: 0px; - font-size: 0pt; - visibility: hidden; - } - - #leftcontent { - visibility: visible; - margin-bottom: 0px; - text-align: left; - border:none; - vertical-align: middle; - min-height: 173px; - min-width: 204px; - - } - - input[type=button] { -/* height: 11%; */ - width: 70%; - } - } - - * { - margin: 0; - padding: 0; - font-family: #FONTTYPE#; - } - - #selectArea { - padding-top: 10px; - padding-bottom: 55px; - padding-left: 10px; - } - - .setAssertionButton { - background: #efefef; - cursor: pointer; - margin-top: 15px; - width: 70px; - height: 25px; - } - - #leftbutton { - width: 35%; - float:left; - margin-left: 15px; - } - - #rightbutton { - width: 35%; - float:right; - margin-right: 25px; - text-align: right; - } - -/* input[type=button], .sendButton { - background: #BUTTON_BACKGROUNDCOLOR#; - color: #BUTTON_COLOR#; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: 3px 3px 3px #222222; */ -/* } - -/* button:hover, button:focus, button:active, - .sendButton:hover , .sendButton:focus, .sendButton:active, - #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { - background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; - color: #BUTTON_COLOR#; -/* border:1px solid #000; */ -/* cursor: pointer; -/* box-shadow: -1px -1px 3px #222222; */ -/* } - -*/ - input { - /*border:1px solid #000;*/ - cursor: pointer; - } - - #localBKU input { -/* color: #BUTTON_COLOR#; */ - border: 0px; - display: inline-block; - - } - - #localBKU input:hover, #localBKU input:focus, #localBKU input:active { - text-decoration: underline; - } - - #installJava, #BrowserNOK { - clear:both; - font-size:0.8em; - padding:4px; - } - - .selectText{ - - } - - .selectTextHeader{ - - } - - .sendButton { - width: 30%; - margin-bottom: 1%; - } - - #leftcontent a { - text-decoration:none; - color: #000; - /* display:block;*/ - padding:4px; - } - - #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { - text-decoration:underline; - color: #000; - } - - .infobutton { - background-color: #005a00; - color: white; - font-family: serif; - text-decoration: none; - padding-top: 2px; - padding-right: 4px; - padding-bottom: 2px; - padding-left: 4px; - font-weight: bold; - } - - .hell { - background-color : #MAIN_BACKGOUNDCOLOR#; - color: #MAIN_COLOR#; - } - - .dunkel { - background-color: #HEADER_BACKGROUNDCOLOR#; - color: #HEADER_COLOR#; - } - - .main_header { - color: black; - font-size: 32pt; - position: absolute; - right: 10%; - top: 40px; - - } - - #alert { - margin: 100px 250px; - font-family: Verdana, Arial, Helvetica, sans-serif; - font-size: 14px; - font-weight: normal; - color: red; - } - - .reqframe { - /*display: none;*/ - visibility: hidden; - - } - - </style> + <link rel="stylesheet" href="$contextPath/css/buildCSS" /> - #if($timeoutURL) + #if($timeoutURL) <script type="text/javascript"> function sloTimeOut() { window.location.href="$timeoutURL"; @@ -385,30 +15,31 @@ </script> #end - <title>Single Sign-On Session Transfer</title> </head> + #if($timeoutURL) <body onload='setTimeout(sloTimeOut, $timeout);'> #else <body> #end + +<!--body--> <noscript> <p> <strong>Note:</strong> Since your browser does not support - JavaScript, you must press the Continue button to resume - the authentication process after the SSO session transfer from smartphone to application is complete. + JavaScript, you must press the Continue button once to proceed. </p> - - <a href="$timeoutURL">Press this link to resume</a> + + <a href="$timeoutURL">Press this link to resume</a> </noscript> <div id="page"> <div id="page1" class="case selected-case" role="main"> <h2 class="OA_header" role="heading">MOA-ID Single Sign-On Session Transfer Service</h2> <div id="main"> - <div id="leftcontent" class="hell" role="application"> + <!--div id="leftcontent" class="hell" role="application"--> #if($errorMsg) <div class="alert"> @@ -421,26 +52,26 @@ <p>$successMsg</p> </div> #end - - #if($QRImage) + + #if($QRImage) <div> - <img src="data:image/gif;base64,$QRImage"> + <img id="qrCode" src="data:image/gif;base64,$QRImage"> </div> #end - - </div> + + <!--/div--> </div> </div> - <div id="validation"> + <!--div id="validation"> <a href="http://validator.w3.org/check?uri="> <img style="border: 0; width: 88px; height: 31px" - src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> + src="$contextPath/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> </a> <a href="http://jigsaw.w3.org/css-validator/"> <img style="border: 0; width: 88px; height: 31px" src="http://jigsaw.w3.org/css-validator/images/vcss-blue" alt="CSS ist valide!" /> </a> - </div> + </div--> </div> </body> diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java index b232b9512..fdc1c9cc1 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java @@ -30,6 +30,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.commons.lang.StringEscapeUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -58,11 +59,9 @@ public class MonitoringController { throws ServletException, IOException{ if (authConfig.isMonitoringActive()) { - Logger.debug("Monitoring Servlet received request"); - - + Logger.debug("Monitoring Servlet received request"); + String modulename = StringEscapeUtils.escapeHtml(req.getParameter(REQUEST_ATTR_MODULE)); - String modulename = req.getParameter(REQUEST_ATTR_MODULE); if (MiscUtil.isEmpty(modulename)) { List<String> error = tests.executeTests(); |