aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
authorThomas Lenz <tlenz@iaik.tugraz.at>2021-12-20 15:54:56 +0100
committerThomas Lenz <tlenz@iaik.tugraz.at>2021-12-20 15:54:56 +0100
commit506ab3232b2c237a1d83c9e970dccdb9445d5d81 (patch)
tree3c94a1a8b4849bdcdbe56d12d0dd7b2e964b234f /id
parentfc0385dbeee71f1ce18783ef1c7a4d06288fdb0d (diff)
parent600369d4ffa753716a9572824de7a96a04cb05a7 (diff)
downloadmoa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.gz
moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.tar.bz2
moa-id-spss-506ab3232b2c237a1d83c9e970dccdb9445d5d81.zip
Merge branch 'master' of gitlab.iaik.tugraz.at:egiz/moa-idspssHEADmaster
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/pom.xml45
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java313
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java531
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java203
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java433
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java443
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java1292
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java1564
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java2183
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java274
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java187
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java42
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java630
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java92
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java55
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java1572
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java633
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java275
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java362
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java267
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java439
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java237
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java383
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java184
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java623
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java851
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java202
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java40
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java50
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java131
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java106
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java435
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java62
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java175
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java1187
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java1548
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java981
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java36
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java929
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java1643
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java822
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java307
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java41
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java66
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java125
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java1130
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java63
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java84
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java97
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java110
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java92
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java284
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java312
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java857
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java130
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java187
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java419
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java89
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java33
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java362
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java28
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java44
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java85
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java254
-rw-r--r--id/ConfigWebTool/src/main/resources/logback.xml40
-rw-r--r--id/assembly-auth-edu.xml191
-rw-r--r--id/assembly-auth-final.xml191
-rw-r--r--id/assembly-proxy.xml120
-rw-r--r--id/history.txt33
-rw-r--r--id/moa-id-webgui/pom.xml175
-rw-r--r--id/moa-spss-container/pom.xml61
-rw-r--r--id/oa/pom.xml24
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java6
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java529
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java509
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java538
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java467
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java296
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java12
-rw-r--r--id/oa/src/main/resources/logback.xml30
-rw-r--r--id/pom.xml2
-rw-r--r--id/readme_4.1.6-RC1.txt573
-rw-r--r--id/readme_4.1.6.txt574
-rw-r--r--id/readme_4.1.7.txt574
-rw-r--r--id/readme_4.2.0.txt594
-rw-r--r--id/server/auth-edu/pom.xml19
-rw-r--r--id/server/auth-edu/src/main/resources/logback.xml79
-rw-r--r--id/server/auth-final/pom.xml11
-rw-r--r--id/server/auth-final/src/main/resources/logback.xml (renamed from id/server/data/deploy/conf/moa-id/logback_config.xml)51
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/logback.xml40
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/logback_config.xml71
-rw-r--r--id/server/data/deploy/conf/moa-id-oa/logback.xml30
-rw-r--r--id/server/data/deploy/conf/moa-id/log4j.properties62
-rw-r--r--id/server/data/deploy/conf/moa-id/logback.xml79
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties10
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt (renamed from id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt)0
-rw-r--r--id/server/data/deploy/tomcat/unix/tomcat-start.sh3
-rw-r--r--id/server/data/deploy/tomcat/win32/startTomcat.bat3
-rw-r--r--id/server/doc/handbook/install/install.html144
-rw-r--r--id/server/idserverlib/pom.xml30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java7
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java34
-rw-r--r--id/server/moa-id-commons/pom.xml20
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java8
-rw-r--r--id/server/moa-id-frontend-resources/pom.xml2
-rw-r--r--id/server/moa-id-jaxb_classes/pom.xml2
-rw-r--r--id/server/moa-id-spring-initializer/pom.xml2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/pom.xml2
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml2
-rw-r--r--id/server/modules/moa-id-module-E-ID_connector/pom.xml10
-rw-r--r--id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml6
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/pom.xml42
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java58
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java152
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java62
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java182
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java140
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml16
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml23
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java67
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java117
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java55
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java48
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java92
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java136
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties6
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties5
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json6
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json6
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json6
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json7
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json8
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json5
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt6
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml20
-rw-r--r--id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml27
-rw-r--r--id/server/modules/moa-id-module-eIDAS/pom.xml6
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/pom.xml145
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java61
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java147
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java71
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java51
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java28
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java28
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java54
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java22
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java57
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java19
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java321
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java20
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java109
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml32
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder5
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml23
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties7
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties9
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl220
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java39
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java101
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java56
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java97
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java106
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java107
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java47
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java64
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java86
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java48
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java46
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java159
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java136
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java150
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java171
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java1086
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java41
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java65
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java55
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java195
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties11
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties4
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties12
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml19
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml19
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml24
-rw-r--r--id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml15
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/pom.xml2
-rw-r--r--id/server/modules/moa-id-module-openID/pom.xml7
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/pom.xml17
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java664
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/pom.xml6
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/pom.xml2
-rw-r--r--id/server/modules/moa-id-modules-saml1/pom.xml2
-rw-r--r--id/server/modules/module-monitoring/pom.xml2
-rw-r--r--id/server/modules/pom.xml7
-rw-r--r--id/server/pom.xml2
-rw-r--r--id/server/proxy/.gitignore2
-rw-r--r--id/server/proxy/pom.xml152
-rw-r--r--id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF2
-rw-r--r--id/server/proxy/src/main/webapp/WEB-INF/web.xml82
-rw-r--r--id/server/proxy/src/main/webapp/errorpage-proxy.jsp50
-rw-r--r--id/server/proxy/src/main/webapp/message-proxy.jsp20
210 files changed, 24343 insertions, 16426 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 4a8ba973a..04a97270d 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -64,17 +64,42 @@
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_module_pvp2_core</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf-core</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-1.2-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-to-slf4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </dependency>
+
<dependency>
<groupId>MOA.id</groupId>
<artifactId>moa-id-webgui</artifactId>
@@ -110,7 +135,6 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-collections4</artifactId>
- <version>${org.apache.commons.collections4.version}</version>
</dependency>
@@ -206,6 +230,10 @@
<artifactId>javassist</artifactId>
<groupId>javassist</groupId>
</exclusion>
+ <exclusion>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-api</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -227,7 +255,10 @@
</dependency>
</dependencies>
- <build>
+ <packaging>war</packaging>
+ <build>
+ <finalName>moa-id-configuration</finalName>
+
<plugins>
<!-- <plugin>
@@ -253,8 +284,8 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
</configuration>
</plugin>
@@ -272,7 +303,5 @@
</plugin>
</plugins>
- </build>
-
- <packaging>war</packaging>
+ </build>
</project>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java
index 84fbec0e8..c6946e509 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/Authenticate.java
@@ -36,7 +36,6 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.joda.time.DateTime;
-import org.opensaml.Configuration;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnContextClassRef;
@@ -67,163 +66,167 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
import at.gv.egovernment.moa.util.MiscUtil;
-
/**
* Servlet implementation class Authenticate
*/
public class Authenticate extends HttpServlet {
- private static final long serialVersionUID = 1L;
-
- private static final Logger log = LoggerFactory
- .getLogger(Authenticate.class);
-
- private static DocumentBuilderFactory factory = null;
-
- static {
- initialDocumentBuilderFactory();
- }
-
- synchronized private static void initialDocumentBuilderFactory() {
- factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
-
- }
-
- public Document asDOMDocument(XMLObject object) throws IOException,
- MarshallingException, TransformerException, ParserConfigurationException {
- try {
- DocumentBuilder builder = null;
- synchronized (factory) {
- builder = factory.newDocumentBuilder();
-
- }
-
- Document document = builder.newDocument();
- Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
- object);
- out.marshall(object, document);
- return document;
-
- } catch (ParserConfigurationException e) {
- log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
- throw e;
- }
-
- }
-
- protected void process(HttpServletRequest request,
- HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException {
- try {
-
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- config.initializePVP2Login();
-
- AuthnRequest authReq = SAML2Utils
- .createSAMLObject(AuthnRequest.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- authReq.setID(gen.generateIdentifier());
-
- HttpSession session = request.getSession();
- if (session != null) {
- session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID());
- }
-
- authReq.setAssertionConsumerServiceIndex(0);
- authReq.setAttributeConsumingServiceIndex(0);
- authReq.setIssueInstant(new DateTime());
- Subject subject = SAML2Utils.createSAMLObject(Subject.class);
- NameID name = SAML2Utils.createSAMLObject(NameID.class);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
- name.setValue(serviceURL);
- issuer.setValue(serviceURL);
-
- subject.setNameID(name);
- authReq.setSubject(subject);
- issuer.setFormat(NameIDType.ENTITY);
- authReq.setIssuer(issuer);
- NameIDPolicy policy = SAML2Utils
- .createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(true);
- policy.setFormat(NameID.PERSISTENT);
- authReq.setNameIDPolicy(policy);
-
- String entityname = config.getPVP2IDPMetadataEntityName();
- if (MiscUtil.isEmpty(entityname)) {
- log.info("No IDP EntityName configurated");
- throw new ConfigurationException("No IDP EntityName configurated");
- }
-
- HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
- EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
- if (idpEntity == null) {
- log.info("IDP EntityName is not found in IDP Metadata");
- throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
- }
-
- SingleSignOnService redirectEndpoint = null;
- for (SingleSignOnService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-
- //Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
- redirectEndpoint = sss;
- }
- }
-
- authReq.setDestination(redirectEndpoint.getLocation());
-
- RequestedAuthnContext reqAuthContext =
- SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
-
- AuthnContextClassRef authnClassRef =
- SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
-
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
-
- authReq.setRequestedAuthnContext(reqAuthContext);
-
- //sign Message
- X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq, config);
-
- //encode message
- PVP2Utils.postBindingEncoder(request,
- response,
- authReq,
- authcredential,
- redirectEndpoint.getLocation(),
- null);
-
- } catch (Exception e) {
- log.warn("Authentication Request can not be generated", e);
- throw new ServletException("Authentication Request can not be generated.", e);
- }
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
- process(request, response, null);
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- process(request, response, null);
- }
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = LoggerFactory
+ .getLogger(Authenticate.class);
+
+ private static DocumentBuilderFactory factory = null;
+
+ static {
+ initialDocumentBuilderFactory();
+ }
+
+ synchronized private static void initialDocumentBuilderFactory() {
+ factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+
+ }
+
+ public Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException, ParserConfigurationException {
+ try {
+ DocumentBuilder builder = null;
+ synchronized (factory) {
+ builder = factory.newDocumentBuilder();
+
+ }
+
+ final Document document = builder.newDocument();
+ final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+
+ } catch (final ParserConfigurationException e) {
+ log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
+ throw e;
+ }
+
+ }
+
+ protected void process(HttpServletRequest request,
+ HttpServletResponse response, Map<String, String> legacyParameter) throws ServletException,
+ IOException {
+ try {
+
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ config.initializePVP2Login();
+
+ final AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
+
+ final HttpSession session = request.getSession();
+ if (session != null) {
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, authReq.getID());
+ }
+
+ authReq.setAssertionConsumerServiceIndex(0);
+ authReq.setAttributeConsumingServiceIndex(0);
+ authReq.setIssueInstant(new DateTime());
+ final Subject subject = SAML2Utils.createSAMLObject(Subject.class);
+ final NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+
+ subject.setNameID(name);
+ authReq.setSubject(subject);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+ final NameIDPolicy policy = SAML2Utils
+ .createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameIDType.PERSISTENT);
+ authReq.setNameIDPolicy(policy);
+
+ final String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+ }
+
+ SingleSignOnService redirectEndpoint = null;
+ for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)
+ .getSingleSignOnServices()) {
+
+ // Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ redirectEndpoint = sss;
+ }
+ }
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ final RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+
+ final AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+
+ authReq.setRequestedAuthnContext(reqAuthContext);
+
+ // sign Message
+ final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) authReq,
+ config);
+
+ // encode message
+ PVP2Utils.postBindingEncoder(request,
+ response,
+ authReq,
+ authcredential,
+ redirectEndpoint.getLocation(),
+ null);
+
+ } catch (final Exception e) {
+ log.warn("Authentication Request can not be generated", e);
+ throw new ServletException("Authentication Request can not be generated.", e);
+ }
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response, null);
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response, null);
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java
index 7256d8688..ca03054aa 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/BuildMetadata.java
@@ -44,9 +44,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
-import org.opensaml.Configuration;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.NameIDType;
@@ -81,275 +79,274 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.AttributeListBuilder;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.utils.SAML2Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
/**
* Servlet implementation class BuildMetadata
*/
+@Slf4j
public class BuildMetadata extends HttpServlet {
- private static final long serialVersionUID = 1L;
-
- private static final Logger log = Logger.getLogger(BuildMetadata.class);
-
- private static final int VALIDUNTIL_IN_HOURS = 24;
-
- /**
- * @see HttpServlet#HttpServlet()
- */
- public BuildMetadata() {
- super();
- }
-
- protected static Signature getSignature(Credential credentials) {
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- try {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
-
- //config.initializePVP2Login();
-
- SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator();
-
- EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
- createSAMLObject(EntitiesDescriptor.class);
-
- DateTime date = new DateTime();
- spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
-
- String name = config.getPVP2MetadataEntitiesName();
- if (MiscUtil.isEmpty(name)) {
- log.info("NO Metadata EntitiesName configurated");
- throw new ConfigurationException("NO Metadata EntitiesName configurated");
- }
-
- spEntitiesDescriptor.setName(name);
- spEntitiesDescriptor.setID(idGen.generateIdentifier());
-
- EntityDescriptor spEntityDescriptor = SAML2Utils
- .createSAMLObject(EntityDescriptor.class);
-
- spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
-
- spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
-
- log.debug("Set OnlineApplicationURL to " + serviceURL);
- spEntityDescriptor.setEntityID(serviceURL);
-
- SPSSODescriptor spSSODescriptor = SAML2Utils
- .createSAMLObject(SPSSODescriptor.class);
-
- spSSODescriptor.setAuthnRequestsSigned(true);
- spSSODescriptor.setWantAssertionsSigned(true);
-
- X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
- keyInfoFactory.setEmitEntityCertificate(true);
- KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-
- KeyStore keyStore = config.getPVP2KeyStore();
-
- X509Credential signingcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreMetadataKeyAlias(),
- config.getPVP2KeystoreMetadataKeyPassword().toCharArray());
-
-
- log.debug("Set Metadata key information");
- //Set MetaData Signing key
- KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- entitiesSignKeyDescriptor.setUse(UsageType.SIGNING);
- entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential));
- Signature entitiesSignature = getSignature(signingcredential);
- spEntitiesDescriptor.setSignature(entitiesSignature);
-
- //Set AuthRequest Signing certificate
- X509Credential authcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestKeyAlias(),
- config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
- spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
-
- //set AuthRequest encryption certificate
- if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) {
- X509Credential authEncCredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
- config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
- KeyDescriptor encryKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
- encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
- spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-
- } else {
- log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-
- }
-
-
- NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
-
- spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
-
- NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
-
- spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
-
- NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
-
- spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
-
- AssertionConsumerService postassertionConsumerService =
- SAML2Utils.createSAMLObject(AssertionConsumerService.class);
-
- postassertionConsumerService.setIndex(0);
- postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
-
- spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-
-
- //add SLO services
- SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT);
- spSSODescriptor.getSingleLogoutServices().add(postBindingService);
-
- SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT);
- spSSODescriptor.getSingleLogoutServices().add(redirectBindingService);
-
- SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
- soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK);
- spSSODescriptor.getSingleLogoutServices().add(soapBindingService);
-
- spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
- spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
-
- spSSODescriptor.setWantAssertionsSigned(true);
- spSSODescriptor.setAuthnRequestsSigned(true);
-
- AttributeConsumingService attributeService =
- SAML2Utils.createSAMLObject(AttributeConsumingService.class);
-
- attributeService.setIndex(0);
- attributeService.setIsDefault(true);
- ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
- serviceName.setName(new LocalizedString("Default Service", "de"));
- attributeService.getNames().add(serviceName);
-
- attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes());
-
- spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-
- DocumentBuilder builder;
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-
- builder = factory.newDocumentBuilder();
- Document document = builder.newDocument();
- Marshaller out = Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor);
- out.marshall(spEntitiesDescriptor, document);
-
- Signer.signObject(entitiesSignature);
-
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
-
- StringWriter sw = new StringWriter();
- StreamResult sr = new StreamResult(sw);
- DOMSource source = new DOMSource(document);
- transformer.transform(source, sr);
- sw.close();
-
- byte[] metadataXML = sw.toString().getBytes("UTF-8");
-
- response.setContentType("text/xml");
- response.setContentLength(metadataXML.length);
- response.getOutputStream().write(metadataXML);
-
-
- } catch (ConfigurationException e) {
- log.warn("Configuration can not be loaded.", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (NoSuchAlgorithmException e) {
- log.warn("Requested Algorithm could not found.", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (KeyStoreException e) {
- log.warn("Requested KeyStoreType is not implemented.", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (CertificateException e) {
- log.warn("KeyStore can not be opend or userd.", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (SecurityException e) {
- log.warn("KeyStore can not be opend or used", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (ParserConfigurationException e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (MarshallingException e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (SignatureException e) {
- log.warn("PVP2 Metadata can not be signed", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (TransformerConfigurationException e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (TransformerFactoryConfigurationError e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (TransformerException e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
- }
-
- catch (Exception e) {
- log.warn("Unspecific PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
- }
-
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- }
+ private static final long serialVersionUID = 1L;
+
+ private static final int VALIDUNTIL_IN_HOURS = 24;
+
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public BuildMetadata() {
+ super();
+ }
+
+ protected static Signature getSignature(Credential credentials) {
+ final Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ // config.initializePVP2Login();
+
+ final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator();
+
+ final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
+
+ final DateTime date = new DateTime();
+ spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
+
+ final String name = config.getPVP2MetadataEntitiesName();
+ if (MiscUtil.isEmpty(name)) {
+ log.info("NO Metadata EntitiesName configurated");
+ throw new ConfigurationException("NO Metadata EntitiesName configurated");
+ }
+
+ spEntitiesDescriptor.setName(name);
+ spEntitiesDescriptor.setID(idGen.generateIdentifier());
+
+ final EntityDescriptor spEntityDescriptor = SAML2Utils
+ .createSAMLObject(EntityDescriptor.class);
+
+ spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
+
+ spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+
+ log.debug("Set OnlineApplicationURL to " + serviceURL);
+ spEntityDescriptor.setEntityID(serviceURL);
+
+ final SPSSODescriptor spSSODescriptor = SAML2Utils
+ .createSAMLObject(SPSSODescriptor.class);
+
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setWantAssertionsSigned(true);
+
+ final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitEntityCertificate(true);
+ final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ final KeyStore keyStore = config.getPVP2KeyStore();
+
+ final X509Credential signingcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreMetadataKeyAlias(),
+ config.getPVP2KeystoreMetadataKeyPassword().toCharArray());
+
+ log.debug("Set Metadata key information");
+ // Set MetaData Signing key
+ final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ entitiesSignKeyDescriptor.setUse(UsageType.SIGNING);
+ entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential));
+ final Signature entitiesSignature = getSignature(signingcredential);
+ spEntitiesDescriptor.setSignature(entitiesSignature);
+
+ // Set AuthRequest Signing certificate
+ final X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+ final KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+ spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ // set AuthRequest encryption certificate
+ if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias())) {
+ final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
+ config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
+ final KeyDescriptor encryKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
+ encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
+ spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
+
+ } else {
+ log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+
+ }
+
+ final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
+
+ final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
+
+ final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
+
+ final AssertionConsumerService postassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
+
+ spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ // add SLO services
+ final SingleLogoutService postBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
+ postBindingService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT);
+ spSSODescriptor.getSingleLogoutServices().add(postBindingService);
+
+ final SingleLogoutService redirectBindingService = SAML2Utils.createSAMLObject(
+ SingleLogoutService.class);
+ redirectBindingService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ redirectBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_FRONT);
+ spSSODescriptor.getSingleLogoutServices().add(redirectBindingService);
+
+ final SingleLogoutService soapBindingService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
+ soapBindingService.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI);
+ soapBindingService.setLocation(serviceURL + Constants.SERVLET_SLO_BACK);
+ spSSODescriptor.getSingleLogoutServices().add(soapBindingService);
+
+ spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
+
+ spSSODescriptor.setWantAssertionsSigned(true);
+ spSSODescriptor.setAuthnRequestsSigned(true);
+
+ final AttributeConsumingService attributeService =
+ SAML2Utils.createSAMLObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "de"));
+ attributeService.getNames().add(serviceName);
+
+ attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes());
+
+ spSSODescriptor.getAttributeConsumingServices().add(attributeService);
+
+ DocumentBuilder builder;
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+
+ builder = factory.newDocumentBuilder();
+ final Document document = builder.newDocument();
+ final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(
+ spEntitiesDescriptor);
+ out.marshall(spEntitiesDescriptor, document);
+
+ Signer.signObject(entitiesSignature);
+
+ final Transformer transformer = TransformerFactory.newInstance().newTransformer();
+
+ final StringWriter sw = new StringWriter();
+ final StreamResult sr = new StreamResult(sw);
+ final DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ final byte[] metadataXML = sw.toString().getBytes("UTF-8");
+
+ response.setContentType("text/xml");
+ response.setContentLength(metadataXML.length);
+ response.getOutputStream().write(metadataXML);
+
+ } catch (final ConfigurationException e) {
+ log.warn("Configuration can not be loaded.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.warn("Requested Algorithm could not found.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final KeyStoreException e) {
+ log.warn("Requested KeyStoreType is not implemented.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final CertificateException e) {
+ log.warn("KeyStore can not be opend or userd.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final SecurityException e) {
+ log.warn("KeyStore can not be opend or used", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final ParserConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final MarshallingException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final SignatureException e) {
+ log.warn("PVP2 Metadata can not be signed", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final TransformerConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final TransformerFactoryConfigurationError e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final TransformerException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ catch (final Exception e) {
+ log.warn("Unspecific PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
index f2c95f391..01bf39696 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBackChannelServlet.java
@@ -64,111 +64,116 @@ import at.gv.egovernment.moa.id.configuration.auth.pvp2.PVP2Utils;
*/
public class SLOBackChannelServlet extends SLOBasicServlet {
- private static final long serialVersionUID = 1481623547633064922L;
- private static final Logger log = LoggerFactory
- .getLogger(SLOBackChannelServlet.class);
-
- /**
- * @throws ConfigurationException
- */
- public SLOBackChannelServlet() throws ConfigurationException {
- super();
- }
-
-
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
- try {
- HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
-
- BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext();
-
-// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ private static final long serialVersionUID = 1481623547633064922L;
+ private static final Logger log = LoggerFactory
+ .getLogger(SLOBackChannelServlet.class);
+
+ /**
+ * @throws ConfigurationException
+ */
+ public SLOBackChannelServlet() throws ConfigurationException {
+ super();
+ }
+
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ try {
+ final HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool());
+
+ final BasicSOAPMessageContext messageContext = new BasicSOAPMessageContext();
+
+// BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
// new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
-
- messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
- //messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
-
- //set trustPolicy
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+
+ // messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
+
+ // set trustPolicy
// BasicSecurityPolicy policy = new BasicSecurityPolicy();
// policy.getPolicyRules().add(
// new PVPSOAPRequestSecurityPolicy(
// PVP2Utils.getTrustEngine(getConfig()),
-// IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
+// IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
// SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
-// policy);
+// policy);
// messageContext.setSecurityPolicyResolver(resolver);
-
- soapDecoder.decode(messageContext);
-
- Envelope inboundMessage = (Envelope) messageContext
- .getInboundMessage();
-
- LogoutResponse sloResp = null;
-
- if (inboundMessage.getBody() != null) {
- List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
-
- if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) {
- LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0);
-
- //validate request signature
- PVP2Utils.validateSignature(sloReq, getConfig());
-
- sloResp = processLogOutRequest(sloReq, request);
-
- KeyStore keyStore = getConfig().getPVP2KeyStore();
- X509Credential authcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- getConfig().getPVP2KeystoreAuthRequestKeyAlias(),
- getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
-
- HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- response, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- context.setOutboundSAMLMessageSigningCredential(authcredential);
- context.setOutboundSAMLMessage(sloResp);
- context.setOutboundMessageTransport(responseAdapter);
-
- encoder.encode(context);
-
- } else {
- log.warn("Received request ist not of type LogOutRequest");
- response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- return;
-
- }
- }
-
- } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException | ValidationException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
-
- } catch (CertificateException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
-
- } catch (KeyStoreException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
-
- } catch (MessageEncodingException e) {
- log.error("SLO message processing FAILED." , e);
- response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e.getMessage()));
-
- }
-
-
-
- }
-
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- response.setStatus(HttpServletResponse.SC_NOT_FOUND);
-
- }
-
+
+ soapDecoder.decode(messageContext);
+
+ final Envelope inboundMessage = (Envelope) messageContext
+ .getInboundMessage();
+
+ LogoutResponse sloResp = null;
+
+ if (inboundMessage.getBody() != null) {
+ final List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects();
+
+ if (!xmlElemList.isEmpty() && xmlElemList.get(0) instanceof LogoutRequest) {
+ final LogoutRequest sloReq = (LogoutRequest) xmlElemList.get(0);
+
+ // validate request signature
+ PVP2Utils.validateSignature(sloReq, getConfig());
+
+ sloResp = processLogOutRequest(sloReq, request);
+
+ final KeyStore keyStore = getConfig().getPVP2KeyStore();
+ final X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ getConfig().getPVP2KeystoreAuthRequestKeyAlias(),
+ getConfig().getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+ final HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ response, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ context.setOutboundSAMLMessageSigningCredential(authcredential);
+ context.setOutboundSAMLMessage(sloResp);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+
+ } else {
+ log.warn("Received request ist not of type LogOutRequest");
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ return;
+
+ }
+ }
+
+ } catch (MessageDecodingException | SecurityException | NoSuchAlgorithmException | ConfigurationException
+ | ValidationException e) {
+ log.error("SLO message processing FAILED.", e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e
+ .getMessage()));
+
+ } catch (final CertificateException e) {
+ log.error("SLO message processing FAILED.", e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e
+ .getMessage()));
+
+ } catch (final KeyStoreException e) {
+ log.error("SLO message processing FAILED.", e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e
+ .getMessage()));
+
+ } catch (final MessageEncodingException e) {
+ log.error("SLO message processing FAILED.", e);
+ response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, StringEscapeUtils.escapeHtml(e
+ .getMessage()));
+
+ }
+
+ }
+
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ response.setStatus(HttpServletResponse.SC_NOT_FOUND);
+
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
index c70d34d7e..a880e800b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
@@ -62,217 +62,226 @@ import at.gv.egovernment.moa.util.MiscUtil;
*
*/
public class SLOBasicServlet extends HttpServlet {
- private static final long serialVersionUID = -4547240664871845098L;
- private static final Logger log = LoggerFactory
- .getLogger(SLOBasicServlet.class);
-
- private ConfigurationProvider config;
-
- public SLOBasicServlet() throws ConfigurationException {
- config = ConfigurationProvider.getInstance();
- config.initializePVP2Login();
- }
-
- protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request) throws SLOException {
- try {
- LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- sloReq.setID(gen.generateIdentifier());
- sloReq.setIssueInstant(new DateTime());
- NameID name = SAML2Utils.createSAMLObject(NameID.class);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
- name.setValue(serviceURL);
- issuer.setValue(serviceURL);
- issuer.setFormat(NameIDType.ENTITY);
- sloReq.setIssuer(issuer);
-
- NameID userNameID = SAML2Utils.createSAMLObject(NameID.class);
- sloReq.setNameID(userNameID);
- userNameID.setFormat(nameIDFormat);
- userNameID.setValue(nameID);
-
- return sloReq;
-
- } catch (NoSuchAlgorithmException e) {
- log.warn("Single LogOut request createn FAILED. ", e);
- throw new SLOException();
-
- }
-
- }
-
- protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request) throws NoSuchAlgorithmException {
- //check response destination
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
-
- String responseDestination = sloReq.getDestination();
- if (MiscUtil.isEmpty(responseDestination) ||
- !responseDestination.startsWith(serviceURL)) {
- log.warn("PVPResponse destination does not match requested destination");
- return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request);
- }
-
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- if (authManager.isActiveUser(sloReq.getNameID().getValue())) {
- AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue());
- log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:"
- + authUser.getNameID() + " get logged out by Single LogOut request.");
- authManager.removeActiveUser(authUser);
- HttpSession session = request.getSession(false);
- if (session != null)
- session.invalidate();
- return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request);
-
- } else {
- log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue() + " is not found.");
- return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request);
-
- }
-
- }
-
- protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI, HttpServletRequest request) throws NoSuchAlgorithmException {
- LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- sloResp.setID(gen.generateIdentifier());
- sloResp.setInResponseTo(sloReq.getID());
- sloResp.setIssueInstant(new DateTime());
- NameID name = SAML2Utils.createSAMLObject(NameID.class);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
- name.setValue(serviceURL);
- issuer.setValue(serviceURL);
- issuer.setFormat(NameIDType.ENTITY);
- sloResp.setIssuer(issuer);
-
- Status status = SAML2Utils.createSAMLObject(Status.class);
- sloResp.setStatus(status);
- StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
- statusCode.setValue(statusCodeURI);
- status.setStatusCode(statusCode );
-
- return sloResp;
- }
-
- protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request, HttpServletResponse response) throws PVP2Exception {
- //ckeck InResponseTo matchs requestID
- if (MiscUtil.isEmpty(reqID)) {
- log.info("NO Sigle LogOut request ID");
- throw new PVP2Exception("NO Sigle LogOut request ID");
- }
-
- if (!reqID.equals(sloResp.getInResponseTo())) {
- log.warn("SLORequestID does not match SLO Response ID!");
- throw new PVP2Exception("SLORequestID does not match SLO Response ID!");
-
- }
-
- //check response destination
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
-
- String responseDestination = sloResp.getDestination();
- if (MiscUtil.isEmpty(responseDestination) ||
- !responseDestination.startsWith(serviceURL)) {
- log.warn("PVPResponse destination does not match requested destination");
- throw new PVP2Exception("SLO response destination does not match requested destination");
- }
-
- request.getSession().invalidate();
-
- if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) {
- log.warn("Single LogOut process is not completed.");
- request.getSession().setAttribute(Constants.SESSION_SLOERROR,
- LanguageHelper.getErrorString("webpages.slo.error", request));
-
-
- } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
-
- if (sloResp.getStatus().getStatusCode().getStatusCode() != null &&
- !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) {
- log.info("Single LogOut process complete.");
- request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS,
- LanguageHelper.getErrorString("webpages.slo.success", request));
-
- } else {
- log.warn("Single LogOut process is not completed.");
- request.getSession().setAttribute(Constants.SESSION_SLOERROR,
- LanguageHelper.getErrorString("webpages.slo.error", request));
-
- }
-
- } else {
- log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue());
- request.getSession().setAttribute(Constants.SESSION_SLOERROR,
- LanguageHelper.getErrorString("webpages.slo.error", request));
-
- }
- String redirectURL = serviceURL + Constants.SERVLET_LOGOUT;
- redirectURL = response.encodeRedirectURL(redirectURL);
- response.setContentType("text/html");
- response.setStatus(302);
- response.addHeader("Location", redirectURL);
-
- }
-
- protected SingleLogoutService findIDPFrontChannelSLOService() throws
- ConfigurationException, SLOException {
-
- String entityname = config.getPVP2IDPMetadataEntityName();
- if (MiscUtil.isEmpty(entityname)) {
- log.info("No IDP EntityName configurated");
- throw new ConfigurationException("No IDP EntityName configurated");
- }
-
- //get IDP metadata from metadataprovider
- HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
- try {
- EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
- if (idpEntity == null) {
- log.info("IDP EntityName is not found in IDP Metadata");
- throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
-
- }
-
- //select authentication-service url from metadata
- SingleLogoutService redirectEndpoint = null;
- for (SingleLogoutService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) {
-
- //Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
- redirectEndpoint = sss;
-
- else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) &&
- redirectEndpoint == null)
- redirectEndpoint = sss;
- }
-
- if (redirectEndpoint == null) {
- log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service.");
- throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service.");
- }
-
- return redirectEndpoint;
- } catch (MetadataProviderException e) {
- log.info("IDP EntityName is not found in IDP Metadata", e);
- throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
-
- }
- }
-
- protected ConfigurationProvider getConfig() {
- return config;
- }
+ private static final long serialVersionUID = -4547240664871845098L;
+ private static final Logger log = LoggerFactory
+ .getLogger(SLOBasicServlet.class);
+
+ private final ConfigurationProvider config;
+
+ public SLOBasicServlet() throws ConfigurationException {
+ config = ConfigurationProvider.getInstance();
+ config.initializePVP2Login();
+ }
+
+ protected LogoutRequest createLogOutRequest(String nameID, String nameIDFormat, HttpServletRequest request)
+ throws SLOException {
+ try {
+ final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
+ final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ sloReq.setID(gen.generateIdentifier());
+ sloReq.setIssueInstant(new DateTime());
+ final NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+ issuer.setFormat(NameIDType.ENTITY);
+ sloReq.setIssuer(issuer);
+
+ final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class);
+ sloReq.setNameID(userNameID);
+ userNameID.setFormat(nameIDFormat);
+ userNameID.setValue(nameID);
+
+ return sloReq;
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.warn("Single LogOut request createn FAILED. ", e);
+ throw new SLOException();
+
+ }
+
+ }
+
+ protected LogoutResponse processLogOutRequest(LogoutRequest sloReq, HttpServletRequest request)
+ throws NoSuchAlgorithmException {
+ // check response destination
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+
+ final String responseDestination = sloReq.getDestination();
+ if (MiscUtil.isEmpty(responseDestination) ||
+ !responseDestination.startsWith(serviceURL)) {
+ log.warn("PVPResponse destination does not match requested destination");
+ return createSLOResponse(sloReq, StatusCode.REQUESTER_URI, request);
+ }
+
+ final AuthenticationManager authManager = AuthenticationManager.getInstance();
+ if (authManager.isActiveUser(sloReq.getNameID().getValue())) {
+ final AuthenticatedUser authUser = authManager.getActiveUser(sloReq.getNameID().getValue());
+ log.info("User " + authUser.getGivenName() + " " + authUser.getFamilyName() + " with nameID:"
+ + authUser.getNameID() + " get logged out by Single LogOut request.");
+ authManager.removeActiveUser(authUser);
+ final HttpSession session = request.getSession(false);
+ if (session != null) {
+ session.invalidate();
+ }
+ return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request);
+
+ } else {
+ log.debug("Single LogOut not possible! User with nameID:" + sloReq.getNameID().getValue()
+ + " is not found.");
+ return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request);
+
+ }
+
+ }
+
+ protected LogoutResponse createSLOResponse(LogoutRequest sloReq, String statusCodeURI,
+ HttpServletRequest request) throws NoSuchAlgorithmException {
+ final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ sloResp.setID(gen.generateIdentifier());
+ sloResp.setInResponseTo(sloReq.getID());
+ sloResp.setIssueInstant(new DateTime());
+ final NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+ issuer.setFormat(NameIDType.ENTITY);
+ sloResp.setIssuer(issuer);
+
+ final Status status = SAML2Utils.createSAMLObject(Status.class);
+ sloResp.setStatus(status);
+ final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ statusCode.setValue(statusCodeURI);
+ status.setStatusCode(statusCode);
+
+ return sloResp;
+ }
+
+ protected void validateLogOutResponse(LogoutResponse sloResp, String reqID, HttpServletRequest request,
+ HttpServletResponse response) throws PVP2Exception {
+ // ckeck InResponseTo matchs requestID
+ if (MiscUtil.isEmpty(reqID)) {
+ log.info("NO Sigle LogOut request ID");
+ throw new PVP2Exception("NO Sigle LogOut request ID");
+ }
+
+ if (!reqID.equals(sloResp.getInResponseTo())) {
+ log.warn("SLORequestID does not match SLO Response ID!");
+ throw new PVP2Exception("SLORequestID does not match SLO Response ID!");
+
+ }
+
+ // check response destination
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+
+ final String responseDestination = sloResp.getDestination();
+ if (MiscUtil.isEmpty(responseDestination) ||
+ !responseDestination.startsWith(serviceURL)) {
+ log.warn("PVPResponse destination does not match requested destination");
+ throw new PVP2Exception("SLO response destination does not match requested destination");
+ }
+
+ request.getSession().invalidate();
+
+ if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.PARTIAL_LOGOUT_URI)) {
+ log.warn("Single LogOut process is not completed.");
+ request.getSession().setAttribute(Constants.SESSION_SLOERROR,
+ LanguageHelper.getErrorString("webpages.slo.error", request));
+
+ } else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ if (sloResp.getStatus().getStatusCode().getStatusCode() != null &&
+ !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) {
+ log.info("Single LogOut process complete.");
+ request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS,
+ LanguageHelper.getErrorString("webpages.slo.success", request));
+
+ } else {
+ log.warn("Single LogOut process is not completed.");
+ request.getSession().setAttribute(Constants.SESSION_SLOERROR,
+ LanguageHelper.getErrorString("webpages.slo.error", request));
+
+ }
+
+ } else {
+ log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode()
+ .getValue());
+ request.getSession().setAttribute(Constants.SESSION_SLOERROR,
+ LanguageHelper.getErrorString("webpages.slo.error", request));
+
+ }
+ String redirectURL = serviceURL + Constants.SERVLET_LOGOUT;
+ redirectURL = response.encodeRedirectURL(redirectURL);
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", redirectURL);
+
+ }
+
+ protected SingleLogoutService findIDPFrontChannelSLOService() throws ConfigurationException, SLOException {
+
+ final String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ // get IDP metadata from metadataprovider
+ final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ try {
+ final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+
+ }
+
+ // select authentication-service url from metadata
+ SingleLogoutService redirectEndpoint = null;
+ for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)
+ .getSingleLogoutServices()) {
+
+ // Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ redirectEndpoint = sss;
+ } else if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) &&
+ redirectEndpoint == null) {
+ redirectEndpoint = sss;
+ }
+ }
+
+ if (redirectEndpoint == null) {
+ log.warn("Single LogOut FAILED: IDP implements no frontchannel SLO service.");
+ throw new SLOException("Single LogOut FAILED: IDP implements no frontchannel SLO service.");
+ }
+
+ return redirectEndpoint;
+ } catch (final MetadataProviderException e) {
+ log.info("IDP EntityName is not found in IDP Metadata", e);
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+
+ }
+ }
+
+ protected ConfigurationProvider getConfig() {
+ return config;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
index 274aa21bf..ac9d65cbf 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOFrontChannelServlet.java
@@ -77,221 +77,230 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public class SLOFrontChannelServlet extends SLOBasicServlet {
- private static final long serialVersionUID = -6280199681356977759L;
- private static final Logger log = LoggerFactory
- .getLogger(SLOFrontChannelServlet.class);
-
- /**
- * @throws ConfigurationException
- */
- public SLOFrontChannelServlet() throws ConfigurationException {
- super();
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- try {
- if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) {
- //process user initiated single logout process
- Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
-
- if (authUserObj == null) {
- log.warn("No user information found. Single Log-Out not possible");
- buildErrorMessage(request, response);
-
- }
-
- AuthenticatedUser authUser = (AuthenticatedUser) authUserObj;
-
- String nameIDFormat = authUser.getNameIDFormat();
- String nameID = authUser.getNameID();
-
- //remove user
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- authManager.removeActiveUser(authUser);
-
- if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) {
- log.warn("No user information found. Single Log-Out not possible");
- buildErrorMessage(request, response);
-
- } else
- log.info("Fount user information for user nameID: " + nameID
- + " , nameIDFormat: " + nameIDFormat
- + ". Build Single Log-Out request ...");
-
- //build SLO request to IDP
- LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request);
-
- request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID());
-
- //send message
- sendMessage(request, response, sloReq, null);
-
- } else {
- //process PVP 2.1 single logout process
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
- messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- PVP2Utils.getTrustEngine(getConfig()));
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setSecurityPolicyResolver(resolver);
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- decode.decode(messageContext);
-
- signatureRule.evaluate(messageContext);
-
-
- processMessage(request, response,
- messageContext.getInboundMessage(), messageContext.getRelayState());
-
- }
-
- } catch (SLOException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (ConfigurationException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (PVP2Exception e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (SecurityPolicyException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (MessageDecodingException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (SecurityException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (NoSuchAlgorithmException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- }
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- try {
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
- messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
- decode.decode(messageContext);
-
- PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig());
-
- processMessage(request, response,
- messageContext.getInboundMessage(), messageContext.getRelayState());
-
-
- } catch (MessageDecodingException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (SecurityException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (ValidationException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (ConfigurationException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (PVP2Exception e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- } catch (NoSuchAlgorithmException e) {
- log.error("Single LogOut processing error.", e);
- buildErrorMessage(request, response);
-
- }
- }
-
- private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) {
-
- request.getSession().setAttribute(Constants.SESSION_SLOERROR,
- LanguageHelper.getErrorString("webpages.slo.error", request));
-
- //check response destination
- String serviceURL = getConfig().getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
-
- String redirectURL = serviceURL + Constants.SERVLET_LOGOUT;
- redirectURL = response.encodeRedirectURL(redirectURL);
- response.setContentType("text/html");
- response.setStatus(302);
- response.addHeader("Location", redirectURL);
- }
-
- private void processMessage(HttpServletRequest request, HttpServletResponse response,
- XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception, NoSuchAlgorithmException {
- if (xmlObject instanceof LogoutRequest) {
- LogoutResponse sloResp =
- processLogOutRequest((LogoutRequest) xmlObject, request);
- sendMessage(request, response, sloResp, relayState);
-
- } else if (xmlObject instanceof LogoutResponse) {
- LogoutResponse sloResp = (LogoutResponse) xmlObject;
-
- String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID);
- request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null);
- validateLogOutResponse(sloResp, reqID, request, response);
-
- }
- }
-
- private void sendMessage(HttpServletRequest request, HttpServletResponse response,
- RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
- SingleLogoutService sloService = findIDPFrontChannelSLOService();
- sloReq.setDestination(sloService.getLocation());
- sendMessage(request, response, sloReq, sloService, relayState);
- }
-
- private void sendMessage(HttpServletRequest request, HttpServletResponse response,
- StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
- SingleLogoutService sloService = findIDPFrontChannelSLOService();
- sloReq.setDestination(sloService.getLocation());
- sendMessage(request, response, sloReq, sloService, relayState);
- }
-
- private void sendMessage(HttpServletRequest request, HttpServletResponse response,
- SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState) throws ConfigurationException, PVP2Exception {
- X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq, getConfig());
- if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI))
- PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState);
-
- else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI))
- PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(), relayState);
- }
-
+ private static final long serialVersionUID = -6280199681356977759L;
+ private static final Logger log = LoggerFactory
+ .getLogger(SLOFrontChannelServlet.class);
+
+ /**
+ * @throws ConfigurationException
+ */
+ public SLOFrontChannelServlet() throws ConfigurationException {
+ super();
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ if (MiscUtil.isNotEmpty(request.getParameter(Constants.REQUEST_USERSLO))) {
+ // process user initiated single logout process
+ final Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+
+ if (authUserObj == null) {
+ log.warn("No user information found. Single Log-Out not possible");
+ buildErrorMessage(request, response);
+
+ }
+
+ final AuthenticatedUser authUser = (AuthenticatedUser) authUserObj;
+
+ final String nameIDFormat = authUser.getNameIDFormat();
+ final String nameID = authUser.getNameID();
+
+ // remove user
+ final AuthenticationManager authManager = AuthenticationManager.getInstance();
+ authManager.removeActiveUser(authUser);
+
+ if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) {
+ log.warn("No user information found. Single Log-Out not possible");
+ buildErrorMessage(request, response);
+
+ } else {
+ log.info("Fount user information for user nameID: " + nameID
+ + " , nameIDFormat: " + nameIDFormat
+ + ". Build Single Log-Out request ...");
+ }
+
+ // build SLO request to IDP
+ final LogoutRequest sloReq = createLogOutRequest(nameID, nameIDFormat, request);
+
+ request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, sloReq.getID());
+
+ // send message
+ sendMessage(request, response, sloReq, null);
+
+ } else {
+ // process PVP 2.1 single logout process
+ final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+ final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+ messageContext.setMetadataProvider(getConfig().getMetaDataProvier());
+
+ final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ PVP2Utils.getTrustEngine(getConfig()));
+ final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
+ final BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
+ final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setSecurityPolicyResolver(resolver);
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ decode.decode(messageContext);
+
+ signatureRule.evaluate(messageContext);
+
+ processMessage(request, response,
+ messageContext.getInboundMessage(), messageContext.getRelayState());
+
+ }
+
+ } catch (final SLOException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final ConfigurationException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final PVP2Exception e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final SecurityPolicyException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final MessageDecodingException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final SecurityException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ }
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ final BasicSAMLMessageContext<Response, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+ decode.decode(messageContext);
+
+ PVP2Utils.validateSignature((SignableXMLObject) messageContext.getInboundMessage(), getConfig());
+
+ processMessage(request, response,
+ messageContext.getInboundMessage(), messageContext.getRelayState());
+
+ } catch (final MessageDecodingException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final SecurityException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final ValidationException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final ConfigurationException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final PVP2Exception e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.error("Single LogOut processing error.", e);
+ buildErrorMessage(request, response);
+
+ }
+ }
+
+ private void buildErrorMessage(HttpServletRequest request, HttpServletResponse response) {
+
+ request.getSession().setAttribute(Constants.SESSION_SLOERROR,
+ LanguageHelper.getErrorString("webpages.slo.error", request));
+
+ // check response destination
+ String serviceURL = getConfig().getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+
+ String redirectURL = serviceURL + Constants.SERVLET_LOGOUT;
+ redirectURL = response.encodeRedirectURL(redirectURL);
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", redirectURL);
+ }
+
+ private void processMessage(HttpServletRequest request, HttpServletResponse response,
+ XMLObject xmlObject, String relayState) throws ConfigurationException, PVP2Exception,
+ NoSuchAlgorithmException {
+ if (xmlObject instanceof LogoutRequest) {
+ final LogoutResponse sloResp =
+ processLogOutRequest((LogoutRequest) xmlObject, request);
+ sendMessage(request, response, sloResp, relayState);
+
+ } else if (xmlObject instanceof LogoutResponse) {
+ final LogoutResponse sloResp = (LogoutResponse) xmlObject;
+
+ final String reqID = (String) request.getSession().getAttribute(Constants.SESSION_PVP2REQUESTID);
+ request.getSession().setAttribute(Constants.SESSION_PVP2REQUESTID, null);
+ validateLogOutResponse(sloResp, reqID, request, response);
+
+ }
+ }
+
+ private void sendMessage(HttpServletRequest request, HttpServletResponse response,
+ RequestAbstractType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
+ final SingleLogoutService sloService = findIDPFrontChannelSLOService();
+ sloReq.setDestination(sloService.getLocation());
+ sendMessage(request, response, sloReq, sloService, relayState);
+ }
+
+ private void sendMessage(HttpServletRequest request, HttpServletResponse response,
+ StatusResponseType sloReq, String relayState) throws ConfigurationException, PVP2Exception {
+ final SingleLogoutService sloService = findIDPFrontChannelSLOService();
+ sloReq.setDestination(sloService.getLocation());
+ sendMessage(request, response, sloReq, sloService, relayState);
+ }
+
+ private void sendMessage(HttpServletRequest request, HttpServletResponse response,
+ SignableSAMLObject sloReq, SingleLogoutService sloService, String relayState)
+ throws ConfigurationException, PVP2Exception {
+ final X509Credential authcredential = PVP2Utils.signMessage((AbstractSignableXMLObject) sloReq,
+ getConfig());
+ if (sloService.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ PVP2Utils.postBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(),
+ relayState);
+ } else if (sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ PVP2Utils.redirectBindingEncoder(request, response, sloReq, authcredential, sloService.getLocation(),
+ relayState);
+ }
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index ef6c951c2..2cce2ebab 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -33,9 +33,12 @@ import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
+import java.security.Provider;
+import java.security.Security;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
+import java.util.Optional;
import java.util.Properties;
import java.util.Timer;
import java.util.jar.Attributes;
@@ -44,7 +47,6 @@ import java.util.jar.Manifest;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.xml.parse.BasicParserPool;
@@ -55,6 +57,9 @@ import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.context.support.GenericApplicationContext;
+import com.google.common.collect.Streams;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egovernment.moa.id.commons.db.NewConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
@@ -65,652 +70,691 @@ import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter;
import at.gv.egovernment.moa.id.configuration.config.usermanagement.FileBasedUserConfiguration;
import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.asn1.structures.AlgorithmID;
+import iaik.security.provider.IAIK;
import iaik.x509.X509Certificate;
+import lombok.extern.slf4j.Slf4j;
-
+@Slf4j
public class ConfigurationProvider {
- public static final String HTMLTEMPLATE_DIR = "/htmlTemplates";
- public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html";
-
- private static final Logger log = Logger.getLogger(ConfigurationProvider.class);
-
- private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig";
-
- private static ConfigurationProvider instance;
- private Properties props;
- private String configFileName;
- private String configRootDir;
-
- private HTTPMetadataProvider idpMetadataProvider = null;
- private KeyStore keyStore = null;
-
- private String publicURLPreFix = null;
-
- private boolean pvp2logininitialzied = false;
-
- private ClassPathXmlApplicationContext context = null;
- private MOAIDConfigurationModul configModule = null;
- private NewConfigurationDBRead deprecatedDBRead = null;
- private FileBasedUserConfiguration userManagement = null;
-
- private ArrayList<String> activeProfiles = new ArrayList<String>();
-
- public static ConfigurationProvider getInstance() throws ConfigurationException {
-
- if (instance == null) {
- instance = new ConfigurationProvider();
- instance.inizialize();
-
- }
-
- return instance;
- }
-
- private void inizialize() throws ConfigurationException {
-
- log.info("Set SystemProperty for UTF-8 file.encoding as default");
- System.setProperty("file.encoding", "UTF-8");
-
- configFileName = System.getProperty(SYSTEM_PROP_CONFIG);
-
- if (configFileName == null) {
- throw new ConfigurationException("config.05");
- }
- try {
- URI fileURI = new URI(configFileName);
- File propertiesFile = new File(fileURI);
-
- // determine the directory of the root config file
- String rootConfigFileDir = propertiesFile.getParent();
- configRootDir = new File(rootConfigFileDir).toURI().toURL().toString();;
-
- log.info("Loading MOA-ID-AUTH configuration " + configFileName);
-
- //Initial Hibernate Framework
- log.trace("Initializing Hibernate framework.");
-
- //Load MOAID-2.0 properties file
-
-
- FileInputStream fis;
- props = new Properties();
-
- fis = new FileInputStream(propertiesFile);
- props.load(fis);
- fis.close();
+ public static final String HTMLTEMPLATE_DIR = "/htmlTemplates";
+ public static final String HTMLTEMPLATE_FILE = "/loginFormFull.html";
+
+ private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig";
+
+ private static ConfigurationProvider instance;
+ private Properties props;
+ private String configFileName;
+ private String configRootDir;
+
+ private HTTPMetadataProvider idpMetadataProvider = null;
+ private KeyStore keyStore = null;
+
+ private String publicURLPreFix = null;
+
+ private boolean pvp2logininitialzied = false;
+
+ private ClassPathXmlApplicationContext context = null;
+ private MOAIDConfigurationModul configModule = null;
+ private NewConfigurationDBRead deprecatedDBRead = null;
+ private FileBasedUserConfiguration userManagement = null;
+
+ private final ArrayList<String> activeProfiles = new ArrayList<>();
+
+ public static ConfigurationProvider getInstance() throws ConfigurationException {
+
+ if (instance == null) {
+ instance = new ConfigurationProvider();
+ instance.inizialize();
+
+ }
+
+ return instance;
+ }
+
+ private void inizialize() throws ConfigurationException {
+
+ log.info("Set SystemProperty for UTF-8 file.encoding as default");
+ System.setProperty("file.encoding", "UTF-8");
+
+ configFileName = System.getProperty(SYSTEM_PROP_CONFIG);
+
+ if (configFileName == null) {
+ throw new ConfigurationException("config.05");
+ }
+ try {
+ final URI fileURI = new URI(configFileName);
+ final File propertiesFile = new File(fileURI);
+
+ // determine the directory of the root config file
+ final String rootConfigFileDir = propertiesFile.getParent();
+ configRootDir = new File(rootConfigFileDir).toURI().toURL().toString();
+
+ log.info("Loading MOA-ID-AUTH configuration " + configFileName);
+
+ // Initial Hibernate Framework
+ log.trace("Initializing Hibernate framework.");
+
+ // Load MOAID-2.0 properties file
+
+ FileInputStream fis;
+ props = new Properties();
+
+ fis = new FileInputStream(propertiesFile);
+ props.load(fis);
+ fis.close();
// //Workaround -> can be removed in next version
// if (MiscUtil.isEmpty(System.getProperty("spring.profiles.active"))) {
// log.info("Set System-Property to activate 'byteBased' config values");
// System.setProperty("spring.profiles.active", "byteBasedConfig");
-//
+//
// }
-
- //initialize generic SpringContext to set profiles
- GenericApplicationContext rootContext = new GenericApplicationContext();
+
+ // initialize generic SpringContext to set profiles
+ final GenericApplicationContext rootContext = new GenericApplicationContext();
// if (Boolean.valueOf(props.getProperty("configuration.database.byteBasedValues", "false")))
-// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG);
+// activeProfiles.add(SpringProfileConstants.BYTEBASEDCONFIG);
// for (String el: activeProfiles)
// rootContext.getEnvironment().addActiveProfile(el);
- //refresh generic context
- rootContext.refresh();
-
- //initialize SpringContext
- context = new ClassPathXmlApplicationContext(
- new String[] { "configuration.beans.xml",
- "moaid.webgui.beans.xml",
- "moaid.migration.beans.xml",
- "moaid.configurationtool.beans.xml"
- }, rootContext);
-
-
- log.info("Spring-context was initialized with active profiles: "
- + Arrays.asList(context.getEnvironment().getActiveProfiles()));
-
- //Autowire beans in these context
- AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory();
- acbFactory.autowireBean(this);
-
-
- log.info("Hibernate initialization finished.");
-
- DefaultBootstrap.bootstrap();
- log.info("OPENSAML initialized");
-
- UserRequestCleaner.start();
-
- fixJava8_141ProblemWithSSLAlgorithms();
-
- log.info("MOA-ID-Configuration initialization completed");
-
-
- } catch (FileNotFoundException e) {
- throw new ConfigurationException("config.01", new Object[]{configFileName}, e);
-
- } catch (IOException e) {
- throw new ConfigurationException("config.02", new Object[]{configFileName}, e);
-
- } catch (org.opensaml.xml.ConfigurationException e) {
- throw new ConfigurationException("config.04", e);
-
- } catch (URISyntaxException e) {
- throw new ConfigurationException("config.01", new Object[]{configFileName}, e);
- }
-
- }
-
- private static void fixJava8_141ProblemWithSSLAlgorithms() {
- log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
- //new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[] { "MD5withRSA", "MD5/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption",
- new String[] { "SHA1withRSA" , "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption",
- new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption",
- new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption",
- new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true);
- new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption",
- new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
+ // refresh generic context
+ rootContext.refresh();
+
+ // initialize SpringContext
+ context = new ClassPathXmlApplicationContext(
+ new String[] { "configuration.beans.xml",
+ "moaid.webgui.beans.xml",
+ "moaid.migration.beans.xml",
+ "moaid.configurationtool.beans.xml"
+ }, rootContext);
+
+ log.info("Spring-context was initialized with active profiles: "
+ + Arrays.asList(context.getEnvironment().getActiveProfiles()));
+
+ // Autowire beans in these context
+ final AutowireCapableBeanFactory acbFactory = context.getAutowireCapableBeanFactory();
+ acbFactory.autowireBean(this);
+
+ log.info("Hibernate initialization finished.");
+
+ //check if IAIK provider is already loaded in first place
+ Optional<Pair<Long, Provider>> isIaikProviderLoaded = Streams.mapWithIndex(
+ Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str))
+ .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName()))
+ .findAny();
+
+ DefaultBootstrap.bootstrap();
+ log.info("OPENSAML initialized");
+
+ UserRequestCleaner.start();
+
+ fixJava8_141ProblemWithSSLAlgorithms();
+
+ //load a first place
+ checkSecuityProviderPosition(isIaikProviderLoaded);
+
+ if (Logger.isDebugEnabled()) {
+ log.debug("Loaded Security Provider:");
+ Provider[] providerList = Security.getProviders();
+ for (int i=0; i<providerList.length; i++)
+ log.debug(i + ": " + providerList[i].getName() + " Version " + providerList[i].getVersion());
+
+ }
+
+ log.info("MOA-ID-Configuration initialization completed");
+
+ } catch (final FileNotFoundException e) {
+ throw new ConfigurationException("config.01", new Object[] { configFileName }, e);
+
+ } catch (final IOException e) {
+ throw new ConfigurationException("config.02", new Object[] { configFileName }, e);
+
+ } catch (final org.opensaml.xml.ConfigurationException e) {
+ throw new ConfigurationException("config.04", e);
+
+ } catch (final URISyntaxException e) {
+ throw new ConfigurationException("config.01", new Object[] { configFileName }, e);
+ }
+
+ }
+
+ private void checkSecuityProviderPosition(Optional<Pair<Long, Provider>> iaikProviderLoadedBefore) {
+ if (iaikProviderLoadedBefore.isPresent() && iaikProviderLoadedBefore.get().getFirst() == 0) {
+ Optional<Pair<Long, Provider>> iaikProviderLoadedNow = Streams.mapWithIndex(
+ Arrays.stream(Security.getProviders()), (str, index) -> Pair.newInstance(index, str))
+ .filter(el -> IAIK.getInstance().getName().equals(el.getSecond().getName()))
+ .findAny();
+
+ if (iaikProviderLoadedNow.isPresent() && iaikProviderLoadedNow.get().getFirst() !=
+ iaikProviderLoadedBefore.get().getFirst()) {
+ log.debug("IAIK Provider was loaded before on place: {}, but it's now on place: {}. Starting re-ordering ... ",
+ iaikProviderLoadedBefore.get().getFirst(), iaikProviderLoadedNow.get().getFirst());
+ Security.removeProvider(IAIK.getInstance().getName());
+ Security.insertProviderAt(IAIK.getInstance(), 0);
+ log.info("Re-ordering of Security Provider done.");
+
+ } else {
+ log.debug("IAIK Provider was loaded before on place: {} and it's already there. Nothing todo",
+ iaikProviderLoadedBefore.get().getFirst());
+
+ }
+ } else {
+ if (iaikProviderLoadedBefore.isPresent()) {
+ log.debug("IAIK Provider was loaded before on place: {}. Nothing todo",
+ iaikProviderLoadedBefore.get().getFirst());
- log.info("Change AlgorithmIDs finished");
+ } else {
+ log.debug("IAIK Provider was not loaded before. Nothing todo");
+
+ }
+
+ }
+
+ }
+
+ private static void fixJava8_141ProblemWithSSLAlgorithms() {
+ log.info("Change AlgorithmIDs to fix problems with Java8 >= 141 ...");
+ // new AlgorithmID("1.2.840.113549.1.1.4", "md5WithRSAEncryption", new String[]
+ // { "MD5withRSA", "MD5/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.5", "sha1WithRSAEncryption",
+ new String[] { "SHA1withRSA", "SHA1/RSA", "SHA-1/RSA", "SHA/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.14", "sha224WithRSAEncryption",
+ new String[] { "SHA224withRSA", "SHA224/RSA", "SHA-224/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.11", "sha256WithRSAEncryption",
+ new String[] { "SHA256withRSA", "SHA256/RSA", "SHA-256/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.12", "sha384WithRSAEncryption",
+ new String[] { "SHA384withRSA", "SHA384/RSA", "SHA-384/RSA", }, null, true);
+ new AlgorithmID("1.2.840.113549.1.1.13", "sha512WithRSAEncryption",
+ new String[] { "SHA512withRSA", "SHA512/RSA", "SHA-512/RSA" }, null, true);
+
+ log.info("Change AlgorithmIDs finished");
+ }
+
+ @Autowired(required = true)
+ public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) {
+ this.configModule = module;
+ }
+
+ /**
+ * @param dbRead the dbRead to set
+ */
+ @Autowired(required = true)
+ public void setDbRead(NewConfigurationDBRead dbRead) {
+ this.deprecatedDBRead = dbRead;
+ }
+
+ /**
+ * @return the props
+ */
+ public Properties getConfigurationProperties() {
+ return props;
+ }
+
+ /**
+ * @return the deprecatedDBWrite
+ */
+ public FileBasedUserConfiguration getUserManagement() {
+ return userManagement;
+ }
+
+ /**
+ * @param deprecatedDBWrite the deprecatedDBWrite to set
+ */
+ @Autowired(required = true)
+ public void setUserManagement(FileBasedUserConfiguration userManagement) {
+ this.userManagement = userManagement;
+ }
+
+ public String getPublicUrlPreFix(HttpServletRequest request) {
+ publicURLPreFix = props.getProperty("general.publicURLContext");
+
+ if (MiscUtil.isEmpty(publicURLPreFix) && request != null) {
+ final String url = request.getRequestURL().toString();
+ final String contextpath = request.getContextPath();
+ final int index = url.indexOf(contextpath);
+ publicURLPreFix = url.substring(0, index + contextpath.length() + 1);
}
-
- @Autowired(required = true)
- public void setMOAIDConfigurationModul(MOAIDConfigurationModul module) {
- this.configModule = module;
- }
-
-
-
- /**
- * @param dbRead the dbRead to set
- */
- @Autowired(required = true)
- public void setDbRead(NewConfigurationDBRead dbRead) {
- this.deprecatedDBRead = dbRead;
- }
-
-
-
- /**
- * @return the props
- */
- public Properties getConfigurationProperties() {
- return props;
- }
-
- /**
- * @return the deprecatedDBWrite
- */
- public FileBasedUserConfiguration getUserManagement() {
- return userManagement;
- }
-
- /**
- * @param deprecatedDBWrite the deprecatedDBWrite to set
- */
- @Autowired(required = true)
- public void setUserManagement(FileBasedUserConfiguration userManagement) {
- this.userManagement = userManagement;
- }
-
-
- public String getPublicUrlPreFix(HttpServletRequest request) {
- publicURLPreFix = props.getProperty("general.publicURLContext");
-
- if (MiscUtil.isEmpty(publicURLPreFix) && request != null) {
- String url = request.getRequestURL().toString();
- String contextpath = request.getContextPath();
- int index = url.indexOf(contextpath);
- publicURLPreFix = url.substring(0, index + contextpath.length() + 1);
- }
-
- return publicURLPreFix;
- }
-
- public int getUserRequestCleanUpDelay() {
- String delay = props.getProperty("general.userrequests.cleanup.delay");
- return Integer.getInteger(delay, 12);
- }
-
+
+ return publicURLPreFix;
+ }
+
+ public int getUserRequestCleanUpDelay() {
+ final String delay = props.getProperty("general.userrequests.cleanup.delay");
+ return Integer.getInteger(delay, 12);
+ }
+
// public String getContactMailAddress() {
// return props.getProperty("general.contact.mail");
// }
-
- public String getSSOLogOutURL() {
- return props.getProperty("general.login.pvp2.idp.sso.logout.url");
- }
-
- public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException {
- if (keyStore == null) {
- String keystoretype = getPVP2MetadataKeystoreType();
- if (MiscUtil.isEmpty(keystoretype)) {
- log.debug("No KeyStoreType defined. Using default KeyStoreType.");
- keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-
- } else {
- log.debug("Using " + keystoretype + " KeyStoreType.");
- keyStore = KeyStore.getInstance(keystoretype);
-
- }
-
-
- String fileURL = getPVP2MetadataKeystoreURL();
- log.debug("Load KeyStore from URL " + fileURL);
- if (MiscUtil.isEmpty(fileURL)) {
- log.info("Metadata KeyStoreURL is empty");
- throw new ConfigurationException("Metadata KeyStoreURL is empty");
- }
-
- URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir())));
- InputStream inputStream = keystoreURL.openStream();
- keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray());
- inputStream.close();
- }
-
- return keyStore;
-
- }
-
- public String getConfigFile() {
- return configFileName;
- }
-
- public String getConfigRootDir() {
- return configRootDir;
- }
-
- public boolean isMOAIDMode() {
- String result = props.getProperty("general.moaidmode.active", "true");
- return Boolean.parseBoolean(result);
- }
-
- public String getMOAIDInstanceURL() {
- return props.getProperty("general.moaid.instance.url");
- }
-
- public boolean isLoginDeaktivated() {
- String result = props.getProperty("general.login.deaktivate", "false");
- return Boolean.parseBoolean(result);
- }
-
- public boolean isOATargetVerificationDeaktivated() {
- String result = props.getProperty("general.OATargetVerification.deaktivate", "false");
- return Boolean.parseBoolean(result);
- }
-
- //PVP2 Login configuration
-
- public void initializePVP2Login() throws ConfigurationException {
- if (!pvp2logininitialzied)
- initalPVP2Login();
- }
-
- public boolean isPVP2LoginActive() {
-
- return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false"));
- }
-
- public boolean isPVP2LoginBusinessService() {
- String result = props.getProperty("general.login.pvp2.isbusinessservice", "false");
- return Boolean.parseBoolean(result);
- }
-
- public String getPVP2LoginTarget() {
- return props.getProperty("general.login.pvp2.target");
- }
-
- public String getPVP2LoginIdenificationValue() {
- return props.getProperty("general.login.pvp2.identificationvalue");
- }
-
- public String getPVP2MetadataEntitiesName() {
- return props.getProperty("general.login.pvp2.metadata.entities.name");
- }
-
- public String getPVP2MetadataKeystoreURL() {
- return props.getProperty("general.login.pvp2.keystore.url");
- }
-
- public String getPVP2MetadataKeystorePassword() {
- return props.getProperty("general.login.pvp2.keystore.password");
- }
-
- public String getPVP2MetadataKeystoreType() {
- return props.getProperty("general.login.pvp2.keystore.type");
- }
-
- public String getPVP2KeystoreMetadataKeyAlias() {
- return props.getProperty("general.login.pvp2.keystore.metadata.key.alias");
- }
-
- public String getPVP2KeystoreMetadataKeyPassword() {
- return props.getProperty("general.login.pvp2.keystore.metadata.key.password");
- }
-
- public String getPVP2KeystoreAuthRequestKeyAlias() {
- return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias");
- }
-
- public String getPVP2KeystoreAuthRequestKeyPassword() {
- return props.getProperty("general.login.pvp2.keystore.authrequest.key.password");
- }
-
- public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() {
- return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias");
- }
-
- public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() {
- return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password");
- }
-
- public String getPVP2IDPMetadataURL() {
- return props.getProperty("general.login.pvp2.idp.metadata.url");
- }
-
- public String getPVP2IDPMetadataCertificate() {
- return props.getProperty("general.login.pvp2.idp.metadata.certificate");
- }
-
- public String getPVP2IDPMetadataEntityName() {
- return props.getProperty("general.login.pvp2.idp.metadata.entityID");
- }
-
- public HTTPMetadataProvider getMetaDataProvier() {
- return idpMetadataProvider;
- }
-
-
- //SMTP Server
- public String getSMTPMailHost() {
- return props.getProperty("general.mail.host");
- }
-
- public String getSMTPMailPort() {
- return props.getProperty("general.mail.host.port");
- }
-
- public String getSMTPMailUsername() {
- return props.getProperty("general.mail.host.username");
- }
-
- public String getSMTPMailPassword() {
- return props.getProperty("general.mail.host.password");
- }
-
- //Mail Configuration
- public String getMailFromName() {
- return props.getProperty("general.mail.from.name");
- }
-
- public String getMailFromAddress() {
- return props.getProperty("general.mail.from.address");
- }
-
- public String getMailUserAcountVerificationSubject() {
- return props.getProperty("general.mail.useraccountrequest.verification.subject");
- }
-
- public String getMailUserAcountVerificationTemplate() throws ConfigurationException {
- String url = props.getProperty("general.mail.useraccountrequest.verification.template");
-
- if (MiscUtil.isNotEmpty(url)) {
- return url;
-
- } else {
- log.warn("MailUserAcountVerificationTemplate is empty");
- throw new ConfigurationException("MailUserAcountVerificationTemplate is empty");
-
- }
- }
-
- public String getMailUserAcountActivationSubject() {
- return props.getProperty("general.mail.useraccountrequest.isactive.subject");
- }
-
- public String getMailUserAcountActivationTemplate() throws ConfigurationException {
- String url = props.getProperty("general.mail.useraccountrequest.isactive.template");
- if (MiscUtil.isNotEmpty(url)) {
- return url;
-
- } else {
- log.warn("MailUserAcountActivationTemplate is empty");
- throw new ConfigurationException("MailUserAcountActivationTemplate is empty");
-
- }
-
- }
-
- public String getMailOAActivationSubject() {
- return props.getProperty("general.mail.createOArequest.isactive.subject");
- }
-
- public String getDefaultLanguage() {
+
+ public String getSSOLogOutURL() {
+ return props.getProperty("general.login.pvp2.idp.sso.logout.url");
+ }
+
+ public KeyStore getPVP2KeyStore() throws ConfigurationException, IOException, NoSuchAlgorithmException,
+ CertificateException, KeyStoreException {
+ if (keyStore == null) {
+ final String keystoretype = getPVP2MetadataKeystoreType();
+ if (MiscUtil.isEmpty(keystoretype)) {
+ log.debug("No KeyStoreType defined. Using default KeyStoreType.");
+ keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+
+ } else {
+ log.debug("Using " + keystoretype + " KeyStoreType.");
+ keyStore = KeyStore.getInstance(keystoretype);
+
+ }
+
+ final String fileURL = getPVP2MetadataKeystoreURL();
+ log.debug("Load KeyStore from URL " + fileURL);
+ if (MiscUtil.isEmpty(fileURL)) {
+ log.info("Metadata KeyStoreURL is empty");
+ throw new ConfigurationException("Metadata KeyStoreURL is empty");
+ }
+
+ final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir()));
+ final InputStream inputStream = keystoreURL.openStream();
+ keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray());
+ inputStream.close();
+ }
+
+ return keyStore;
+
+ }
+
+ public String getConfigFile() {
+ return configFileName;
+ }
+
+ public String getConfigRootDir() {
+ return configRootDir;
+ }
+
+ public boolean isMOAIDMode() {
+ final String result = props.getProperty("general.moaidmode.active", "true");
+ return Boolean.parseBoolean(result);
+ }
+
+ public String getMOAIDInstanceURL() {
+ return props.getProperty("general.moaid.instance.url");
+ }
+
+ public boolean isLoginDeaktivated() {
+ final String result = props.getProperty("general.login.deaktivate", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ public boolean isOATargetVerificationDeaktivated() {
+ final String result = props.getProperty("general.OATargetVerification.deaktivate", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ // PVP2 Login configuration
+
+ public void initializePVP2Login() throws ConfigurationException {
+ if (!pvp2logininitialzied) {
+ initalPVP2Login();
+ }
+ }
+
+ public boolean isPVP2LoginActive() {
+
+ return Boolean.parseBoolean(props.getProperty("general.login.pvp2.isactive", "false"));
+ }
+
+ public boolean isPVP2LoginBusinessService() {
+ final String result = props.getProperty("general.login.pvp2.isbusinessservice", "false");
+ return Boolean.parseBoolean(result);
+ }
+
+ public String getPVP2LoginTarget() {
+ return props.getProperty("general.login.pvp2.target");
+ }
+
+ public String getPVP2LoginIdenificationValue() {
+ return props.getProperty("general.login.pvp2.identificationvalue");
+ }
+
+ public String getPVP2MetadataEntitiesName() {
+ return props.getProperty("general.login.pvp2.metadata.entities.name");
+ }
+
+ public String getPVP2MetadataKeystoreURL() {
+ return props.getProperty("general.login.pvp2.keystore.url");
+ }
+
+ public String getPVP2MetadataKeystorePassword() {
+ return props.getProperty("general.login.pvp2.keystore.password");
+ }
+
+ public String getPVP2MetadataKeystoreType() {
+ return props.getProperty("general.login.pvp2.keystore.type");
+ }
+
+ public String getPVP2KeystoreMetadataKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.metadata.key.alias");
+ }
+
+ public String getPVP2KeystoreMetadataKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.metadata.key.password");
+ }
+
+ public String getPVP2KeystoreAuthRequestKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.key.alias");
+ }
+
+ public String getPVP2KeystoreAuthRequestKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.key.password");
+ }
+
+ public String getPVP2KeystoreAuthRequestEncryptionKeyAlias() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.alias");
+ }
+
+ public String getPVP2KeystoreAuthRequestEncryptionKeyPassword() {
+ return props.getProperty("general.login.pvp2.keystore.authrequest.encryption.key.password");
+ }
+
+ public String getPVP2IDPMetadataURL() {
+ return props.getProperty("general.login.pvp2.idp.metadata.url");
+ }
+
+ public String getPVP2IDPMetadataCertificate() {
+ return props.getProperty("general.login.pvp2.idp.metadata.certificate");
+ }
+
+ public String getPVP2IDPMetadataEntityName() {
+ return props.getProperty("general.login.pvp2.idp.metadata.entityID");
+ }
+
+ public HTTPMetadataProvider getMetaDataProvier() {
+ return idpMetadataProvider;
+ }
+
+ // SMTP Server
+ public String getSMTPMailHost() {
+ return props.getProperty("general.mail.host");
+ }
+
+ public String getSMTPMailPort() {
+ return props.getProperty("general.mail.host.port");
+ }
+
+ public String getSMTPMailUsername() {
+ return props.getProperty("general.mail.host.username");
+ }
+
+ public String getSMTPMailPassword() {
+ return props.getProperty("general.mail.host.password");
+ }
+
+ // Mail Configuration
+ public String getMailFromName() {
+ return props.getProperty("general.mail.from.name");
+ }
+
+ public String getMailFromAddress() {
+ return props.getProperty("general.mail.from.address");
+ }
+
+ public String getMailUserAcountVerificationSubject() {
+ return props.getProperty("general.mail.useraccountrequest.verification.subject");
+ }
+
+ public String getMailUserAcountVerificationTemplate() throws ConfigurationException {
+ final String url = props.getProperty("general.mail.useraccountrequest.verification.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ return url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountVerificationTemplate is empty");
+
+ }
+ }
+
+ public String getMailUserAcountActivationSubject() {
+ return props.getProperty("general.mail.useraccountrequest.isactive.subject");
+ }
+
+ public String getMailUserAcountActivationTemplate() throws ConfigurationException {
+ final String url = props.getProperty("general.mail.useraccountrequest.isactive.template");
+ if (MiscUtil.isNotEmpty(url)) {
+ return url;
+
+ } else {
+ log.warn("MailUserAcountActivationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountActivationTemplate is empty");
+
+ }
+
+ }
+
+ public String getMailOAActivationSubject() {
+ return props.getProperty("general.mail.createOArequest.isactive.subject");
+ }
+
+ public String getDefaultLanguage() {
+ try {
+ return props.getProperty("general.defaultlanguage", "de").toLowerCase();
+ } catch (final Exception ex) {
+ return "de";
+ }
+ }
+
+ public String getMailOAActivationTemplate() throws ConfigurationException {
+ final String url = props.getProperty("general.mail.createOArequest.isactive.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ return url;
+
+ } else {
+ log.warn("MailOAActivationTemplate is empty");
+ throw new ConfigurationException("MailOAActivationTemplate is empty");
+
+ }
+
+ }
+
+ public String getMailUserAcountRevocationTemplate() throws ConfigurationException {
+ final String url = props.getProperty("general.mail.useraccountrequest.rejected.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ return url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailUserAcountRevocationTemplate is empty");
+
+ }
+ }
+
+ public String getMailAdminSubject() {
+ return props.getProperty("general.mail.admin.subject");
+ }
+
+ public String getMailAdminTemplate() throws ConfigurationException {
+ final String url = props.getProperty("general.mail.admin.adresses.template");
+
+ if (MiscUtil.isNotEmpty(url)) {
+ return url;
+
+ } else {
+ log.warn("MailUserAcountVerificationTemplate is empty");
+ throw new ConfigurationException("MailAdminTemplate is empty");
+
+ }
+ }
+
+ public String getMailAdminAddress() {
+ return props.getProperty("general.mail.admin.adress");
+ }
+
+ public String getConfigToolVersion() {
+ return parseVersionFromManifest();
+ }
+
+ public String getCertStoreDirectory() throws ConfigurationException {
+ final String dir = props.getProperty("general.ssl.certstore");
+ if (MiscUtil.isNotEmpty(dir)) {
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+ } else {
+ throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore.");
+ }
+
+ }
+
+ public String getTrustStoreDirectory() throws ConfigurationException {
+ final String dir = props.getProperty("general.ssl.truststore");
+ if (MiscUtil.isNotEmpty(dir)) {
+ return FileUtils.makeAbsoluteURL(dir, configRootDir);
+ } else {
+ throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore.");
+ }
+
+ }
+
+ public String getConfigurationEncryptionKey() {
+ return props.getProperty("general.moaconfig.key");
+
+ }
+
+ public boolean isPVPMetadataSchemaValidationActive() {
+ return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true"));
+
+ }
+
+ /**
+ * @return
+ */
+ private boolean isHostNameValidationEnabled() {
+ return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true"));
+
+ }
+
+ /**
+ * @return the context
+ */
+ public ApplicationContext getContext() {
+ return context;
+ }
+
+ /**
+ * @return the configModule
+ */
+ public MOAIDConfigurationModul getConfigModule() {
+ return configModule;
+ }
+
+ /**
+ * @return the dbRead
+ */
+ public NewConfigurationDBRead getDbRead() {
+ return deprecatedDBRead;
+ }
+
+ private void initalPVP2Login() throws ConfigurationException {
+ try {
+
+ final String metadataCert = getPVP2IDPMetadataCertificate();
+ if (MiscUtil.isEmpty(metadataCert)) {
+ log.info("NO IDP Certificate to verify IDP Metadata");
+ throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata");
+ }
+
+ final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir()));
+ final InputStream certstream = keystoreURL.openStream();
+ final X509Certificate cert = new X509Certificate(certstream);
+ final BasicX509Credential idpCredential = new BasicX509Credential();
+ idpCredential.setEntityCertificate(cert);
+
+ log.debug("IDP Certificate loading finished");
+
+ final String metadataurl = getPVP2IDPMetadataURL();
+ if (MiscUtil.isEmpty(metadataurl)) {
+ log.info("NO IDP Metadata URL.");
+ throw new ConfigurationException("NO IDP Metadata URL.");
+ }
+
+ final MOAHttpClient httpClient = new MOAHttpClient();
+
+ if (metadataurl.startsWith("https:")) {
try {
- return props.getProperty("general.defaultlanguage", "de").toLowerCase();
- } catch (Exception ex) {
- return "de";
+ final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ true,
+ ConfigurationProvider.getInstance().getCertStoreDirectory(),
+ ConfigurationProvider.getInstance().getTrustStoreDirectory(),
+ null,
+ "pkix",
+ true,
+ new String[] { "crl" },
+ ConfigurationProvider.getInstance().isHostNameValidationEnabled());
+
+ httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory);
+
+ } catch (final MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
+
}
+ }
+
+ idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl);
+ idpMetadataProvider.setRequireValidMetadata(true);
+ idpMetadataProvider.setParserPool(new BasicParserPool());
+ idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
+ idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12); // refresh Metadata every 12h
+ idpMetadataProvider.initialize();
+
+ pvp2logininitialzied = true;
+
+ } catch (final Exception e) {
+ log.warn("PVP2 authentification can not be initialized.");
+ throw new ConfigurationException("error.initialization.pvplogin", e);
+ }
+ }
+
+ private String parseVersionFromManifest() {
+
+ try {
+ final Class clazz = ConfigurationProvider.class;
+ final String className = clazz.getSimpleName() + ".class";
+ final String classPath = clazz.getResource(className).toString();
+
+ if (classPath.startsWith("jar")) {
+ log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version");
+ return Constants.DEFAULT_VERSION;
+
+ }
+
+ final String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/")
+ + "WEB-INF/classes/".length()) +
+ "../../META-INF/MANIFEST.MF";
+
+ final Manifest manifest = new Manifest(new URL(manifestPath).openStream());
+
+ final Attributes attributes = manifest.getMainAttributes();
+ final String version = attributes.getValue("version");
+
+ if (MiscUtil.isNotEmpty(version)) {
+ return version;
+ } else {
+ log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version");
+ return Constants.DEFAULT_VERSION;
+
+ }
+
+ } catch (final Throwable e) {
+ log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version");
+
+ return Constants.DEFAULT_VERSION;
}
-
- public String getMailOAActivationTemplate() throws ConfigurationException {
- String url = props.getProperty("general.mail.createOArequest.isactive.template");
-
- if (MiscUtil.isNotEmpty(url)) {
- return url;
-
- } else {
- log.warn("MailOAActivationTemplate is empty");
- throw new ConfigurationException("MailOAActivationTemplate is empty");
-
- }
-
- }
-
- public String getMailUserAcountRevocationTemplate() throws ConfigurationException {
- String url = props.getProperty("general.mail.useraccountrequest.rejected.template");
-
- if (MiscUtil.isNotEmpty(url)) {
- return url;
-
- } else {
- log.warn("MailUserAcountVerificationTemplate is empty");
- throw new ConfigurationException("MailUserAcountRevocationTemplate is empty");
-
- }
- }
-
- public String getMailAdminSubject() {
- return props.getProperty("general.mail.admin.subject");
- }
-
- public String getMailAdminTemplate() throws ConfigurationException {
- String url = props.getProperty("general.mail.admin.adresses.template");
-
- if (MiscUtil.isNotEmpty(url)) {
- return url;
-
- } else {
- log.warn("MailUserAcountVerificationTemplate is empty");
- throw new ConfigurationException("MailAdminTemplate is empty");
-
- }
- }
-
- public String getMailAdminAddress() {
- return props.getProperty("general.mail.admin.adress");
- }
-
- public String getConfigToolVersion() {
- return parseVersionFromManifest();
- }
-
- public String getCertStoreDirectory() throws ConfigurationException {
- String dir = props.getProperty("general.ssl.certstore");
- if (MiscUtil.isNotEmpty(dir))
- return FileUtils.makeAbsoluteURL(dir, configRootDir);
-
- else
- throw new ConfigurationException("No SSLCertStore configured use default JAVA TrustStore.");
-
- }
-
- public String getTrustStoreDirectory() throws ConfigurationException {
- String dir = props.getProperty("general.ssl.truststore");
- if (MiscUtil.isNotEmpty(dir))
- return FileUtils.makeAbsoluteURL(dir, configRootDir);
-
- else
- throw new ConfigurationException("No SSLTrustStore configured use default JAVA TrustStore.");
-
- }
-
- public String getConfigurationEncryptionKey() {
- return props.getProperty("general.moaconfig.key");
-
- }
-
- public boolean isPVPMetadataSchemaValidationActive() {
- return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true"));
-
- }
-
- /**
- * @return
- */
- private boolean isHostNameValidationEnabled() {
- return Boolean.parseBoolean(props.getProperty("general.ssl.hostnamevalidation", "true"));
-
- }
-
- /**
- * @return the context
- */
- public ApplicationContext getContext() {
- return context;
- }
-
- /**
- * @return the configModule
- */
- public MOAIDConfigurationModul getConfigModule() {
- return configModule;
- }
-
-
-
- /**
- * @return the dbRead
- */
- public NewConfigurationDBRead getDbRead() {
- return deprecatedDBRead;
- }
-
- private void initalPVP2Login() throws ConfigurationException {
- try {
-
- String metadataCert = getPVP2IDPMetadataCertificate();
- if (MiscUtil.isEmpty(metadataCert)) {
- log.info("NO IDP Certificate to verify IDP Metadata");
- throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata");
- }
-
- URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir())));
- InputStream certstream = keystoreURL.openStream();
- X509Certificate cert = new X509Certificate(certstream);
- BasicX509Credential idpCredential = new BasicX509Credential();
- idpCredential.setEntityCertificate(cert);
-
- log.debug("IDP Certificate loading finished");
-
- String metadataurl = getPVP2IDPMetadataURL();
- if (MiscUtil.isEmpty(metadataurl)) {
- log.info("NO IDP Metadata URL.");
- throw new ConfigurationException("NO IDP Metadata URL.");
- }
-
- MOAHttpClient httpClient = new MOAHttpClient();
-
- if (metadataurl.startsWith("https:")) {
- try {
- MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- "MOAMetaDataProvider",
- true,
- ConfigurationProvider.getInstance().getCertStoreDirectory(),
- ConfigurationProvider.getInstance().getTrustStoreDirectory(),
- null,
- "pkix",
- true,
- new String[]{"crl"},
- ConfigurationProvider.getInstance().isHostNameValidationEnabled());
-
- httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory);
-
- } catch (MOAHttpProtocolSocketFactoryException e) {
- log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.");
-
- }
- }
-
- idpMetadataProvider = new HTTPMetadataProvider(new Timer(true), httpClient, metadataurl);
- idpMetadataProvider.setRequireValidMetadata(true);
- idpMetadataProvider.setParserPool(new BasicParserPool());
- idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential));
- idpMetadataProvider.setMaxRefreshDelay(1000 * 3600 * 12 ); //refresh Metadata every 12h
- idpMetadataProvider.initialize();
-
- pvp2logininitialzied = true;
-
- } catch (Exception e) {
- log.warn("PVP2 authentification can not be initialized.");
- throw new ConfigurationException("error.initialization.pvplogin", e);
- }
- }
-
- private String parseVersionFromManifest() {
-
-
-
- try {
- Class clazz = ConfigurationProvider.class;
- String className = clazz.getSimpleName() + ".class";
- String classPath = clazz.getResource(className).toString();
-
- if (classPath.startsWith("jar")) {
- log.info("MOA-ID-Configuration Version can NOT parsed from Manifest. Set blank Version");
- return Constants.DEFAULT_VERSION;
-
- }
-
- String manifestPath = classPath.substring(0, classPath.lastIndexOf("WEB-INF/classes/") + "WEB-INF/classes/".length()) +
- "../../META-INF/MANIFEST.MF";
-
- Manifest manifest = new Manifest(new URL(manifestPath).openStream());;
-
- Attributes attributes = manifest.getMainAttributes();
- String version = attributes.getValue("version");
-
- if (MiscUtil.isNotEmpty(version))
- return version;
-
- else {
- log.info("MOA-ID-Configuration Version not found in Manifest. Set blank Version");
- return Constants.DEFAULT_VERSION;
-
- }
-
- } catch (Throwable e) {
- log.info("MOA-ID Version can NOT parsed from Manifest. Set blank Version");
-
- return Constants.DEFAULT_VERSION;
- }
-
-
- }
+
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
index ca0bb8ac4..a45bec654 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java
@@ -34,8 +34,6 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
@@ -52,821 +50,815 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class FormularCustomization implements IOnlineApplicationData {
- private static final Logger log = Logger.getLogger(FormularCustomization.class);
-
- private boolean showMandateLoginButton = true;
- private boolean onlyMandateAllowed = false;
-
- private String fontType = null;
-
- private String frontColor = null;
- private String backGroundColor = null;
- private String header_FrontColor = null;
- private String header_BackGroundColor = null;
- private String header_text = null;
- private String button_BackGroundColor = null;
- private String button_BackGroundColorFocus = null;
- private String button_FrontColor = null;
- private String applet_height = null;
- private String applet_width = null;
-
- private Map<String, String> map = null;
-
- private String appletRedirectTarget = null;
- public static List<String> appletRedirectTargetList = null;
-
- public static List<String> fontTypeList = null;
- public String fontTypeListValue = null;
-
- private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>();
- private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>();
-
- private List<File> bkuSelectionFileUpload = null;
- private List<String> bkuSelectionFileUploadContentType = null;
- private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>();
- private boolean deleteBKUTemplate = false;
-
- private List<File> sendAssertionFileUpload = null;
- private List<String> sendAssertionFileUploadContentType = null;
- private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();;
- private boolean deleteSendAssertionTemplate = false;
-
- private String aditionalAuthBlockText = null;
- private boolean isHideBPKAuthBlock = false;
-
- private String saml2PostBindingTemplate = null;
- private String mandateServiceSelectionTemplate = null;
-
- public FormularCustomization() {
- new FormularCustomization(null);
- }
-
- public FormularCustomization(Map<String, String> map) {
- appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top");
- fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman");
- Collections.sort(fontTypeList);
-
- if (map == null)
- this.map = FormBuildUtils.getDefaultMap();
- else
- this.map = map;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OAFormularCustomization";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
- AuthComponentOA auth = dbOA.getAuthComponentOA();
-
- mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL();
- saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL();
-
- if (dbOA.getAuthComponentOA() != null)
- isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock();
-
- if (auth != null) {
- TemplatesType templates = auth.getTemplates();
-
- if (templates != null) {
- aditionalAuthBlockText = templates.getAditionalAuthBlockText();
-
- TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate();
- if (bkuSelectTemplate != null
- && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())
- && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)
- && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) {
- bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename());
- }
-
- TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate();
- if (sendAssertionTemplate != null
- && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())
- && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)
- && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) {
- sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename());
- }
-
- BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization();
- if (formcustom != null) {
-
- if (formcustom.isMandateLoginButton() != null) {
- showMandateLoginButton = formcustom.isMandateLoginButton();
- }
-
- if (formcustom.isOnlyMandateLoginAllowed() != null) {
- onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed();
- }
-
- if (formcustom.getAppletHeight() != null) {
- applet_height = formcustom.getAppletHeight();
- }
-
- if (formcustom.getAppletHeight() != null) {
- applet_width = formcustom.getAppletWidth();
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget()))
- appletRedirectTarget = formcustom.getAppletRedirectTarget();
-
- if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) {
- backGroundColor = formcustom.getBackGroundColor();
- map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) {
- button_BackGroundColor = formcustom.getButtonBackGroundColor();
- map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) {
- button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus();
- map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom.getButtonBackGroundColorFocus());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) {
- button_FrontColor = formcustom.getButtonFontColor();
- map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getFontType())) {
- fontType = formcustom.getFontType();
- map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) {
- frontColor = formcustom.getFrontColor();
- map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) {
- header_BackGroundColor = formcustom.getHeaderBackGroundColor();
- map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) {
- header_FrontColor = formcustom.getHeaderFrontColor();
- map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor());
- }
-
- if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) {
- header_text = formcustom.getHeaderText();
- map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText());
- }
- }
- }
- }
-
- request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map);
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
-
- AuthComponentOA authoa = dbOA.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dbOA.setAuthComponentOA(authoa);
- }
-
- dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock());
-
- dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate);
- dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate);
-
- TemplatesType templates = authoa.getTemplates();
- if (templates == null) {
- templates = new TemplatesType();
- authoa.setTemplates(templates);
- }
-
- templates.setAditionalAuthBlockText(getAditionalAuthBlockText());
-
- //store BKU-selection and send-assertion templates
- if (authUser.isAdmin()) {
-
- if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) {
- //templates.setBKUSelectionTemplate(null);
- templates.getBKUSelectionTemplate().setDelete(true);
- }
-
- if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) {
- //templates.setSendAssertionTemplate(null);
- templates.getSendAssertionTemplate().setDelete(true);
- }
-
-
- if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) {
- TransformsInfoType template = new TransformsInfoType();
-
- Iterator<String> interator = bkuSelectionForm.keySet().iterator();
- template.setFilename(interator.next());
- template.setTransformation(bkuSelectionForm.get(
- template.getFilename()));
-
- templates.setBKUSelectionTemplate(template);
- }
-
- if (sendAssertionForm != null && sendAssertionForm.size() > 0) {
- TransformsInfoType template = new TransformsInfoType();
-
- Iterator<String> interator = sendAssertionForm.keySet().iterator();
- template.setFilename(interator.next());
- template.setTransformation(sendAssertionForm.get(
- template.getFilename()));
-
- templates.setSendAssertionTemplate(template);
- }
+ private boolean showMandateLoginButton = true;
+ private boolean onlyMandateAllowed = false;
+
+ private String fontType = null;
+
+ private String frontColor = null;
+ private String backGroundColor = null;
+ private String header_FrontColor = null;
+ private String header_BackGroundColor = null;
+ private String header_text = null;
+ private String button_BackGroundColor = null;
+ private String button_BackGroundColorFocus = null;
+ private String button_FrontColor = null;
+ private String applet_height = null;
+ private String applet_width = null;
+
+ private Map<String, String> map = null;
+
+ private String appletRedirectTarget = null;
+ public static List<String> appletRedirectTargetList = null;
+
+ public static List<String> fontTypeList = null;
+ public String fontTypeListValue = null;
+
+ private Map<String, byte[]> sendAssertionForm = new HashMap<>();
+ private Map<String, byte[]> bkuSelectionForm = new HashMap<>();
+
+ private List<File> bkuSelectionFileUpload = null;
+ private List<String> bkuSelectionFileUploadContentType = null;
+ private List<String> bkuSelectionFileUploadFileName = new ArrayList<>();
+ private boolean deleteBKUTemplate = false;
+
+ private List<File> sendAssertionFileUpload = null;
+ private List<String> sendAssertionFileUploadContentType = null;
+ private List<String> sendAssertionFileUploadFileName = new ArrayList<>();
+ private boolean deleteSendAssertionTemplate = false;
+
+ private String aditionalAuthBlockText = null;
+ private boolean isHideBPKAuthBlock = false;
+
+ private String saml2PostBindingTemplate = null;
+ private String mandateServiceSelectionTemplate = null;
+
+ public FormularCustomization() {
+ new FormularCustomization(null);
+ }
+
+ public FormularCustomization(Map<String, String> map) {
+ appletRedirectTargetList = Arrays.asList("", "_blank", "_self", "_parent", "_top");
+ fontTypeList = Arrays.asList("", "Verdana", "Geneva", "Arial", "Helvetica", "sans-serif",
+ "Times New Roman");
+ Collections.sort(fontTypeList);
+
+ if (map == null) {
+ this.map = FormBuildUtils.getDefaultMap();
+ } else {
+ this.map = map;
+ }
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OAFormularCustomization";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ final AuthComponentOA auth = dbOA.getAuthComponentOA();
+
+ mandateServiceSelectionTemplate = dbOA.getMandateServiceSelectionTemplateURL();
+ saml2PostBindingTemplate = dbOA.getSaml2PostBindingTemplateURL();
+
+ if (dbOA.getAuthComponentOA() != null) {
+ isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock();
+ }
+
+ if (auth != null) {
+ final TemplatesType templates = auth.getTemplates();
+
+ if (templates != null) {
+ aditionalAuthBlockText = templates.getAditionalAuthBlockText();
+
+ final TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate();
+ if (bkuSelectTemplate != null
+ && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())
+ && !bkuSelectTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)
+ && !bkuSelectTemplate.getFilename().equals(
+ MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) {
+ bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename());
}
-
- BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization();
- if (bkuselectioncustom == null) {
- bkuselectioncustom = new BKUSelectionCustomizationType();
- templates.setBKUSelectionCustomization(bkuselectioncustom);
+
+ final TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate();
+ if (sendAssertionTemplate != null
+ && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())
+ && !sendAssertionTemplate.getFilename().equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)
+ && !sendAssertionTemplate.getFilename().equals(
+ MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT_EMPTY)) {
+ sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename());
}
-
- if (authoa.getMandates() != null &&
- ((authoa.getMandates().getProfileName() != null
- && authoa.getMandates().getProfileName().size() > 0)
- || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles())))
-
- bkuselectioncustom.setMandateLoginButton(true);
- else
- bkuselectioncustom.setMandateLoginButton(false);
-
- bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed());
-
- bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor()));
- bkuselectioncustom.setFrontColor(parseColor(getFrontColor()));
-
- bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor()));
- bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor()));
- bkuselectioncustom.setHeaderText(getHeader_text());
-
- bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor()));
- bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus()));
- bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor()));
-
- if (MiscUtil.isNotEmpty(getAppletRedirectTarget()))
- bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget());
-
- bkuselectioncustom.setFontType(getFontType());
-
- bkuselectioncustom.setAppletHeight(getApplet_height());
- bkuselectioncustom.setAppletWidth(getApplet_width());
-
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
-
- HttpSession session = request.getSession();
- List<String> errors = new ArrayList<String>();
-
- String check = null;
- if (authUser.isAdmin()) {
- //validate aditionalAuthBlockText
- check = getAditionalAuthBlockText();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
- }
-
- OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
- //validate BKU-selection template
- List<String> templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName()
- , getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request);
- if (templateError != null && templateError.size() == 0) {
- if (bkuSelectionForm != null && bkuSelectionForm.size() > 0)
- session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm);
-
- else
- bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
-
- } else {
- errors.addAll(templateError);
+ final BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization();
+ if (formcustom != null) {
+
+ if (formcustom.isMandateLoginButton() != null) {
+ showMandateLoginButton = formcustom.isMandateLoginButton();
+ }
+
+ if (formcustom.isOnlyMandateLoginAllowed() != null) {
+ onlyMandateAllowed = formcustom.isOnlyMandateLoginAllowed();
+ }
+
+ if (formcustom.getAppletHeight() != null) {
+ applet_height = formcustom.getAppletHeight();
+ }
+
+ if (formcustom.getAppletHeight() != null) {
+ applet_width = formcustom.getAppletWidth();
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getAppletRedirectTarget())) {
+ appletRedirectTarget = formcustom.getAppletRedirectTarget();
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getBackGroundColor())) {
+ backGroundColor = formcustom.getBackGroundColor();
+ map.put(FormBuildUtils.PARAM_MAIN_BACKGROUNDCOLOR, formcustom.getBackGroundColor());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColor())) {
+ button_BackGroundColor = formcustom.getButtonBackGroundColor();
+ map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR, formcustom.getButtonBackGroundColor());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getButtonBackGroundColorFocus())) {
+ button_BackGroundColorFocus = formcustom.getButtonBackGroundColorFocus();
+ map.put(FormBuildUtils.PARAM_BUTTON_BACKGROUNDCOLOR_FOCUS, formcustom
+ .getButtonBackGroundColorFocus());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getButtonFontColor())) {
+ button_FrontColor = formcustom.getButtonFontColor();
+ map.put(FormBuildUtils.PARAM_BUTTON_COLOR, formcustom.getButtonFontColor());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getFontType())) {
+ fontType = formcustom.getFontType();
+ map.put(FormBuildUtils.PARAM_FONTFAMILY, formcustom.getFontType());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getFrontColor())) {
+ frontColor = formcustom.getFrontColor();
+ map.put(FormBuildUtils.PARAM_MAIN_COLOR, formcustom.getFrontColor());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getHeaderBackGroundColor())) {
+ header_BackGroundColor = formcustom.getHeaderBackGroundColor();
+ map.put(FormBuildUtils.PARAM_HEADER_BACKGROUNDCOLOR, formcustom.getHeaderBackGroundColor());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getHeaderFrontColor())) {
+ header_FrontColor = formcustom.getHeaderFrontColor();
+ map.put(FormBuildUtils.PARAM_HEADER_COLOR, formcustom.getHeaderFrontColor());
+ }
+
+ if (MiscUtil.isNotEmpty(formcustom.getHeaderText())) {
+ header_text = formcustom.getHeaderText();
+ map.put(FormBuildUtils.PARAM_HEADER_TEXT, formcustom.getHeaderText());
+ }
}
+ }
+ }
+
+ request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map);
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
- //validate send-assertion template
- templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName()
- , getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request);
- if (templateError != null && templateError.size() == 0) {
- if (sendAssertionForm != null && sendAssertionForm.size() > 0)
- session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm);
+ dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock());
- else
- sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE);
+ dbOA.setMandateServiceSelectionTemplateURL(mandateServiceSelectionTemplate);
+ dbOA.setSaml2PostBindingTemplateURL(saml2PostBindingTemplate);
- } else {
- errors.addAll(templateError);
+ TemplatesType templates = authoa.getTemplates();
+ if (templates == null) {
+ templates = new TemplatesType();
+ authoa.setTemplates(templates);
+ }
- }
-
- check = getSaml2PostBindingTemplate();
- if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
- log.info("URL to SAML2 POST-Binding template is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid", request));
-
- }
-
- check = getMandateServiceSelectionTemplate();
- if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
- log.info("URL to mandate-service selection-template is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid", request));
-
- }
-
-
- //validate BKUFormCustomization
- errors.addAll(new FormularCustomizationValitator().validate(this, request));
-
- return errors;
- }
-
- private String parseColor(String color) {
- String value = "";
-
- if (MiscUtil.isNotEmpty(color)) {
- if (!color.startsWith("#"))
- value = "#" + color;
- else
- value = color;
- }
- return value;
+ templates.setAditionalAuthBlockText(getAditionalAuthBlockText());
+
+ // store BKU-selection and send-assertion templates
+ if (authUser.isAdmin()) {
+
+ if (isDeleteBKUTemplate() && templates.getBKUSelectionTemplate() != null) {
+ // templates.setBKUSelectionTemplate(null);
+ templates.getBKUSelectionTemplate().setDelete(true);
+ }
+
+ if (isDeleteSendAssertionTemplate() && templates.getSendAssertionTemplate() != null) {
+ // templates.setSendAssertionTemplate(null);
+ templates.getSendAssertionTemplate().setDelete(true);
+ }
+
+ if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) {
+ final TransformsInfoType template = new TransformsInfoType();
+
+ final Iterator<String> interator = bkuSelectionForm.keySet().iterator();
+ template.setFilename(interator.next());
+ template.setTransformation(bkuSelectionForm.get(
+ template.getFilename()));
+
+ templates.setBKUSelectionTemplate(template);
+ }
+
+ if (sendAssertionForm != null && sendAssertionForm.size() > 0) {
+ final TransformsInfoType template = new TransformsInfoType();
+
+ final Iterator<String> interator = sendAssertionForm.keySet().iterator();
+ template.setFilename(interator.next());
+ template.setTransformation(sendAssertionForm.get(
+ template.getFilename()));
+
+ templates.setSendAssertionTemplate(template);
+ }
}
- /**
- * @return the showMandateLoginButton
- */
- public boolean isShowMandateLoginButton() {
- return showMandateLoginButton;
- }
+ BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization();
+ if (bkuselectioncustom == null) {
+ bkuselectioncustom = new BKUSelectionCustomizationType();
+ templates.setBKUSelectionCustomization(bkuselectioncustom);
+ }
+
+ if (authoa.getMandates() != null &&
+ (authoa.getMandates().getProfileName() != null
+ && authoa.getMandates().getProfileName().size() > 0
+ || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles()))) {
+ bkuselectioncustom.setMandateLoginButton(true);
+ } else {
+ bkuselectioncustom.setMandateLoginButton(false);
+ }
+ bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed());
- /**
- * @param showMandateLoginButton the showMandateLoginButton to set
- */
- public void setShowMandateLoginButton(boolean showMandateLoginButton) {
- this.showMandateLoginButton = showMandateLoginButton;
- }
+ bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor()));
+ bkuselectioncustom.setFrontColor(parseColor(getFrontColor()));
+ bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor()));
+ bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor()));
+ bkuselectioncustom.setHeaderText(getHeader_text());
- /**
- * @return the onlyMandateAllowed
- */
- public boolean isOnlyMandateAllowed() {
- return onlyMandateAllowed;
- }
+ bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor()));
+ bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus()));
+ bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor()));
+ if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) {
+ bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget());
+ }
+
+ bkuselectioncustom.setFontType(getFontType());
+
+ bkuselectioncustom.setAppletHeight(getApplet_height());
+ bkuselectioncustom.setAppletWidth(getApplet_width());
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ final HttpSession session = request.getSession();
+ final List<String> errors = new ArrayList<>();
+
+ String check = null;
+ if (authUser.isAdmin()) {
+ // validate aditionalAuthBlockText
+ check = getAditionalAuthBlockText();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+ }
- /**
- * @param onlyMandateAllowed the onlyMandateAllowed to set
- */
- public void setOnlyMandateAllowed(boolean onlyMandateAllowed) {
- this.onlyMandateAllowed = onlyMandateAllowed;
- }
+ final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
+ // validate BKU-selection template
+ List<String> templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName(),
+ getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request);
+ if (templateError != null && templateError.size() == 0) {
+ if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) {
+ session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm);
+ } else {
+ bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
+ }
+ } else {
+ errors.addAll(templateError);
- /**
- * @return the fontType
- */
- public String getFontType() {
- return fontType;
- }
+ }
+ // validate send-assertion template
+ templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName(),
+ getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request);
+ if (templateError != null && templateError.size() == 0) {
+ if (sendAssertionForm != null && sendAssertionForm.size() > 0) {
+ session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm);
+ } else {
+ sendAssertionForm = (Map<String, byte[]>) session.getAttribute(
+ Constants.SESSION_SENDASSERTIONTEMPLATE);
+ }
- /**
- * @param fontType the fontType to set
- */
- public void setFontType(String fontType) {
- this.fontType = fontType;
- }
+ } else {
+ errors.addAll(templateError);
+ }
- /**
- * @return the frontColor
- */
- public String getFrontColor() {
- return frontColor;
- }
+ check = getSaml2PostBindingTemplate();
+ if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("URL to SAML2 POST-Binding template is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.templates.saml2.postbinding.valid",
+ request));
+ }
- /**
- * @param frontColor the frontColor to set
- */
- public void setFrontColor(String frontColor) {
- this.frontColor = frontColor;
- }
+ check = getMandateServiceSelectionTemplate();
+ if (MiscUtil.isNotEmpty(check) && ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("URL to mandate-service selection-template is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.templates.mandateserviceselection.valid",
+ request));
+ }
- /**
- * @return the backGroundColor
- */
- public String getBackGroundColor() {
- return backGroundColor;
- }
+ // validate BKUFormCustomization
+ errors.addAll(new FormularCustomizationValitator().validate(this, request));
+ return errors;
+ }
- /**
- * @param backGroundColor the backGroundColor to set
- */
- public void setBackGroundColor(String backGroundColor) {
- this.backGroundColor = backGroundColor;
- }
+ private String parseColor(String color) {
+ String value = "";
+ if (MiscUtil.isNotEmpty(color)) {
+ if (!color.startsWith("#")) {
+ value = "#" + color;
+ } else {
+ value = color;
+ }
+ }
+ return value;
+ }
+
+ /**
+ * @return the showMandateLoginButton
+ */
+ public boolean isShowMandateLoginButton() {
+ return showMandateLoginButton;
+ }
+
+ /**
+ * @param showMandateLoginButton the showMandateLoginButton to set
+ */
+ public void setShowMandateLoginButton(boolean showMandateLoginButton) {
+ this.showMandateLoginButton = showMandateLoginButton;
+ }
+
+ /**
+ * @return the onlyMandateAllowed
+ */
+ public boolean isOnlyMandateAllowed() {
+ return onlyMandateAllowed;
+ }
+
+ /**
+ * @param onlyMandateAllowed the onlyMandateAllowed to set
+ */
+ public void setOnlyMandateAllowed(boolean onlyMandateAllowed) {
+ this.onlyMandateAllowed = onlyMandateAllowed;
+ }
+
+ /**
+ * @return the fontType
+ */
+ public String getFontType() {
+ return fontType;
+ }
+
+ /**
+ * @param fontType the fontType to set
+ */
+ public void setFontType(String fontType) {
+ this.fontType = fontType;
+ }
+
+ /**
+ * @return the frontColor
+ */
+ public String getFrontColor() {
+ return frontColor;
+ }
+
+ /**
+ * @param frontColor the frontColor to set
+ */
+ public void setFrontColor(String frontColor) {
+ this.frontColor = frontColor;
+ }
+
+ /**
+ * @return the backGroundColor
+ */
+ public String getBackGroundColor() {
+ return backGroundColor;
+ }
+
+ /**
+ * @param backGroundColor the backGroundColor to set
+ */
+ public void setBackGroundColor(String backGroundColor) {
+ this.backGroundColor = backGroundColor;
+ }
+
+ /**
+ * @return the header_FrontColor
+ */
+ public String getHeader_FrontColor() {
+ return header_FrontColor;
+ }
+
+ /**
+ * @param header_FrontColor the header_FrontColor to set
+ */
+ public void setHeader_FrontColor(String header_FrontColor) {
+ this.header_FrontColor = header_FrontColor;
+ }
+
+ /**
+ * @return the header_BackGroundColor
+ */
+ public String getHeader_BackGroundColor() {
+ return header_BackGroundColor;
+ }
+
+ /**
+ * @param header_BackGroundColor the header_BackGroundColor to set
+ */
+ public void setHeader_BackGroundColor(String header_BackGroundColor) {
+ this.header_BackGroundColor = header_BackGroundColor;
+ }
+
+ /**
+ * @return the header_text
+ */
+ public String getHeader_text() {
+ return header_text;
+ }
+
+ /**
+ * @param header_text the header_text to set
+ */
+ public void setHeader_text(String header_text) {
+ this.header_text = header_text;
+ }
+
+ /**
+ * @return the button_BackGroundColor
+ */
+ public String getButton_BackGroundColor() {
+ return button_BackGroundColor;
+ }
+
+ /**
+ * @param button_BackGroundColor the button_BackGroundColor to set
+ */
+ public void setButton_BackGroundColor(String button_BackGroundColor) {
+ this.button_BackGroundColor = button_BackGroundColor;
+ }
+
+ /**
+ * @return the button_BackGroundColorFocus
+ */
+ public String getButton_BackGroundColorFocus() {
+ return button_BackGroundColorFocus;
+ }
+
+ /**
+ * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set
+ */
+ public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) {
+ this.button_BackGroundColorFocus = button_BackGroundColorFocus;
+ }
+
+ /**
+ * @return the button_FrontColor
+ */
+ public String getButton_FrontColor() {
+ return button_FrontColor;
+ }
+
+ /**
+ * @param button_FrontColor the button_FrontColor to set
+ */
+ public void setButton_FrontColor(String button_FrontColor) {
+ this.button_FrontColor = button_FrontColor;
+ }
+
+ /**
+ * @return the appletRedirectTarget
+ */
+ public String getAppletRedirectTarget() {
+ return appletRedirectTarget;
+ }
+
+ /**
+ * @param appletRedirectTarget the appletRedirectTarget to set
+ */
+ public void setAppletRedirectTarget(String appletRedirectTarget) {
+ this.appletRedirectTarget = appletRedirectTarget;
+ }
+
+ /**
+ * @return the appletredirecttargetlist
+ */
+ public List<String> getAppletRedirectTargetList() {
+ return appletRedirectTargetList;
+ }
+
+ /**
+ * @return the fontTypeList
+ */
+ public List<String> getFontTypeList() {
+ return fontTypeList;
+ }
+
+ /**
+ * @return the fontTypeListValue
+ */
+ public String getFontTypeListValue() {
+ return fontTypeListValue;
+ }
+
+ /**
+ * @param fontTypeListValue the fontTypeListValue to set
+ */
+ public void setFontTypeListValue(String fontTypeListValue) {
+ this.fontTypeListValue = fontTypeListValue;
+ }
+
+ /**
+ * @return the applet_height
+ */
+ public String getApplet_height() {
+ return applet_height;
+ }
+
+ /**
+ * @param applet_height the applet_height to set
+ */
+ public void setApplet_height(String applet_height) {
+ this.applet_height = applet_height;
+ }
+
+ /**
+ * @return the applet_width
+ */
+ public String getApplet_width() {
+ return applet_width;
+ }
+
+ /**
+ * @param applet_width the applet_width to set
+ */
+ public void setApplet_width(String applet_width) {
+ this.applet_width = applet_width;
+ }
+
+ /**
+ * @return the bkuSelectionFileUpload
+ */
+ public List<File> getBkuSelectionFileUpload() {
+ return bkuSelectionFileUpload;
+ }
+
+ /**
+ * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set
+ */
+ public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) {
+ this.bkuSelectionFileUpload = bkuSelectionFileUpload;
+ }
+
+ /**
+ * @return the bkuSelectionFileUploadContentType
+ */
+ public List<String> getBkuSelectionFileUploadContentType() {
+ return bkuSelectionFileUploadContentType;
+ }
+
+ /**
+ * @param bkuSelectionFileUploadContentType the
+ * bkuSelectionFileUploadContentType to
+ * set
+ */
+ public void setBkuSelectionFileUploadContentType(
+ List<String> bkuSelectionFileUploadContentType) {
+ this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType;
+ }
+
+ /**
+ * @return the bkuSelectionFileUploadFileName
+ */
+ public List<String> getBkuSelectionFileUploadFileName() {
+ return bkuSelectionFileUploadFileName;
+ }
+
+ /**
+ * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to
+ * set
+ */
+ public void setBkuSelectionFileUploadFileName(
+ List<String> bkuSelectionFileUploadFileName) {
+ this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName;
+ }
+
+ /**
+ * @return the sendAssertionFileUpload
+ */
+ public List<File> getSendAssertionFileUpload() {
+ return sendAssertionFileUpload;
+ }
+
+ /**
+ * @param sendAssertionFileUpload the sendAssertionFileUpload to set
+ */
+ public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) {
+ this.sendAssertionFileUpload = sendAssertionFileUpload;
+ }
+
+ /**
+ * @return the sendAssertionFileUploadContentType
+ */
+ public List<String> getSendAssertionFileUploadContentType() {
+ return sendAssertionFileUploadContentType;
+ }
+
+ /**
+ * @param sendAssertionFileUploadContentType the
+ * sendAssertionFileUploadContentType
+ * to set
+ */
+ public void setSendAssertionFileUploadContentType(
+ List<String> sendAssertionFileUploadContentType) {
+ this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType;
+ }
+
+ /**
+ * @return the sendAssertionFileUploadFileName
+ */
+ public List<String> getSendAssertionFileUploadFileName() {
+ return sendAssertionFileUploadFileName;
+ }
+
+ /**
+ * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to
+ * set
+ */
+ public void setSendAssertionFileUploadFileName(
+ List<String> sendAssertionFileUploadFileName) {
+ this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName;
+ }
+
+ /**
+ * @return the deleteBKUTemplate
+ */
+ public boolean isDeleteBKUTemplate() {
+ return deleteBKUTemplate;
+ }
+
+ /**
+ * @param deleteBKUTemplate the deleteBKUTemplate to set
+ */
+ public void setDeleteBKUTemplate(boolean deleteBKUTemplate) {
+ this.deleteBKUTemplate = deleteBKUTemplate;
+ }
+
+ /**
+ * @return the deleteSendAssertionTemplate
+ */
+ public boolean isDeleteSendAssertionTemplate() {
+ return deleteSendAssertionTemplate;
+ }
+
+ /**
+ * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set
+ */
+ public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) {
+ this.deleteSendAssertionTemplate = deleteSendAssertionTemplate;
+ }
+
+ /**
+ * @return the aditionalAuthBlockText
+ */
+ public String getAditionalAuthBlockText() {
+ return aditionalAuthBlockText;
+ }
+
+ /**
+ * @param aditionalAuthBlockText the aditionalAuthBlockText to set
+ */
+ public void setAditionalAuthBlockText(String aditionalAuthBlockText) {
+ this.aditionalAuthBlockText = aditionalAuthBlockText;
+ }
+
+ /**
+ * @return the isHideBPKAuthBlock
+ */
+ public boolean isHideBPKAuthBlock() {
+ return isHideBPKAuthBlock;
+ }
+
+ /**
+ * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set
+ */
+ public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) {
+ this.isHideBPKAuthBlock = isHideBPKAuthBlock;
+ }
+
+ /**
+ * @return the map
+ */
+ public Map<String, String> getFormMap() {
+ return map;
+ }
+
+ /**
+ * @return the saml2PostBindingTemplate
+ */
+ public String getSaml2PostBindingTemplate() {
+ return saml2PostBindingTemplate;
+ }
+
+ /**
+ * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set
+ */
+ public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) {
+ this.saml2PostBindingTemplate = saml2PostBindingTemplate;
+ }
+
+ /**
+ * @return the mandateServiceSelectionTemplate
+ */
+ public String getMandateServiceSelectionTemplate() {
+ return mandateServiceSelectionTemplate;
+ }
+
+ /**
+ * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to
+ * set
+ */
+ public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) {
+ this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate;
+ }
- /**
- * @return the header_FrontColor
- */
- public String getHeader_FrontColor() {
- return header_FrontColor;
- }
-
-
- /**
- * @param header_FrontColor the header_FrontColor to set
- */
- public void setHeader_FrontColor(String header_FrontColor) {
- this.header_FrontColor = header_FrontColor;
- }
-
-
- /**
- * @return the header_BackGroundColor
- */
- public String getHeader_BackGroundColor() {
- return header_BackGroundColor;
- }
-
-
- /**
- * @param header_BackGroundColor the header_BackGroundColor to set
- */
- public void setHeader_BackGroundColor(String header_BackGroundColor) {
- this.header_BackGroundColor = header_BackGroundColor;
- }
-
-
- /**
- * @return the header_text
- */
- public String getHeader_text() {
- return header_text;
- }
-
-
- /**
- * @param header_text the header_text to set
- */
- public void setHeader_text(String header_text) {
- this.header_text = header_text;
- }
-
-
- /**
- * @return the button_BackGroundColor
- */
- public String getButton_BackGroundColor() {
- return button_BackGroundColor;
- }
-
-
- /**
- * @param button_BackGroundColor the button_BackGroundColor to set
- */
- public void setButton_BackGroundColor(String button_BackGroundColor) {
- this.button_BackGroundColor = button_BackGroundColor;
- }
-
-
- /**
- * @return the button_BackGroundColorFocus
- */
- public String getButton_BackGroundColorFocus() {
- return button_BackGroundColorFocus;
- }
-
-
- /**
- * @param button_BackGroundColorFocus the button_BackGroundColorFocus to set
- */
- public void setButton_BackGroundColorFocus(String button_BackGroundColorFocus) {
- this.button_BackGroundColorFocus = button_BackGroundColorFocus;
- }
-
-
- /**
- * @return the button_FrontColor
- */
- public String getButton_FrontColor() {
- return button_FrontColor;
- }
-
-
- /**
- * @param button_FrontColor the button_FrontColor to set
- */
- public void setButton_FrontColor(String button_FrontColor) {
- this.button_FrontColor = button_FrontColor;
- }
-
-
- /**
- * @return the appletRedirectTarget
- */
- public String getAppletRedirectTarget() {
- return appletRedirectTarget;
- }
-
- /**
- * @param appletRedirectTarget the appletRedirectTarget to set
- */
- public void setAppletRedirectTarget(String appletRedirectTarget) {
- this.appletRedirectTarget = appletRedirectTarget;
- }
-
-
- /**
- * @return the appletredirecttargetlist
- */
- public List<String> getAppletRedirectTargetList() {
- return appletRedirectTargetList;
- }
-
- /**
- * @return the fontTypeList
- */
- public List<String> getFontTypeList() {
- return fontTypeList;
- }
-
- /**
- * @return the fontTypeListValue
- */
- public String getFontTypeListValue() {
- return fontTypeListValue;
- }
-
- /**
- * @param fontTypeListValue the fontTypeListValue to set
- */
- public void setFontTypeListValue(String fontTypeListValue) {
- this.fontTypeListValue = fontTypeListValue;
- }
-
- /**
- * @return the applet_height
- */
- public String getApplet_height() {
- return applet_height;
- }
-
- /**
- * @param applet_height the applet_height to set
- */
- public void setApplet_height(String applet_height) {
- this.applet_height = applet_height;
- }
-
- /**
- * @return the applet_width
- */
- public String getApplet_width() {
- return applet_width;
- }
-
- /**
- * @param applet_width the applet_width to set
- */
- public void setApplet_width(String applet_width) {
- this.applet_width = applet_width;
- }
-
-
-
- /**
- * @return the bkuSelectionFileUpload
- */
- public List<File> getBkuSelectionFileUpload() {
- return bkuSelectionFileUpload;
- }
-
-
- /**
- * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set
- */
- public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) {
- this.bkuSelectionFileUpload = bkuSelectionFileUpload;
- }
-
-
- /**
- * @return the bkuSelectionFileUploadContentType
- */
- public List<String> getBkuSelectionFileUploadContentType() {
- return bkuSelectionFileUploadContentType;
- }
-
-
- /**
- * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set
- */
- public void setBkuSelectionFileUploadContentType(
- List<String> bkuSelectionFileUploadContentType) {
- this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType;
- }
-
-
- /**
- * @return the bkuSelectionFileUploadFileName
- */
- public List<String> getBkuSelectionFileUploadFileName() {
- return bkuSelectionFileUploadFileName;
- }
-
-
- /**
- * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set
- */
- public void setBkuSelectionFileUploadFileName(
- List<String> bkuSelectionFileUploadFileName) {
- this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName;
- }
-
-
- /**
- * @return the sendAssertionFileUpload
- */
- public List<File> getSendAssertionFileUpload() {
- return sendAssertionFileUpload;
- }
-
-
- /**
- * @param sendAssertionFileUpload the sendAssertionFileUpload to set
- */
- public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) {
- this.sendAssertionFileUpload = sendAssertionFileUpload;
- }
-
-
- /**
- * @return the sendAssertionFileUploadContentType
- */
- public List<String> getSendAssertionFileUploadContentType() {
- return sendAssertionFileUploadContentType;
- }
-
-
- /**
- * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set
- */
- public void setSendAssertionFileUploadContentType(
- List<String> sendAssertionFileUploadContentType) {
- this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType;
- }
-
-
- /**
- * @return the sendAssertionFileUploadFileName
- */
- public List<String> getSendAssertionFileUploadFileName() {
- return sendAssertionFileUploadFileName;
- }
-
-
- /**
- * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set
- */
- public void setSendAssertionFileUploadFileName(
- List<String> sendAssertionFileUploadFileName) {
- this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName;
- }
-
-
- /**
- * @return the deleteBKUTemplate
- */
- public boolean isDeleteBKUTemplate() {
- return deleteBKUTemplate;
- }
-
-
- /**
- * @param deleteBKUTemplate the deleteBKUTemplate to set
- */
- public void setDeleteBKUTemplate(boolean deleteBKUTemplate) {
- this.deleteBKUTemplate = deleteBKUTemplate;
- }
-
-
- /**
- * @return the deleteSendAssertionTemplate
- */
- public boolean isDeleteSendAssertionTemplate() {
- return deleteSendAssertionTemplate;
- }
-
-
- /**
- * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set
- */
- public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) {
- this.deleteSendAssertionTemplate = deleteSendAssertionTemplate;
- }
-
- /**
- * @return the aditionalAuthBlockText
- */
- public String getAditionalAuthBlockText() {
- return aditionalAuthBlockText;
- }
-
- /**
- * @param aditionalAuthBlockText the aditionalAuthBlockText to set
- */
- public void setAditionalAuthBlockText(String aditionalAuthBlockText) {
- this.aditionalAuthBlockText = aditionalAuthBlockText;
- }
-
- /**
- * @return the isHideBPKAuthBlock
- */
- public boolean isHideBPKAuthBlock() {
- return isHideBPKAuthBlock;
- }
-
- /**
- * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set
- */
- public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) {
- this.isHideBPKAuthBlock = isHideBPKAuthBlock;
- }
-
- /**
- * @return the map
- */
- public Map<String, String> getFormMap() {
- return map;
- }
-
- /**
- * @return the saml2PostBindingTemplate
- */
- public String getSaml2PostBindingTemplate() {
- return saml2PostBindingTemplate;
- }
-
- /**
- * @param saml2PostBindingTemplate the saml2PostBindingTemplate to set
- */
- public void setSaml2PostBindingTemplate(String saml2PostBindingTemplate) {
- this.saml2PostBindingTemplate = saml2PostBindingTemplate;
- }
-
- /**
- * @return the mandateServiceSelectionTemplate
- */
- public String getMandateServiceSelectionTemplate() {
- return mandateServiceSelectionTemplate;
- }
-
- /**
- * @param mandateServiceSelectionTemplate the mandateServiceSelectionTemplate to set
- */
- public void setMandateServiceSelectionTemplate(String mandateServiceSelectionTemplate) {
- this.mandateServiceSelectionTemplate = mandateServiceSelectionTemplate;
- }
-
-
-
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
index 3929238f6..e7b4bfa3b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java
@@ -63,434 +63,444 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class GeneralMOAIDConfig {
- public static final long DEFAULTTIMEOUTASSERTION = 120; //sec
- public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; //sec
- public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; //sec
-
- public static final String LINE_DELIMITER = ";";
-
- private String alternativeSourceID = null;
+ public static final long DEFAULTTIMEOUTASSERTION = 120; // sec
+ public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; // sec
+ public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; // sec
+
+ public static final String LINE_DELIMITER = ";";
+
+ private String alternativeSourceID = null;
// private String certStoreDirectory = null;
- private boolean trustmanagerrevocationcheck = true;
-
- private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION);
- private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED);
- private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED);
-
- private String moaspssURL = null;
- private String moaspssAuthTrustProfile = null;
- private String moaspssAuthTransformations = "";
- private List<String> authTransformList = null;
- private String moaspssIdlTrustProfile = null;
-
- private String moaspssIdlTrustProfileTest = null;
- private String moaspssAuthTrustProfileTest = null;
-
- private String mandateURL = null;
- private String szrgwURL = null;
- private String elgaMandateServiceURL = null;
- private String eidSystemServiceURL = null;
-
- private boolean protocolActiveSAML1 = false;
- private boolean protocolActivePVP21 = true;
- private boolean protocolActiveOAuth = true;
-
- private boolean legacy_saml1 = false;
- private boolean legacy_pvp2 = false;
-
- private String saml1SourceID = null;
-
- private String pvp2IssuerName = null;
- private String pvp2OrgName = null;
- private String pvp2OrgDisplayName = null;
- private String pvp2OrgURL = null;
- private ContactForm pvp2Contact = null;
-
- private List<File> fileUpload = null;
- private List<String> fileUploadContentType;
- private List<String> fileUploadFileName = new ArrayList<String>();
- private Map<String, byte[]> secLayerTransformation = null;
-
- private String ssoTarget = null;
- private String ssoFriendlyName = null;
- private String ssoSpecialText = null;
- private String ssoIdentificationNumber = null;
-
- private String defaultchainigmode = null;
- private static Map<String, String> chainigmodelist;
-
- private String trustedCACerts = null;
-
-
- private String defaultBKUOnline = "";
- private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request";
- private String defaultBKUHandy = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx";
-
- private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html";
- private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html";
- private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html";
-
- private String publicURLPrefix = null;
- private boolean virtualPublicURLPrefixEnabled = false;
-
- private boolean moaidMode = false;
-
- public GeneralMOAIDConfig() {
- try {
- this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
- } catch (ConfigurationException e) {
- e.printStackTrace();
-
- }
-
- chainigmodelist = new HashMap<String, String>();
- ChainingModeType[] values = ChainingModeType.values();
- for (int i=0; i<values.length; i++) {
- chainigmodelist.put(values[i].value(), values[i].value());
- }
-
- try {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- if (config != null) {
- MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration();
- List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer().getTransformsInfo();
-
- if (authBlockTrans != null && !authBlockTrans.isEmpty()) {
- if (secLayerTransformation == null)
- secLayerTransformation = new HashMap<String, byte[]>();
- for (TransformsInfoType el : authBlockTrans)
- secLayerTransformation.put(el.getFilename(), el.getTransformation());
-
- }
- }
-
- } catch (Exception e) {
-
- }
-
- }
-
- public void parse(MOAIDConfiguration config) {
-
- if (config != null) {
- AuthComponentGeneral auth = config.getAuthComponentGeneral();
-
- //get ELGA mandate service URLs from configuration
- if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) {
- if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs()))
- eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs());
-
- else {
- if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0,
- config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- eidSystemServiceURL = config.getEidSystemServiceURLs();
-
- }
- }
-
-
- //get ELGA mandate service URLs from configuration
- if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) {
- if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs()))
- elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs());
-
- else {
- if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0,
- config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- elgaMandateServiceURL = config.getElgaMandateServiceURLs();
-
- }
- }
-
-
-
- if (auth != null) {
-
- GeneralConfiguration authgen = auth.getGeneralConfiguration();
- if (authgen != null) {
- alternativeSourceID = authgen.getAlternativeSourceID();
- //certStoreDirectory = authgen.getCertStoreDirectory();
- if (authgen.isTrustManagerRevocationChecking() != null)
- trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking();
-
- virtualPublicURLPrefixEnabled =
- KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix());
-
- if (virtualPublicURLPrefixEnabled) {
- //format CSV values with newlines
- publicURLPrefix = KeyValueUtils.normalizeCSVValueString(
- authgen.getPublicURLPreFix());
-
- } else {
- String tmp = authgen.getPublicURLPreFix();
- if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- publicURLPrefix = tmp.substring(0,
- tmp.indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- publicURLPrefix = tmp;
- }
-
- TimeOuts timeouts = authgen.getTimeOuts();
- if (timeouts != null) {
-
- if(timeouts.getAssertion() != null)
- timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue());
- if(timeouts.getMOASessionCreated() != null)
- timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue());
- if(timeouts.getMOASessionUpdated() != null)
- timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue());
-
- }
-
-
- //deactive STORK
- if (isMoaidMode()) {
- ForeignIdentities foreign = auth.getForeignIdentities();
- if (foreign != null) {
- ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter();
- if (connect_foreign != null) {
- if (MiscUtil.isNotEmpty(connect_foreign.getURL())) {
- if (KeyValueUtils.isCSVValueString(connect_foreign.getURL()))
- szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL());
-
- else {
- if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- szrgwURL = connect_foreign.getURL().substring(0,
- connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- szrgwURL = connect_foreign.getURL();
-
- }
-
- }
- }
-
- STORK stork = foreign.getSTORK();
- if (stork != null) {
- //TODO: add Stork config
-
- }
- }
- }
-
- }
-
- if (isMoaidMode()) {
- MOASP moaspss = auth.getMOASP();
- if (moaspss != null) {
- ConnectionParameterClientAuthType con = moaspss.getConnectionParameter();
- if (con != null)
- moaspssURL = con.getURL();
-
- VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock();
- if (authblock != null) {
- moaspssAuthTrustProfile = authblock.getTrustProfileID();
- moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID();
-
- List<String> list = authblock.getVerifyTransformsInfoProfileID();
- if (list.size() == 1)
- moaspssAuthTransformations += list.get(0);
- else {
- for (String el : list)
- moaspssAuthTransformations += el + LINE_DELIMITER + "\n";
- }
- }
-
- VerifyIdentityLink idl = moaspss.getVerifyIdentityLink();
- if (idl != null) {
- moaspssIdlTrustProfile = idl.getTrustProfileID();
- moaspssIdlTrustProfileTest = idl.getTestTrustProfileID();
- }
- }
-
- OnlineMandates mandates = auth.getOnlineMandates();
- if (mandates != null) {
- ConnectionParameterClientAuthType con = mandates.getConnectionParameter();
- if (con != null) {
- if (MiscUtil.isNotEmpty(con.getURL())) {
- if (KeyValueUtils.isCSVValueString(con.getURL()))
- mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL());
-
- else {
- if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- mandateURL = con.getURL().substring(0,
- con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- mandateURL = con.getURL();
-
- }
-
- }
-
- }
- }
- }
-
- Protocols protocols = auth.getProtocols();
- if (protocols != null) {
- LegacyAllowed legacy = protocols.getLegacyAllowed();
-
- if (legacy != null) {
- List<String> list = legacy.getProtocolName();
- if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1))
- legacy_saml1 = true;
-
- if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2))
- legacy_pvp2 = true;
- }
-
- SAML1 saml1 = protocols.getSAML1();
- if (saml1 != null) {
- protocolActiveSAML1 = saml1.isIsActive();
- saml1SourceID = saml1.getSourceID();
-
- //TODO: could removed in a later version
- if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID))
- saml1SourceID = alternativeSourceID;
-
- }
-
- if (isMoaidMode()) {
- OAuth oauth = protocols.getOAuth();
- if (oauth != null) {
- protocolActiveOAuth = oauth.isIsActive();
-
- }
-
- }
-
- PVP2 pvp2 = protocols.getPVP2();
- if (pvp2 != null) {
-
- protocolActivePVP21 = pvp2.isIsActive();
-
- //INFO: only for backup
- if (MiscUtil.isEmpty(publicURLPrefix))
- publicURLPrefix = pvp2.getPublicURLPrefix();
-
- pvp2IssuerName = pvp2.getIssuerName();
-
- List<Contact> con = pvp2.getContact();
-
- //TODO: change to support more contacts
- if (con != null && con.size() > 0) {
- pvp2Contact = new ContactForm(con.get(0));
-
- }
-
- Organization org = pvp2.getOrganization();
- if (org != null) {
- pvp2OrgDisplayName = org.getDisplayName();
- pvp2OrgName = org.getName();
- pvp2OrgURL = org.getURL();
- }
- }
-
- }
-
- if (isMoaidMode()) {
- SecurityLayer seclayer = auth.getSecurityLayer();
- if (seclayer != null) {
- List<TransformsInfoType> list = seclayer.getTransformsInfo();
-
- for (TransformsInfoType el : list) {
- fileUploadFileName.add(el.getFilename());
- }
- }
-
- SSO sso = auth.getSSO();
- if (sso != null) {
- ssoFriendlyName = sso.getFriendlyName();
-
- // IdentificationNumber idl = sso.getIdentificationNumber();
- // if (idl != null)
- // ssoIdentificationNumber = idl.getValue();
-
- //INFO: only for backup
- if (MiscUtil.isEmpty(publicURLPrefix))
- publicURLPrefix = sso.getPublicURL();
-
- ssoSpecialText = sso.getSpecialText();
-
- if (MiscUtil.isNotEmpty(sso.getTarget()) &&
- sso.getTarget().startsWith(Constants.PREFIX_WPBK)) {
- ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()).
- replace("+", "");
-
- } else
- ssoTarget = sso.getTarget();
-
- }
- }
-
- ChainingModes modes = config.getChainingModes();
- if (modes != null) {
- ChainingModeType defaultmode = modes.getSystemDefaultMode();
- if (defaultmode != null) {
-
- defaultchainigmode = defaultmode.value();
-
- }
-
- List<TrustAnchor> trustanchor = modes.getTrustAnchor();
- if (trustanchor != null) {
- //TODO: set addional trust anchors!!!!
- }
- }
-
- DefaultBKUs defaultbkus = config.getDefaultBKUs();
- if (defaultbkus != null) {
- defaultBKUHandy = defaultbkus.getHandyBKU();
- defaultBKULocal = defaultbkus.getLocalBKU();
- defaultBKUOnline = defaultbkus.getOnlineBKU();
- }
-
- SLRequestTemplates slreq = config.getSLRequestTemplates();
- if (slreq != null) {
- SLRequestTemplateHandy = slreq.getHandyBKU();
- SLRequestTemplateLocal = slreq.getLocalBKU();
- SLRequestTemplateOnline = slreq.getOnlineBKU();
- }
-
- }
-
- trustedCACerts = config.getTrustedCACertificates();
-
-
-
- }
- }
-
- /**
- * @return the szrgwURL
- */
- public String getSzrgwURL() {
- return szrgwURL;
- }
-
- /**
- * @param szrgwURL the szrgwURL to set
- */
- public void setSzrgwURL(String szrgwURL) {
- if (MiscUtil.isNotEmpty(szrgwURL))
- this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL);
- else
- this.szrgwURL = szrgwURL;
- }
+ private boolean trustmanagerrevocationcheck = true;
+
+ private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION);
+ private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED);
+ private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED);
+
+ private String moaspssURL = null;
+ private String moaspssAuthTrustProfile = null;
+ private String moaspssAuthTransformations = "";
+ private List<String> authTransformList = null;
+ private String moaspssIdlTrustProfile = null;
+
+ private String moaspssIdlTrustProfileTest = null;
+ private String moaspssAuthTrustProfileTest = null;
+
+ private String mandateURL = null;
+ private String szrgwURL = null;
+ private String elgaMandateServiceURL = null;
+ private String eidSystemServiceURL = null;
+
+ private boolean protocolActiveSAML1 = false;
+ private boolean protocolActivePVP21 = true;
+ private boolean protocolActiveOAuth = true;
+
+ private boolean legacy_saml1 = false;
+ private boolean legacy_pvp2 = false;
+
+ private String saml1SourceID = null;
+
+ private String pvp2IssuerName = null;
+ private String pvp2OrgName = null;
+ private String pvp2OrgDisplayName = null;
+ private String pvp2OrgURL = null;
+ private ContactForm pvp2Contact = null;
+
+ private List<File> fileUpload = null;
+ private List<String> fileUploadContentType;
+ private List<String> fileUploadFileName = new ArrayList<>();
+ private Map<String, byte[]> secLayerTransformation = null;
+
+ private String ssoTarget = null;
+ private String ssoFriendlyName = null;
+ private String ssoSpecialText = null;
+ private String ssoIdentificationNumber = null;
+
+ private String defaultchainigmode = null;
+ private static Map<String, String> chainigmodelist;
+
+ private String trustedCACerts = null;
+
+ private String defaultBKUOnline = "";
+ private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request";
+ private String defaultBKUHandy =
+ "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx";
+
+ private String SLRequestTemplateOnline = "SLTemplates/template_onlineBKU.html";
+ private String SLRequestTemplateLocal = "SLTemplates/template_handyBKU.html";
+ private String SLRequestTemplateHandy = "SLTemplates/template_handyBKU.html";
+
+ private String publicURLPrefix = null;
+ private boolean virtualPublicURLPrefixEnabled = false;
+
+ private boolean moaidMode = false;
+
+ public GeneralMOAIDConfig() {
+ try {
+ this.moaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (final ConfigurationException e) {
+ e.printStackTrace();
+
+ }
+
+ chainigmodelist = new HashMap<>();
+ final ChainingModeType[] values = ChainingModeType.values();
+ for (final ChainingModeType value : values) {
+ chainigmodelist.put(value.value(), value.value());
+ }
+
+ try {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ if (config != null) {
+ final MOAIDConfiguration dbconfig = config.getDbRead().getMOAIDConfiguration();
+ final List<TransformsInfoType> authBlockTrans = dbconfig.getAuthComponentGeneral().getSecurityLayer()
+ .getTransformsInfo();
+
+ if (authBlockTrans != null && !authBlockTrans.isEmpty()) {
+ if (secLayerTransformation == null) {
+ secLayerTransformation = new HashMap<>();
+ }
+ for (final TransformsInfoType el : authBlockTrans) {
+ secLayerTransformation.put(el.getFilename(), el.getTransformation());
+ }
+
+ }
+ }
+
+ } catch (final Exception e) {
+
+ }
+
+ }
+
+ public void parse(MOAIDConfiguration config) {
+
+ if (config != null) {
+ final AuthComponentGeneral auth = config.getAuthComponentGeneral();
+
+ // get ELGA mandate service URLs from configuration
+ if (MiscUtil.isNotEmpty(config.getEidSystemServiceURLs())) {
+ if (KeyValueUtils.isCSVValueString(config.getEidSystemServiceURLs())) {
+ eidSystemServiceURL = KeyValueUtils.normalizeCSVValueString(config.getEidSystemServiceURLs());
+ } else {
+ if (config.getEidSystemServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ eidSystemServiceURL = config.getEidSystemServiceURLs().substring(0,
+ config.getEidSystemServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else {
+ eidSystemServiceURL = config.getEidSystemServiceURLs();
+ }
+
+ }
+ }
+
+ // get ELGA mandate service URLs from configuration
+ if (MiscUtil.isNotEmpty(config.getElgaMandateServiceURLs())) {
+ if (KeyValueUtils.isCSVValueString(config.getElgaMandateServiceURLs())) {
+ elgaMandateServiceURL = KeyValueUtils.normalizeCSVValueString(config.getElgaMandateServiceURLs());
+ } else {
+ if (config.getElgaMandateServiceURLs().contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ elgaMandateServiceURL = config.getElgaMandateServiceURLs().substring(0,
+ config.getElgaMandateServiceURLs().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else {
+ elgaMandateServiceURL = config.getElgaMandateServiceURLs();
+ }
+
+ }
+ }
+
+ if (auth != null) {
+
+ final GeneralConfiguration authgen = auth.getGeneralConfiguration();
+ if (authgen != null) {
+ alternativeSourceID = authgen.getAlternativeSourceID();
+ // certStoreDirectory = authgen.getCertStoreDirectory();
+ if (authgen.isTrustManagerRevocationChecking() != null) {
+ trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking();
+ }
+
+ virtualPublicURLPrefixEnabled =
+ KeyValueUtils.isCSVValueString(authgen.getPublicURLPreFix());
+
+ if (virtualPublicURLPrefixEnabled) {
+ // format CSV values with newlines
+ publicURLPrefix = KeyValueUtils.normalizeCSVValueString(
+ authgen.getPublicURLPreFix());
+
+ } else {
+ final String tmp = authgen.getPublicURLPreFix();
+ if (tmp.contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ publicURLPrefix = tmp.substring(0,
+ tmp.indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else {
+ publicURLPrefix = tmp;
+ }
+ }
+
+ final TimeOuts timeouts = authgen.getTimeOuts();
+ if (timeouts != null) {
+
+ if (timeouts.getAssertion() != null) {
+ timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue());
+ }
+ if (timeouts.getMOASessionCreated() != null) {
+ timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue());
+ }
+ if (timeouts.getMOASessionUpdated() != null) {
+ timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue());
+ }
+
+ }
+
+ // deactive STORK
+ if (isMoaidMode()) {
+ final ForeignIdentities foreign = auth.getForeignIdentities();
+ if (foreign != null) {
+ final ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter();
+ if (connect_foreign != null) {
+ if (MiscUtil.isNotEmpty(connect_foreign.getURL())) {
+ if (KeyValueUtils.isCSVValueString(connect_foreign.getURL())) {
+ szrgwURL = KeyValueUtils.normalizeCSVValueString(connect_foreign.getURL());
+ } else {
+ if (connect_foreign.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ szrgwURL = connect_foreign.getURL().substring(0,
+ connect_foreign.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else {
+ szrgwURL = connect_foreign.getURL();
+ }
+
+ }
+
+ }
+ }
+
+ final STORK stork = foreign.getSTORK();
+ if (stork != null) {
+ // TODO: add Stork config
+
+ }
+ }
+ }
+
+ }
+
+ if (isMoaidMode()) {
+ final MOASP moaspss = auth.getMOASP();
+ if (moaspss != null) {
+ final ConnectionParameterClientAuthType con = moaspss.getConnectionParameter();
+ if (con != null) {
+ moaspssURL = con.getURL();
+ }
+
+ final VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock();
+ if (authblock != null) {
+ moaspssAuthTrustProfile = authblock.getTrustProfileID();
+ moaspssAuthTrustProfileTest = authblock.getTestTrustProfileID();
+
+ final List<String> list = authblock.getVerifyTransformsInfoProfileID();
+ if (list.size() == 1) {
+ moaspssAuthTransformations += list.get(0);
+ } else {
+ for (final String el : list) {
+ moaspssAuthTransformations += el + LINE_DELIMITER + "\n";
+ }
+ }
+ }
+
+ final VerifyIdentityLink idl = moaspss.getVerifyIdentityLink();
+ if (idl != null) {
+ moaspssIdlTrustProfile = idl.getTrustProfileID();
+ moaspssIdlTrustProfileTest = idl.getTestTrustProfileID();
+ }
+ }
+
+ final OnlineMandates mandates = auth.getOnlineMandates();
+ if (mandates != null) {
+ final ConnectionParameterClientAuthType con = mandates.getConnectionParameter();
+ if (con != null) {
+ if (MiscUtil.isNotEmpty(con.getURL())) {
+ if (KeyValueUtils.isCSVValueString(con.getURL())) {
+ mandateURL = KeyValueUtils.normalizeCSVValueString(con.getURL());
+ } else {
+ if (con.getURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ mandateURL = con.getURL().substring(0,
+ con.getURL().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else {
+ mandateURL = con.getURL();
+ }
+
+ }
+
+ }
+
+ }
+ }
+ }
+
+ final Protocols protocols = auth.getProtocols();
+ if (protocols != null) {
+ final LegacyAllowed legacy = protocols.getLegacyAllowed();
+
+ if (legacy != null) {
+ final List<String> list = legacy.getProtocolName();
+ if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) {
+ legacy_saml1 = true;
+ }
+
+ if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) {
+ legacy_pvp2 = true;
+ }
+ }
+
+ final SAML1 saml1 = protocols.getSAML1();
+ if (saml1 != null) {
+ protocolActiveSAML1 = saml1.isIsActive();
+ saml1SourceID = saml1.getSourceID();
+
+ // TODO: could removed in a later version
+ if (MiscUtil.isEmpty(saml1SourceID) && MiscUtil.isNotEmpty(alternativeSourceID)) {
+ saml1SourceID = alternativeSourceID;
+ }
+
+ }
+
+ if (isMoaidMode()) {
+ final OAuth oauth = protocols.getOAuth();
+ if (oauth != null) {
+ protocolActiveOAuth = oauth.isIsActive();
+
+ }
+
+ }
+
+ final PVP2 pvp2 = protocols.getPVP2();
+ if (pvp2 != null) {
+
+ protocolActivePVP21 = pvp2.isIsActive();
+
+ // INFO: only for backup
+ if (MiscUtil.isEmpty(publicURLPrefix)) {
+ publicURLPrefix = pvp2.getPublicURLPrefix();
+ }
+
+ pvp2IssuerName = pvp2.getIssuerName();
+
+ final List<Contact> con = pvp2.getContact();
+
+ // TODO: change to support more contacts
+ if (con != null && con.size() > 0) {
+ pvp2Contact = new ContactForm(con.get(0));
+
+ }
+
+ final Organization org = pvp2.getOrganization();
+ if (org != null) {
+ pvp2OrgDisplayName = org.getDisplayName();
+ pvp2OrgName = org.getName();
+ pvp2OrgURL = org.getURL();
+ }
+ }
+
+ }
+
+ if (isMoaidMode()) {
+ final SecurityLayer seclayer = auth.getSecurityLayer();
+ if (seclayer != null) {
+ final List<TransformsInfoType> list = seclayer.getTransformsInfo();
+
+ for (final TransformsInfoType el : list) {
+ fileUploadFileName.add(el.getFilename());
+ }
+ }
+
+ final SSO sso = auth.getSSO();
+ if (sso != null) {
+ ssoFriendlyName = sso.getFriendlyName();
+
+ // IdentificationNumber idl = sso.getIdentificationNumber();
+ // if (idl != null)
+ // ssoIdentificationNumber = idl.getValue();
+
+ // INFO: only for backup
+ if (MiscUtil.isEmpty(publicURLPrefix)) {
+ publicURLPrefix = sso.getPublicURL();
+ }
+
+ ssoSpecialText = sso.getSpecialText();
+
+ if (MiscUtil.isNotEmpty(sso.getTarget()) &&
+ sso.getTarget().startsWith(Constants.PREFIX_WPBK)) {
+ ssoTarget = sso.getTarget().substring(Constants.PREFIX_WPBK.length()).replace("+", "");
+
+ } else {
+ ssoTarget = sso.getTarget();
+ }
+
+ }
+ }
+
+ final ChainingModes modes = config.getChainingModes();
+ if (modes != null) {
+ final ChainingModeType defaultmode = modes.getSystemDefaultMode();
+ if (defaultmode != null) {
+
+ defaultchainigmode = defaultmode.value();
+
+ }
+
+ final List<TrustAnchor> trustanchor = modes.getTrustAnchor();
+ if (trustanchor != null) {
+ // TODO: set addional trust anchors!!!!
+ }
+ }
+
+ final DefaultBKUs defaultbkus = config.getDefaultBKUs();
+ if (defaultbkus != null) {
+ defaultBKUHandy = defaultbkus.getHandyBKU();
+ defaultBKULocal = defaultbkus.getLocalBKU();
+ defaultBKUOnline = defaultbkus.getOnlineBKU();
+ }
+
+ final SLRequestTemplates slreq = config.getSLRequestTemplates();
+ if (slreq != null) {
+ SLRequestTemplateHandy = slreq.getHandyBKU();
+ SLRequestTemplateLocal = slreq.getLocalBKU();
+ SLRequestTemplateOnline = slreq.getOnlineBKU();
+ }
+
+ }
+
+ trustedCACerts = config.getTrustedCACertificates();
+
+ }
+ }
+
+ /**
+ * @return the szrgwURL
+ */
+ public String getSzrgwURL() {
+ return szrgwURL;
+ }
+
+ /**
+ * @param szrgwURL the szrgwURL to set
+ */
+ public void setSzrgwURL(String szrgwURL) {
+ if (MiscUtil.isNotEmpty(szrgwURL)) {
+ this.szrgwURL = KeyValueUtils.removeAllNewlineFromString(szrgwURL);
+ } else {
+ this.szrgwURL = szrgwURL;
+ }
+ }
// /**
// * @return the certStoreDirectory
@@ -506,662 +516,665 @@ public class GeneralMOAIDConfig {
// this.certStoreDirectory = certStoreDirectory;
// }
- /**
- * @return the timeoutAssertion
- */
- public String getTimeoutAssertion() {
- return timeoutAssertion;
- }
-
- /**
- * @param timeoutAssertion the timeoutAssertion to set
- */
- public void setTimeoutAssertion(String timeoutAssertion) {
- this.timeoutAssertion = timeoutAssertion;
- }
-
- /**
- * @return the timeoutMOASessionCreated
- */
- public String getTimeoutMOASessionCreated() {
- return timeoutMOASessionCreated;
- }
-
- /**
- * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set
- */
- public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) {
- this.timeoutMOASessionCreated = timeoutMOASessionCreated;
- }
-
- /**
- * @return the timeoutMOASessionUpdated
- */
- public String getTimeoutMOASessionUpdated() {
- return timeoutMOASessionUpdated;
- }
-
- /**
- * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set
- */
- public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) {
- this.timeoutMOASessionUpdated = timeoutMOASessionUpdated;
- }
-
- /**
- * @return the moaspssURL
- */
- public String getMoaspssURL() {
- return moaspssURL;
- }
-
- /**
- * @param moaspssURL the moaspssURL to set
- */
- public void setMoaspssURL(String moaspssURL) {
- this.moaspssURL = moaspssURL;
- }
-
- /**
- * @return the moaspssAuthTrustProfile
- */
- public String getMoaspssAuthTrustProfile() {
- return moaspssAuthTrustProfile;
- }
-
- /**
- * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set
- */
- public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) {
- this.moaspssAuthTrustProfile = moaspssAuthTrustProfile;
- }
-
- /**
- * @return the moaspssAuthTransformations
- */
- public String getMoaspssAuthTransformations() {
- return moaspssAuthTransformations;
- }
-
- /**
- * @param moaspssAuthTransformations the moaspssAuthTransformations to set
- */
- public void setMoaspssAuthTransformations(String moaspssAuthTransformations) {
- this.moaspssAuthTransformations = moaspssAuthTransformations;
- }
-
- /**
- * @return the moaspssIdlTrustProfile
- */
- public String getMoaspssIdlTrustProfile() {
- return moaspssIdlTrustProfile;
- }
-
- /**
- * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set
- */
- public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) {
- this.moaspssIdlTrustProfile = moaspssIdlTrustProfile;
- }
-
- /**
- * @return the mandateURL
- */
- public String getMandateURL() {
- return mandateURL;
- }
-
- /**
- * @param mandateURL the mandateURL to set
- */
- public void setMandateURL(String mandateURL) {
- if (MiscUtil.isNotEmpty(mandateURL))
- this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL);
- else
- this.mandateURL = mandateURL;
- }
-
- /**
- * @return the legacy_saml1
- */
- public boolean isLegacy_saml1() {
- return legacy_saml1;
- }
-
- /**
- * @param legacy_saml1 the legacy_saml1 to set
- */
- public void setLegacy_saml1(boolean legacy_saml1) {
- this.legacy_saml1 = legacy_saml1;
- }
-
- /**
- * @return the legacy_pvp2
- */
- public boolean isLegacy_pvp2() {
- return legacy_pvp2;
- }
-
- /**
- * @param legacy_pvp2 the legacy_pvp2 to set
- */
- public void setLegacy_pvp2(boolean legacy_pvp2) {
- this.legacy_pvp2 = legacy_pvp2;
- }
-
- /**
- * @return the pvp2IssuerName
- */
- public String getPvp2IssuerName() {
- return pvp2IssuerName;
- }
-
- /**
- * @param pvp2IssuerName the pvp2IssuerName to set
- */
- public void setPvp2IssuerName(String pvp2IssuerName) {
- this.pvp2IssuerName = pvp2IssuerName;
- }
-
- /**
- * @return the pvp2OrgName
- */
- public String getPvp2OrgName() {
- return pvp2OrgName;
- }
-
- /**
- * @param pvp2OrgName the pvp2OrgName to set
- */
- public void setPvp2OrgName(String pvp2OrgName) {
- this.pvp2OrgName = pvp2OrgName;
- }
-
- /**
- * @return the pvp2OrgDisplayName
- */
- public String getPvp2OrgDisplayName() {
- return pvp2OrgDisplayName;
- }
-
- /**
- * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set
- */
- public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) {
- this.pvp2OrgDisplayName = pvp2OrgDisplayName;
- }
-
- /**
- * @return the pvp2OrgURL
- */
- public String getPvp2OrgURL() {
- return pvp2OrgURL;
- }
-
- /**
- * @param pvp2OrgURL the pvp2OrgURL to set
- */
- public void setPvp2OrgURL(String pvp2OrgURL) {
- this.pvp2OrgURL = pvp2OrgURL;
- }
-
- /**
- * @return the pvp2Contact
- */
- public ContactForm getPvp2Contact() {
- return pvp2Contact;
- }
-
- /**
- * @param pvp2Contact the pvp2Contact to set
- */
- public void setPvp2Contact(ContactForm pvp2Contact) {
- this.pvp2Contact = pvp2Contact;
- }
-
- /**
- * @return the fileUpload
- */
- public List<File> getFileUpload() {
- return fileUpload;
- }
-
- /**
- * @param fileUpload the fileUpload to set
- */
- public void setFileUpload(List<File> fileUpload) {
- this.fileUpload = fileUpload;
- }
-
- /**
- * @return the fileUploadContentType
- */
- public List<String> getFileUploadContentType() {
- return fileUploadContentType;
- }
-
- /**
- * @param fileUploadContentType the fileUploadContentType to set
- */
- public void setFileUploadContentType(List<String> fileUploadContentType) {
- this.fileUploadContentType = fileUploadContentType;
- }
-
- /**
- * @return the fileUploadFileName
- */
- public List<String> getFileUploadFileName() {
- return fileUploadFileName;
- }
-
- /**
- * @param fileUploadFileName the fileUploadFileName to set
- */
- public void setFileUploadFileName(List<String> fileUploadFileName) {
- this.fileUploadFileName = fileUploadFileName;
- }
-
- /**
- * @return the ssoTarget
- */
- public String getSsoTarget() {
- return ssoTarget;
- }
-
- /**
- * @param ssoTarget the ssoTarget to set
- */
- public void setSsoTarget(String ssoTarget) {
- this.ssoTarget = ssoTarget;
- }
-
- /**
- * @return the ssoFriendlyName
- */
- public String getSsoFriendlyName() {
- return ssoFriendlyName;
- }
-
- /**
- * @param ssoFriendlyName the ssoFriendlyName to set
- */
- public void setSsoFriendlyName(String ssoFriendlyName) {
- this.ssoFriendlyName = ssoFriendlyName;
- }
-
- /**
- * @return the ssoSpecialText
- */
- public String getSsoSpecialText() {
- return ssoSpecialText;
- }
-
- /**
- * @param ssoSpecialText the ssoSpecialText to set
- */
- public void setSsoSpecialText(String ssoSpecialText) {
- this.ssoSpecialText = ssoSpecialText;
- }
-
- /**
- * @return the ssoIdentificationNumber
- */
- public String getSsoIdentificationNumber() {
- return ssoIdentificationNumber;
- }
-
- /**
- * @param ssoIdentificationNumber the ssoIdentificationNumber to set
- */
- public void setSsoIdentificationNumber(String ssoIdentificationNumber) {
- this.ssoIdentificationNumber = ssoIdentificationNumber;
- }
-
- /**
- * @return the defaultchainigmode
- */
- public String getDefaultchainigmode() {
- return defaultchainigmode;
- }
-
- /**
- * @param defaultchainigmode the defaultchainigmode to set
- */
- public void setDefaultchainigmode(String defaultchainigmode) {
- this.defaultchainigmode = defaultchainigmode;
- }
-
- /**
- * @return the defaultBKUOnline
- */
- public String getDefaultBKUOnline() {
- return defaultBKUOnline;
- }
-
- /**
- * @param defaultBKUOnline the defaultBKUOnline to set
- */
- public void setDefaultBKUOnline(String defaultBKUOnline) {
- this.defaultBKUOnline = defaultBKUOnline;
- }
-
- /**
- * @return the defaultBKULocal
- */
- public String getDefaultBKULocal() {
- return defaultBKULocal;
- }
-
- /**
- * @param defaultBKULocal the defaultBKULocal to set
- */
- public void setDefaultBKULocal(String defaultBKULocal) {
- this.defaultBKULocal = defaultBKULocal;
- }
-
- /**
- * @return the defaultBKUHandy
- */
- public String getDefaultBKUHandy() {
- return defaultBKUHandy;
- }
-
- /**
- * @param defaultBKUHandy the defaultBKUHandy to set
- */
- public void setDefaultBKUHandy(String defaultBKUHandy) {
- this.defaultBKUHandy = defaultBKUHandy;
- }
-
- /**
- * @return the sLRequestTemplateOnline
- */
- public String getSLRequestTemplateOnline() {
- return SLRequestTemplateOnline;
- }
-
- /**
- * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set
- */
- public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) {
- SLRequestTemplateOnline = sLRequestTemplateOnline;
- }
-
- /**
- * @return the sLRequestTemplateLocal
- */
- public String getSLRequestTemplateLocal() {
- return SLRequestTemplateLocal;
- }
-
- /**
- * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set
- */
- public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) {
- SLRequestTemplateLocal = sLRequestTemplateLocal;
- }
-
- /**
- * @return the sLRequestTemplateHandy
- */
- public String getSLRequestTemplateHandy() {
- return SLRequestTemplateHandy;
- }
-
- /**
- * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set
- */
- public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) {
- SLRequestTemplateHandy = sLRequestTemplateHandy;
- }
-
- /**
- * @return the trustmanagerrevocationcheck
- */
- public boolean isTrustmanagerrevocationcheck() {
- return trustmanagerrevocationcheck;
- }
-
- /**
- * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set
- */
- public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) {
- this.trustmanagerrevocationcheck = trustmanagerrevocationcheck;
- }
-
- /**
- * @return the trustedCACerts
- */
- public String getTrustedCACerts() {
- return trustedCACerts;
- }
-
- /**
- * @param trustedCACerts the trustedCACerts to set
- */
- public void setTrustedCACerts(String trustedCACerts) {
- this.trustedCACerts = trustedCACerts;
- }
-
- /**
- * @return the chainigmodelist
- */
- public Map<String, String> getChainigmodelist() {
- return chainigmodelist;
- }
-
- /**
- * @param chainigmodelist the chainigmodelist to set
- */
- public void setChainigmodelist(Map<String, String> chainigmodelist) {
- GeneralMOAIDConfig.chainigmodelist = chainigmodelist;
- }
-
- /**
- * @return the secLayerTransformation
- */
- public Map<String, byte[]> getSecLayerTransformation() {
-
- return secLayerTransformation;
- }
-
- /**
- * @param secLayerTransformation the secLayerTransformation to set
- */
- public void setSecLayerTransformation(Map<String, byte[]> secLayerTransformation) {
- this.secLayerTransformation = secLayerTransformation;
- }
-
- /**
- * @return the authTransformList
- */
- public List<String> getAuthTransformList() {
- return authTransformList;
- }
-
- /**
- * @param authTransformList the authTransformList to set
- */
- public void setAuthTransformList(List<String> authTransformList) {
- this.authTransformList = authTransformList;
- }
-
-
-
-
- public void setFileUpload(File fileUpload) {
- if (this.fileUpload == null)
- this.fileUpload = new ArrayList<File>();
- this.fileUpload.add(fileUpload);
- }
-
- public void setFileUploadContentType(String fileUploadContentType) {
- if (this.fileUploadContentType == null)
- this.fileUploadContentType = new ArrayList<String>();
- this.fileUploadContentType.add(fileUploadContentType);
- }
-
- public void setFileUploadFileName(String fileUploadFileName) {
- if (this.fileUploadFileName == null)
- this.fileUploadFileName = new ArrayList<String>();
- this.fileUploadFileName.add(fileUploadFileName);
- }
-
- /**
- * @return the protocolActiveSAML1
- */
- public boolean isProtocolActiveSAML1() {
- return protocolActiveSAML1;
- }
-
- /**
- * @param protocolActiveSAML1 the protocolActiveSAML1 to set
- */
- public void setProtocolActiveSAML1(boolean protocolActiveSAML1) {
- this.protocolActiveSAML1 = protocolActiveSAML1;
- }
-
- /**
- * @return the protocolActivePVP21
- */
- public boolean isProtocolActivePVP21() {
- return protocolActivePVP21;
- }
-
- /**
- * @param protocolActivePVP21 the protocolActivePVP21 to set
- */
- public void setProtocolActivePVP21(boolean protocolActivePVP21) {
- this.protocolActivePVP21 = protocolActivePVP21;
- }
-
- /**
- * @return the protocolActiveOAuth
- */
- public boolean isProtocolActiveOAuth() {
- return protocolActiveOAuth;
- }
-
- /**
- * @param protocolActiveOAuth the protocolActiveOAuth to set
- */
- public void setProtocolActiveOAuth(boolean protocolActiveOAuth) {
- this.protocolActiveOAuth = protocolActiveOAuth;
- }
-
- /**
- * @return the saml1SourceID
- */
- public String getSaml1SourceID() {
- return saml1SourceID;
- }
-
- /**
- * @param saml1SourceID the saml1SourceID to set
- */
- public void setSaml1SourceID(String saml1SourceID) {
- this.saml1SourceID = saml1SourceID;
- }
-
- /**
- * @return the publicURLPrefix
- */
- public String getPublicURLPrefix() {
- return publicURLPrefix;
- }
-
- /**
- * @param publicURLPrefix the publicURLPrefix to set
- */
- public void setPublicURLPrefix(String publicURLPrefix) {
- if (MiscUtil.isNotEmpty(publicURLPrefix))
- this.publicURLPrefix =
- KeyValueUtils.removeAllNewlineFromString(publicURLPrefix);
- else
- this.publicURLPrefix = publicURLPrefix;
-
- }
-
- /**
- * @return the moaspssIdlTrustProfileTest
- */
- public String getMoaspssIdlTrustProfileTest() {
- return moaspssIdlTrustProfileTest;
- }
-
- /**
- * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set
- */
- public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) {
- this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest;
- }
-
- /**
- * @return the moaspssAuthTrustProfileTest
- */
- public String getMoaspssAuthTrustProfileTest() {
- return moaspssAuthTrustProfileTest;
- }
-
- /**
- * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set
- */
- public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) {
- this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest;
- }
-
- /**
- * @return the virtualPublicURLPrefixEnabled
- */
- public boolean isVirtualPublicURLPrefixEnabled() {
- return virtualPublicURLPrefixEnabled;
- }
-
- /**
- * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set
- */
- public void setVirtualPublicURLPrefixEnabled(
- boolean virtualPublicURLPrefixEnabled) {
- this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled;
- }
-
- /**
- * @return the elgaMandateServiceURL
- */
- public String getElgaMandateServiceURL() {
- return elgaMandateServiceURL;
- }
-
- /**
- * @param elgaMandateServiceURL the elgaMandateServiceURL to set
- */
- public void setElgaMandateServiceURL(String elgaMandateServiceURL) {
- if (MiscUtil.isNotEmpty(elgaMandateServiceURL))
- this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL);
- else
- this.elgaMandateServiceURL = elgaMandateServiceURL;
- }
-
- /**
- * @return the eidSystemServiceURL
- */
- public String getEidSystemServiceURL() {
- return eidSystemServiceURL;
- }
-
- public boolean isMoaidMode() {
- return moaidMode;
- }
-
- /**
- * @param eidSystemServiceURL the E-ID Service URL to set
- */
- public void setEidSystemServiceURL(String eidSystemServiceURL) {
- if (MiscUtil.isNotEmpty(eidSystemServiceURL))
- this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL);
- else
- this.eidSystemServiceURL = eidSystemServiceURL;
- }
-
-
+ /**
+ * @return the timeoutAssertion
+ */
+ public String getTimeoutAssertion() {
+ return timeoutAssertion;
+ }
+
+ /**
+ * @param timeoutAssertion the timeoutAssertion to set
+ */
+ public void setTimeoutAssertion(String timeoutAssertion) {
+ this.timeoutAssertion = timeoutAssertion;
+ }
+
+ /**
+ * @return the timeoutMOASessionCreated
+ */
+ public String getTimeoutMOASessionCreated() {
+ return timeoutMOASessionCreated;
+ }
+
+ /**
+ * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set
+ */
+ public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) {
+ this.timeoutMOASessionCreated = timeoutMOASessionCreated;
+ }
+
+ /**
+ * @return the timeoutMOASessionUpdated
+ */
+ public String getTimeoutMOASessionUpdated() {
+ return timeoutMOASessionUpdated;
+ }
+
+ /**
+ * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set
+ */
+ public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) {
+ this.timeoutMOASessionUpdated = timeoutMOASessionUpdated;
+ }
+
+ /**
+ * @return the moaspssURL
+ */
+ public String getMoaspssURL() {
+ return moaspssURL;
+ }
+
+ /**
+ * @param moaspssURL the moaspssURL to set
+ */
+ public void setMoaspssURL(String moaspssURL) {
+ this.moaspssURL = moaspssURL;
+ }
+
+ /**
+ * @return the moaspssAuthTrustProfile
+ */
+ public String getMoaspssAuthTrustProfile() {
+ return moaspssAuthTrustProfile;
+ }
+
+ /**
+ * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set
+ */
+ public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) {
+ this.moaspssAuthTrustProfile = moaspssAuthTrustProfile;
+ }
+
+ /**
+ * @return the moaspssAuthTransformations
+ */
+ public String getMoaspssAuthTransformations() {
+ return moaspssAuthTransformations;
+ }
+
+ /**
+ * @param moaspssAuthTransformations the moaspssAuthTransformations to set
+ */
+ public void setMoaspssAuthTransformations(String moaspssAuthTransformations) {
+ this.moaspssAuthTransformations = moaspssAuthTransformations;
+ }
+
+ /**
+ * @return the moaspssIdlTrustProfile
+ */
+ public String getMoaspssIdlTrustProfile() {
+ return moaspssIdlTrustProfile;
+ }
+
+ /**
+ * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set
+ */
+ public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) {
+ this.moaspssIdlTrustProfile = moaspssIdlTrustProfile;
+ }
+
+ /**
+ * @return the mandateURL
+ */
+ public String getMandateURL() {
+ return mandateURL;
+ }
+
+ /**
+ * @param mandateURL the mandateURL to set
+ */
+ public void setMandateURL(String mandateURL) {
+ if (MiscUtil.isNotEmpty(mandateURL)) {
+ this.mandateURL = KeyValueUtils.removeAllNewlineFromString(mandateURL);
+ } else {
+ this.mandateURL = mandateURL;
+ }
+ }
+
+ /**
+ * @return the legacy_saml1
+ */
+ public boolean isLegacy_saml1() {
+ return legacy_saml1;
+ }
+
+ /**
+ * @param legacy_saml1 the legacy_saml1 to set
+ */
+ public void setLegacy_saml1(boolean legacy_saml1) {
+ this.legacy_saml1 = legacy_saml1;
+ }
+
+ /**
+ * @return the legacy_pvp2
+ */
+ public boolean isLegacy_pvp2() {
+ return legacy_pvp2;
+ }
+
+ /**
+ * @param legacy_pvp2 the legacy_pvp2 to set
+ */
+ public void setLegacy_pvp2(boolean legacy_pvp2) {
+ this.legacy_pvp2 = legacy_pvp2;
+ }
+
+ /**
+ * @return the pvp2IssuerName
+ */
+ public String getPvp2IssuerName() {
+ return pvp2IssuerName;
+ }
+
+ /**
+ * @param pvp2IssuerName the pvp2IssuerName to set
+ */
+ public void setPvp2IssuerName(String pvp2IssuerName) {
+ this.pvp2IssuerName = pvp2IssuerName;
+ }
+
+ /**
+ * @return the pvp2OrgName
+ */
+ public String getPvp2OrgName() {
+ return pvp2OrgName;
+ }
+
+ /**
+ * @param pvp2OrgName the pvp2OrgName to set
+ */
+ public void setPvp2OrgName(String pvp2OrgName) {
+ this.pvp2OrgName = pvp2OrgName;
+ }
+
+ /**
+ * @return the pvp2OrgDisplayName
+ */
+ public String getPvp2OrgDisplayName() {
+ return pvp2OrgDisplayName;
+ }
+
+ /**
+ * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set
+ */
+ public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) {
+ this.pvp2OrgDisplayName = pvp2OrgDisplayName;
+ }
+
+ /**
+ * @return the pvp2OrgURL
+ */
+ public String getPvp2OrgURL() {
+ return pvp2OrgURL;
+ }
+
+ /**
+ * @param pvp2OrgURL the pvp2OrgURL to set
+ */
+ public void setPvp2OrgURL(String pvp2OrgURL) {
+ this.pvp2OrgURL = pvp2OrgURL;
+ }
+
+ /**
+ * @return the pvp2Contact
+ */
+ public ContactForm getPvp2Contact() {
+ return pvp2Contact;
+ }
+
+ /**
+ * @param pvp2Contact the pvp2Contact to set
+ */
+ public void setPvp2Contact(ContactForm pvp2Contact) {
+ this.pvp2Contact = pvp2Contact;
+ }
+
+ /**
+ * @return the fileUpload
+ */
+ public List<File> getFileUpload() {
+ return fileUpload;
+ }
+
+ /**
+ * @param fileUpload the fileUpload to set
+ */
+ public void setFileUpload(List<File> fileUpload) {
+ this.fileUpload = fileUpload;
+ }
+
+ /**
+ * @return the fileUploadContentType
+ */
+ public List<String> getFileUploadContentType() {
+ return fileUploadContentType;
+ }
+
+ /**
+ * @param fileUploadContentType the fileUploadContentType to set
+ */
+ public void setFileUploadContentType(List<String> fileUploadContentType) {
+ this.fileUploadContentType = fileUploadContentType;
+ }
+
+ /**
+ * @return the fileUploadFileName
+ */
+ public List<String> getFileUploadFileName() {
+ return fileUploadFileName;
+ }
+
+ /**
+ * @param fileUploadFileName the fileUploadFileName to set
+ */
+ public void setFileUploadFileName(List<String> fileUploadFileName) {
+ this.fileUploadFileName = fileUploadFileName;
+ }
+
+ /**
+ * @return the ssoTarget
+ */
+ public String getSsoTarget() {
+ return ssoTarget;
+ }
+
+ /**
+ * @param ssoTarget the ssoTarget to set
+ */
+ public void setSsoTarget(String ssoTarget) {
+ this.ssoTarget = ssoTarget;
+ }
+
+ /**
+ * @return the ssoFriendlyName
+ */
+ public String getSsoFriendlyName() {
+ return ssoFriendlyName;
+ }
+
+ /**
+ * @param ssoFriendlyName the ssoFriendlyName to set
+ */
+ public void setSsoFriendlyName(String ssoFriendlyName) {
+ this.ssoFriendlyName = ssoFriendlyName;
+ }
+
+ /**
+ * @return the ssoSpecialText
+ */
+ public String getSsoSpecialText() {
+ return ssoSpecialText;
+ }
+
+ /**
+ * @param ssoSpecialText the ssoSpecialText to set
+ */
+ public void setSsoSpecialText(String ssoSpecialText) {
+ this.ssoSpecialText = ssoSpecialText;
+ }
+
+ /**
+ * @return the ssoIdentificationNumber
+ */
+ public String getSsoIdentificationNumber() {
+ return ssoIdentificationNumber;
+ }
+
+ /**
+ * @param ssoIdentificationNumber the ssoIdentificationNumber to set
+ */
+ public void setSsoIdentificationNumber(String ssoIdentificationNumber) {
+ this.ssoIdentificationNumber = ssoIdentificationNumber;
+ }
+
+ /**
+ * @return the defaultchainigmode
+ */
+ public String getDefaultchainigmode() {
+ return defaultchainigmode;
+ }
+
+ /**
+ * @param defaultchainigmode the defaultchainigmode to set
+ */
+ public void setDefaultchainigmode(String defaultchainigmode) {
+ this.defaultchainigmode = defaultchainigmode;
+ }
+
+ /**
+ * @return the defaultBKUOnline
+ */
+ public String getDefaultBKUOnline() {
+ return defaultBKUOnline;
+ }
+
+ /**
+ * @param defaultBKUOnline the defaultBKUOnline to set
+ */
+ public void setDefaultBKUOnline(String defaultBKUOnline) {
+ this.defaultBKUOnline = defaultBKUOnline;
+ }
+
+ /**
+ * @return the defaultBKULocal
+ */
+ public String getDefaultBKULocal() {
+ return defaultBKULocal;
+ }
+
+ /**
+ * @param defaultBKULocal the defaultBKULocal to set
+ */
+ public void setDefaultBKULocal(String defaultBKULocal) {
+ this.defaultBKULocal = defaultBKULocal;
+ }
+
+ /**
+ * @return the defaultBKUHandy
+ */
+ public String getDefaultBKUHandy() {
+ return defaultBKUHandy;
+ }
+
+ /**
+ * @param defaultBKUHandy the defaultBKUHandy to set
+ */
+ public void setDefaultBKUHandy(String defaultBKUHandy) {
+ this.defaultBKUHandy = defaultBKUHandy;
+ }
+
+ /**
+ * @return the sLRequestTemplateOnline
+ */
+ public String getSLRequestTemplateOnline() {
+ return SLRequestTemplateOnline;
+ }
+
+ /**
+ * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set
+ */
+ public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) {
+ SLRequestTemplateOnline = sLRequestTemplateOnline;
+ }
+
+ /**
+ * @return the sLRequestTemplateLocal
+ */
+ public String getSLRequestTemplateLocal() {
+ return SLRequestTemplateLocal;
+ }
+
+ /**
+ * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set
+ */
+ public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) {
+ SLRequestTemplateLocal = sLRequestTemplateLocal;
+ }
+
+ /**
+ * @return the sLRequestTemplateHandy
+ */
+ public String getSLRequestTemplateHandy() {
+ return SLRequestTemplateHandy;
+ }
+
+ /**
+ * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set
+ */
+ public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) {
+ SLRequestTemplateHandy = sLRequestTemplateHandy;
+ }
+
+ /**
+ * @return the trustmanagerrevocationcheck
+ */
+ public boolean isTrustmanagerrevocationcheck() {
+ return trustmanagerrevocationcheck;
+ }
+
+ /**
+ * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set
+ */
+ public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) {
+ this.trustmanagerrevocationcheck = trustmanagerrevocationcheck;
+ }
+
+ /**
+ * @return the trustedCACerts
+ */
+ public String getTrustedCACerts() {
+ return trustedCACerts;
+ }
+
+ /**
+ * @param trustedCACerts the trustedCACerts to set
+ */
+ public void setTrustedCACerts(String trustedCACerts) {
+ this.trustedCACerts = trustedCACerts;
+ }
+
+ /**
+ * @return the chainigmodelist
+ */
+ public Map<String, String> getChainigmodelist() {
+ return chainigmodelist;
+ }
+
+ /**
+ * @param chainigmodelist the chainigmodelist to set
+ */
+ public void setChainigmodelist(Map<String, String> chainigmodelist) {
+ GeneralMOAIDConfig.chainigmodelist = chainigmodelist;
+ }
+
+ /**
+ * @return the secLayerTransformation
+ */
+ public Map<String, byte[]> getSecLayerTransformation() {
+
+ return secLayerTransformation;
+ }
+
+ /**
+ * @param secLayerTransformation the secLayerTransformation to set
+ */
+ public void setSecLayerTransformation(Map<String, byte[]> secLayerTransformation) {
+ this.secLayerTransformation = secLayerTransformation;
+ }
+
+ /**
+ * @return the authTransformList
+ */
+ public List<String> getAuthTransformList() {
+ return authTransformList;
+ }
+
+ /**
+ * @param authTransformList the authTransformList to set
+ */
+ public void setAuthTransformList(List<String> authTransformList) {
+ this.authTransformList = authTransformList;
+ }
+
+ public void setFileUpload(File fileUpload) {
+ if (this.fileUpload == null) {
+ this.fileUpload = new ArrayList<>();
+ }
+ this.fileUpload.add(fileUpload);
+ }
+
+ public void setFileUploadContentType(String fileUploadContentType) {
+ if (this.fileUploadContentType == null) {
+ this.fileUploadContentType = new ArrayList<>();
+ }
+ this.fileUploadContentType.add(fileUploadContentType);
+ }
+
+ public void setFileUploadFileName(String fileUploadFileName) {
+ if (this.fileUploadFileName == null) {
+ this.fileUploadFileName = new ArrayList<>();
+ }
+ this.fileUploadFileName.add(fileUploadFileName);
+ }
+
+ /**
+ * @return the protocolActiveSAML1
+ */
+ public boolean isProtocolActiveSAML1() {
+ return protocolActiveSAML1;
+ }
+
+ /**
+ * @param protocolActiveSAML1 the protocolActiveSAML1 to set
+ */
+ public void setProtocolActiveSAML1(boolean protocolActiveSAML1) {
+ this.protocolActiveSAML1 = protocolActiveSAML1;
+ }
+
+ /**
+ * @return the protocolActivePVP21
+ */
+ public boolean isProtocolActivePVP21() {
+ return protocolActivePVP21;
+ }
+
+ /**
+ * @param protocolActivePVP21 the protocolActivePVP21 to set
+ */
+ public void setProtocolActivePVP21(boolean protocolActivePVP21) {
+ this.protocolActivePVP21 = protocolActivePVP21;
+ }
+
+ /**
+ * @return the protocolActiveOAuth
+ */
+ public boolean isProtocolActiveOAuth() {
+ return protocolActiveOAuth;
+ }
+
+ /**
+ * @param protocolActiveOAuth the protocolActiveOAuth to set
+ */
+ public void setProtocolActiveOAuth(boolean protocolActiveOAuth) {
+ this.protocolActiveOAuth = protocolActiveOAuth;
+ }
+
+ /**
+ * @return the saml1SourceID
+ */
+ public String getSaml1SourceID() {
+ return saml1SourceID;
+ }
+
+ /**
+ * @param saml1SourceID the saml1SourceID to set
+ */
+ public void setSaml1SourceID(String saml1SourceID) {
+ this.saml1SourceID = saml1SourceID;
+ }
+
+ /**
+ * @return the publicURLPrefix
+ */
+ public String getPublicURLPrefix() {
+ return publicURLPrefix;
+ }
+
+ /**
+ * @param publicURLPrefix the publicURLPrefix to set
+ */
+ public void setPublicURLPrefix(String publicURLPrefix) {
+ if (MiscUtil.isNotEmpty(publicURLPrefix)) {
+ this.publicURLPrefix =
+ KeyValueUtils.removeAllNewlineFromString(publicURLPrefix);
+ } else {
+ this.publicURLPrefix = publicURLPrefix;
+ }
+
+ }
+
+ /**
+ * @return the moaspssIdlTrustProfileTest
+ */
+ public String getMoaspssIdlTrustProfileTest() {
+ return moaspssIdlTrustProfileTest;
+ }
+
+ /**
+ * @param moaspssIdlTrustProfileTest the moaspssIdlTrustProfileTest to set
+ */
+ public void setMoaspssIdlTrustProfileTest(String moaspssIdlTrustProfileTest) {
+ this.moaspssIdlTrustProfileTest = moaspssIdlTrustProfileTest;
+ }
+
+ /**
+ * @return the moaspssAuthTrustProfileTest
+ */
+ public String getMoaspssAuthTrustProfileTest() {
+ return moaspssAuthTrustProfileTest;
+ }
+
+ /**
+ * @param moaspssAuthTrustProfileTest the moaspssAuthTrustProfileTest to set
+ */
+ public void setMoaspssAuthTrustProfileTest(String moaspssAuthTrustProfileTest) {
+ this.moaspssAuthTrustProfileTest = moaspssAuthTrustProfileTest;
+ }
+
+ /**
+ * @return the virtualPublicURLPrefixEnabled
+ */
+ public boolean isVirtualPublicURLPrefixEnabled() {
+ return virtualPublicURLPrefixEnabled;
+ }
+
+ /**
+ * @param virtualPublicURLPrefixEnabled the virtualPublicURLPrefixEnabled to set
+ */
+ public void setVirtualPublicURLPrefixEnabled(
+ boolean virtualPublicURLPrefixEnabled) {
+ this.virtualPublicURLPrefixEnabled = virtualPublicURLPrefixEnabled;
+ }
+
+ /**
+ * @return the elgaMandateServiceURL
+ */
+ public String getElgaMandateServiceURL() {
+ return elgaMandateServiceURL;
+ }
+
+ /**
+ * @param elgaMandateServiceURL the elgaMandateServiceURL to set
+ */
+ public void setElgaMandateServiceURL(String elgaMandateServiceURL) {
+ if (MiscUtil.isNotEmpty(elgaMandateServiceURL)) {
+ this.elgaMandateServiceURL = KeyValueUtils.removeAllNewlineFromString(elgaMandateServiceURL);
+ } else {
+ this.elgaMandateServiceURL = elgaMandateServiceURL;
+ }
+ }
+
+ /**
+ * @return the eidSystemServiceURL
+ */
+ public String getEidSystemServiceURL() {
+ return eidSystemServiceURL;
+ }
+
+ public boolean isMoaidMode() {
+ return moaidMode;
+ }
+
+ /**
+ * @param eidSystemServiceURL the E-ID Service URL to set
+ */
+ public void setEidSystemServiceURL(String eidSystemServiceURL) {
+ if (MiscUtil.isNotEmpty(eidSystemServiceURL)) {
+ this.eidSystemServiceURL = KeyValueUtils.removeAllNewlineFromString(eidSystemServiceURL);
+ } else {
+ this.eidSystemServiceURL = eidSystemServiceURL;
+ }
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index b5c996c72..c833372c9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.data;
import java.util.ArrayList;
import java.util.List;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
@@ -36,141 +34,147 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class GeneralStorkConfig {
- private List<CPEPS> cpepslist;
- private List<StorkAttribute> attributes;
- private String qaa;
- private static final Logger log = Logger.getLogger(GeneralStorkConfig.class);
-
- private MOAIDConfiguration dbconfig = null;
-
- /**
- *
- */
- public GeneralStorkConfig() {
- try {
- dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
-
- } catch (ConfigurationException e) {
- log.error("MOA-ID-Configuration initialization FAILED.", e);
-
- }
-
- }
-
- public void parse(MOAIDConfiguration config) {
- log.info("Initializing general Stork config");
-
- cpepslist = new ArrayList<CPEPS>();
- attributes = new ArrayList<StorkAttribute>();
-
- if (config != null) {
- AuthComponentGeneral auth = config.getAuthComponentGeneral();
-
- if (auth != null) {
- ForeignIdentities foreign = auth.getForeignIdentities();
-
- if (foreign != null) {
- STORK stork = foreign.getSTORK();
-
- if (stork != null) {
- // deep clone all the things
- // to foreclose lazyloading session timeouts
- if (stork.getCPEPS() != null) {
- for(CPEPS current : stork.getCPEPS()) {
- cpepslist.add(current);
- }
- }
-
- List<StorkAttribute> tmp = stork.getAttributes();
- if(null != tmp) {
-
- for(StorkAttribute current : tmp)
- attributes.add(current);
- }
-
- try {
- qaa = stork.getGeneral_eIDAS_LOA();
-
- } catch(NullPointerException e) {
- qaa = MOAIDConstants.eIDAS_LOA_HIGH;
- }
- }
-
- }
- }
- }
-
- if (cpepslist.isEmpty()) {
- CPEPS defaultCPEPS = new CPEPS();
- defaultCPEPS.setCountryCode("CC");
- defaultCPEPS.setURL("http://");
- defaultCPEPS.setSupportsXMLSignature(true);
- cpepslist.add(defaultCPEPS );
-
- }
- if(attributes.isEmpty())
- attributes.add(new StorkAttribute());
- }
-
- public List<String> getAllowedLoALevels() {
- return MOAIDConstants.ALLOWED_eIDAS_LOA;
- }
-
- public List<CPEPS> getRawCPEPSList() {
- return cpepslist;
+ private List<CPEPS> cpepslist;
+ private List<StorkAttribute> attributes;
+ private String qaa;
+
+ private MOAIDConfiguration dbconfig = null;
+
+ /**
+ *
+ */
+ public GeneralStorkConfig() {
+ try {
+ dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
+
+ } catch (final ConfigurationException e) {
+ log.error("MOA-ID-Configuration initialization FAILED.", e);
+
+ }
+
+ }
+
+ public void parse(MOAIDConfiguration config) {
+ log.info("Initializing general Stork config");
+
+ cpepslist = new ArrayList<>();
+ attributes = new ArrayList<>();
+
+ if (config != null) {
+ final AuthComponentGeneral auth = config.getAuthComponentGeneral();
+
+ if (auth != null) {
+ final ForeignIdentities foreign = auth.getForeignIdentities();
+
+ if (foreign != null) {
+ final STORK stork = foreign.getSTORK();
+
+ if (stork != null) {
+ // deep clone all the things
+ // to foreclose lazyloading session timeouts
+ if (stork.getCPEPS() != null) {
+ for (final CPEPS current : stork.getCPEPS()) {
+ cpepslist.add(current);
+ }
+ }
+
+ final List<StorkAttribute> tmp = stork.getAttributes();
+ if (null != tmp) {
+
+ for (final StorkAttribute current : tmp) {
+ attributes.add(current);
+ }
+ }
+
+ try {
+ qaa = stork.getGeneral_eIDAS_LOA();
+
+ } catch (final NullPointerException e) {
+ qaa = MOAIDConstants.eIDAS_LOA_HIGH;
+ }
+ }
+
+ }
+ }
}
-
- public List<CPEPS> getCpepslist() {
- if (null == cpepslist)
- return null;
-
- //MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
-
- try {
- List<CPEPS> cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS();
-
- if (cpepss != null) {
- // make CountryCode "readonly"
- for (CPEPS newone : cpepslist) {
- for (CPEPS current : cpepss) {
- if (null != newone)
- if (current.getHjid().equals(newone.getHjid())) {
- newone.setCountryCode(current.getCountryCode());
- break;
- }
- }
- }
- }
-
- return cpepslist;
-
- } catch (NullPointerException e) {
- return null;
-
- }
-
- }
-
- public void setCpepslist(List<CPEPS> list) {
- cpepslist = list;
- }
-
- public List<StorkAttribute> getAttributes() {
- return attributes;
- }
-
- public void setAttributes(List<StorkAttribute> attributes) {
- this.attributes = attributes;
- }
-
- public String getDefaultQaa() {
- return qaa;
- }
-
- public void setDefaultQaa(String qaa) {
- this.qaa = qaa;
- }
+
+ if (cpepslist.isEmpty()) {
+ final CPEPS defaultCPEPS = new CPEPS();
+ defaultCPEPS.setCountryCode("CC");
+ defaultCPEPS.setURL("http://");
+ defaultCPEPS.setSupportsXMLSignature(true);
+ cpepslist.add(defaultCPEPS);
+
+ }
+ if (attributes.isEmpty()) {
+ attributes.add(new StorkAttribute());
+ }
+ }
+
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
+ public List<CPEPS> getRawCPEPSList() {
+ return cpepslist;
+ }
+
+ public List<CPEPS> getCpepslist() {
+ if (null == cpepslist) {
+ return null;
+ }
+
+ // MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
+
+ try {
+ final List<CPEPS> cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK()
+ .getCPEPS();
+
+ if (cpepss != null) {
+ // make CountryCode "readonly"
+ for (final CPEPS newone : cpepslist) {
+ for (final CPEPS current : cpepss) {
+ if (null != newone) {
+ if (current.getHjid().equals(newone.getHjid())) {
+ newone.setCountryCode(current.getCountryCode());
+ break;
+ }
+ }
+ }
+ }
+ }
+
+ return cpepslist;
+
+ } catch (final NullPointerException e) {
+ return null;
+
+ }
+
+ }
+
+ public void setCpepslist(List<CPEPS> list) {
+ cpepslist = list;
+ }
+
+ public List<StorkAttribute> getAttributes() {
+ return attributes;
+ }
+
+ public void setAttributes(List<StorkAttribute> attributes) {
+ this.attributes = attributes;
+ }
+
+ public String getDefaultQaa() {
+ return qaa;
+ }
+
+ public void setDefaultQaa(String qaa) {
+ this.qaa = qaa;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java
index 28eba9f34..c7de7e369 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java
@@ -23,92 +23,103 @@
package at.gv.egovernment.moa.id.configuration.data;
public class OAListElement {
-
- public enum ServiceType {OA, VIDP, IDP, GWAY}
-
- private long dataBaseID;
- private String oaIdentifier;
- private String oaFriendlyName;
- private String oaType;
- private boolean isActive;
- private ServiceType serviceType;
-
- /**
- *
- */
- public OAListElement(ServiceType type) {
- this.serviceType = type;
- }
-
-
- /**
- * @return the dataBaseID
- */
- public long getDataBaseID() {
- return dataBaseID;
- }
- /**
- * @param dataBaseID the dataBaseID to set
- */
- public void setDataBaseID(long dataBaseID) {
- this.dataBaseID = dataBaseID;
- }
- /**
- * @return the oaIdentifier
- */
- public String getOaIdentifier() {
- return oaIdentifier;
- }
- /**
- * @param oaIdentifier the oaIdentifier to set
- */
- public void setOaIdentifier(String oaIdentifier) {
- this.oaIdentifier = oaIdentifier;
- }
- /**
- * @return the oaFriendlyName
- */
- public String getOaFriendlyName() {
- return oaFriendlyName;
- }
- /**
- * @param oaFriendlyName the oaFriendlyName to set
- */
- public void setOaFriendlyName(String oaFriendlyName) {
- this.oaFriendlyName = oaFriendlyName;
- }
- /**
- * @return the oaType
- */
- public String getOaType() {
- return oaType;
- }
- /**
- * @param oaType the oaType to set
- */
- public void setOaType(String oaType) {
- this.oaType = oaType;
- }
- /**
- * @return the isActive
- */
- public boolean isActive() {
- return isActive;
- }
- /**
- * @param isActive the isActive to set
- */
- public void setActive(boolean isActive) {
- this.isActive = isActive;
- }
-
- public String getIsActive(){
- return String.valueOf(isActive);
- }
- /**
- * @return the serviceType
- */
- public String getServiceType() {
- return serviceType.name();
- }
+
+ public enum ServiceType {
+ OA, VIDP, IDP, GWAY
+ }
+
+ private long dataBaseID;
+ private String oaIdentifier;
+ private String oaFriendlyName;
+ private String oaType;
+ private boolean isActive;
+ private final ServiceType serviceType;
+
+ /**
+ *
+ */
+ public OAListElement(ServiceType type) {
+ this.serviceType = type;
+ }
+
+ /**
+ * @return the dataBaseID
+ */
+ public long getDataBaseID() {
+ return dataBaseID;
+ }
+
+ /**
+ * @param dataBaseID the dataBaseID to set
+ */
+ public void setDataBaseID(long dataBaseID) {
+ this.dataBaseID = dataBaseID;
+ }
+
+ /**
+ * @return the oaIdentifier
+ */
+ public String getOaIdentifier() {
+ return oaIdentifier;
+ }
+
+ /**
+ * @param oaIdentifier the oaIdentifier to set
+ */
+ public void setOaIdentifier(String oaIdentifier) {
+ this.oaIdentifier = oaIdentifier;
+ }
+
+ /**
+ * @return the oaFriendlyName
+ */
+ public String getOaFriendlyName() {
+ return oaFriendlyName;
+ }
+
+ /**
+ * @param oaFriendlyName the oaFriendlyName to set
+ */
+ public void setOaFriendlyName(String oaFriendlyName) {
+ this.oaFriendlyName = oaFriendlyName;
+ }
+
+ /**
+ * @return the oaType
+ */
+ public String getOaType() {
+ return oaType;
+ }
+
+ /**
+ * @param oaType the oaType to set
+ */
+ public void setOaType(String oaType) {
+ this.oaType = oaType;
+ }
+
+ /**
+ * @return the isActive
+ */
+ public boolean isActive() {
+ return isActive;
+ }
+
+ /**
+ * @param isActive the isActive to set
+ */
+ public void setActive(boolean isActive) {
+ this.isActive = isActive;
+ }
+
+ public String getIsActive() {
+ return String.valueOf(isActive);
+ }
+
+ /**
+ * @return the serviceType
+ */
+ public String getServiceType() {
+ return serviceType.name();
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java
index a1bcf4aa4..af4548779 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/StorkAttributes.java
@@ -24,27 +24,25 @@ package at.gv.egovernment.moa.id.configuration.data;
public class StorkAttributes {
+ public AttributValues eIdentifier;
- public AttributValues eIdentifier;
-
-
- public void parse() {
- eIdentifier = AttributValues.MANDATORY;
- }
-
-
- public enum AttributValues {
- MANDATORY, OPTIONAL, NOT;
-
- public String getValue() {
- if (this == MANDATORY)
- return MANDATORY.name();
- if (this == OPTIONAL)
- return OPTIONAL.name();
- else
- return NOT.name();
- }
- }
-
-}
+ public void parse() {
+ eIdentifier = AttributValues.MANDATORY;
+ }
+
+ public enum AttributValues {
+ MANDATORY, OPTIONAL, NOT;
+ public String getValue() {
+ if (this == MANDATORY) {
+ return MANDATORY.name();
+ }
+ if (this == OPTIONAL) {
+ return OPTIONAL.name();
+ } else {
+ return NOT.name();
+ }
+ }
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
index 8f4746d69..8f94fa642 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
@@ -26,328 +26,310 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.util.MiscUtil;
public class UserDatabaseFrom {
-
- private String bpk;
- private String familyName;
- private String givenName;
- private String institut;
- private String mail;
- private String phone;
- private String username;
- private String password;
- private String password_second;
- private boolean active = false;
- private boolean admin = false;
- private boolean passwordActive;
- private boolean isusernamepasswordallowed = false;
- private boolean isadminrequest = true;
- private boolean ismandateuser = false;
- private boolean isPVPGenerated;
- private String userID = null;
-
- public UserDatabaseFrom() {
-
- }
-
- public UserDatabaseFrom(UserDatabase db) {
- bpk = db.getBpk();
- familyName = db.getFamilyname();
- givenName = db.getGivenname();
- institut = db.getInstitut();
- mail = db.getMail();
- phone = db.getPhone();
- username = db.getUsername();
-
- if (MiscUtil.isNotEmpty(db.getPassword()))
- passwordActive = true;
- else
- passwordActive = false;
-
- active = db.isIsActive();
- admin = db.isIsAdmin();
-
- if (db.isIsUsernamePasswordAllowed() != null)
- isusernamepasswordallowed = db.isIsUsernamePasswordAllowed();
- else
- isusernamepasswordallowed = true;
-
- if (db.isIsAdminRequest() != null)
- isadminrequest = db.isIsAdminRequest();
- else
- isadminrequest = false;
-
- if (db.isIsMandateUser() != null)
- ismandateuser = db.isIsMandateUser();
- else
- ismandateuser = false;
-
- if (db.isIsPVP2Generated() != null)
- isPVPGenerated = db.isIsPVP2Generated();
- else
- isPVPGenerated = false;
-
- userID = String.valueOf(db.getHjid());
- }
-
-
- /**
- * @return the bpk
- */
- public String getBpk() {
- return bpk;
- }
-
-
- /**
- * @param bpk the bpk to set
- */
- public void setBpk(String bpk) {
- this.bpk = bpk;
- }
-
-
- /**
- * @return the familyName
- */
- public String getFamilyName() {
- return familyName;
- }
-
-
- /**
- * @param familyName the familyName to set
- */
- public void setFamilyName(String familyName) {
- this.familyName = familyName;
- }
-
-
- /**
- * @return the givenName
- */
- public String getGivenName() {
- return givenName;
- }
-
-
- /**
- * @param givenName the givenName to set
- */
- public void setGivenName(String givenName) {
- this.givenName = givenName;
- }
-
-
- /**
- * @return the institut
- */
- public String getInstitut() {
- return institut;
- }
-
-
- /**
- * @param institut the institut to set
- */
- public void setInstitut(String institut) {
- this.institut = institut;
- }
-
-
- /**
- * @return the mail
- */
- public String getMail() {
- return mail;
- }
-
-
- /**
- * @param mail the mail to set
- */
- public void setMail(String mail) {
- this.mail = mail;
- }
-
-
- /**
- * @return the phone
- */
- public String getPhone() {
- return phone;
- }
-
-
- /**
- * @param phone the phone to set
- */
- public void setPhone(String phone) {
- this.phone = phone;
- }
-
-
- /**
- * @return the username
- */
- public String getUsername() {
- return username;
- }
-
-
- /**
- * @param username the username to set
- */
- public void setUsername(String username) {
- this.username = username;
- }
-
-
- /**
- * @return the password
- */
- public String getPassword() {
- return password;
- }
-
-
- /**
- * @param password the password to set
- */
- public void setPassword(String password) {
- this.password = password;
- }
-
-
- /**
- * @return the active
- */
- public boolean isActive() {
- return active;
- }
-
-
- /**
- * @param active the active to set
- */
- public void setActive(boolean active) {
- this.active = active;
- }
-
-
- /**
- * @return the admin
- */
- public boolean isAdmin() {
- return admin;
- }
-
-
- /**
- * @param admin the admin to set
- */
- public void setAdmin(boolean admin) {
- this.admin = admin;
- }
-
-
- /**
- * @return the passwordActive
- */
- public boolean isPasswordActive() {
- return passwordActive;
- }
-
-
- /**
- * @param passwordActive the passwordActive to set
- */
- public void setPasswordActive(boolean passwordActive) {
- this.passwordActive = passwordActive;
- }
-
- /**
- * @return the userID
- */
- public String getUserID() {
- return userID;
- }
-
- /**
- * @param userID the userID to set
- */
- public void setUserID(String userID) {
- this.userID = userID;
- }
-
- /**
- * @return the password_second
- */
- public String getPassword_second() {
- return password_second;
- }
-
- /**
- * @param password_second the password_second to set
- */
- public void setPassword_second(String password_second) {
- this.password_second = password_second;
- }
-
- /**
- * @return the isusernamepasswordallowed
- */
- public boolean isIsusernamepasswordallowed() {
- return isusernamepasswordallowed;
- }
-
- /**
- * @param isusernamepasswordallowed the isusernamepasswordallowed to set
- */
- public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) {
- this.isusernamepasswordallowed = isusernamepasswordallowed;
- }
-
- /**
- * @return the ismandateuser
- */
- public boolean isIsmandateuser() {
- return ismandateuser;
- }
-
-
- /**
- * @param ismandateuser the ismandateuser to set
- */
- public void setIsmandateuser(boolean ismandateuser) {
- this.ismandateuser = ismandateuser;
- }
-
- /**
- * @return the isadminrequest
- */
- public boolean isIsadminrequest() {
- return isadminrequest;
- }
-
- /**
- * @param isadminrequest the isadminrequest to set
- */
- public void setIsadminrequest(boolean isadminrequest) {
- this.isadminrequest = isadminrequest;
- }
-
- /**
- * @return the isPVPGenerated
- */
- public boolean isPVPGenerated() {
- return isPVPGenerated;
- }
-
- /**
- * @param isPVPGenerated the isPVPGenerated to set
- */
- public void setPVPGenerated(boolean isPVPGenerated) {
- this.isPVPGenerated = isPVPGenerated;
- }
-
+
+ private String bpk;
+ private String familyName;
+ private String givenName;
+ private String institut;
+ private String mail;
+ private String phone;
+ private String username;
+ private String password;
+ private String password_second;
+ private boolean active = false;
+ private boolean admin = false;
+ private boolean passwordActive;
+ private boolean isusernamepasswordallowed = false;
+ private boolean isadminrequest = true;
+ private boolean ismandateuser = false;
+ private boolean isPVPGenerated;
+ private String userID = null;
+
+ public UserDatabaseFrom() {
+
+ }
+
+ public UserDatabaseFrom(UserDatabase db) {
+ bpk = db.getBpk();
+ familyName = db.getFamilyname();
+ givenName = db.getGivenname();
+ institut = db.getInstitut();
+ mail = db.getMail();
+ phone = db.getPhone();
+ username = db.getUsername();
+
+ if (MiscUtil.isNotEmpty(db.getPassword())) {
+ passwordActive = true;
+ } else {
+ passwordActive = false;
+ }
+
+ active = db.isIsActive();
+ admin = db.isIsAdmin();
+
+ if (db.isIsUsernamePasswordAllowed() != null) {
+ isusernamepasswordallowed = db.isIsUsernamePasswordAllowed();
+ } else {
+ isusernamepasswordallowed = true;
+ }
+
+ if (db.isIsAdminRequest() != null) {
+ isadminrequest = db.isIsAdminRequest();
+ } else {
+ isadminrequest = false;
+ }
+
+ if (db.isIsMandateUser() != null) {
+ ismandateuser = db.isIsMandateUser();
+ } else {
+ ismandateuser = false;
+ }
+
+ if (db.isIsPVP2Generated() != null) {
+ isPVPGenerated = db.isIsPVP2Generated();
+ } else {
+ isPVPGenerated = false;
+ }
+
+ userID = String.valueOf(db.getHjid());
+ }
+
+ /**
+ * @return the bpk
+ */
+ public String getBpk() {
+ return bpk;
+ }
+
+ /**
+ * @param bpk the bpk to set
+ */
+ public void setBpk(String bpk) {
+ this.bpk = bpk;
+ }
+
+ /**
+ * @return the familyName
+ */
+ public String getFamilyName() {
+ return familyName;
+ }
+
+ /**
+ * @param familyName the familyName to set
+ */
+ public void setFamilyName(String familyName) {
+ this.familyName = familyName;
+ }
+
+ /**
+ * @return the givenName
+ */
+ public String getGivenName() {
+ return givenName;
+ }
+
+ /**
+ * @param givenName the givenName to set
+ */
+ public void setGivenName(String givenName) {
+ this.givenName = givenName;
+ }
+
+ /**
+ * @return the institut
+ */
+ public String getInstitut() {
+ return institut;
+ }
+
+ /**
+ * @param institut the institut to set
+ */
+ public void setInstitut(String institut) {
+ this.institut = institut;
+ }
+
+ /**
+ * @return the mail
+ */
+ public String getMail() {
+ return mail;
+ }
+
+ /**
+ * @param mail the mail to set
+ */
+ public void setMail(String mail) {
+ this.mail = mail;
+ }
+
+ /**
+ * @return the phone
+ */
+ public String getPhone() {
+ return phone;
+ }
+
+ /**
+ * @param phone the phone to set
+ */
+ public void setPhone(String phone) {
+ this.phone = phone;
+ }
+
+ /**
+ * @return the username
+ */
+ public String getUsername() {
+ return username;
+ }
+
+ /**
+ * @param username the username to set
+ */
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ /**
+ * @return the password
+ */
+ public String getPassword() {
+ return password;
+ }
+
+ /**
+ * @param password the password to set
+ */
+ public void setPassword(String password) {
+ this.password = password;
+ }
+
+ /**
+ * @return the active
+ */
+ public boolean isActive() {
+ return active;
+ }
+
+ /**
+ * @param active the active to set
+ */
+ public void setActive(boolean active) {
+ this.active = active;
+ }
+
+ /**
+ * @return the admin
+ */
+ public boolean isAdmin() {
+ return admin;
+ }
+
+ /**
+ * @param admin the admin to set
+ */
+ public void setAdmin(boolean admin) {
+ this.admin = admin;
+ }
+
+ /**
+ * @return the passwordActive
+ */
+ public boolean isPasswordActive() {
+ return passwordActive;
+ }
+
+ /**
+ * @param passwordActive the passwordActive to set
+ */
+ public void setPasswordActive(boolean passwordActive) {
+ this.passwordActive = passwordActive;
+ }
+
+ /**
+ * @return the userID
+ */
+ public String getUserID() {
+ return userID;
+ }
+
+ /**
+ * @param userID the userID to set
+ */
+ public void setUserID(String userID) {
+ this.userID = userID;
+ }
+
+ /**
+ * @return the password_second
+ */
+ public String getPassword_second() {
+ return password_second;
+ }
+
+ /**
+ * @param password_second the password_second to set
+ */
+ public void setPassword_second(String password_second) {
+ this.password_second = password_second;
+ }
+
+ /**
+ * @return the isusernamepasswordallowed
+ */
+ public boolean isIsusernamepasswordallowed() {
+ return isusernamepasswordallowed;
+ }
+
+ /**
+ * @param isusernamepasswordallowed the isusernamepasswordallowed to set
+ */
+ public void setIsusernamepasswordallowed(boolean isusernamepasswordallowed) {
+ this.isusernamepasswordallowed = isusernamepasswordallowed;
+ }
+
+ /**
+ * @return the ismandateuser
+ */
+ public boolean isIsmandateuser() {
+ return ismandateuser;
+ }
+
+ /**
+ * @param ismandateuser the ismandateuser to set
+ */
+ public void setIsmandateuser(boolean ismandateuser) {
+ this.ismandateuser = ismandateuser;
+ }
+
+ /**
+ * @return the isadminrequest
+ */
+ public boolean isIsadminrequest() {
+ return isadminrequest;
+ }
+
+ /**
+ * @param isadminrequest the isadminrequest to set
+ */
+ public void setIsadminrequest(boolean isadminrequest) {
+ this.isadminrequest = isadminrequest;
+ }
+
+ /**
+ * @return the isPVPGenerated
+ */
+ public boolean isPVPGenerated() {
+ return isPVPGenerated;
+ }
+
+ /**
+ * @param isPVPGenerated the isPVPGenerated to set
+ */
+ public void setPVPGenerated(boolean isPVPGenerated) {
+ this.isPVPGenerated = isPVPGenerated;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java
index 63c82037f..c2344e059 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/AttributeHelper.java
@@ -4,61 +4,61 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAStorkAttribut
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
public class AttributeHelper {
- private boolean isUsed = false;
- private String name;
- private boolean mandatory;
- private boolean readonly;
+ private boolean isUsed = false;
+ private String name;
+ private boolean mandatory;
+ private boolean readonly;
- public AttributeHelper() {
- // TODO Auto-generated constructor stub
- }
+ public AttributeHelper() {
+ // TODO Auto-generated constructor stub
+ }
- public AttributeHelper(OAStorkAttribute attribute) {
- isUsed = true;
- name = attribute.getName();
- mandatory = attribute.isMandatory();
- }
+ public AttributeHelper(OAStorkAttribute attribute) {
+ isUsed = true;
+ name = attribute.getName();
+ mandatory = attribute.isMandatory();
+ }
- public AttributeHelper(StorkAttribute attribute) {
- name = attribute.getName();
- mandatory = false;
- if (attribute.isMandatory()==null) { // TODO check details
- attribute.setMandatory(false);
- } else {
- readonly = attribute.isMandatory();
- }
- isUsed = readonly;
- }
+ public AttributeHelper(StorkAttribute attribute) {
+ name = attribute.getName();
+ mandatory = false;
+ if (attribute.isMandatory() == null) { // TODO check details
+ attribute.setMandatory(false);
+ } else {
+ readonly = attribute.isMandatory();
+ }
+ isUsed = readonly;
+ }
- public boolean isUsed() {
- return isUsed;
- }
+ public boolean isUsed() {
+ return isUsed;
+ }
- public void setUsed(boolean used) {
- isUsed = used;
- }
+ public void setUsed(boolean used) {
+ isUsed = used;
+ }
- public String getName() {
- return name;
- }
+ public String getName() {
+ return name;
+ }
- public void setName(String newname) {
- name = newname;
- }
+ public void setName(String newname) {
+ name = newname;
+ }
- public boolean isMandatory() {
- return mandatory;
- }
+ public boolean isMandatory() {
+ return mandatory;
+ }
- public void setMandatory(boolean value) {
- mandatory = value;
- }
+ public void setMandatory(boolean value) {
+ mandatory = value;
+ }
- public boolean isReadOnly() {
- return readonly;
- }
+ public boolean isReadOnly() {
+ return readonly;
+ }
- public void setReadOnly(boolean value) {
- // we do not allow setting the readonly field
- }
+ public void setReadOnly(boolean value) {
+ // we do not allow setting the readonly field
+ }
} \ No newline at end of file
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java
index 8195c993d..0ba3ed36c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java
@@ -34,31 +34,34 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
*
*/
public interface IOnlineApplicationData {
-
- public String getName();
-
- /**
- * Parse OnlineApplication database object to formData
- * @param dbOAConfig
- * @return List of Errors
- */
- public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request);
-
- /**
- * Store formData to OnlineApplication database object
- * @param dboa: Database data object
- * @param authUser
- * @param request:
- * @return Error description
- */
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request);
-
- /**
- * Validate formData
- * @param general
- * @param request
- * @return
- */
- public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request);
+
+ String getName();
+
+ /**
+ * Parse OnlineApplication database object to formData
+ *
+ * @param dbOAConfig
+ * @return List of Errors
+ */
+ List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request);
+
+ /**
+ * Store formData to OnlineApplication database object
+ *
+ * @param dboa: Database data object
+ * @param authUser
+ * @param request:
+ * @return Error description
+ */
+ String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request);
+
+ /**
+ * Validate formData
+ *
+ * @param general
+ * @param request
+ * @return
+ */
+ List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request);
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index b3db074a2..b3f0620f0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -29,8 +29,6 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.BKUURLS;
@@ -47,105 +45,105 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class OAAuthenticationData implements IOnlineApplicationData {
- private static final Logger log = Logger.getLogger(OAAuthenticationData.class);
-
- private String bkuOnlineURL = null;
- private String bkuHandyURL = null;
- private String bkuLocalURL = null;
-
- private String mandateProfiles = null;
- private boolean useMandates = false;
-
- private List<String> misServicesList = new ArrayList<String>();
- private List<String> elgaServicesList = new ArrayList<String>();
- private List<String> szrgwServicesList = new ArrayList<String>();
- private List<String> eidServicesList = new ArrayList<String>();
- private String misServiceSelected = null;
- private String elgaServiceSelected = null;
- private String szrgwServiceSelected = null;
- private String eidServiceSelected = null;
-
- private boolean calculateHPI = false;
-
- private String keyBoxIdentifier = null;
- private static Map<String, String> keyBoxIdentifierList;
-
- private boolean legacy = false;
- List<String> SLTemplates = null;
-
- private Map<String, byte[]> transformations;
-
- private boolean enableTestCredentials = false;
- private List<String> testCredentialOIDs = null;
- private boolean useTestIDLValidationTrustStore = false;
- private boolean useTestAuthblockValidationTrustStore = false;
-
-
- //SL2.0
- private boolean sl20Active = false;
- private String sl20EndPoints = null;
-
- private boolean isMoaidMode = false;
-
- /**
- * @param isMoaidMode
- *
- */
- public OAAuthenticationData() {
- try {
- this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
- } catch (ConfigurationException e) {
- e.printStackTrace();
-
- }
-
- keyBoxIdentifierList = new HashMap<String, String>();
- MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values();
- for (int i=0; i<values.length; i++) {
- keyBoxIdentifierList.put(values[i].value(), values[i].value());
- }
-
- keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value();
-
-
- try {
- MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
-
- if (this.isMoaidMode) {
- try {
- elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs());
- misServicesList = KeyValueUtils.getListOfCSVValues(
- dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL());
- } catch (NullPointerException e) {}
-
- try {
- szrgwServicesList = KeyValueUtils.getListOfCSVValues(
- dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL());
- } catch (NullPointerException e) {}
-
- }
-
-
- try {
- eidServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getEidSystemServiceURLs());
- } catch (NullPointerException e) {}
-
-
- } catch (ConfigurationException e) {
- log.error("MOA-ID-Configuration initialization FAILED.", e);
-
- }
-
+ private String bkuOnlineURL = null;
+ private String bkuHandyURL = null;
+ private String bkuLocalURL = null;
+
+ private String mandateProfiles = null;
+ private boolean useMandates = false;
+
+ private List<String> misServicesList = new ArrayList<>();
+ private List<String> elgaServicesList = new ArrayList<>();
+ private List<String> szrgwServicesList = new ArrayList<>();
+ private List<String> eidServicesList = new ArrayList<>();
+ private String misServiceSelected = null;
+ private String elgaServiceSelected = null;
+ private String szrgwServiceSelected = null;
+ private String eidServiceSelected = null;
+
+ private boolean calculateHPI = false;
+
+ private String keyBoxIdentifier = null;
+ private static Map<String, String> keyBoxIdentifierList;
+
+ private boolean legacy = false;
+ List<String> SLTemplates = null;
+
+ private Map<String, byte[]> transformations;
+
+ private boolean enableTestCredentials = false;
+ private List<String> testCredentialOIDs = null;
+ private boolean useTestIDLValidationTrustStore = false;
+ private boolean useTestAuthblockValidationTrustStore = false;
+
+ // SL2.0
+ private boolean sl20Active = false;
+ private String sl20EndPoints = null;
+
+ private boolean isMoaidMode = false;
+
+ /**
+ * @param isMoaidMode
+ *
+ */
+ public OAAuthenticationData() {
+ try {
+ this.isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (final ConfigurationException e) {
+ e.printStackTrace();
+
+ }
+
+ keyBoxIdentifierList = new HashMap<>();
+ final MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values();
+ for (final MOAKeyBoxSelector value : values) {
+ keyBoxIdentifierList.put(value.value(), value.value());
+ }
+
+ keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value();
+
+ try {
+ final MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead()
+ .getMOAIDConfiguration();
+
+ if (this.isMoaidMode) {
+ try {
+ elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs());
+ misServicesList = KeyValueUtils.getListOfCSVValues(
+ dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL());
+ } catch (final NullPointerException e) {
+ }
+
+ try {
+ szrgwServicesList = KeyValueUtils.getListOfCSVValues(
+ dbconfig.getAuthComponentGeneral().getForeignIdentities().getConnectionParameter().getURL());
+ } catch (final NullPointerException e) {
+ }
+
+ }
+
+ try {
+ eidServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getEidSystemServiceURLs());
+ } catch (final NullPointerException e) {
+ }
+
+ } catch (final ConfigurationException e) {
+ log.error("MOA-ID-Configuration initialization FAILED.", e);
+
+ }
+
// bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL;
// bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL;
-//
+//
// MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
// if (moaidconfig != null) {
// DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs();
@@ -155,34 +153,43 @@ public class OAAuthenticationData implements IOnlineApplicationData {
// setBkuOnlineURL(defaultbkus.getOnlineBKU());
// }
// }
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OAAuthenticationData";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
- keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value();
-
- szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL();
- eidServiceSelected = dbOA.getSelectedEIDServiceURL();
-
- AuthComponentOA oaauth = dbOA.getAuthComponentOA();
- if (oaauth != null) {
- BKUURLS bkuurls = oaauth.getBKUURLS();
-
- String defaulthandy = "";
- String defaultlocal = "";
- String defaultonline = "";
-
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OAAuthenticationData";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value();
+
+ szrgwServiceSelected = dbOA.getSelectedSZRGWServiceURL();
+ eidServiceSelected = dbOA.getSelectedEIDServiceURL();
+
+ final AuthComponentOA oaauth = dbOA.getAuthComponentOA();
+ if (oaauth != null) {
+ final BKUURLS bkuurls = oaauth.getBKUURLS();
+
+ final String defaulthandy = "";
+ final String defaultlocal = "";
+ final String defaultonline = "";
+
// MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
// if (dbconfig != null) {
// DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs();
@@ -192,674 +199,685 @@ public class OAAuthenticationData implements IOnlineApplicationData {
// defaultonline = defaultbkus.getOnlineBKU();
// }
// }
-
- if (bkuurls != null) {
-
- if (MiscUtil.isEmpty(bkuurls.getHandyBKU()))
- bkuHandyURL = defaulthandy;
- else
- bkuHandyURL = bkuurls.getHandyBKU();
-
- if (MiscUtil.isEmpty(bkuurls.getLocalBKU()))
- bkuLocalURL = defaultlocal;
- else
- bkuLocalURL = bkuurls.getLocalBKU();
-
- if (MiscUtil.isEmpty(bkuurls.getOnlineBKU()))
- bkuOnlineURL = defaultonline;
- else
- bkuOnlineURL = bkuurls.getOnlineBKU();
- }
-
- Mandates mandates = oaauth.getMandates();
- if (mandates != null) {
-
- mandateProfiles = null;
-
- List<String> profileList = mandates.getProfileName();
- for (String el : profileList) {
- if (mandateProfiles == null)
- mandateProfiles = el;
-
- else
- mandateProfiles += "," + el;
- }
-
- //TODO: only for RC1
- if (MiscUtil.isNotEmpty(mandates.getProfiles())) {
- if (mandateProfiles == null)
- mandateProfiles = mandates.getProfiles();
-
- else
- mandateProfiles += "," + mandates.getProfiles();
-
- }
-
- if (mandateProfiles != null)
- useMandates = true;
-
- else
- useMandates = false;
-
- misServiceSelected = mandates.getSelectedMISServiceURL();
- elgaServiceSelected = mandates.getSelecteELGAServiceURL();
-
- }
-
- TemplatesType templates = oaauth.getTemplates();
- if (templates != null) {
- List<TemplateType> templatetype = templates.getTemplate();
-
- if (templatetype != null) {
- if (SLTemplates == null) {
- SLTemplates = new ArrayList<String>();
- }
-
- for (TemplateType el : templatetype) {
- SLTemplates.add(el.getURL());
- }
- }
- }
-
- if (SLTemplates != null && SLTemplates.size() > 0)
- legacy = true;
-
- List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo();
- transformations = new HashMap<String, byte[]>();
- for (TransformsInfoType el : transforminfos) {
- transformations.put(el.getFilename(), el.getTransformation());
- }
- }
-
- if (oaauth.getTestCredentials() != null) {
- enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials();
- testCredentialOIDs = new ArrayList<String>();
- testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID());
-
- useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore();
- useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore();
- }
-
- //parse SL2.0 information
- if (oaauth.isSl20Active()) {
- //parse SL2.0 endpoint information
- if (oaauth.getSl20EndPoints() != null) {
- if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints()))
- sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints());
-
- else {
- if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- sl20EndPoints = oaauth.getSl20EndPoints().substring(0,
- oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- sl20EndPoints = oaauth.getSl20EndPoints();
-
- }
- }
- sl20Active = oaauth.isSl20Active();
-
- }
-
-
- return null;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
- AuthComponentOA authoa = dbOA.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dbOA.setAuthComponentOA(authoa);
+
+ if (bkuurls != null) {
+
+ if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) {
+ bkuHandyURL = defaulthandy;
+ } else {
+ bkuHandyURL = bkuurls.getHandyBKU();
+ }
+
+ if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) {
+ bkuLocalURL = defaultlocal;
+ } else {
+ bkuLocalURL = bkuurls.getLocalBKU();
+ }
+
+ if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) {
+ bkuOnlineURL = defaultonline;
+ } else {
+ bkuOnlineURL = bkuurls.getOnlineBKU();
+ }
+ }
+
+ final Mandates mandates = oaauth.getMandates();
+ if (mandates != null) {
+
+ mandateProfiles = null;
+
+ final List<String> profileList = mandates.getProfileName();
+ for (final String el : profileList) {
+ if (mandateProfiles == null) {
+ mandateProfiles = el;
+ } else {
+ mandateProfiles += "," + el;
+ }
+ }
+
+ // TODO: only for RC1
+ if (MiscUtil.isNotEmpty(mandates.getProfiles())) {
+ if (mandateProfiles == null) {
+ mandateProfiles = mandates.getProfiles();
+ } else {
+ mandateProfiles += "," + mandates.getProfiles();
+ }
+
+ }
+
+ if (mandateProfiles != null) {
+ useMandates = true;
+ } else {
+ useMandates = false;
+ }
+
+ misServiceSelected = mandates.getSelectedMISServiceURL();
+ elgaServiceSelected = mandates.getSelecteELGAServiceURL();
+
+ }
+
+ final TemplatesType templates = oaauth.getTemplates();
+ if (templates != null) {
+ final List<TemplateType> templatetype = templates.getTemplate();
+
+ if (templatetype != null) {
+ if (SLTemplates == null) {
+ SLTemplates = new ArrayList<>();
+ }
+
+ for (final TemplateType el : templatetype) {
+ SLTemplates.add(el.getURL());
+ }
}
-
- dbOA.setCalculateHPI(isCalculateHPI());
-
- if (MiscUtil.isNotEmpty(getSzrgwServiceSelected()))
- dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected());
-
-
- if (MiscUtil.isNotEmpty(getEidServiceSelected()))
- dbOA.setSelectedEIDServiceURL(getEidServiceSelected());
-
- if (authUser.isAdmin()) {
-
- //store BKU-URLs
- BKUURLS bkuruls = new BKUURLS();
- authoa.setBKUURLS(bkuruls);
- bkuruls.setHandyBKU(getBkuHandyURL());
- bkuruls.setLocalBKU(getBkuLocalURL());
- bkuruls.setOnlineBKU(getBkuOnlineURL());
-
- //store SecurtiyLayerTemplates
- TemplatesType templates = authoa.getTemplates();
- if (templates == null) {
- templates = new TemplatesType();
- authoa.setTemplates(templates);
- }
- List<TemplateType> template = templates.getTemplate();
- if (isLegacy()) {
-
- if (template == null)
- template = new ArrayList<TemplateType>();
- else
- template.clear();
-
- if (MiscUtil.isNotEmpty(getSLTemplateURL1())) {
- TemplateType el = new TemplateType();
- el.setURL(getSLTemplateURL1());
- template.add(el);
- } else
- template.add(new TemplateType());
- if (MiscUtil.isNotEmpty(getSLTemplateURL2())) {
- TemplateType el = new TemplateType();
- el.setURL(getSLTemplateURL2());
- template.add(el);
- } else
- template.add(new TemplateType());
- if (MiscUtil.isNotEmpty(getSLTemplateURL3())) {
- TemplateType el = new TemplateType();
- el.setURL(getSLTemplateURL3());
- template.add(el);
- } else
- template.add(new TemplateType());
-
- } else {
- if (template != null && template.size() > 0) template.clear();
- }
-
-
- //store keyBox Identifier
- dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier()));
+ }
+
+ if (SLTemplates != null && SLTemplates.size() > 0) {
+ legacy = true;
+ }
+
+ final List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo();
+ transformations = new HashMap<>();
+ for (final TransformsInfoType el : transforminfos) {
+ transformations.put(el.getFilename(), el.getTransformation());
+ }
+ }
+
+ if (oaauth.getTestCredentials() != null) {
+ enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials();
+ testCredentialOIDs = new ArrayList<>();
+ testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID());
+
+ useTestAuthblockValidationTrustStore = oaauth.getTestCredentials().isUseTestAuthBlockTrustStore();
+ useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore();
+ }
+
+ // parse SL2.0 information
+ if (oaauth.isSl20Active()) {
+ // parse SL2.0 endpoint information
+ if (oaauth.getSl20EndPoints() != null) {
+ if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) {
+ sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints());
} else {
- if (dbOA.isIsNew()) dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
+ if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ sl20EndPoints = oaauth.getSl20EndPoints().substring(0,
+ oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER));
+
+ } else {
+ sl20EndPoints = oaauth.getSl20EndPoints();
+ }
+
}
-
- Mandates mandates = new Mandates();
- if (isUseMandates()) {
-
- String[] profileList = getMandateProfiles().split(",");
-
- List<String> dbProfiles = mandates.getProfileName();
- if (dbProfiles == null) {
- dbProfiles = new ArrayList<String>();
- mandates.setProfileName(dbProfiles);
-
- }
-
- for (String el: profileList)
- dbProfiles.add(el.trim());
-
- mandates.setProfiles(null);
-
- if (MiscUtil.isNotEmpty(getMisServiceSelected()))
- mandates.setSelectedMISServiceURL(getMisServiceSelected());
-
- if (MiscUtil.isNotEmpty(getElgaServiceSelected()))
- mandates.setSelecteELGAServiceURL(getElgaServiceSelected());
-
+ }
+ sl20Active = oaauth.isSl20Active();
+
+ }
+
+ return null;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ dbOA.setCalculateHPI(isCalculateHPI());
+
+ if (MiscUtil.isNotEmpty(getSzrgwServiceSelected())) {
+ dbOA.setSelectedSZRGWServiceURL(getSzrgwServiceSelected());
+ }
+
+ if (MiscUtil.isNotEmpty(getEidServiceSelected())) {
+ dbOA.setSelectedEIDServiceURL(getEidServiceSelected());
+ }
+
+ if (authUser.isAdmin()) {
+
+ // store BKU-URLs
+ final BKUURLS bkuruls = new BKUURLS();
+ authoa.setBKUURLS(bkuruls);
+ bkuruls.setHandyBKU(getBkuHandyURL());
+ bkuruls.setLocalBKU(getBkuLocalURL());
+ bkuruls.setOnlineBKU(getBkuOnlineURL());
+
+ // store SecurtiyLayerTemplates
+ TemplatesType templates = authoa.getTemplates();
+ if (templates == null) {
+ templates = new TemplatesType();
+ authoa.setTemplates(templates);
+ }
+ List<TemplateType> template = templates.getTemplate();
+ if (isLegacy()) {
+
+ if (template == null) {
+ template = new ArrayList<>();
} else {
- mandates.setProfiles(null);
- mandates.getProfileName().clear();
-
+ template.clear();
}
- authoa.setMandates(mandates);
- // set default transformation if it is empty
- List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo();
- if (transformsInfo == null) {
- // TODO: set OA specific transformation if it is required
+ if (MiscUtil.isNotEmpty(getSLTemplateURL1())) {
+ final TemplateType el = new TemplateType();
+ el.setURL(getSLTemplateURL1());
+ template.add(el);
+ } else {
+ template.add(new TemplateType());
+ }
+ if (MiscUtil.isNotEmpty(getSLTemplateURL2())) {
+ final TemplateType el = new TemplateType();
+ el.setURL(getSLTemplateURL2());
+ template.add(el);
+ } else {
+ template.add(new TemplateType());
+ }
+ if (MiscUtil.isNotEmpty(getSLTemplateURL3())) {
+ final TemplateType el = new TemplateType();
+ el.setURL(getSLTemplateURL3());
+ template.add(el);
+ } else {
+ template.add(new TemplateType());
+ }
+ } else {
+ if (template != null && template.size() > 0) {
+ template.clear();
}
-
- if (enableTestCredentials) {
- TestCredentials testing = authoa.getTestCredentials();
+ }
+
+ // store keyBox Identifier
+ dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier()));
+ } else {
+ if (dbOA.isIsNew()) {
+ dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR);
+ }
+ }
+
+ final Mandates mandates = new Mandates();
+ if (isUseMandates()) {
+
+ final String[] profileList = getMandateProfiles().split(",");
+
+ List<String> dbProfiles = mandates.getProfileName();
+ if (dbProfiles == null) {
+ dbProfiles = new ArrayList<>();
+ mandates.setProfileName(dbProfiles);
+
+ }
+
+ for (final String el : profileList) {
+ dbProfiles.add(el.trim());
+ }
+
+ mandates.setProfiles(null);
+
+ if (MiscUtil.isNotEmpty(getMisServiceSelected())) {
+ mandates.setSelectedMISServiceURL(getMisServiceSelected());
+ }
+
+ if (MiscUtil.isNotEmpty(getElgaServiceSelected())) {
+ mandates.setSelecteELGAServiceURL(getElgaServiceSelected());
+ }
+
+ } else {
+ mandates.setProfiles(null);
+ mandates.getProfileName().clear();
+
+ }
+ authoa.setMandates(mandates);
+
+ // set default transformation if it is empty
+ final List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo();
+ if (transformsInfo == null) {
+ // TODO: set OA specific transformation if it is required
+
+ }
+
+ if (enableTestCredentials) {
+ TestCredentials testing = authoa.getTestCredentials();
// if (testing != null)
// ConfigurationDBUtils.delete(testing);
- testing = new TestCredentials();
- authoa.setTestCredentials(testing);
- testing.setEnableTestCredentials(enableTestCredentials);
- testing.setCredentialOID(testCredentialOIDs);
-
+ testing = new TestCredentials();
+ authoa.setTestCredentials(testing);
+ testing.setEnableTestCredentials(enableTestCredentials);
+ testing.setCredentialOID(testCredentialOIDs);
+
+ } else {
+ final TestCredentials testing = authoa.getTestCredentials();
+ if (testing != null) {
+ testing.setEnableTestCredentials(false);
+ }
+
+ }
+
+ TestCredentials testing = authoa.getTestCredentials();
+ if (testing == null) {
+ testing = new TestCredentials();
+ authoa.setTestCredentials(testing);
+
+ }
+ testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore);
+ testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore);
+
+ // store SL2.0 information
+ authoa.setSl20Active(isSl20Active());
+ authoa.setSl20EndPoints(getSl20EndPoints());
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request);
+ }
+
+ /**
+ * @return the bkuOnlineURL
+ */
+ public String getBkuOnlineURL() {
+ return bkuOnlineURL;
+ }
+
+ /**
+ * @param bkuOnlineURL the bkuOnlineURL to set
+ */
+ public void setBkuOnlineURL(String bkuOnlineURL) {
+ this.bkuOnlineURL = bkuOnlineURL;
+ }
+
+ /**
+ * @return the bkuHandyURL
+ */
+ public String getBkuHandyURL() {
+ return bkuHandyURL;
+ }
+
+ /**
+ * @param bkuHandyURL the bkuHandyURL to set
+ */
+ public void setBkuHandyURL(String bkuHandyURL) {
+ this.bkuHandyURL = bkuHandyURL;
+ }
+
+ /**
+ * @return the bkuLocalURL
+ */
+ public String getBkuLocalURL() {
+ return bkuLocalURL;
+ }
+
+ /**
+ * @param bkuLocalURL the bkuLocalURL to set
+ */
+ public void setBkuLocalURL(String bkuLocalURL) {
+ this.bkuLocalURL = bkuLocalURL;
+ }
+
+ /**
+ * @return the mandateProfiles
+ */
+ public String getMandateProfiles() {
+ return mandateProfiles;
+ }
+
+ /**
+ * @param mandateProfiles the mandateProfiles to set
+ */
+ public void setMandateProfiles(String mandateProfiles) {
+ this.mandateProfiles = mandateProfiles;
+ }
+
+ /**
+ * @return the useMandates
+ */
+ public boolean isUseMandates() {
+ return useMandates;
+ }
+
+ /**
+ * @param useMandates the useMandates to set
+ */
+ public void setUseMandates(boolean useMandates) {
+ this.useMandates = useMandates;
+ }
+
+ /**
+ * @return the calculateHPI
+ */
+ public boolean isCalculateHPI() {
+ return calculateHPI;
+ }
+
+ /**
+ * @param calculateHPI the calculateHPI to set
+ */
+ public void setCalculateHPI(boolean calculateHPI) {
+ this.calculateHPI = calculateHPI;
+ }
+
+ /**
+ * @return the keyBoxIdentifier
+ */
+ public String getKeyBoxIdentifier() {
+ return keyBoxIdentifier;
+ }
+
+ /**
+ * @param keyBoxIdentifier the keyBoxIdentifier to set
+ */
+ public void setKeyBoxIdentifier(String keyBoxIdentifier) {
+ this.keyBoxIdentifier = keyBoxIdentifier;
+ }
+
+ /**
+ * @return the keyBoxIdentifierList
+ */
+ public Map<String, String> getKeyBoxIdentifierList() {
+ return keyBoxIdentifierList;
+ }
+
+ /**
+ * @return the legacy
+ */
+ public boolean isLegacy() {
+ return legacy;
+ }
+
+ /**
+ * @param legacy the legacy to set
+ */
+ public void setLegacy(boolean legacy) {
+ this.legacy = legacy;
+ }
+
+ /**
+ * @return the transformations
+ */
+ public Map<String, byte[]> getTransformations() {
+ return transformations;
+ }
+
+ /**
+ * @param transformations the transformations to set
+ */
+ public void setTransformations(Map<String, byte[]> transformations) {
+ this.transformations = transformations;
+ }
+
+ /**
+ * @return the sLTemplates
+ */
+ public List<String> getSLTemplates() {
+ return SLTemplates;
+ }
+
+ /**
+ * @return the sLTemplateURL1
+ */
+ public String getSLTemplateURL1() {
+ if (SLTemplates != null && SLTemplates.size() > 0) {
+ return SLTemplates.get(0);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @param sLTemplateURL1 the sLTemplateURL1 to set
+ */
+ public void setSLTemplateURL1(String sLTemplateURL1) {
+ if (SLTemplates == null) {
+ SLTemplates = new ArrayList<>();
+ }
+ SLTemplates.add(sLTemplateURL1);
+ }
+
+ /**
+ * @return the sLTemplateURL2
+ */
+ public String getSLTemplateURL2() {
+ if (SLTemplates != null && SLTemplates.size() > 1) {
+ return SLTemplates.get(1);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @param sLTemplateURL2 the sLTemplateURL2 to set
+ */
+ public void setSLTemplateURL2(String sLTemplateURL2) {
+ if (SLTemplates == null) {
+ SLTemplates = new ArrayList<>();
+ }
+ SLTemplates.add(sLTemplateURL2);
+ }
+
+ /**
+ * @return the sLTemplateURL3
+ */
+ public String getSLTemplateURL3() {
+ if (SLTemplates != null && SLTemplates.size() > 2) {
+ return SLTemplates.get(2);
+ } else {
+ return null;
+ }
+ }
+
+ /**
+ * @param sLTemplateURL3 the sLTemplateURL3 to set
+ */
+ public void setSLTemplateURL3(String sLTemplateURL3) {
+ if (SLTemplates == null) {
+ SLTemplates = new ArrayList<>();
+ }
+ SLTemplates.add(sLTemplateURL3);
+ }
+
+ /**
+ * @return the enableTestCredentials
+ */
+ public boolean isEnableTestCredentials() {
+ return enableTestCredentials;
+ }
+
+ /**
+ * @param enableTestCredentials the enableTestCredentials to set
+ */
+ public void setEnableTestCredentials(boolean enableTestCredentials) {
+ this.enableTestCredentials = enableTestCredentials;
+ }
+
+ /**
+ * @return the testCredentialOIDs
+ */
+ public String getTestCredentialOIDs() {
+ String value = null;
+ if (testCredentialOIDs != null) {
+ for (final String el : testCredentialOIDs) {
+ if (value == null) {
+ value = el;
} else {
- TestCredentials testing = authoa.getTestCredentials();
- if (testing != null) {
- testing.setEnableTestCredentials(false);
- }
-
+ value += "," + el;
}
-
- TestCredentials testing = authoa.getTestCredentials();
- if (testing == null) {
- testing = new TestCredentials();
- authoa.setTestCredentials(testing);
-
- }
- testing.setUseTestAuthBlockTrustStore(useTestAuthblockValidationTrustStore);
- testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore);
-
-
- //store SL2.0 information
- authoa.setSl20Active(isSl20Active());
- authoa.setSl20EndPoints(getSl20EndPoints());
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
- return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request);
- }
-
-
- /**
- * @return the bkuOnlineURL
- */
- public String getBkuOnlineURL() {
- return bkuOnlineURL;
- }
-
-
- /**
- * @param bkuOnlineURL the bkuOnlineURL to set
- */
- public void setBkuOnlineURL(String bkuOnlineURL) {
- this.bkuOnlineURL = bkuOnlineURL;
- }
-
-
- /**
- * @return the bkuHandyURL
- */
- public String getBkuHandyURL() {
- return bkuHandyURL;
- }
-
-
- /**
- * @param bkuHandyURL the bkuHandyURL to set
- */
- public void setBkuHandyURL(String bkuHandyURL) {
- this.bkuHandyURL = bkuHandyURL;
- }
-
-
- /**
- * @return the bkuLocalURL
- */
- public String getBkuLocalURL() {
- return bkuLocalURL;
- }
-
-
- /**
- * @param bkuLocalURL the bkuLocalURL to set
- */
- public void setBkuLocalURL(String bkuLocalURL) {
- this.bkuLocalURL = bkuLocalURL;
- }
-
-
- /**
- * @return the mandateProfiles
- */
- public String getMandateProfiles() {
- return mandateProfiles;
- }
-
-
- /**
- * @param mandateProfiles the mandateProfiles to set
- */
- public void setMandateProfiles(String mandateProfiles) {
- this.mandateProfiles = mandateProfiles;
- }
-
-
- /**
- * @return the useMandates
- */
- public boolean isUseMandates() {
- return useMandates;
- }
-
-
- /**
- * @param useMandates the useMandates to set
- */
- public void setUseMandates(boolean useMandates) {
- this.useMandates = useMandates;
- }
-
-
- /**
- * @return the calculateHPI
- */
- public boolean isCalculateHPI() {
- return calculateHPI;
- }
-
-
- /**
- * @param calculateHPI the calculateHPI to set
- */
- public void setCalculateHPI(boolean calculateHPI) {
- this.calculateHPI = calculateHPI;
- }
-
-
- /**
- * @return the keyBoxIdentifier
- */
- public String getKeyBoxIdentifier() {
- return keyBoxIdentifier;
- }
-
-
- /**
- * @param keyBoxIdentifier the keyBoxIdentifier to set
- */
- public void setKeyBoxIdentifier(String keyBoxIdentifier) {
- this.keyBoxIdentifier = keyBoxIdentifier;
- }
-
-
- /**
- * @return the keyBoxIdentifierList
- */
- public Map<String, String> getKeyBoxIdentifierList() {
- return keyBoxIdentifierList;
- }
-
-
- /**
- * @return the legacy
- */
- public boolean isLegacy() {
- return legacy;
- }
-
-
- /**
- * @param legacy the legacy to set
- */
- public void setLegacy(boolean legacy) {
- this.legacy = legacy;
- }
-
-
- /**
- * @return the transformations
- */
- public Map<String, byte[]> getTransformations() {
- return transformations;
- }
-
-
- /**
- * @param transformations the transformations to set
- */
- public void setTransformations(Map<String, byte[]> transformations) {
- this.transformations = transformations;
- }
-
-
- /**
- * @return the sLTemplates
- */
- public List<String> getSLTemplates() {
- return SLTemplates;
- }
-
- /**
- * @return the sLTemplateURL1
- */
- public String getSLTemplateURL1() {
- if (SLTemplates != null && SLTemplates.size() > 0)
- return SLTemplates.get(0);
- else
- return null;
- }
-
-
- /**
- * @param sLTemplateURL1 the sLTemplateURL1 to set
- */
- public void setSLTemplateURL1(String sLTemplateURL1) {
- if (SLTemplates == null)
- SLTemplates = new ArrayList<String>();
- SLTemplates.add(sLTemplateURL1);
- }
-
-
- /**
- * @return the sLTemplateURL2
- */
- public String getSLTemplateURL2() {
- if (SLTemplates != null && SLTemplates.size() > 1)
- return SLTemplates.get(1);
- else
- return null;
- }
-
-
- /**
- * @param sLTemplateURL2 the sLTemplateURL2 to set
- */
- public void setSLTemplateURL2(String sLTemplateURL2) {
- if (SLTemplates == null)
- SLTemplates = new ArrayList<String>();
- SLTemplates.add(sLTemplateURL2);
- }
-
-
- /**
- * @return the sLTemplateURL3
- */
- public String getSLTemplateURL3() {
- if (SLTemplates != null && SLTemplates.size() > 2)
- return SLTemplates.get(2);
- else
- return null;
- }
-
-
- /**
- * @param sLTemplateURL3 the sLTemplateURL3 to set
- */
- public void setSLTemplateURL3(String sLTemplateURL3) {
- if (SLTemplates == null)
- SLTemplates = new ArrayList<String>();
- SLTemplates.add(sLTemplateURL3);
- }
-
- /**
- * @return the enableTestCredentials
- */
- public boolean isEnableTestCredentials() {
- return enableTestCredentials;
- }
-
- /**
- * @param enableTestCredentials the enableTestCredentials to set
- */
- public void setEnableTestCredentials(boolean enableTestCredentials) {
- this.enableTestCredentials = enableTestCredentials;
- }
-
- /**
- * @return the testCredentialOIDs
- */
- public String getTestCredentialOIDs() {
- String value = null;
- if (testCredentialOIDs != null) {
- for (String el : testCredentialOIDs) {
- if (value == null)
- value = el;
- else
- value += "," + el;
-
- }
- }
-
- return value;
- }
-
- public List<String> getTestCredialOIDList() {
- return this.testCredentialOIDs;
- }
-
- /**
- * @param testCredentialOIDs the testCredentialOIDs to set
- */
- public void setTestCredentialOIDs(String testCredentialOIDs) {
- if (MiscUtil.isNotEmpty(testCredentialOIDs)) {
- String[] oidList = testCredentialOIDs.split(",");
-
- this.testCredentialOIDs = new ArrayList<String>();
- for (int i=0; i<oidList.length; i++)
- this.testCredentialOIDs.add(oidList[i].trim());
- }
- }
-
- /**
- * @return the useTestIDLValidationTrustStore
- */
- public boolean isUseTestIDLValidationTrustStore() {
- return useTestIDLValidationTrustStore;
- }
-
- /**
- * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to set
- */
- public void setUseTestIDLValidationTrustStore(
- boolean useTestIDLValidationTrustStore) {
- this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore;
- }
-
- /**
- * @return the useTestAuthblockValidationTrustStore
- */
- public boolean isUseTestAuthblockValidationTrustStore() {
- return useTestAuthblockValidationTrustStore;
- }
-
- /**
- * @param useTestAuthblockValidationTrustStore the useTestAuthblockValidationTrustStore to set
- */
- public void setUseTestAuthblockValidationTrustStore(
- boolean useTestAuthblockValidationTrustStore) {
- this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore;
- }
-
- /**
- * @return the misServiceSelected
- */
- public String getMisServiceSelected() {
- return misServiceSelected;
- }
-
- /**
- * @param misServiceSelected the misServiceSelected to set
- */
- public void setMisServiceSelected(String misServiceSelected) {
- this.misServiceSelected = misServiceSelected;
- }
-
- /**
- * @return the elgaServiceSelected
- */
- public String getElgaServiceSelected() {
- return elgaServiceSelected;
- }
-
- /**
- * @param elgaServiceSelected the elgaServiceSelected to set
- */
- public void setElgaServiceSelected(String elgaServiceSelected) {
- this.elgaServiceSelected = elgaServiceSelected;
- }
-
- /**
- * @return the szrgwServiceSelected
- */
- public String getSzrgwServiceSelected() {
- return szrgwServiceSelected;
- }
-
- /**
- * @param szrgwServiceSelected the szrgwServiceSelected to set
- */
- public void setSzrgwServiceSelected(String szrgwServiceSelected) {
- this.szrgwServiceSelected = szrgwServiceSelected;
- }
-
- /**
- * @return the misServicesList
- */
- public List<String> getMisServicesList() {
- return misServicesList;
- }
-
- /**
- * @return the elgaServicesList
- */
- public List<String> getElgaServicesList() {
- return elgaServicesList;
- }
-
- /**
- * @return the szrgwServicesList
- */
- public List<String> getSzrgwServicesList() {
- return szrgwServicesList;
- }
-
- public List<String> getEidServicesList() {
- return eidServicesList;
- }
-
- public String getEidServiceSelected() {
- return eidServiceSelected;
- }
-
- public void setEidServiceSelected(String eidServiceSelected) {
- this.eidServiceSelected = eidServiceSelected;
- }
-
- public boolean isSl20Active() {
- return sl20Active;
- }
-
- public void setSl20Active(boolean sl20Active) {
- this.sl20Active = sl20Active;
- }
-
- public String getSl20EndPoints() {
- return sl20EndPoints;
- }
-
- public void setSl20EndPoints(String sl20EndPoints) {
- if (MiscUtil.isNotEmpty(sl20EndPoints))
- this.sl20EndPoints =
- KeyValueUtils.removeAllNewlineFromString(sl20EndPoints);
- else
- this.sl20EndPoints = sl20EndPoints;
- }
-
- public boolean isMoaidMode() {
- return isMoaidMode;
- }
-
+
+ }
+ }
+
+ return value;
+ }
+
+ public List<String> getTestCredialOIDList() {
+ return this.testCredentialOIDs;
+ }
+
+ /**
+ * @param testCredentialOIDs the testCredentialOIDs to set
+ */
+ public void setTestCredentialOIDs(String testCredentialOIDs) {
+ if (MiscUtil.isNotEmpty(testCredentialOIDs)) {
+ final String[] oidList = testCredentialOIDs.split(",");
+
+ this.testCredentialOIDs = new ArrayList<>();
+ for (final String element : oidList) {
+ this.testCredentialOIDs.add(element.trim());
+ }
+ }
+ }
+
+ /**
+ * @return the useTestIDLValidationTrustStore
+ */
+ public boolean isUseTestIDLValidationTrustStore() {
+ return useTestIDLValidationTrustStore;
+ }
+
+ /**
+ * @param useTestIDLValidationTrustStore the useTestIDLValidationTrustStore to
+ * set
+ */
+ public void setUseTestIDLValidationTrustStore(
+ boolean useTestIDLValidationTrustStore) {
+ this.useTestIDLValidationTrustStore = useTestIDLValidationTrustStore;
+ }
+
+ /**
+ * @return the useTestAuthblockValidationTrustStore
+ */
+ public boolean isUseTestAuthblockValidationTrustStore() {
+ return useTestAuthblockValidationTrustStore;
+ }
+
+ /**
+ * @param useTestAuthblockValidationTrustStore the
+ * useTestAuthblockValidationTrustStore
+ * to set
+ */
+ public void setUseTestAuthblockValidationTrustStore(
+ boolean useTestAuthblockValidationTrustStore) {
+ this.useTestAuthblockValidationTrustStore = useTestAuthblockValidationTrustStore;
+ }
+
+ /**
+ * @return the misServiceSelected
+ */
+ public String getMisServiceSelected() {
+ return misServiceSelected;
+ }
+
+ /**
+ * @param misServiceSelected the misServiceSelected to set
+ */
+ public void setMisServiceSelected(String misServiceSelected) {
+ this.misServiceSelected = misServiceSelected;
+ }
+
+ /**
+ * @return the elgaServiceSelected
+ */
+ public String getElgaServiceSelected() {
+ return elgaServiceSelected;
+ }
+
+ /**
+ * @param elgaServiceSelected the elgaServiceSelected to set
+ */
+ public void setElgaServiceSelected(String elgaServiceSelected) {
+ this.elgaServiceSelected = elgaServiceSelected;
+ }
+
+ /**
+ * @return the szrgwServiceSelected
+ */
+ public String getSzrgwServiceSelected() {
+ return szrgwServiceSelected;
+ }
+
+ /**
+ * @param szrgwServiceSelected the szrgwServiceSelected to set
+ */
+ public void setSzrgwServiceSelected(String szrgwServiceSelected) {
+ this.szrgwServiceSelected = szrgwServiceSelected;
+ }
+
+ /**
+ * @return the misServicesList
+ */
+ public List<String> getMisServicesList() {
+ return misServicesList;
+ }
+
+ /**
+ * @return the elgaServicesList
+ */
+ public List<String> getElgaServicesList() {
+ return elgaServicesList;
+ }
+
+ /**
+ * @return the szrgwServicesList
+ */
+ public List<String> getSzrgwServicesList() {
+ return szrgwServicesList;
+ }
+
+ public List<String> getEidServicesList() {
+ return eidServicesList;
+ }
+
+ public String getEidServiceSelected() {
+ return eidServiceSelected;
+ }
+
+ public void setEidServiceSelected(String eidServiceSelected) {
+ this.eidServiceSelected = eidServiceSelected;
+ }
+
+ public boolean isSl20Active() {
+ return sl20Active;
+ }
+
+ public void setSl20Active(boolean sl20Active) {
+ this.sl20Active = sl20Active;
+ }
+
+ public String getSl20EndPoints() {
+ return sl20EndPoints;
+ }
+
+ public void setSl20EndPoints(String sl20EndPoints) {
+ if (MiscUtil.isNotEmpty(sl20EndPoints)) {
+ this.sl20EndPoints =
+ KeyValueUtils.removeAllNewlineFromString(sl20EndPoints);
+ } else {
+ this.sl20EndPoints = sl20EndPoints;
+ }
+ }
+
+ public boolean isMoaidMode() {
+ return isMoaidMode;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
index bac69cf34..1f4d842ca 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
@@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.SerializationUtils;
-import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.api.data.BPKDecryptionParameters;
@@ -49,322 +48,342 @@ import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils
import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation;
import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class OABPKEncryption implements IOnlineApplicationData {
- private static final Logger log = Logger.getLogger(OABPKEncryption.class);
-
- private static final String MODULENAME = "bPKEncryptionDecryption";
-
- private String keyStorePassword = null;
- private String keyAlias = null;
- private String keyPassword = null;
-
- private Map<String, byte[]> keyStoreForm = new HashMap<String, byte[]>();
-
- private List<File> keyStoreFileUpload = null;
- private List<String> keyStoreFileUploadContentType = null;
- private List<String> keyStoreFileUploadFileName = new ArrayList<String>();;
- private boolean deletekeyStore = false;
- private boolean validationError = false;
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- // TODO Auto-generated method stub
- return MODULENAME;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA,
- AuthenticatedUser authUser, HttpServletRequest request) {
- AuthComponentOA oaAuth = dbOA.getAuthComponentOA();
- if (oaAuth != null) {
- EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation();
- if (bPKEncDec != null) {
- BPKDecryption bPKDec = bPKEncDec.getBPKDecryption();
- if (bPKDec != null) {
- keyAlias = bPKDec.getKeyAlias();
- if (bPKDec.getKeyStoreFileName() != null)
- keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName());
-
- }
- }
- }
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
- AuthComponentOA oaAuth = dbOA.getAuthComponentOA();
- if (oaAuth == null) {
- oaAuth = new AuthComponentOA();
- dbOA.setAuthComponentOA(oaAuth);
-
- }
- EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation();
- if (bPKEncDec == null) {
- bPKEncDec = new EncBPKInformation();
- oaAuth.setEncBPKInformation(bPKEncDec);
-
- }
-
- BPKDecryption bPKDec = bPKEncDec.getBPKDecryption();
- if (bPKDec == null) {
- bPKDec = new BPKDecryption();
- bPKEncDec.setBPKDecryption(bPKDec);
- }
-
- if (isDeletekeyStore()) {
- bPKDec.setIv(null);
- bPKDec.setKeyAlias(null);
- bPKDec.setKeyInformation(null);
- bPKDec.setKeyStoreFileName(null);
-
- }
-
- BPKDecryptionParameters keyInfo = new BPKDecryptionParameters();
- if (keyStoreForm != null && keyStoreForm.size() > 0) {
- keyInfo.setKeyAlias(keyAlias);
- keyInfo.setKeyPassword(keyPassword);
- keyInfo.setKeyStorePassword(keyStorePassword);
-
- Iterator<String> interator = keyStoreForm.keySet().iterator();
- bPKDec.setKeyStoreFileName(interator.next());
- bPKDec.setKeyAlias(keyAlias);
- keyInfo.setKeyStore(keyStoreForm.get(
- bPKDec.getKeyStoreFileName()));
-
- //encrypt key information
- byte[] serKeyInfo = SerializationUtils.serialize(keyInfo);
- try {
- EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo);
- bPKDec.setIv(encryptkeyInfo.getIv());
- bPKDec.setKeyInformation(encryptkeyInfo.getEncData());
-
- } catch (BuildException e) {
- log.error("Configuration encryption FAILED.", e);
- return LanguageHelper.getErrorString("error.general.text", request);
-
- }
- }
-
- request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null);
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
- HttpSession session = request.getSession();
- List<String> errors = new ArrayList<String>();
-
- String check = null;
-
- OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
- //validate BKU-selection template
- List<String> templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName()
- , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request);
- if (templateError != null && templateError.size() == 0) {
- if (keyStoreForm != null && keyStoreForm.size() > 0) {
- session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm);
-
- } else
- keyStoreForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION);
-
- } else {
- errors.addAll(templateError);
+ private static final String MODULENAME = "bPKEncryptionDecryption";
+
+ private String keyStorePassword = null;
+ private String keyAlias = null;
+ private String keyPassword = null;
+
+ private Map<String, byte[]> keyStoreForm = new HashMap<>();
+
+ private List<File> keyStoreFileUpload = null;
+ private List<String> keyStoreFileUploadContentType = null;
+ private List<String> keyStoreFileUploadFileName = new ArrayList<>();
+ private boolean deletekeyStore = false;
+ private boolean validationError = false;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ // TODO Auto-generated method stub
+ return MODULENAME;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ final AuthComponentOA oaAuth = dbOA.getAuthComponentOA();
+ if (oaAuth != null) {
+ final EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation();
+ if (bPKEncDec != null) {
+ final BPKDecryption bPKDec = bPKEncDec.getBPKDecryption();
+ if (bPKDec != null) {
+ keyAlias = bPKDec.getKeyAlias();
+ if (bPKDec.getKeyStoreFileName() != null) {
+ keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName());
+ }
}
-
- if (keyStoreForm != null && keyStoreForm.size() > 0) {
- check = getKeyStorePassword();
- if (MiscUtil.isEmpty(check)) {
- log.info("bPK decryption keystore password is empty");
- errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request));
-
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("bPK decryption keystore password contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-
- }
- }
-
- check = getKeyAlias();
- if (MiscUtil.isEmpty(check)) {
- log.info("bPK decryption key alias is empty");
- errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request));
-
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("bPK decryption key alias contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-
- }
- }
-
- check = getKeyPassword();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("bPK decryption key password contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-
- }
- }
-
- BPKDecryptionParameters keyInfo = new BPKDecryptionParameters();
- keyInfo.setKeyAlias(keyAlias);
- keyInfo.setKeyPassword(keyPassword);
- keyInfo.setKeyStorePassword(keyStorePassword);
- Iterator<String> interator = keyStoreForm.keySet().iterator();
- String fileName = interator.next();
- keyInfo.setKeyStore(keyStoreForm.get(fileName));
- if (keyInfo.getPrivateKey() == null) {
- log.info("Open keyStore FAILED.");
- errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request));
-
- }
+ }
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA oaAuth = dbOA.getAuthComponentOA();
+ if (oaAuth == null) {
+ oaAuth = new AuthComponentOA();
+ dbOA.setAuthComponentOA(oaAuth);
+
+ }
+ EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation();
+ if (bPKEncDec == null) {
+ bPKEncDec = new EncBPKInformation();
+ oaAuth.setEncBPKInformation(bPKEncDec);
+
+ }
+
+ BPKDecryption bPKDec = bPKEncDec.getBPKDecryption();
+ if (bPKDec == null) {
+ bPKDec = new BPKDecryption();
+ bPKEncDec.setBPKDecryption(bPKDec);
+ }
+
+ if (isDeletekeyStore()) {
+ bPKDec.setIv(null);
+ bPKDec.setKeyAlias(null);
+ bPKDec.setKeyInformation(null);
+ bPKDec.setKeyStoreFileName(null);
+
+ }
+
+ final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters();
+ if (keyStoreForm != null && keyStoreForm.size() > 0) {
+ keyInfo.setKeyAlias(keyAlias);
+ keyInfo.setKeyPassword(keyPassword);
+ keyInfo.setKeyStorePassword(keyStorePassword);
+
+ final Iterator<String> interator = keyStoreForm.keySet().iterator();
+ bPKDec.setKeyStoreFileName(interator.next());
+ bPKDec.setKeyAlias(keyAlias);
+ keyInfo.setKeyStore(keyStoreForm.get(
+ bPKDec.getKeyStoreFileName()));
+
+ // encrypt key information
+ final byte[] serKeyInfo = SerializationUtils.serialize(keyInfo);
+ try {
+ final EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo);
+ bPKDec.setIv(encryptkeyInfo.getIv());
+ bPKDec.setKeyInformation(encryptkeyInfo.getEncData());
+
+ } catch (final BuildException e) {
+ log.error("Configuration encryption FAILED.", e);
+ return LanguageHelper.getErrorString("error.general.text", request);
+
+ }
+ }
+
+ request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null);
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ final HttpSession session = request.getSession();
+ final List<String> errors = new ArrayList<>();
+
+ String check = null;
+
+ final OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
+ // validate BKU-selection template
+ final List<String> templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName(),
+ getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request);
+ if (templateError != null && templateError.size() == 0) {
+ if (keyStoreForm != null && keyStoreForm.size() > 0) {
+ session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm);
+
+ } else {
+ keyStoreForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION);
+ }
+
+ } else {
+ errors.addAll(templateError);
+
+ }
+
+ if (keyStoreForm != null && keyStoreForm.size() > 0) {
+ check = getKeyStorePassword();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("bPK decryption keystore password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request));
+
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("bPK decryption keystore password contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+
}
-
- if (errors.size() > 0) {
- validationError = true;
-
+ }
+
+ check = getKeyAlias();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("bPK decryption key alias is empty");
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request));
+
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("bPK decryption key alias contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+
}
-
- return errors;
-
- }
-
- /**
- * @return the keyStorePassword
- */
- public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
- /**
- * @param keyStorePassword the keyStorePassword to set
- */
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
- }
-
- /**
- * @return the keyAlias
- */
- public String getKeyAlias() {
- return keyAlias;
- }
-
- /**
- * @param keyAlias the keyAlias to set
- */
- public void setKeyAlias(String keyAlias) {
- this.keyAlias = keyAlias;
- }
-
- /**
- * @return the keyPassword
- */
- public String getKeyPassword() {
- return keyPassword;
- }
-
- /**
- * @param keyPassword the keyPassword to set
- */
- public void setKeyPassword(String keyPassword) {
- this.keyPassword = keyPassword;
- }
-
- /**
- * @return the keyStoreFileUpload
- */
- public List<File> getKeyStoreFileUpload() {
- return keyStoreFileUpload;
- }
-
- /**
- * @param keyStoreFileUpload the keyStoreFileUpload to set
- */
- public void setKeyStoreFileUpload(List<File> keyStoreFileUpload) {
- this.keyStoreFileUpload = keyStoreFileUpload;
- }
-
- /**
- * @return the keyStoreFileUploadContentType
- */
- public List<String> getKeyStoreFileUploadContentType() {
- return keyStoreFileUploadContentType;
- }
-
- /**
- * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set
- */
- public void setKeyStoreFileUploadContentType(
- List<String> keyStoreFileUploadContentType) {
- this.keyStoreFileUploadContentType = keyStoreFileUploadContentType;
- }
-
- /**
- * @return the keyStoreFileUploadFileName
- */
- public List<String> getKeyStoreFileUploadFileName() {
- return keyStoreFileUploadFileName;
- }
-
- /**
- * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set
- */
- public void setKeyStoreFileUploadFileName(
- List<String> keyStoreFileUploadFileName) {
- this.keyStoreFileUploadFileName = keyStoreFileUploadFileName;
- }
-
- /**
- * @return the deletekeyStore
- */
- public boolean isDeletekeyStore() {
- return deletekeyStore;
- }
-
- /**
- * @param deletekeyStore the deletekeyStore to set
- */
- public void setDeletekeyStore(boolean deletekeyStore) {
- this.deletekeyStore = deletekeyStore;
- }
-
- /**
- * @return the validationError
- */
- public boolean isValidationError() {
- return validationError;
- }
-
-
+ }
+
+ check = getKeyPassword();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("bPK decryption key password contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+
+ }
+ }
+
+ final BPKDecryptionParameters keyInfo = new BPKDecryptionParameters();
+ keyInfo.setKeyAlias(keyAlias);
+ keyInfo.setKeyPassword(keyPassword);
+ keyInfo.setKeyStorePassword(keyStorePassword);
+ final Iterator<String> interator = keyStoreForm.keySet().iterator();
+ final String fileName = interator.next();
+ keyInfo.setKeyStore(keyStoreForm.get(fileName));
+ if (keyInfo.getPrivateKey() == null) {
+ log.info("Open keyStore FAILED.");
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request));
+
+ }
+ }
+
+ if (errors.size() > 0) {
+ validationError = true;
+
+ }
+
+ return errors;
+
+ }
+
+ /**
+ * @return the keyStorePassword
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * @param keyStorePassword the keyStorePassword to set
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * @return the keyAlias
+ */
+ public String getKeyAlias() {
+ return keyAlias;
+ }
+
+ /**
+ * @param keyAlias the keyAlias to set
+ */
+ public void setKeyAlias(String keyAlias) {
+ this.keyAlias = keyAlias;
+ }
+
+ /**
+ * @return the keyPassword
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * @param keyPassword the keyPassword to set
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+ /**
+ * @return the keyStoreFileUpload
+ */
+ public List<File> getKeyStoreFileUpload() {
+ return keyStoreFileUpload;
+ }
+
+ /**
+ * @param keyStoreFileUpload the keyStoreFileUpload to set
+ */
+ public void setKeyStoreFileUpload(List<File> keyStoreFileUpload) {
+ this.keyStoreFileUpload = keyStoreFileUpload;
+ }
+
+ /**
+ * @return the keyStoreFileUploadContentType
+ */
+ public List<String> getKeyStoreFileUploadContentType() {
+ return keyStoreFileUploadContentType;
+ }
+
+ /**
+ * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set
+ */
+ public void setKeyStoreFileUploadContentType(
+ List<String> keyStoreFileUploadContentType) {
+ this.keyStoreFileUploadContentType = keyStoreFileUploadContentType;
+ }
+
+ /**
+ * @return the keyStoreFileUploadFileName
+ */
+ public List<String> getKeyStoreFileUploadFileName() {
+ return keyStoreFileUploadFileName;
+ }
+
+ /**
+ * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set
+ */
+ public void setKeyStoreFileUploadFileName(
+ List<String> keyStoreFileUploadFileName) {
+ this.keyStoreFileUploadFileName = keyStoreFileUploadFileName;
+ }
+
+ /**
+ * @return the deletekeyStore
+ */
+ public boolean isDeletekeyStore() {
+ return deletekeyStore;
+ }
+
+ /**
+ * @param deletekeyStore the deletekeyStore to set
+ */
+ public void setDeletekeyStore(boolean deletekeyStore) {
+ this.deletekeyStore = deletekeyStore;
+ }
+
+ /**
+ * @return the validationError
+ */
+ public boolean isValidationError() {
+ return validationError;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index c51513193..45a3dba1b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -27,8 +27,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
@@ -36,130 +34,151 @@ import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
-
-
-public class OAGeneralConfig implements IOnlineApplicationData{
- private static final Logger log = Logger.getLogger(OAGeneralConfig.class);
-
- private boolean isActive = false;
-
- private String identifier = null;
- private String friendlyName = null;
- private boolean businessService = false;
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OAGeneralInformation";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
- isActive = dbOAConfig.isIsActive();
-
- friendlyName = dbOAConfig.getFriendlyName();
- identifier = dbOAConfig.getPublicURLPrefix();
-
- if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE))
- businessService = true;
- else
- businessService = false;
-
- return null;
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
- AuthComponentOA authoa = dbOA.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dbOA.setAuthComponentOA(authoa);
- }
-
- if (authUser.isAdmin()) dbOA.setIsActive(isActive());
-
- dbOA.setPublicURLPrefix(getIdentifier());
- dbOA.setFriendlyName(getFriendlyName());
-
- if (isBusinessService() || authUser.isOnlyBusinessService()) {
- dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
-
- } else {
- dbOA.setType(null);
- }
-
- return null;
-
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
- String check;
-
- //check OA FriendlyName
- check = getFriendlyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("OAFriendlyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.info("OA friendlyName is empty");
- errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request));
- }
-
- return errors;
-
- }
-
- public boolean isBusinessService() {
- return businessService;
- }
-
- public void setBusinessService(boolean businessService) {
- this.businessService = businessService;
- }
-
- public String getIdentifier() {
- return identifier;
- }
-
- public void setIdentifier(String identifier) {
- this.identifier = identifier;
- }
-
- public String getFriendlyName() {
- return friendlyName;
- }
-
- public void setFriendlyName(String friendlyName) {
- this.friendlyName = friendlyName;
- }
-
- public boolean isActive() {
- return isActive;
- }
-
- public void setActive(boolean isActive) {
- this.isActive = isActive;
- }
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class OAGeneralConfig implements IOnlineApplicationData {
+
+ private boolean isActive = false;
+
+ private String identifier = null;
+ private String friendlyName = null;
+ private boolean businessService = false;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OAGeneralInformation";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ isActive = dbOAConfig.isIsActive();
+
+ friendlyName = dbOAConfig.getFriendlyName();
+ identifier = dbOAConfig.getPublicURLPrefix();
+
+ if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) {
+ businessService = true;
+ } else {
+ businessService = false;
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ if (authUser.isAdmin()) {
+ dbOA.setIsActive(isActive());
+ }
+
+ dbOA.setPublicURLPrefix(getIdentifier());
+ dbOA.setFriendlyName(getFriendlyName());
+
+ if (isBusinessService() || authUser.isOnlyBusinessService()) {
+ dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
+
+ } else {
+ dbOA.setType(null);
+ }
+
+ return null;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+ String check;
+
+ // check OA FriendlyName
+ check = getFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("OAFriendlyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.info("OA friendlyName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request));
+ }
+
+ return errors;
+
+ }
+
+ public boolean isBusinessService() {
+ return businessService;
+ }
+
+ public void setBusinessService(boolean businessService) {
+ this.businessService = businessService;
+ }
+
+ public String getIdentifier() {
+ return identifier;
+ }
+
+ public void setIdentifier(String identifier) {
+ this.identifier = identifier;
+ }
+
+ public String getFriendlyName() {
+ return friendlyName;
+ }
+
+ public void setFriendlyName(String friendlyName) {
+ this.friendlyName = friendlyName;
+ }
+
+ public boolean isActive() {
+ return isActive;
+ }
+
+ public void setActive(boolean isActive) {
+ this.isActive = isActive;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
index a4d71f0ed..ef5658ca4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
@@ -27,194 +27,212 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData {
- private static final Logger log = Logger.getLogger(OAMOAIDPInterfederationConfig.class);
-
- private String queryURL;
- private Boolean inboundSSO = true;
- private Boolean outboundSSO = true;
- private Boolean storeSSOSession = true;
- private Boolean passiveRequest = true;
- private Boolean localAuthOnError = true;
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "MOAIDPInterfederation";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA,
- AuthenticatedUser authUser, HttpServletRequest request) {
-
- InterfederationIDPType moaIDP = dbOA.getInterfederationIDP();
- if (moaIDP != null) {
- this.queryURL = moaIDP.getAttributeQueryURL();
- this.inboundSSO = moaIDP.isInboundSSO();
- this.outboundSSO = moaIDP.isOutboundSSO();
- this.storeSSOSession = moaIDP.isStoreSSOSession();
- this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError();
- this.passiveRequest = moaIDP.isPerformPassivRequest();
- }
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
-
- if (authUser.isAdmin()) {
- dbOA.setIsInterfederationIDP(true);
-
- InterfederationIDPType moaIDP = dbOA.getInterfederationIDP();
- if (moaIDP == null) {
- moaIDP = new InterfederationIDPType();
- dbOA.setInterfederationIDP(moaIDP);
- }
-
- moaIDP.setAttributeQueryURL(queryURL);
- moaIDP.setInboundSSO(inboundSSO);
- moaIDP.setOutboundSSO(outboundSSO);
- moaIDP.setStoreSSOSession(storeSSOSession);
- moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError);
- moaIDP.setPerformPassivRequest(passiveRequest);
-
- }
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
-
- if (MiscUtil.isNotEmpty(queryURL)) {
- if (!ValidationHelper.validateURL(queryURL)) {
- log.info("AttributeQuery URL is not valid");
- errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request));
-
- }
- }
-
+ private String queryURL;
+ private Boolean inboundSSO = true;
+ private Boolean outboundSSO = true;
+ private Boolean storeSSOSession = true;
+ private Boolean passiveRequest = true;
+ private Boolean localAuthOnError = true;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "MOAIDPInterfederation";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ final InterfederationIDPType moaIDP = dbOA.getInterfederationIDP();
+ if (moaIDP != null) {
+ this.queryURL = moaIDP.getAttributeQueryURL();
+ this.inboundSSO = moaIDP.isInboundSSO();
+ this.outboundSSO = moaIDP.isOutboundSSO();
+ this.storeSSOSession = moaIDP.isStoreSSOSession();
+ this.localAuthOnError = moaIDP.isPerformLocalAuthenticationOnError();
+ this.passiveRequest = moaIDP.isPerformPassivRequest();
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ if (authUser.isAdmin()) {
+ dbOA.setIsInterfederationIDP(true);
+
+ InterfederationIDPType moaIDP = dbOA.getInterfederationIDP();
+ if (moaIDP == null) {
+ moaIDP = new InterfederationIDPType();
+ dbOA.setInterfederationIDP(moaIDP);
+ }
+
+ moaIDP.setAttributeQueryURL(queryURL);
+ moaIDP.setInboundSSO(inboundSSO);
+ moaIDP.setOutboundSSO(outboundSSO);
+ moaIDP.setStoreSSOSession(storeSSOSession);
+ moaIDP.setPerformLocalAuthenticationOnError(localAuthOnError);
+ moaIDP.setPerformPassivRequest(passiveRequest);
+
+ }
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+
+ if (MiscUtil.isNotEmpty(queryURL)) {
+ if (!ValidationHelper.validateURL(queryURL)) {
+ log.info("AttributeQuery URL is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid",
+ request));
+
+ }
+ }
+
// if (inboundSSO && MiscUtil.isEmpty(queryURL)) {
// log.info("Inbound Single Sign-On requires AttributQueryURL configuration.");
// errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request));
// }
-
- return errors;
- }
-
- /**
- * @return the queryURL
- */
- public String getQueryURL() {
- return queryURL;
- }
-
- /**
- * @param queryURL the queryURL to set
- */
- public void setQueryURL(String queryURL) {
- this.queryURL = queryURL;
- }
-
- /**
- * @return the inboundSSO
- */
- public boolean isInboundSSO() {
- return inboundSSO.booleanValue();
- }
-
- /**
- * @param inboundSSO the inboundSSO to set
- */
- public void setInboundSSO(boolean inboundSSO) {
- this.inboundSSO = inboundSSO;
- }
-
- /**
- * @return the outboundSSO
- */
- public boolean isOutboundSSO() {
- return outboundSSO.booleanValue();
- }
-
- /**
- * @param outboundSSO the outboundSSO to set
- */
- public void setOutboundSSO(boolean outboundSSO) {
- this.outboundSSO = outboundSSO;
- }
-
- /**
- * @return the storeSSOSession
- */
- public boolean isStoreSSOSession() {
- return storeSSOSession.booleanValue();
- }
-
- /**
- * @param storeSSOSession the storeSSOSession to set
- */
- public void setStoreSSOSession(boolean storeSSOSession) {
- this.storeSSOSession = storeSSOSession;
- }
-
- /**
- * @return the passiveRequest
- */
- public boolean isPassiveRequest() {
- return passiveRequest.booleanValue();
- }
-
- /**
- * @param passiveRequest the passiveRequest to set
- */
- public void setPassiveRequest(boolean passiveRequest) {
- this.passiveRequest = passiveRequest;
- }
-
- /**
- * @return the localAuthOnError
- */
- public boolean isLocalAuthOnError() {
- return localAuthOnError.booleanValue();
- }
-
- /**
- * @param localAuthOnError the localAuthOnError to set
- */
- public void setLocalAuthOnError(boolean localAuthOnError) {
- this.localAuthOnError = localAuthOnError;
- }
-
-
+
+ return errors;
+ }
+
+ /**
+ * @return the queryURL
+ */
+ public String getQueryURL() {
+ return queryURL;
+ }
+
+ /**
+ * @param queryURL the queryURL to set
+ */
+ public void setQueryURL(String queryURL) {
+ this.queryURL = queryURL;
+ }
+
+ /**
+ * @return the inboundSSO
+ */
+ public boolean isInboundSSO() {
+ return inboundSSO.booleanValue();
+ }
+
+ /**
+ * @param inboundSSO the inboundSSO to set
+ */
+ public void setInboundSSO(boolean inboundSSO) {
+ this.inboundSSO = inboundSSO;
+ }
+
+ /**
+ * @return the outboundSSO
+ */
+ public boolean isOutboundSSO() {
+ return outboundSSO.booleanValue();
+ }
+
+ /**
+ * @param outboundSSO the outboundSSO to set
+ */
+ public void setOutboundSSO(boolean outboundSSO) {
+ this.outboundSSO = outboundSSO;
+ }
+
+ /**
+ * @return the storeSSOSession
+ */
+ public boolean isStoreSSOSession() {
+ return storeSSOSession.booleanValue();
+ }
+
+ /**
+ * @param storeSSOSession the storeSSOSession to set
+ */
+ public void setStoreSSOSession(boolean storeSSOSession) {
+ this.storeSSOSession = storeSSOSession;
+ }
+
+ /**
+ * @return the passiveRequest
+ */
+ public boolean isPassiveRequest() {
+ return passiveRequest.booleanValue();
+ }
+
+ /**
+ * @param passiveRequest the passiveRequest to set
+ */
+ public void setPassiveRequest(boolean passiveRequest) {
+ this.passiveRequest = passiveRequest;
+ }
+
+ /**
+ * @return the localAuthOnError
+ */
+ public boolean isLocalAuthOnError() {
+ return localAuthOnError.booleanValue();
+ }
+
+ /**
+ * @param localAuthOnError the localAuthOnError to set
+ */
+ public void setLocalAuthOnError(boolean localAuthOnError) {
+ this.localAuthOnError = localAuthOnError;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
index ce50c847a..bae37b531 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java
@@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAOAUTH20;
@@ -40,132 +39,150 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import lombok.extern.slf4j.Slf4j;
-public class OAOAuth20Config implements IOnlineApplicationData{
-
- private final Logger log = Logger.getLogger(OAOAuth20Config.class);
-
- private String clientId = null;
- private String clientSecret = null;
- private String redirectUri = null;
-
- public OAOAuth20Config() {
- this.generateClientSecret();
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OAOpenIDConnect";
- }
-
- public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
- List<String> errors = new ArrayList<String>();
-
- HttpSession session = request.getSession();
-
- AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
- if (authdata != null) {
- // set client id to public url prefix
- this.clientId = dbOAConfig.getPublicURLPrefix();
-
- OAOAUTH20 config = authdata.getOAOAUTH20();
-
- if (config != null) {
- // validate secret
- if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) {
- this.clientSecret = config.getOAuthClientSecret();
- } else {
- this.generateClientSecret();
- }
-
- // validate redirectUri
- if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config.getOAuthRedirectUri())) {
- this.redirectUri = config.getOAuthRedirectUri();
- } else {
- errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request));
- }
- } else {
- this.generateClientSecret();
- }
- }
-
- session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret());
-
- return null;
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
- return new OAOAUTH20ConfigValidation().validate(this, request);
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
- AuthComponentOA authoa = dbOA.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dbOA.setAuthComponentOA(authoa);
+@Slf4j
+public class OAOAuth20Config implements IOnlineApplicationData {
+
+ private String clientId = null;
+ private String clientSecret = null;
+ private String redirectUri = null;
+
+ public OAOAuth20Config() {
+ this.generateClientSecret();
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OAOpenIDConnect";
+ }
+
+ @Override
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ final List<String> errors = new ArrayList<>();
+
+ final HttpSession session = request.getSession();
+
+ final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
+ if (authdata != null) {
+ // set client id to public url prefix
+ this.clientId = dbOAConfig.getPublicURLPrefix();
+
+ final OAOAUTH20 config = authdata.getOAOAUTH20();
+
+ if (config != null) {
+ // validate secret
+ if (StringUtils.isNotEmpty(config.getOAuthClientSecret())) {
+ this.clientSecret = config.getOAuthClientSecret();
+ } else {
+ this.generateClientSecret();
}
-
- log.debug("Saving OAuth 2.0 configuration:");
- OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20();
- if (oaOAuth20 == null) {
- oaOAuth20 = new OAOAUTH20();
- authoa.setOAOAUTH20(oaOAuth20);
+
+ // validate redirectUri
+ if (StringUtils.isNotEmpty(config.getOAuthRedirectUri()) && OAuth20Util.isUrl(config
+ .getOAuthRedirectUri())) {
+ this.redirectUri = config.getOAuthRedirectUri();
+ } else {
+ errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request));
}
+ } else {
+ this.generateClientSecret();
+ }
+ }
+
+ session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret());
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OAOAUTH20ConfigValidation().validate(this, request);
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ log.debug("Saving OAuth 2.0 configuration:");
+ OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20();
+ if (oaOAuth20 == null) {
+ oaOAuth20 = new OAOAUTH20();
+ authoa.setOAOAUTH20(oaOAuth20);
+ }
+
+ oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix());
+ // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret());
+ oaOAuth20.setOAuthRedirectUri(getRedirectUri());
+ log.debug("client id: " + getClientId());
+ log.debug("client secret: " + getClientSecret());
+ log.debug("redirect uri:" + getRedirectUri());
+
+ oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(
+ Constants.SESSION_OAUTH20SECRET));
+ request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null);
+
+ return null;
+ }
+
+ public String getClientId() {
+ return clientId;
+ }
+
+ public void setClientId(String clientId) {
+ this.clientId = clientId;
+ }
+
+ public String getClientSecret() {
+ return clientSecret;
+ }
+
+ public void setClientSecret(String clientSecret) {
+ this.clientSecret = clientSecret;
+ }
+
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
- oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix());
- // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret());
- oaOAuth20.setOAuthRedirectUri(getRedirectUri());
- log.debug("client id: " + getClientId());
- log.debug("client secret: " + getClientSecret());
- log.debug("redirect uri:" + getRedirectUri());
-
- oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET));
- request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null);
-
- return null;
- }
-
- public String getClientId() {
- return clientId;
- }
-
- public void setClientId(String clientId) {
- this.clientId = clientId;
- }
-
- public String getClientSecret() {
- return clientSecret;
- }
-
- public void setClientSecret(String clientSecret) {
- this.clientSecret = clientSecret;
- }
-
- public String getRedirectUri() {
- return redirectUri;
- }
-
- public void setRedirectUri(String redirectUri) {
- this.redirectUri = redirectUri;
- }
-
- public void generateClientSecret() {
- this.clientSecret = UUID.randomUUID().toString();
- }
+ public void generateClientSecret() {
+ this.clientSecret = UUID.randomUUID().toString();
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
index 4be1a81de..008617e76 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java
@@ -32,228 +32,247 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
-import iaik.x509.X509Certificate;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
-import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import iaik.x509.X509Certificate;
+import lombok.extern.slf4j.Slf4j;
-public class OAPVP2Config implements IOnlineApplicationData{
-
- private final Logger log = Logger.getLogger(OAPVP2Config.class);
-
- private boolean reLoad = false;
-
- private String metaDataURL = null;
- private String certificateDN = null;
-
- private File fileUpload = null;
- private String fileUploadContentType;
- private String fileUploadFileName;
-
- private byte[] storedCert = null;
-
- public OAPVP2Config() {
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OAPVP2";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser)
- */
- @Override
- public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) {
- AuthComponentOA authoa = dboa.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dboa.setAuthComponentOA(authoa);
- }
- OAPVP2 pvp2 = authoa.getOAPVP2();
- if (pvp2 == null) {
- pvp2 = new OAPVP2();
- authoa.setOAPVP2(pvp2);
- }
+@Slf4j
+public class OAPVP2Config implements IOnlineApplicationData {
+
+ private boolean reLoad = false;
+
+ private String metaDataURL = null;
+ private String certificateDN = null;
+
+ private File fileUpload = null;
+ private String fileUploadContentType;
+ private String fileUploadFileName;
+
+ private byte[] storedCert = null;
+
+ public OAPVP2Config() {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OAPVP2";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser)
+ */
+ @Override
+ public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) {
+ AuthComponentOA authoa = dboa.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dboa.setAuthComponentOA(authoa);
+ }
+ OAPVP2 pvp2 = authoa.getOAPVP2();
+ if (pvp2 == null) {
+ pvp2 = new OAPVP2();
+ authoa.setOAPVP2(pvp2);
+ }
+
+ try {
+
+ if (getFileUpload() != null) {
+ pvp2.setCertificate(getCertificate());
+ setReLoad(true);
+
+ } else if (storedCert != null) {
+ pvp2.setCertificate(storedCert);
+ }
+
+ } catch (final CertificateException e) {
+ log.info("Uploaded Certificate can not be found", e);
+ return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request);
+ } catch (final IOException e) {
+ log.info("Uploaded Certificate can not be parsed", e);
+ return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request);
+ }
+
+ if (getMetaDataURL() != null &&
+ !getMetaDataURL().equals(pvp2.getMetadataURL())) {
+ setReLoad(true);
+ }
+ pvp2.setMetadataURL(getMetaDataURL());
+
+ if (isReLoad()) {
+ pvp2.setUpdateRequiredItem(new Date());
+ }
+
+ return null;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request);
+ }
- try {
-
- if (getFileUpload() != null) {
- pvp2.setCertificate(getCertificate());
- setReLoad(true);
-
- } else if (storedCert != null)
- pvp2.setCertificate(storedCert);
-
- } catch (CertificateException e) {
- log.info("Uploaded Certificate can not be found", e);
- return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request);
- } catch (IOException e) {
- log.info("Uploaded Certificate can not be parsed", e);
- return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request);
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ final List<String> errors = new ArrayList<>();
+
+ final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
+ if (authdata != null) {
+ final OAPVP2 pvp2 = authdata.getOAPVP2();
+ if (pvp2 != null) {
+ metaDataURL = pvp2.getMetadataURL();
+
+ if (pvp2.getCertificate() != null &&
+ !new String(pvp2.getCertificate()).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) {
+ try {
+ // byte[] cert = pvp2.getCertificate();
+ final byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false);
+ if (MiscUtil.isNotEmpty(cert)) {
+ final X509Certificate x509 = new X509Certificate(cert);
+ certificateDN = x509.getSubjectDN().getName();
+ }
+ } catch (final CertificateException e) {
+ try {
+ final byte[] cert = pvp2.getCertificate();
+ if (MiscUtil.isNotEmpty(cert)) {
+ final X509Certificate x509 = new X509Certificate(cert);
+ certificateDN = x509.getSubjectDN().getName();
+ }
+
+ } catch (final CertificateException e1) {
+ log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig
+ .getPublicURLPrefix(), e1);
+ errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request));
+
+ }
+
+ } catch (final IOException e) {
+ log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig
+ .getPublicURLPrefix());
+ errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request));
+ }
}
+ }
+ }
+ return errors;
+ }
- if (getMetaDataURL() != null &&
- !getMetaDataURL().equals(pvp2.getMetadataURL()))
- setReLoad(true);
- pvp2.setMetadataURL(getMetaDataURL());
-
- if (isReLoad())
- pvp2.setUpdateRequiredItem(new Date());
-
- return null;
-
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
- return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication)
- */
- @Override
- public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
- List<String> errors = new ArrayList<String>();
-
- AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
- if (authdata != null) {
- OAPVP2 pvp2 = authdata.getOAPVP2();
- if (pvp2 != null) {
- metaDataURL = pvp2.getMetadataURL();
-
- if (pvp2.getCertificate() != null &&
- !(new String(pvp2.getCertificate())).equals(MOAIDConfigurationConstants.WEBGUI_EMPTY_ELEMENT)) {
- try {
- //byte[] cert = pvp2.getCertificate();
- byte[] cert = Base64Utils.decode(new String(pvp2.getCertificate()), false);
- if (MiscUtil.isNotEmpty(cert)) {
- X509Certificate x509 = new X509Certificate(cert);
- certificateDN = x509.getSubjectDN().getName();
- }
- } catch (CertificateException e) {
- try {
- byte[] cert = pvp2.getCertificate();
- if (MiscUtil.isNotEmpty(cert)) {
- X509Certificate x509 = new X509Certificate(cert);
- certificateDN = x509.getSubjectDN().getName();
- }
-
- } catch (CertificateException e1) {
- log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix(), e1);
- errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request));
-
- }
-
- } catch (IOException e) {
- log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix());
- errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate", request));
- }
- }
- }
- }
- return errors;
- }
-
- public byte[] getCertificate() throws CertificateException, IOException {
-
- FileInputStream filestream = new FileInputStream(fileUpload);
- X509Certificate x509 = new X509Certificate(filestream);
- return x509.getEncoded();
- }
-
- public void setStoredCert(byte[] storedCert) {
- this.storedCert = storedCert;
- }
-
- public String getMetaDataURL() {
- return metaDataURL;
- }
- public void setMetaDataURL(String metaDataURL) {
- this.metaDataURL = metaDataURL;
- }
-
- /**
- * @return the certificateDN
- */
- public String getCertificateDN() {
- return certificateDN;
- }
-
- /**
- * @return the fileUpLoad
- */
- public File getFileUpload() {
- return fileUpload;
- }
-
- /**
- * @param fileUpLoad the fileUpLoad to set
- */
- public void setFileUpload(File fileUpload) {
- this.fileUpload = fileUpload;
- }
-
- /**
- * @return the fileUploadContentType
- */
- public String getFileUploadContentType() {
- return fileUploadContentType;
- }
-
- /**
- * @param fileUploadContentType the fileUploadContentType to set
- */
- public void setFileUploadContentType(String fileUploadContentType) {
- this.fileUploadContentType = fileUploadContentType;
- }
-
- /**
- * @return the fileUploadFileName
- */
- public String getFileUploadFileName() {
- return fileUploadFileName;
- }
-
- /**
- * @param fileUploadFileName the fileUploadFileName to set
- */
- public void setFileUploadFileName(String fileUploadFileName) {
- this.fileUploadFileName = fileUploadFileName;
- }
-
- /**
- * @return the reLoad
- */
- public boolean isReLoad() {
- return reLoad;
- }
-
- /**
- * @param reLoad the reLoad to set
- */
- public void setReLoad(boolean reLoad) {
- this.reLoad = reLoad;
- }
-
-}
+ public byte[] getCertificate() throws CertificateException, IOException {
+
+ final FileInputStream filestream = new FileInputStream(fileUpload);
+ final X509Certificate x509 = new X509Certificate(filestream);
+ return x509.getEncoded();
+ }
+
+ public void setStoredCert(byte[] storedCert) {
+ this.storedCert = storedCert;
+ }
+
+ public String getMetaDataURL() {
+ return metaDataURL;
+ }
+
+ public void setMetaDataURL(String metaDataURL) {
+ this.metaDataURL = metaDataURL;
+ }
+ /**
+ * @return the certificateDN
+ */
+ public String getCertificateDN() {
+ return certificateDN;
+ }
+ /**
+ * @return the fileUpLoad
+ */
+ public File getFileUpload() {
+ return fileUpload;
+ }
+
+ /**
+ * @param fileUpLoad the fileUpLoad to set
+ */
+ public void setFileUpload(File fileUpload) {
+ this.fileUpload = fileUpload;
+ }
+
+ /**
+ * @return the fileUploadContentType
+ */
+ public String getFileUploadContentType() {
+ return fileUploadContentType;
+ }
+
+ /**
+ * @param fileUploadContentType the fileUploadContentType to set
+ */
+ public void setFileUploadContentType(String fileUploadContentType) {
+ this.fileUploadContentType = fileUploadContentType;
+ }
+
+ /**
+ * @return the fileUploadFileName
+ */
+ public String getFileUploadFileName() {
+ return fileUploadFileName;
+ }
+
+ /**
+ * @param fileUploadFileName the fileUploadFileName to set
+ */
+ public void setFileUploadFileName(String fileUploadFileName) {
+ this.fileUploadFileName = fileUploadFileName;
+ }
+
+ /**
+ * @return the reLoad
+ */
+ public boolean isReLoad() {
+ return reLoad;
+ }
+
+ /**
+ * @param reLoad the reLoad to set
+ */
+ public void setReLoad(boolean reLoad) {
+ this.reLoad = reLoad;
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
index 18bebf9d8..76fd31ccd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OARevisionsLogData.java
@@ -39,113 +39,134 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public class OARevisionsLogData implements IOnlineApplicationData {
- private boolean active = false;
- private String eventCodes = null;
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OARevisionsLogging";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA,
- AuthenticatedUser authUser, HttpServletRequest request) {
-
- if (dbOA.getIsRevisionsLogActive() != null)
- active = dbOA.getIsRevisionsLogActive();
-
- if (MiscUtil.isNotEmpty(dbOA.getEventCodes()))
- eventCodes = dbOA.getEventCodes();
-
- return null;
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
-
- dbOA.setIsRevisionsLogActive(active);
-
- if (MiscUtil.isNotEmpty(eventCodes)) {
- dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes));
-
- }
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
- List<String> errors = new ArrayList<String>();
-
- if (active && MiscUtil.isEmpty(eventCodes)) {
- errors.add(LanguageHelper.getErrorString(
- "error.oa.reversion.log.enabled"));
-
- }
-
- if (MiscUtil.isNotEmpty(eventCodes)) {
- String[] codes = eventCodes.split(",");
- for (String el: codes) {
- try {
- Integer.parseInt(el.trim());
-
- } catch (NumberFormatException e) {
- errors.add(LanguageHelper.getErrorString(
- "error.oa.reversion.log.eventcodes"));
- break;
-
- }
-
- }
-
- }
-
- return errors;
- }
-
- /**
- * @return the active
- */
- public boolean isActive() {
- return active;
- }
-
- /**
- * @param active the active to set
- */
- public void setActive(boolean active) {
- this.active = active;
- }
-
- /**
- * @return the eventCodes
- */
- public String getEventCodes() {
- return eventCodes;
- }
-
- /**
- * @param eventCodes the eventCodes to set
- */
- public void setEventCodes(String eventCodes) {
- this.eventCodes = eventCodes;
- }
-
-
+ private boolean active = false;
+ private String eventCodes = null;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OARevisionsLogging";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ if (dbOA.getIsRevisionsLogActive() != null) {
+ active = dbOA.getIsRevisionsLogActive();
+ }
+
+ if (MiscUtil.isNotEmpty(dbOA.getEventCodes())) {
+ eventCodes = dbOA.getEventCodes();
+ }
+
+ return null;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ dbOA.setIsRevisionsLogActive(active);
+
+ if (MiscUtil.isNotEmpty(eventCodes)) {
+ dbOA.setEventCodes(KeyValueUtils.normalizeCSVValueString(eventCodes));
+
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ final List<String> errors = new ArrayList<>();
+
+ if (active && MiscUtil.isEmpty(eventCodes)) {
+ errors.add(LanguageHelper.getErrorString(
+ "error.oa.reversion.log.enabled"));
+
+ }
+
+ if (MiscUtil.isNotEmpty(eventCodes)) {
+ final String[] codes = eventCodes.split(",");
+ for (final String el : codes) {
+ try {
+ Integer.parseInt(el.trim());
+
+ } catch (final NumberFormatException e) {
+ errors.add(LanguageHelper.getErrorString(
+ "error.oa.reversion.log.eventcodes"));
+ break;
+
+ }
+
+ }
+
+ }
+
+ return errors;
+ }
+
+ /**
+ * @return the active
+ */
+ public boolean isActive() {
+ return active;
+ }
+
+ /**
+ * @param active the active to set
+ */
+ public void setActive(boolean active) {
+ this.active = active;
+ }
+
+ /**
+ * @return the eventCodes
+ */
+ public String getEventCodes() {
+ return eventCodes;
+ }
+
+ /**
+ * @param eventCodes the eventCodes to set
+ */
+ public void setEventCodes(String eventCodes) {
+ this.eventCodes = eventCodes;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java
index 2922231b3..f1ee853ae 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java
@@ -33,178 +33,213 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation;
-public class OASAML1Config implements IOnlineApplicationData{
-
- private Boolean isActive = false;
- private Boolean provideStammZahl = false;
- private Boolean provideAuthBlock = false;
- private Boolean provideIdentityLink = false;
- private Boolean provideCertificate = false;
- private Boolean provideFullMandateData = false;
- private Boolean useCondition = false;
- private Boolean provideAllErrors = true;
- private int conditionLength = -1;
-
-
- public OASAML1Config() {
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OASAML1";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
- AuthComponentOA authdata = dbOA.getAuthComponentOA();
- if (authdata != null) {
- OASAML1 saml1 = authdata.getOASAML1();
- if (saml1 != null) {
- provideAuthBlock = saml1.isProvideAUTHBlock();
- provideCertificate = saml1.isProvideCertificate();
- provideFullMandateData = saml1.isProvideFullMandatorData();
- provideIdentityLink = saml1.isProvideIdentityLink();
- provideStammZahl = saml1.isProvideStammzahl();
-
- if (saml1.isProvideAllErrors() != null)
- provideAllErrors = saml1.isProvideAllErrors();
-
- if (saml1.isUseCondition() != null)
- useCondition = saml1.isUseCondition();
-
- if (saml1.getConditionLength() != null)
- conditionLength = saml1.getConditionLength().intValue();
-
- if (saml1.isIsActive() != null)
- isActive = saml1.isIsActive();
- }
- }
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
- return new OASAML1ConfigValidation().validate(this, general, request);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
- AuthComponentOA authoa = dbOA.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dbOA.setAuthComponentOA(authoa);
- }
-
- OASAML1 saml1 = authoa.getOASAML1();
- if (saml1 == null) {
- saml1 = new OASAML1();
- authoa.setOASAML1(saml1);
- saml1.setIsActive(false);
- }
-
- if (authUser.isAdmin()) {
- saml1.setIsActive(isActive());
- }
-
- if (saml1.isIsActive() != null && saml1.isIsActive()) {
- saml1.setProvideAUTHBlock(isProvideAuthBlock());
- saml1.setProvideCertificate(isProvideCertificate());
- saml1.setProvideFullMandatorData(isProvideFullMandateData());
- saml1.setProvideIdentityLink(isProvideIdentityLink());
- saml1.setProvideStammzahl(isProvideStammZahl());
- saml1.setUseCondition(isUseCondition());
- saml1.setProvideAllErrors(provideAllErrors);
- saml1.setConditionLength(BigInteger.valueOf(getConditionLength()));
- // TODO: set sourceID
- // saml1.setSourceID("");
- }
-
- return null;
- }
-
- public boolean isProvideStammZahl() {
- return provideStammZahl;
- }
- public void setProvideStammZahl(boolean provideStammZahl) {
- this.provideStammZahl = provideStammZahl;
- }
- public boolean isProvideAuthBlock() {
- return provideAuthBlock;
- }
- public void setProvideAuthBlock(boolean provideAuthBlock) {
- this.provideAuthBlock = provideAuthBlock;
- }
- public boolean isProvideIdentityLink() {
- return provideIdentityLink;
- }
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- this.provideIdentityLink = provideIdentityLink;
- }
- public boolean isProvideCertificate() {
- return provideCertificate;
- }
- public void setProvideCertificate(boolean provideCertificate) {
- this.provideCertificate = provideCertificate;
- }
- public boolean isProvideFullMandateData() {
- return provideFullMandateData;
- }
- public void setProvideFullMandateData(boolean provideFullMandateData) {
- this.provideFullMandateData = provideFullMandateData;
- }
- public boolean isUseCondition() {
- return useCondition;
- }
- public void setUseCondition(boolean useCondition) {
- this.useCondition = useCondition;
- }
- public int getConditionLength() {
- return conditionLength;
- }
- public void setConditionLength(int conditionLength) {
- this.conditionLength = conditionLength;
- }
-
- /**
- * @return the isActive
- */
- public boolean isActive() {
- return isActive;
- }
-
- /**
- * @param isActive the isActive to set
- */
- public void setActive(boolean isActive) {
- this.isActive = isActive;
- }
-
- /**
- * @return the provideAllErrors
- */
- public Boolean getProvideAllErrors() {
- return provideAllErrors;
- }
-
- /**
- * @param provideAllErrors the provideAllErrors to set
- */
- public void setProvideAllErrors(Boolean provideAllErrors) {
- this.provideAllErrors = provideAllErrors;
- }
-
-
+public class OASAML1Config implements IOnlineApplicationData {
+
+ private Boolean isActive = false;
+ private Boolean provideStammZahl = false;
+ private Boolean provideAuthBlock = false;
+ private Boolean provideIdentityLink = false;
+ private Boolean provideCertificate = false;
+ private Boolean provideFullMandateData = false;
+ private Boolean useCondition = false;
+ private Boolean provideAllErrors = true;
+ private int conditionLength = -1;
+
+ public OASAML1Config() {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OASAML1";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ final AuthComponentOA authdata = dbOA.getAuthComponentOA();
+ if (authdata != null) {
+ final OASAML1 saml1 = authdata.getOASAML1();
+ if (saml1 != null) {
+ provideAuthBlock = saml1.isProvideAUTHBlock();
+ provideCertificate = saml1.isProvideCertificate();
+ provideFullMandateData = saml1.isProvideFullMandatorData();
+ provideIdentityLink = saml1.isProvideIdentityLink();
+ provideStammZahl = saml1.isProvideStammzahl();
+
+ if (saml1.isProvideAllErrors() != null) {
+ provideAllErrors = saml1.isProvideAllErrors();
+ }
+
+ if (saml1.isUseCondition() != null) {
+ useCondition = saml1.isUseCondition();
+ }
+
+ if (saml1.getConditionLength() != null) {
+ conditionLength = saml1.getConditionLength().intValue();
+ }
+
+ if (saml1.isIsActive() != null) {
+ isActive = saml1.isIsActive();
+ }
+ }
+ }
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OASAML1ConfigValidation().validate(this, general, request);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ OASAML1 saml1 = authoa.getOASAML1();
+ if (saml1 == null) {
+ saml1 = new OASAML1();
+ authoa.setOASAML1(saml1);
+ saml1.setIsActive(false);
+ }
+
+ if (authUser.isAdmin()) {
+ saml1.setIsActive(isActive());
+ }
+
+ if (saml1.isIsActive() != null && saml1.isIsActive()) {
+ saml1.setProvideAUTHBlock(isProvideAuthBlock());
+ saml1.setProvideCertificate(isProvideCertificate());
+ saml1.setProvideFullMandatorData(isProvideFullMandateData());
+ saml1.setProvideIdentityLink(isProvideIdentityLink());
+ saml1.setProvideStammzahl(isProvideStammZahl());
+ saml1.setUseCondition(isUseCondition());
+ saml1.setProvideAllErrors(provideAllErrors);
+ saml1.setConditionLength(BigInteger.valueOf(getConditionLength()));
+ // TODO: set sourceID
+ // saml1.setSourceID("");
+ }
+
+ return null;
+ }
+
+ public boolean isProvideStammZahl() {
+ return provideStammZahl;
+ }
+
+ public void setProvideStammZahl(boolean provideStammZahl) {
+ this.provideStammZahl = provideStammZahl;
+ }
+
+ public boolean isProvideAuthBlock() {
+ return provideAuthBlock;
+ }
+
+ public void setProvideAuthBlock(boolean provideAuthBlock) {
+ this.provideAuthBlock = provideAuthBlock;
+ }
+
+ public boolean isProvideIdentityLink() {
+ return provideIdentityLink;
+ }
+
+ public void setProvideIdentityLink(boolean provideIdentityLink) {
+ this.provideIdentityLink = provideIdentityLink;
+ }
+
+ public boolean isProvideCertificate() {
+ return provideCertificate;
+ }
+
+ public void setProvideCertificate(boolean provideCertificate) {
+ this.provideCertificate = provideCertificate;
+ }
+
+ public boolean isProvideFullMandateData() {
+ return provideFullMandateData;
+ }
+
+ public void setProvideFullMandateData(boolean provideFullMandateData) {
+ this.provideFullMandateData = provideFullMandateData;
+ }
+
+ public boolean isUseCondition() {
+ return useCondition;
+ }
+
+ public void setUseCondition(boolean useCondition) {
+ this.useCondition = useCondition;
+ }
+
+ public int getConditionLength() {
+ return conditionLength;
+ }
+
+ public void setConditionLength(int conditionLength) {
+ this.conditionLength = conditionLength;
+ }
+
+ /**
+ * @return the isActive
+ */
+ public boolean isActive() {
+ return isActive;
+ }
+
+ /**
+ * @param isActive the isActive to set
+ */
+ public void setActive(boolean isActive) {
+ this.isActive = isActive;
+ }
+
+ /**
+ * @return the provideAllErrors
+ */
+ public Boolean getProvideAllErrors() {
+ return provideAllErrors;
+ }
+
+ /**
+ * @param provideAllErrors the provideAllErrors to set
+ */
+ public void setProvideAllErrors(Boolean provideAllErrors) {
+ this.provideAllErrors = provideAllErrors;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java
index 1baefe4b8..ed0f1c278 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java
@@ -32,88 +32,104 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplicati
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation;
-public class OASSOConfig implements IOnlineApplicationData{
-
- private boolean useSSO = false;
- private boolean showAuthDataFrame = true;
- private String singleLogOutURL = null;
-
- public OASSOConfig() {
-
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OASingleSignOn";
- }
-
- public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
- AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
- if (authdata != null) {
- OASSO ssoconfig = authdata.getOASSO();
- if(ssoconfig != null) {
- useSSO = ssoconfig.isUseSSO();
- showAuthDataFrame = ssoconfig.isAuthDataFrame();
- singleLogOutURL = ssoconfig.getSingleLogOutURL();
- }
- }
-
- return null;
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser,
- HttpServletRequest request) {
- return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request);
- }
-
- public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) {
-
- AuthComponentOA authoa = dboa.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dboa.setAuthComponentOA(authoa);
- }
-
- OASSO sso = authoa.getOASSO();
- if (sso == null) {
- sso = new OASSO();
- authoa.setOASSO(sso);
- sso.setAuthDataFrame(true);
- }
- sso.setUseSSO(this.useSSO);
-
- if (authUser.isAdmin())
- sso.setAuthDataFrame(this.showAuthDataFrame);
-
- sso.setSingleLogOutURL(this.singleLogOutURL);
-
- return null;
- }
-
- public boolean isUseSSO() {
- return useSSO;
- }
- public void setUseSSO(boolean useSSO) {
- this.useSSO = useSSO;
- }
- public boolean isShowAuthDataFrame() {
- return showAuthDataFrame;
- }
- public void setShowAuthDataFrame(boolean showAuthDataFrame) {
- this.showAuthDataFrame = showAuthDataFrame;
- }
- public String getSingleLogOutURL() {
- return singleLogOutURL;
- }
- public void setSingleLogOutURL(String singleLogOutURL) {
- this.singleLogOutURL = singleLogOutURL;
- }
+public class OASSOConfig implements IOnlineApplicationData {
+
+ private boolean useSSO = false;
+ private boolean showAuthDataFrame = true;
+ private String singleLogOutURL = null;
+
+ public OASSOConfig() {
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OASingleSignOn";
+ }
+
+ @Override
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
+ if (authdata != null) {
+ final OASSO ssoconfig = authdata.getOASSO();
+ if (ssoconfig != null) {
+ useSSO = ssoconfig.isUseSSO();
+ showAuthDataFrame = ssoconfig.isAuthDataFrame();
+ singleLogOutURL = ssoconfig.getSingleLogOutURL();
+ }
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request);
+ }
+
+ @Override
+ public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) {
+
+ AuthComponentOA authoa = dboa.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dboa.setAuthComponentOA(authoa);
+ }
+
+ OASSO sso = authoa.getOASSO();
+ if (sso == null) {
+ sso = new OASSO();
+ authoa.setOASSO(sso);
+ sso.setAuthDataFrame(true);
+ }
+ sso.setUseSSO(this.useSSO);
+
+ if (authUser.isAdmin()) {
+ sso.setAuthDataFrame(this.showAuthDataFrame);
+ }
+
+ sso.setSingleLogOutURL(this.singleLogOutURL);
+
+ return null;
+ }
+
+ public boolean isUseSSO() {
+ return useSSO;
+ }
+
+ public void setUseSSO(boolean useSSO) {
+ this.useSSO = useSSO;
+ }
+
+ public boolean isShowAuthDataFrame() {
+ return showAuthDataFrame;
+ }
+
+ public void setShowAuthDataFrame(boolean showAuthDataFrame) {
+ this.showAuthDataFrame = showAuthDataFrame;
+ }
+
+ public String getSingleLogOutURL() {
+ return singleLogOutURL;
+ }
+
+ public void setSingleLogOutURL(String singleLogOutURL) {
+ this.singleLogOutURL = singleLogOutURL;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
index fb096a2a0..82ef9d1d1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java
@@ -27,8 +27,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA;
@@ -44,306 +42,331 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation;
import at.gv.egovernment.moa.util.MiscUtil;
//import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class OASTORKConfig implements IOnlineApplicationData {
+
+ private boolean isStorkLogonEnabled = false;
+ private String qaa;
+
+ private List<AttributeHelper> attributes = null;
+
+ /*
+ * VIDP settings below
+ */
+ private boolean vidpEnabled = false;
+ private List<AttributeProviderPlugin> attributeProviderPlugins = new ArrayList<>();
+ private boolean requireConsent = false;
+ private final List<String> citizenCountries;
+ private List<String> enabledCitizenCountries;
+
+ private MOAIDConfiguration dbconfig = null;
+
+ public OASTORKConfig() {
+ // fetch available citizen countries
+ citizenCountries = new ArrayList<>();
+ try {
+ dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
+
+ for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK()
+ .getCPEPS()) {
+ citizenCountries.add(current.getCountryCode());
+ }
+
+ } catch (final NullPointerException e) {
+
+ } catch (final ConfigurationException e) {
+ log.error("MOA-ID-Configuration initialization FAILED.", e);
+
+ }
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OASTORK2";
+ }
+
+ /**
+ * Parses the OA config for stork entities.
+ *
+ * @param dbOAConfig the db oa config
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ final AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
+ if (authdata != null) {
+ final OASTORK config = authdata.getOASTORK();
+ if (config != null) {
+ setStorkLogonEnabled(config.isStorkLogonEnabled());
+
+ try {
+ setQaa(config.geteIDAS_LOA());
+ } catch (final NullPointerException e) {
+ // if there is no configuration available for the OA, get the default qaa level
+ try {
+ setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK()
+ .getGeneral_eIDAS_LOA());
+
+ } catch (final NullPointerException e1) {
+ setQaa(MOAIDConstants.eIDAS_LOA_HIGH);
+
+ }
+ }
+
+ enabledCitizenCountries = new ArrayList<>();
+ if (config.getCPEPS() != null) {
+ for (final CPEPS current : config.getCPEPS()) {
+ enabledCitizenCountries.add(current.getCountryCode());
+ }
+ }
-public class OASTORKConfig implements IOnlineApplicationData{
-
- private static final Logger log = Logger.getLogger(OASTORKConfig.class);
-
- private boolean isStorkLogonEnabled = false;
- private String qaa;
-
- private List<AttributeHelper> attributes = null;
-
- /*
- * VIDP settings below
- */
- private boolean vidpEnabled = false;
- private List<AttributeProviderPlugin> attributeProviderPlugins = new ArrayList<AttributeProviderPlugin>();
- private boolean requireConsent = false;
- private List<String> citizenCountries;
- private List<String> enabledCitizenCountries;
-
- private MOAIDConfiguration dbconfig = null;
-
- public OASTORKConfig() {
- // fetch available citizen countries
- citizenCountries = new ArrayList<String>();
- try {
- dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
-
-
- for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) {
- citizenCountries.add(current.getCountryCode());
- }
-
- }catch (NullPointerException e) {
-
- } catch (ConfigurationException e) {
- log.error("MOA-ID-Configuration initialization FAILED.", e);
-
- }
-
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OASTORK2";
- }
-
- /**
- * Parses the OA config for stork entities.
- *
- * @param dbOAConfig
- * the db oa config
- */
- public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) {
- AuthComponentOA authdata = dbOAConfig.getAuthComponentOA();
- if (authdata != null) {
- OASTORK config = authdata.getOASTORK();
- if(config != null) {
- setStorkLogonEnabled(config.isStorkLogonEnabled());
-
- try {
- setQaa(config.geteIDAS_LOA());
- } catch(NullPointerException e) {
- // if there is no configuration available for the OA, get the default qaa level
- try {
- setQaa(dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getGeneral_eIDAS_LOA());
-
- } catch (NullPointerException e1) {
- setQaa(MOAIDConstants.eIDAS_LOA_HIGH);
-
- }
- }
-
-
- enabledCitizenCountries = new ArrayList<String>();
- if (config.getCPEPS() != null) {
- for(CPEPS current : config.getCPEPS())
- enabledCitizenCountries.add(current.getCountryCode());
- }
-
- // prepare attribute helper list
- attributes = new ArrayList<AttributeHelper>();
- try {
- try {
- for(StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) {
- AttributeHelper tmp = null;
-
- if (config.getOAAttributes() != null) {
- for(OAStorkAttribute sepp : config.getOAAttributes())
- if(sepp.getName() != null && sepp.getName().equals(current.getName()))
- tmp = new AttributeHelper(sepp);
- }
-
- if(null == tmp)
- tmp = new AttributeHelper(current);
-
- attributes.add(tmp);
- }
-
- } catch (NullPointerException ex) {
-
- }
-
- // fetch vidp config
- if (config.isVidpEnabled() != null)
- setVidpEnabled(config.isVidpEnabled());
- else
- setVidpEnabled(false);
-
- if (config.isRequireConsent() != null)
- setRequireConsent(config.isRequireConsent());
- else
- setRequireConsent(false);
-
- attributeProviderPlugins = config.getAttributeProviders();
- // - if no attribute providers are configured, add a dummy
- // TODO this is a dirty hack since we have to have one entry to
- // clone from in the web form. Happens when time is short.
- // Sorry.
- if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty())
- attributeProviderPlugins.add(new AttributeProviderPlugin());
- } catch (NullPointerException ex) {
- log.error("Nullpointerexception encountered in Configurationinterface", ex);
+ // prepare attribute helper list
+ attributes = new ArrayList<>();
+ try {
+ try {
+ for (final StorkAttribute current : dbconfig.getAuthComponentGeneral().getForeignIdentities()
+ .getSTORK().getAttributes()) {
+ AttributeHelper tmp = null;
+
+ if (config.getOAAttributes() != null) {
+ for (final OAStorkAttribute sepp : config.getOAAttributes()) {
+ if (sepp.getName() != null && sepp.getName().equals(current.getName())) {
+ tmp = new AttributeHelper(sepp);
+ }
}
- }
- }
-
- return null;
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser,
- HttpServletRequest request) {
- return new OASTORKConfigValidation().validate(this, request);
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
- AuthComponentOA authoa = dbOA.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dbOA.setAuthComponentOA(authoa);
+ }
+
+ if (null == tmp) {
+ tmp = new AttributeHelper(current);
+ }
+
+ attributes.add(tmp);
+ }
+
+ } catch (final NullPointerException ex) {
+
+ }
+
+ // fetch vidp config
+ if (config.isVidpEnabled() != null) {
+ setVidpEnabled(config.isVidpEnabled());
+ } else {
+ setVidpEnabled(false);
+ }
+
+ if (config.isRequireConsent() != null) {
+ setRequireConsent(config.isRequireConsent());
+ } else {
+ setRequireConsent(false);
+ }
+
+ attributeProviderPlugins = config.getAttributeProviders();
+ // - if no attribute providers are configured, add a dummy
+ // TODO this is a dirty hack since we have to have one entry to
+ // clone from in the web form. Happens when time is short.
+ // Sorry.
+ if (attributeProviderPlugins == null || attributeProviderPlugins.isEmpty()) {
+ attributeProviderPlugins.add(new AttributeProviderPlugin());
+ }
+ } catch (final NullPointerException ex) {
+ log.error("Nullpointerexception encountered in Configurationinterface", ex);
}
-
- // fetch stork configuration from database model
- OASTORK stork = authoa.getOASTORK();
- if (stork == null) {
- // if there is none, create a new one with default values.
- stork = new OASTORK();
- authoa.setOASTORK(stork);
- stork.setStorkLogonEnabled(false);
+ }
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ return new OASTORKConfigValidation().validate(this, request);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
+
+ // fetch stork configuration from database model
+ OASTORK stork = authoa.getOASTORK();
+ if (stork == null) {
+ // if there is none, create a new one with default values.
+ stork = new OASTORK();
+ authoa.setOASTORK(stork);
+ stork.setStorkLogonEnabled(false);
+ }
+ // transfer the incoming data to the database model
+ stork.setStorkLogonEnabled(isStorkLogonEnabled());
+ stork.seteIDAS_LOA(getQaa());
+ stork.setOAAttributes(getAttributes());
+ stork.setVidpEnabled(isVidpEnabled());
+ stork.setRequireConsent(isRequireConsent());
+ stork.setAttributeProviders(getAttributeProviderPlugins());
+ stork.setCPEPS(getEnabledCPEPS());
+
+ return null;
+
+ }
+
+ public boolean isStorkLogonEnabled() {
+ return isStorkLogonEnabled;
+ }
+
+ public void setStorkLogonEnabled(boolean enabled) {
+ this.isStorkLogonEnabled = enabled;
+ }
+
+ public String getQaa() {
+ return qaa;
+ }
+
+ public void setQaa(String qaa) {
+ this.qaa = qaa;
+ }
+
+ public List<OAStorkAttribute> getAttributes() {
+ final List<OAStorkAttribute> result = new ArrayList<>();
+
+ if (null == getHelperAttributes()) {
+ return result;
+ }
+
+ for (final AttributeHelper current : getHelperAttributes()) {
+ List<StorkAttribute> generalConfStorkAttr = null;
+ try {
+ generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK()
+ .getAttributes();
+
+ } catch (final NullPointerException e) {
+ log.trace("No STORK attributes in 'General Configuration'");
+
+ }
+
+ if (generalConfStorkAttr != null) {
+ for (final StorkAttribute currentAttribute : generalConfStorkAttr) {
+ if (MiscUtil.isNotEmpty(currentAttribute.getName()) &&
+ currentAttribute.getName().equals(current.getName())) {
+ if (current.isUsed() || currentAttribute.isMandatory()) {
+ final OAStorkAttribute tmp = new OAStorkAttribute();
+ tmp.setName(current.getName());
+ tmp.setMandatory(current.isMandatory());
+ result.add(tmp);
+
+ }
+ break;
+ }
}
- // transfer the incoming data to the database model
- stork.setStorkLogonEnabled(isStorkLogonEnabled());
- stork.seteIDAS_LOA(getQaa());
- stork.setOAAttributes(getAttributes());
- stork.setVidpEnabled(isVidpEnabled());
- stork.setRequireConsent(isRequireConsent());
- stork.setAttributeProviders(getAttributeProviderPlugins());
- stork.setCPEPS(getEnabledCPEPS());
-
- return null;
-
- }
-
- public boolean isStorkLogonEnabled() {
- return isStorkLogonEnabled;
- }
-
- public void setStorkLogonEnabled(boolean enabled) {
- this.isStorkLogonEnabled = enabled;
- }
-
- public String getQaa() {
- return qaa;
- }
-
- public void setQaa(String qaa) {
- this.qaa = qaa;
- }
-
- public List<OAStorkAttribute> getAttributes() {
- List<OAStorkAttribute> result = new ArrayList<OAStorkAttribute>();
-
- if(null == getHelperAttributes())
- return result;
-
- for(AttributeHelper current : getHelperAttributes()) {
- List<StorkAttribute> generalConfStorkAttr = null;
- try {
- generalConfStorkAttr = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes();
-
- } catch (NullPointerException e) {
- log.trace("No STORK attributes in 'General Configuration'");
-
- }
-
- if (generalConfStorkAttr != null) {
- for(StorkAttribute currentAttribute : generalConfStorkAttr)
- if(MiscUtil.isNotEmpty(currentAttribute.getName()) &&
- currentAttribute.getName().equals(current.getName())) {
- if(current.isUsed() || currentAttribute.isMandatory()) {
- OAStorkAttribute tmp = new OAStorkAttribute();
- tmp.setName(current.getName());
- tmp.setMandatory(current.isMandatory());
- result.add(tmp);
-
- }
- break;
- }
- }
- }
-
- return result;
- }
-
- public List<AttributeHelper> getHelperAttributes() {
- return attributes;
- }
-
- public void setHelperAttributes(List<AttributeHelper> attributes) {
- this.attributes = attributes;
- }
-
- public List<String> getAvailableCitizenCountries() {
- return citizenCountries;
- }
-
-
- public List<String> getAllowedLoALevels() {
- return MOAIDConstants.ALLOWED_eIDAS_LOA;
- }
-
- public List<String> getEnabledCitizenCountries() {
- return enabledCitizenCountries;
- }
-
- public void setEnabledCitizenCountries(List<String> update) {
- enabledCitizenCountries = update;
- }
-
- public List<CPEPS> getEnabledCPEPS() {
- if (enabledCitizenCountries != null) {
- List<CPEPS> result = new ArrayList<CPEPS>();
-
- try {
- for(CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) {
- if(enabledCitizenCountries.contains(current.getCountryCode()))
- result.add(current);
- }
-
- } catch (NullPointerException e){
-
- }
- return result;
- }
-
- return null;
-
- }
-
- public List<String> getAvailableAttributeProviderPlugins() {
- //TODO: remove in final version
-
- return new ArrayList<String>();
- //return AttributeProviderFactory.getAvailablePlugins();
- }
-
- public List<AttributeProviderPlugin> getAttributeProviderPlugins() {
- return attributeProviderPlugins;
- }
-
- public void setAttributeProviderPlugins(List<AttributeProviderPlugin> update) {
- attributeProviderPlugins = update;
- }
-
- public boolean isVidpEnabled() {
- return vidpEnabled;
- }
-
- public void setVidpEnabled(boolean update) {
- vidpEnabled = update;
- }
-
- public boolean isRequireConsent() {
- return requireConsent;
- }
-
- public void setRequireConsent(boolean update) {
- requireConsent = update;
- }
+ }
+ }
+
+ return result;
+ }
+
+ public List<AttributeHelper> getHelperAttributes() {
+ return attributes;
+ }
+
+ public void setHelperAttributes(List<AttributeHelper> attributes) {
+ this.attributes = attributes;
+ }
+
+ public List<String> getAvailableCitizenCountries() {
+ return citizenCountries;
+ }
+
+ public List<String> getAllowedLoALevels() {
+ return MOAIDConstants.ALLOWED_eIDAS_LOA;
+ }
+
+ public List<String> getEnabledCitizenCountries() {
+ return enabledCitizenCountries;
+ }
+
+ public void setEnabledCitizenCountries(List<String> update) {
+ enabledCitizenCountries = update;
+ }
+
+ public List<CPEPS> getEnabledCPEPS() {
+ if (enabledCitizenCountries != null) {
+ final List<CPEPS> result = new ArrayList<>();
+
+ try {
+ for (final CPEPS current : dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK()
+ .getCPEPS()) {
+ if (enabledCitizenCountries.contains(current.getCountryCode())) {
+ result.add(current);
+ }
+ }
+
+ } catch (final NullPointerException e) {
+
+ }
+ return result;
+ }
+
+ return null;
+
+ }
+
+ public List<String> getAvailableAttributeProviderPlugins() {
+ // TODO: remove in final version
+
+ return new ArrayList<>();
+ // return AttributeProviderFactory.getAvailablePlugins();
+ }
+
+ public List<AttributeProviderPlugin> getAttributeProviderPlugins() {
+ return attributeProviderPlugins;
+ }
+
+ public void setAttributeProviderPlugins(List<AttributeProviderPlugin> update) {
+ attributeProviderPlugins = update;
+ }
+
+ public boolean isVidpEnabled() {
+ return vidpEnabled;
+ }
+
+ public void setVidpEnabled(boolean update) {
+ vidpEnabled = update;
+ }
+
+ public boolean isRequireConsent() {
+ return requireConsent;
+ }
+
+ public void setRequireConsent(boolean update) {
+ requireConsent = update;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index 84516c73f..be1b937f0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -43,464 +43,473 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public class OATargetConfiguration implements IOnlineApplicationData {
- private boolean deaktivededBusinessService = false;
-
- private boolean subTargetSet = false;
-
- private String target = null;
- private String target_subsector = null;
- private String target_admin = null;
- private static List<String> targetList = null;
- private String targetFriendlyName = null;
- private boolean isAdminTarget = false;
-
- private String identificationNumber = null;
- private String identificationType = null;
- private static List<String> identificationTypeList = null;
-
- private String foreignbPKTargets = null;
- private String additionalbPKTargets = null;
- private boolean eidDemoActive = false;
+ private boolean deaktivededBusinessService = false;
+
+ private boolean subTargetSet = false;
+
+ private String target = null;
+ private String target_subsector = null;
+ private String target_admin = null;
+ private static List<String> targetList = null;
+ private String targetFriendlyName = null;
+ private boolean isAdminTarget = false;
+
+ private String identificationNumber = null;
+ private String identificationType = null;
+ private static List<String> identificationTypeList = null;
+
+ private String foreignbPKTargets = null;
+ private String additionalbPKTargets = null;
+ private boolean eidDemoActive = false;
private boolean eidProxyActive = false;
-
- public OATargetConfiguration() {
- targetList = TargetValidator.getListOfTargets();
- target = "";
-
- identificationTypeList = Arrays.asList(
- Constants.IDENIFICATIONTYPE_FN,
- Constants.IDENIFICATIONTYPE_ZVR,
- Constants.IDENIFICATIONTYPE_ERSB,
- Constants.IDENIFICATIONTYPE_STORK,
- Constants.IDENIFICATIONTYPE_EIDAS);
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "OATargetConfig";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA,
- AuthenticatedUser authUser, HttpServletRequest request) {
- String target_full = dbOA.getTarget();
- if (MiscUtil.isNotEmpty(target_full)) {
- if (TargetValidator.isValidTarget(target_full)) {
- target = target_full;
-
- } else {
- String[] target_split = target_full.split("-");
-
- if (TargetValidator.isValidTarget(target_split[0])) {
- target = target_split[0];
- if (target_split.length > 1) {
- target_subsector = target_split[1];
- subTargetSet = true;
- }
-
- } else {
- target = "";
- target_subsector = null;
- target_admin = target_full;
- isAdminTarget = true;
- }
- }
- targetFriendlyName = dbOA.getTargetFriendlyName();
- }
-
- AuthComponentOA oaauth = dbOA.getAuthComponentOA();
- if (oaauth != null) {
-
- IdentificationNumber idnumber = oaauth.getIdentificationNumber();
- if (idnumber != null) {
- String number = idnumber.getValue();
- if (MiscUtil.isNotEmpty(number)) {
- String[] split = number.split("\\+");
-
- if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
- identificationType = split[1];
- identificationNumber = split[2];
-
- } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
- //identificationType = split[1]; // setting at as iden category ?
- identificationType = Constants.IDENIFICATIONTYPE_EIDAS;
- identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident
-
- } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
- //identificationType = split[1]; // setting at as iden category ?
- identificationType = Constants.IDENIFICATIONTYPE_STORK;
- identificationNumber = split[2]; // setting sp country as ident type -> sp ident
- }
- }
-
- if (authUser.isOnlyBusinessService()) {
- deaktivededBusinessService = authUser.isOnlyBusinessService();
-
- identificationType = authUser.getBusinessServiceType();
- identificationNumber = authUser.getBusinessServiceNumber();
-
- }
-
- }
- }
-
-
- //parse foreign bPK sector list
- if (dbOA.getForeignbPKTargetList() != null) {
- if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList()))
- foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList());
-
- else {
- if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0,
- dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- foreignbPKTargets = dbOA.getForeignbPKTargetList();
-
- }
- }
-
- //parse additional bPK sector list
- if (dbOA.getAdditionalbPKTargetList() != null) {
- if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList()))
- additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList());
-
- else {
- if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) {
- //remove trailing comma if exist
- additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0,
- dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER));
-
- } else
- additionalbPKTargets = dbOA.getAdditionalbPKTargetList();
-
- }
- }
-
- //parse 'Austrian eID mode' flag
- eidDemoActive = dbOA.getIseIDDemoModeActive();
- eidProxyActive = dbOA.getIseIDProxyModeActive();
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
-
- AuthComponentOA authoa = dbOA.getAuthComponentOA();
- if (authoa == null) {
- authoa = new AuthComponentOA();
- dbOA.setAuthComponentOA(authoa);
+
+ public OATargetConfiguration() {
+ targetList = TargetValidator.getListOfTargets();
+ target = "";
+
+ identificationTypeList = Arrays.asList(
+ Constants.IDENIFICATIONTYPE_FN,
+ Constants.IDENIFICATIONTYPE_ZVR,
+ Constants.IDENIFICATIONTYPE_ERSB,
+ Constants.IDENIFICATIONTYPE_STORK,
+ Constants.IDENIFICATIONTYPE_EIDAS);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "OATargetConfig";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ final String target_full = dbOA.getTarget();
+ if (MiscUtil.isNotEmpty(target_full)) {
+ if (TargetValidator.isValidTarget(target_full)) {
+ target = target_full;
+
+ } else {
+ final String[] target_split = target_full.split("-");
+
+ if (TargetValidator.isValidTarget(target_split[0])) {
+ target = target_split[0];
+ if (target_split.length > 1) {
+ target_subsector = target_split[1];
+ subTargetSet = true;
+ }
+
+ } else {
+ target = "";
+ target_subsector = null;
+ target_admin = target_full;
+ isAdminTarget = true;
+ }
+ }
+ targetFriendlyName = dbOA.getTargetFriendlyName();
+ }
+
+ final AuthComponentOA oaauth = dbOA.getAuthComponentOA();
+ if (oaauth != null) {
+
+ final IdentificationNumber idnumber = oaauth.getIdentificationNumber();
+ if (idnumber != null) {
+ final String number = idnumber.getValue();
+ if (MiscUtil.isNotEmpty(number)) {
+ final String[] split = number.split("\\+");
+
+ if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) {
+ identificationType = split[1];
+ identificationNumber = split[2];
+
+ } else if (Constants.PREFIX_EIDAS.startsWith(split[0]) && split.length >= 2) {
+ // identificationType = split[1]; // setting at as iden category ?
+ identificationType = Constants.IDENIFICATIONTYPE_EIDAS;
+ identificationNumber = split[1] + "+" + split[2]; // setting sp country as ident type -> sp ident
+
+ } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) {
+ // identificationType = split[1]; // setting at as iden category ?
+ identificationType = Constants.IDENIFICATIONTYPE_STORK;
+ identificationNumber = split[2]; // setting sp country as ident type -> sp ident
+ }
}
-
- if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) {
-
- dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
-
- String num = null;
- if (authUser.isOnlyBusinessService()) {
- deaktivededBusinessService = authUser.isOnlyBusinessService();
- num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber();
-
- } else {
-
- num = getIdentificationNumber().replaceAll(" ", "");
- if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
-
- num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
-
- /*Fixme:
- * Company numbers had to be padded with '0' on left site
- * But this bugfix can not be activated, because this would
- * change all bPKs for company numbers.
- *
- * Change this in case of new bPK generation algorithms
- */
- // num = StringUtils.leftPad(num, 7, '0');
- }
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR))
- num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))
- num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
- }
-
- IdentificationNumber idnumber = authoa.getIdentificationNumber();
- if (idnumber == null)
- idnumber = new IdentificationNumber();
-
- if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) {
- idnumber.setValue(Constants.PREFIX_EIDAS + num);
- idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
-
- } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
- idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num);
- idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
- } else {
- idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num);
- idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
- }
-
- authoa.setIdentificationNumber(idnumber);
+
+ if (authUser.isOnlyBusinessService()) {
+ deaktivededBusinessService = authUser.isOnlyBusinessService();
+
+ identificationType = authUser.getBusinessServiceType();
+ identificationNumber = authUser.getBusinessServiceNumber();
+
+ }
+
+ }
+ }
+
+ // parse foreign bPK sector list
+ if (dbOA.getForeignbPKTargetList() != null) {
+ if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) {
+ foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList());
+ } else {
+ if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0,
+ dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER));
} else {
- dbOA.setType(null);
+ foreignbPKTargets = dbOA.getForeignbPKTargetList();
+ }
+
+ }
+ }
- if (authUser.isAdmin()) {
- if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) {
- dbOA.setTarget(getTarget_admin());
- dbOA.setTargetFriendlyName(getTargetFriendlyName());
+ // parse additional bPK sector list
+ if (dbOA.getAdditionalbPKTargetList() != null) {
+ if (KeyValueUtils.isCSVValueString(dbOA.getAdditionalbPKTargetList())) {
+ additionalbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getAdditionalbPKTargetList());
+ } else {
+ if (dbOA.getAdditionalbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) {
+ // remove trailing comma if exist
+ additionalbPKTargets = dbOA.getAdditionalbPKTargetList().substring(0,
+ dbOA.getAdditionalbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER));
- } else {
+ } else {
+ additionalbPKTargets = dbOA.getAdditionalbPKTargetList();
+ }
- String target = getTarget();
+ }
+ }
- if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet)
- dbOA.setTarget(target + "-" + getTarget_subsector());
- else
- dbOA.setTarget(target);
+ // parse 'Austrian eID mode' flag
+ eidDemoActive = dbOA.getIseIDDemoModeActive();
+ eidProxyActive = dbOA.getIseIDProxyModeActive();
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ AuthComponentOA authoa = dbOA.getAuthComponentOA();
+ if (authoa == null) {
+ authoa = new AuthComponentOA();
+ dbOA.setAuthComponentOA(authoa);
+ }
- String targetname = TargetValidator.getTargetFriendlyName(target);
- if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname);
+ if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) {
- }
+ dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
- } else {
+ String num = null;
+ if (authUser.isOnlyBusinessService()) {
+ deaktivededBusinessService = authUser.isOnlyBusinessService();
+ num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber();
- if (MiscUtil.isNotEmpty(getTarget())) {
+ } else {
- String target = getTarget();
+ num = getIdentificationNumber().replaceAll(" ", "");
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
- if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet)
- dbOA.setTarget(target + "-" + getTarget_subsector());
+ num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
- else
- dbOA.setTarget(target);
+ /*
+ * Fixme: Company numbers had to be padded with '0' on left site But this bugfix
+ * can not be activated, because this would change all bPKs for company numbers.
+ *
+ * Change this in case of new bPK generation algorithms
+ */
+ // num = StringUtils.leftPad(num, 7, '0');
+ }
- String targetname = TargetValidator.getTargetFriendlyName(target);
- if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname);
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
+ }
- }
- }
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
}
-
- dbOA.setForeignbPKTargetList(getForeignbPKTargets());
- dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets());
- dbOA.setIseIDDemoModeActive(isEidDemoActive());
- dbOA.setIseIDProxyModeActive(isEidProxyActive());
-
- return null;
- }
-
- /**
- * @return
- */
- private boolean isBusinessService(OnlineApplication dbOA) {
- if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE))
- return true;
- else
- return false;
- }
-
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
- return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request);
- }
-
- public String getTarget() {
- return target;
- }
-
- public void setTarget(String target) {
- this.target = target;
- }
-
- public String getTargetFriendlyName() {
- return targetFriendlyName;
- }
-
- public void setTargetFriendlyName(String targetFriendlyName) {
- this.targetFriendlyName = targetFriendlyName;
- }
-
- public String getIdentificationNumber() {
- return identificationNumber;
- }
-
- public void setIdentificationNumber(String identificationNumber) {
- this.identificationNumber = identificationNumber;
- }
-
- public String getIdentificationType() {
- return identificationType;
- }
-
- public void setIdentificationType(String identificationType) {
- this.identificationType = identificationType;
- }
-
- /**
- * @return the target_subsector
- */
- public String getTarget_subsector() {
- return target_subsector;
- }
-
-
- /**
- * @param target_subsector the target_subsector to set
- */
- public void setTarget_subsector(String target_subsector) {
- this.target_subsector = target_subsector;
- }
-
-
- /**
- * @return the target_admin
- */
- public String getTarget_admin() {
- return target_admin;
- }
-
-
- /**
- * @param target_admin the target_admin to set
- */
- public void setTarget_admin(String target_admin) {
- this.target_admin = target_admin;
- }
-
-
- /**
- * @return the targetList
- */
- public List<String> getTargetList() {
- return targetList;
- }
-
-
- /**
- * @return the identificationTypeList
- */
- public List<String> getIdentificationTypeList() {
- return identificationTypeList;
- }
-
-
- /**
- * @return the isAdminTarget
- */
- public boolean isAdminTarget() {
- return isAdminTarget;
- }
-
-
- /**
- * @param isAdminTarget the isAdminTarget to set
- */
- public void setAdminTarget(boolean isAdminTarget) {
- this.isAdminTarget = isAdminTarget;
- }
-
- /**
- * @return the deaktivededBusinessService
- */
- public boolean isDeaktivededBusinessService() {
- return deaktivededBusinessService;
- }
+ }
+ IdentificationNumber idnumber = authoa.getIdentificationNumber();
+ if (idnumber == null) {
+ idnumber = new IdentificationNumber();
+ }
- /**
- * @param deaktivededBusinessService the deaktivededBusinessService to set
- */
- public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
- this.deaktivededBusinessService = deaktivededBusinessService;
- }
+ if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) {
+ idnumber.setValue(Constants.PREFIX_EIDAS + num);
+ idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
+ } else if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) {
+ idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num);
+ idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
+ } else {
+ idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num);
+ idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType()));
+ }
- /**
- * @return the subTargetSet
- */
- public boolean isSubTargetSet() {
- return subTargetSet;
- }
+ authoa.setIdentificationNumber(idnumber);
+ } else {
+ dbOA.setType(null);
- /**
- * @param subTargetSet the subTargetSet to set
- */
- public void setSubTargetSet(boolean subTargetSet) {
- this.subTargetSet = subTargetSet;
- }
+ if (authUser.isAdmin()) {
+ if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) {
+ dbOA.setTarget(getTarget_admin());
+ dbOA.setTargetFriendlyName(getTargetFriendlyName());
+ } else {
- public String getForeignbPKTargets() {
- return foreignbPKTargets;
- }
+ final String target = getTarget();
+ if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) {
+ dbOA.setTarget(target + "-" + getTarget_subsector());
+ } else {
+ dbOA.setTarget(target);
+ }
- public void setForeignbPKTargets(String foreignbPKTargets) {
- if (MiscUtil.isNotEmpty(foreignbPKTargets))
- this.foreignbPKTargets =
- KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets);
- else
- this.foreignbPKTargets = foreignbPKTargets;
- }
+ final String targetname = TargetValidator.getTargetFriendlyName(target);
+ if (MiscUtil.isNotEmpty(targetname)) {
+ dbOA.setTargetFriendlyName(targetname);
+ }
+ }
+
+ } else {
+
+ if (MiscUtil.isNotEmpty(getTarget())) {
- public String getAdditionalbPKTargets() {
- return additionalbPKTargets;
- }
+ final String target = getTarget();
+ if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) {
+ dbOA.setTarget(target + "-" + getTarget_subsector());
+ } else {
+ dbOA.setTarget(target);
+ }
- public void setAdditionalbPKTargets(String additionalbPKTargets) {
- if (MiscUtil.isNotEmpty(additionalbPKTargets))
- this.additionalbPKTargets =
- KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets);
- else
- this.additionalbPKTargets = additionalbPKTargets;
+ final String targetname = TargetValidator.getTargetFriendlyName(target);
+ if (MiscUtil.isNotEmpty(targetname)) {
+ dbOA.setTargetFriendlyName(targetname);
+ }
- }
+ }
+ }
+ }
+
+ dbOA.setForeignbPKTargetList(getForeignbPKTargets());
+ dbOA.setAdditionalbPKTargetList(getAdditionalbPKTargets());
+ dbOA.setIseIDDemoModeActive(isEidDemoActive());
+ dbOA.setIseIDProxyModeActive(isEidProxyActive());
+
+ return null;
+ }
+
+ /**
+ * @return
+ */
+ private boolean isBusinessService(OnlineApplication dbOA) {
+ if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request);
+ }
+
+ public String getTarget() {
+ return target;
+ }
+
+ public void setTarget(String target) {
+ this.target = target;
+ }
+
+ public String getTargetFriendlyName() {
+ return targetFriendlyName;
+ }
+
+ public void setTargetFriendlyName(String targetFriendlyName) {
+ this.targetFriendlyName = targetFriendlyName;
+ }
+
+ public String getIdentificationNumber() {
+ return identificationNumber;
+ }
+
+ public void setIdentificationNumber(String identificationNumber) {
+ this.identificationNumber = identificationNumber;
+ }
+
+ public String getIdentificationType() {
+ return identificationType;
+ }
+
+ public void setIdentificationType(String identificationType) {
+ this.identificationType = identificationType;
+ }
+
+ /**
+ * @return the target_subsector
+ */
+ public String getTarget_subsector() {
+ return target_subsector;
+ }
+
+ /**
+ * @param target_subsector the target_subsector to set
+ */
+ public void setTarget_subsector(String target_subsector) {
+ this.target_subsector = target_subsector;
+ }
+
+ /**
+ * @return the target_admin
+ */
+ public String getTarget_admin() {
+ return target_admin;
+ }
+
+ /**
+ * @param target_admin the target_admin to set
+ */
+ public void setTarget_admin(String target_admin) {
+ this.target_admin = target_admin;
+ }
+
+ /**
+ * @return the targetList
+ */
+ public List<String> getTargetList() {
+ return targetList;
+ }
+
+ /**
+ * @return the identificationTypeList
+ */
+ public List<String> getIdentificationTypeList() {
+ return identificationTypeList;
+ }
+
+ /**
+ * @return the isAdminTarget
+ */
+ public boolean isAdminTarget() {
+ return isAdminTarget;
+ }
+
+ /**
+ * @param isAdminTarget the isAdminTarget to set
+ */
+ public void setAdminTarget(boolean isAdminTarget) {
+ this.isAdminTarget = isAdminTarget;
+ }
+
+ /**
+ * @return the deaktivededBusinessService
+ */
+ public boolean isDeaktivededBusinessService() {
+ return deaktivededBusinessService;
+ }
+
+ /**
+ * @param deaktivededBusinessService the deaktivededBusinessService to set
+ */
+ public void setDeaktivededBusinessService(boolean deaktivededBusinessService) {
+ this.deaktivededBusinessService = deaktivededBusinessService;
+ }
+
+ /**
+ * @return the subTargetSet
+ */
+ public boolean isSubTargetSet() {
+ return subTargetSet;
+ }
+
+ /**
+ * @param subTargetSet the subTargetSet to set
+ */
+ public void setSubTargetSet(boolean subTargetSet) {
+ this.subTargetSet = subTargetSet;
+ }
+
+ public String getForeignbPKTargets() {
+ return foreignbPKTargets;
+ }
+
+ public void setForeignbPKTargets(String foreignbPKTargets) {
+ if (MiscUtil.isNotEmpty(foreignbPKTargets)) {
+ this.foreignbPKTargets =
+ KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets);
+ } else {
+ this.foreignbPKTargets = foreignbPKTargets;
+ }
+ }
+
+ public String getAdditionalbPKTargets() {
+ return additionalbPKTargets;
+ }
+
+ public void setAdditionalbPKTargets(String additionalbPKTargets) {
+ if (MiscUtil.isNotEmpty(additionalbPKTargets)) {
+ this.additionalbPKTargets =
+ KeyValueUtils.removeAllNewlineFromString(additionalbPKTargets);
+ } else {
+ this.additionalbPKTargets = additionalbPKTargets;
+ }
+ }
- public boolean isEidDemoActive() {
- return eidDemoActive;
- }
+ public boolean isEidDemoActive() {
+ return eidDemoActive;
+ }
+ public void setEidDemoActive(boolean eidDemoActive) {
+ this.eidDemoActive = eidDemoActive;
+ }
- public void setEidDemoActive(boolean eidDemoActive) {
- this.eidDemoActive = eidDemoActive;
- }
-
- public boolean isEidProxyActive() {
- return eidProxyActive;
- }
+ public boolean isEidProxyActive() {
+ return eidProxyActive;
+ }
+ public void setEidProxyActive(boolean eidProxyActive) {
+ this.eidProxyActive = eidProxyActive;
+ }
- public void setEidProxyActive(boolean eidProxyActive) {
- this.eidProxyActive = eidProxyActive;
- }
-
-
-
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java
index e27c55c90..29598a679 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/PVPGatewayInterfederationConfig.java
@@ -27,110 +27,128 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationGatewayType;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.InterfederationIDPType;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class PVPGatewayInterfederationConfig implements IOnlineApplicationData {
- private static final Logger log = Logger.getLogger(PVPGatewayInterfederationConfig.class);
-
- private String entityID = null;
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
- */
- @Override
- public String getName() {
- return "PVPGatewayInterfederation";
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> parse(OnlineApplication dbOA,
- AuthenticatedUser authUser, HttpServletRequest request) {
-
- InterfederationGatewayType gateway = dbOA.getInterfederationGateway();
- if (gateway != null) {
- this.entityID = gateway.getForwardIDPIdentifier();
-
- }
-
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
- HttpServletRequest request) {
-
- if (authUser.isAdmin()) {
- dbOA.setIsInterfederationGateway(true);
-
- InterfederationGatewayType gateway = dbOA.getInterfederationGateway();
- if (gateway == null) {
- gateway = new InterfederationGatewayType();
- dbOA.setInterfederationGateway(gateway);
- }
-
- gateway.setForwardIDPIdentifier(entityID);
- }
-
- dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
- return null;
- }
-
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
- */
- @Override
- public List<String> validate(OAGeneralConfig general,
- AuthenticatedUser authUser, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
-
- if (MiscUtil.isNotEmpty(entityID)) {
- if (!ValidationHelper.validateURL(entityID)) {
- log.info("PVP gateway EntityID is not valid");
- errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid", request));
-
- }
-
- } else
- errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request));
-
- return errors;
- }
-
- /**
- * @return the entityID
- */
- public String getEntityID() {
- return entityID;
- }
-
- /**
- * @param entityID the entityID to set
- */
- public void setEntityID(String entityID) {
- this.entityID = entityID;
- }
-
-
-
+ private String entityID = null;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName
+ * ()
+ */
+ @Override
+ public String getName() {
+ return "PVPGatewayInterfederation";
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ final InterfederationGatewayType gateway = dbOA.getInterfederationGateway();
+ if (gateway != null) {
+ this.entityID = gateway.getForwardIDPIdentifier();
+
+ }
+
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(
+ * at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+
+ if (authUser.isAdmin()) {
+ dbOA.setIsInterfederationGateway(true);
+
+ InterfederationGatewayType gateway = dbOA.getInterfederationGateway();
+ if (gateway == null) {
+ gateway = new InterfederationGatewayType();
+ dbOA.setInterfederationGateway(gateway);
+ }
+
+ gateway.setForwardIDPIdentifier(entityID);
+ }
+
+ dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE);
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#
+ * validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig,
+ * at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser,
+ * javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+
+ if (MiscUtil.isNotEmpty(entityID)) {
+ if (!ValidationHelper.validateURL(entityID)) {
+ log.info("PVP gateway EntityID is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.valid",
+ request));
+
+ }
+
+ } else {
+ errors.add(LanguageHelper.getErrorString("validation.interfederation.gateway.entityID.empty", request));
+ }
+
+ return errors;
+ }
+
+ /**
+ * @return the entityID
+ */
+ public String getEntityID() {
+ return entityID;
+ }
+
+ /**
+ * @param entityID the entityID to set
+ */
+ public void setEntityID(String entityID) {
+ this.entityID = entityID;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index c69998fa2..8b50437cb 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -40,8 +40,6 @@ import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
@@ -50,10 +48,10 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.util.ToStringUtil;
import at.gv.util.WebAppUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class AuthenticationFilter implements Filter{
-
- private final Logger log = Logger.getLogger(AuthenticationFilter.class);
private static ConfigurationProvider config;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java
index 71f9536ae..6c4ecf3ae 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/EncodingFilter.java
@@ -11,11 +11,13 @@ import javax.servlet.ServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.builder.ToStringBuilder;
-import org.apache.log4j.Logger;
+
+import lombok.extern.slf4j.Slf4j;
/**
* @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a>
*/
+@Slf4j
public class EncodingFilter implements javax.servlet.Filter {
private static final String SERVLET_INIT_PARAM_ENCODING = "encoding";
@@ -30,8 +32,6 @@ public class EncodingFilter implements javax.servlet.Filter {
private static final boolean DEFAULT_FORCE_REQUEST_ENCODING_VALUE = true;
private static final boolean DEFAULT_SET_RESPONSE_ENCODING_VALUE = false;
private static final boolean DEFAULT_FORCE_RESPONSE_ENCODING_VALUE = false;
-
- private Logger log = Logger.getLogger(getClass().getName());
private String encoding = null;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java
index 4d47d8d96..25cf87aa9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java
@@ -29,29 +29,27 @@ import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.util.Base64Utils;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class AuthenticationHelper {
-
- private static final Logger log = Logger.getLogger(AuthenticationHelper.class);
-
- public static String generateKeyFormPassword(String password) {
- SecretKeyFactory factory;
-
- try {
- factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
- KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128);
- SecretKey tmp = factory.generateSecret(spec);
- SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES");
- return Base64Utils.encode(secret.getEncoded());
-
- } catch (Exception e) {
- log.info("Key generation form password failed.");
- return null;
- }
-
- }
+
+ public static String generateKeyFormPassword(String password) {
+ SecretKeyFactory factory;
+
+ try {
+ factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+ final KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128);
+ final SecretKey tmp = factory.generateSecret(spec);
+ final SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES");
+ return Base64Utils.encode(secret.getEncoded());
+
+ } catch (final Exception e) {
+ log.info("Key generation form password failed.");
+ return null;
+ }
+
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java
index eed4aa32f..a6c8b93b1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/DateTimeHelper.java
@@ -26,34 +26,32 @@ import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class DateTimeHelper {
- private static final Logger log = Logger.getLogger(DateTimeHelper.class);
-
- private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm";
-
- public static String getDateTime(Date date) {
- SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
- return f.format(date);
- }
-
- public static Date parseDateTime(String date) {
- SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
-
- if (MiscUtil.isNotEmpty(date)) {
-
- try {
- return f.parse(date);
-
- } catch (ParseException e) {
- log.warn("Parse DATETIME String " + date + " failed", e);
-
- }
- }
- return null;
- }
+ private static final String DATETIMEPATTERN = "dd.MM.yyy HH:mm";
+
+ public static String getDateTime(Date date) {
+ final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
+ return f.format(date);
+ }
+
+ public static Date parseDateTime(String date) {
+ final SimpleDateFormat f = new SimpleDateFormat(DATETIMEPATTERN);
+
+ if (MiscUtil.isNotEmpty(date)) {
+
+ try {
+ return f.parse(date);
+
+ } catch (final ParseException e) {
+ log.warn("Parse DATETIME String " + date + " failed", e);
+
+ }
+ }
+ return null;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
index b4afcb5f2..406acf001 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -26,77 +26,76 @@ import java.util.ArrayList;
import java.util.Date;
import java.util.List;
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
import at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType;
public class FormDataHelper {
- public static ArrayList<OAListElement> populateFormWithInderfederationIDPs(List<OnlineApplication> dbOAs) {
-
- ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>();
-
- for (OnlineApplication dboa : dbOAs) {
-
- if (dboa.isIsInterfederationIDP()!= null && dboa.isIsInterfederationIDP())
- formOAs.add(addOAFormListElement(dboa, ServiceType.IDP));
-
- else if (dboa.isIsInterfederationGateway()!= null && dboa.isIsInterfederationGateway())
- formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY));
-
- else if (dboa.getAuthComponentOA().getOASTORK() != null
- && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
- && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled())
- formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP));
- }
- return formOAs;
- }
-
- public static ArrayList<OAListElement> populateFormWithOAs(List<OnlineApplication> dbOAs) {
-
- ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>();
-
- for (OnlineApplication dboa : dbOAs) {
-
- if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) ||
- (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) ||
- (dboa.getAuthComponentOA().getOASTORK() != null
- && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
- && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) ||
- (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) {
- formOAs.add(addOAFormListElement(dboa, ServiceType.OA));
- }
- }
- return formOAs;
- }
-
- private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) {
- OAListElement listoa = new OAListElement(type);
- listoa.setActive(dboa.isIsActive());
- listoa.setDataBaseID(dboa.getHjid());
- listoa.setOaFriendlyName(dboa.getFriendlyName());
- listoa.setOaIdentifier(dboa.getPublicURLPrefix());
- listoa.setOaType(dboa.getType());
- return listoa;
- }
-
- public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) {
- ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>();
-
- for (UserDatabase dbuser : dbuserlist) {
-
- boolean ismandate = false;
- if (dbuser.isIsMandateUser() != null)
- ismandate = dbuser.isIsMandateUser();
-
- userlist.add(new AuthenticatedUser(dbuser,
- dbuser.isIsActive(),
- ismandate,
- false, null, null, new Date())
- );
- }
- return userlist;
- }
+ public static ArrayList<OAListElement> populateFormWithInderfederationIDPs(List<OnlineApplication> dbOAs) {
+
+ final ArrayList<OAListElement> formOAs = new ArrayList<>();
+
+ for (final OnlineApplication dboa : dbOAs) {
+
+ if (dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) {
+ formOAs.add(addOAFormListElement(dboa, ServiceType.IDP));
+ } else if (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) {
+ formOAs.add(addOAFormListElement(dboa, ServiceType.GWAY));
+ } else if (dboa.getAuthComponentOA().getOASTORK() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) {
+ formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP));
+ }
+ }
+ return formOAs;
+ }
+
+ public static ArrayList<OAListElement> populateFormWithOAs(List<OnlineApplication> dbOAs) {
+
+ final ArrayList<OAListElement> formOAs = new ArrayList<>();
+
+ for (final OnlineApplication dboa : dbOAs) {
+
+ if (!(dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP() ||
+ dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ||
+ dboa.getAuthComponentOA().getOASTORK() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() ||
+ dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway())) {
+ formOAs.add(addOAFormListElement(dboa, ServiceType.OA));
+ }
+ }
+ return formOAs;
+ }
+
+ private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) {
+ final OAListElement listoa = new OAListElement(type);
+ listoa.setActive(dboa.isIsActive());
+ listoa.setDataBaseID(dboa.getHjid());
+ listoa.setOaFriendlyName(dboa.getFriendlyName());
+ listoa.setOaIdentifier(dboa.getPublicURLPrefix());
+ listoa.setOaType(dboa.getType());
+ return listoa;
+ }
+
+ public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) {
+ final ArrayList<AuthenticatedUser> userlist = new ArrayList<>();
+
+ for (final UserDatabase dbuser : dbuserlist) {
+
+ boolean ismandate = false;
+ if (dbuser.isIsMandateUser() != null) {
+ ismandate = dbuser.isIsMandateUser();
+ }
+
+ userlist.add(new AuthenticatedUser(dbuser,
+ dbuser.isIsActive(),
+ ismandate,
+ false, null, null, new Date()));
+ }
+ return userlist;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java
index 29ab75b3e..d4f4d2129 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java
@@ -22,81 +22,73 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.helper;
+import java.text.MessageFormat;
+import java.util.Locale;
+import java.util.ResourceBundle;
+
+import javax.servlet.http.HttpServletRequest;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
-import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
-import javax.servlet.http.HttpServletRequest;
-import java.text.MessageFormat;
-import java.util.Locale;
-import java.util.ResourceBundle;
+@Slf4j
+public class LanguageHelper {
+ private static String errorLanguage(String code, Locale locale) {
+ return ResourceBundle.getBundle("applicationResources", locale).getString(code);
-import org.apache.log4j.Logger;
+ }
+ private static String guiLanguage(String code, Locale locale) {
+ return ResourceBundle.getBundle("applicationResources", locale).getString(code);
-public class LanguageHelper {
+ }
- private static Logger log = Logger.getLogger(LanguageHelper.class);
-
- private static String errorLanguage(String code, Locale locale) {
- return ResourceBundle.getBundle("applicationResources", locale).getString(code);
-
- }
+ public static String getGUIString(String code, HttpServletRequest request) {
+ return guiLanguage(code, getLangFromRequest(request));
+ }
- private static String guiLanguage(String code, Locale locale) {
- return ResourceBundle.getBundle("applicationResources", locale).getString(code);
-
- }
+ public static String getErrorString(String code, HttpServletRequest request) {
+ return errorLanguage(code, getLangFromRequest(request));
+ }
- public static String getGUIString(String code, HttpServletRequest request) {
- return guiLanguage(code, getLangFromRequest(request));
- }
+ public static String getGUIString(String code, String parameter, HttpServletRequest request) {
+ return MessageFormat.format(getGUIString(code, request), parameter);
+ }
+ public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) {
- public static String getErrorString(String code, HttpServletRequest request) {
- return errorLanguage(code, getLangFromRequest(request));
- }
+ return MessageFormat.format(getGUIString(code, request), parameter);
+ }
- public static String getGUIString(String code, String parameter, HttpServletRequest request) {
- return MessageFormat.format(getGUIString(code, request), parameter);
- }
+ private static Locale getLangFromRequest(HttpServletRequest request) {
+
+ Locale defaultLanguage = Locale.forLanguageTag("de");
- public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) {
+ try {
+ final ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance();
+ defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage());
- return MessageFormat.format(getGUIString(code, request), parameter);
+ } catch (final ConfigurationException e) {
+ log.error("Configuration exception while getting ConfigurationProvider instance", e);
}
-
- private static Locale getLangFromRequest(HttpServletRequest request) {
-
- Locale defaultLanguage = Locale.forLanguageTag("de");
-
- try {
- ConfigurationProvider configurationProvider = ConfigurationProvider.getInstance();
- defaultLanguage = Locale.forLanguageTag(configurationProvider.getDefaultLanguage());
-
- } catch (ConfigurationException e) {
- log.error("Configuration exception while getting ConfigurationProvider instance", e);
- }
-
-
- if (request == null) {
- return defaultLanguage;
-
- } else {
- Object obj = request.getSession().getAttribute(Constants.SESSION_I18n);
-
- if (obj != null && obj instanceof Locale) {
- return (Locale) obj;
-
- } else
- return defaultLanguage;
-
- }
-
+ if (request == null) {
+ return defaultLanguage;
+
+ } else {
+ final Object obj = request.getSession().getAttribute(Constants.SESSION_I18n);
+
+ if (obj != null && obj instanceof Locale) {
+ return (Locale) obj;
+
+ } else {
+ return defaultLanguage;
+ }
+
}
-}
+ }
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
index 8f3b8f479..5d1f663a9 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -41,7 +41,6 @@ import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.apache.commons.io.IOUtils;
-import org.apache.log4j.Logger;
import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
@@ -49,207 +48,213 @@ import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class MailHelper {
- private static final Logger log = Logger.getLogger(MailHelper.class);
-
- private static final String PATTERN_GIVENNAME = "#GIVENNAME#";
- private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#";
- private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#";
- private static final String PATTERN_DATE = "#TODAY_DATE#";
- private static final String PATTERN_OPENOAS = "#NUMBER_OAS#";
- private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#";
- private static final String PATTERN_OANAME = "#OANAME#";
-
- public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException {
-
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- String templateurl = config.getMailUserAcountVerificationTemplate();
-
- String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
-
- if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) {
- template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
- template = template.replace(PATTERN_FAMILYNAME, "");
-
- } else {
- template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
- template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
- }
-
- SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
- template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
-
- String verificationURL = config.getPublicUrlPreFix(null);
-
- if (!verificationURL.endsWith("/"))
- verificationURL = verificationURL + "/";
-
- verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION +
- "?" + Constants.REQUEST_USERREQUESTTOKKEN +
- "=" + userdb.getUserRequestTokken();
- template = template.replace(PATTERN_URL, verificationURL);
-
- sendMail(config, config.getMailUserAcountVerificationSubject(),
- userdb.getMail(), template);
-
- }
-
- public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- String templateurl = config.getMailAdminTemplate();
-
- String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
- template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs));
- template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers));
-
- SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
- template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
-
- sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template);
-
- }
-
- public static void sendUserAccountActivationMail(String givenname, String familyname, String institut, String mailurl) throws ConfigurationException {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- String templateurl = config.getMailUserAcountActivationTemplate();
-
- String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
- if (MiscUtil.isNotEmpty(institut)) {
- template = template.replace(PATTERN_GIVENNAME, institut);
- template = template.replace(PATTERN_FAMILYNAME, "");
-
- } else {
- template = template.replace(PATTERN_GIVENNAME, givenname);
- template = template.replace(PATTERN_FAMILYNAME, familyname);
- }
-
-
- SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
- template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
-
- String verificationURL = config.getPublicUrlPreFix(null);
- if (!verificationURL.endsWith("/"))
- verificationURL = verificationURL + "/";
-
- template = template.replace(PATTERN_URL, verificationURL);
-
- sendMail(config, config.getMailUserAcountActivationSubject(),
- mailurl, template);
- }
-
- public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname, String institut, String oaname, String mailurl) throws ConfigurationException {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- String templateurl = config.getMailOAActivationTemplate();
-
- String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
- if (MiscUtil.isNotEmpty(institut)) {
- template = template.replace(PATTERN_GIVENNAME, institut);
- template = template.replace(PATTERN_FAMILYNAME, "");
-
- } else {
- template = template.replace(PATTERN_GIVENNAME, givenname);
- template = template.replace(PATTERN_FAMILYNAME, familyname);
- }
-
- template = template.replace(PATTERN_OANAME, oaname);
-
- SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
- template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
-
- String verificationURL = config.getPublicUrlPreFix(null);
- if (!verificationURL.endsWith("/"))
- verificationURL = verificationURL + "/";
-
- template = template.replace(PATTERN_URL, verificationURL);
-
- sendMail(config, config.getMailOAActivationSubject(),
- mailurl, template);
- }
-
- public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- String templateurl = config.getMailUserAcountRevocationTemplate();
-
- String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
-
- if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) {
- template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
- template = template.replace(PATTERN_FAMILYNAME, "");
-
- } else {
- template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
- template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
- }
-
- SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
- template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
-
- sendMail(config, config.getMailUserAcountActivationSubject(),
- userdb.getMail(), template);
- }
-
- private static String readTemplateFromURL(String templateurl, String rootDir) throws ConfigurationException {
- InputStream input;
- try {
-
- URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir));
- input = keystoreURL.openStream();
- StringWriter writer = new StringWriter();
- IOUtils.copy(input, writer);
- input.close();
- return writer.toString();
-
- } catch (Exception e) {
- log.warn("Mailtemplate can not be read from source" + templateurl);
- throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl);
-
- }
- }
-
- private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content) throws ConfigurationException {
- try {
- log.debug("Sending mail.");
- MiscUtil.assertNotNull(subject, "subject");
- MiscUtil.assertNotNull(recipient, "recipient");
- MiscUtil.assertNotNull(content, "content");
-
- Properties props = new Properties();
- props.setProperty("mail.transport.protocol", "smtp");
- props.setProperty("mail.host", config.getSMTPMailHost());
- log.trace("Mail host: " + config.getSMTPMailHost());
- if (config.getSMTPMailPort() != null) {
- log.trace("Mail port: " + config.getSMTPMailPort());
- props.setProperty("mail.port", config.getSMTPMailPort());
- }
- if (config.getSMTPMailUsername() != null) {
- log.trace("Mail user: " + config.getSMTPMailUsername());
- props.setProperty("mail.user", config.getSMTPMailUsername());
- }
- if (config.getSMTPMailPassword() != null) {
- log.trace("Mail password: " + config.getSMTPMailPassword());
- props.setProperty("mail.password", config.getSMTPMailPassword());
- }
-
- Session mailSession = Session.getDefaultInstance(props, null);
- Transport transport = mailSession.getTransport();
-
- MimeMessage message = new MimeMessage(mailSession);
- message.setSubject(subject);
- log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress());
- message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName()));
- log.trace("Recipient: " + recipient);
- message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient));
-
- log.trace("Creating multipart content of mail.");
- MimeMultipart multipart = new MimeMultipart("related");
-
- log.trace("Adding first part (html)");
- BodyPart messageBodyPart = new MimeBodyPart();
- messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15");
- multipart.addBodyPart(messageBodyPart);
-
+ private static final String PATTERN_GIVENNAME = "#GIVENNAME#";
+ private static final String PATTERN_FAMILYNAME = "#FAMILYNAME#";
+ private static final String PATTERN_URL = "#MANDATE_SERVICE_LINK#";
+ private static final String PATTERN_DATE = "#TODAY_DATE#";
+ private static final String PATTERN_OPENOAS = "#NUMBER_OAS#";
+ private static final String PATTERN_OPENUSERS = "#NUMBER_USERSS#";
+ private static final String PATTERN_OANAME = "#OANAME#";
+
+ public static void sendUserMailAddressVerification(UserDatabase userdb) throws ConfigurationException {
+
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ final String templateurl = config.getMailUserAcountVerificationTemplate();
+
+ String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
+
+ if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
+ template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
+ }
+
+ final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+
+ if (!verificationURL.endsWith("/")) {
+ verificationURL = verificationURL + "/";
+ }
+
+ verificationURL = verificationURL + Constants.SERVLET_ACCOUNTVERIFICATION +
+ "?" + Constants.REQUEST_USERREQUESTTOKKEN +
+ "=" + userdb.getUserRequestTokken();
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailUserAcountVerificationSubject(),
+ userdb.getMail(), template);
+
+ }
+
+ public static void sendAdminMail(int numOpenOAs, int numOpenUsers) throws ConfigurationException {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ final String templateurl = config.getMailAdminTemplate();
+
+ String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
+ template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs));
+ template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers));
+
+ final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ sendMail(config, config.getMailAdminSubject(), config.getMailAdminAddress(), template);
+
+ }
+
+ public static void sendUserAccountActivationMail(String givenname, String familyname, String institut,
+ String mailurl) throws ConfigurationException {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ final String templateurl = config.getMailUserAcountActivationTemplate();
+
+ String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
+ if (MiscUtil.isNotEmpty(institut)) {
+ template = template.replace(PATTERN_GIVENNAME, institut);
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, givenname);
+ template = template.replace(PATTERN_FAMILYNAME, familyname);
+ }
+
+ final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+ if (!verificationURL.endsWith("/")) {
+ verificationURL = verificationURL + "/";
+ }
+
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailUserAcountActivationSubject(),
+ mailurl, template);
+ }
+
+ public static void sendUserOnlineApplicationActivationMail(String givenname, String familyname,
+ String institut, String oaname, String mailurl) throws ConfigurationException {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ final String templateurl = config.getMailOAActivationTemplate();
+
+ String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
+ if (MiscUtil.isNotEmpty(institut)) {
+ template = template.replace(PATTERN_GIVENNAME, institut);
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, givenname);
+ template = template.replace(PATTERN_FAMILYNAME, familyname);
+ }
+
+ template = template.replace(PATTERN_OANAME, oaname);
+
+ final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ String verificationURL = config.getPublicUrlPreFix(null);
+ if (!verificationURL.endsWith("/")) {
+ verificationURL = verificationURL + "/";
+ }
+
+ template = template.replace(PATTERN_URL, verificationURL);
+
+ sendMail(config, config.getMailOAActivationSubject(),
+ mailurl, template);
+ }
+
+ public static void sendUserAccountRevocationMail(UserDatabase userdb) throws ConfigurationException {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ final String templateurl = config.getMailUserAcountRevocationTemplate();
+
+ String template = readTemplateFromURL(templateurl, config.getConfigRootDir());
+
+ if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut());
+ template = template.replace(PATTERN_FAMILYNAME, "");
+
+ } else {
+ template = template.replace(PATTERN_GIVENNAME, userdb.getGivenname());
+ template = template.replace(PATTERN_FAMILYNAME, userdb.getFamilyname());
+ }
+
+ final SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy");
+ template = template.replace(PATTERN_DATE, dateformat.format(new Date()));
+
+ sendMail(config, config.getMailUserAcountActivationSubject(),
+ userdb.getMail(), template);
+ }
+
+ private static String readTemplateFromURL(String templateurl, String rootDir)
+ throws ConfigurationException {
+ InputStream input;
+ try {
+
+ final URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir));
+ input = keystoreURL.openStream();
+ final StringWriter writer = new StringWriter();
+ IOUtils.copy(input, writer);
+ input.close();
+ return writer.toString();
+
+ } catch (final Exception e) {
+ log.warn("Mailtemplate can not be read from source" + templateurl);
+ throw new ConfigurationException("Mailtemplate can not be read from source" + templateurl);
+
+ }
+ }
+
+ private static void sendMail(ConfigurationProvider config, String subject, String recipient, String content)
+ throws ConfigurationException {
+ try {
+ log.debug("Sending mail.");
+ MiscUtil.assertNotNull(subject, "subject");
+ MiscUtil.assertNotNull(recipient, "recipient");
+ MiscUtil.assertNotNull(content, "content");
+
+ final Properties props = new Properties();
+ props.setProperty("mail.transport.protocol", "smtp");
+ props.setProperty("mail.host", config.getSMTPMailHost());
+ log.trace("Mail host: " + config.getSMTPMailHost());
+ if (config.getSMTPMailPort() != null) {
+ log.trace("Mail port: " + config.getSMTPMailPort());
+ props.setProperty("mail.port", config.getSMTPMailPort());
+ }
+ if (config.getSMTPMailUsername() != null) {
+ log.trace("Mail user: " + config.getSMTPMailUsername());
+ props.setProperty("mail.user", config.getSMTPMailUsername());
+ }
+ if (config.getSMTPMailPassword() != null) {
+ log.trace("Mail password: " + config.getSMTPMailPassword());
+ props.setProperty("mail.password", config.getSMTPMailPassword());
+ }
+
+ final Session mailSession = Session.getDefaultInstance(props, null);
+ final Transport transport = mailSession.getTransport();
+
+ final MimeMessage message = new MimeMessage(mailSession);
+ message.setSubject(subject);
+ log.trace("Mail from: " + config.getMailFromName() + "/" + config.getMailFromAddress());
+ message.setFrom(new InternetAddress(config.getMailFromAddress(), config.getMailFromName()));
+ log.trace("Recipient: " + recipient);
+ message.addRecipient(Message.RecipientType.TO, new InternetAddress(recipient));
+
+ log.trace("Creating multipart content of mail.");
+ final MimeMultipart multipart = new MimeMultipart("related");
+
+ log.trace("Adding first part (html)");
+ final BodyPart messageBodyPart = new MimeBodyPart();
+ messageBodyPart.setContent(content, "text/html; charset=ISO-8859-15");
+ multipart.addBodyPart(messageBodyPart);
+
// log.trace("Adding mail images");
// messageBodyPart = new MimeBodyPart();
// for (Image image : images) {
@@ -257,20 +262,20 @@ public class MailHelper {
// messageBodyPart.setHeader("Content-ID", "<" + image.getContentId() + ">");
// multipart.addBodyPart(messageBodyPart);
// }
-
- message.setContent(multipart);
- transport.connect();
- log.trace("Sending mail message.");
- transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO));
- log.trace("Successfully sent.");
- transport.close();
-
- } catch(MessagingException e) {
- throw new ConfigurationException(e);
-
- } catch (UnsupportedEncodingException e) {
- throw new ConfigurationException(e);
-
- }
- }
+
+ message.setContent(multipart);
+ transport.connect();
+ log.trace("Sending mail message.");
+ transport.sendMessage(message, message.getRecipients(Message.RecipientType.TO));
+ log.trace("Successfully sent.");
+ transport.close();
+
+ } catch (final MessagingException e) {
+ throw new ConfigurationException(e);
+
+ } catch (final UnsupportedEncodingException e) {
+ throw new ConfigurationException(e);
+
+ }
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java
index 53afa59a0..be4cab9d7 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java
@@ -26,37 +26,35 @@ import java.io.UnsupportedEncodingException;
public class StringHelper {
- public static String formatText(String strGivenText)
- {
- StringBuffer sbFormattedText = new StringBuffer(strGivenText);
-
- for(int i=0; i<sbFormattedText.length(); i++)
- {
- if(sbFormattedText.charAt(i) == '\n') {
- sbFormattedText.deleteCharAt(i);
- i--;
- }
-
- if(sbFormattedText.charAt(i) == '\r') {
- sbFormattedText.deleteCharAt(i);
- i--;
- }
-
- if(sbFormattedText.charAt(i) == '\t') {
- sbFormattedText.deleteCharAt(i);
- i--;
- }
- }
- return sbFormattedText.toString();
+ public static String formatText(String strGivenText) {
+ final StringBuffer sbFormattedText = new StringBuffer(strGivenText);
+
+ for (int i = 0; i < sbFormattedText.length(); i++) {
+ if (sbFormattedText.charAt(i) == '\n') {
+ sbFormattedText.deleteCharAt(i);
+ i--;
+ }
+
+ if (sbFormattedText.charAt(i) == '\r') {
+ sbFormattedText.deleteCharAt(i);
+ i--;
+ }
+
+ if (sbFormattedText.charAt(i) == '\t') {
+ sbFormattedText.deleteCharAt(i);
+ i--;
+ }
+ }
+ return sbFormattedText.toString();
+ }
+
+ public static String getUTF8String(String input) {
+ try {
+ return new String(input.getBytes(), "UTF-8");
+
+ } catch (final UnsupportedEncodingException e) {
+ e.printStackTrace();
+ return input;
}
-
- public static String getUTF8String(String input) {
- try {
- return new String(input.getBytes(), "UTF-8");
-
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
- return input;
- }
- }
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
index 9bbbe3df0..a34a516df 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java
@@ -26,7 +26,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
@@ -38,100 +37,106 @@ import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class BasicAction extends ActionSupport implements ServletRequestAware,
- ServletResponseAware {
-
- private static final long serialVersionUID = 7478261301859056771L;
- private static Logger log = Logger.getLogger(BasicAction.class);
-
- protected HttpServletRequest request;
- protected HttpServletResponse response;
- protected ConfigurationProvider configuration = null;
- protected AuthenticatedUser authUser = null;
- protected HttpSession session = null;
- protected String formID;
-
- protected static boolean isMoaidMode = false;
-
- public BasicAction() {
- try {
- isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
- } catch (ConfigurationException e) {
- log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e);
- }
- }
-
-
- protected void populateBasicInformations() throws BasicActionException {
- try {
- configuration = ConfigurationProvider.getInstance();
-
- session = request.getSession();
- Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
- if (authUserObj instanceof AuthenticatedUser)
- authUser = (AuthenticatedUser) authUserObj;
-
- } catch (ConfigurationException e) {
- log.warn("An internal error occurs.", e);
- addActionError(LanguageHelper.getErrorString("error.login.internal", request));
- throw new BasicActionException(LanguageHelper.getErrorString("error.login.internal", request), e);
-
- }
- }
-
- public String getConfigToolVersion() {
- return configuration.getConfigToolVersion();
- }
-
- /**
- * @return the authUser
- */
- public AuthenticatedUser getAuthUser() {
- return authUser;
- }
-
- /* (non-Javadoc)
- * @see org.apache.struts2.interceptor.ServletResponseAware#setServletResponse(javax.servlet.http.HttpServletResponse)
- */
- @Override
- public void setServletResponse(HttpServletResponse arg0) {
- this.response = arg0;
-
- }
-
- /* (non-Javadoc)
- * @see org.apache.struts2.interceptor.ServletRequestAware#setServletRequest(javax.servlet.http.HttpServletRequest)
- */
- @Override
- public void setServletRequest(HttpServletRequest arg0) {
- this.request = arg0;
-
- }
-
- /**
- * @return the formID
- */
- public String getFormID() {
- return formID;
+ ServletResponseAware {
+
+ private static final long serialVersionUID = 7478261301859056771L;
+
+ protected HttpServletRequest request;
+ protected HttpServletResponse response;
+ protected ConfigurationProvider configuration = null;
+ protected AuthenticatedUser authUser = null;
+ protected HttpSession session = null;
+ protected String formID;
+
+ protected static boolean isMoaidMode = false;
+
+ public BasicAction() {
+ try {
+ isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (final ConfigurationException e) {
+ log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e);
}
+ }
+
+ protected void populateBasicInformations() throws BasicActionException {
+ try {
+ configuration = ConfigurationProvider.getInstance();
+
+ session = request.getSession();
+ final Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ if (authUserObj instanceof AuthenticatedUser) {
+ authUser = (AuthenticatedUser) authUserObj;
+ }
+
+ } catch (final ConfigurationException e) {
+ log.warn("An internal error occurs.", e);
+ addActionError(LanguageHelper.getErrorString("error.login.internal", request));
+ throw new BasicActionException(LanguageHelper.getErrorString("error.login.internal", request), e);
- /**
- * @param formID the formID to set
- */
- public void setFormID(String formID) {
- this.formID = formID;
}
+ }
+
+ public String getConfigToolVersion() {
+ return configuration.getConfigToolVersion();
+ }
+
+ /**
+ * @return the authUser
+ */
+ public AuthenticatedUser getAuthUser() {
+ return authUser;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.apache.struts2.interceptor.ServletResponseAware#setServletResponse(javax.
+ * servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void setServletResponse(HttpServletResponse arg0) {
+ this.response = arg0;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * org.apache.struts2.interceptor.ServletRequestAware#setServletRequest(javax.
+ * servlet.http.HttpServletRequest)
+ */
+ @Override
+ public void setServletRequest(HttpServletRequest arg0) {
+ this.request = arg0;
+
+ }
+
+ /**
+ * @return the formID
+ */
+ public String getFormID() {
+ return formID;
+ }
+ /**
+ * @param formID the formID to set
+ */
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
- public static boolean isMoaidMode() {
- return isMoaidMode;
- }
-
-
+ public static boolean isMoaidMode() {
+ return isMoaidMode;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 20db561d6..ce975bd91 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -39,15 +39,14 @@ import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
-import org.apache.log4j.Logger;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
+import at.gv.egiz.eaaf.core.impl.gui.AbstractGUIFormBuilderConfiguration;
import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.Random;
-import at.gv.egovernment.moa.id.auth.frontend.builder.AbstractServiceProviderSpecificGUIFormBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
import at.gv.egovernment.moa.id.commons.config.ConfigurationMigrationUtils;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
@@ -69,152 +68,156 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.utils.URLDecoder;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class BasicOAAction extends BasicAction {
- private static final long serialVersionUID = 5676123696807646246L;
- private final Logger log = Logger.getLogger(BasicOAAction.class);
-
- protected LinkedHashMap<String, IOnlineApplicationData> formList;
- protected long oaid = -1;
-
- private String oaidobj;
- private boolean newOA;
- private boolean isMetaDataRefreshRequired = false;
-
- private InputStream stream = null;
-
-
-
- /**
- *
- */
- public BasicOAAction() {
- super();
-
- formList = new LinkedHashMap<String, IOnlineApplicationData>();
-
- OAGeneralConfig generalOA = new OAGeneralConfig();
- formList.put(generalOA.getName(), generalOA);
-
- }
-
- protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{
- if (!ValidationHelper.validateOAID(oaidobj)) {
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
- Constants.STRUTS_ERROR);
-
+ private static final long serialVersionUID = 5676123696807646246L;
+
+ protected LinkedHashMap<String, IOnlineApplicationData> formList;
+ protected long oaid = -1;
+
+ private String oaidobj;
+ private boolean newOA;
+ private boolean isMetaDataRefreshRequired = false;
+
+ private InputStream stream = null;
+
+ /**
+ *
+ */
+ public BasicOAAction() {
+ super();
+
+ formList = new LinkedHashMap<>();
+
+ final OAGeneralConfig generalOA = new OAGeneralConfig();
+ formList.put(generalOA.getName(), generalOA);
+
+ }
+
+ protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException {
+ if (!ValidationHelper.validateOAID(oaidobj)) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+
+ }
+ oaid = Long.valueOf(oaidobj);
+
+ UserDatabase userdb = null;
+ OnlineApplication onlineapplication = null;
+
+ if (authUser.isAdmin()) {
+ onlineapplication = configuration.getDbRead().getOnlineApplication(oaid);
+ } else {
+ userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb
+ .isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+
+ }
+
+ // TODO: change to direct Database operation
+ final List<String> oas = userdb.getOnlineApplication();
+ for (final String oa : oas) {
+ if (oa.equals(oaid)) {
+ onlineapplication = configuration.getDbRead().getOnlineApplication(oaid);
+ break;
}
- oaid = Long.valueOf(oaidobj);
+ }
+ if (onlineapplication == null) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+ }
- UserDatabase userdb = null;
- OnlineApplication onlineapplication = null;
+ return onlineapplication;
- if (authUser.isAdmin())
- onlineapplication = configuration.getDbRead().getOnlineApplication(oaid);
+ }
- else {
- userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+ protected void populateBasicNewOnlineApplicationInformation() {
+ session.setAttribute(Constants.SESSION_OAID, null);
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("error.editoa.mailverification", request),
- Constants.STRUTS_SUCCESS);
+ setNewOA(true);
- }
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
+ }
- // TODO: change to direct Database operation
- List<String> oas = userdb.getOnlineApplication();
- for (String oa : oas) {
- if (oa.equals(oaid)) {
- onlineapplication = configuration.getDbRead().getOnlineApplication(oaid);
- break;
- }
- }
- if (onlineapplication == null) {
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
- Constants.STRUTS_ERROR);
- }
+ protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication,
+ boolean persistOA) throws BasicOAActionException {
+ if (onlineapplication == null) {
+ onlineapplication = new OnlineApplication();
+ onlineapplication.setIsNew(true);
+ onlineapplication.setIsActive(false);
+
+ if (!authUser.isAdmin()) {
+ onlineapplication.setIsAdminRequired(true);
+
+ } else {
+ isMetaDataRefreshRequired = true;
+ }
+
+ } else {
+ onlineapplication.setIsNew(false);
+ if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA()
+ .getIdentifier())) {
+
+ onlineapplication.setIsAdminRequired(true);
+ onlineapplication.setIsActive(false);
+ log.info("User with ID " + authUser.getUserID()
+ + " change OA-PublicURLPrefix. Reaktivation is required.");
+ }
+
+ }
+
+ if (onlineapplication.isIsAdminRequired() == null
+ || authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired()) {
+
+ onlineapplication.setIsAdminRequired(false);
+ isMetaDataRefreshRequired = true;
+
+ UserDatabase userdb = null;
+ if (onlineapplication.getHjid() != null) {
+ userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid());
+ }
+
+ if (userdb != null && !userdb.isIsAdmin()) {
+ try {
+ MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(),
+ userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail());
+ } catch (final ConfigurationException e) {
+ log.warn("Sending Mail to User " + userdb.getMail() + " failed", e);
}
-
- return onlineapplication;
-
- }
-
- protected void populateBasicNewOnlineApplicationInformation() {
- session.setAttribute(Constants.SESSION_OAID, null);
-
- setNewOA(true);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null);
+ }
+ }
+
+ // save OA configuration
+ final String error = saveOAConfigToDatabase(onlineapplication, persistOA);
+ if (MiscUtil.isNotEmpty(error)) {
+ log.warn("OA configuration can not be stored!");
+ addActionError(error);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION);
}
-
- protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication, boolean persistOA) throws BasicOAActionException {
- if (onlineapplication == null) {
- onlineapplication = new OnlineApplication();
- onlineapplication.setIsNew(true);
- onlineapplication.setIsActive(false);
-
- if (!authUser.isAdmin()) {
- onlineapplication.setIsAdminRequired(true);
-
- } else
- isMetaDataRefreshRequired = true;
-
- } else {
- onlineapplication.setIsNew(false);
- if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) {
-
- onlineapplication.setIsAdminRequired(true);
- onlineapplication.setIsActive(false);
- log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required.");
- }
-
- }
-
- if ((onlineapplication.isIsAdminRequired() == null)
- || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) {
-
- onlineapplication.setIsAdminRequired(false);
- isMetaDataRefreshRequired = true;
-
- UserDatabase userdb = null;
- if (onlineapplication.getHjid() != null)
- userdb = configuration.getUserManagement().getUsersWithOADBID(onlineapplication.getHjid());
-
- if (userdb != null && !userdb.isIsAdmin()) {
- try {
- MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(),
- userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail());
- } catch (ConfigurationException e) {
- log.warn("Sending Mail to User " + userdb.getMail() + " failed", e);
- }
- }
- }
-
- //save OA configuration
- String error = saveOAConfigToDatabase(onlineapplication, persistOA);
- if (MiscUtil.isNotEmpty(error)) {
- log.warn("OA configuration can not be stored!");
- addActionError(error);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION);
- }
// //set metadata reload flag if reload is required
-//
+//
// if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) {
//
// try {
@@ -234,290 +237,302 @@ public class BasicOAAction extends BasicAction {
// }
//
// }
-
- return onlineapplication;
- }
-
- protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException {
- try {
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- throw new BasicOAActionException(
- "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID(),
- Constants.STRUTS_ERROR);
- }
- } else {
- throw new BasicOAActionException(
- "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID(),
- Constants.STRUTS_ERROR);
-
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("error.editoa.mailverification", request),
- Constants.STRUTS_SUCCESS);
- }
-
- OnlineApplication onlineapplication = null;
-
- Long oaid = getOAIDFromSession();
-
- // valid DBID and check entry
- OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName()));
- String oaidentifier = oaGeneralForm.getIdentifier();
- if (MiscUtil.isEmpty(oaidentifier)) {
- log.info("Empty OA identifier");
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
- Constants.STRUTS_ERROR_VALIDATION);
-
- } else {
-
- if (!ValidationHelper.validateURL(oaidentifier)) {
- log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request),
- Constants.STRUTS_ERROR_VALIDATION);
-
- } else {
-
- if (oaid == -1) {
- List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications();
-
- if (oaList != null) {
- for (OnlineApplication el : oaList) {
- if (el.getPublicURLPrefix().startsWith(oaidentifier) )
- onlineapplication = el;
-
- }
- }
-
- if (onlineapplication == null) {
- onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier);
-
- }
-
- if (onlineapplication != null) {
- log.info("The OAIdentifier is not unique");
- throw new BasicOAActionException(
- LanguageHelper.getErrorString(
- "validation.general.oaidentifier.notunique",
- new Object[]{onlineapplication.getPublicURLPrefix()},
- request),
- Constants.STRUTS_ERROR_VALIDATION);
-
- } else
- setNewOA(true);
-
- } else {
- onlineapplication = configuration.getDbRead().getOnlineApplication(oaid);
- if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
-
- OnlineApplication dbOA = null;
- List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications();
- for (OnlineApplication el : oaList) {
- if (el.getPublicURLPrefix().startsWith(oaidentifier) )
- dbOA = el;
-
- }
- if (dbOA == null)
- dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier);
-
- if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) {
- log.info("The OAIdentifier is not unique");
- throw new BasicOAActionException(
- LanguageHelper.getErrorString(
- "validation.general.oaidentifier.notunique",
- new Object[]{dbOA.getPublicURLPrefix()},
- request),
- Constants.STRUTS_ERROR_VALIDATION);
-
- }
- }
- }
- }
- }
-
- return onlineapplication;
-
- } catch (BasicOAActionException e) {
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- throw e;
- }
-
- }
-
- protected Long getOAIDFromSession() throws BasicOAActionException {
- Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID);
- Long oaid = (long) -1;
-
- if (oadbid != null) {
- try {
- oaid = (Long) oadbid;
- if (oaid < 0 || oaid > Long.MAX_VALUE) {
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
- Constants.STRUTS_ERROR);
+
+ return onlineapplication;
+ }
+
+ protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException {
+ try {
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+ }
+ } else {
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb
+ .isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+ }
+
+ OnlineApplication onlineapplication = null;
+
+ final Long oaid = getOAIDFromSession();
+
+ // valid DBID and check entry
+ final OAGeneralConfig oaGeneralForm = (OAGeneralConfig) formList.get(new OAGeneralConfig().getName());
+ final String oaidentifier = oaGeneralForm.getIdentifier();
+ if (MiscUtil.isEmpty(oaidentifier)) {
+ log.info("Empty OA identifier");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+
+ if (!ValidationHelper.validateURL(oaidentifier)) {
+ log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier);
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+
+ if (oaid == -1) {
+ final List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications();
+
+ if (oaList != null) {
+ for (final OnlineApplication el : oaList) {
+ if (el.getPublicURLPrefix().startsWith(oaidentifier)) {
+ onlineapplication = el;
}
- } catch (Throwable t) {
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
- Constants.STRUTS_ERROR);
+ }
+ }
+
+ if (onlineapplication == null) {
+ onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier);
+
}
+
+ if (onlineapplication != null) {
+ log.info("The OAIdentifier is not unique");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString(
+ "validation.general.oaidentifier.notunique",
+ new Object[] { onlineapplication.getPublicURLPrefix() },
+ request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ } else {
+ setNewOA(true);
+ }
+
+ } else {
+ onlineapplication = configuration.getDbRead().getOnlineApplication(oaid);
+ if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
+
+ OnlineApplication dbOA = null;
+ final List<OnlineApplication> oaList = configuration.getDbRead().getAllOnlineApplications();
+ for (final OnlineApplication el : oaList) {
+ if (el.getPublicURLPrefix().startsWith(oaidentifier)) {
+ dbOA = el;
+ }
+
+ }
+ if (dbOA == null) {
+ dbOA = configuration.getDbRead().getOnlineApplication(oaidentifier);
+ }
+
+ if (dbOA != null && !dbOA.getHjid().equals(oaid)) {
+ log.info("The OAIdentifier is not unique");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString(
+ "validation.general.oaidentifier.notunique",
+ new Object[] { dbOA.getPublicURLPrefix() },
+ request),
+ Constants.STRUTS_ERROR_VALIDATION);
+
+ }
+ }
+ }
}
-
- return oaid;
+ }
+
+ return onlineapplication;
+
+ } catch (final BasicOAActionException e) {
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw e;
}
-
- protected String preProcessDeleteOnlineApplication() throws BasicOAActionException {
- try {
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- throw new BasicOAActionException(
- "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID(),
- Constants.STRUTS_ERROR);
-
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID());
- throw new BasicOAActionException(
- "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
- + authUser.getGivenName() + authUser.getUserID(),
- Constants.STRUTS_ERROR);
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID());
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("error.editoa.mailverification", request),
- Constants.STRUTS_SUCCESS);
-
- }
-
- String oaidentifier = getGeneralOA().getIdentifier();
- if (MiscUtil.isEmpty(oaidentifier)) {
- log.info("Empty OA identifier");
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
- Constants.STRUTS_ERROR_VALIDATION);
-
- } else {
- if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- throw new BasicOAActionException(
- LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
- new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request),
- Constants.STRUTS_ERROR_VALIDATION);
- }
- }
-
- return oaidentifier;
-
- } catch (BasicOAActionException e) {
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- throw e;
- }
+
+ }
+
+ protected Long getOAIDFromSession() throws BasicOAActionException {
+ final Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID);
+ Long oaid = (long) -1;
+
+ if (oadbid != null) {
+ try {
+ oaid = (Long) oadbid;
+ if (oaid < 0 || oaid > Long.MAX_VALUE) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
+
+ } catch (final Throwable t) {
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("errors.edit.oa.oaid", request),
+ Constants.STRUTS_ERROR);
+ }
}
-
- private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) {
-
- for (IOnlineApplicationData form : formList.values())
- form.store(dboa, authUser, request);
-
- try {
- if (dboa.isIsNew()) {
- if (!authUser.isAdmin()) {
- UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID());
- List<String> useroas = user.getOnlineApplication();
- if (useroas == null) useroas = new ArrayList<String>();
+ return oaid;
+ }
+
+ protected String preProcessDeleteOnlineApplication() throws BasicOAActionException {
+ try {
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser
+ .getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
- useroas.add(String.valueOf(dboa.getHjid()));
- configuration.getUserManagement().saveOrUpdate(user);
-
- } else {
- if (persistOA)
- save(dboa);
-
- }
-
- } else
- if (persistOA)
- save(dboa);
-
- } catch (MOADatabaseException e) {
- log.warn("Online-Application can not be stored.", e);
- return LanguageHelper.getErrorString("error.db.oa.store", request);
}
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID());
+ throw new BasicOAActionException(
+ "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName()
+ + authUser.getGivenName() + authUser.getUserID(),
+ Constants.STRUTS_ERROR);
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb
+ .isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("error.editoa.mailverification", request),
+ Constants.STRUTS_SUCCESS);
+
+ }
+
+ final String oaidentifier = getGeneralOA().getIdentifier();
+ if (MiscUtil.isEmpty(oaidentifier)) {
+ log.info("Empty OA identifier");
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request),
+ Constants.STRUTS_ERROR_VALIDATION);
- return null;
+ } else {
+ if (ValidationHelper.isValidOAIdentifier(oaidentifier)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier);
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw new BasicOAActionException(
+ LanguageHelper.getErrorString("validation.general.oaidentifier.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request),
+ Constants.STRUTS_ERROR_VALIDATION);
+ }
+ }
+
+ return oaidentifier;
+
+ } catch (final BasicOAActionException e) {
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ throw e;
+ }
+ }
+
+ private String saveOAConfigToDatabase(OnlineApplication dboa, boolean persistOA) {
+
+ for (final IOnlineApplicationData form : formList.values()) {
+ form.store(dboa, authUser, request);
}
-
- protected void save(OnlineApplication oa) throws MOADatabaseException {
- try {
- STORK storkConfig = null;
- try {
- MOAIDConfiguration moaidConfig =
- ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
-
- storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK();
-
- } catch (Exception e) {
-
- }
-
- log.debug("JaxB to Key/Value configuration transformation started ...");
- Map<String, String> keyValueConfig =
- ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig);
-
- log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ...");
-
- String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES);
- if (MiscUtil.isEmpty(serviceIdentifier)) {
- log.info("Use default ServiceIdentifier.");
- serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA;
- }
-
- if (oa.getHjid() == null) {
- log.debug("No hjID -> find new Service ID ...");
- String hjID = configuration.getConfigModule().buildArrayIdentifier(
- MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig);
- log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix());
- oa.setHjid(Long.valueOf(hjID));
-
- } else {
- //TODO: work-around for old config tool and new key/value configuration
- //see: NewConfigurationDBRead.java Line 81
+
+ try {
+ if (dboa.isIsNew()) {
+ if (!authUser.isAdmin()) {
+ final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+
+ List<String> useroas = user.getOnlineApplication();
+ if (useroas == null) {
+ useroas = new ArrayList<>();
+ }
+
+ useroas.add(String.valueOf(dboa.getHjid()));
+ configuration.getUserManagement().saveOrUpdate(user);
+
+ } else {
+ if (persistOA) {
+ save(dboa);
+ }
+
+ }
+
+ } else if (persistOA) {
+ save(dboa);
+ }
+
+ } catch (final MOADatabaseException e) {
+ log.warn("Online-Application can not be stored.", e);
+ return LanguageHelper.getErrorString("error.db.oa.store", request);
+ }
+
+ return null;
+ }
+
+ protected void save(OnlineApplication oa) throws MOADatabaseException {
+ try {
+ STORK storkConfig = null;
+ try {
+ final MOAIDConfiguration moaidConfig =
+ ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration();
+
+ storkConfig = moaidConfig.getAuthComponentGeneral().getForeignIdentities().getSTORK();
+
+ } catch (final Exception e) {
+
+ }
+
+ log.debug("JaxB to Key/Value configuration transformation started ...");
+ final Map<String, String> keyValueConfig =
+ ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(oa, storkConfig);
+
+ log.debug(
+ "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ...");
+
+ String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES);
+ if (MiscUtil.isEmpty(serviceIdentifier)) {
+ log.info("Use default ServiceIdentifier.");
+ serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA;
+ }
+
+ if (oa.getHjid() == null) {
+ log.debug("No hjID -> find new Service ID ...");
+ final String hjID = configuration.getConfigModule().buildArrayIdentifier(
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier, 0, keyValueConfig);
+ log.debug("Find new hjID: " + hjID + " for service: " + oa.getPublicURLPrefix());
+ oa.setHjid(Long.valueOf(hjID));
+
+ } else {
+ // TODO: work-around for old config tool and new key/value configuration
+ // see: NewConfigurationDBRead.java Line 81
// if (oa.getHjid() > 1000000) {
-// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY))
+// if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_GATEWAY))
// oa.setHjid(oa.getHjid() - 1000000);
// else if (serviceIdentifier.equals(MOAIDConfigurationConstants.PREFIX_IIDP))
// oa.setHjid(oa.getHjid() - 2000000);
@@ -525,208 +540,210 @@ public class BasicOAAction extends BasicAction {
// oa.setHjid(oa.getHjid() - 3000000);
// else
// log.warn("Inconsistent state found! Service Identifier for OA found but Hjid is > 1000000.");
-//
+//
// }
-
- }
-
- Map<String, String> absolutKeyValue = KeyValueUtils.makeKeysAbsolut(
- keyValueConfig,
- MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(oa.getHjid()),
- MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
-
- configuration.getConfigModule().storeChanges(absolutKeyValue, null, null);
-
- log.info("MOA-ID Service Key/Value configuration successfull stored.");
-
-
- } catch (ConfigurationStorageException | at.gv.egiz.components.configuration.api.ConfigurationException e) {
- log.warn("MOAID Configuration can not be stored in Database", e);
- throw new MOADatabaseException(e.getMessage(), e);
-
- }
-
+
+ }
+
+ final Map<String, String> absolutKeyValue = KeyValueUtils.makeKeysAbsolut(
+ keyValueConfig,
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(
+ oa.getHjid()),
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES);
+
+ configuration.getConfigModule().storeChanges(absolutKeyValue, null, null);
+
+ log.info("MOA-ID Service Key/Value configuration successfull stored.");
+
+ } catch (ConfigurationStorageException
+ | at.gv.egiz.components.configuration.api.ConfigurationException e) {
+ log.warn("MOAID Configuration can not be stored in Database", e);
+ throw new MOADatabaseException(e.getMessage(), e);
+
}
-
- protected boolean delete(OnlineApplication onlineapplication) {
- try {
- log.debug("JaxB to Key/Value configuration transformation started ...");
- Map<String, String> keyValueConfig =
- ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null);
-
- log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ...");
-
- String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES);
- if (MiscUtil.isEmpty(serviceIdentifier)) {
- log.info("Use default ServiceIdentifier.");
- serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA;
- }
-
- String deleteServiceKey =
- MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(onlineapplication.getHjid()) + ".*";
-
- configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[]{deleteServiceKey}));
-
- log.info("MOA-ID Service Key/Value configuration successfull stored.");
- return true;
-
- } catch (ConfigurationStorageException e) {
- log.warn("MOAID Configuration can not be stored in Database", e);
-
- }
-
- return false;
-
+
+ }
+
+ protected boolean delete(OnlineApplication onlineapplication) {
+ try {
+ log.debug("JaxB to Key/Value configuration transformation started ...");
+ final Map<String, String> keyValueConfig =
+ ConfigurationMigrationUtils.convertHyberJaxBOnlineApplicationToKeyValue(onlineapplication, null);
+
+ log.debug(
+ "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ...");
+
+ String serviceIdentifier = keyValueConfig.get(MOAIDConfigurationConstants.PREFIX_SERVICES);
+ if (MiscUtil.isEmpty(serviceIdentifier)) {
+ log.info("Use default ServiceIdentifier.");
+ serviceIdentifier = MOAIDConfigurationConstants.PREFIX_OA;
+ }
+
+ final String deleteServiceKey =
+ MOAIDConfigurationConstants.PREFIX_MOAID_SERVICES + "." + serviceIdentifier + "." + String.valueOf(
+ onlineapplication.getHjid()) + ".*";
+
+ configuration.getConfigModule().storeChanges(null, null, Arrays.asList(new String[] {
+ deleteServiceKey }));
+
+ log.info("MOA-ID Service Key/Value configuration successfull stored.");
+ return true;
+
+ } catch (final ConfigurationStorageException e) {
+ log.warn("MOAID Configuration can not be stored in Database", e);
+
}
-
- public String bkuFramePreview() {
- String preview = null;
+ return false;
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
- InputStream input = null;
+ }
- try {
- Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW);
- if (mapobj != null && mapobj instanceof Map<?, ?>) {
-
- ConfigurationProvider config = ConfigurationProvider.getInstance();
- String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR
- + ConfigurationProvider.HTMLTEMPLATE_FILE;
-
- File file = new File(new URI(templateURL));
- input = new FileInputStream(file);
-
- String contextpath = config.getMOAIDInstanceURL();
- if (MiscUtil.isEmpty(contextpath)) {
- log.info("NO MOA-ID instance URL configurated.");
- input.close();
- throw new ConfigurationException("No MOA-ID instance configurated");
-
- }
-
- //set parameters
- Map<String, Object> params = (Map<String, Object>) mapobj;
- params.put(
- AbstractServiceProviderSpecificGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT,
- contextpath);
-
- request.setCharacterEncoding("UTF-8");
- String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE);
- String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE);
-
- if (value != null) {
- String[] query = URLDecoder.decode(request.getQueryString()).split("&");
- value = query[1].substring("value=".length());
- }
+ public String bkuFramePreview() {
- synchronized (params) {
- if (MiscUtil.isNotEmpty(module)) {
- if (params.containsKey(module)) {
- if (MiscUtil.isNotEmpty(value)) {
- if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT.contains(module)
- || value.startsWith("#"))
- params.put(module, value);
- else
- params.put(module, "#" + value);
-
- } else {
- params.put(module, FormBuildUtils.getDefaultMap().get(module));
- }
- }
- }
- }
-
- //write preview
- VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
- VelocityContext context = new VelocityContext();
- Iterator<Entry<String, Object>> interator = params.entrySet().iterator();
- while (interator.hasNext()) {
- Entry<String, Object> el = interator.next();
- context.put(el.getKey(), el.getValue());
-
- }
- StringWriter writer = new StringWriter();
- engine.evaluate(context, writer, "BKUSelection_preview",
- new BufferedReader(new InputStreamReader(input)));
- stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8"));
+ String preview = null;
- } else {
- preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request);
+ try {
+ populateBasicInformations();
- }
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+ InputStream input = null;
+
+ try {
+ final Object mapobj = session.getAttribute(Constants.SESSION_BKUFORMPREVIEW);
+ if (mapobj != null && mapobj instanceof Map<?, ?>) {
+
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+ final String templateURL = config.getConfigRootDir() + ConfigurationProvider.HTMLTEMPLATE_DIR
+ + ConfigurationProvider.HTMLTEMPLATE_FILE;
- } catch (Exception e) {
- log.warn("BKUSelection Preview can not be generated.", e);
- preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request);
+ final File file = new File(new URI(templateURL));
+ input = new FileInputStream(file);
+
+ final String contextpath = config.getMOAIDInstanceURL();
+ if (MiscUtil.isEmpty(contextpath)) {
+ log.info("NO MOA-ID instance URL configurated.");
+ input.close();
+ throw new ConfigurationException("No MOA-ID instance configurated");
}
- if (stream == null && MiscUtil.isNotEmpty(preview)) {
- try {
- stream = new ByteArrayInputStream(preview.getBytes("UTF-8"));
-
- } catch (UnsupportedEncodingException e) {
- e.printStackTrace();
-
- }
+ // set parameters
+ final Map<String, Object> params = (Map<String, Object>) mapobj;
+ params.put(
+ AbstractGUIFormBuilderConfiguration.PARAM_AUTHCONTEXT,
+ contextpath);
+
+ request.setCharacterEncoding("UTF-8");
+ final String module = request.getParameter(Constants.REQUEST_FORMCUSTOM_MODULE);
+ String value = request.getParameter(Constants.REQUEST_FORMCUSTOM_VALUE);
+
+ if (value != null) {
+ final String[] query = URLDecoder.decode(request.getQueryString()).split("&");
+ value = query[1].substring("value=".length());
}
-
-
- return Constants.STRUTS_SUCCESS;
- }
-
-
- /**
- * @param oaidobj the oaidobj to set
- */
- public void setOaidobj(String oaidobj) {
- this.oaidobj = oaidobj;
- }
-
- /**
- * @return the newOA
- */
- public boolean isNewOA() {
- return newOA;
- }
- /**
- * @param newOA the newOA to set
- */
- public void setNewOA(boolean newOA) {
- this.newOA = newOA;
- }
-
- public OAGeneralConfig getGeneralOA() {
- return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName());
- }
+ synchronized (params) {
+ if (MiscUtil.isNotEmpty(module)) {
+ if (params.containsKey(module)) {
+ if (MiscUtil.isNotEmpty(value)) {
+ if (FormBuildUtils.PARAM_FONTFAMILY.contains(module) || FormBuildUtils.PARAM_HEADER_TEXT
+ .contains(module)
+ || value.startsWith("#")) {
+ params.put(module, value);
+ } else {
+ params.put(module, "#" + value);
+ }
- public void setGeneralOA(OAGeneralConfig generalOA) {
- formList.put(generalOA.getName(), generalOA);
- }
-
-
- public OAPVP2Config getPvp2OA() {
- return (OAPVP2Config) formList.get(new OAPVP2Config().getName());
- }
+ } else {
+ params.put(module, FormBuildUtils.getDefaultMap().get(module));
+ }
+ }
+ }
+ }
+
+ // write preview
+ final VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine();
+ final VelocityContext context = new VelocityContext();
+ final Iterator<Entry<String, Object>> interator = params.entrySet().iterator();
+ while (interator.hasNext()) {
+ final Entry<String, Object> el = interator.next();
+ context.put(el.getKey(), el.getValue());
+
+ }
+ final StringWriter writer = new StringWriter();
+ engine.evaluate(context, writer, "BKUSelection_preview",
+ new BufferedReader(new InputStreamReader(input)));
+ stream = new ByteArrayInputStream(writer.toString().getBytes("UTF-8"));
+
+ } else {
+ preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request);
+
+ }
+
+ } catch (final Exception e) {
+ log.warn("BKUSelection Preview can not be generated.", e);
+ preview = LanguageHelper.getErrorString("error.bkuformpreview.notpossible", request);
- public void setPvp2OA(OAPVP2Config pvp2oa) {
- formList.put(pvp2oa.getName(), pvp2oa);
}
- /**
- * @return the stream
- */
- public InputStream getStream() {
- return stream;
- }
+ if (stream == null && MiscUtil.isNotEmpty(preview)) {
+ try {
+ stream = new ByteArrayInputStream(preview.getBytes("UTF-8"));
+
+ } catch (final UnsupportedEncodingException e) {
+ e.printStackTrace();
+
+ }
+ }
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ /**
+ * @param oaidobj the oaidobj to set
+ */
+ public void setOaidobj(String oaidobj) {
+ this.oaidobj = oaidobj;
+ }
+
+ /**
+ * @return the newOA
+ */
+ public boolean isNewOA() {
+ return newOA;
+ }
+
+ /**
+ * @param newOA the newOA to set
+ */
+ public void setNewOA(boolean newOA) {
+ this.newOA = newOA;
+ }
+
+ public OAGeneralConfig getGeneralOA() {
+ return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName());
+ }
+
+ public void setGeneralOA(OAGeneralConfig generalOA) {
+ formList.put(generalOA.getName(), generalOA);
+ }
+
+ public OAPVP2Config getPvp2OA() {
+ return (OAPVP2Config) formList.get(new OAPVP2Config().getName());
+ }
+
+ public void setPvp2OA(OAPVP2Config pvp2oa) {
+ formList.put(pvp2oa.getName(), pvp2oa);
+ }
+
+ /**
+ * @return the stream
+ */
+ public InputStream getStream() {
+ return stream;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 8e057db0f..0992d7f1a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -30,7 +30,6 @@ import java.util.Map;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
import at.gv.egiz.components.configuration.meta.api.ConfigurationStorageException;
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
@@ -76,164 +75,160 @@ import at.gv.egovernment.moa.id.configuration.helper.StringHelper;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator;
import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
-
+@Slf4j
public class EditGeneralConfigAction extends BasicAction {
-
- private static final Logger log = Logger.getLogger(EditGeneralConfigAction.class);
- private static final long serialVersionUID = 1L;
-
- private GeneralMOAIDConfig moaconfig;
- private GeneralStorkConfig storkconfig;
-
- private String formID;
-
- public String loadConfig() {
- try {
- populateBasicInformations();
-
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- if (authUser.isAdmin()) {
-
-
- MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration();
-
- moaconfig = new GeneralMOAIDConfig();
- moaconfig.parse(dbconfig);
- if (moaconfig == null) {
- log.error("MOA configuration is null");
- }
- if (moaconfig.isMoaidMode()) {
- storkconfig = new GeneralStorkConfig();
- storkconfig.parse(dbconfig);
- if (storkconfig == null) {
- log.error("Stork configuration is null");
- }
- }
+ private static final long serialVersionUID = 1L;
+
+ private GeneralMOAIDConfig moaconfig;
+ private GeneralStorkConfig storkconfig;
+
+ private String formID;
+
+ public String loadConfig() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ if (authUser.isAdmin()) {
+
+ final MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration();
+
+ moaconfig = new GeneralMOAIDConfig();
+ moaconfig.parse(dbconfig);
+ if (moaconfig == null) {
+ log.error("MOA configuration is null");
+ }
+
+ if (moaconfig.isMoaidMode()) {
+ storkconfig = new GeneralStorkConfig();
+ storkconfig.parse(dbconfig);
+ if (storkconfig == null) {
+ log.error("Stork configuration is null");
+ }
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+ }
+
+ public String saveConfig() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ boolean isMoaidMode = false;
+ try {
+ isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
+ } catch (final ConfigurationException e) {
+ log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e);
+ }
+
+ if (authUser.isAdmin()) {
+
+ final MOAConfigValidator validator = new MOAConfigValidator();
+
+ final List<String> errors = validator.validate(moaconfig, request, isMoaidMode);
+
+ if (isMoaidMode) {
+ errors.addAll(new StorkConfigValidator().validate(storkconfig, request));
+ }
+
+ if (errors.size() > 0) {
+ log.info("General MOA-ID configuration has some errors.");
+ for (final String el : errors) {
+ addActionError(el);
+ }
+
+ if (moaconfig.getSecLayerTransformation() != null) {
+ session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation());
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ } else {
+ if (moaconfig.getSecLayerTransformation() == null &&
+ session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null &&
+ session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map<?, ?>) {
+ moaconfig.setSecLayerTransformation((Map<String, byte[]>) session.getAttribute(
+ Constants.SESSION_SLTRANSFORMATION));
+
+ }
+ }
+
+ final String error = saveFormToDatabase(isMoaidMode);
+ if (error != null) {
+ log.warn("General MOA-ID config can not be stored in Database");
+
+ // set new formID
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ addActionError(error);
+ return Constants.STRUTS_ERROR_VALIDATION;
+ }
+
+ session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null);
+
+ } else {
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request));
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ public String back() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ return Constants.STRUTS_SUCCESS;
+ }
-
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_SUCCESS;
-
- } else {
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
- }
-
- public String saveConfig() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- boolean isMoaidMode = false;
- try {
- isMoaidMode = ConfigurationProvider.getInstance().isMOAIDMode();
- } catch (ConfigurationException e) {
- log.warn("Can NOT load configuration. Set 'moaidmode' to 'false'", e);
- }
-
- if (authUser.isAdmin()) {
-
- MOAConfigValidator validator = new MOAConfigValidator();
-
- List<String> errors = validator.validate(moaconfig, request, isMoaidMode);
-
- if (isMoaidMode)
- errors.addAll(new StorkConfigValidator().validate(storkconfig, request));
-
- if (errors.size() > 0) {
- log.info("General MOA-ID configuration has some errors.");
- for (String el : errors)
- addActionError(el);
-
- if (moaconfig.getSecLayerTransformation() != null) {
- session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation());
- }
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_ERROR_VALIDATION;
-
- } else {
- if (moaconfig.getSecLayerTransformation() == null &&
- session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null &&
- session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map<?, ?> ) {
- moaconfig.setSecLayerTransformation((Map<String, byte[]>)
- session.getAttribute(Constants.SESSION_SLTRANSFORMATION));
-
- }
- }
-
- String error = saveFormToDatabase(isMoaidMode);
- if (error != null) {
- log.warn("General MOA-ID config can not be stored in Database");
-
- //set new formID
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- addActionError(error);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
-
- session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null);
-
- } else {
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
-
- addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- public String back() {
- try {
- populateBasicInformations();
-
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- return Constants.STRUTS_SUCCESS;
- }
-
- private String saveFormToDatabase(boolean isMoaidMode) {
-
- log.debug("Saving form to database");
+ private String saveFormToDatabase(boolean isMoaidMode) {
+
+ log.debug("Saving form to database");
// log.error("Saving form to db");
// log.info("SV frm db");
@@ -244,630 +239,649 @@ public class EditGeneralConfigAction extends BasicAction {
// log.error(" SES PARAM: " + obj.toString());
// }
- try {
- log.error(" ASSERTION " + moaconfig.getTimeoutAssertion());
- } catch (Exception ex) {
- ex.printStackTrace();
- }
-
- MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration();
- if (dbconfig == null)
- dbconfig = new MOAIDConfiguration();
-
-
- AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral();
- if (dbauth == null) {
- dbauth = new AuthComponentGeneral();
- dbconfig.setAuthComponentGeneral(dbauth);
- }
-
- GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration();
- if (dbauthgeneral == null) {
- dbauthgeneral = new GeneralConfiguration();
- dbauth.setGeneralConfiguration(dbauthgeneral);
- }
-
+ try {
+ log.error(" ASSERTION " + moaconfig.getTimeoutAssertion());
+ } catch (final Exception ex) {
+ ex.printStackTrace();
+ }
+
+ MOAIDConfiguration dbconfig = configuration.getDbRead().getMOAIDConfiguration();
+ if (dbconfig == null) {
+ dbconfig = new MOAIDConfiguration();
+ }
+
+ AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral();
+ if (dbauth == null) {
+ dbauth = new AuthComponentGeneral();
+ dbconfig.setAuthComponentGeneral(dbauth);
+ }
+
+ GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration();
+ if (dbauthgeneral == null) {
+ dbauthgeneral = new GeneralConfiguration();
+ dbauth.setGeneralConfiguration(dbauthgeneral);
+ }
+
// GeneralConfiguration oldauthgeneral = null;
// if (oldauth != null)
// oldauthgeneral = oldauth.getGeneralConfiguration();
-
- //set Public URL Prefix
- String pubURLPrefix = moaconfig.getPublicURLPrefix();
- if (moaconfig.isVirtualPublicURLPrefixEnabled()) {
- dbauthgeneral.setPublicURLPreFix(
- KeyValueUtils.normalizeCSVValueString(pubURLPrefix));
-
- } else {
- if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) {
- dbauthgeneral.setPublicURLPreFix(
- pubURLPrefix.trim().substring(0,
- pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER)));
-
- } else
- dbauthgeneral.setPublicURLPreFix(
- StringUtils.chomp(pubURLPrefix.trim()));
-
- }
-
- dbauthgeneral.setVirtualPublicURLPrefixEnabled(
- moaconfig.isVirtualPublicURLPrefixEnabled());
-
-
+
+ // set Public URL Prefix
+ final String pubURLPrefix = moaconfig.getPublicURLPrefix();
+ if (moaconfig.isVirtualPublicURLPrefixEnabled()) {
+ dbauthgeneral.setPublicURLPreFix(
+ KeyValueUtils.normalizeCSVValueString(pubURLPrefix));
+
+ } else {
+ if (pubURLPrefix.contains(KeyValueUtils.CSV_DELIMITER)) {
+ dbauthgeneral.setPublicURLPreFix(
+ pubURLPrefix.trim().substring(0,
+ pubURLPrefix.indexOf(KeyValueUtils.CSV_DELIMITER)));
+
+ } else {
+ dbauthgeneral.setPublicURLPreFix(
+ StringUtils.chomp(pubURLPrefix.trim()));
+ }
+
+ }
+
+ dbauthgeneral.setVirtualPublicURLPrefixEnabled(
+ moaconfig.isVirtualPublicURLPrefixEnabled());
+
// if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID()))
// dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID());
// else {
// if (oldauthgeneral != null)
// dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID());
// }
-
+
// if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory()))
// dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory());
-
- TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts();
- if (dbtimeouts == null) {
- dbtimeouts = new TimeOuts();
- dbauthgeneral.setTimeOuts(dbtimeouts);
- }
- if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion()))
- dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION));
- else
- dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion()));
-
- if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated()))
- dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED));
- else
- dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated()));
-
- if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated()))
- dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED));
- else
- dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated()));
-
- dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck());
-
-
-
- Protocols dbprotocols = dbauth.getProtocols();
- if (dbprotocols == null) {
- dbprotocols = new Protocols();
- dbauth.setProtocols(dbprotocols);
- }
- LegacyAllowed legprot = dbprotocols.getLegacyAllowed();
- if (legprot == null) {
- legprot = new LegacyAllowed();
- dbprotocols.setLegacyAllowed(legprot);
- }
-
- List<String> el = legprot.getProtocolName();
- if (el == null) {
- el = new ArrayList<String>();
- legprot.setProtocolName(el);
-
- }
-
- //Workaround for DB cleaning is only needed for one or the releases (insert in 2.1.1)
- if (el.size() > 2)
- el.clear();
-
- if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) {
- if (!moaconfig.isLegacy_pvp2())
- el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2);
-
- } else {
- if (moaconfig.isLegacy_pvp2())
- el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2);
- }
-
- if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) {
- if (!moaconfig.isLegacy_saml1())
- el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1);
-
- } else {
- if (moaconfig.isLegacy_saml1())
- el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1);
- }
-
- SAML1 saml1= dbprotocols.getSAML1();
- if (saml1 == null) {
- saml1 = new SAML1();
- dbprotocols.setSAML1(saml1);
- }
- saml1.setIsActive(moaconfig.isProtocolActiveSAML1());
-
- if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) {
- saml1.setSourceID(moaconfig.getSaml1SourceID());
-
- } else {
- if (MiscUtil.isNotEmpty(saml1.getSourceID()))
- saml1.setSourceID(moaconfig.getSaml1SourceID());
-
- }
-
-
- OAuth oauth= dbprotocols.getOAuth();
- if (oauth == null) {
- oauth = new OAuth();
- dbprotocols.setOAuth(oauth);
- }
-
- PVP2 pvp2 = dbprotocols.getPVP2();
- if (pvp2 == null) {
- pvp2 = new PVP2();
- dbprotocols.setPVP2(pvp2);
- }
-
- if (isMoaidMode) {
- oauth.setIsActive(moaconfig.isProtocolActiveOAuth());
- pvp2.setIsActive(moaconfig.isProtocolActivePVP21());
-
- }
-
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName()))
- pvp2.setIssuerName(moaconfig.getPvp2IssuerName());
+
+ TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts();
+ if (dbtimeouts == null) {
+ dbtimeouts = new TimeOuts();
+ dbauthgeneral.setTimeOuts(dbtimeouts);
+ }
+ if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) {
+ dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION));
+ } else {
+ dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion()));
+ }
+
+ if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) {
+ dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED));
+ } else {
+ dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated()));
+ }
+
+ if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) {
+ dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED));
+ } else {
+ dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated()));
+ }
+
+ dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck());
+
+ Protocols dbprotocols = dbauth.getProtocols();
+ if (dbprotocols == null) {
+ dbprotocols = new Protocols();
+ dbauth.setProtocols(dbprotocols);
+ }
+ LegacyAllowed legprot = dbprotocols.getLegacyAllowed();
+ if (legprot == null) {
+ legprot = new LegacyAllowed();
+ dbprotocols.setLegacyAllowed(legprot);
+ }
+
+ List<String> el = legprot.getProtocolName();
+ if (el == null) {
+ el = new ArrayList<>();
+ legprot.setProtocolName(el);
+
+ }
+
+ // Workaround for DB cleaning is only needed for one or the releases (insert in
+ // 2.1.1)
+ if (el.size() > 2) {
+ el.clear();
+ }
+
+ if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) {
+ if (!moaconfig.isLegacy_pvp2()) {
+ el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2);
+ }
+
+ } else {
+ if (moaconfig.isLegacy_pvp2()) {
+ el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2);
+ }
+ }
+
+ if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) {
+ if (!moaconfig.isLegacy_saml1()) {
+ el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1);
+ }
+
+ } else {
+ if (moaconfig.isLegacy_saml1()) {
+ el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1);
+ }
+ }
+
+ SAML1 saml1 = dbprotocols.getSAML1();
+ if (saml1 == null) {
+ saml1 = new SAML1();
+ dbprotocols.setSAML1(saml1);
+ }
+ saml1.setIsActive(moaconfig.isProtocolActiveSAML1());
+
+ if (MiscUtil.isNotEmpty(moaconfig.getSaml1SourceID())) {
+ saml1.setSourceID(moaconfig.getSaml1SourceID());
+
+ } else {
+ if (MiscUtil.isNotEmpty(saml1.getSourceID())) {
+ saml1.setSourceID(moaconfig.getSaml1SourceID());
+ }
+
+ }
+
+ OAuth oauth = dbprotocols.getOAuth();
+ if (oauth == null) {
+ oauth = new OAuth();
+ dbprotocols.setOAuth(oauth);
+ }
+
+ PVP2 pvp2 = dbprotocols.getPVP2();
+ if (pvp2 == null) {
+ pvp2 = new PVP2();
+ dbprotocols.setPVP2(pvp2);
+ }
+
+ if (isMoaidMode) {
+ oauth.setIsActive(moaconfig.isProtocolActiveOAuth());
+ pvp2.setIsActive(moaconfig.isProtocolActivePVP21());
+
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) {
+ pvp2.setIssuerName(moaconfig.getPvp2IssuerName());
// if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix()))
// pvp2.setPublicURLPrefix(moaconfig.getPvp2PublicUrlPrefix());
-
- Organization pvp2org = pvp2.getOrganization();
- if (pvp2org == null) {
- pvp2org = new Organization();
- pvp2.setOrganization(pvp2org);
- }
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName()))
- pvp2org.setDisplayName(StringHelper.getUTF8String(
- moaconfig.getPvp2OrgDisplayName()));
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName()))
- pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName()));
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL()))
- pvp2org.setURL(moaconfig.getPvp2OrgURL());
-
- List<Contact> pvp2cont = pvp2.getContact();
- if (pvp2cont == null) {
- pvp2cont = new ArrayList<Contact>();
- pvp2.setContact(pvp2cont);
- }
-
- if (pvp2cont.size() == 0) {
- Contact cont = new Contact();
- pvp2cont.add(cont);
- }
-
- Contact cont = pvp2cont.get(0);
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany()))
- cont.setCompany(StringHelper.getUTF8String(
- moaconfig.getPvp2Contact().getCompany()));
-
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname()))
- cont.setGivenName(StringHelper.getUTF8String(
- moaconfig.getPvp2Contact().getGivenname()));
-
- if (cont.getMail() != null && cont.getMail().size() > 0)
- cont.getMail().set(0, moaconfig.getPvp2Contact().getMail());
- else
- cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail()));
-
- if (cont.getPhone() != null && cont.getPhone().size() > 0)
- cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone());
- else
- cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone()));
-
- cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname()));
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType()))
- cont.setType(moaconfig.getPvp2Contact().getType());
-
-
- ChainingModes dbchainingmodes = dbconfig.getChainingModes();
- if (dbchainingmodes == null) {
- dbchainingmodes = new ChainingModes();
- dbconfig.setChainingModes(dbchainingmodes);
- }
-
- dbchainingmodes.setSystemDefaultMode(
- ChainingModeType.fromValue("pkix"));
-
-
- if (isMoaidMode) {
- SSO dbsso = dbauth.getSSO();
- if (dbsso == null) {
- dbsso = new SSO();
- dbauth.setSSO(dbsso);
- }
-
- if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName()))
- dbsso.setFriendlyName(StringHelper.getUTF8String(
- moaconfig.getSsoFriendlyName()));
- if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText()))
- dbsso.setSpecialText(StringHelper.getUTF8String(
- moaconfig.getSsoSpecialText()));
- // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl()))
- // dbsso.setPublicURL(moaconfig.getSsoPublicUrl());
-
- if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) {
-
- if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) {
- String num = moaconfig.getSsoTarget().replaceAll(" ", "");
- String pre = null;
- if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
-
- num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
- pre = Constants.IDENIFICATIONTYPE_FN;
- }
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) {
- num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
- pre = Constants.IDENIFICATIONTYPE_ZVR;
- }
-
- if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)){
- num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
- pre = Constants.IDENIFICATIONTYPE_ERSB;
- }
-
- dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num);
-
- } else {
- dbsso.setTarget(moaconfig.getSsoTarget());
-
- }
- }
- // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) {
- // IdentificationNumber ssoid = dbsso.getIdentificationNumber();
- // if (ssoid == null) {
- // ssoid = new IdentificationNumber();
- // dbsso.setIdentificationNumber(ssoid);
- // }
- // ssoid.setValue(moaconfig.getSsoIdentificationNumber());
- // }
-
- DefaultBKUs dbbkus = dbconfig.getDefaultBKUs();
-
- if (dbbkus == null) {
- dbbkus = new DefaultBKUs();
- dbconfig.setDefaultBKUs(dbbkus);
- }
-
- if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy()))
- dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy());
- else
- dbbkus.setHandyBKU(new String());
-
- if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline()))
- dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline());
- else
- dbbkus.setOnlineBKU(new String());
-
- if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal()))
- dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal());
- else
- dbbkus.setLocalBKU(new String());
-
-
-
- IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners();
- if (idlsigners == null) {
- idlsigners = new IdentityLinkSigners();
- dbauth.setIdentityLinkSigners(idlsigners);
- }
-
- ForeignIdentities dbforeign = dbauth.getForeignIdentities();
- if (dbforeign == null) {
- dbforeign = new ForeignIdentities();
- dbauth.setForeignIdentities(dbforeign);
- }
-
- if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) {
- ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter();
- if (forcon == null) {
- forcon = new ConnectionParameterClientAuthType();
- dbforeign.setConnectionParameter(forcon);
- }
-
- if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL()))
- forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL()));
-
- else {
- if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER))
- forcon.setURL(
- moaconfig.getSzrgwURL().trim().substring(0,
- moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
-
- else
- forcon.setURL(
- StringUtils.chomp(moaconfig.getSzrgwURL().trim()));
-
- }
-
- }
-
- ForeignIdentities foreign = dbauth.getForeignIdentities();
- if (foreign != null) {
- STORK stork = foreign.getSTORK();
- if (stork == null) {
- stork = new STORK();
- foreign.setSTORK(stork);
-
- }
-
- try {
- log.error("QAAAA " + storkconfig.getDefaultQaa());
- stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
-
- if (storkconfig.getAttributes() != null) {
- List<StorkAttribute> dbStorkAttr = new ArrayList<StorkAttribute>();
- stork.setAttributes(dbStorkAttr);
-
-
- for (StorkAttribute attr : storkconfig.getAttributes()) {
- if (attr != null && MiscUtil.isNotEmpty(attr.getName()))
- dbStorkAttr.add(attr);
-
- else
- log.info("Remove null or empty STORK attribute");
- }
-
- } else
- stork.setAttributes((List<StorkAttribute>) (new ArrayList<StorkAttribute>()));
-
- if (storkconfig.getCpepslist() != null) {
- List<CPEPS> dbStorkCPEPS = new ArrayList<CPEPS>();
- stork.setCPEPS(dbStorkCPEPS);
-
- for (CPEPS cpeps : storkconfig.getCpepslist()) {
- if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) &&
- MiscUtil.isNotEmpty(cpeps.getCountryCode())) {
-
- if (cpeps.getCountryCode().equals("CC") &&
- cpeps.getURL().equals("http://"))
- log.info("Remove dummy STORK CPEPS entry.");
-
- else
- dbStorkCPEPS.add(cpeps);
-
- } else
- log.info("Remove null or emtpy STORK CPEPS configuration");
- }
-
- } else
- stork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>()));
-
- } catch (Exception e) {
- e.printStackTrace();
-
- }
-
- try{
- log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() );
- log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL());
-
- } catch (Exception ex) {
- log.info("CPEPS LIST is null");
-
- }
- }
-
- //write MIS Mandate-Service URLs
- if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) {
- OnlineMandates dbmandate = dbauth.getOnlineMandates();
- if (dbmandate == null) {
- dbmandate = new OnlineMandates();
- dbauth.setOnlineMandates(dbmandate);
- }
- ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter();
-
- if (dbmandateconnection == null) {
- dbmandateconnection = new ConnectionParameterClientAuthType();
- dbmandate.setConnectionParameter(dbmandateconnection);
- }
-
- if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL()))
- dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL()));
-
- else {
- if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER))
- dbmandateconnection.setURL(
- moaconfig.getMandateURL().trim().substring(0,
- moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
-
- else
- dbmandateconnection.setURL(
- StringUtils.chomp(moaconfig.getMandateURL().trim()));
-
- }
- }
-
- //write ELGA Mandate-Service URLs
- if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) {
- if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL()))
- dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getElgaMandateServiceURL()));
-
- else {
- if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER))
- dbconfig.setElgaMandateServiceURLs(
- moaconfig.getElgaMandateServiceURL().trim().substring(0,
- moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
-
- else
- dbconfig.setElgaMandateServiceURLs(
- StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim()));
-
- }
- } else
- dbconfig.setElgaMandateServiceURLs(null);
- }
-
-
- //write E-ID System URLs
- if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) {
- if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL()))
- dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig.getEidSystemServiceURL()));
-
- else {
- if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER))
- dbconfig.setEidSystemServiceURLs(
- moaconfig.getEidSystemServiceURL().trim().substring(0,
- moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
-
- else
- dbconfig.setEidSystemServiceURLs(
- StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim()));
-
- }
-
- } else
- dbconfig.setEidSystemServiceURLs(null);
-
-
- if (isMoaidMode) {
- MOASP dbmoasp = dbauth.getMOASP();
- if (dbmoasp == null) {
- dbmoasp = new MOASP();
- dbauth.setMOASP(dbmoasp);
- }
- if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) {
- ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter();
- if (moaspcon == null) {
- moaspcon = new ConnectionParameterClientAuthType();
- dbmoasp.setConnectionParameter(moaspcon);
- }
- moaspcon.setURL(moaconfig.getMoaspssURL());
- }
- VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink();
- if (moaidl == null) {
- moaidl = new VerifyIdentityLink();
- dbmoasp.setVerifyIdentityLink(moaidl);
- }
- moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile());
- moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest());
-
- VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock();
- if (moaauth == null) {
- moaauth = new VerifyAuthBlock();
- dbmoasp.setVerifyAuthBlock(moaauth);
- }
- moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile());
- moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest());
-
- if (moaauth.getVerifyTransformsInfoProfileID() != null &&
- moaauth.getVerifyTransformsInfoProfileID().size() > 0)
- moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0));
-
- else {
- if (moaauth.getVerifyTransformsInfoProfileID() == null) {
- moaauth.setVerifyTransformsInfoProfileID(new ArrayList<String>());
-
- }
- moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0));
- }
-
- SecurityLayer seclayertrans = dbauth.getSecurityLayer();
- if (seclayertrans == null) {
- seclayertrans = new SecurityLayer();
- dbauth.setSecurityLayer(seclayertrans);
- }
- List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>();
- Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation();
- if (moatrans != null) {
- Set<String> keys = moatrans.keySet();
- for (String key : keys) {
- TransformsInfoType elem = new TransformsInfoType();
- elem.setFilename(key);
- elem.setTransformation(moatrans.get(key));
- trans.add(elem);
- }
- }
- if (trans.size() > 0)
- seclayertrans.setTransformsInfo(trans);
-
-
- SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates();
- if (slrequesttempl == null) {
- slrequesttempl = new SLRequestTemplates();
- dbconfig.setSLRequestTemplates(slrequesttempl);
- }
- if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy()))
- slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy());
- if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal()))
- slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal());
- if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline()))
- slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline());
-
- }
-
- if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts()))
- dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts());
-
- //save config
- try {
- log.debug("JaxB to Key/Value configuration transformation started ...");
- Map<String, String> keyValueConfig =
- ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig);
-
- log.debug("JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ...");
-
- configuration.getConfigModule().storeChanges(keyValueConfig, null, null);
-
- log.info("General MOA-ID Key/Value configuration successfull stored.");
-
-
- } catch (ConfigurationStorageException e) {
- log.warn("MOAID Configuration can not be stored in Database", e);
- return LanguageHelper.getErrorString("error.db.oa.store", request);
-
- } finally {
-
-
- }
-
- return null;
- }
-
- /**
- * @return the moaconfig
- */
- public GeneralMOAIDConfig getMoaconfig() {
- return moaconfig;
- }
-
- /**
- * @param moaconfig the moaconfig to set
- */
- public void setMoaconfig(GeneralMOAIDConfig moaconfig) {
- this.moaconfig = moaconfig;
- }
-
- /**
- * Gets the storkconfig.
- *
- * @return the storkconfig
- */
- public GeneralStorkConfig getStorkconfig() {
- return storkconfig;
- }
-
- /**
- * Sets the storkconfig.
- *
- * @param storkconfig the new storkconfig
- */
- public void setStorkconfig(GeneralStorkConfig storkconfig) {
- this.storkconfig = storkconfig;
- }
-
- /**
- * @return the formID
- */
- public String getFormID() {
- return formID;
- }
-
- /**
- * @param formID the formID to set
- */
- public void setFormID(String formID) {
- this.formID = formID;
- }
-
-
-
+ }
+
+ Organization pvp2org = pvp2.getOrganization();
+ if (pvp2org == null) {
+ pvp2org = new Organization();
+ pvp2.setOrganization(pvp2org);
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) {
+ pvp2org.setDisplayName(StringHelper.getUTF8String(
+ moaconfig.getPvp2OrgDisplayName()));
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) {
+ pvp2org.setName(StringHelper.getUTF8String(moaconfig.getPvp2OrgName()));
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) {
+ pvp2org.setURL(moaconfig.getPvp2OrgURL());
+ }
+
+ List<Contact> pvp2cont = pvp2.getContact();
+ if (pvp2cont == null) {
+ pvp2cont = new ArrayList<>();
+ pvp2.setContact(pvp2cont);
+ }
+
+ if (pvp2cont.size() == 0) {
+ final Contact cont = new Contact();
+ pvp2cont.add(cont);
+ }
+
+ final Contact cont = pvp2cont.get(0);
+ if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) {
+ cont.setCompany(StringHelper.getUTF8String(
+ moaconfig.getPvp2Contact().getCompany()));
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) {
+ cont.setGivenName(StringHelper.getUTF8String(
+ moaconfig.getPvp2Contact().getGivenname()));
+ }
+
+ if (cont.getMail() != null && cont.getMail().size() > 0) {
+ cont.getMail().set(0, moaconfig.getPvp2Contact().getMail());
+ } else {
+ cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail()));
+ }
+
+ if (cont.getPhone() != null && cont.getPhone().size() > 0) {
+ cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone());
+ } else {
+ cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone()));
+ }
+
+ cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname()));
+ if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) {
+ cont.setType(moaconfig.getPvp2Contact().getType());
+ }
+
+ ChainingModes dbchainingmodes = dbconfig.getChainingModes();
+ if (dbchainingmodes == null) {
+ dbchainingmodes = new ChainingModes();
+ dbconfig.setChainingModes(dbchainingmodes);
+ }
+
+ dbchainingmodes.setSystemDefaultMode(
+ ChainingModeType.fromValue("pkix"));
+
+ if (isMoaidMode) {
+ SSO dbsso = dbauth.getSSO();
+ if (dbsso == null) {
+ dbsso = new SSO();
+ dbauth.setSSO(dbsso);
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) {
+ dbsso.setFriendlyName(StringHelper.getUTF8String(
+ moaconfig.getSsoFriendlyName()));
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) {
+ dbsso.setSpecialText(StringHelper.getUTF8String(
+ moaconfig.getSsoSpecialText()));
+ // if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl()))
+ // dbsso.setPublicURL(moaconfig.getSsoPublicUrl());
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) {
+
+ if (!ValidationHelper.isValidAdminTarget(moaconfig.getSsoTarget())) {
+ String num = moaconfig.getSsoTarget().replaceAll(" ", "");
+ String pre = null;
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_FN.length());
+
+ num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num);
+ pre = Constants.IDENIFICATIONTYPE_FN;
+ }
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length());
+ pre = Constants.IDENIFICATIONTYPE_ZVR;
+ }
+
+ if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) {
+ num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length());
+ pre = Constants.IDENIFICATIONTYPE_ERSB;
+ }
+
+ dbsso.setTarget(Constants.PREFIX_WPBK + pre + "+" + num);
+
+ } else {
+ dbsso.setTarget(moaconfig.getSsoTarget());
+
+ }
+ }
+ // if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) {
+ // IdentificationNumber ssoid = dbsso.getIdentificationNumber();
+ // if (ssoid == null) {
+ // ssoid = new IdentificationNumber();
+ // dbsso.setIdentificationNumber(ssoid);
+ // }
+ // ssoid.setValue(moaconfig.getSsoIdentificationNumber());
+ // }
+
+ DefaultBKUs dbbkus = dbconfig.getDefaultBKUs();
+
+ if (dbbkus == null) {
+ dbbkus = new DefaultBKUs();
+ dbconfig.setDefaultBKUs(dbbkus);
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) {
+ dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy());
+ } else {
+ dbbkus.setHandyBKU(new String());
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) {
+ dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline());
+ } else {
+ dbbkus.setOnlineBKU(new String());
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) {
+ dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal());
+ } else {
+ dbbkus.setLocalBKU(new String());
+ }
+
+ IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners();
+ if (idlsigners == null) {
+ idlsigners = new IdentityLinkSigners();
+ dbauth.setIdentityLinkSigners(idlsigners);
+ }
+
+ ForeignIdentities dbforeign = dbauth.getForeignIdentities();
+ if (dbforeign == null) {
+ dbforeign = new ForeignIdentities();
+ dbauth.setForeignIdentities(dbforeign);
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) {
+ ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter();
+ if (forcon == null) {
+ forcon = new ConnectionParameterClientAuthType();
+ dbforeign.setConnectionParameter(forcon);
+ }
+
+ if (KeyValueUtils.isCSVValueString(moaconfig.getSzrgwURL())) {
+ forcon.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getSzrgwURL()));
+ } else {
+ if (moaconfig.getSzrgwURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ forcon.setURL(
+ moaconfig.getSzrgwURL().trim().substring(0,
+ moaconfig.getSzrgwURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+ } else {
+ forcon.setURL(
+ StringUtils.chomp(moaconfig.getSzrgwURL().trim()));
+ }
+
+ }
+
+ }
+
+ final ForeignIdentities foreign = dbauth.getForeignIdentities();
+ if (foreign != null) {
+ STORK stork = foreign.getSTORK();
+ if (stork == null) {
+ stork = new STORK();
+ foreign.setSTORK(stork);
+
+ }
+
+ try {
+ log.error("QAAAA " + storkconfig.getDefaultQaa());
+ stork.setGeneral_eIDAS_LOA(storkconfig.getDefaultQaa());
+
+ if (storkconfig.getAttributes() != null) {
+ final List<StorkAttribute> dbStorkAttr = new ArrayList<>();
+ stork.setAttributes(dbStorkAttr);
+
+ for (final StorkAttribute attr : storkconfig.getAttributes()) {
+ if (attr != null && MiscUtil.isNotEmpty(attr.getName())) {
+ dbStorkAttr.add(attr);
+ } else {
+ log.info("Remove null or empty STORK attribute");
+ }
+ }
+
+ } else {
+ stork.setAttributes(new ArrayList<StorkAttribute>());
+ }
+
+ if (storkconfig.getCpepslist() != null) {
+ final List<CPEPS> dbStorkCPEPS = new ArrayList<>();
+ stork.setCPEPS(dbStorkCPEPS);
+
+ for (final CPEPS cpeps : storkconfig.getCpepslist()) {
+ if (cpeps != null && MiscUtil.isNotEmpty(cpeps.getURL()) &&
+ MiscUtil.isNotEmpty(cpeps.getCountryCode())) {
+
+ if (cpeps.getCountryCode().equals("CC") &&
+ cpeps.getURL().equals("http://")) {
+ log.info("Remove dummy STORK CPEPS entry.");
+ } else {
+ dbStorkCPEPS.add(cpeps);
+ }
+
+ } else {
+ log.info("Remove null or emtpy STORK CPEPS configuration");
+ }
+ }
+
+ } else {
+ stork.setCPEPS(new ArrayList<CPEPS>());
+ }
+
+ } catch (final Exception e) {
+ e.printStackTrace();
+
+ }
+
+ try {
+ log.info("CPEPS LIST: " + storkconfig.getCpepslist().size());
+ log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() + storkconfig
+ .getCpepslist().get(0).getURL());
+
+ } catch (final Exception ex) {
+ log.info("CPEPS LIST is null");
+
+ }
+ }
+
+ // write MIS Mandate-Service URLs
+ if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) {
+ OnlineMandates dbmandate = dbauth.getOnlineMandates();
+ if (dbmandate == null) {
+ dbmandate = new OnlineMandates();
+ dbauth.setOnlineMandates(dbmandate);
+ }
+ ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter();
+
+ if (dbmandateconnection == null) {
+ dbmandateconnection = new ConnectionParameterClientAuthType();
+ dbmandate.setConnectionParameter(dbmandateconnection);
+ }
+
+ if (KeyValueUtils.isCSVValueString(moaconfig.getMandateURL())) {
+ dbmandateconnection.setURL(KeyValueUtils.normalizeCSVValueString(moaconfig.getMandateURL()));
+ } else {
+ if (moaconfig.getMandateURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ dbmandateconnection.setURL(
+ moaconfig.getMandateURL().trim().substring(0,
+ moaconfig.getMandateURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+ } else {
+ dbmandateconnection.setURL(
+ StringUtils.chomp(moaconfig.getMandateURL().trim()));
+ }
+
+ }
+ }
+
+ // write ELGA Mandate-Service URLs
+ if (MiscUtil.isNotEmpty(moaconfig.getElgaMandateServiceURL())) {
+ if (KeyValueUtils.isCSVValueString(moaconfig.getElgaMandateServiceURL())) {
+ dbconfig.setElgaMandateServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig
+ .getElgaMandateServiceURL()));
+ } else {
+ if (moaconfig.getElgaMandateServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ dbconfig.setElgaMandateServiceURLs(
+ moaconfig.getElgaMandateServiceURL().trim().substring(0,
+ moaconfig.getElgaMandateServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+ } else {
+ dbconfig.setElgaMandateServiceURLs(
+ StringUtils.chomp(moaconfig.getElgaMandateServiceURL().trim()));
+ }
+
+ }
+ } else {
+ dbconfig.setElgaMandateServiceURLs(null);
+ }
+ }
+
+ // write E-ID System URLs
+ if (MiscUtil.isNotEmpty(moaconfig.getEidSystemServiceURL())) {
+ if (KeyValueUtils.isCSVValueString(moaconfig.getEidSystemServiceURL())) {
+ dbconfig.setEidSystemServiceURLs(KeyValueUtils.normalizeCSVValueString(moaconfig
+ .getEidSystemServiceURL()));
+ } else {
+ if (moaconfig.getEidSystemServiceURL().contains(KeyValueUtils.CSV_DELIMITER)) {
+ dbconfig.setEidSystemServiceURLs(
+ moaconfig.getEidSystemServiceURL().trim().substring(0,
+ moaconfig.getEidSystemServiceURL().indexOf(KeyValueUtils.CSV_DELIMITER)));
+ } else {
+ dbconfig.setEidSystemServiceURLs(
+ StringUtils.chomp(moaconfig.getEidSystemServiceURL().trim()));
+ }
+
+ }
+
+ } else {
+ dbconfig.setEidSystemServiceURLs(null);
+ }
+
+ if (isMoaidMode) {
+ MOASP dbmoasp = dbauth.getMOASP();
+ if (dbmoasp == null) {
+ dbmoasp = new MOASP();
+ dbauth.setMOASP(dbmoasp);
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) {
+ ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter();
+ if (moaspcon == null) {
+ moaspcon = new ConnectionParameterClientAuthType();
+ dbmoasp.setConnectionParameter(moaspcon);
+ }
+ moaspcon.setURL(moaconfig.getMoaspssURL());
+ }
+ VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink();
+ if (moaidl == null) {
+ moaidl = new VerifyIdentityLink();
+ dbmoasp.setVerifyIdentityLink(moaidl);
+ }
+ moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile());
+ moaidl.setTestTrustProfileID(moaconfig.getMoaspssIdlTrustProfileTest());
+
+ VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock();
+ if (moaauth == null) {
+ moaauth = new VerifyAuthBlock();
+ dbmoasp.setVerifyAuthBlock(moaauth);
+ }
+ moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile());
+ moaauth.setTestTrustProfileID(moaconfig.getMoaspssAuthTrustProfileTest());
+
+ if (moaauth.getVerifyTransformsInfoProfileID() != null &&
+ moaauth.getVerifyTransformsInfoProfileID().size() > 0) {
+ moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0));
+ } else {
+ if (moaauth.getVerifyTransformsInfoProfileID() == null) {
+ moaauth.setVerifyTransformsInfoProfileID(new ArrayList<String>());
+
+ }
+ moaauth.getVerifyTransformsInfoProfileID().add(moaconfig.getAuthTransformList().get(0));
+ }
+
+ SecurityLayer seclayertrans = dbauth.getSecurityLayer();
+ if (seclayertrans == null) {
+ seclayertrans = new SecurityLayer();
+ dbauth.setSecurityLayer(seclayertrans);
+ }
+ final List<TransformsInfoType> trans = new ArrayList<>();
+ final Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation();
+ if (moatrans != null) {
+ final Set<String> keys = moatrans.keySet();
+ for (final String key : keys) {
+ final TransformsInfoType elem = new TransformsInfoType();
+ elem.setFilename(key);
+ elem.setTransformation(moatrans.get(key));
+ trans.add(elem);
+ }
+ }
+ if (trans.size() > 0) {
+ seclayertrans.setTransformsInfo(trans);
+ }
+
+ SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates();
+ if (slrequesttempl == null) {
+ slrequesttempl = new SLRequestTemplates();
+ dbconfig.setSLRequestTemplates(slrequesttempl);
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) {
+ slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy());
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) {
+ slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal());
+ }
+ if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) {
+ slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline());
+ }
+
+ }
+
+ if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) {
+ dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts());
+ }
+
+ // save config
+ try {
+ log.debug("JaxB to Key/Value configuration transformation started ...");
+ final Map<String, String> keyValueConfig =
+ ConfigurationMigrationUtils.convertHyberJaxBMOAIDConfigToKeyValue(dbconfig);
+
+ log.debug(
+ "JaxB to Key/Value configuration transformation finished. Start Key/Value storage process ...");
+
+ configuration.getConfigModule().storeChanges(keyValueConfig, null, null);
+
+ log.info("General MOA-ID Key/Value configuration successfull stored.");
+
+ } catch (final ConfigurationStorageException e) {
+ log.warn("MOAID Configuration can not be stored in Database", e);
+ return LanguageHelper.getErrorString("error.db.oa.store", request);
+
+ } finally {
+
+ }
+
+ return null;
+ }
+
+ /**
+ * @return the moaconfig
+ */
+ public GeneralMOAIDConfig getMoaconfig() {
+ return moaconfig;
+ }
+
+ /**
+ * @param moaconfig the moaconfig to set
+ */
+ public void setMoaconfig(GeneralMOAIDConfig moaconfig) {
+ this.moaconfig = moaconfig;
+ }
+
+ /**
+ * Gets the storkconfig.
+ *
+ * @return the storkconfig
+ */
+ public GeneralStorkConfig getStorkconfig() {
+ return storkconfig;
+ }
+
+ /**
+ * Sets the storkconfig.
+ *
+ * @param storkconfig the new storkconfig
+ */
+ public void setStorkconfig(GeneralStorkConfig storkconfig) {
+ this.storkconfig = storkconfig;
+ }
+
+ /**
+ * @return the formID
+ */
+ @Override
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ @Override
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 31126d14f..1ad6e7d6b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -27,8 +27,6 @@ import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import org.apache.log4j.Logger;
-
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
@@ -53,505 +51,512 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class EditOAAction extends BasicOAAction {
- private final Logger log = Logger.getLogger(EditOAAction.class);
- private static final long serialVersionUID = 1L;
-
- private String nextPage;
-
- public EditOAAction() {
- super();
-
- OATargetConfiguration oaTarget = new OATargetConfiguration();
- formList.put(oaTarget.getName(), oaTarget);
-
- OAAuthenticationData authOA = new OAAuthenticationData();
- formList.put(authOA.getName(), authOA);
-
- OASAML1Config saml1OA = new OASAML1Config();
- formList.put(saml1OA.getName(), saml1OA);
-
- if (isMoaidMode) {
- OABPKEncryption bPKEncDec = new OABPKEncryption();
- formList.put(bPKEncDec.getName(), bPKEncDec);
-
- OASSOConfig ssoOA = new OASSOConfig();
- formList.put(ssoOA.getName(), ssoOA);
-
- OAPVP2Config pvp2OA = new OAPVP2Config();
- formList.put(pvp2OA.getName(), pvp2OA);
-
- OAOAuth20Config oauth20OA = new OAOAuth20Config();
- formList.put(oauth20OA.getName(), oauth20OA);
-
- OASTORKConfig storkOA = new OASTORKConfig();
- formList.put(storkOA.getName(), storkOA);
-
- Map<String, String> map = new HashMap<String, String>();
- map.putAll(FormBuildUtils.getDefaultMap());
- FormularCustomization formOA = new FormularCustomization(map);
- formList.put(formOA.getName(), formOA);
-
- OARevisionsLogData revisOA = new OARevisionsLogData();
- formList.put(revisOA.getName(), revisOA);
- }
-
- }
-
- // STRUTS actions
- public String inital() {
- try {
- populateBasicInformations();
-
- OnlineApplication onlineapplication = populateOnlineApplicationFromRequest();
-
- if (onlineapplication == null) {
- addActionError(LanguageHelper.getErrorString(
- "errors.listOAs.noOA", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- List<String> errors = new ArrayList<String>();
- for (IOnlineApplicationData form : formList.values()) {
- List<String> error = form.parse(onlineapplication, authUser,
- request);
- if (error != null)
- errors.addAll(error);
- }
- if (errors.size() > 0) {
- for (String el : errors)
- addActionError(el);
- }
-
- setNewOA(false);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- session.setAttribute(Constants.SESSION_OAID, oaid);
-
- return Constants.STRUTS_OA_EDIT;
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } catch (BasicOAActionException e) {
- addActionError(e.getStrutsError());
- return e.getStrutsReturnValue();
-
- } finally {
-
- }
- }
-
- public String newOA() {
- log.debug("insert new Online-Application");
-
- try {
- populateBasicInformations();
-
- populateBasicNewOnlineApplicationInformation();
-
- // prepare attribute helper list
- ArrayList<AttributeHelper> attributes = new ArrayList<AttributeHelper>();
-
- try {
- for (StorkAttribute current : configuration.getDbRead()
- .getMOAIDConfiguration().getAuthComponentGeneral()
- .getForeignIdentities().getSTORK().getAttributes())
- attributes.add(new AttributeHelper(current));
-
-
- } catch (NullPointerException e) {
-
- }
-
- if (getStorkOA() != null)
- getStorkOA().setHelperAttributes(attributes);
-
- UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser
- .getUserID());
-
- if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null
- && !userdb.isIsMailAddressVerified()) {
- log.info("Online-Applikation managemant disabled. Mail address is not verified.");
- addActionError(LanguageHelper.getErrorString(
- "error.editoa.mailverification", request));
- return Constants.STRUTS_SUCCESS;
- }
-
- if (formList.get(new OAOAuth20Config().getName()) != null)
- session.setAttribute(
- Constants.SESSION_OAUTH20SECRET,
- ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName()))
- .getClientSecret());
-
- if (getFormOA() != null)
- session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap());
-
-
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
-
- return Constants.STRUTS_OA_EDIT;
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } finally {
-
- }
- }
-
- public String saveOA() {
-
- OnlineApplication onlineapplication = null;
-
- try {
- populateBasicInformations();
- onlineapplication = preProcessSaveOnlineApplication();
-
- List<String> errors = new ArrayList<String>();
-
- // validate forms
- for (IOnlineApplicationData form : formList.values())
- errors.addAll(form.validate(getGeneralOA(), authUser, request));
-
- // Do not allow SSO in combination with special BKUSelection features
- if (getSsoOA() != null && getSsoOA().isUseSSO()
- && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA()
- .isShowMandateLoginButton())) {
- log.warn("Special BKUSelection features can not be used in combination with SSO");
- errors.add(LanguageHelper.getErrorString(
- "validation.general.bkuselection.specialfeatures.valid",
- request));
- }
-
- if (errors.size() > 0) {
- log.info("OAConfiguration with ID "
- + getGeneralOA().getIdentifier() + " has some errors.");
- for (String el : errors)
- addActionError(el);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- } else {
- try {
- onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true);
-
- } catch (BasicOAActionException e) {
- addActionError(e.getStrutsError());
- return e.getStrutsReturnValue();
- }
-
- }
-
- Object nextPageAttr = session
- .getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String) {
- nextPage = (String) nextPageAttr;
- session.setAttribute(Constants.SESSION_RETURNAREA, null);
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- }
-
- if (onlineapplication.isIsAdminRequired()) {
- int numoas = 0;
- int numusers = 0;
-
- List<OnlineApplication> openOAs = configuration.getDbRead()
- .getAllNewOnlineApplications();
- if (openOAs != null)
- numoas = openOAs.size();
-
- List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers();
- if (openUsers != null)
- numusers = openUsers.size();
- try {
-
- addActionMessage(LanguageHelper.getGUIString(
- "webpages.oaconfig.success.admin", getGeneralOA()
- .getIdentifier(), request));
-
- if (numusers > 0 || numoas > 0)
- MailHelper.sendAdminMail(numoas, numusers);
-
- } catch (ConfigurationException e) {
- log.warn("Sending Mail to Admin failed.", e);
- }
-
- } else
- addActionMessage(LanguageHelper.getGUIString(
- "webpages.oaconfig.success",
- getGeneralOA().getIdentifier(), request));
-
- // remove session attributes
- session.setAttribute(Constants.SESSION_OAID, null);
- session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
- session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE);
-
- return Constants.STRUTS_SUCCESS;
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } catch (BasicOAActionException e) {
- addActionError(e.getStrutsError());
- return e.getStrutsReturnValue();
-
- } finally {
-
- }
- }
-
- public String cancleAndBackOA() {
- try {
- populateBasicInformations();
-
- Object nextPageAttr = session
- .getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String) {
- nextPage = (String) nextPageAttr;
- session.setAttribute(Constants.SESSION_RETURNAREA, null);
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- }
-
- session.setAttribute(Constants.SESSION_OAID, null);
-
- addActionMessage(LanguageHelper.getGUIString(
- "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(),
- request));
-
- return Constants.STRUTS_SUCCESS;
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } finally {
-
- }
- }
-
- public String deleteOA() {
- String oaidentifier = null;
- try {
- populateBasicInformations();
-
- Object nextPageAttr = session
- .getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String) {
- nextPage = (String) nextPageAttr;
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
- }
-
- oaidentifier = preProcessDeleteOnlineApplication();
- List<OnlineApplication> onlineapplications = configuration.getDbRead()
- .getOnlineApplications(oaidentifier);
-
- Long oaid = getOAIDFromSession();
-
- OnlineApplication onlineapplication = null;
-
- if (onlineapplications != null && onlineapplications.size() > 1) {
- log.info("Found more then one OA with PublicURLPrefix in configuration. "
- + "Select OA with DB Id ...");
-
- for (OnlineApplication oa : onlineapplications) {
- if (oa.getHjid().equals(oaid)) {
- if (onlineapplication == null)
- onlineapplication = oa;
-
- else {
- log.error("Found more then one OA with same PublicURLPrefix and same DBID.");
- new BasicOAActionException(
- "Found more then one OA with same PublicURLPrefix and same DBID.",
- Constants.STRUTS_SUCCESS);
-
- }
- }
- }
-
- } else if (onlineapplications != null && onlineapplications.size() == 1)
- onlineapplication = onlineapplications.get(0);
-
- request.getSession().setAttribute(Constants.SESSION_OAID, null);
-
+ private static final long serialVersionUID = 1L;
+
+ private String nextPage;
+
+ public EditOAAction() {
+ super();
+
+ final OATargetConfiguration oaTarget = new OATargetConfiguration();
+ formList.put(oaTarget.getName(), oaTarget);
+
+ final OAAuthenticationData authOA = new OAAuthenticationData();
+ formList.put(authOA.getName(), authOA);
+
+ final OASAML1Config saml1OA = new OASAML1Config();
+ formList.put(saml1OA.getName(), saml1OA);
+
+ if (isMoaidMode) {
+ final OABPKEncryption bPKEncDec = new OABPKEncryption();
+ formList.put(bPKEncDec.getName(), bPKEncDec);
+
+ final OASSOConfig ssoOA = new OASSOConfig();
+ formList.put(ssoOA.getName(), ssoOA);
+
+ final OAPVP2Config pvp2OA = new OAPVP2Config();
+ formList.put(pvp2OA.getName(), pvp2OA);
+
+ final OAOAuth20Config oauth20OA = new OAOAuth20Config();
+ formList.put(oauth20OA.getName(), oauth20OA);
+
+ final OASTORKConfig storkOA = new OASTORKConfig();
+ formList.put(storkOA.getName(), storkOA);
+
+ final Map<String, String> map = new HashMap<>();
+ map.putAll(FormBuildUtils.getDefaultMap());
+ final FormularCustomization formOA = new FormularCustomization(map);
+ formList.put(formOA.getName(), formOA);
+
+ final OARevisionsLogData revisOA = new OARevisionsLogData();
+ formList.put(revisOA.getName(), revisOA);
+ }
+
+ }
+
+ // STRUTS actions
+ public String inital() {
+ try {
+ populateBasicInformations();
+
+ final OnlineApplication onlineapplication = populateOnlineApplicationFromRequest();
+
+ if (onlineapplication == null) {
+ addActionError(LanguageHelper.getErrorString(
+ "errors.listOAs.noOA", request));
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ final List<String> errors = new ArrayList<>();
+ for (final IOnlineApplicationData form : formList.values()) {
+ final List<String> error = form.parse(onlineapplication, authUser,
+ request);
+ if (error != null) {
+ errors.addAll(error);
+ }
+ }
+ if (errors.size() > 0) {
+ for (final String el : errors) {
+ addActionError(el);
+ }
+ }
+
+ setNewOA(false);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_OAID, oaid);
+
+ return Constants.STRUTS_OA_EDIT;
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (final BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ } finally {
+
+ }
+ }
+
+ public String newOA() {
+ log.debug("insert new Online-Application");
+
+ try {
+ populateBasicInformations();
+
+ populateBasicNewOnlineApplicationInformation();
+
+ // prepare attribute helper list
+ final ArrayList<AttributeHelper> attributes = new ArrayList<>();
+
+ try {
+ for (final StorkAttribute current : configuration.getDbRead()
+ .getMOAIDConfiguration().getAuthComponentGeneral()
+ .getForeignIdentities().getSTORK().getAttributes()) {
+ attributes.add(new AttributeHelper(current));
+ }
+
+ } catch (final NullPointerException e) {
+
+ }
+
+ if (getStorkOA() != null) {
+ getStorkOA().setHelperAttributes(attributes);
+ }
+
+ final UserDatabase userdb = configuration.getUserManagement().getUserWithID(authUser
+ .getUserID());
+
+ if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null
+ && !userdb.isIsMailAddressVerified()) {
+ log.info("Online-Applikation managemant disabled. Mail address is not verified.");
+ addActionError(LanguageHelper.getErrorString(
+ "error.editoa.mailverification", request));
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ if (formList.get(new OAOAuth20Config().getName()) != null) {
+ session.setAttribute(
+ Constants.SESSION_OAUTH20SECRET,
+ ((OAOAuth20Config) formList.get(new OAOAuth20Config().getName()))
+ .getClientSecret());
+ }
+
+ if (getFormOA() != null) {
+ session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap());
+ }
+
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+
+ return Constants.STRUTS_OA_EDIT;
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } finally {
+
+ }
+ }
+
+ public String saveOA() {
+
+ OnlineApplication onlineapplication = null;
+
+ try {
+ populateBasicInformations();
+ onlineapplication = preProcessSaveOnlineApplication();
+
+ final List<String> errors = new ArrayList<>();
+
+ // validate forms
+ for (final IOnlineApplicationData form : formList.values()) {
+ errors.addAll(form.validate(getGeneralOA(), authUser, request));
+ }
+
+ // Do not allow SSO in combination with special BKUSelection features
+ if (getSsoOA() != null && getSsoOA().isUseSSO()
+ && (getFormOA() != null && getFormOA().isOnlyMandateAllowed() || !getFormOA()
+ .isShowMandateLoginButton())) {
+ log.warn("Special BKUSelection features can not be used in combination with SSO");
+ errors.add(LanguageHelper.getErrorString(
+ "validation.general.bkuselection.specialfeatures.valid",
+ request));
+ }
+
+ if (errors.size() > 0) {
+ log.info("OAConfiguration with ID "
+ + getGeneralOA().getIdentifier() + " has some errors.");
+ for (final String el : errors) {
+ addActionError(el);
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ } else {
+ try {
+ onlineapplication = postProcessSaveOnlineApplication(onlineapplication, true);
+
+ } catch (final BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+ }
+
+ }
+
+ final Object nextPageAttr = session
+ .getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ if (onlineapplication.isIsAdminRequired()) {
+ int numoas = 0;
+ int numusers = 0;
+
+ final List<OnlineApplication> openOAs = configuration.getDbRead()
+ .getAllNewOnlineApplications();
+ if (openOAs != null) {
+ numoas = openOAs.size();
+ }
+
+ final List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers();
+ if (openUsers != null) {
+ numusers = openUsers.size();
+ }
+ try {
+
+ addActionMessage(LanguageHelper.getGUIString(
+ "webpages.oaconfig.success.admin", getGeneralOA()
+ .getIdentifier(), request));
+
+ if (numusers > 0 || numoas > 0) {
+ MailHelper.sendAdminMail(numoas, numusers);
+ }
+
+ } catch (final ConfigurationException e) {
+ log.warn("Sending Mail to Admin failed.", e);
+ }
+
+ } else {
+ addActionMessage(LanguageHelper.getGUIString(
+ "webpages.oaconfig.success",
+ getGeneralOA().getIdentifier(), request));
+ }
+
+ // remove session attributes
+ session.setAttribute(Constants.SESSION_OAID, null);
+ session.removeAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE);
+ session.removeAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE);
+
+ return Constants.STRUTS_SUCCESS;
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (final BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ } finally {
+
+ }
+ }
+
+ public String cancleAndBackOA() {
+ try {
+ populateBasicInformations();
+
+ final Object nextPageAttr = session
+ .getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
+
+ addActionMessage(LanguageHelper.getGUIString(
+ "webpages.oaconfig.cancle", getGeneralOA().getIdentifier(),
+ request));
+
+ return Constants.STRUTS_SUCCESS;
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } finally {
+
+ }
+ }
+
+ public String deleteOA() {
+ String oaidentifier = null;
+ try {
+ populateBasicInformations();
+
+ final Object nextPageAttr = session
+ .getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name();
+ }
+
+ oaidentifier = preProcessDeleteOnlineApplication();
+ final List<OnlineApplication> onlineapplications = configuration.getDbRead()
+ .getOnlineApplications(oaidentifier);
+
+ final Long oaid = getOAIDFromSession();
+
+ OnlineApplication onlineapplication = null;
+
+ if (onlineapplications != null && onlineapplications.size() > 1) {
+ log.info("Found more then one OA with PublicURLPrefix in configuration. "
+ + "Select OA with DB Id ...");
+
+ for (final OnlineApplication oa : onlineapplications) {
+ if (oa.getHjid().equals(oaid)) {
+ if (onlineapplication == null) {
+ onlineapplication = oa;
+ } else {
+ log.error("Found more then one OA with same PublicURLPrefix and same DBID.");
+ new BasicOAActionException(
+ "Found more then one OA with same PublicURLPrefix and same DBID.",
+ Constants.STRUTS_SUCCESS);
+
+ }
+ }
+ }
+
+ } else if (onlineapplications != null && onlineapplications.size() == 1) {
+ onlineapplication = onlineapplications.get(0);
+ }
+
+ request.getSession().setAttribute(Constants.SESSION_OAID, null);
+
// try {
// if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA()
// .getOAPVP2().getMetadataURL())) {
-//
+//
// MOAIDConfiguration moaconfig = configuration.getDbRead()
// .getMOAIDConfiguration();
// moaconfig.setPvp2RefreshItem(new Date());
// ConfigurationDBUtils.saveOrUpdate(moaconfig);
-//
+//
// }
-// } catch (NullPointerException e) {
+// } catch (NullPointerException e) {
// log.debug("Found no MetadataURL in OA-Databaseconfig");
-//
+//
// } catch (Throwable e) {
// log.info("Set metadata refresh flag FAILED.", e);
// }
-
- if (onlineapplication != null && delete(onlineapplication)) {
-
- if (!authUser.isAdmin()) {
- UserDatabase user = configuration.getUserManagement().getUserWithID(authUser
- .getUserID());
- List<String> useroas = user.getOnlineApplication();
-
- for (String oa : useroas) {
- if (oa.equals(onlineapplication.getHjid())) {
- useroas.remove(oa);
- }
- }
-
- try {
- configuration.getUserManagement().saveOrUpdate(user);
-
- } catch (MOADatabaseException e) {
- log.warn("User information can not be updated in database",
- e);
- addActionError(LanguageHelper.getGUIString(
- "error.db.oa.store", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
- addActionMessage(LanguageHelper.getGUIString(
- "webpages.oaconfig.delete.message", oaidentifier, request));
-
- return Constants.STRUTS_SUCCESS;
-
- } else {
- addActionError(LanguageHelper.getGUIString(
- "webpages.oaconfig.delete.error", oaidentifier, request));
- return Constants.STRUTS_SUCCESS;
- }
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } catch (BasicOAActionException e) {
- addActionError(e.getStrutsError());
- return e.getStrutsReturnValue();
-
- } finally {
-
- }
-
- }
-
- public OAAuthenticationData getAuthOA() {
- return (OAAuthenticationData) formList.get(new OAAuthenticationData()
- .getName());
- }
-
- public void setAuthOA(OAAuthenticationData generalOA) {
- formList.put(generalOA.getName(), generalOA);
- }
-
- public OASAML1Config getSaml1OA() {
- return (OASAML1Config) formList.get(new OASAML1Config().getName());
- }
-
- public void setSaml1OA(OASAML1Config saml1oa) {
- formList.put(saml1oa.getName(), saml1oa);
- }
-
- public OASSOConfig getSsoOA() {
- return (OASSOConfig) formList.get(new OASSOConfig().getName());
- }
-
- public void setSsoOA(OASSOConfig ssoOA) {
- formList.put(ssoOA.getName(), ssoOA);
- }
-
- public OASTORKConfig getStorkOA() {
- return (OASTORKConfig) formList.get(new OASTORKConfig().getName());
- }
-
- public void setStorkOA(OASTORKConfig storkOA) {
- formList.put(storkOA.getName(), storkOA);
- }
-
-
- public OARevisionsLogData getRevisionsLogOA() {
- return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName());
- }
-
- public void setRevisionsLogOA(OARevisionsLogData storkOA) {
- formList.put(storkOA.getName(), storkOA);
- }
-
-
- /**
- * @return the nextPage
- */
- public String getNextPage() {
- return nextPage;
- }
-
- /**
- * @return the formOA
- */
- public FormularCustomization getFormOA() {
- return (FormularCustomization) formList.get(new FormularCustomization(
- null).getName());
- }
-
- /**
- * @param formOA
- * the formOA to set
- */
- public void setFormOA(FormularCustomization formOA) {
- formList.put(formOA.getName(), formOA);
- }
-
- public OAOAuth20Config getOauth20OA() {
- return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName());
- }
-
- public void setOauth20OA(OAOAuth20Config oauth20OA) {
- formList.put(oauth20OA.getName(), oauth20OA);
- }
-
- /**
- * @return the formOA
- */
- public OATargetConfiguration getTargetConfig() {
- return (OATargetConfiguration) formList.get(new OATargetConfiguration()
- .getName());
- }
-
- /**
- * @param formOA
- * the formOA to set
- */
- public void setTargetConfig(OATargetConfiguration formOA) {
- formList.put(formOA.getName(), formOA);
- }
-
- /**
- * @return the bPK encryption/decryption form
- */
- public OABPKEncryption getBPKEncDecr() {
- return (OABPKEncryption) formList.get(new OABPKEncryption().getName());
- }
-
- /**
- * @param bPK encryption/decryption form
- * the bPK encryption/decryption form to set
- */
- public void setBPKEncDecr(OABPKEncryption formOA) {
- formList.put(formOA.getName(), formOA);
- }
-
+
+ if (onlineapplication != null && delete(onlineapplication)) {
+
+ if (!authUser.isAdmin()) {
+ final UserDatabase user = configuration.getUserManagement().getUserWithID(authUser
+ .getUserID());
+ final List<String> useroas = user.getOnlineApplication();
+
+ for (final String oa : useroas) {
+ if (oa.equals(onlineapplication.getHjid())) {
+ useroas.remove(oa);
+ }
+ }
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(user);
+
+ } catch (final MOADatabaseException e) {
+ log.warn("User information can not be updated in database",
+ e);
+ addActionError(LanguageHelper.getGUIString(
+ "error.db.oa.store", request));
+ return Constants.STRUTS_ERROR;
+ }
+ }
+
+ addActionMessage(LanguageHelper.getGUIString(
+ "webpages.oaconfig.delete.message", oaidentifier, request));
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ addActionError(LanguageHelper.getGUIString(
+ "webpages.oaconfig.delete.error", oaidentifier, request));
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (final BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ } finally {
+
+ }
+
+ }
+
+ public OAAuthenticationData getAuthOA() {
+ return (OAAuthenticationData) formList.get(new OAAuthenticationData()
+ .getName());
+ }
+
+ public void setAuthOA(OAAuthenticationData generalOA) {
+ formList.put(generalOA.getName(), generalOA);
+ }
+
+ public OASAML1Config getSaml1OA() {
+ return (OASAML1Config) formList.get(new OASAML1Config().getName());
+ }
+
+ public void setSaml1OA(OASAML1Config saml1oa) {
+ formList.put(saml1oa.getName(), saml1oa);
+ }
+
+ public OASSOConfig getSsoOA() {
+ return (OASSOConfig) formList.get(new OASSOConfig().getName());
+ }
+
+ public void setSsoOA(OASSOConfig ssoOA) {
+ formList.put(ssoOA.getName(), ssoOA);
+ }
+
+ public OASTORKConfig getStorkOA() {
+ return (OASTORKConfig) formList.get(new OASTORKConfig().getName());
+ }
+
+ public void setStorkOA(OASTORKConfig storkOA) {
+ formList.put(storkOA.getName(), storkOA);
+ }
+
+ public OARevisionsLogData getRevisionsLogOA() {
+ return (OARevisionsLogData) formList.get(new OARevisionsLogData().getName());
+ }
+
+ public void setRevisionsLogOA(OARevisionsLogData storkOA) {
+ formList.put(storkOA.getName(), storkOA);
+ }
+
+ /**
+ * @return the nextPage
+ */
+ public String getNextPage() {
+ return nextPage;
+ }
+
+ /**
+ * @return the formOA
+ */
+ public FormularCustomization getFormOA() {
+ return (FormularCustomization) formList.get(new FormularCustomization(
+ null).getName());
+ }
+
+ /**
+ * @param formOA the formOA to set
+ */
+ public void setFormOA(FormularCustomization formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
+ public OAOAuth20Config getOauth20OA() {
+ return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName());
+ }
+
+ public void setOauth20OA(OAOAuth20Config oauth20OA) {
+ formList.put(oauth20OA.getName(), oauth20OA);
+ }
+
+ /**
+ * @return the formOA
+ */
+ public OATargetConfiguration getTargetConfig() {
+ return (OATargetConfiguration) formList.get(new OATargetConfiguration()
+ .getName());
+ }
+
+ /**
+ * @param formOA the formOA to set
+ */
+ public void setTargetConfig(OATargetConfiguration formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
+ /**
+ * @return the bPK encryption/decryption form
+ */
+ public OABPKEncryption getBPKEncDecr() {
+ return (OABPKEncryption) formList.get(new OABPKEncryption().getName());
+ }
+
+ /**
+ * @param bPK encryption/decryption form the bPK encryption/decryption form to
+ * set
+ */
+ public void setBPKEncDecr(OABPKEncryption formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java
index e238c6d37..6a6cf1d27 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IDPGatewayAction.java
@@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import java.util.LinkedHashMap;
import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData;
-import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig;
-import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationConfig;
/**
@@ -35,22 +33,22 @@ import at.gv.egovernment.moa.id.configuration.data.oa.PVPGatewayInterfederationC
*/
public class IDPGatewayAction extends InterfederationIDPAction {
- private static final long serialVersionUID = -2047128481980413334L;
-
- public IDPGatewayAction() {
- super();
- formList.putAll(buildIDPGatewayFormList());
- }
-
- public static LinkedHashMap<String, IOnlineApplicationData> buildIDPGatewayFormList() {
-
- LinkedHashMap<String, IOnlineApplicationData> forms =
- new LinkedHashMap<String, IOnlineApplicationData>();
-
- PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig();
- forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig);
-
- return forms;
- }
+ private static final long serialVersionUID = -2047128481980413334L;
+
+ public IDPGatewayAction() {
+ super();
+ formList.putAll(buildIDPGatewayFormList());
+ }
+
+ public static LinkedHashMap<String, IOnlineApplicationData> buildIDPGatewayFormList() {
+
+ final LinkedHashMap<String, IOnlineApplicationData> forms =
+ new LinkedHashMap<>();
+
+ final PVPGatewayInterfederationConfig pvpGatewayconfig = new PVPGatewayInterfederationConfig();
+ forms.put(pvpGatewayconfig.getName(), pvpGatewayconfig);
+
+ return forms;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
index d72505c0f..e2458a6a5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -38,7 +38,6 @@ import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
-import org.apache.log4j.Logger;
import org.springframework.beans.BeansException;
import at.gv.egiz.components.configuration.api.Configuration;
@@ -52,472 +51,468 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class ImportExportAction extends BasicAction {
-
- private static final Logger log = Logger.getLogger(ImportExportAction.class);
- private static final long serialVersionUID = 1L;
-
- private String formID;
- private File fileUpload = null;
- private String fileUploadContentType = null;
- private String fileUploadFileName = null;
-
- private InputStream fileInputStream;
-
- public String init() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- if (authUser.isAdmin()) {
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_SUCCESS;
-
- } else {
- log.info("No access to Import/Export for User with ID" + authUser.getUserID());
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
- }
-
- public String importLegacyConfig() throws ConfigurationException {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- if (authUser.isAdmin()) {
-
- //load legacy config if it is configured
-
- if (fileUpload == null) {
- addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
-
- Properties result = null;
-
- try {
- log.warn("WARNING! The legacy import deletes the hole old config");
-
- InputStream inStream = new FileInputStream(fileUpload);
- // get config from xml file
- JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config.deprecated");
- Unmarshaller m = jc.createUnmarshaller();
- MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream);
-
- // serialize config to JSON properties
- result = ConfigurationUtil.moaIdConfigToJsonProperties(config);
-
- if (result == null || result.isEmpty()) {
- log.info("Legacy configuration has is empty");
- addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {"Empty Configuratiobn"}, request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- }
-
- } catch (JAXBException | FileNotFoundException e) {
- log.info("Legacy configuration has an Import Error", e);
- addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}, request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- }
-
- try {
- //check if XML config should be use
- log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
-
- Configuration dbConfiguration =
- (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig");
-
- if (dbConfiguration == null) {
- log.warn("Open Database connection FAILED.");
- addActionError("Open Database connection FAILED.");
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- }
-
- boolean isOverwriteData = true;
-
- List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds());
-
- if (keys == null) {
- log.info("Configuration is not readable.");
- throw new MOADatabaseException("Configuration is not readable.");
- }
-
- if (isOverwriteData) {
- // remove existing entries
- for (String key : keys) {
- dbConfiguration.deleteIds(key);
- }
- }
-
- Enumeration<?> propertyNames = result.propertyNames();
-
- while (propertyNames.hasMoreElements()) {
- String key = (String) propertyNames.nextElement();
- String json = result.getProperty(key);
-
- dbConfiguration.setStringValue(key, json);
- }
-
- } catch (ConfigurationException | MOADatabaseException | at.gv.egiz.components.configuration.api.ConfigurationException e1) {
- log.warn("General MOA-ID config can not be stored in Database", e1);
- addActionError(e1.getMessage());
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- }
-
- finally {
-
- }
-
- //set new formID
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- log.info("Legacy Configuration load is completed.");
- addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request));
- return Constants.STRUTS_SUCCESS;
-
- } else {
- log.info("No access to Import/Export for User with ID" + authUser.getUserID());
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
- }
-
- public String downloadXMLConfig() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- if (authUser.isAdmin()) {
-
- log.info("Write MOA-ID 3.x config");
- try {
-
- Configuration dbConfiguration =
- (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig");
-
- if (dbConfiguration == null) {
- log.warn("Open Database connection FAILED.");
- addActionError("Open Database connection FAILED.");
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- }
-
- Properties result = new Properties();
- String[] allConfigIDs = dbConfiguration.getConfigurationIds();
- for (String key : allConfigIDs) {
- String value = dbConfiguration.getStringValue(key);
- if (MiscUtil.isNotEmpty(value)) {
- result.put(key, value);
- log.debug("Put key: " + key + " with value: " + value + " to property file.");
-
- } else
- log.info("Leave key: " + key + " Reason: Value is null or empty");
-
- }
-
-
- if (result.isEmpty()) {
- log.info("No MOA-ID 3.x configruation available");
- addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
-
- ByteArrayOutputStream output = new ByteArrayOutputStream();
- result.store(output, null);
- fileInputStream = new ByteArrayInputStream(output.toByteArray());
-
- } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) {
- log.info("MOA-ID 3.x configruation could not be exported into file.", e);
- addActionError(LanguageHelper.getErrorString("errors.importexport.export",
- new Object[]{e.getMessage()}, request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- } catch (ConfigurationException | BeansException e) {
- log.warn("Open Database connection FAILED.");
- addActionError("Open Database connection FAILED.");
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
- }
-
- finally {
-
- }
-
-
- //set new formID
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_SUCCESS;
- } else {
- log.info("No access to Import/Export for User with ID" + authUser.getUserID());
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
- }
-
-
- public String importXMLConfig() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
-
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- if (authUser.isAdmin()) {
-
- if (fileUpload == null) {
- addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_ERROR_VALIDATION;
- }
-
- log.info("Load configuration from MOA-ID 3.x XML configuration");
-
- try {
-
- Properties inProperties = new Properties();
- inProperties.load(new FileInputStream(fileUpload));
-
- //check if XML config should be use
- log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
-
- Configuration dbConfiguration =
- (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig");
-
- if (dbConfiguration == null) {
- log.warn("Open Database connection FAILED.");
- addActionError("Open Database connection FAILED.");
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- }
-
- boolean isOverwriteData = true;
-
- List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds());
-
- if (keys == null) {
- log.info("Configuration is not readable.");
- throw new MOADatabaseException("Configuration is not readable.");
- }
-
- if (isOverwriteData) {
- // remove existing entries
- for (String key : keys) {
- dbConfiguration.deleteIds(key);
- }
- }
-
- Enumeration<?> propertyNames = inProperties.propertyNames();
-
- while (propertyNames.hasMoreElements()) {
- String key = (String) propertyNames.nextElement();
- String json = inProperties.getProperty(key);
-
- dbConfiguration.setStringValue(key, json);
- }
-
- } catch (Exception e) {
- log.warn("MOA-ID XML configuration can not be loaded from File.", e);
- addActionError(LanguageHelper.getErrorString("errors.importexport.import",
- new Object[]{e.getMessage()}, request));
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- }
-
- finally {
-
- }
-
- //set new formID
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- log.info("XML Configuration load is completed.");
- addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request));
- return Constants.STRUTS_SUCCESS;
-
- } else {
- log.info("No access to Import/Export for User with ID" + authUser.getUserID());
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
- }
-
- /**
- * @return the fileUpload
- */
- public File getFileUpload() {
- return fileUpload;
- }
-
-
-
- /**
- * @param fileUpload the fileUpload to set
- */
- public void setFileUpload(File fileUpload) {
- this.fileUpload = fileUpload;
- }
-
-
-
- /**
- * @return the fileUploadContentType
- */
- public String getFileUploadContentType() {
- return fileUploadContentType;
- }
-
-
-
- /**
- * @param fileUploadContentType the fileUploadContentType to set
- */
- public void setFileUploadContentType(String fileUploadContentType) {
- this.fileUploadContentType = fileUploadContentType;
- }
-
-
-
- /**
- * @return the fileUploadFileName
- */
- public String getFileUploadFileName() {
- return fileUploadFileName;
- }
-
-
-
- /**
- * @param fileUploadFileName the fileUploadFileName to set
- */
- public void setFileUploadFileName(String fileUploadFileName) {
- this.fileUploadFileName = fileUploadFileName;
- }
-
-
- public InputStream getFileInputStream() {
- return fileInputStream;
- }
-
- /**
- * @return the formID
- */
- public String getFormID() {
- return formID;
- }
-
- /**
- * @param formID the formID to set
- */
- public void setFormID(String formID) {
- this.formID = formID;
- }
-
+
+ private static final long serialVersionUID = 1L;
+
+ private String formID;
+ private File fileUpload = null;
+ private String fileUploadContentType = null;
+ private String fileUploadFileName = null;
+
+ private InputStream fileInputStream;
+
+ public String init() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ if (authUser.isAdmin()) {
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+ }
+
+ public String importLegacyConfig() throws ConfigurationException {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ if (authUser.isAdmin()) {
+
+ // load legacy config if it is configured
+
+ if (fileUpload == null) {
+ addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+ }
+
+ Properties result = null;
+
+ try {
+ log.warn("WARNING! The legacy import deletes the hole old config");
+
+ final InputStream inStream = new FileInputStream(fileUpload);
+ // get config from xml file
+ final JAXBContext jc = JAXBContext.newInstance(
+ "at.gv.egovernment.moa.id.commons.db.dao.config.deprecated");
+ final Unmarshaller m = jc.createUnmarshaller();
+ final MOAIDConfiguration config = (MOAIDConfiguration) m.unmarshal(inStream);
+
+ // serialize config to JSON properties
+ result = ConfigurationUtil.moaIdConfigToJsonProperties(config);
+
+ if (result == null || result.isEmpty()) {
+ log.info("Legacy configuration has is empty");
+ addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {
+ "Empty Configuratiobn" }, request));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ }
+
+ } catch (JAXBException | FileNotFoundException e) {
+ log.info("Legacy configuration has an Import Error", e);
+ addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] { e
+ .getMessage() }, request));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ }
+
+ try {
+ // check if XML config should be use
+ log.warn(
+ "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
+
+ final Configuration dbConfiguration =
+ (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig");
+
+ if (dbConfiguration == null) {
+ log.warn("Open Database connection FAILED.");
+ addActionError("Open Database connection FAILED.");
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ }
+
+ final boolean isOverwriteData = true;
+
+ final List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds());
+
+ if (keys == null) {
+ log.info("Configuration is not readable.");
+ throw new MOADatabaseException("Configuration is not readable.");
+ }
+
+ if (isOverwriteData) {
+ // remove existing entries
+ for (final String key : keys) {
+ dbConfiguration.deleteIds(key);
+ }
+ }
+
+ final Enumeration<?> propertyNames = result.propertyNames();
+
+ while (propertyNames.hasMoreElements()) {
+ final String key = (String) propertyNames.nextElement();
+ final String json = result.getProperty(key);
+
+ dbConfiguration.setStringValue(key, json);
+ }
+
+ } catch (ConfigurationException | MOADatabaseException
+ | at.gv.egiz.components.configuration.api.ConfigurationException e1) {
+ log.warn("General MOA-ID config can not be stored in Database", e1);
+ addActionError(e1.getMessage());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ }
+
+ finally {
+
+ }
+
+ // set new formID
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ log.info("Legacy Configuration load is completed.");
+ addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request));
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+ }
+
+ public String downloadXMLConfig() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ if (authUser.isAdmin()) {
+
+ log.info("Write MOA-ID 3.x config");
+ try {
+
+ final Configuration dbConfiguration =
+ (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig");
+
+ if (dbConfiguration == null) {
+ log.warn("Open Database connection FAILED.");
+ addActionError("Open Database connection FAILED.");
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ }
+
+ final Properties result = new Properties();
+ final String[] allConfigIDs = dbConfiguration.getConfigurationIds();
+ for (final String key : allConfigIDs) {
+ final String value = dbConfiguration.getStringValue(key);
+ if (MiscUtil.isNotEmpty(value)) {
+ result.put(key, value);
+ log.debug("Put key: " + key + " with value: " + value + " to property file.");
+
+ } else {
+ log.info("Leave key: " + key + " Reason: Value is null or empty");
+ }
+
+ }
+
+ if (result.isEmpty()) {
+ log.info("No MOA-ID 3.x configruation available");
+ addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig", request));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+ }
+
+ final ByteArrayOutputStream output = new ByteArrayOutputStream();
+ result.store(output, null);
+ fileInputStream = new ByteArrayInputStream(output.toByteArray());
+
+ } catch (IOException | at.gv.egiz.components.configuration.api.ConfigurationException e) {
+ log.info("MOA-ID 3.x configruation could not be exported into file.", e);
+ addActionError(LanguageHelper.getErrorString("errors.importexport.export",
+ new Object[] { e.getMessage() }, request));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ } catch (ConfigurationException | BeansException e) {
+ log.warn("Open Database connection FAILED.");
+ addActionError("Open Database connection FAILED.");
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+ }
+
+ finally {
+
+ }
+
+ // set new formID
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_SUCCESS;
+ } else {
+ log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+ }
+
+ public String importXMLConfig() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ if (authUser.isAdmin()) {
+
+ if (fileUpload == null) {
+ addActionError(LanguageHelper.getErrorString("errors.importexport.nofile", request));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_ERROR_VALIDATION;
+ }
+
+ log.info("Load configuration from MOA-ID 3.x XML configuration");
+
+ try {
+
+ final Properties inProperties = new Properties();
+ inProperties.load(new FileInputStream(fileUpload));
+
+ // check if XML config should be use
+ log.warn(
+ "WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
+
+ final Configuration dbConfiguration =
+ (Configuration) ConfigurationProvider.getInstance().getContext().getBean("moaidconfig");
+
+ if (dbConfiguration == null) {
+ log.warn("Open Database connection FAILED.");
+ addActionError("Open Database connection FAILED.");
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ }
+
+ final boolean isOverwriteData = true;
+
+ final List<String> keys = Arrays.asList(dbConfiguration.getConfigurationIds());
+
+ if (keys == null) {
+ log.info("Configuration is not readable.");
+ throw new MOADatabaseException("Configuration is not readable.");
+ }
+
+ if (isOverwriteData) {
+ // remove existing entries
+ for (final String key : keys) {
+ dbConfiguration.deleteIds(key);
+ }
+ }
+
+ final Enumeration<?> propertyNames = inProperties.propertyNames();
+
+ while (propertyNames.hasMoreElements()) {
+ final String key = (String) propertyNames.nextElement();
+ final String json = inProperties.getProperty(key);
+
+ dbConfiguration.setStringValue(key, json);
+ }
+
+ } catch (final Exception e) {
+ log.warn("MOA-ID XML configuration can not be loaded from File.", e);
+ addActionError(LanguageHelper.getErrorString("errors.importexport.import",
+ new Object[] { e.getMessage() }, request));
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ }
+
+ finally {
+
+ }
+
+ // set new formID
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ log.info("XML Configuration load is completed.");
+ addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success", request));
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ }
+
+ /**
+ * @return the fileUpload
+ */
+ public File getFileUpload() {
+ return fileUpload;
+ }
+
+ /**
+ * @param fileUpload the fileUpload to set
+ */
+ public void setFileUpload(File fileUpload) {
+ this.fileUpload = fileUpload;
+ }
+
+ /**
+ * @return the fileUploadContentType
+ */
+ public String getFileUploadContentType() {
+ return fileUploadContentType;
+ }
+
+ /**
+ * @param fileUploadContentType the fileUploadContentType to set
+ */
+ public void setFileUploadContentType(String fileUploadContentType) {
+ this.fileUploadContentType = fileUploadContentType;
+ }
+
+ /**
+ * @return the fileUploadFileName
+ */
+ public String getFileUploadFileName() {
+ return fileUploadFileName;
+ }
+
+ /**
+ * @param fileUploadFileName the fileUploadFileName to set
+ */
+ public void setFileUploadFileName(String fileUploadFileName) {
+ this.fileUploadFileName = fileUploadFileName;
+ }
+
+ public InputStream getFileInputStream() {
+ return fileInputStream;
+ }
+
+ /**
+ * @return the formID
+ */
+ @Override
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ @Override
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 6f9d233b1..666785e24 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -35,7 +35,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
@@ -78,817 +77,837 @@ import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class IndexAction extends BasicAction {
-
- /**
- * @throws ConfigurationException
- */
-
- private static final long serialVersionUID = -2781497863862504896L;
-
- private static final Logger log = Logger.getLogger(IndexAction.class);
-
- private String password;
- private String username;
- private UserDatabaseFrom user = null;
- private String formID;
-
- private String ssologouturl;
-
- private boolean pvp2LoginActiv = false;
-
- public IndexAction() throws BasicActionException {
- super();
- }
-
- public String start() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- pvp2LoginActiv = configuration.isPVP2LoginActive();
-
- if (session.getAttribute(Constants.SESSION_I18n) == null)
- session.setAttribute(Constants.SESSION_I18n,
- Locale.forLanguageTag(configuration.getDefaultLanguage()));
-
- if (configuration.isLoginDeaktivated()) {
- return "loginWithOutAuth";
-
- } else {
- return Constants.STRUTS_SUCCESS;
-
- }
- }
-
- public String authenticate() {
-
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- pvp2LoginActiv = configuration.isPVP2LoginActive();
-
- String key = null;
-
- if (MiscUtil.isNotEmpty(username)) {
- if (ValidationHelper.containsNotValidCharacter(username, false)) {
- log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username));
- addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("Username is empty");
- addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
- return Constants.STRUTS_ERROR;
- }
-
- if (MiscUtil.isEmpty(password)) {
- log.warn("Password is empty");
- addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
- return Constants.STRUTS_ERROR;
-
- } else {
- key = AuthenticationHelper.generateKeyFormPassword(password);
- if (key == null) {
- addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
-
- UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username);
- if (dbuser == null) {
- log.warn("Unknown Username");
- addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
- return Constants.STRUTS_ERROR;
-
- } else {
- //TODO: maybe remove this default value in a later version
- if (dbuser.isIsUsernamePasswordAllowed() == null)
- dbuser.setIsUsernamePasswordAllowed(true);
-
- if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) {
- log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " is not active or Username/Password login is not allowed");
- addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
- return Constants.STRUTS_ERROR;
- }
-
- if (!dbuser.getPassword().equals(key)) {
- log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password");
- addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
- return Constants.STRUTS_ERROR;
- }
-
- //TODO: maybe remove this default value in a later version
- boolean ismandateuser = false;
- if (dbuser.isIsMandateUser() != null)
- ismandateuser = dbuser.isIsMandateUser();
-
- int sessionTimeOut = session.getMaxInactiveInterval();
- Date sessionExpired = new Date(new Date().getTime() +
- (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS));
-
- AuthenticatedUser authuser = new AuthenticatedUser(dbuser,
- true,
- ismandateuser,
- false,
- dbuser.getHjid()+"dbID",
- "username/password",
- sessionExpired);
-
- //store user as authenticated user
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- authManager.setActiveUser(authuser);
-
- Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
- if (date != null)
- authuser.setLastLogin(date);;
-
- dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
-
- try {
- configuration.getUserManagement().saveOrUpdate(dbuser);
-
- } catch (MOADatabaseException e) {
- log.warn("UserDatabase communicaton error", e);
- addActionError(LanguageHelper.getErrorString("error.login", request));
- return Constants.STRUTS_ERROR;
- }
- finally {
- }
-
- HttpSession session = generateNewJSession(request);
- session.setAttribute(Constants.SESSION_AUTH, authuser);
-
- return Constants.STRUTS_SUCCESS;
- }
- }
-
- public String pvp2login() {
-
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- String method = request.getMethod();
- if (session == null) {
- log.info("NO HTTP Session");
- return Constants.STRUTS_ERROR;
- }
-
- String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
- session.setAttribute(Constants.SESSION_PVP2REQUESTID, null);
-
- if (method.equals("POST")) {
-
- try {
- pvp2LoginActiv = configuration.isPVP2LoginActive();
-
- //Decode with HttpPost Binding
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- request));
- decode.decode(messageContext);
-
- Response samlResponse = (Response) messageContext.getInboundMessage();
-
- //ckeck InResponseTo matchs requestID
- if (MiscUtil.isEmpty(authID)) {
- log.info("NO AuthRequestID");
- return Constants.STRUTS_ERROR;
- }
-
- if (!authID.equals(samlResponse.getInResponseTo())) {
- log.warn("PVPRequestID does not match PVP2 Assertion ID!");
- return Constants.STRUTS_ERROR;
-
- }
-
- //check response destination
- String serviceURL = configuration.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
-
- String responseDestination = samlResponse.getDestination();
- if (MiscUtil.isEmpty(responseDestination) ||
- !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) {
- log.warn("PVPResponse destination does not match requested destination");
- return Constants.STRUTS_ERROR;
- }
-
- //check if response is signed
- Signature sign = samlResponse.getSignature();
- if (sign == null) {
- log.info("Only http POST Requests can be used");
- addActionError(LanguageHelper.getErrorString("error.login", request));
- return Constants.STRUTS_ERROR;
- }
-
- //validate signature
- PVP2Utils.validateSignature(samlResponse, configuration);
-
- log.info("PVP2 Assertion is valid");
-
- if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
-
- List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
-
- //check encrypted Assertion
- List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions();
- if (encryAssertionList != null && encryAssertionList.size() > 0) {
- //decrypt assertions
-
- log.debug("Found encryped assertion. Start decryption ...");
-
- KeyStore keyStore = configuration.getPVP2KeyStore();
-
- X509Credential authDecCredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
- configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
-
-
- StaticKeyInfoCredentialResolver skicr =
- new StaticKeyInfoCredentialResolver(authDecCredential);
-
- ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
- encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() );
- encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() );
- encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
-
- Decrypter samlDecrypter =
- new Decrypter(null, skicr, encryptedKeyResolver);
-
- for (EncryptedAssertion encAssertion : encryAssertionList) {
- saml2assertions.add(samlDecrypter.decrypt(encAssertion));
-
- }
-
- log.debug("Assertion decryption finished. ");
-
- } else {
- saml2assertions = samlResponse.getAssertions();
-
- }
-
- for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
-
- Conditions conditions = saml2assertion.getConditions();
- DateTime notbefore = conditions.getNotBefore();
- DateTime notafter = conditions.getNotOnOrAfter();
- if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
- log.warn("PVP2 Assertion is out of Date");
- return Constants.STRUTS_ERROR;
-
- }
-
- Subject subject = saml2assertion.getSubject();
- if (subject == null) {
- log.warn("Assertion has no Subject element");
- return Constants.STRUTS_ERROR;
-
- }
-
- NameID nameID = subject.getNameID();
- if (nameID == null) {
- log.warn("No NameID element in PVP2 assertion!");
- return Constants.STRUTS_ERROR;
- }
-
- String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue();
-
- int sessionTimeOut = session.getMaxInactiveInterval();
- Date sessionExpired = new Date(new Date().getTime() +
- (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS));
-
- //search user
- UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk);
- if (dbuser == null) {
- log.info("No user found with bpk/wbpk " + bpkwbpk);
-
- //read PVP2 assertion attributes;
- user = new UserDatabaseFrom();
- user.setActive(false);
- user.setAdmin(false);
- user.setBpk(bpkwbpk);
- user.setIsusernamepasswordallowed(false);
- user.setIsmandateuser(false);
- user.setPVPGenerated(true);
-
- //loop through the nodes to get what we want
- List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
- for (int i = 0; i < attributeStatements.size(); i++)
- {
- List<Attribute> attributes = attributeStatements.get(i).getAttributes();
- for (int x = 0; x < attributes.size(); x++)
- {
- String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
-
- if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) {
- user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
- }
-
- if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) {
- user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
- }
-
- if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) {
- user.setIsmandateuser(true);
- }
-
- if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) {
- user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue());
- }
- }
- }
-
- //create AuthUser data element
- authUser = AuthenticatedUser.generateUserRequestUser(user,
- nameID.getValue(),
- nameID.getFormat(),
- sessionExpired);
-
- //store user as authenticated user
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- authManager.setActiveUser(authUser);
-
- //set Random value
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- session.setAttribute(Constants.SESSION_FORM, user);
- session.setAttribute(Constants.SESSION_AUTH, authUser);
-
-
- return Constants.STRUTS_NEWUSER;
-
- } else {
- if (!dbuser.isIsActive()) {
-
- if (!dbuser.isIsMailAddressVerified()) {
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- user = new UserDatabaseFrom(dbuser);
- authUser = new AuthenticatedUser(dbuser,
- false,
- dbuser.isIsMandateUser(),
- true,
- nameID.getValue(),
- nameID.getFormat(),
- sessionExpired);
-
- //store user as authenticated user
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- authManager.setActiveUser(authUser);
-
- session.setAttribute(Constants.SESSION_FORM, user);
- session.setAttribute(Constants.SESSION_AUTH, authUser);
-
- return Constants.STRUTS_NEWUSER;
-
- }
-
- log.info("User with bpk/wbpk " + bpkwbpk + " is not active");
- addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request));
- return Constants.STRUTS_ERROR;
- }
-
- //TODO: maybe remove this default value in a later version
- boolean ismandateuser = false;
- if (dbuser.isIsMandateUser() != null)
- ismandateuser = dbuser.isIsMandateUser();
-
- authUser = new AuthenticatedUser(dbuser, true,
- ismandateuser,
- true,
- nameID.getValue(),
- nameID.getFormat(),
- sessionExpired);
-
- //store user as authenticated user
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- authManager.setActiveUser(authUser);
-
- Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
- if (date != null)
- authUser.setLastLogin(date);;
-
- dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
-
- try {
- configuration.getUserManagement().saveOrUpdate(dbuser);
-
- } catch (MOADatabaseException e) {
- log.warn("UserDatabase communicaton error", e);
- addActionError(LanguageHelper.getErrorString("error.login", request));
- return Constants.STRUTS_ERROR;
- }
- finally {
- }
-
- HttpSession newsession = generateNewJSession(request);
- newsession.setAttribute(Constants.SESSION_AUTH, authUser);
- return Constants.STRUTS_SUCCESS;
-
- }
- }
-
- log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found.");
- addActionError(LanguageHelper.getErrorString("error.login.internal", request));
- return Constants.STRUTS_ERROR;
-
- } else {
- log.info("Receive Error Assertion.");
- addActionError(LanguageHelper.getErrorString("error.login", request));
- return Constants.STRUTS_ERROR;
- }
-
- } catch (Exception e) {
- log.warn("An internal error occurs.", e);
- addActionError(LanguageHelper.getErrorString("error.login.internal", request));
- return Constants.STRUTS_ERROR;
- }
-
- } else {
- log.info("Only http POST Requests can be used");
- addActionError(LanguageHelper.getErrorString("error.login.internal", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
- public String requestNewUser() {
-
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- if (session == null) {
- log.warn("No active Session found");
- return Constants.STRUTS_ERROR;
- }
-
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- Object sessionformobj = session.getAttribute(Constants.SESSION_FORM);
- if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) {
- UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj;
-
- Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
- authUser = (AuthenticatedUser) authUserObj;
-
- if (user == null) {
- log.warn("No form transmited");
- return Constants.STRUTS_ERROR;
- }
-
- //get UserID
- String useridobj = user.getUserID();
- long userID = -1;
- if (MiscUtil.isEmpty(useridobj)) {
- userID = -1;
-
- } else {
- if (!ValidationHelper.validateOAID(useridobj)){
- log.warn("User with ID " + authUser.getUserID()
- + " would access UserDatabase ID " + useridobj);
- addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
- return Constants.STRUTS_ERROR;
- }
- userID = Long.valueOf(useridobj);
- }
-
- String check;
- if (!sessionform.isIsmandateuser()) {
- check = user.getInstitut();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(check));
- addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Organisation is empty");
- addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));
- }
- }
-
- check = user.getMail();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isEmailAddressFormat(check)) {
- log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check));
- addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Mailaddress is empty");
- addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));
- }
-
- check = user.getPhone();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validatePhoneNumber(check)) {
- log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check));
- addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Phonenumber is empty");
- addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));
- }
-
- if (hasActionErrors()) {
- log.info("Some form errors found. Send user back to form");
-
- user.setPVPGenerated(true);
- user.setFamilyName(sessionform.getFamilyName());
- user.setGivenName(sessionform.getGivenName());
- user.setIsmandateuser(sessionform.isIsmandateuser());
- user.setBpk(sessionform.getBpk());
-
- if (sessionform.isIsmandateuser())
- user.setInstitut(sessionform.getInstitut());
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_NEWUSER;
- }
-
- UserDatabase dbuser;
-
- if (userID < 0) {
- dbuser = new UserDatabase();
- dbuser.setBpk(sessionform.getBpk());
- dbuser.setFamilyname(sessionform.getFamilyName());
- dbuser.setGivenname(sessionform.getGivenName());
-
- if (sessionform.isIsmandateuser())
- dbuser.setInstitut(sessionform.getInstitut());
- else
- dbuser.setInstitut(user.getInstitut());
-
- dbuser.setIsPVP2Generated(true);
- dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
- dbuser.setIsActive(false);
- dbuser.setIsAdmin(false);
- dbuser.setIsMandateUser(sessionform.isIsmandateuser());
- dbuser.setIsUsernamePasswordAllowed(false);
-
- } else
- dbuser = configuration.getUserManagement().getUserWithID(userID);
-
- dbuser.setMail(user.getMail());
- dbuser.setPhone(user.getPhone());
- dbuser.setIsAdminRequest(true);
- dbuser.setIsMailAddressVerified(false);
- dbuser.setUserRequestTokken(Random.nextRandom());
-
- try {
- configuration.getUserManagement().saveOrUpdate(dbuser);
-
- MailHelper.sendUserMailAddressVerification(dbuser);
-
- } catch (MOADatabaseException e) {
- log.warn("New UserRequest can not be stored in database", e);
- return Constants.STRUTS_ERROR;
-
- } catch (ConfigurationException e) {
- log.warn("Sending of mailaddress verification mail failed.", e);
- addActionError(LanguageHelper.getErrorString("error.mail.send", request));
- return Constants.STRUTS_NEWUSER;
- }
-
- finally {
- session.setAttribute(Constants.SESSION_FORM, null);
- session.setAttribute(Constants.SESSION_AUTH, null);
- }
-
- addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request));
-
- session.invalidate();
-
- return Constants.STRUTS_SUCCESS;
-
- } else {
- log.warn("No SessionForm found");
- return Constants.STRUTS_ERROR;
- }
-
- }
-
- public String mailAddressVerification() {
-
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN);
- if (MiscUtil.isNotEmpty(userrequesttokken)) {
-
- userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken);
-
- try {
- Long.parseLong(userrequesttokken);
-
- } catch (NumberFormatException e) {
- log.warn("Verificationtokken has no number format.");
- return Constants.STRUTS_ERROR;
- }
-
- UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken);
- if (dbuser != null) {
- dbuser.setUserRequestTokken(null);
- dbuser.setIsMailAddressVerified(true);
-
- if (dbuser.isIsActive())
- dbuser.setIsAdminRequest(false);
-
- try {
- configuration.getUserManagement().saveOrUpdate(dbuser);
-
- int numoas = 0;
- int numusers = 0;
-
- List<OnlineApplication> openOAs = configuration.getDbRead().getAllNewOnlineApplications();
- if (openOAs != null)
- numoas = openOAs.size();
-
- List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers();
- if (openUsers != null)
- numusers = openUsers.size();
-
- if (numusers > 0 || numoas > 0)
- MailHelper.sendAdminMail(numoas, numusers);
-
- } catch (MOADatabaseException e) {
- log.warn("Userinformation can not be stored in Database.", e);
- addActionError(LanguageHelper.getErrorString("error.mail.verification", request));
-
- } catch (ConfigurationException e) {
- log.warn("Send mail to admin failed.", e);
- }
-
- finally {
- }
-
- addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request));
- return Constants.STRUTS_SUCCESS;
- }
- }
-
- return Constants.STRUTS_ERROR;
- }
-
- public String logout() {
- HttpSession session = request.getSession(false);
-
- if (session != null) {
- if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOSUCCESS)))
- addActionMessage((String)session.getAttribute(Constants.SESSION_SLOSUCCESS));
-
- if (MiscUtil.isNotEmpty((String)session.getAttribute(Constants.SESSION_SLOERROR)))
- addActionError((String)session.getAttribute(Constants.SESSION_SLOERROR));
-
- session.invalidate();
-
- }
-
- return Constants.STRUTS_SUCCESS;
- }
-
- private HttpSession generateNewJSession(HttpServletRequest request) {
- HttpSession session = request.getSession(false);
-
- if (session != null) {
-
- HashMap<String, Object> attributes = new HashMap<String,Object>();
-
- Enumeration<String> enames = session.getAttributeNames();
- while (enames.hasMoreElements()) {
- String name = enames.nextElement();
- if (!name.equals("JSESSIONID"))
- attributes.put(name, session.getAttribute( name));
- }
- session.invalidate();
-
- session = request.getSession(true);
- for (Entry<String,Object> et : attributes.entrySet())
- session.setAttribute( et.getKey(), et.getValue());
-
- } else
- session = request.getSession(true);
-
- return session;
- }
-
- /**
- * @return the password
- */
- public String getPassword() {
- return password;
- }
-
- /**
- * @param password the password to set
- */
- public void setPassword(String password) {
- this.password = password;
- }
-
- /**
- * @return the username
- */
- public String getUsername() {
- return username;
- }
-
- /**
- * @param username the username to set
- */
- public void setUsername(String username) {
- this.username = username;
- }
-
- /**
- * @return the user
- */
- public UserDatabaseFrom getUser() {
- return user;
- }
-
- /**
- * @param user the user to set
- */
- public void setUser(UserDatabaseFrom user) {
- this.user = user;
- }
-
- /**
- * @return the ssologouturl
- */
- public String getSsologouturl() {
- return ssologouturl;
- }
-
- /**
- * @return the formID
- */
- public String getFormID() {
- return formID;
- }
-
- /**
- * @param formID the formID to set
- */
- public void setFormID(String formID) {
- this.formID = formID;
- }
-
- /**
- * @return the pvp2LoginActiv
- */
- public boolean isPvp2LoginActiv() {
- return pvp2LoginActiv;
- }
-
-
+
+ /**
+ * @throws ConfigurationException
+ */
+
+ private static final long serialVersionUID = -2781497863862504896L;
+
+ private String password;
+ private String username;
+ private UserDatabaseFrom user = null;
+ private String formID;
+
+ private String ssologouturl;
+
+ private boolean pvp2LoginActiv = false;
+
+ public IndexAction() throws BasicActionException {
+ super();
+ }
+
+ public String start() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ pvp2LoginActiv = configuration.isPVP2LoginActive();
+
+ if (session.getAttribute(Constants.SESSION_I18n) == null) {
+ session.setAttribute(Constants.SESSION_I18n,
+ Locale.forLanguageTag(configuration.getDefaultLanguage()));
+ }
+
+ if (configuration.isLoginDeaktivated()) {
+ return "loginWithOutAuth";
+
+ } else {
+ return Constants.STRUTS_SUCCESS;
+
+ }
+ }
+
+ public String authenticate() {
+
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ pvp2LoginActiv = configuration.isPVP2LoginActive();
+
+ String key = null;
+
+ if (MiscUtil.isNotEmpty(username)) {
+ if (ValidationHelper.containsNotValidCharacter(username, false)) {
+ log.warn("Username contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(username));
+ addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("Username is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ if (MiscUtil.isEmpty(password)) {
+ log.warn("Password is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
+ return Constants.STRUTS_ERROR;
+
+ } else {
+ key = AuthenticationHelper.generateKeyFormPassword(password);
+ if (key == null) {
+ addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
+ return Constants.STRUTS_ERROR;
+ }
+ }
+
+ final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserName(username);
+ if (dbuser == null) {
+ log.warn("Unknown Username");
+ addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
+ return Constants.STRUTS_ERROR;
+
+ } else {
+ // TODO: maybe remove this default value in a later version
+ if (dbuser.isIsUsernamePasswordAllowed() == null) {
+ dbuser.setIsUsernamePasswordAllowed(true);
+ }
+
+ if (!dbuser.isIsActive() || !dbuser.isIsUsernamePasswordAllowed()) {
+ log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername())
+ + " is not active or Username/Password login is not allowed");
+ addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ if (!dbuser.getPassword().equals(key)) {
+ log.warn("Username " + StringEscapeUtils.escapeHtml(dbuser.getUsername()) + " use a false password");
+ addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ // TODO: maybe remove this default value in a later version
+ boolean ismandateuser = false;
+ if (dbuser.isIsMandateUser() != null) {
+ ismandateuser = dbuser.isIsMandateUser();
+ }
+
+ final int sessionTimeOut = session.getMaxInactiveInterval();
+ final Date sessionExpired = new Date(new Date().getTime() +
+ sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS);
+
+ final AuthenticatedUser authuser = new AuthenticatedUser(dbuser,
+ true,
+ ismandateuser,
+ false,
+ dbuser.getHjid() + "dbID",
+ "username/password",
+ sessionExpired);
+
+ // store user as authenticated user
+ final AuthenticationManager authManager = AuthenticationManager.getInstance();
+ authManager.setActiveUser(authuser);
+
+ final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+ if (date != null) {
+ authuser.setLastLogin(date);
+ }
+
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(dbuser);
+
+ } catch (final MOADatabaseException e) {
+ log.warn("UserDatabase communicaton error", e);
+ addActionError(LanguageHelper.getErrorString("error.login", request));
+ return Constants.STRUTS_ERROR;
+ } finally {
+ }
+
+ final HttpSession session = generateNewJSession(request);
+ session.setAttribute(Constants.SESSION_AUTH, authuser);
+
+ return Constants.STRUTS_SUCCESS;
+ }
+ }
+
+ public String pvp2login() {
+
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final String method = request.getMethod();
+ if (session == null) {
+ log.info("NO HTTP Session");
+ return Constants.STRUTS_ERROR;
+ }
+
+ final String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, null);
+
+ if (method.equals("POST")) {
+
+ try {
+ pvp2LoginActiv = configuration.isPVP2LoginActive();
+
+ // Decode with HttpPost Binding
+ final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ final BasicSAMLMessageContext<Response, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ request));
+ decode.decode(messageContext);
+
+ final Response samlResponse = (Response) messageContext.getInboundMessage();
+
+ // ckeck InResponseTo matchs requestID
+ if (MiscUtil.isEmpty(authID)) {
+ log.info("NO AuthRequestID");
+ return Constants.STRUTS_ERROR;
+ }
+
+ if (!authID.equals(samlResponse.getInResponseTo())) {
+ log.warn("PVPRequestID does not match PVP2 Assertion ID!");
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ // check response destination
+ String serviceURL = configuration.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+
+ final String responseDestination = samlResponse.getDestination();
+ if (MiscUtil.isEmpty(responseDestination) ||
+ !responseDestination.equals(serviceURL + Constants.SERVLET_PVP2ASSERTION)) {
+ log.warn("PVPResponse destination does not match requested destination");
+ return Constants.STRUTS_ERROR;
+ }
+
+ // check if response is signed
+ final Signature sign = samlResponse.getSignature();
+ if (sign == null) {
+ log.info("Only http POST Requests can be used");
+ addActionError(LanguageHelper.getErrorString("error.login", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ // validate signature
+ PVP2Utils.validateSignature(samlResponse, configuration);
+
+ log.info("PVP2 Assertion is valid");
+
+ if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ List<org.opensaml.saml2.core.Assertion> saml2assertions =
+ new ArrayList<>();
+
+ // check encrypted Assertion
+ final List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions();
+ if (encryAssertionList != null && encryAssertionList.size() > 0) {
+ // decrypt assertions
+
+ log.debug("Found encryped assertion. Start decryption ...");
+
+ final KeyStore keyStore = configuration.getPVP2KeyStore();
+
+ final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ configuration.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
+ configuration.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
+
+ final StaticKeyInfoCredentialResolver skicr =
+ new StaticKeyInfoCredentialResolver(authDecCredential);
+
+ final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
+ encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
+ encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
+ encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());
+
+ final Decrypter samlDecrypter =
+ new Decrypter(null, skicr, encryptedKeyResolver);
+
+ for (final EncryptedAssertion encAssertion : encryAssertionList) {
+ saml2assertions.add(samlDecrypter.decrypt(encAssertion));
+
+ }
+
+ log.debug("Assertion decryption finished. ");
+
+ } else {
+ saml2assertions = samlResponse.getAssertions();
+
+ }
+
+ for (final org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
+
+ final Conditions conditions = saml2assertion.getConditions();
+ final DateTime notbefore = conditions.getNotBefore();
+ final DateTime notafter = conditions.getNotOnOrAfter();
+ if (notbefore.isAfterNow() || notafter.isBeforeNow()) {
+ log.warn("PVP2 Assertion is out of Date");
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Subject subject = saml2assertion.getSubject();
+ if (subject == null) {
+ log.warn("Assertion has no Subject element");
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final NameID nameID = subject.getNameID();
+ if (nameID == null) {
+ log.warn("No NameID element in PVP2 assertion!");
+ return Constants.STRUTS_ERROR;
+ }
+
+ final String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue();
+
+ final int sessionTimeOut = session.getMaxInactiveInterval();
+ final Date sessionExpired = new Date(new Date().getTime() +
+ sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS);
+
+ // search user
+ final UserDatabase dbuser = configuration.getUserManagement().getUserWithUserBPKWBPK(bpkwbpk);
+ if (dbuser == null) {
+ log.info("No user found with bpk/wbpk " + bpkwbpk);
+
+ // read PVP2 assertion attributes;
+ user = new UserDatabaseFrom();
+ user.setActive(false);
+ user.setAdmin(false);
+ user.setBpk(bpkwbpk);
+ user.setIsusernamepasswordallowed(false);
+ user.setIsmandateuser(false);
+ user.setPVPGenerated(true);
+
+ // loop through the nodes to get what we want
+ final List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
+ for (final AttributeStatement attributeStatement : attributeStatements) {
+ final List<Attribute> attributes = attributeStatement.getAttributes();
+ for (final Attribute attribute : attributes) {
+ final String strAttributeName = attribute.getDOM().getAttribute("Name");
+
+ if (strAttributeName.equals(PVPAttributeDefinitions.PRINCIPAL_NAME_NAME)) {
+ user.setFamilyName(attribute.getAttributeValues().get(0).getDOM().getFirstChild()
+ .getNodeValue());
+ }
+
+ if (strAttributeName.equals(PVPAttributeDefinitions.GIVEN_NAME_NAME)) {
+ user.setGivenName(attribute.getAttributeValues().get(0).getDOM().getFirstChild()
+ .getNodeValue());
+ }
+
+ if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_TYPE_NAME)) {
+ user.setIsmandateuser(true);
+ }
+
+ if (strAttributeName.equals(PVPAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME)) {
+ user.setInstitut(attribute.getAttributeValues().get(0).getDOM().getFirstChild()
+ .getNodeValue());
+ }
+ }
+ }
+
+ // create AuthUser data element
+ authUser = AuthenticatedUser.generateUserRequestUser(user,
+ nameID.getValue(),
+ nameID.getFormat(),
+ sessionExpired);
+
+ // store user as authenticated user
+ final AuthenticationManager authManager = AuthenticationManager.getInstance();
+ authManager.setActiveUser(authUser);
+
+ // set Random value
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_FORM, user);
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+
+ return Constants.STRUTS_NEWUSER;
+
+ } else {
+ if (!dbuser.isIsActive()) {
+
+ if (!dbuser.isIsMailAddressVerified()) {
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ user = new UserDatabaseFrom(dbuser);
+ authUser = new AuthenticatedUser(dbuser,
+ false,
+ dbuser.isIsMandateUser(),
+ true,
+ nameID.getValue(),
+ nameID.getFormat(),
+ sessionExpired);
+
+ // store user as authenticated user
+ final AuthenticationManager authManager = AuthenticationManager.getInstance();
+ authManager.setActiveUser(authUser);
+
+ session.setAttribute(Constants.SESSION_FORM, user);
+ session.setAttribute(Constants.SESSION_AUTH, authUser);
+
+ return Constants.STRUTS_NEWUSER;
+
+ }
+
+ log.info("User with bpk/wbpk " + bpkwbpk + " is not active");
+ addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ // TODO: maybe remove this default value in a later version
+ boolean ismandateuser = false;
+ if (dbuser.isIsMandateUser() != null) {
+ ismandateuser = dbuser.isIsMandateUser();
+ }
+
+ authUser = new AuthenticatedUser(dbuser, true,
+ ismandateuser,
+ true,
+ nameID.getValue(),
+ nameID.getFormat(),
+ sessionExpired);
+
+ // store user as authenticated user
+ final AuthenticationManager authManager = AuthenticationManager.getInstance();
+ authManager.setActiveUser(authUser);
+
+ final Date date = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+ if (date != null) {
+ authUser.setLastLogin(date);
+ }
+
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(dbuser);
+
+ } catch (final MOADatabaseException e) {
+ log.warn("UserDatabase communicaton error", e);
+ addActionError(LanguageHelper.getErrorString("error.login", request));
+ return Constants.STRUTS_ERROR;
+ } finally {
+ }
+
+ final HttpSession newsession = generateNewJSession(request);
+ newsession.setAttribute(Constants.SESSION_AUTH, authUser);
+ return Constants.STRUTS_SUCCESS;
+
+ }
+ }
+
+ log.info("PVP2 Assertion was maybe not well formed, because no Assertion element could be found.");
+ addActionError(LanguageHelper.getErrorString("error.login.internal", request));
+ return Constants.STRUTS_ERROR;
+
+ } else {
+ log.info("Receive Error Assertion.");
+ addActionError(LanguageHelper.getErrorString("error.login", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ } catch (final Exception e) {
+ log.warn("An internal error occurs.", e);
+ addActionError(LanguageHelper.getErrorString("error.login.internal", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ } else {
+ log.info("Only http POST Requests can be used");
+ addActionError(LanguageHelper.getErrorString("error.login.internal", request));
+ return Constants.STRUTS_ERROR;
+ }
+ }
+
+ public String requestNewUser() {
+
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ if (session == null) {
+ log.warn("No active Session found");
+ return Constants.STRUTS_ERROR;
+ }
+
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ final Object sessionformobj = session.getAttribute(Constants.SESSION_FORM);
+ if (sessionformobj != null && sessionformobj instanceof UserDatabaseFrom) {
+ final UserDatabaseFrom sessionform = (UserDatabaseFrom) sessionformobj;
+
+ final Object authUserObj = session.getAttribute(Constants.SESSION_AUTH);
+ authUser = (AuthenticatedUser) authUserObj;
+
+ if (user == null) {
+ log.warn("No form transmited");
+ return Constants.STRUTS_ERROR;
+ }
+
+ // get UserID
+ final String useridobj = user.getUserID();
+ long userID = -1;
+ if (MiscUtil.isEmpty(useridobj)) {
+ userID = -1;
+
+ } else {
+ if (!ValidationHelper.validateOAID(useridobj)) {
+ log.warn("User with ID " + authUser.getUserID()
+ + " would access UserDatabase ID " + useridobj);
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+ userID = Long.valueOf(useridobj);
+ }
+
+ String check;
+ if (!sessionform.isIsmandateuser()) {
+ check = user.getInstitut();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("Organisation contains potentail XSS characters: " + StringEscapeUtils.escapeHtml(
+ check));
+ addActionError(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Organisation is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));
+ }
+ }
+
+ check = user.getMail();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isEmailAddressFormat(check)) {
+ log.warn("Mailaddress is not valid: " + StringEscapeUtils.escapeHtml(check));
+ addActionError(LanguageHelper.getErrorString("validation.edituser.mail.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Mailaddress is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));
+ }
+
+ check = user.getPhone();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validatePhoneNumber(check)) {
+ log.warn("No valid Phone Number: " + StringEscapeUtils.escapeHtml(check));
+ addActionError(LanguageHelper.getErrorString("validation.edituser.phone.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Phonenumber is empty");
+ addActionError(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));
+ }
+
+ if (hasActionErrors()) {
+ log.info("Some form errors found. Send user back to form");
+
+ user.setPVPGenerated(true);
+ user.setFamilyName(sessionform.getFamilyName());
+ user.setGivenName(sessionform.getGivenName());
+ user.setIsmandateuser(sessionform.isIsmandateuser());
+ user.setBpk(sessionform.getBpk());
+
+ if (sessionform.isIsmandateuser()) {
+ user.setInstitut(sessionform.getInstitut());
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_NEWUSER;
+ }
+
+ UserDatabase dbuser;
+
+ if (userID < 0) {
+ dbuser = new UserDatabase();
+ dbuser.setBpk(sessionform.getBpk());
+ dbuser.setFamilyname(sessionform.getFamilyName());
+ dbuser.setGivenname(sessionform.getGivenName());
+
+ if (sessionform.isIsmandateuser()) {
+ dbuser.setInstitut(sessionform.getInstitut());
+ } else {
+ dbuser.setInstitut(user.getInstitut());
+ }
+
+ dbuser.setIsPVP2Generated(true);
+ dbuser.setLastLogin(DateTimeHelper.getDateTime(new Date()));
+ dbuser.setIsActive(false);
+ dbuser.setIsAdmin(false);
+ dbuser.setIsMandateUser(sessionform.isIsmandateuser());
+ dbuser.setIsUsernamePasswordAllowed(false);
+
+ } else {
+ dbuser = configuration.getUserManagement().getUserWithID(userID);
+ }
+
+ dbuser.setMail(user.getMail());
+ dbuser.setPhone(user.getPhone());
+ dbuser.setIsAdminRequest(true);
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(dbuser);
+
+ MailHelper.sendUserMailAddressVerification(dbuser);
+
+ } catch (final MOADatabaseException e) {
+ log.warn("New UserRequest can not be stored in database", e);
+ return Constants.STRUTS_ERROR;
+
+ } catch (final ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.send", request));
+ return Constants.STRUTS_NEWUSER;
+ }
+
+ finally {
+ session.setAttribute(Constants.SESSION_FORM, null);
+ session.setAttribute(Constants.SESSION_AUTH, null);
+ }
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request));
+
+ session.invalidate();
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.warn("No SessionForm found");
+ return Constants.STRUTS_ERROR;
+ }
+
+ }
+
+ public String mailAddressVerification() {
+
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ String userrequesttokken = request.getParameter(Constants.REQUEST_USERREQUESTTOKKEN);
+ if (MiscUtil.isNotEmpty(userrequesttokken)) {
+
+ userrequesttokken = StringEscapeUtils.escapeHtml(userrequesttokken);
+
+ try {
+ Long.parseLong(userrequesttokken);
+
+ } catch (final NumberFormatException e) {
+ log.warn("Verificationtokken has no number format.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ final UserDatabase dbuser = configuration.getUserManagement().getNewUserWithTokken(userrequesttokken);
+ if (dbuser != null) {
+ dbuser.setUserRequestTokken(null);
+ dbuser.setIsMailAddressVerified(true);
+
+ if (dbuser.isIsActive()) {
+ dbuser.setIsAdminRequest(false);
+ }
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(dbuser);
+
+ int numoas = 0;
+ int numusers = 0;
+
+ final List<OnlineApplication> openOAs = configuration.getDbRead().getAllNewOnlineApplications();
+ if (openOAs != null) {
+ numoas = openOAs.size();
+ }
+
+ final List<UserDatabase> openUsers = configuration.getUserManagement().getAllNewUsers();
+ if (openUsers != null) {
+ numusers = openUsers.size();
+ }
+
+ if (numusers > 0 || numoas > 0) {
+ MailHelper.sendAdminMail(numoas, numusers);
+ }
+
+ } catch (final MOADatabaseException e) {
+ log.warn("Userinformation can not be stored in Database.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.verification", request));
+
+ } catch (final ConfigurationException e) {
+ log.warn("Send mail to admin failed.", e);
+ }
+
+ finally {
+ }
+
+ addActionMessage(LanguageHelper.getGUIString("validation.newuser.mailaddress", request));
+ return Constants.STRUTS_SUCCESS;
+ }
+ }
+
+ return Constants.STRUTS_ERROR;
+ }
+
+ public String logout() {
+ final HttpSession session = request.getSession(false);
+
+ if (session != null) {
+ if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOSUCCESS))) {
+ addActionMessage((String) session.getAttribute(Constants.SESSION_SLOSUCCESS));
+ }
+
+ if (MiscUtil.isNotEmpty((String) session.getAttribute(Constants.SESSION_SLOERROR))) {
+ addActionError((String) session.getAttribute(Constants.SESSION_SLOERROR));
+ }
+
+ session.invalidate();
+
+ }
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ private HttpSession generateNewJSession(HttpServletRequest request) {
+ HttpSession session = request.getSession(false);
+
+ if (session != null) {
+
+ final HashMap<String, Object> attributes = new HashMap<>();
+
+ final Enumeration<String> enames = session.getAttributeNames();
+ while (enames.hasMoreElements()) {
+ final String name = enames.nextElement();
+ if (!name.equals("JSESSIONID")) {
+ attributes.put(name, session.getAttribute(name));
+ }
+ }
+ session.invalidate();
+
+ session = request.getSession(true);
+ for (final Entry<String, Object> et : attributes.entrySet()) {
+ session.setAttribute(et.getKey(), et.getValue());
+ }
+
+ } else {
+ session = request.getSession(true);
+ }
+
+ return session;
+ }
+
+ /**
+ * @return the password
+ */
+ public String getPassword() {
+ return password;
+ }
+
+ /**
+ * @param password the password to set
+ */
+ public void setPassword(String password) {
+ this.password = password;
+ }
+
+ /**
+ * @return the username
+ */
+ public String getUsername() {
+ return username;
+ }
+
+ /**
+ * @param username the username to set
+ */
+ public void setUsername(String username) {
+ this.username = username;
+ }
+
+ /**
+ * @return the user
+ */
+ public UserDatabaseFrom getUser() {
+ return user;
+ }
+
+ /**
+ * @param user the user to set
+ */
+ public void setUser(UserDatabaseFrom user) {
+ this.user = user;
+ }
+
+ /**
+ * @return the ssologouturl
+ */
+ public String getSsologouturl() {
+ return ssologouturl;
+ }
+
+ /**
+ * @return the formID
+ */
+ @Override
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ @Override
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
+
+ /**
+ * @return the pvp2LoginActiv
+ */
+ public boolean isPvp2LoginActiv() {
+ return pvp2LoginActiv;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
index 180f32235..3918dfc16 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java
@@ -25,8 +25,6 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import java.util.ArrayList;
import java.util.List;
-import org.apache.log4j.Logger;
-
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber;
@@ -46,438 +44,444 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException;
import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class InterfederationIDPAction extends BasicOAAction {
- private static final Logger log = Logger.getLogger(InterfederationIDPAction.class);
- private static final long serialVersionUID = 2879192135387083131L;
-
- public static final String STRUTS_IDP_VIDP = "-VIDP";
- public static final String STRUTS_IDP_MOA = "-MOAIDP";
- public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY";
-
- private List<OAListElement> formOAs;
-
- private String interfederationType;
-
- public InterfederationIDPAction() {
- super();
-
- }
-
- public String listAllIDPs() {
- try {
- populateBasicInformations();
-
- if (authUser.isAdmin()) {
- List<OnlineApplication> dbOAs = configuration.getDbRead().getAllOnlineApplications();
-
- if (dbOAs == null || dbOAs.size() == 0) {
- addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
-
- } else {
- formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs);
- }
-
- session.setAttribute(Constants.SESSION_RETURNAREA,
- Constants.STRUTS_RETURNAREA_VALUES.main.name());
-
- return Constants.STRUTS_SUCCESS;
-
- } else {
- log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } finally {
-
- }
- }
-
- public String newIDP() {
- log.debug("insert new interfederation IDP");
-
- try {
- populateBasicInformations();
-
- if (!authUser.isAdmin()) {
- log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
- populateBasicNewOnlineApplicationInformation();
-
- if (STRUTS_IDP_MOA.equals(interfederationType)) {
- formList.putAll(MOAIDPAction.buildMOAIDPFormList());
-
- } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) {
- formList.putAll(IDPGatewayAction.buildIDPGatewayFormList());
-
- } else if (STRUTS_IDP_VIDP.equals(interfederationType)) {
- formList.putAll(VIDPAction.buildVIDPFormList());
- getStorkOA().setVidpEnabled(true);
- getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin());
- session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap());
-
- } else {
- log.warn("Unkown interfederation IDP type");
- addActionError("Unkown interfederation IDP type");
- return Constants.STRUTS_ERROR;
- }
-
-
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } finally {
-
- }
-
- return Constants.STRUTS_OA_EDIT + interfederationType;
-
- }
-
- public String loadIDPInformation() {
- try {
- populateBasicInformations();
-
- if (!authUser.isAdmin()) {
- log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
- OnlineApplication oa = populateOnlineApplicationFromRequest();
-
- if (oa.isIsInterfederationIDP() != null
- && oa.isIsInterfederationIDP()) {
-
- formList.putAll(MOAIDPAction.buildMOAIDPFormList());
- interfederationType = STRUTS_IDP_MOA;
-
- } else if (oa.getAuthComponentOA().getOASTORK() != null
- && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
- && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) {
-
- formList.putAll(VIDPAction.buildVIDPFormList());
- if (getStorkOA().getAttributeProviderPlugins() == null ||
- getStorkOA().getAttributeProviderPlugins().size() == 0)
- getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin());
- interfederationType = STRUTS_IDP_VIDP;
-
- } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) {
- formList.putAll(IDPGatewayAction.buildIDPGatewayFormList());
- interfederationType = STRUTS_IDP_GATEWAY;
-
- } else {
- log.warn("Requested application is not an interfederation IDP.");
- return Constants.STRUTS_NOTALLOWED;
- }
-
- parseOAToForm(oa);
- return Constants.STRUTS_SUCCESS + interfederationType;
-
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } catch (BasicOAActionException e) {
- addActionError(e.getStrutsError());
- return e.getStrutsReturnValue();
-
- } finally {
-
- }
- }
-
- public String saveIDP() {
-
- OnlineApplication onlineapplication= null;
-
- try {
- populateBasicInformations();
-
- if (!authUser.isAdmin()) {
- log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
- onlineapplication = preProcessSaveOnlineApplication();
-
- if ( onlineapplication != null &&
- !((onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()) ||
- (onlineapplication.isIsInterfederationGateway() != null && onlineapplication.isIsInterfederationGateway()) ||
- (onlineapplication.getAuthComponentOA().getOASTORK() != null
- && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
- && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled()))) {
- log.warn("IDP which should be stored is not of type interfederation IDP.");
- addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP.");
- return Constants.STRUTS_ERROR;
-
- }
-
- List<String> errors = new ArrayList<String>();
-
- //validate forms
- for (IOnlineApplicationData form : formList.values())
- errors.addAll(form.validate(getGeneralOA(), authUser, request));
-
-
- if (getPvp2OA() != null) {
- boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL());
- if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) {
- log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService.");
- errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice",
- new Object[] {getPvp2OA().getMetaDataURL()}, request ));
- getGeneralOA().setBusinessService(true);
-
- }
- }
-
-
- if (errors.size() > 0) {
- log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors.");
- for (String el : errors)
- addActionError(el);
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_ERROR_VALIDATION;
-
- } else {
- onlineapplication = postProcessSaveOnlineApplication(onlineapplication,
- !(this instanceof MOAIDPAction));
-
- //set default Target interfederated nameID caluclation
- if (getPvp2OA() != null) {
- if (getGeneralOA().isBusinessService()) {
- IdentificationNumber businessID = onlineapplication.getAuthComponentOA().getIdentificationNumber();
- if (businessID == null) {
- businessID = new IdentificationNumber();
- onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID);
- }
- businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP");
- } else
- onlineapplication.setTarget("MOA-IDP");
-
- try {
- save(onlineapplication);
-
- } catch (MOADatabaseException e) {
- log.warn("Online-Application can not be stored.", e);
- return LanguageHelper.getErrorString("error.db.oa.store", request);
- }
- }
- }
-
- //remove session attributes
- session.setAttribute(Constants.SESSION_OAID, null);
-
- addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), request));
- return Constants.STRUTS_SUCCESS;
-
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } catch (BasicOAActionException e) {
- addActionError(e.getStrutsError());
- return e.getStrutsReturnValue();
-
- } finally {
-
- }
- }
-
- public String cancleAndBackIDP() {
- try {
- populateBasicInformations();
-
- if (!authUser.isAdmin()) {
- log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
- session.setAttribute(Constants.SESSION_OAID, null);
- addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), request));
-
- return Constants.STRUTS_SUCCESS;
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } finally {
-
- }
- }
-
- public String deleteIDP() {
- String oaidentifier = null;
- try {
- populateBasicInformations();
-
- if (!authUser.isAdmin()) {
- log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
- addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
- return Constants.STRUTS_NOTALLOWED;
- }
-
- oaidentifier = preProcessDeleteOnlineApplication();
-
- session.setAttribute(Constants.SESSION_OAID, null);
- OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication(oaidentifier);
-
+
+ private static final long serialVersionUID = 2879192135387083131L;
+
+ public static final String STRUTS_IDP_VIDP = "-VIDP";
+ public static final String STRUTS_IDP_MOA = "-MOAIDP";
+ public static final String STRUTS_IDP_GATEWAY = "-IDPGATEWAY";
+
+ private List<OAListElement> formOAs;
+
+ private String interfederationType;
+
+ public InterfederationIDPAction() {
+ super();
+
+ }
+
+ public String listAllIDPs() {
+ try {
+ populateBasicInformations();
+
+ if (authUser.isAdmin()) {
+ final List<OnlineApplication> dbOAs = configuration.getDbRead().getAllOnlineApplications();
+
+ if (dbOAs == null || dbOAs.size() == 0) {
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
+
+ } else {
+ formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } finally {
+
+ }
+ }
+
+ public String newIDP() {
+ log.debug("insert new interfederation IDP");
+
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ populateBasicNewOnlineApplicationInformation();
+
+ if (STRUTS_IDP_MOA.equals(interfederationType)) {
+ formList.putAll(MOAIDPAction.buildMOAIDPFormList());
+
+ } else if (STRUTS_IDP_GATEWAY.equals(interfederationType)) {
+ formList.putAll(IDPGatewayAction.buildIDPGatewayFormList());
+
+ } else if (STRUTS_IDP_VIDP.equals(interfederationType)) {
+ formList.putAll(VIDPAction.buildVIDPFormList());
+ getStorkOA().setVidpEnabled(true);
+ getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin());
+ session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, getFormOA().getFormMap());
+
+ } else {
+ log.warn("Unkown interfederation IDP type");
+ addActionError("Unkown interfederation IDP type");
+ return Constants.STRUTS_ERROR;
+ }
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } finally {
+
+ }
+
+ return Constants.STRUTS_OA_EDIT + interfederationType;
+
+ }
+
+ public String loadIDPInformation() {
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ final OnlineApplication oa = populateOnlineApplicationFromRequest();
+
+ if (oa.isIsInterfederationIDP() != null
+ && oa.isIsInterfederationIDP()) {
+
+ formList.putAll(MOAIDPAction.buildMOAIDPFormList());
+ interfederationType = STRUTS_IDP_MOA;
+
+ } else if (oa.getAuthComponentOA().getOASTORK() != null
+ && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) {
+
+ formList.putAll(VIDPAction.buildVIDPFormList());
+ if (getStorkOA().getAttributeProviderPlugins() == null ||
+ getStorkOA().getAttributeProviderPlugins().size() == 0) {
+ getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin());
+ }
+ interfederationType = STRUTS_IDP_VIDP;
+
+ } else if (oa.isIsInterfederationGateway() != null && oa.isIsInterfederationGateway()) {
+ formList.putAll(IDPGatewayAction.buildIDPGatewayFormList());
+ interfederationType = STRUTS_IDP_GATEWAY;
+
+ } else {
+ log.warn("Requested application is not an interfederation IDP.");
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ parseOAToForm(oa);
+ return Constants.STRUTS_SUCCESS + interfederationType;
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (final BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ } finally {
+
+ }
+ }
+
+ public String saveIDP() {
+
+ OnlineApplication onlineapplication = null;
+
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ onlineapplication = preProcessSaveOnlineApplication();
+
+ if (onlineapplication != null &&
+ !(onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()
+ ||
+ onlineapplication.isIsInterfederationGateway() != null && onlineapplication
+ .isIsInterfederationGateway() ||
+ onlineapplication.getAuthComponentOA().getOASTORK() != null
+ && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
+ && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled())) {
+ log.warn("IDP which should be stored is not of type interfederation IDP.");
+ addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP.");
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final List<String> errors = new ArrayList<>();
+
+ // validate forms
+ for (final IOnlineApplicationData form : formList.values()) {
+ errors.addAll(form.validate(getGeneralOA(), authUser, request));
+ }
+
+ if (getPvp2OA() != null) {
+ final boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA()
+ .getMetaDataURL());
+ if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) {
+ log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService.");
+ errors.add(LanguageHelper.getErrorString(
+ "validation.interfederation.moaidp.metadataurl.publicservice",
+ new Object[] { getPvp2OA().getMetaDataURL() }, request));
+ getGeneralOA().setBusinessService(true);
+
+ }
+ }
+
+ if (errors.size() > 0) {
+ log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors.");
+ for (final String el : errors) {
+ addActionError(el);
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_ERROR_VALIDATION;
+
+ } else {
+ onlineapplication = postProcessSaveOnlineApplication(onlineapplication,
+ !(this instanceof MOAIDPAction));
+
+ // set default Target interfederated nameID caluclation
+ if (getPvp2OA() != null) {
+ if (getGeneralOA().isBusinessService()) {
+ IdentificationNumber businessID = onlineapplication.getAuthComponentOA()
+ .getIdentificationNumber();
+ if (businessID == null) {
+ businessID = new IdentificationNumber();
+ onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID);
+ }
+ businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP+MOA-IDP");
+ } else {
+ onlineapplication.setTarget("MOA-IDP");
+ }
+
+ try {
+ save(onlineapplication);
+
+ } catch (final MOADatabaseException e) {
+ log.warn("Online-Application can not be stored.", e);
+ return LanguageHelper.getErrorString("error.db.oa.store", request);
+ }
+ }
+ }
+
+ // remove session attributes
+ session.setAttribute(Constants.SESSION_OAID, null);
+
+ addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(),
+ request));
+ return Constants.STRUTS_SUCCESS;
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } catch (final BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
+
+ } finally {
+
+ }
+ }
+
+ public String cancleAndBackIDP() {
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ session.setAttribute(Constants.SESSION_OAID, null);
+ addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(),
+ request));
+
+ return Constants.STRUTS_SUCCESS;
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ } finally {
+
+ }
+ }
+
+ public String deleteIDP() {
+ String oaidentifier = null;
+ try {
+ populateBasicInformations();
+
+ if (!authUser.isAdmin()) {
+ log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs.");
+ addActionError(LanguageHelper.getErrorString("errors.notallowed", request));
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ oaidentifier = preProcessDeleteOnlineApplication();
+
+ session.setAttribute(Constants.SESSION_OAID, null);
+ final OnlineApplication onlineapplication = configuration.getDbRead().getOnlineApplication(
+ oaidentifier);
+
// try {
// if (onlineapplication.getAuthComponentOA().getOAPVP2() != null &&
// MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) {
// MOAIDConfiguration moaconfig = configuration.getDbRead().getMOAIDConfiguration();
// moaconfig.setPvp2RefreshItem(new Date());
// ConfigurationDBUtils.saveOrUpdate(moaconfig);
-//
+//
// }
// } catch (Throwable e) {
// log.info("Found no MetadataURL in OA-Databaseconfig!", e);
// }
-
- if (delete(onlineapplication)) {
- addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request));
- return Constants.STRUTS_SUCCESS;
-
- } else {
- addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request));
- return Constants.STRUTS_SUCCESS;
- }
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- } catch (BasicOAActionException e) {
- addActionError(e.getStrutsError());
- return e.getStrutsReturnValue();
-
- } finally {
-
- }
-
- }
-
- /**
- * @param oa
- */
- private void parseOAToForm(OnlineApplication oa) {
- List<String> errors = new ArrayList<String>();
- for (IOnlineApplicationData form : formList.values()) {
- List<String> error = form.parse(oa, authUser, request);
- if (error != null)
- errors.addAll(error);
- }
- if (errors.size() > 0) {
- for (String el : errors)
- addActionError(el);
- }
- setNewOA(false);
-
+ if (delete(onlineapplication)) {
+ addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier,
+ request));
+ return Constants.STRUTS_SUCCESS;
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- session.setAttribute(Constants.SESSION_OAID, oaid);
- }
-
- /**
- * @return the formOAs
- */
- public List<OAListElement> getFormOAs() {
- return formOAs;
- }
-
- public OAMOAIDPInterfederationConfig getMoaIDP() {
- return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName());
- }
+ } else {
+ addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request));
+ return Constants.STRUTS_SUCCESS;
+ }
- public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) {
- formList.put(pvp2oa.getName(), pvp2oa);
- }
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
- public PVPGatewayInterfederationConfig getPVPGateway() {
- return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName());
- }
-
- public void setPVPGateway(PVPGatewayInterfederationConfig val) {
- formList.put(val.getName(), val);
- }
-
- /**
- * @return the formOA
- */
- public OATargetConfiguration getTargetConfig() {
- return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName());
- }
+ } catch (final BasicOAActionException e) {
+ addActionError(e.getStrutsError());
+ return e.getStrutsReturnValue();
- /**
- * @param formOA the formOA to set
- */
- public void setTargetConfig(OATargetConfiguration formOA) {
- formList.put(formOA.getName(), formOA);
- }
-
- /**
- * @return the formOA
- */
- public FormularCustomization getFormOA() {
- return (FormularCustomization) formList.get(new FormularCustomization(null).getName());
- }
+ } finally {
- /**
- * @param formOA the formOA to set
- */
- public void setFormOA(FormularCustomization formOA) {
- formList.put(formOA.getName(), formOA);
- }
-
- public OASTORKConfig getStorkOA() {
- return (OASTORKConfig) formList.get(new OASTORKConfig().getName());
}
- public void setStorkOA(OASTORKConfig storkOA) {
- formList.put(storkOA.getName(), storkOA);
+ }
+
+ /**
+ * @param oa
+ */
+ private void parseOAToForm(OnlineApplication oa) {
+ final List<String> errors = new ArrayList<>();
+ for (final IOnlineApplicationData form : formList.values()) {
+ final List<String> error = form.parse(oa, authUser, request);
+ if (error != null) {
+ errors.addAll(error);
+ }
}
-
-
- public OAAuthenticationData getAuthOA() {
- return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName());
+ if (errors.size() > 0) {
+ for (final String el : errors) {
+ addActionError(el);
+ }
}
- public void setAuthOA(OAAuthenticationData generalOA) {
- formList.put(generalOA.getName(), generalOA);
- }
-
-
- /**
- * @return the interfederationType
- */
- public String getInterfederationType() {
- return interfederationType;
- }
-
- /**
- * @param interfederationType the interfederationType to set
- */
- public void setInterfederationType(String interfederationType) {
- this.interfederationType = interfederationType;
- }
-
-
-
+ setNewOA(false);
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ session.setAttribute(Constants.SESSION_OAID, oaid);
+ }
+
+ /**
+ * @return the formOAs
+ */
+ public List<OAListElement> getFormOAs() {
+ return formOAs;
+ }
+
+ public OAMOAIDPInterfederationConfig getMoaIDP() {
+ return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName());
+ }
+
+ public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) {
+ formList.put(pvp2oa.getName(), pvp2oa);
+ }
+
+ public PVPGatewayInterfederationConfig getPVPGateway() {
+ return (PVPGatewayInterfederationConfig) formList.get(new PVPGatewayInterfederationConfig().getName());
+ }
+
+ public void setPVPGateway(PVPGatewayInterfederationConfig val) {
+ formList.put(val.getName(), val);
+ }
+
+ /**
+ * @return the formOA
+ */
+ public OATargetConfiguration getTargetConfig() {
+ return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName());
+ }
+
+ /**
+ * @param formOA the formOA to set
+ */
+ public void setTargetConfig(OATargetConfiguration formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
+ /**
+ * @return the formOA
+ */
+ public FormularCustomization getFormOA() {
+ return (FormularCustomization) formList.get(new FormularCustomization(null).getName());
+ }
+
+ /**
+ * @param formOA the formOA to set
+ */
+ public void setFormOA(FormularCustomization formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
+ public OASTORKConfig getStorkOA() {
+ return (OASTORKConfig) formList.get(new OASTORKConfig().getName());
+ }
+
+ public void setStorkOA(OASTORKConfig storkOA) {
+ formList.put(storkOA.getName(), storkOA);
+ }
+
+ public OAAuthenticationData getAuthOA() {
+ return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName());
+ }
+
+ public void setAuthOA(OAAuthenticationData generalOA) {
+ formList.put(generalOA.getName(), generalOA);
+ }
+
+ /**
+ * @return the interfederationType
+ */
+ public String getInterfederationType() {
+ return interfederationType;
+ }
+
+ /**
+ * @param interfederationType the interfederationType to set
+ */
+ public void setInterfederationType(String interfederationType) {
+ this.interfederationType = interfederationType;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index ca018d5b0..11be61bb6 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -25,179 +25,162 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import java.util.ArrayList;
import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.log4j.Logger;
-import org.apache.struts2.interceptor.ServletRequestAware;
-import org.apache.struts2.interceptor.ServletResponseAware;
-
-import com.opensymphony.xwork2.ActionSupport;
-
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.Constants;
-import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class ListOAsAction extends BasicAction {
-
- private final Logger log = Logger.getLogger(ListOAsAction.class);
-
- private static final long serialVersionUID = 1L;
-
- private List<OAListElement> formOAs;
- private String friendlyname;
-
- public ListOAsAction() throws ConfigurationException {
+
+ private static final long serialVersionUID = 1L;
+
+ private List<OAListElement> formOAs;
+ private String friendlyname;
+
+ public ListOAsAction() throws ConfigurationException {
// configuration = ConfigurationProvider.getInstance();
- }
-
-
- public String listAllOnlineAppliactions() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- List<OnlineApplication> dbOAs = null;
-
- if (authUser.isAdmin()) {
- dbOAs = configuration.getDbRead().getAllOnlineApplications();
-
- } else {
- UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID());
-
- if (authUserDB != null) {
- for (String el : authUserDB.getOnlineApplication()) {
- dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el)));
-
- }
- }
- }
-
- if (dbOAs == null || dbOAs.size() == 0) {
- addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
-
- } else {
- formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
- }
-
- session.setAttribute(Constants.SESSION_RETURNAREA,
- Constants.STRUTS_RETURNAREA_VALUES.main.name());
-
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String searchOAInit() {
-
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- formOAs = null;
- friendlyname = "";
-
- return Constants.STRUTS_SUCCESS;
-
- }
-
- public String searchOA() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- if (MiscUtil.isEmpty(friendlyname)) {
- log.info("SearchOA textfield is empty");
- addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request));
- return Constants.STRUTS_SUCCESS;
-
- } else {
- if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) {
- log.warn("SearchOA textfield contains potential XSS characters");
- addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request));
- return Constants.STRUTS_SUCCESS;
- }
- }
-
- List<OnlineApplication> dbOAs = null;
-
- if (authUser.isAdmin()) {
- dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname);
-
- } else {
- UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID());
- if (authUserDB != null) {
- List<String> alldbOAs = authUserDB.getOnlineApplication();
-
- dbOAs = new ArrayList<OnlineApplication>();
-
- for (String el : alldbOAs) {
- OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el));
-
- if (oa.getPublicURLPrefix()
- .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1)
- dbOAs.add(oa);
- }
- }
- }
-
- if (dbOAs == null || dbOAs.size() == 0) {
- log.debug("No IDPs found with Identifier " + friendlyname);
- addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
-
- } else {
- formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
-
- }
-
-
- return Constants.STRUTS_SUCCESS;
- }
-
- /**
- * @return the formOAs
- */
- public List<OAListElement> getFormOAs() {
- return formOAs;
- }
-
-
- /**
- * @return the friendlyname
- */
- public String getFriendlyname() {
- return friendlyname;
- }
-
-
- /**
- * @param friendlyname the friendlyname to set
- */
- public void setFriendlyname(String friendlyname) {
- this.friendlyname = friendlyname;
- }
-
-
+ }
+
+ public String listAllOnlineAppliactions() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ List<OnlineApplication> dbOAs = null;
+
+ if (authUser.isAdmin()) {
+ dbOAs = configuration.getDbRead().getAllOnlineApplications();
+
+ } else {
+ final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+
+ if (authUserDB != null) {
+ for (final String el : authUserDB.getOnlineApplication()) {
+ dbOAs.add(configuration.getDbRead().getOnlineApplication(Long.valueOf(el)));
+
+ }
+ }
+ }
+
+ if (dbOAs == null || dbOAs.size() == 0) {
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
+
+ } else {
+ formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ public String searchOAInit() {
+
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ formOAs = null;
+ friendlyname = "";
+
+ return Constants.STRUTS_SUCCESS;
+
+ }
+
+ public String searchOA() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ if (MiscUtil.isEmpty(friendlyname)) {
+ log.info("SearchOA textfield is empty");
+ addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request));
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(friendlyname, false)) {
+ log.warn("SearchOA textfield contains potential XSS characters");
+ addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ return Constants.STRUTS_SUCCESS;
+ }
+ }
+
+ List<OnlineApplication> dbOAs = null;
+
+ if (authUser.isAdmin()) {
+ dbOAs = configuration.getDbRead().searchOnlineApplications(friendlyname);
+
+ } else {
+ final UserDatabase authUserDB = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+ if (authUserDB != null) {
+ final List<String> alldbOAs = authUserDB.getOnlineApplication();
+
+ dbOAs = new ArrayList<>();
+
+ for (final String el : alldbOAs) {
+ final OnlineApplication oa = configuration.getDbRead().getOnlineApplication(Long.valueOf(el));
+
+ if (oa.getPublicURLPrefix()
+ .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) {
+ dbOAs.add(oa);
+ }
+ }
+ }
+ }
+
+ if (dbOAs == null || dbOAs.size() == 0) {
+ log.debug("No IDPs found with Identifier " + friendlyname);
+ addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request));
+
+ } else {
+ formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
+
+ }
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ /**
+ * @return the formOAs
+ */
+ public List<OAListElement> getFormOAs() {
+ return formOAs;
+ }
+
+ /**
+ * @return the friendlyname
+ */
+ public String getFriendlyname() {
+ return friendlyname;
+ }
+
+ /**
+ * @param friendlyname the friendlyname to set
+ */
+ public void setFriendlyname(String friendlyname) {
+ this.friendlyname = friendlyname;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java
index 8c04a382a..ce3af689d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java
@@ -34,26 +34,25 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
*/
public class MOAIDPAction extends InterfederationIDPAction {
- private static final long serialVersionUID = -2047128481980413334L;
-
- public MOAIDPAction() {
- super();
- formList.putAll(buildMOAIDPFormList());
- }
-
- public static LinkedHashMap<String, IOnlineApplicationData> buildMOAIDPFormList() {
-
- LinkedHashMap<String, IOnlineApplicationData> forms =
- new LinkedHashMap<String, IOnlineApplicationData>();
-
-
- OAPVP2Config pvp2OA = new OAPVP2Config();
- forms.put(pvp2OA.getName(), pvp2OA);
-
- OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig();
- forms.put(moaidp.getName(), moaidp);
-
- return forms;
- }
+ private static final long serialVersionUID = -2047128481980413334L;
+
+ public MOAIDPAction() {
+ super();
+ formList.putAll(buildMOAIDPFormList());
+ }
+
+ public static LinkedHashMap<String, IOnlineApplicationData> buildMOAIDPFormList() {
+
+ final LinkedHashMap<String, IOnlineApplicationData> forms =
+ new LinkedHashMap<>();
+
+ final OAPVP2Config pvp2OA = new OAPVP2Config();
+ forms.put(pvp2OA.getName(), pvp2OA);
+
+ final OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig();
+ forms.put(moaidp.getName(), moaidp);
+
+ return forms;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
index ea6f17fc7..785eb583a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java
@@ -22,41 +22,41 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.struts.action;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class MainAction extends BasicAction {
-
- private static final long serialVersionUID = 221178766809263908L;
-
- private static final Logger log = Logger.getLogger(MainAction.class);
-
- public String changeLanguage() {
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String generateMainFrame() {
-
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- if (hasActionMessages())
- setActionMessages(getActionMessages());
-
- if (hasActionErrors())
- setActionErrors(getActionErrors());
-
- session.setAttribute(Constants.SESSION_RETURNAREA, null);
-
- return Constants.STRUTS_SUCCESS;
- }
-
+
+ private static final long serialVersionUID = 221178766809263908L;
+
+ public String changeLanguage() {
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ public String generateMainFrame() {
+
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ if (hasActionMessages()) {
+ setActionMessages(getActionMessages());
+ }
+
+ if (hasActionErrors()) {
+ setActionErrors(getActionErrors());
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
index 26d4e13ab..e1965e951 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java
@@ -24,81 +24,68 @@ package at.gv.egovernment.moa.id.configuration.struts.action;
import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.log4j.Logger;
-import org.apache.struts2.interceptor.ServletRequestAware;
-import org.apache.struts2.interceptor.ServletResponseAware;
-
-import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
import at.gv.egovernment.moa.id.configuration.data.OAListElement;
import at.gv.egovernment.moa.id.configuration.exception.BasicActionException;
import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper;
+import lombok.extern.slf4j.Slf4j;
-import com.opensymphony.xwork2.ActionSupport;
-
+@Slf4j
public class OpenAdminRequestsAction extends BasicAction {
-
- private static final Logger log = Logger.getLogger(OpenAdminRequestsAction.class);
-
- private static final long serialVersionUID = 1L;
-
- private List<OAListElement> formOAs = null;
- private List<AuthenticatedUser> userlist = null;
-
-
- public String init() {
-
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- if (authUser.isAdmin()) {
-
- List<OnlineApplication> dbOAs = configuration.getDbRead().getAllNewOnlineApplications();
- if (dbOAs != null) {
- formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
- }
-
- List<UserDatabase> dbUsers = configuration.getUserManagement().getAllNewUsers();
- if (dbUsers != null){
- userlist = FormDataHelper.addFormUsers(dbUsers);
- }
-
- session.setAttribute(Constants.SESSION_RETURNAREA,
- Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name());
-
- return Constants.STRUTS_SUCCESS;
- } else {
- log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID());
- return Constants.STRUTS_NOTALLOWED;
- }
-
- }
-
-
- /**
- * @return the formOAs
- */
- public List<OAListElement> getFormOAs() {
- return formOAs;
- }
-
-
- /**
- * @return the userlist
- */
- public List<AuthenticatedUser> getUserlist() {
- return userlist;
- }
-
+
+ private static final long serialVersionUID = 1L;
+
+ private List<OAListElement> formOAs = null;
+ private List<AuthenticatedUser> userlist = null;
+
+ public String init() {
+
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ if (authUser.isAdmin()) {
+
+ final List<OnlineApplication> dbOAs = configuration.getDbRead().getAllNewOnlineApplications();
+ if (dbOAs != null) {
+ formOAs = FormDataHelper.populateFormWithOAs(dbOAs);
+ }
+
+ final List<UserDatabase> dbUsers = configuration.getUserManagement().getAllNewUsers();
+ if (dbUsers != null) {
+ userlist = FormDataHelper.addFormUsers(dbUsers);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name());
+
+ return Constants.STRUTS_SUCCESS;
+ } else {
+ log.info("Access to OpenAdminRequest area is not allowed for user with ID" + authUser.getUserID());
+ return Constants.STRUTS_NOTALLOWED;
+ }
+
+ }
+
+ /**
+ * @return the formOAs
+ */
+ public List<OAListElement> getFormOAs() {
+ return formOAs;
+ }
+
+ /**
+ * @return the userlist
+ */
+ public List<AuthenticatedUser> getUserlist() {
+ return userlist;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 26afb0205..6a60b6816 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -26,14 +26,6 @@ import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-
-import org.apache.log4j.Logger;
-import org.apache.struts2.interceptor.ServletRequestAware;
-import org.apache.struts2.interceptor.ServletResponseAware;
-
import at.gv.egiz.eaaf.core.impl.utils.Random;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -49,564 +41,570 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.helper.MailHelper;
import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
-import com.opensymphony.xwork2.ActionSupport;
-
+@Slf4j
public class UserManagementAction extends BasicAction {
-
- private static final Logger log = Logger.getLogger(UserManagementAction.class);
-
- private static final long serialVersionUID = 1L;
-
- private List<AuthenticatedUser> userlist = null;
- private UserDatabaseFrom user = null;
-
- private String useridobj = null;
- private static boolean newUser = false;
- private InputStream stream;
- private String nextPage;
- private String formID;
-
- public String init() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- if (session == null) {
- log.info("No http Session found.");
- return Constants.STRUTS_ERROR;
- }
-
- if (authUser.isAdmin()) {
-
- log.info("Show NewserRequests");
-
- log.info("Show UserList");
-
- List<UserDatabase> dbuserlist = configuration.getUserManagement().getAllUsers();
-
- if (dbuserlist != null) {
- userlist = FormDataHelper.addFormUsers(dbuserlist);
- }
-
- session.setAttribute(Constants.SESSION_RETURNAREA,
- Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name());
-
- return Constants.STRUTS_SUCCESS;
-
- } else {
- log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame");
- UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID());
- if (dbuser == null) {
- return Constants.STRUTS_REAUTHENTICATE;
- }
- user = new UserDatabaseFrom(dbuser);
-
- session.setAttribute(Constants.SESSION_RETURNAREA,
- Constants.STRUTS_RETURNAREA_VALUES.main.name());
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_NOTALLOWED;
- }
- }
-
- public String createuser() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
-
- if (authUser.isAdmin()) {
-
- user = new UserDatabaseFrom();
-
- newUser = true;
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
- return Constants.STRUTS_SUCCESS;
-
- } else {
- return Constants.STRUTS_NOTALLOWED;
- }
- }
-
- public String edituser() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String
- && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
- nextPage = (String) nextPageAttr;
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
- }
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- if (authUser.isAdmin()) {
- long userid = -1;
-
- if (!ValidationHelper.validateOAID(useridobj)) {
- addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
- return Constants.STRUTS_ERROR;
- }
- userid = Long.valueOf(useridobj);
-
- UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid);
- if (dbuser == null) {
- log.info("No User with ID " + userid + " in Database");;
- addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
- return Constants.STRUTS_ERROR;
- }
- user = new UserDatabaseFrom(dbuser);
-
- newUser = false;
-
- return Constants.STRUTS_SUCCESS;
-
- } else {
- log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame");
- UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID());
- user = new UserDatabaseFrom(dbuser);
- return Constants.STRUTS_SUCCESS;
- }
- }
-
- public String saveuser() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- String useridobj = user.getUserID();
- long userID = -1;
- if (MiscUtil.isEmpty(useridobj)) {
- userID = -1;
-
- } else {
- if (!ValidationHelper.validateOAID(useridobj)){
- log.warn("User with ID " + authUser.getUserID()
- + " would access UserDatabase ID " + useridobj);
- addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
- return Constants.STRUTS_ERROR;
- }
- userID = Long.valueOf(useridobj);
- }
-
- UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID);
-
- if( dbuser == null) {
- dbuser = new UserDatabase();
- dbuser.setIsMandateUser(false);
- dbuser.setIsAdminRequest(false);
- dbuser.setIsPVP2Generated(false);
- dbuser.setUserRequestTokken(null);
- dbuser.setIsMailAddressVerified(false);
- dbuser.setUsername(user.getUsername());
- }
-
- List<String> errors;
- UserDatabaseFormValidator validator = new UserDatabaseFormValidator();
-
- boolean ispvp2 = false;
- boolean ismandate = false;
- if (dbuser.isIsPVP2Generated() != null)
- ispvp2 = dbuser.isIsPVP2Generated();
-
- if (dbuser.isIsMandateUser() != null)
- ismandate = dbuser.isIsMandateUser();
-
- errors = validator.validate(user, userID, ispvp2, ismandate, request);
-
- if (errors.size() > 0) {
- log.info("UserDataForm has some erros.");
- for (String el : errors)
- addActionError(el);
- user.setPassword("");
-
- if (MiscUtil.isEmpty(user.getUsername()))
- newUser = true;
-
- user.setIsmandateuser(ismandate);
- user.setPVPGenerated(ispvp2);
- if (dbuser.isIsUsernamePasswordAllowed() != null)
- user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed());
-
- formID = Random.nextRandom();
- session.setAttribute(Constants.SESSION_FORMID, formID);
-
- return Constants.STRUTS_ERROR_VALIDATION;
- }
-
- if (!authUser.isAdmin()) {
- if (authUser.getUserID() != userID) {
- log.warn("User with ID " + authUser.getUserID()
- + " would access UserDatabase Entry " + user.getUsername());
- addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
- return Constants.STRUTS_ERROR;
- }
-
- }
-
- if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) {
- dbuser.setIsMailAddressVerified(false);
- dbuser.setUserRequestTokken(Random.nextRandom());
-
- try {
- MailHelper.sendUserMailAddressVerification(dbuser);
- addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request));
-
- } catch (ConfigurationException e) {
- log.warn("Sending of mailaddress verification mail failed.", e);
- addActionError(LanguageHelper.getErrorString("error.mail.send", request));
- }
- }
-
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String
- && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
- nextPage = (String) nextPageAttr;
-
- if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) &&
- user.isActive()) {
- dbuser.setIsAdminRequest(false);
- try {
- if (dbuser.isIsMandateUser())
- MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
- dbuser.getInstitut(), user.getMail());
- else
- MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
- null, user.getMail());
-
- } catch (ConfigurationException e) {
- log.warn("Send UserAccountActivation mail failed", e);
- }
- }
- session.setAttribute(Constants.SESSION_RETURNAREA, null);
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
- }
-
- String error = saveFormToDB(dbuser);
-
- if (error != null) {
- log.warn("UserData can not be stored in Database");
- addActionError(error);
- return Constants.STRUTS_SUCCESS;
- }
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String deleteuser() {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
- if (formidobj != null && formidobj instanceof String) {
- String formid = (String) formidobj;
- if (!formid.equals(formID)) {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- } else {
- log.warn("FormIDs does not match. Some suspect Form is received from user "
- + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
- return Constants.STRUTS_ERROR;
- }
- session.setAttribute(Constants.SESSION_FORMID, null);
-
- String useridobj = user.getUserID();
- long userID = -1;
- if (MiscUtil.isEmpty(useridobj)) {
- userID = -1;
-
- } else {
- if (!ValidationHelper.validateOAID(useridobj)){
- log.warn("User with ID " + authUser.getUserID()
- + " would access UserDatabase ID " + useridobj);
- addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
- return Constants.STRUTS_ERROR;
- }
- userID = Long.valueOf(useridobj);
- }
-
- if (!authUser.isAdmin()) {
- if (authUser.getUserID() != userID) {
- log.warn("User with ID " + authUser.getUserID()
- + " would access UserDatabase Entry " + user.getUsername());
- addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
- return Constants.STRUTS_ERROR;
- }
- }
-
- Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
- if (nextPageAttr != null && nextPageAttr instanceof String
- && MiscUtil.isNotEmpty((String)nextPageAttr) ) {
- nextPage = (String) nextPageAttr;
- session.setAttribute(Constants.SESSION_RETURNAREA, null);
-
- } else {
- nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
- }
-
- UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID);
- if (dbuser != null) {
- dbuser.setOaIDs(null);
-
- try {
- configuration.getUserManagement().saveOrUpdate(dbuser);
- configuration.getUserManagement().delete(dbuser);
-
- if (authUser.isAdmin()) {
- MailHelper.sendUserAccountRevocationMail(dbuser);
- }
-
- if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) {
- return Constants.STRUTS_REAUTHENTICATE;
- }
-
- } catch (MOADatabaseException e) {
- log.warn("UserData can not be deleted from Database", e);
- addActionError(e.getMessage());
- return Constants.STRUTS_SUCCESS;
-
- } catch (ConfigurationException e) {
- log.warn("Information mail sending failed.", e);
- addActionError(e.getMessage());
- return Constants.STRUTS_SUCCESS;
- }
-
- finally {
- }
- }
-
-
- return Constants.STRUTS_SUCCESS;
- }
-
- public String sendVerificationMail () {
- try {
- populateBasicInformations();
-
- } catch (BasicActionException e) {
- return Constants.STRUTS_ERROR;
-
- }
-
- String message = LanguageHelper.getErrorString("error.mail.send", request);
-
- if (authUser != null) {
- UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID());
-
- if (dbuser != null) {
- dbuser.setIsMailAddressVerified(false);
- dbuser.setUserRequestTokken(Random.nextRandom());
-
- try {
- configuration.getUserManagement().saveOrUpdate(dbuser);
-
- MailHelper.sendUserMailAddressVerification(dbuser);
-
- message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request);
-
- } catch (ConfigurationException e) {
- log.warn("Sending of mailaddress verification mail failed.", e);
- message = LanguageHelper.getErrorString("error.mail.send", request);
-
- } catch (MOADatabaseException e) {
- log.warn("Access UserInformationDatabase failed.", e);
- }
- }
- }
-
- stream = new ByteArrayInputStream(message.getBytes());
-
- return SUCCESS;
- }
-
- private String saveFormToDB(UserDatabase dbuser) {
-
- dbuser.setMail(user.getMail());
- dbuser.setPhone(user.getPhone());
-
- if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) {
- dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed());
-
- if (authUser.isAdmin()) {
- dbuser.setIsActive(user.isActive());
- dbuser.setIsAdmin(user.isAdmin());
-
- }
- }
-
- if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) {
- dbuser.setFamilyname(user.getFamilyName());
- dbuser.setGivenname(user.getGivenName());
- dbuser.setInstitut(user.getInstitut());
-
- if (authUser.isAdmin()) {
- dbuser.setBpk(user.getBpk());
- if ( user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID
- + "X" + Constants.IDENIFICATIONTYPE_FN) ||
- user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID
- + "X" + Constants.IDENIFICATIONTYPE_ZVR) ||
- user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID
- + "X" + Constants.IDENIFICATIONTYPE_ERSB)) {
- dbuser.setIsMandateUser(true);
- }
- }
-
- } else {
- if (!dbuser.isIsMandateUser())
- dbuser.setInstitut(user.getInstitut());
- }
-
- if (dbuser.isIsUsernamePasswordAllowed()) {
-
- if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername()))
- dbuser.setUsername(user.getUsername());
-
- if (MiscUtil.isNotEmpty(user.getPassword())) {
- String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
- if (key == null) {
- return LanguageHelper.getErrorString("errors.edit.user.save", request);
- }
- dbuser.setPassword(key);
- }
- }
-
- try {
- configuration.getUserManagement().saveOrUpdate(dbuser);
- } catch (MOADatabaseException e) {
- log.warn("User information can not be stored in Database.", e);
- return LanguageHelper.getErrorString("errors.edit.user.save", request);
- }
-
- return null;
- }
-
-
- /**
- * @return the userlist
- */
- public List<AuthenticatedUser> getUserlist() {
- return userlist;
- }
-
- /**
- * @param userlist the userlist to set
- */
- public void setUserlist(List<AuthenticatedUser> userlist) {
- this.userlist = userlist;
- }
-
- /**
- * @return the user
- */
- public UserDatabaseFrom getUser() {
- return user;
- }
-
- /**
- * @param user the user to set
- */
- public void setUser(UserDatabaseFrom user) {
- this.user = user;
- }
-
- /**
- * @return the useridobj
- */
- public String getUseridobj() {
- return useridobj;
- }
-
- /**
- * @param useridobj the useridobj to set
- */
- public void setUseridobj(String useridobj) {
- this.useridobj = useridobj;
- }
-
- /**
- * @return the newUser
- */
- public boolean isNewUser() {
- return newUser;
- }
-
- /**
- * @return the nextPage
- */
- public String getNextPage() {
- return nextPage;
- }
-
- /**
- * @return the stream
- */
- public InputStream getStream() {
- return stream;
- }
-
- /**
- * @return the formID
- */
- public String getFormID() {
- return formID;
- }
-
- /**
- * @param formID the formID to set
- */
- public void setFormID(String formID) {
- this.formID = formID;
- }
-
+
+ private static final long serialVersionUID = 1L;
+
+ private List<AuthenticatedUser> userlist = null;
+ private UserDatabaseFrom user = null;
+
+ private String useridobj = null;
+ private static boolean newUser = false;
+ private InputStream stream;
+ private String nextPage;
+ private String formID;
+
+ public String init() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ if (session == null) {
+ log.info("No http Session found.");
+ return Constants.STRUTS_ERROR;
+ }
+
+ if (authUser.isAdmin()) {
+
+ log.info("Show NewserRequests");
+
+ log.info("Show UserList");
+
+ final List<UserDatabase> dbuserlist = configuration.getUserManagement().getAllUsers();
+
+ if (dbuserlist != null) {
+ userlist = FormDataHelper.addFormUsers(dbuserlist);
+ }
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name());
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame");
+ final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+ if (dbuser == null) {
+ return Constants.STRUTS_REAUTHENTICATE;
+ }
+ user = new UserDatabaseFrom(dbuser);
+
+ session.setAttribute(Constants.SESSION_RETURNAREA,
+ Constants.STRUTS_RETURNAREA_VALUES.main.name());
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_NOTALLOWED;
+ }
+ }
+
+ public String createuser() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+
+ if (authUser.isAdmin()) {
+
+ user = new UserDatabaseFrom();
+
+ newUser = true;
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ return Constants.STRUTS_NOTALLOWED;
+ }
+ }
+
+ public String edituser() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String) nextPageAttr)) {
+ nextPage = (String) nextPageAttr;
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ if (authUser.isAdmin()) {
+ long userid = -1;
+
+ if (!ValidationHelper.validateOAID(useridobj)) {
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
+ return Constants.STRUTS_ERROR;
+ }
+ userid = Long.valueOf(useridobj);
+
+ final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userid);
+ if (dbuser == null) {
+ log.info("No User with ID " + userid + " in Database");
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
+ return Constants.STRUTS_ERROR;
+ }
+ user = new UserDatabaseFrom(dbuser);
+
+ newUser = false;
+
+ return Constants.STRUTS_SUCCESS;
+
+ } else {
+ log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame");
+ final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+ user = new UserDatabaseFrom(dbuser);
+ return Constants.STRUTS_SUCCESS;
+ }
+ }
+
+ public String saveuser() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ final String useridobj = user.getUserID();
+ long userID = -1;
+ if (MiscUtil.isEmpty(useridobj)) {
+ userID = -1;
+
+ } else {
+ if (!ValidationHelper.validateOAID(useridobj)) {
+ log.warn("User with ID " + authUser.getUserID()
+ + " would access UserDatabase ID " + useridobj);
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+ userID = Long.valueOf(useridobj);
+ }
+
+ UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID);
+
+ if (dbuser == null) {
+ dbuser = new UserDatabase();
+ dbuser.setIsMandateUser(false);
+ dbuser.setIsAdminRequest(false);
+ dbuser.setIsPVP2Generated(false);
+ dbuser.setUserRequestTokken(null);
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUsername(user.getUsername());
+ }
+
+ List<String> errors;
+ final UserDatabaseFormValidator validator = new UserDatabaseFormValidator();
+
+ boolean ispvp2 = false;
+ boolean ismandate = false;
+ if (dbuser.isIsPVP2Generated() != null) {
+ ispvp2 = dbuser.isIsPVP2Generated();
+ }
+
+ if (dbuser.isIsMandateUser() != null) {
+ ismandate = dbuser.isIsMandateUser();
+ }
+
+ errors = validator.validate(user, userID, ispvp2, ismandate, request);
+
+ if (errors.size() > 0) {
+ log.info("UserDataForm has some erros.");
+ for (final String el : errors) {
+ addActionError(el);
+ }
+ user.setPassword("");
+
+ if (MiscUtil.isEmpty(user.getUsername())) {
+ newUser = true;
+ }
+
+ user.setIsmandateuser(ismandate);
+ user.setPVPGenerated(ispvp2);
+ if (dbuser.isIsUsernamePasswordAllowed() != null) {
+ user.setIsusernamepasswordallowed(dbuser.isIsUsernamePasswordAllowed());
+ }
+
+ formID = Random.nextRandom();
+ session.setAttribute(Constants.SESSION_FORMID, formID);
+
+ return Constants.STRUTS_ERROR_VALIDATION;
+ }
+
+ if (!authUser.isAdmin()) {
+ if (authUser.getUserID() != userID) {
+ log.warn("User with ID " + authUser.getUserID()
+ + " would access UserDatabase Entry " + user.getUsername());
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+
+ }
+
+ if (!user.getMail().equals(dbuser.getMail()) && !authUser.isAdmin()) {
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ MailHelper.sendUserMailAddressVerification(dbuser);
+ addActionMessage(LanguageHelper.getGUIString("webpages.edituser.changemailaddress.verify", request));
+
+ } catch (final ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ addActionError(LanguageHelper.getErrorString("error.mail.send", request));
+ }
+ }
+
+ final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String) nextPageAttr)) {
+ nextPage = (String) nextPageAttr;
+
+ if (nextPage.equals(Constants.STRUTS_RETURNAREA_VALUES.adminRequestsInit.name()) &&
+ user.isActive()) {
+ dbuser.setIsAdminRequest(false);
+ try {
+ if (dbuser.isIsMandateUser()) {
+ MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+ dbuser.getInstitut(), user.getMail());
+ } else {
+ MailHelper.sendUserAccountActivationMail(dbuser.getGivenname(), dbuser.getFamilyname(),
+ null, user.getMail());
+ }
+
+ } catch (final ConfigurationException e) {
+ log.warn("Send UserAccountActivation mail failed", e);
+ }
+ }
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
+ final String error = saveFormToDB(dbuser);
+
+ if (error != null) {
+ log.warn("UserData can not be stored in Database");
+ addActionError(error);
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ public String deleteuser() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ final Object formidobj = session.getAttribute(Constants.SESSION_FORMID);
+ if (formidobj != null && formidobj instanceof String) {
+ final String formid = (String) formidobj;
+ if (!formid.equals(formID)) {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ } else {
+ log.warn("FormIDs does not match. Some suspect Form is received from user "
+ + authUser.getFamilyName() + authUser.getGivenName() + authUser.getUserID());
+ return Constants.STRUTS_ERROR;
+ }
+ session.setAttribute(Constants.SESSION_FORMID, null);
+
+ final String useridobj = user.getUserID();
+ long userID = -1;
+ if (MiscUtil.isEmpty(useridobj)) {
+ userID = -1;
+
+ } else {
+ if (!ValidationHelper.validateOAID(useridobj)) {
+ log.warn("User with ID " + authUser.getUserID()
+ + " would access UserDatabase ID " + useridobj);
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+ userID = Long.valueOf(useridobj);
+ }
+
+ if (!authUser.isAdmin()) {
+ if (authUser.getUserID() != userID) {
+ log.warn("User with ID " + authUser.getUserID()
+ + " would access UserDatabase Entry " + user.getUsername());
+ addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+ return Constants.STRUTS_ERROR;
+ }
+ }
+
+ final Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA);
+ if (nextPageAttr != null && nextPageAttr instanceof String
+ && MiscUtil.isNotEmpty((String) nextPageAttr)) {
+ nextPage = (String) nextPageAttr;
+ session.setAttribute(Constants.SESSION_RETURNAREA, null);
+
+ } else {
+ nextPage = Constants.STRUTS_RETURNAREA_VALUES.usermanagementInit.name();
+ }
+
+ final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(userID);
+ if (dbuser != null) {
+ dbuser.setOaIDs(null);
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(dbuser);
+ configuration.getUserManagement().delete(dbuser);
+
+ if (authUser.isAdmin()) {
+ MailHelper.sendUserAccountRevocationMail(dbuser);
+ }
+
+ if (dbuser.getHjid().equals(String.valueOf(authUser.getUserID()))) {
+ return Constants.STRUTS_REAUTHENTICATE;
+ }
+
+ } catch (final MOADatabaseException e) {
+ log.warn("UserData can not be deleted from Database", e);
+ addActionError(e.getMessage());
+ return Constants.STRUTS_SUCCESS;
+
+ } catch (final ConfigurationException e) {
+ log.warn("Information mail sending failed.", e);
+ addActionError(e.getMessage());
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ finally {
+ }
+ }
+
+ return Constants.STRUTS_SUCCESS;
+ }
+
+ public String sendVerificationMail() {
+ try {
+ populateBasicInformations();
+
+ } catch (final BasicActionException e) {
+ return Constants.STRUTS_ERROR;
+
+ }
+
+ String message = LanguageHelper.getErrorString("error.mail.send", request);
+
+ if (authUser != null) {
+ final UserDatabase dbuser = configuration.getUserManagement().getUserWithID(authUser.getUserID());
+
+ if (dbuser != null) {
+ dbuser.setIsMailAddressVerified(false);
+ dbuser.setUserRequestTokken(Random.nextRandom());
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(dbuser);
+
+ MailHelper.sendUserMailAddressVerification(dbuser);
+
+ message = LanguageHelper.getErrorString("webpages.edituser.verify.mail.message", request);
+
+ } catch (final ConfigurationException e) {
+ log.warn("Sending of mailaddress verification mail failed.", e);
+ message = LanguageHelper.getErrorString("error.mail.send", request);
+
+ } catch (final MOADatabaseException e) {
+ log.warn("Access UserInformationDatabase failed.", e);
+ }
+ }
+ }
+
+ stream = new ByteArrayInputStream(message.getBytes());
+
+ return SUCCESS;
+ }
+
+ private String saveFormToDB(UserDatabase dbuser) {
+
+ dbuser.setMail(user.getMail());
+ dbuser.setPhone(user.getPhone());
+
+ if (authUser.isAdmin() || dbuser.isIsUsernamePasswordAllowed()) {
+ dbuser.setIsUsernamePasswordAllowed(user.isIsusernamepasswordallowed());
+
+ if (authUser.isAdmin()) {
+ dbuser.setIsActive(user.isActive());
+ dbuser.setIsAdmin(user.isAdmin());
+
+ }
+ }
+
+ if (dbuser.isIsPVP2Generated() == null || !dbuser.isIsPVP2Generated()) {
+ dbuser.setFamilyname(user.getFamilyName());
+ dbuser.setGivenname(user.getGivenName());
+ dbuser.setInstitut(user.getInstitut());
+
+ if (authUser.isAdmin()) {
+ dbuser.setBpk(user.getBpk());
+ if (user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID
+ + "X" + Constants.IDENIFICATIONTYPE_FN) ||
+ user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID
+ + "X" + Constants.IDENIFICATIONTYPE_ZVR) ||
+ user.getBpk().startsWith(Constants.IDENIFICATIONTYPE_BASEID
+ + "X" + Constants.IDENIFICATIONTYPE_ERSB)) {
+ dbuser.setIsMandateUser(true);
+ }
+ }
+
+ } else {
+ if (!dbuser.isIsMandateUser()) {
+ dbuser.setInstitut(user.getInstitut());
+ }
+ }
+
+ if (dbuser.isIsUsernamePasswordAllowed()) {
+
+ if (MiscUtil.isNotEmpty(user.getUsername()) && MiscUtil.isEmpty(dbuser.getUsername())) {
+ dbuser.setUsername(user.getUsername());
+ }
+
+ if (MiscUtil.isNotEmpty(user.getPassword())) {
+ final String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
+ if (key == null) {
+ return LanguageHelper.getErrorString("errors.edit.user.save", request);
+ }
+ dbuser.setPassword(key);
+ }
+ }
+
+ try {
+ configuration.getUserManagement().saveOrUpdate(dbuser);
+ } catch (final MOADatabaseException e) {
+ log.warn("User information can not be stored in Database.", e);
+ return LanguageHelper.getErrorString("errors.edit.user.save", request);
+ }
+
+ return null;
+ }
+
+ /**
+ * @return the userlist
+ */
+ public List<AuthenticatedUser> getUserlist() {
+ return userlist;
+ }
+
+ /**
+ * @param userlist the userlist to set
+ */
+ public void setUserlist(List<AuthenticatedUser> userlist) {
+ this.userlist = userlist;
+ }
+
+ /**
+ * @return the user
+ */
+ public UserDatabaseFrom getUser() {
+ return user;
+ }
+
+ /**
+ * @param user the user to set
+ */
+ public void setUser(UserDatabaseFrom user) {
+ this.user = user;
+ }
+
+ /**
+ * @return the useridobj
+ */
+ public String getUseridobj() {
+ return useridobj;
+ }
+
+ /**
+ * @param useridobj the useridobj to set
+ */
+ public void setUseridobj(String useridobj) {
+ this.useridobj = useridobj;
+ }
+
+ /**
+ * @return the newUser
+ */
+ public boolean isNewUser() {
+ return newUser;
+ }
+
+ /**
+ * @return the nextPage
+ */
+ public String getNextPage() {
+ return nextPage;
+ }
+
+ /**
+ * @return the stream
+ */
+ public InputStream getStream() {
+ return stream;
+ }
+
+ /**
+ * @return the formID
+ */
+ @Override
+ public String getFormID() {
+ return formID;
+ }
+
+ /**
+ * @param formID the formID to set
+ */
+ @Override
+ public void setFormID(String formID) {
+ this.formID = formID;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
index c00eb46a5..5f03d89c1 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java
@@ -39,37 +39,36 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
*/
public class VIDPAction extends InterfederationIDPAction {
- private static final long serialVersionUID = 1981465294474566533L;
+ private static final long serialVersionUID = 1981465294474566533L;
+
+ public VIDPAction() {
+ super();
+ formList.putAll(buildVIDPFormList());
+ }
+
+ /**
+ * @return
+ *
+ */
+ public static LinkedHashMap<String, IOnlineApplicationData> buildVIDPFormList() {
+ final LinkedHashMap<String, IOnlineApplicationData> forms =
+ new LinkedHashMap<>();
+
+ final OATargetConfiguration oaTarget = new OATargetConfiguration();
+ forms.put(oaTarget.getName(), oaTarget);
+
+ final OAAuthenticationData authOA = new OAAuthenticationData();
+ forms.put(authOA.getName(), authOA);
+
+ final OASTORKConfig storkOA = new OASTORKConfig();
+ forms.put(storkOA.getName(), storkOA);
+
+ final Map<String, String> map = new HashMap<>();
+ map.putAll(FormBuildUtils.getDefaultMap());
+ final FormularCustomization formOA = new FormularCustomization(map);
+ forms.put(formOA.getName(), formOA);
+
+ return forms;
+ }
-
- public VIDPAction() {
- super();
- formList.putAll(buildVIDPFormList());
- }
-
- /**
- * @return
- *
- */
- public static LinkedHashMap<String, IOnlineApplicationData> buildVIDPFormList() {
- LinkedHashMap<String, IOnlineApplicationData> forms =
- new LinkedHashMap<String, IOnlineApplicationData>();
-
- OATargetConfiguration oaTarget = new OATargetConfiguration();
- forms.put(oaTarget.getName(), oaTarget);
-
- OAAuthenticationData authOA = new OAAuthenticationData();
- forms.put(authOA.getName(), authOA);
-
- OASTORKConfig storkOA = new OASTORKConfig();
- forms.put(storkOA.getName(), storkOA);
-
- Map<String, String> map = new HashMap<String, String>();
- map.putAll(FormBuildUtils.getDefaultMap());
- FormularCustomization formOA = new FormularCustomization(map);
- forms.put(formOA.getName(), formOA);
-
- return forms;
- }
-
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java
index 08cd7c59d..e26e67196 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java
@@ -33,47 +33,51 @@ import at.gv.egovernment.moa.logging.Logger;
*/
public class ConfigurationEncryptionUtils extends AbstractEncrytionUtil {
- private static ConfigurationEncryptionUtils instance = null;
- private static String key = null;
-
- public static ConfigurationEncryptionUtils getInstance() {
- if (instance == null) {
- try {
- key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey();
- instance = new ConfigurationEncryptionUtils();
-
- } catch (Exception e) {
- Logger.warn("MOAConfiguration encryption initialization FAILED.", e);
-
- }
- }
- return instance;
- }
-
- /**
- * @throws DatabaseEncryptionException
- */
- public ConfigurationEncryptionUtils() throws DatabaseEncryptionException {
- super();
-
- }
+ private static ConfigurationEncryptionUtils instance = null;
+ private static String key = null;
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt()
- */
- @Override
- protected String getSalt() {
- return "Configuration-Salt";
-
- }
+ public static ConfigurationEncryptionUtils getInstance() {
+ if (instance == null) {
+ try {
+ key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey();
+ instance = new ConfigurationEncryptionUtils();
- /* (non-Javadoc)
- * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey()
- */
- @Override
- protected String getKey() {
- return key;
-
- }
+ } catch (final Exception e) {
+ Logger.warn("MOAConfiguration encryption initialization FAILED.", e);
+
+ }
+ }
+ return instance;
+ }
+
+ /**
+ * @throws DatabaseEncryptionException
+ */
+ public ConfigurationEncryptionUtils() throws DatabaseEncryptionException {
+ super();
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt()
+ */
+ @Override
+ protected String getSalt() {
+ return "Configuration-Salt";
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey()
+ */
+ @Override
+ protected String getKey() {
+ return key;
+
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
index eca4c05ef..c4a9894ca 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/SAML2Utils.java
@@ -32,7 +32,6 @@ import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
-import org.opensaml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.XMLObjectBuilderFactory;
@@ -41,59 +40,59 @@ import org.opensaml.xml.io.MarshallingException;
public class SAML2Utils {
- static {
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- factory.setValidating(false);
- try {
- builder = factory.newDocumentBuilder();
- } catch (ParserConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
- }
+ static {
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ factory.setValidating(false);
+ try {
+ builder = factory.newDocumentBuilder();
+ } catch (final ParserConfigurationException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ }
- private static DocumentBuilder builder;
+ private static DocumentBuilder builder;
- public static <T> T createSAMLObject(final Class<T> clazz) {
- try {
+ public static <T> T createSAMLObject(final Class<T> clazz) {
+ try {
- XMLObjectBuilderFactory builderFactory = Configuration
- .getBuilderFactory();
+ final XMLObjectBuilderFactory builderFactory = org.opensaml.xml.Configuration
+ .getBuilderFactory();
- QName defaultElementName = (QName) clazz.getDeclaredField(
- "DEFAULT_ELEMENT_NAME").get(null);
- Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders();
- Iterator<QName> it = builder.keySet().iterator();
+ final QName defaultElementName = (QName) clazz.getDeclaredField(
+ "DEFAULT_ELEMENT_NAME").get(null);
+ final Map<QName, XMLObjectBuilder> builder = builderFactory.getBuilders();
+ final Iterator<QName> it = builder.keySet().iterator();
- while (it.hasNext()) {
- QName qname = it.next();
- if (qname.equals(defaultElementName)) {
- System.out.printf("Builder for: %s\n", qname.toString());
- }
- }
- XMLObjectBuilder xmlBuilder = builderFactory
- .getBuilder(defaultElementName);
-
- T object = (T) xmlBuilder.buildObject(defaultElementName);
- return object;
- } catch (Throwable e) {
- System.out.printf("Failed to create object for: %s\n",
- clazz.toString());
- e.printStackTrace();
- return null;
- }
- }
+ while (it.hasNext()) {
+ final QName qname = it.next();
+ if (qname.equals(defaultElementName)) {
+ System.out.printf("Builder for: %s\n", qname.toString());
+ }
+ }
+ final XMLObjectBuilder xmlBuilder = builderFactory
+ .getBuilder(defaultElementName);
+
+ final T object = (T) xmlBuilder.buildObject(defaultElementName);
+ return object;
+ } catch (final Throwable e) {
+ System.out.printf("Failed to create object for: %s\n",
+ clazz.toString());
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException,
+ MarshallingException, TransformerException {
+ final org.w3c.dom.Document document = builder.newDocument();
+ final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(
+ object);
+ out.marshall(object, document);
+ return document;
+ }
- public static org.w3c.dom.Document asDOMDocument(XMLObject object) throws IOException,
- MarshallingException, TransformerException {
- org.w3c.dom.Document document = builder.newDocument();
- Marshaller out = Configuration.getMarshallerFactory().getMarshaller(
- object);
- out.marshall(object, document);
- return document;
- }
-
// public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() throws ConfigurationException {
// MetadataCredentialResolver resolver;
//
@@ -113,7 +112,5 @@ public class SAML2Utils {
// return engine;
//
// }
-
-
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
index 5f55a61d5..a78de7362 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
@@ -26,68 +26,66 @@ import java.util.Calendar;
import java.util.Date;
import java.util.List;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
+import lombok.extern.slf4j.Slf4j;
-
+@Slf4j
public class UserRequestCleaner implements Runnable {
- private static final Logger log = Logger.getLogger(UserRequestCleaner.class);
-
- private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
-
- public void run() {
- while (true) {
- try {
- ConfigurationProvider config = ConfigurationProvider.getInstance();
-
- //clean up user request storage
- List<UserDatabase> userrequests = config.getUserManagement().getAllOpenUsersRequests();
- if (userrequests != null) {
- Calendar cal = Calendar.getInstance();
- cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay()*-1);
- Date cleanupdate = cal.getTime();
-
- for(UserDatabase dbuser : userrequests) {
- Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
-
- if (requestdate != null && requestdate.after(cleanupdate)) {
- log.info("Remove UserRequest from Database");
- config.getUserManagement().delete(dbuser);
- }
-
- }
- }
-
- //clean up active user storage
- AuthenticationManager.getInstance().removeAllUsersAfterTimeOut();
-
- Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
-
- } catch (ConfigurationException e) {
- log.info("UserRequestCleaner can not load configuration", e);
-
- } catch (InterruptedException e) {
-
- }
- }
- }
-
- /**
- * start the sessionCleaner
- */
- public static void start() {
- // start the session cleanup thread
- Thread sessionCleaner = new Thread(new UserRequestCleaner());
- sessionCleaner.setName("UserRequestCleaner");
- sessionCleaner.setDaemon(true);
- sessionCleaner.setPriority(Thread.MIN_PRIORITY);
- sessionCleaner.start();
- }
-
+ private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
+
+ @Override
+ public void run() {
+ while (true) {
+ try {
+ final ConfigurationProvider config = ConfigurationProvider.getInstance();
+
+ // clean up user request storage
+ final List<UserDatabase> userrequests = config.getUserManagement().getAllOpenUsersRequests();
+ if (userrequests != null) {
+ final Calendar cal = Calendar.getInstance();
+ cal.add(Calendar.HOUR, config.getUserRequestCleanUpDelay() * -1);
+ final Date cleanupdate = cal.getTime();
+
+ for (final UserDatabase dbuser : userrequests) {
+ final Date requestdate = DateTimeHelper.parseDateTime(dbuser.getLastLogin());
+
+ if (requestdate != null && requestdate.after(cleanupdate)) {
+ log.info("Remove UserRequest from Database");
+ config.getUserManagement().delete(dbuser);
+ }
+
+ }
+ }
+
+ // clean up active user storage
+ AuthenticationManager.getInstance().removeAllUsersAfterTimeOut();
+
+ Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
+
+ } catch (final ConfigurationException e) {
+ log.info("UserRequestCleaner can not load configuration", e);
+
+ } catch (final InterruptedException e) {
+
+ }
+ }
+ }
+
+ /**
+ * start the sessionCleaner
+ */
+ public static void start() {
+ // start the session cleanup thread
+ final Thread sessionCleaner = new Thread(new UserRequestCleaner());
+ sessionCleaner.setName("UserRequestCleaner");
+ sessionCleaner.setDaemon(true);
+ sessionCleaner.setPriority(Thread.MIN_PRIORITY);
+ sessionCleaner.start();
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
index b96b1e4b0..cbba90a6b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java
@@ -28,51 +28,53 @@ import at.gv.egovernment.moa.id.configuration.Constants;
public class CompanyNumberValidator implements IdentificationNumberValidator {
- public boolean validate(String commercialRegisterNumber) {
-
- String normalizedNumber = commercialRegisterNumber.replaceAll(" ", "");
- if(normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN))
- normalizedNumber = normalizedNumber.substring(2);
-
- return checkCommercialRegisterNumber(normalizedNumber);
- }
+ @Override
+ public boolean validate(String commercialRegisterNumber) {
- private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) {
- if (commercialRegisterNumber == null) {
- return false;
- }
- commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7,
- '0');
- if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) {
- return false;
- }
- String digits = commercialRegisterNumber.substring(0,
- commercialRegisterNumber.length() - 1);
- char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber
- .length() - 1);
- boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit;
- return result;
- }
+ String normalizedNumber = commercialRegisterNumber.replaceAll(" ", "");
+ if (normalizedNumber.startsWith(Constants.IDENIFICATIONTYPE_FN)) {
+ normalizedNumber = normalizedNumber.substring(2);
+ }
- public static char calcCheckDigitFromCommercialRegisterNumber(
- String commercialRegisterDigits) {
- final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 };
- final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm',
- 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' };
- if (commercialRegisterDigits == null) {
- throw new NullPointerException("Commercial register number missing.");
- }
- commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6,
- '0');
- if (!commercialRegisterDigits.matches("\\d{6}")) {
- throw new IllegalArgumentException(
- "Invalid commercial register number provided.");
- }
- int sum = 0;
- for (int i = 0; i < commercialRegisterDigits.length(); i++) {
- int value = commercialRegisterDigits.charAt(i) - '0';
- sum += WEIGHT[i] * value;
- }
- return CHECKDIGIT[sum % 17];
- }
+ return checkCommercialRegisterNumber(normalizedNumber);
+ }
+
+ private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) {
+ if (commercialRegisterNumber == null) {
+ return false;
+ }
+ commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7,
+ '0');
+ if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) {
+ return false;
+ }
+ final String digits = commercialRegisterNumber.substring(0,
+ commercialRegisterNumber.length() - 1);
+ final char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber
+ .length() - 1);
+ final boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit;
+ return result;
+ }
+
+ public static char calcCheckDigitFromCommercialRegisterNumber(
+ String commercialRegisterDigits) {
+ final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 };
+ final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm',
+ 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' };
+ if (commercialRegisterDigits == null) {
+ throw new NullPointerException("Commercial register number missing.");
+ }
+ commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6,
+ '0');
+ if (!commercialRegisterDigits.matches("\\d{6}")) {
+ throw new IllegalArgumentException(
+ "Invalid commercial register number provided.");
+ }
+ int sum = 0;
+ for (int i = 0; i < commercialRegisterDigits.length(); i++) {
+ final int value = commercialRegisterDigits.charAt(i) - '0';
+ sum += WEIGHT[i] * value;
+ }
+ return CHECKDIGIT[sum % 17];
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
index 4ef4bc762..318492e66 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java
@@ -27,149 +27,155 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.FormularCustomization;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class FormularCustomizationValitator {
-
- private static final Logger log = Logger.getLogger(FormularCustomizationValitator.class);
-
- public List<String> validate(FormularCustomization form, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
- String check;
-
- if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) {
- log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible.");
- errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination", request));
- }
-
- check = form.getBackGroundColor();
- if (MiscUtil.isNotEmpty(check)) {
- if (!check.startsWith("#"))
- check = "#" + check;
-
- if (!ValidationHelper.isValidHexValue(check)) {
- log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request));
- }
- }
-
- check = form.getFrontColor();
- if (MiscUtil.isNotEmpty(check)) {
- if (!check.startsWith("#"))
- check = "#" + check;
-
- if (!ValidationHelper.isValidHexValue(check)) {
- log.warn("BKUSelectionFrontColor is not a valid hex value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request));
- }
- }
-
- check = form.getHeader_BackGroundColor();
- if (MiscUtil.isNotEmpty(check)) {
- if (!check.startsWith("#"))
- check = "#" + check;
-
- if (!ValidationHelper.isValidHexValue(check)) {
- log.warn("HeaderBackGroundColor is not a valid hex value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request));
- }
- }
-
- check = form.getHeader_FrontColor();
- if (MiscUtil.isNotEmpty(check)) {
- if (!check.startsWith("#"))
- check = "#" + check;
-
- if (!ValidationHelper.isValidHexValue(check)) {
- log.warn("HeaderFrontColor is not a valid hex value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request));
- }
- }
-
- check = form.getHeader_text();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("HeaderText contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.header.text",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getButton_BackGroundColor();
- if (MiscUtil.isNotEmpty(check)) {
- if (!check.startsWith("#"))
- check = "#" + check;
-
- if (!ValidationHelper.isValidHexValue(check)) {
- log.warn("ButtonBackGroundColor is not a valid hex value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request));
- }
- }
-
- check = form.getButton_BackGroundColorFocus();
- if (MiscUtil.isNotEmpty(check)) {
- if (!check.startsWith("#"))
- check = "#" + check;
-
- if (!ValidationHelper.isValidHexValue(check)) {
- log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request));
- }
- }
-
- check = form.getButton_FrontColor();
- if (MiscUtil.isNotEmpty(check)) {
- if (!check.startsWith("#"))
- check = "#" + check;
-
- if (!ValidationHelper.isValidHexValue(check)) {
- log.warn("ButtonFrontColor is not a valid hex value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request));
- }
- }
-
- check = form.getAppletRedirectTarget();
- if (MiscUtil.isNotEmpty(check)) {
- if (!FormularCustomization.appletRedirectTargetList.contains(check)) {
- log.warn("AppletRedirectTarget has not valid value " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request));
- }
- }
-
- check = form.getFontType();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, true)) {
- log.warn("FontType contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype",
- new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
- }
- }
-
- check = form.getApplet_height();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateNumber(check)) {
- log.warn("Applet height "+ check + " is no valid number");
- errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height",
- new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
- }
- }
-
- check = form.getApplet_width();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateNumber(check)) {
- log.warn("Applet width "+ check + " is no valid number");
- errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width",
- new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
- }
- }
-
- return errors;
-
- }
+
+ public List<String> validate(FormularCustomization form, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+ String check;
+
+ if (form.isOnlyMandateAllowed() && !form.isShowMandateLoginButton()) {
+ log.warn("OnlyMandateAllowed in combination with hidden MandateLoginCheckbox is not possible.");
+ errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.combination",
+ request));
+ }
+
+ check = form.getBackGroundColor();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#")) {
+ check = "#" + check;
+ }
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("BKUSelectionBackGroundColor is not a valid hex value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.color.background", request));
+ }
+ }
+
+ check = form.getFrontColor();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#")) {
+ check = "#" + check;
+ }
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("BKUSelectionFrontColor is not a valid hex value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.color.front", request));
+ }
+ }
+
+ check = form.getHeader_BackGroundColor();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#")) {
+ check = "#" + check;
+ }
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("HeaderBackGroundColor is not a valid hex value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.back", request));
+ }
+ }
+
+ check = form.getHeader_FrontColor();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#")) {
+ check = "#" + check;
+ }
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("HeaderFrontColor is not a valid hex value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.header.color.front", request));
+ }
+ }
+
+ check = form.getHeader_text();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("HeaderText contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.header.text",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getButton_BackGroundColor();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#")) {
+ check = "#" + check;
+ }
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("ButtonBackGroundColor is not a valid hex value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back", request));
+ }
+ }
+
+ check = form.getButton_BackGroundColorFocus();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#")) {
+ check = "#" + check;
+ }
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("ButtonBackGroundColorFocus is not a valid hex value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.back.focus", request));
+ }
+ }
+
+ check = form.getButton_FrontColor();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!check.startsWith("#")) {
+ check = "#" + check;
+ }
+
+ if (!ValidationHelper.isValidHexValue(check)) {
+ log.warn("ButtonFrontColor is not a valid hex value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.button.color.front", request));
+ }
+ }
+
+ check = form.getAppletRedirectTarget();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!FormularCustomization.appletRedirectTargetList.contains(check)) {
+ log.warn("AppletRedirectTarget has not valid value " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.appletredirecttarget", request));
+ }
+ }
+
+ check = form.getFontType();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
+ log.warn("FontType contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.form.fonttype",
+ new Object[] { ValidationHelper.getNotValidCharacter(true) }, request));
+ }
+ }
+
+ check = form.getApplet_height();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Applet height " + check + " is no valid number");
+ errors.add(LanguageHelper.getErrorString("validation.general.form.applet.height",
+ new Object[] { ValidationHelper.getNotValidCharacter(true) }, request));
+ }
+ }
+
+ check = form.getApplet_width();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Applet width " + check + " is no valid number");
+ errors.add(LanguageHelper.getErrorString("validation.general.form.applet.width",
+ new Object[] { ValidationHelper.getNotValidCharacter(true) }, request));
+ }
+ }
+
+ return errors;
+
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java
index d66c0da3a..84993f464 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java
@@ -24,6 +24,6 @@ package at.gv.egovernment.moa.id.configuration.validation;
public interface IdentificationNumberValidator {
- boolean validate(String idNumber);
-
+ boolean validate(String idNumber);
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
index f0594c38d..13708c257 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -27,8 +27,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.config.webgui.exception.ConfigurationException;
@@ -38,163 +36,161 @@ import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class UserDatabaseFormValidator {
- private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class);
-
- public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated,
- boolean isMandateUser, HttpServletRequest request) {
- List<String> errors = new ArrayList<String>();
-
- String check = null;
- FileBasedUserConfiguration newConfigRead = null;
- try {
- newConfigRead = ConfigurationProvider.getInstance().getUserManagement();
-
- } catch (ConfigurationException e) {
- log.error("MOA-ID-Configuration initialization FAILED.", e);
- errors.add("Internal Server Error");
- return errors;
-
- }
-
- if (!isPVP2Generated) {
- check = form.getGivenName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("GivenName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("GivenName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request));
- }
-
-
- check = form.getFamilyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("FamilyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("FamilyName is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request));
- }
- }
-
- if (!isMandateUser) {
- check = form.getInstitut();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("Organisation contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Organisation is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));
- }
- }
-
- check = form.getMail();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isEmailAddressFormat(check)) {
- log.warn("Mailaddress is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Mailaddress is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));
- }
-
- check = form.getPhone();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("Phonenumber contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- } else {
- log.warn("Phonenumber is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));
- }
-
- if (form.isIsusernamepasswordallowed()) {
- check = form.getUsername();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("Username contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
-
- } else {
- UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
- if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID ))) {
- log.warn("Username " + check + " exists in UserDatabase");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request));
- form.setUsername("");
- }
- }
- } else {
- if (userID == -1) {
- log.warn("Username is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
- } else {
- UserDatabase dbuser = newConfigRead.getUserWithID(userID);
- if (dbuser == null) {
- log.warn("Username is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
- } else {
- form.setUsername(dbuser.getUsername());
- }
- }
- }
-
- check = form.getPassword();
-
- if (MiscUtil.isEmpty(check)) {
- if (userID == -1) {
- log.warn("Password is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
- } else {
- UserDatabase dbuser = newConfigRead.getUserWithID(userID);
- if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
- log.warn("Password is empty");
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
- }
- }
-
- } else {
-
- if (check.equals(form.getPassword_second())) {
-
- String key = AuthenticationHelper.generateKeyFormPassword(check);
- if (key == null) {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
- }
-
- }
- else {
- errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request));
- }
- }
- }
-
- check = form.getBpk();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.warn("BPK contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid",
- new Object[] {ValidationHelper.getNotValidIdentityLinkSignerCharacters()}, request ));
- }
- }
-
- return errors;
-
- }
+ public List<String> validate(UserDatabaseFrom form, long userID, boolean isPVP2Generated,
+ boolean isMandateUser, HttpServletRequest request) {
+ final List<String> errors = new ArrayList<>();
+
+ String check = null;
+ FileBasedUserConfiguration newConfigRead = null;
+ try {
+ newConfigRead = ConfigurationProvider.getInstance().getUserManagement();
+
+ } catch (final ConfigurationException e) {
+ log.error("MOA-ID-Configuration initialization FAILED.", e);
+ errors.add("Internal Server Error");
+ return errors;
+
+ }
+
+ if (!isPVP2Generated) {
+ check = form.getGivenName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("GivenName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("GivenName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty", request));
+ }
+
+ check = form.getFamilyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("FamilyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("FamilyName is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty", request));
+ }
+ }
+
+ if (!isMandateUser) {
+ check = form.getInstitut();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("Organisation contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Organisation is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty", request));
+ }
+ }
+
+ check = form.getMail();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isEmailAddressFormat(check)) {
+ log.warn("Mailaddress is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Mailaddress is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty", request));
+ }
+
+ check = form.getPhone();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("Phonenumber contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ } else {
+ log.warn("Phonenumber is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty", request));
+ }
+
+ if (form.isIsusernamepasswordallowed()) {
+ check = form.getUsername();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("Username contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+
+ } else {
+ final UserDatabase dbuser = newConfigRead.getUserWithUserName(check);
+ if (dbuser != null && !dbuser.getHjid().equals(String.valueOf(userID))) {
+ log.warn("Username " + check + " exists in UserDatabase");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate", request));
+ form.setUsername("");
+ }
+ }
+ } else {
+ if (userID == -1) {
+ log.warn("Username is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
+ } else {
+ final UserDatabase dbuser = newConfigRead.getUserWithID(userID);
+ if (dbuser == null) {
+ log.warn("Username is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty", request));
+ } else {
+ form.setUsername(dbuser.getUsername());
+ }
+ }
+ }
+
+ check = form.getPassword();
+
+ if (MiscUtil.isEmpty(check)) {
+ if (userID == -1) {
+ log.warn("Password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
+ } else {
+ final UserDatabase dbuser = newConfigRead.getUserWithID(userID);
+ if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+ log.warn("Password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty", request));
+ }
+ }
+
+ } else {
+
+ if (check.equals(form.getPassword_second())) {
+
+ final String key = AuthenticationHelper.generateKeyFormPassword(check);
+ if (key == null) {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid", request));
+ }
+
+ } else {
+ errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal", request));
+ }
+ }
+ }
+
+ check = form.getBpk();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.warn("BPK contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid",
+ new Object[] { ValidationHelper.getNotValidIdentityLinkSignerCharacters() }, request));
+ }
+ }
+
+ return errors;
+
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
index 247004b75..62d53ab56 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java
@@ -32,7 +32,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
-import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
@@ -41,114 +40,115 @@ import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class MOAConfigValidator {
- private static final Logger log = Logger.getLogger(MOAConfigValidator.class);
-
- public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) {
-
- List<String> errors = new ArrayList<String>();
-
- log.debug("Validate general MOA configuration");
-
-
- String check = form.getSaml1SourceID();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getPublicURLPrefix();
- if (MiscUtil.isNotEmpty(check)) {
- String[] publicURLPreFix = check.split(",");
- if (form.isVirtualPublicURLPrefixEnabled()) {
- for (String el : publicURLPreFix) {
- if (!ValidationHelper.validateURL(
- StringUtils.chomp(el.trim()))) {
- log.info("Public URL Prefix " + el + " is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{el}, request));
- }
- }
-
- } else {
- if (!ValidationHelper.validateURL(
- StringUtils.chomp(publicURLPreFix[0].trim()))) {
- log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[]{publicURLPreFix[0]}, request));
-
- }
-
- }
- } else {
- log.info("PublicURL Prefix is empty.");
- errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request));
- }
-
- check = form.getTimeoutAssertion();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateNumber(check)) {
- log.warn("Assertion Timeout is no number " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
- }
- }
- check = form.getTimeoutMOASessionCreated();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateNumber(check)) {
- log.warn("MOASessionCreated Timeout is no number " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
- }
- }
- check = form.getTimeoutMOASessionUpdated();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateNumber(check)) {
- log.warn("MOASessionUpdated Timeout is no number " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
- }
- }
-
+ public List<String> validate(GeneralMOAIDConfig form, HttpServletRequest request, boolean isMOAIDMode) {
+
+ final List<String> errors = new ArrayList<>();
+
+ log.debug("Validate general MOA configuration");
+
+ String check = form.getSaml1SourceID();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("SAML1 SourceID contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.SAML1SourceID",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getPublicURLPrefix();
+ if (MiscUtil.isNotEmpty(check)) {
+ final String[] publicURLPreFix = check.split(",");
+ if (form.isVirtualPublicURLPrefixEnabled()) {
+ for (final String el : publicURLPreFix) {
+ if (!ValidationHelper.validateURL(
+ StringUtils.chomp(el.trim()))) {
+ log.info("Public URL Prefix " + el + " is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid",
+ new Object[] { el }, request));
+ }
+ }
+
+ } else {
+ if (!ValidationHelper.validateURL(
+ StringUtils.chomp(publicURLPreFix[0].trim()))) {
+ log.info("Public URL Prefix " + publicURLPreFix[0] + " is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.valid", new Object[] {
+ publicURLPreFix[0] }, request));
+
+ }
+
+ }
+ } else {
+ log.info("PublicURL Prefix is empty.");
+ errors.add(LanguageHelper.getErrorString("validation.general.publicURLprefix.empty", request));
+ }
+
+ check = form.getTimeoutAssertion();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("Assertion Timeout is no number " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request));
+ }
+ }
+ check = form.getTimeoutMOASessionCreated();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("MOASessionCreated Timeout is no number " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request));
+ }
+ }
+ check = form.getTimeoutMOASessionUpdated();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateNumber(check)) {
+ log.warn("MOASessionUpdated Timeout is no number " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request));
+ }
+ }
+
// check = form.getCertStoreDirectory();
// if (MiscUtil.isNotEmpty(check)) {
// if (ValidationHelper.isValidOAIdentifier(check)) {
// log.warn("CertStoreDirectory contains potentail XSS characters: " + check);
-// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
+// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid",
// new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
// }
// } else {
// log.info("CertStoreDirectory is empty.");
// errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty", request));
// }
-
- check = form.getDefaultBKUHandy();
- if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Handy-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request));
- }
- }
-
- check = form.getDefaultBKULocal();
- if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request));
- }
- }
-
- check = form.getDefaultBKUOnline();
- if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request));
- }
- }
-
+
+ check = form.getDefaultBKUHandy();
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request));
+ }
+ }
+
+ check = form.getDefaultBKULocal();
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request));
+ }
+ }
+
+ check = form.getDefaultBKUOnline();
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request));
+ }
+ }
+
// check = form.getDefaultchainigmode();
// if (MiscUtil.isEmpty(check)) {
// log.info("Empty Defaultchainigmode");
@@ -160,166 +160,169 @@ public class MOAConfigValidator {
// errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid", request));
// }
// }
-
- check = form.getMandateURL();
- if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
- String[] misURLs = check.split(",");
- for (String el : misURLs) {
- if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
- log.info("Not valid Online-Mandate Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid",
- new Object[]{el}, request));
- }
- }
- }
-
- check = form.getElgaMandateServiceURL();
- if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
- String[] elgaServiceURLs = check.split(",");
- for (String el : elgaServiceURLs) {
- if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
- log.info("Not valid Online-Mandate Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid",
- new Object[]{el}, request));
- }
- }
- }
-
- check = form.getEidSystemServiceURL();
- if (MiscUtil.isNotEmpty(check)) {
- String[] eidServiceURLs = check.split(",");
- for (String el : eidServiceURLs) {
- if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
- log.info("Not valid E-ID System Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid",
- new Object[]{el}, request));
- }
- }
- }
-
- check = form.getMoaspssAuthTransformations();
- List<String> authtranslist = new ArrayList<String>();
- if (isMOAIDMode) {
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MoaspssAuthTransformation");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty", request));
- } else {
-
- //is only required if more then one transformation is in use
- // check = StringHelper.formatText(check);
- // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
- // int i=1;
- // for(String el : list) {
- // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) {
- // log.info("IdentityLinkSigners is not valid: " + el);
- // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid",
- // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} ));
- //
- // } else {
- // if (MiscUtil.isNotEmpty(el.trim()))
- // authtranslist.add(el.trim());
- // }
- // i++;
- // }
- authtranslist.add(check.trim());
- }
- }
- form.setAuthTransformList(authtranslist);
-
- if (isMOAIDMode) {
- check = form.getMoaspssAuthTrustProfile();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS Authblock TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("Authblock TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getMoaspssIdlTrustProfile();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("IdentityLink TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getMoaspssAuthTrustProfileTest();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("Test-Authblock TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getMoaspssIdlTrustProfileTest();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty", request));
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("Test-IdentityLink TrustProfile is not valid: " +check);
- errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
-
- check = form.getMoaspssURL();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid MOA-SP/SS Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request));
- }
- }
- }
-
- check = form.getPvp2IssuerName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("PVP2 IssuerName is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getPvp2OrgDisplayName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("PVP2 organisation display name is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getPvp2OrgName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("PVP2 organisation name is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = form.getPvp2OrgURL();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("PVP2 organisation URL is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request));
- }
- }
-
+
+ check = form.getMandateURL();
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
+ final String[] misURLs = check.split(",");
+ for (final String el : misURLs) {
+ if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
+ log.info("Not valid Online-Mandate Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid",
+ new Object[] { el }, request));
+ }
+ }
+ }
+
+ check = form.getElgaMandateServiceURL();
+ if (MiscUtil.isNotEmpty(check) && isMOAIDMode) {
+ final String[] elgaServiceURLs = check.split(",");
+ for (final String el : elgaServiceURLs) {
+ if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
+ log.info("Not valid Online-Mandate Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid",
+ new Object[] { el }, request));
+ }
+ }
+ }
+
+ check = form.getEidSystemServiceURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ final String[] eidServiceURLs = check.split(",");
+ for (final String el : eidServiceURLs) {
+ if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
+ log.info("Not valid E-ID System Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid",
+ new Object[] { el }, request));
+ }
+ }
+ }
+
+ check = form.getMoaspssAuthTransformations();
+ final List<String> authtranslist = new ArrayList<>();
+ if (isMOAIDMode) {
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MoaspssAuthTransformation");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty",
+ request));
+ } else {
+
+ // is only required if more then one transformation is in use
+ // check = StringHelper.formatText(check);
+ // String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER);
+ // int i=1;
+ // for(String el : list) {
+ // if (ValidationHelper.containsPotentialCSSCharacter(el, false)) {
+ // log.info("IdentityLinkSigners is not valid: " + el);
+ // errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid",
+ // new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} ));
+ //
+ // } else {
+ // if (MiscUtil.isNotEmpty(el.trim()))
+ // authtranslist.add(el.trim());
+ // }
+ // i++;
+ // }
+ authtranslist.add(check.trim());
+ }
+ }
+ form.setAuthTransformList(authtranslist);
+
+ if (isMOAIDMode) {
+ check = form.getMoaspssAuthTrustProfile();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS Authblock TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty",
+ request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("Authblock TrustProfile is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getMoaspssIdlTrustProfile();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS IdentityLink TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty", request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("IdentityLink TrustProfile is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getMoaspssAuthTrustProfileTest();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS Test-Authblock TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.empty",
+ request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("Test-Authblock TrustProfile is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.test.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getMoaspssIdlTrustProfileTest();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty MOA-SP/SS Test-IdentityLink TrustProfile");
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.empty",
+ request));
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("Test-IdentityLink TrustProfile is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.test.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getMoaspssURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid MOA-SP/SS Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid", request));
+ }
+ }
+ }
+
+ check = form.getPvp2IssuerName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("PVP2 IssuerName is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getPvp2OrgDisplayName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("PVP2 organisation display name is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getPvp2OrgName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("PVP2 organisation name is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = form.getPvp2OrgURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("PVP2 organisation URL is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid", request));
+ }
+ }
+
// check = form.getPvp2PublicUrlPrefix();
// if (MiscUtil.isNotEmpty(check)) {
// if (!ValidationHelper.validateURL(check)) {
@@ -327,175 +330,175 @@ public class MOAConfigValidator {
// errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid"));
// }
// }
-
- if (isMOAIDMode) {
- check = form.getSLRequestTemplateHandy();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLRequestTemplate Handy-BKU");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request));
- } else {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.info("SLRequestTemplate Handy-BKU is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request));
- }
- }
-
- check = form.getSLRequestTemplateLocal();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLRequestTemplate local BKU");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request));
- } else {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.info("SLRequestTemplate local BKU is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request));
- }
- }
-
- check = form.getSLRequestTemplateOnline();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SLRequestTemplate Online-BKU");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request));
- } else {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.info("SLRequestTemplate Online-BKU is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request));
- }
- }
-
- check = form.getSsoFriendlyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("SSO friendlyname is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- // check = form.getSsoIdentificationNumber();
- // if (MiscUtil.isNotEmpty(check)) {
- // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
- // log.info("SSO IdentificationNumber is not valid: " + check);
- // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid",
- // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
- // }
- // }
-
- // check = form.getSsoPublicUrl();
- // if (MiscUtil.isNotEmpty(check)) {
- // if (!ValidationHelper.validateURL(check)) {
- // log.info("SSO Public URL is not valid");
- // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid"));
- // }
- // }
-
- check = form.getSsoSpecialText();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, true)) {
- log.info("SSO SpecialText is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(true)} , request));
- }
- }
-
- check = form.getSsoTarget();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty SSO Target");
- //errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty", request));
-
- } else {
- if (!ValidationHelper.isValidAdminTarget(check)) {
-
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
-
- String num = check.replaceAll(" ", "");
-
- if ( !(num.startsWith(Constants.IDENIFICATIONTYPE_FN) ||
- num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) ||
- num.startsWith(Constants.IDENIFICATIONTYPE_ERSB) ) ) {
-
- log.info("Not valid SSO Target");
- errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request));
- }
-
- }
- }
-
- check = form.getSzrgwURL();
- if (MiscUtil.isNotEmpty(check)) {
- String[] szrGWServiceURLs = check.split(",");
- for (String el : szrGWServiceURLs) {
- if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
- log.info("Not valid Online-Mandate Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid",
- new Object[]{el}, request));
- }
- }
- }
- }
-
- check = form.getTrustedCACerts();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty TrustCACerts Directory");
- errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request));
-
- } else {
- if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
- log.info("Not valid TrustCACerts Directory");
- errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid",
- new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()}, request ));
- }
- }
-
-
- if (isMOAIDMode) {
- if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) {
- HashMap<String, byte[]> map = new HashMap<String, byte[]>();
- for (int i=0; i<form.getFileUploadFileName().size(); i++) {
- String filename = form.getFileUploadFileName().get(i);
-
- if (MiscUtil.isNotEmpty(filename)) {
- if (ValidationHelper.containsNotValidCharacter(filename, false)) {
- log.info("SL Transformation Filename is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid", request));
-
- } else {
- try {
- File file = form.getFileUpload().get(i);
- FileInputStream stream = new FileInputStream(file);
- map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
-
- } catch (IOException e) {
- log.info("SecurtiyLayerTransformation with FileName "
- + filename +" can not be loaded." , e);
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid",
- new Object[] {filename}, request ));
- }
- }
- }
- }
-
- form.setSecLayerTransformation(map);
-
- } else {
- if (form.getSecLayerTransformation() == null) {
- log.info("AuthBlock Transformation file is empty");
- errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request));
-
- }
- }
- }
-
-
- ContactForm contact = form.getPvp2Contact();
- if (contact != null) {
- PVP2ContactValidator pvp2validator = new PVP2ContactValidator();
- errors.addAll(pvp2validator.validate(contact, request));
- }
-
- return errors;
- }
+
+ if (isMOAIDMode) {
+ check = form.getSLRequestTemplateHandy();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate Handy-BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty", request));
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("SLRequestTemplate Handy-BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid", request));
+ }
+ }
+
+ check = form.getSLRequestTemplateLocal();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate local BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty", request));
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("SLRequestTemplate local BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid", request));
+ }
+ }
+
+ check = form.getSLRequestTemplateOnline();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SLRequestTemplate Online-BKU");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty", request));
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("SLRequestTemplate Online-BKU is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid", request));
+ }
+ }
+
+ check = form.getSsoFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("SSO friendlyname is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ // check = form.getSsoIdentificationNumber();
+ // if (MiscUtil.isNotEmpty(check)) {
+ // if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ // log.info("SSO IdentificationNumber is not valid: " + check);
+ // errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid",
+ // new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+ // }
+ // }
+
+ // check = form.getSsoPublicUrl();
+ // if (MiscUtil.isNotEmpty(check)) {
+ // if (!ValidationHelper.validateURL(check)) {
+ // log.info("SSO Public URL is not valid");
+ // errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid"));
+ // }
+ // }
+
+ check = form.getSsoSpecialText();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
+ log.info("SSO SpecialText is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(true) }, request));
+ }
+ }
+
+ check = form.getSsoTarget();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty SSO Target");
+ // errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty",
+ // request));
+
+ } else {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+
+ final String num = check.replaceAll(" ", "");
+
+ if (!(num.startsWith(Constants.IDENIFICATIONTYPE_FN) ||
+ num.startsWith(Constants.IDENIFICATIONTYPE_ZVR) ||
+ num.startsWith(Constants.IDENIFICATIONTYPE_ERSB))) {
+
+ log.info("Not valid SSO Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid", request));
+ }
+
+ }
+ }
+
+ check = form.getSzrgwURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ final String[] szrGWServiceURLs = check.split(",");
+ for (final String el : szrGWServiceURLs) {
+ if (MiscUtil.isNotEmpty(el) && !ValidationHelper.validateURL(StringUtils.chomp(el.trim()))) {
+ log.info("Not valid Online-Mandate Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid",
+ new Object[] { el }, request));
+ }
+ }
+ }
+ }
+
+ check = form.getTrustedCACerts();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty TrustCACerts Directory");
+ errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty", request));
+
+ } else {
+ if (ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("Not valid TrustCACerts Directory");
+ errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid",
+ new Object[] { ValidationHelper.getNotValidOAIdentifierCharacters() }, request));
+ }
+ }
+
+ if (isMOAIDMode) {
+ if (form.getFileUploadFileName() != null && !form.getFileUploadFileName().isEmpty()) {
+ final HashMap<String, byte[]> map = new HashMap<>();
+ for (int i = 0; i < form.getFileUploadFileName().size(); i++) {
+ final String filename = form.getFileUploadFileName().get(i);
+
+ if (MiscUtil.isNotEmpty(filename)) {
+ if (ValidationHelper.containsNotValidCharacter(filename, false)) {
+ log.info("SL Transformation Filename is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid",
+ request));
+
+ } else {
+ try {
+ final File file = form.getFileUpload().get(i);
+ final FileInputStream stream = new FileInputStream(file);
+ map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
+
+ } catch (final IOException e) {
+ log.info("SecurtiyLayerTransformation with FileName "
+ + filename + " can not be loaded.", e);
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid",
+ new Object[] { filename }, request));
+ }
+ }
+ }
+ }
+
+ form.setSecLayerTransformation(map);
+
+ } else {
+ if (form.getSecLayerTransformation() == null) {
+ log.info("AuthBlock Transformation file is empty");
+ errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.empty", request));
+
+ }
+ }
+ }
+
+ final ContactForm contact = form.getPvp2Contact();
+ if (contact != null) {
+ final PVP2ContactValidator pvp2validator = new PVP2ContactValidator();
+ errors.addAll(pvp2validator.validate(contact, request));
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
index f7edbee71..f6deb6b09 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java
@@ -28,76 +28,76 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
-
+@Slf4j
public class PVP2ContactValidator {
- public static final List<String> AllowedTypes= Arrays.asList(
- "technical",
- "support",
- "administrative",
- "billing",
- "other");
-
- private static final Logger log = Logger.getLogger(PVP2ContactValidator.class);
-
- public List<String >validate(ContactForm contact, HttpServletRequest request) {
- List<String> errors = new ArrayList<String>();
-
- String check = contact.getCompany();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("PVP2 Contact: Company is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = contact.getGivenname();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("PVP2 Contact: GivenName is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = contact.getSurname();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.info("PVP2 Contact: SureName is not valid: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- check = contact.getType();
- if (MiscUtil.isNotEmpty(check)) {
- if (!AllowedTypes.contains(check)) {
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid", request));
- }
- }
-
- check = contact.getMail();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isEmailAddressFormat(check)) {
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid", request));
- }
- }
-
- check = contact.getPhone();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validatePhoneNumber(check)) {
- errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid", request));
- }
- }
-
- return errors;
- }
+ public static final List<String> AllowedTypes = Arrays.asList(
+ "technical",
+ "support",
+ "administrative",
+ "billing",
+ "other");
+
+ public List<String> validate(ContactForm contact, HttpServletRequest request) {
+ final List<String> errors = new ArrayList<>();
+
+ String check = contact.getCompany();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("PVP2 Contact: Company is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = contact.getGivenname();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("PVP2 Contact: GivenName is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = contact.getSurname();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.info("PVP2 Contact: SureName is not valid: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ check = contact.getType();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!AllowedTypes.contains(check)) {
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid",
+ request));
+ }
+ }
+
+ check = contact.getMail();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isEmailAddressFormat(check)) {
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid",
+ request));
+ }
+ }
+
+ check = contact.getPhone();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validatePhoneNumber(check)) {
+ errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid",
+ request));
+ }
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index 41fce8e60..088e377b4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -5,8 +5,6 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.StorkAttribute;
@@ -14,108 +12,117 @@ import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class StorkConfigValidator {
- private static final Logger log = Logger.getLogger(StorkConfigValidator.class);
+ public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) {
- public List<String> validate(GeneralStorkConfig form, HttpServletRequest request) {
+ final List<String> errors = new ArrayList<>();
- List<String> errors = new ArrayList<String>();
+ log.debug("Validate general STORK configuration");
- log.debug("Validate general STORK configuration");
+ // check peps list
- // check peps list
-
// if (form.getCpepslist() != null) {
// for(CPEPS current : form.getCpepslist()) {
- if (form.getRawCPEPSList() != null) {
- for(CPEPS current : form.getRawCPEPSList()) {
- // if an existing record got deleted
- if(null == current)
- continue;
-
- // check country code
- String check = current.getCountryCode();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("CPEPS config countrycode contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- if(!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
- log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check);
- errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
- new Object[] {check}, request ));
- }
-
- // check url
- check = current.getURL();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("CPEPS config URL is invalid : " + check);
- errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request));
- }
- } else {
- log.warn("CPEPS config url is empty : " + check);
- errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
- new Object[] {check}, request ));
- }
-
- } else {
- log.warn("CPEPS config countrycode is empty : " + check);
+ if (form.getRawCPEPSList() != null) {
+ for (final CPEPS current : form.getRawCPEPSList()) {
+ // if an existing record got deleted
+ if (null == current) {
+ continue;
+ }
+
+ // check country code
+ String check = current.getCountryCode();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("CPEPS config countrycode contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ if (!check.toLowerCase().matches("(^[a-z][a-z]$)|(^[a-z][a-z]-[a-z,0-9]*)")) {
+ log.warn("CPEPS config countrycode does not comply to ISO 3166-2 : " + check);
+ errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.cc",
+ new Object[] { check }, request));
+ }
+
+ // check url
+ check = current.getURL();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("CPEPS config URL is invalid : " + check);
+ errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.url", request));
+ }
+ } else {
+ log.warn("CPEPS config url is empty : " + check);
+ errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
+ new Object[] { check }, request));
+ }
+
+ } else {
+ log.warn("CPEPS config countrycode is empty : " + check);
// errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
// new Object[] {check}, request ));
- }
-
- }
-
- if (form.getCpepslist() != null) {
- // ensure uniqueness of country code
- for (CPEPS one : form.getCpepslist())
- for (CPEPS another : form.getCpepslist())
- if (null != one && null != another && one.getCountryCode() != null)
- if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) {
- errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request));
- break;
- }
- }
- }
-
- // check qaa
- String qaa = form.getDefaultQaa();
- if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
- log.warn("eIDAS LoA is not allowed : " + qaa);
- errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa}, request ));
- }
-
- // check attributes
- if (MiscUtil.isNotEmpty(form.getAttributes())) {
- for(StorkAttribute check : form.getAttributes()) {
- if (check != null && MiscUtil.isNotEmpty(check.getName())) {
- String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come with a "/", we need to exclude them from validation. TODO Or should we require the admin to escape them in the UI?
- if (ValidationHelper.containsNotValidCharacter(tmp, true)) {
- log.warn("default attributes contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
- new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
- }
- if(!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
- log.warn("default attributes do not match the requested format : " + check);
- errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
- new Object[] {check}, request ));
- }
-
- }
- }
-
- //TODO: STORK attributes check if no attribute is set
+ }
+
+ }
+
+ if (form.getCpepslist() != null) {
+ // ensure uniqueness of country code
+ for (final CPEPS one : form.getCpepslist()) {
+ for (final CPEPS another : form.getCpepslist()) {
+ if (null != one && null != another && one.getCountryCode() != null) {
+ if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) {
+ errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request));
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ // check qaa
+ final String qaa = form.getDefaultQaa();
+ if (!MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
+ errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
+ new Object[] { qaa }, request));
+ }
+
+ // check attributes
+ if (MiscUtil.isNotEmpty(form.getAttributes())) {
+ for (final StorkAttribute check : form.getAttributes()) {
+ if (check != null && MiscUtil.isNotEmpty(check.getName())) {
+ final String tmp = check.getName().replace("eidas/attributes/", ""); // since eIDaS attributes come
+ // with a "/", we need to
+ // exclude them from
+ // validation. TODO Or should
+ // we require the admin to
+ // escape them in the UI?
+ if (ValidationHelper.containsNotValidCharacter(tmp, true)) {
+ log.warn("default attributes contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+ new Object[] { ValidationHelper.getNotValidCharacter(true) }, request));
+ }
+ if (!tmp.toLowerCase().matches("^[A-Za-z]*$")) {
+ log.warn("default attributes do not match the requested format : " + check);
+ errors.add(LanguageHelper.getErrorString("validation.stork.requestedattributes",
+ new Object[] { check }, request));
+ }
+
+ }
+ }
+
+ // TODO: STORK attributes check if no attribute is set
// } else {
// log.warn("no attributes specified");
// errors.add(LanguageHelper.getErrorString("validation.stork.attributes.empty",
// new Object[] {} ));
- }
+ }
- return errors;
- }
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index 5a31d8f47..9c5b145b8 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -28,233 +28,228 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class OAAuthenticationDataValidation {
- private static final Logger log = Logger.getLogger(OASSOConfigValidation.class);
-
- public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
- String check;
-
-
-
- //Check BKU URLs
- if (isAdmin) {
- check =form.getBkuHandyURL();
- if (MiscUtil.isNotEmpty(check)) {
+ public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+ String check;
+
+ // Check BKU URLs
+ if (isAdmin) {
+ check = form.getBkuHandyURL();
+ if (MiscUtil.isNotEmpty(check)) {
// log.info("Empty Handy-BKU URL");
// errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty"));
-//
+//
// } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Handy-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request));
- }
- }
-
- check =form.getBkuLocalURL();
- if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Handy-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid", request));
+ }
+ }
+
+ check = form.getBkuLocalURL();
+ if (MiscUtil.isNotEmpty(check)) {
// log.info("Empty Local-BKU URL");
// errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty"));
-//
+//
// } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request));
- }
- }
-
- check =form.getBkuOnlineURL();
- if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid", request));
+ }
+ }
+
+ check = form.getBkuOnlineURL();
+ if (MiscUtil.isNotEmpty(check)) {
// log.info("Empty Online-BKU URL");
// errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty"));
-//
+//
// } else {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid Online-BKU URL");
- errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request));
- }
- }
- }
-
- if (isAdmin) {
- //check KeyBoxIdentifier
- check = form.getKeyBoxIdentifier();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty KeyBoxIdentifier");
- errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request));
- } else {
- Map<String, String> list = form.getKeyBoxIdentifierList();
- if (!list.containsKey(check)) {
- log.info("Not valid KeyBoxIdentifier " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request));
- }
- }
-
- //check LegacyMode SLTemplates
- if (form.isLegacy()) {
- if (MiscUtil.isEmpty(form.getSLTemplateURL1()) &&
- MiscUtil.isEmpty(form.getSLTemplateURL2()) &&
- MiscUtil.isEmpty(form.getSLTemplateURL3()) ) {
- log.info("Empty OA-specific SecurityLayer Templates");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request));
-
- } else {
- check = form.getSLTemplateURL1();
- if (MiscUtil.isNotEmpty(check) &&
- ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
- log.info("First OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request));
- }
- check = form.getSLTemplateURL2();
- if (MiscUtil.isNotEmpty(check) &&
- ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
- log.info("Second OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request));
- }
- check = form.getSLTemplateURL3();
- if (MiscUtil.isNotEmpty(check) &&
- ValidationHelper.isNotValidIdentityLinkSigner(check) ) {
- log.info("Third OA-specific SecurityLayer Templates is not valid");
- errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request));
- }
- }
- }
- }
-
- //check Mandate Profiles
- check = form.getMandateProfiles();
- if (MiscUtil.isNotEmpty(check)) {
-
- if (!form.isUseMandates()) {
- log.info("MandateProfiles configured but useMandates is false.");
- errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request));
- }
-
- if (ValidationHelper.containsNotValidCharacter(check, true)) {
- log.warn("MandateProfiles contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles",
- new Object[] {ValidationHelper.getNotValidCharacter(true)}, request ));
- }
- }
-
- check =form.getMisServiceSelected();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid MIS Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid",
- new Object[]{check}, request));
- }
- }
-
- check =form.getElgaServiceSelected();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid ELGA Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid",
- new Object[]{check}, request));
- }
- }
-
- check =form.getSzrgwServiceSelected();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid SZR-GW Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid",
- new Object[]{check}, request));
- }
- }
-
- check =form.getEidServiceSelected();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.validateURL(check)) {
- log.info("Not valid E-ID Service URL");
- errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid",
- new Object[]{check}, request));
- }
- }
-
- if (form.isEnableTestCredentials()
- && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) {
- for (String el : form.getTestCredialOIDList()) {
- if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) {
- log.warn("Test credential OID does not start with test credential root OID");
- errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid",
- new Object[] {el}, request ));
- }
- }
-
-
- }
-
- if (form.isSl20Active()) {
- if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) {
- log.debug("Validate SL2.0 configuration ... ");
- List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints());
- if (sl20Endpoints.size() == 1) {
- String value = sl20Endpoints.get(0);
-
- if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
- value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
- log.warn("SL2.0 endpoint '" + value + "' has wrong format");
- errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
- new Object[] {value}, request ));
-
- } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
- !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) {
- log.info("Find one SL2.0 endpoint without 'default='. Start update ... ");
- form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);
-
- }
-
- } else {
- boolean findDefault = false;
- for (String el : sl20Endpoints) {
- if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
- log.warn("SL2.0 endpoint '" + el + "' has wrong format");
- errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
- new Object[] {el}, request ));
-
- } else {
- if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
- log.debug("Find default endpoint.");
- findDefault = true;
-
- } else {
- String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
- try {
- Integer.valueOf(firstPart);
-
- } catch (NumberFormatException e) {
- log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
- errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
- new Object[] {el}, request ));
-
- }
- }
- }
- }
-
- if (!findDefault) {
- log.warn("SL2.0 endpoints contains NO default endpoint");
- errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default",
- new Object[] {}, request ));
-
- }
- }
- }
- }
-
- return errors;
- }
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid Online-BKU URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid", request));
+ }
+ }
+ }
+
+ if (isAdmin) {
+ // check KeyBoxIdentifier
+ check = form.getKeyBoxIdentifier();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty KeyBoxIdentifier");
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty", request));
+ } else {
+ final Map<String, String> list = form.getKeyBoxIdentifierList();
+ if (!list.containsKey(check)) {
+ log.info("Not valid KeyBoxIdentifier " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid", request));
+ }
+ }
+
+ // check LegacyMode SLTemplates
+ if (form.isLegacy()) {
+ if (MiscUtil.isEmpty(form.getSLTemplateURL1()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL2()) &&
+ MiscUtil.isEmpty(form.getSLTemplateURL3())) {
+ log.info("Empty OA-specific SecurityLayer Templates");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty", request));
+
+ } else {
+ check = form.getSLTemplateURL1();
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("First OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid", request));
+ }
+ check = form.getSLTemplateURL2();
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("Second OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid", request));
+ }
+ check = form.getSLTemplateURL3();
+ if (MiscUtil.isNotEmpty(check) &&
+ ValidationHelper.isNotValidIdentityLinkSigner(check)) {
+ log.info("Third OA-specific SecurityLayer Templates is not valid");
+ errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid", request));
+ }
+ }
+ }
+ }
+
+ // check Mandate Profiles
+ check = form.getMandateProfiles();
+ if (MiscUtil.isNotEmpty(check)) {
+
+ if (!form.isUseMandates()) {
+ log.info("MandateProfiles configured but useMandates is false.");
+ errors.add(LanguageHelper.getErrorString("validation.general.mandate.usemandate", request));
+ }
+
+ if (ValidationHelper.containsNotValidCharacter(check, true)) {
+ log.warn("MandateProfiles contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles",
+ new Object[] { ValidationHelper.getNotValidCharacter(true) }, request));
+ }
+ }
+
+ check = form.getMisServiceSelected();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid MIS Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid",
+ new Object[] { check }, request));
+ }
+ }
+
+ check = form.getElgaServiceSelected();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid ELGA Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.elga.mandateservice.valid",
+ new Object[] { check }, request));
+ }
+ }
+
+ check = form.getSzrgwServiceSelected();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid SZR-GW Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid",
+ new Object[] { check }, request));
+ }
+ }
+
+ check = form.getEidServiceSelected();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("Not valid E-ID Service URL");
+ errors.add(LanguageHelper.getErrorString("validation.general.eid.url.valid",
+ new Object[] { check }, request));
+ }
+ }
+
+ if (form.isEnableTestCredentials()
+ && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) {
+ for (final String el : form.getTestCredialOIDList()) {
+ if (!el.startsWith(MOAIDConstants.TESTCREDENTIALROOTOID)) {
+ log.warn("Test credential OID does not start with test credential root OID");
+ errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid",
+ new Object[] { el }, request));
+ }
+ }
+
+ }
+
+ if (form.isSl20Active()) {
+ if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) {
+ log.debug("Validate SL2.0 configuration ... ");
+ final List<String> sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints());
+ if (sl20Endpoints.size() == 1) {
+ final String value = sl20Endpoints.get(0);
+
+ if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
+ value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.warn("SL2.0 endpoint '" + value + "' has wrong format");
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
+ new Object[] { value }, request));
+
+ } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) &&
+ !value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.info("Find one SL2.0 endpoint without 'default='. Start update ... ");
+ form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value);
+
+ }
+
+ } else {
+ boolean findDefault = false;
+ for (final String el : sl20Endpoints) {
+ if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.warn("SL2.0 endpoint '" + el + "' has wrong format");
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
+ new Object[] { el }, request));
+
+ } else {
+ if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) {
+ log.debug("Find default endpoint.");
+ findDefault = true;
+
+ } else {
+ final String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0];
+ try {
+ Integer.valueOf(firstPart);
+
+ } catch (final NumberFormatException e) {
+ log.warn("SL2.0 endpoint '" + el + "' has wrong format", e);
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong",
+ new Object[] { el }, request));
+
+ }
+ }
+ }
+ }
+
+ if (!findDefault) {
+ log.warn("SL2.0 endpoints contains NO default endpoint");
+ errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default",
+ new Object[] {}, request));
+
+ }
+ }
+ }
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
index 2011a07f1..951b89753 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java
@@ -27,67 +27,62 @@ import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
-import org.apache.commons.io.IOUtils;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
-import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
/**
* @author tlenz
*
*/
+@Slf4j
public class OAFileUploadValidation {
- private static final Logger log = Logger.getLogger(OASSOConfigValidation.class);
-
- public List<String> validate(List<String> fileName, List<File> files,
- String errorMsgPreFix, Map<String, byte[]> output, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
-
- if (fileName != null) {
-
- if (fileName.size() > 1) {
- log.info("Only one BKU-selecten template file can be stored");
- errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request));
- }
-
- for (int i=0; i<fileName.size(); i++) {
- String filename = fileName.get(i);
-
- if (MiscUtil.isNotEmpty(filename)) {
- if (ValidationHelper.containsNotValidCharacter(filename, false)) {
- log.info("Filename is not valid");
- errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request));
-
- } else {
- try {
- File file = files.get(i);
- InputStream stream = new FileInputStream(file);
- output.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
- stream.close();
-
- } catch (IOException e) {
- log.info("File with FileName "
- + filename +" can not be loaded." , e);
- errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid",
- new Object[] {filename}, request ));
- }
- }
- }
- }
- }
-
- return errors;
- }
+ public List<String> validate(List<String> fileName, List<File> files,
+ String errorMsgPreFix, Map<String, byte[]> output, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+
+ if (fileName != null) {
+
+ if (fileName.size() > 1) {
+ log.info("Only one BKU-selecten template file can be stored");
+ errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.selected", request));
+ }
+
+ for (int i = 0; i < fileName.size(); i++) {
+ final String filename = fileName.get(i);
+
+ if (MiscUtil.isNotEmpty(filename)) {
+ if (ValidationHelper.containsNotValidCharacter(filename, false)) {
+ log.info("Filename is not valid");
+ errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".filename.valid", request));
+
+ } else {
+ try {
+ final File file = files.get(i);
+ final InputStream stream = new FileInputStream(file);
+ output.put(filename, Base64Utils.encode(stream).getBytes("UTF-8"));
+ stream.close();
+
+ } catch (final IOException e) {
+ log.info("File with FileName "
+ + filename + " can not be loaded.", e);
+ errors.add(LanguageHelper.getErrorString(errorMsgPreFix + ".file.valid",
+ new Object[] { filename }, request));
+ }
+ }
+ }
+ }
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java
index c30c11f5a..205e792fa 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAOAUTH20ConfigValidation.java
@@ -28,30 +28,29 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
-import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class OAOAUTH20ConfigValidation {
-
- private static final Logger log = Logger.getLogger(OAOAUTH20ConfigValidation.class);
-
- public List<String> validate(OAOAuth20Config form, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
-
- // validate secret
+
+ public List<String> validate(OAOAuth20Config form, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+
+ // validate secret
// if (StringUtils.isEmpty(form.getClientSecret())) {
// errors.add(LanguageHelper.getErrorString("error.oa.oauth.clientSecret"));
// }
-
- // validate redirectUri
- if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) {
- errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request));
- }
-
- return errors;
- }
+
+ // validate redirectUri
+ if (StringUtils.isNotEmpty(form.getRedirectUri()) && !OAuth20Util.isUrl(form.getRedirectUri())) {
+ errors.add(LanguageHelper.getErrorString("error.oa.oauth.redirecturi", request));
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index cbb7c88b2..8e9865a3a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -33,7 +33,6 @@ import javax.net.ssl.SSLHandshakeException;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.MOAHttpClient;
-import org.apache.log4j.Logger;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
@@ -57,186 +56,189 @@ import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.x509.X509Certificate;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class OAPVP2ConfigValidation {
- private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class);
-
- public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) {
-
- Timer timer = null;
- MOAHttpClient httpClient = null;
- HTTPMetadataProvider httpProvider = null;
-
- List<String> errors = new ArrayList<String>();
- try {
- byte[] certSerialized = null;
- if (form.getFileUpload() != null)
- certSerialized = form.getCertificate();
-
- else {
- try {
- //Some databases does not allow the selection of a lob in SQL where expression
- String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties().getProperty("hibernate.connection.driver_class");
- boolean backupVersion = false;
- if (MiscUtil.isNotEmpty(dbDriver)) {
- for (String el:MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
- if (dbDriver.startsWith(el)) {
- backupVersion = true;
- log.debug("JDBC driver '" + dbDriver
- + "' is blacklisted --> Switch to alternative DB access methode implementation.");
-
- }
-
- }
- }
-
- Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead().getOnlineApplicationKeyValueWithId(oaID, backupVersion);
- if (oa != null &&
- MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) {
- certSerialized = Base64Utils.decode(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false);
- form.setStoredCert(certSerialized);
- }
-
- } catch (ConfigurationException e) {
- log.error("MOA-ID-Configuration initialization FAILED.", e);
-
- }
- }
-
- String check = form.getMetaDataURL();
- if (MiscUtil.isNotEmpty(check)) {
-
- if (!ValidationHelper.validateURL(check)) {
- log.info("MetaDataURL has no valid form.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request));
-
- } else {
- if (certSerialized == null) {
- log.info("No certificate for metadata validation");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
-
- } else {
- if (form.getMetaDataURL().startsWith("http")) {
- X509Certificate cert = new X509Certificate(certSerialized);
- BasicX509Credential credential = new BasicX509Credential();
- credential.setEntityCertificate(cert);
-
- timer = new Timer();
- httpClient = new MOAHttpClient();
-
- if (form.getMetaDataURL().startsWith("https:"))
- try {
- MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
- "MOAMetaDataProvider",
- true,
- ConfigurationProvider.getInstance().getCertStoreDirectory(),
- ConfigurationProvider.getInstance().getTrustStoreDirectory(),
- null,
- "pkix",
- true,
- new String[]{"crl"},
- false);
-
- httpClient.setCustomSSLTrustStore(
- form.getMetaDataURL(),
- protoSocketFactory);
-
- } catch (MOAHttpProtocolSocketFactoryException e) {
- log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
-
- } catch (ConfigurationException e) {
- log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.");
-
- }
-
- List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
- filterList.add(new MetaDataVerificationFilter(credential));
-
- try {
- filterList.add(new SchemaValidationFilter(
- ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
-
- } catch (ConfigurationException e) {
- log.warn("Configuration access FAILED!", e);
-
- }
-
- MetadataFilterChain filter = new MetadataFilterChain();
- filter.setFilters(filterList);
-
- httpProvider =
- new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
- httpProvider.setParserPool(new BasicParserPool());
- httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(filter);
- httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
- httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
-
- httpProvider.setRequireValidMetadata(true);
-
- httpProvider.initialize();
-
-
-
-
- if (httpProvider.getMetadata() == null) {
- log.info("Metadata could be received but validation FAILED.");
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
- }
-
- } else {
- log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form.getMetaDataURL());
-
- }
-
- }
- }
- }
-
- } catch (CertificateException e) {
- log.info("Uploaded Certificate can not be found", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
-
- } catch (IOException e) {
- log.info("Metadata can not be loaded from URL", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request));
-
- } catch (MetadataProviderException e) {
-
- try {
- if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
- log.info("SSL Server certificate not trusted.", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
-
- } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
- log.info("MetaDate verification failed", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request));
-
- } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
- log.info("MetaDate verification failed", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request));
-
- } else {
- log.info("MetaDate verification failed", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
- }
-
- } catch (Exception e1) {
- log.info("MetaDate verification failed", e1);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
-
- }
-
- } finally {
- if (httpProvider != null)
- httpProvider.destroy();
-
- if (timer != null)
- timer.cancel();
-
- }
-
- return errors;
- }
+ public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) {
+
+ Timer timer = null;
+ MOAHttpClient httpClient = null;
+ HTTPMetadataProvider httpProvider = null;
+
+ final List<String> errors = new ArrayList<>();
+ try {
+ byte[] certSerialized = null;
+ if (form.getFileUpload() != null) {
+ certSerialized = form.getCertificate();
+ } else {
+ try {
+ // Some databases does not allow the selection of a lob in SQL where expression
+ final String dbDriver = ConfigurationProvider.getInstance().getConfigurationProperties()
+ .getProperty("hibernate.connection.driver_class");
+ boolean backupVersion = false;
+ if (MiscUtil.isNotEmpty(dbDriver)) {
+ for (final String el : MOAIDConstants.JDBC_DRIVER_NEEDS_WORKAROUND) {
+ if (dbDriver.startsWith(el)) {
+ backupVersion = true;
+ log.debug("JDBC driver '" + dbDriver
+ + "' is blacklisted --> Switch to alternative DB access methode implementation.");
+
+ }
+
+ }
+ }
+
+ final Map<String, String> oa = ConfigurationProvider.getInstance().getDbRead()
+ .getOnlineApplicationKeyValueWithId(oaID, backupVersion);
+ if (oa != null &&
+ MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE))) {
+ certSerialized = Base64Utils.decode(oa.get(
+ MOAIDConfigurationConstants.SERVICE_PROTOCOLS_PVP2X_CERTIFICATE), false);
+ form.setStoredCert(certSerialized);
+ }
+
+ } catch (final ConfigurationException e) {
+ log.error("MOA-ID-Configuration initialization FAILED.", e);
+
+ }
+ }
+
+ final String check = form.getMetaDataURL();
+ if (MiscUtil.isNotEmpty(check)) {
+
+ if (!ValidationHelper.validateURL(check)) {
+ log.info("MetaDataURL has no valid form.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request));
+
+ } else {
+ if (certSerialized == null) {
+ log.info("No certificate for metadata validation");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
+
+ } else {
+ if (form.getMetaDataURL().startsWith("http")) {
+ final X509Certificate cert = new X509Certificate(certSerialized);
+ final BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(cert);
+
+ timer = new Timer();
+ httpClient = new MOAHttpClient();
+
+ if (form.getMetaDataURL().startsWith("https:")) {
+ try {
+ final MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+ "MOAMetaDataProvider",
+ true,
+ ConfigurationProvider.getInstance().getCertStoreDirectory(),
+ ConfigurationProvider.getInstance().getTrustStoreDirectory(),
+ null,
+ "pkix",
+ true,
+ new String[] { "crl" },
+ false);
+
+ httpClient.setCustomSSLTrustStore(
+ form.getMetaDataURL(),
+ protoSocketFactory);
+
+ } catch (final MOAHttpProtocolSocketFactoryException e) {
+ log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+
+ } catch (final ConfigurationException e) {
+ log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.");
+
+ }
+ }
+
+ final List<MetadataFilter> filterList = new ArrayList<>();
+ filterList.add(new MetaDataVerificationFilter(credential));
+
+ try {
+ filterList.add(new SchemaValidationFilter(
+ ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+
+ } catch (final ConfigurationException e) {
+ log.warn("Configuration access FAILED!", e);
+
+ }
+
+ final MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
+
+ httpProvider =
+ new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.setMinRefreshDelay(1000 * 60 * 15); // 15 minutes
+ httpProvider.setMaxRefreshDelay(1000 * 60 * 60 * 24); // 24 hours
+
+ httpProvider.setRequireValidMetadata(true);
+
+ httpProvider.initialize();
+
+ if (httpProvider.getMetadata() == null) {
+ log.info("Metadata could be received but validation FAILED.");
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
+ }
+
+ } else {
+ log.info("Metadata load validation skipped, because it's no http(s) metadata: " + form
+ .getMetaDataURL());
+
+ }
+
+ }
+ }
+ }
+
+ } catch (final CertificateException e) {
+ log.info("Uploaded Certificate can not be found", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request));
+
+ } catch (final IOException e) {
+ log.info("Metadata can not be loaded from URL", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request));
+
+ } catch (final MetadataProviderException e) {
+
+ try {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.info("SSL Server certificate not trusted.", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request));
+
+ } else {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
+ }
+
+ } catch (final Exception e1) {
+ log.info("MetaDate verification failed", e1);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
+
+ }
+
+ } finally {
+ if (httpProvider != null) {
+ httpProvider.destroy();
+ }
+
+ if (timer != null) {
+ timer.cancel();
+ }
+
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java
index 95104b929..903e8899a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java
@@ -27,25 +27,23 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class OASAML1ConfigValidation {
- private static final Logger log = Logger.getLogger(OASAML1ConfigValidation.class);
-
- public List<String> validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
-
- if (general.isBusinessService() && form.isProvideStammZahl()) {
- log.info("ProvideStammZahl can not be used with BusinessService applications");
- errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request));
- }
-
- return errors;
- }
+ public List<String> validate(OASAML1Config form, OAGeneralConfig general, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+
+ if (general.isBusinessService() && form.isProvideStammZahl()) {
+ log.info("ProvideStammZahl can not be used with BusinessService applications");
+ errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl", request));
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java
index 971e11cc4..109257551 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java
@@ -27,33 +27,31 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class OASSOConfigValidation {
-
- private static final Logger log = Logger.getLogger(OASSOConfigValidation.class);
-
- public List<String> validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
-
- String urlString = form.getSingleLogOutURL();
- if (MiscUtil.isEmpty(urlString)) {
- log.info("No Single Log-Out URL");
- //TODO: set error if it is implemented
- //errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty"));
- } else {
- if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) {
- log.info("Single Log-Out url validation error");
- errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request));
- }
- }
-
- return errors;
- }
+
+ public List<String> validate(OASSOConfig form, boolean isAdmin, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+
+ final String urlString = form.getSingleLogOutURL();
+ if (MiscUtil.isEmpty(urlString)) {
+ log.info("No Single Log-Out URL");
+ // TODO: set error if it is implemented
+ // errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty"));
+ } else {
+ if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) {
+ log.info("Single Log-Out url validation error");
+ errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid", request));
+ }
+ }
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
index 00ccdca8c..a8836145a 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java
@@ -28,60 +28,59 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.MOAIDConstants;
import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class OASTORKConfigValidation {
- private static final Logger log = Logger.getLogger(OASTORKConfigValidation.class);
+ public List<String> validate(OASTORKConfig oageneral, HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+
+ // check qaa
+ final String qaa = oageneral.getQaa();
+ if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
+ log.warn("eIDAS LoA is not allowed : " + qaa);
+ errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
+ new Object[] { qaa }, request));
+ }
+
+ if (oageneral.isVidpEnabled()) {
+ final Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator();
+ while (interator.hasNext()) {
+ final AttributeProviderPlugin current = interator.next();
+ if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) {
+ log.info("AttributeProviderPlugin URL has no valid form.");
+ errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request));
+ }
+ if (MiscUtil.isEmpty(current.getName())) {
+ log.info("AttributeProviderPlugin Name is empty.");
+ errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request));
- public List<String> validate(OASTORKConfig oageneral, HttpServletRequest request) {
+ } else {
+ if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) {
+ log.info("AttributeProviderPlugin Name is not supported.");
+ errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request));
+ }
+ }
- List<String> errors = new ArrayList<String>();
+ if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches(
+ "[a-zA-Z]+(, ?[a-zA-Z]+)*")) {
+ log.info("AttributeProviderPlugin attributes are empty or do not match csv format.");
+ errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request));
+ }
+ }
- // check qaa
- String qaa = oageneral.getQaa();
- if (MiscUtil.isNotEmpty(qaa) && !MOAIDConstants.ALLOWED_eIDAS_LOA.contains(qaa)) {
- log.warn("eIDAS LoA is not allowed : " + qaa);
- errors.add(LanguageHelper.getErrorString("validation.stork.qaa.outofrange",
- new Object[] {qaa}, request ));
- }
-
- if (oageneral.isVidpEnabled()) {
- Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator();
- while (interator.hasNext()) {
- AttributeProviderPlugin current = interator.next();
- if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) {
- log.info("AttributeProviderPlugin URL has no valid form.");
- errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request));
- }
- if (MiscUtil.isEmpty(current.getName())) {
- log.info("AttributeProviderPlugin Name is empty.");
- errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.empty", request));
-
- } else {
- if (!oageneral.getAvailableAttributeProviderPlugins().contains(current.getName())) {
- log.info("AttributeProviderPlugin Name is not supported.");
- errors.add(LanguageHelper.getErrorString("validation.stork.ap.name.valid", request));
- }
- }
-
- if (MiscUtil.isEmpty(current.getAttributes()) || !current.getAttributes().matches("[a-zA-Z]+(, ?[a-zA-Z]+)*")) {
- log.info("AttributeProviderPlugin attributes are empty or do not match csv format.");
- errors.add(LanguageHelper.getErrorString("validation.stork.ap.attributes.valid", request));
- }
- }
-
- } else {
- oageneral.setAttributeProviderPlugins(null);
- }
+ } else {
+ oageneral.setAttributeProviderPlugins(null);
+ }
- return errors;
- }
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
index 4807d479e..3e1ed0a38 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java
@@ -29,8 +29,6 @@ import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
-
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig;
@@ -38,133 +36,133 @@ import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class OATargetConfigValidation {
- private static final Logger log = Logger.getLogger(OATargetConfigValidation.class);
-
- public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) {
-
- List<String> errors = new ArrayList<String>();
- String check;
-
- if (general.isBusinessService()) {
-
- //check identification type
- check = form.getIdentificationType();
- if (!form.getIdentificationTypeList().contains(check)) {
- log.info("IdentificationType is not known.");
- errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request));
- }
-
- //check identification number
- check = form.getIdentificationNumber();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty IdentificationNumber");
- errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request));
-
- } else {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("IdentificationNumber contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
-
- if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
- CompanyNumberValidator val = new CompanyNumberValidator();
- if (!val.validate(check)) {
- log.info("Not valid CompanyNumber");
- errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request));
- }
-
- } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) {
- Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}");
- Matcher matcher = pattern.matcher(check);
- if (!matcher.matches()) {
- log.info("Not valid eIDAS Target");
- errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid", request));
-
- }
-
- }
- }
-
- } else {
-
- check = form.getTarget_subsector();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isValidAdminTarget(check)) {
- log.info("Not valid Target-Subsector");
- errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request));
- }
- }
-
-
- if (!isAdmin) {
- //check PublicURL Prefix allows PublicService
- if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) {
- log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier());
- errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl",
- new Object[] {general.getIdentifier()}, request ));
- general.setBusinessService(true);
- return errors;
-
- }
-
- //check Target
- check = form.getTarget();
- if (MiscUtil.isEmpty(check)) {
- log.info("Empty Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
-
- } else {
- if (!ValidationHelper.isValidTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
- }
- }
-
- } else {
-
- //check targetFrindlyName();
- check = form.getTargetFriendlyName();
- if (MiscUtil.isNotEmpty(check)) {
- if (ValidationHelper.containsNotValidCharacter(check, false)) {
- log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
- errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
- new Object[] {ValidationHelper.getNotValidCharacter(false)}, request ));
- }
- }
-
- if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) {
- log.info("Empty Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
- }
-
- //check Target
- check = form.getTarget();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isValidTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
- }
- }
-
- //check Admin Target
- check = form.getTarget_admin();
- if (MiscUtil.isNotEmpty(check)) {
- if (!ValidationHelper.isValidAdminTarget(check)) {
- log.info("Not valid Target");
- errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request));
- }
- }
- }
- }
-
-
- //foreign bPK configuration
-
-
- return errors;
- }
+ public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general,
+ HttpServletRequest request) {
+
+ final List<String> errors = new ArrayList<>();
+ String check;
+
+ if (general.isBusinessService()) {
+
+ // check identification type
+ check = form.getIdentificationType();
+ if (!form.getIdentificationTypeList().contains(check)) {
+ log.info("IdentificationType is not known.");
+ errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request));
+ }
+
+ // check identification number
+ check = form.getIdentificationNumber();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty IdentificationNumber");
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request));
+
+ } else {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("IdentificationNumber contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+
+ if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) {
+ final CompanyNumberValidator val = new CompanyNumberValidator();
+ if (!val.validate(check)) {
+ log.info("Not valid CompanyNumber");
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid",
+ request));
+ }
+
+ } else if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_EIDAS)) {
+ final Pattern pattern = Pattern.compile("[A-Z,a-z]{2}\\+[A-Z,a-z]{2}");
+ final Matcher matcher = pattern.matcher(check);
+ if (!matcher.matches()) {
+ log.info("Not valid eIDAS Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.eidas.valid",
+ request));
+
+ }
+
+ }
+ }
+
+ } else {
+
+ check = form.getTarget_subsector();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target-Subsector");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request));
+ }
+ }
+
+ if (!isAdmin) {
+ // check PublicURL Prefix allows PublicService
+ if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) {
+ log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier());
+ errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl",
+ new Object[] { general.getIdentifier() }, request));
+ general.setBusinessService(true);
+ return errors;
+
+ }
+
+ // check Target
+ check = form.getTarget();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
+
+ } else {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
+ }
+ }
+
+ } else {
+
+ // check targetFrindlyName();
+ check = form.getTargetFriendlyName();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsNotValidCharacter(check, false)) {
+ log.warn("TargetFriendlyName contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname",
+ new Object[] { ValidationHelper.getNotValidCharacter(false) }, request));
+ }
+ }
+
+ if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) {
+ log.info("Empty Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request));
+ }
+
+ // check Target
+ check = form.getTarget();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request));
+ }
+ }
+
+ // check Admin Target
+ check = form.getTarget_admin();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (!ValidationHelper.isValidAdminTarget(check)) {
+ log.info("Not valid Target");
+ errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request));
+ }
+ }
+ }
+ }
+
+ // foreign bPK configuration
+
+ return errors;
+ }
}
diff --git a/id/ConfigWebTool/src/main/resources/logback.xml b/id/ConfigWebTool/src/main/resources/logback.xml
new file mode 100644
index 000000000..fc7508598
--- /dev/null
+++ b/id/ConfigWebTool/src/main/resources/logback.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-id-webgui.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="at.gv.egovernment.moa.id.configuration" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+ <logger name="at.gv.egovernment.moa.id.config.webgui" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+
+ <logger name="at.gv.egiz.eaaf" level="info">
+ <appender-ref ref="moaid"/>
+ </logger>
+ <logger name="at.gv.egiz.components.configuration" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+
+ <root level="warn">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>
diff --git a/id/assembly-auth-edu.xml b/id/assembly-auth-edu.xml
deleted file mode 100644
index c11f790e4..000000000
--- a/id/assembly-auth-edu.xml
+++ /dev/null
@@ -1,191 +0,0 @@
-<assembly>
- <id>id-auth-edu-${moa-id-version}</id>
-
- <formats>
- <format>dir</format>
- <format>zip</format>
- <!-- <format>tar.gz</format> -->
- </formats>
-
- <baseDirectory>moa-id-auth-edu-${moa-id-version}</baseDirectory>
-
- <fileSets>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy</directory>
- <outputDirectory>/</outputDirectory>
- <excludes>
- <exclude>**/conf/Catalina/**</exclude>
- <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory>
- <outputDirectory>/conf/moa-id/certs/certstore</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory>
- <outputDirectory>/conf/moa-spss/certstore</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/doc</directory>
- <outputDirectory>/doc</outputDirectory>
- <excludes>
- <exclude>${basedir}/id/server/doc/proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy/conf</directory>
- <outputDirectory>/doc/conf</outputDirectory>
- <excludes>
- <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>history.txt</include>
- <include>readme_${moa-id-version}.txt</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>LICENSE-2.0.txt</include>
- <include>NOTICE.txt</include>
- <include>IAIK-LICENSE.txt</include>
- <include>EUPL v.1.1 - Licence.pdf</include>
- <include>SIC_LICENSE.txt</include>
- </includes>
- </fileSet>
- </fileSets>
-
- <moduleSets>
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-auth-edu</include>
- </includes>
- <binaries>
- <includeDependencies>true</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>xalan-bin-dist:xalan</include>
- <include>xerces:xercesImpl</include>
- <include>xalan-bin-dist:xml-apis</include>
- <include>xalan-bin-dist:serializer</include>
- </includes>
- <outputDirectory>/endorsed</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- <dependencySet>
- <includes>
- <include>iaik.prod:iaik_ecc</include>
- <include>iaik.prod:iaik_jce_full</include>
- <include>iaik.prod:iaik_Pkcs11Provider</include>
- <include>iaik.prod:iaik_Pkcs11Wrapper:jar</include>
- </includes>
- <outputDirectory>/ext</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-lib</include>
- </includes>
- <binaries>
- <attachmentClassifier>javadoc</attachmentClassifier>
- <includeDependencies>false</includeDependencies>
- <outputFileNameMapping>api-doc</outputFileNameMapping>
- <outputDirectory>/doc</outputDirectory>
- <unpack>true</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-configuration</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-commons</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/migration/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- <dependencySets>
- <dependencySet>
- <outputDirectory>/migration/dependency-jars</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-oa</include>
- </includes>
- <sources>
- <useDefaultExcludes>true</useDefaultExcludes>
- <outputDirectory>../</outputDirectory>
- <includeModuleDirectory>true</includeModuleDirectory>
- <outputDirectoryMapping>/source/${artifactId}/src</outputDirectoryMapping>
- <excludes>
- <exclude>**/target/**</exclude>
- <exclude>**/bin/**</exclude>
- <exclude>**/.settings/**</exclude>
- <exclude>.*</exclude>
- </excludes>
- <includes>
- <include>pom.xml</include>
- </includes>
- </sources>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>iaik:commons-iaik</include>
- <include>MOA:moa-common</include>
- </includes>
- <outputDirectory>/source/repositority</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- </binaries>
- </moduleSet>
-
- </moduleSets>
-
- <componentDescriptors>
- <componentDescriptor>component-pkcs11libs.xml</componentDescriptor>
- </componentDescriptors>
-
-</assembly>
diff --git a/id/assembly-auth-final.xml b/id/assembly-auth-final.xml
deleted file mode 100644
index 504f5620a..000000000
--- a/id/assembly-auth-final.xml
+++ /dev/null
@@ -1,191 +0,0 @@
-<assembly>
- <id>id-auth-final-${moa-id-version}</id>
-
- <formats>
- <format>dir</format>
- <format>zip</format>
- <!-- <format>tar.gz</format> -->
- </formats>
-
- <baseDirectory>moa-id-auth-final-${moa-id-version}</baseDirectory>
-
- <fileSets>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy</directory>
- <outputDirectory>/</outputDirectory>
- <excludes>
- <exclude>**/conf/Catalina/**</exclude>
- <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory>
- <outputDirectory>/conf/moa-id/certs/certstore</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/spss/handbook/conf/moa-spss/certstore</directory>
- <outputDirectory>/conf/moa-spss/certstore</outputDirectory>
- <includes>
- <include>**/*</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/doc</directory>
- <outputDirectory>/doc</outputDirectory>
- <excludes>
- <exclude>${basedir}/id/server/doc/proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy/conf</directory>
- <outputDirectory>/doc/conf</outputDirectory>
- <excludes>
- <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>history.txt</include>
- <include>readme_${moa-id-version}.txt</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>LICENSE-2.0.txt</include>
- <include>NOTICE.txt</include>
- <include>IAIK-LICENSE.txt</include>
- <include>EUPL v.1.1 - Licence.pdf</include>
- <include>SIC_LICENSE.txt</include>
- </includes>
- </fileSet>
- </fileSets>
-
- <moduleSets>
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-auth-final</include>
- </includes>
- <binaries>
- <includeDependencies>true</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>xalan-bin-dist:xalan</include>
- <include>xerces:xercesImpl</include>
- <include>xalan-bin-dist:xml-apis</include>
- <include>xalan-bin-dist:serializer</include>
- </includes>
- <outputDirectory>/endorsed</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- <dependencySet>
- <includes>
- <include>iaik.prod:iaik_ecc</include>
- <include>iaik.prod:iaik_jce_full</include>
- <include>iaik.prod:iaik_Pkcs11Provider</include>
- <include>iaik.prod:iaik_Pkcs11Wrapper:jar</include>
- </includes>
- <outputDirectory>/ext</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-lib</include>
- </includes>
- <binaries>
- <attachmentClassifier>javadoc</attachmentClassifier>
- <includeDependencies>false</includeDependencies>
- <outputFileNameMapping>api-doc</outputFileNameMapping>
- <outputDirectory>/doc</outputDirectory>
- <unpack>true</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-configuration</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-commons</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/migration/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- <dependencySets>
- <dependencySet>
- <outputDirectory>/migration/dependency-jars</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- </binaries>
- </moduleSet>
-
- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-oa</include>
- </includes>
- <sources>
- <useDefaultExcludes>true</useDefaultExcludes>
- <outputDirectory>../</outputDirectory>
- <includeModuleDirectory>true</includeModuleDirectory>
- <outputDirectoryMapping>/source/${artifactId}/src</outputDirectoryMapping>
- <excludes>
- <exclude>**/target/**</exclude>
- <exclude>**/bin/**</exclude>
- <exclude>**/.settings/**</exclude>
- <exclude>.*</exclude>
- </excludes>
- <includes>
- <include>pom.xml</include>
- </includes>
- </sources>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>iaik:commons-iaik</include>
- <include>MOA:moa-common</include>
- </includes>
- <outputDirectory>/source/repositority</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- </binaries>
- </moduleSet>
-
- </moduleSets>
-
- <componentDescriptors>
- <componentDescriptor>component-pkcs11libs.xml</componentDescriptor>
- </componentDescriptors>
-
-</assembly>
diff --git a/id/assembly-proxy.xml b/id/assembly-proxy.xml
deleted file mode 100644
index d43783e69..000000000
--- a/id/assembly-proxy.xml
+++ /dev/null
@@ -1,120 +0,0 @@
-<assembly>
- <id>id-proxy-${moa-id-proxy-version}</id>
-
- <formats>
- <format>dir</format>
- <format>zip</format>
- <!-- <format>tar.gz</format> -->
- </formats>
-
- <baseDirectory>moa-id-proxy-${moa-id-proxy-version}</baseDirectory>
-
- <fileSets>
- <fileSet>
- <directory>${basedir}/id/server/data/deploy</directory>
- <outputDirectory>/</outputDirectory>
- <excludes>
- <exclude>**/conf/moa-spss/**</exclude>
- <exclude>**/conf/moa-id/transforms/**</exclude>
- </excludes>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id/server/doc/proxy</directory>
- <outputDirectory>/doc</outputDirectory>
- </fileSet>
- <fileSet>
- <directory>${basedir}/id</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>history.txt</include>
- <include>readme_${moa-id-proxy-version}.txt</include>
- </includes>
- </fileSet>
- <fileSet>
- <directory>${basedir}</directory>
- <outputDirectory>/</outputDirectory>
- <includes>
- <include>LICENSE-2.0.txt</include>
- <include>NOTICE.txt</include>
- <include>IAIK-LICENSE.txt</include>
- <include>EUPL v.1.1 - Licence.pdf</include>
- <include>SIC_LICENSE.txt</include>
- </includes>
- </fileSet>
- </fileSets>
-
- <moduleSets>
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-proxy</include>
- </includes>
- <binaries>
- <includeDependencies>true</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- <dependencySets>
- <dependencySet>
- <includes>
- <include>xalan-bin-dist:xalan</include>
- <include>xerces:xercesImpl</include>
- <include>xalan-bin-dist:xml-apis</include>
- <include>xalan-bin-dist:serializer</include>
- </includes>
- <outputDirectory>/endorsed</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- <dependencySet>
- <includes>
- <include>iaik.prod:iaik_ecc</include>
- <include>iaik.prod:iaik_jce_full</include>
- <include>iaik.prod:iaik_Pkcs11Provider</include>
- <include>iaik.prod:iaik_Pkcs11Wrapper:jar</include>
- </includes>
- <outputDirectory>/ext</outputDirectory>
- <outputFileNameMapping>${artifactId}.${extension}</outputFileNameMapping>
- </dependencySet>
- </dependencySets>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>
-<!-- <moduleSet>
- <includes>
- <include>MOA:moa-id-oa</include>
- </includes>
- <binaries>
- <includeDependencies>true</includeDependencies>
- <outputDirectory>/</outputDirectory>
- <outputFileNameMapping>oa.${extension}</outputFileNameMapping>
- <unpack>false</unpack>
- </binaries>
- </moduleSet> -->
- <moduleSet>
- <includes>
- <include>MOA.id.server:moa-id-lib</include>
- </includes>
- <binaries>
- <attachmentClassifier>javadoc</attachmentClassifier>
- <includeDependencies>false</includeDependencies>
- <outputFileNameMapping>api-doc</outputFileNameMapping>
- <outputDirectory>/doc</outputDirectory>
- <unpack>true</unpack>
- </binaries>
- </moduleSet>
- <!-- <moduleSet>
- <includes>
- <include>MOA.id:moa-id-templates</include>
- </includes>
- <binaries>
- <includeDependencies>false</includeDependencies>
- <outputFileNameMapping>moaid-templates.war</outputFileNameMapping>
- <outputDirectory>/templates</outputDirectory>
- <unpack>false</unpack>
- </binaries>
- </moduleSet>-->
- </moduleSets>
-
- <componentDescriptors>
- <componentDescriptor>component-pkcs11libs.xml</componentDescriptor>
- </componentDescriptors>
-
-</assembly>
diff --git a/id/history.txt b/id/history.txt
index cdcc56261..116cd4b2e 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -1,5 +1,38 @@
Dieses Dokument zeigt die Veränderungen und Erweiterungen von MOA-ID auf.
+Version MOA-ID Release 4.2.0: Änderungen seit Version MOA-ID 4.1.5
+ - Änderungen
+ - Erfordert mindestens Java 8
+ - Optionale Erweiterung für Gesundheitsanwendungen hinzugefügt
+ - Switch from log4j to logback
+ - Update von Libraries
+ > org.springframework 5.3.13.RELEASE
+ > org.springframework.data.spring-data-jpa 2.6.0.RELEASE
+ > org.springframework.data.spring-data-redis 2.6.0.RELEASE
+ > redis.clients 3.7.1
+ > org.hibernate:hibernate-core 5.6.2.Final
+ > commons-dbcp2 2.9.0
+ > log4j 2.17.0
+ > logback 1.2.9
+ > com.google.guava 31.0.1-jre
+ > org.apache.santuario.xmlsec 2.3.0
+ > org.apache.cxf 3.3.12
+ > org.apache.struts2 2.5.28
+ > org.apache.httpcomponents.httpcore 4.5.15
+ > mysql-connector 8.0.27
+ > fasterxml:jackson 2.13.0
+ > commons-io 2.11.0
+ > jodatime 2.10.13
+ > org.apache.commons-commons-pool2 2.11.1
+ > iaik_jce_full 5.62_moa
+ > moa-spss 3.1.4
+
+Version MOA-ID Release 4.1.7
+ - Diese Version war bereits für ein Release vorbereitet, wurde jedoch nicht offiziell veröffentlicht
+
+Version MOA-ID Release 4.1.6:
+ - Diese Version war bereits für ein Release vorbereitet, wurde jedoch nicht offiziell veröffentlicht
+
Version MOA-ID Release 4.1.5: Änderungen seit Version MOA-ID 4.1.4
- Änderungen
- Anpassung der E-ID Proxy Implementierung an eine zusätzliche Anforderungen an das E-ID System
diff --git a/id/moa-id-webgui/pom.xml b/id/moa-id-webgui/pom.xml
index fa7694129..8752e2d8c 100644
--- a/id/moa-id-webgui/pom.xml
+++ b/id/moa-id-webgui/pom.xml
@@ -1,92 +1,99 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-
- <parent>
- <groupId>MOA</groupId>
- <artifactId>id</artifactId>
- <version>4.1.5</version>
- </parent>
-
- <modelVersion>4.0.0</modelVersion>
- <groupId>MOA.id</groupId>
- <artifactId>moa-id-webgui</artifactId>
- <version>1.0</version>
- <name>MOA-ID WebGUI Module</name>
-
- <properties>
- <repositoryPath>${basedir}/../../repository</repositoryPath>
- </properties>
-
- <repositories>
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+
+ <parent>
+ <groupId>MOA</groupId>
+ <artifactId>id</artifactId>
+ <version>4.2.0</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-id-webgui</artifactId>
+ <version>1.0</version>
+ <name>MOA-ID WebGUI Module</name>
+
+ <properties>
+ <repositoryPath>${basedir}/../../repository</repositoryPath>
+ </properties>
+
+ <repositories>
<repository>
<id>shibboleth.internet2.edu</id>
<name>Internet2</name>
<url>https://apps.egiz.gv.at/shibboleth_nexus/</url>
</repository>
</repositories>
-
- <build>
- <sourceDirectory>src/main/java</sourceDirectory>
- <plugins>
- <plugin>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <source>1.7</source>
- <target>1.7</target>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <dependency>
- <groupId>at.gv.egiz.components</groupId>
- <artifactId>egiz-configuration-meta-api</artifactId>
- <version>0.3</version>
- </dependency>
- <dependency>
- <groupId>at.gv.egiz.components</groupId>
- <artifactId>egiz-spring-api</artifactId>
- <version>0.1</version>
- </dependency>
-
- <dependency>
- <groupId>MOA.id.server</groupId>
- <artifactId>moa-id-commons</artifactId>
- <exclusions>
- <exclusion>
- <artifactId>hyperjaxb3-ejb-runtime</artifactId>
- <groupId>org.jvnet.hyperjaxb3</groupId>
- </exclusion>
- </exclusions>
- </dependency>
-
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+
+ <build>
+ <sourceDirectory>src/main/java</sourceDirectory>
+ <plugins>
+ <plugin>
+ <artifactId>maven-compiler-plugin</artifactId>
+ <configuration>
+ <source>1.8</source>
+ <target>1.8</target>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+
+ <dependencies>
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>egiz-configuration-meta-api</artifactId>
+ <version>0.3</version>
</dependency>
-
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>opensaml</artifactId>
- <exclusions>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.opensaml</groupId>
- <artifactId>xmltooling</artifactId>
- <exclusions>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>log4j-over-slf4j</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
-
- </dependencies>
-
-
+ <dependency>
+ <groupId>at.gv.egiz.components</groupId>
+ <artifactId>egiz-spring-api</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <exclusions>
+ <exclusion>
+ <artifactId>hyperjaxb3-ejb-runtime</artifactId>
+ <groupId>org.jvnet.hyperjaxb3</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-context</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.commons</groupId>
+ <artifactId>commons-collections4</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>opensaml</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.opensaml</groupId>
+ <artifactId>xmltooling</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>log4j-over-slf4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ </dependencies>
+
+
</project> \ No newline at end of file
diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml
index b60e62ac3..2ea7d35ad 100644
--- a/id/moa-spss-container/pom.xml
+++ b/id/moa-spss-container/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id</groupId>
<artifactId>moa-spss-container</artifactId>
@@ -38,6 +38,17 @@
<layout>default</layout>
<url>https://git.egiz.gv.at/EAAF-Components/plain/eaaf_modules/eaaf_module_moa-sig/repository</url>
</repository>
+ <repository>
+ <id>egiz-commons</id>
+ <url>https://apps.egiz.gv.at/maven</url>
+ <releases>
+ <enabled>true</enabled>
+ <checksumPolicy>ignore</checksumPolicy>
+ </releases>
+ <snapshots>
+ <enabled>false</enabled>
+ </snapshots>
+ </repository>
</repositories>
<build>
@@ -57,37 +68,37 @@
<dependencies>
<dependency>
- <groupId>MOA.spss.server</groupId>
- <artifactId>moa-sig-lib</artifactId>
- <version>3.1.3</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <artifactId>*</artifactId>
- <groupId>axis</groupId>
- </exclusion>
- </exclusions>
+ <groupId>moaSig</groupId>
+ <artifactId>moa-sig-lib</artifactId>
+ <version>3.1.4</version>
+ <exclusions>
+ <exclusion>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </exclusion>
+ <exclusion>
+ <artifactId>*</artifactId>
+ <groupId>axis</groupId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- MOA-SPSS 3.x -->
<dependency>
- <groupId>MOA.spss</groupId>
- <artifactId>common</artifactId>
- <version>3.1.3</version>
+ <groupId>moaSig</groupId>
+ <artifactId>common</artifactId>
+ <version>3.1.4</version>
</dependency>
<dependency>
- <groupId>MOA.spss</groupId>
- <artifactId>tsl_lib</artifactId>
- <version>2.0.3</version>
+ <groupId>at.gv.egovernment.moa.sig</groupId>
+ <artifactId>tsl-lib</artifactId>
+ <version>2.0.5</version>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_cms</artifactId>
- <version>5.1</version>
+ <version>5.1.1</version>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
@@ -129,7 +140,7 @@
<dependency>
<groupId>iaik.prod</groupId>
<artifactId>iaik_moa</artifactId>
- <version>2.06</version>
+ <version>2.07</version>
</dependency>
<dependency>
<groupId>iaik.prod</groupId>
@@ -162,8 +173,10 @@
<version>2.14_moa</version>
</dependency>
-
-
+ <dependency>
+ <groupId>joda-time</groupId>
+ <artifactId>joda-time</artifactId>
+ </dependency>
<dependency>
<groupId>javax.mail</groupId>
diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index 1522121d2..658dab494 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -19,7 +19,7 @@
</properties>
<build>
- <finalName>oa</finalName>
+ <finalName>moa-id-oa</finalName>
<plugins>
<!-- <plugin>
<groupId>org.codehaus.mojo</groupId>
@@ -43,8 +43,8 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
</configuration>
</plugin>
</plugins>
@@ -98,10 +98,18 @@
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-1.2-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-to-slf4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </dependency>
<dependency>
<groupId>MOA.id.server</groupId>
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
index 07edb250d..5db37d2f7 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/Configuration.java
@@ -35,7 +35,6 @@ import java.util.Timer;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.HttpClient;
-import org.apache.log4j.Logger;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.xml.parse.BasicParserPool;
@@ -45,11 +44,10 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.MetaDataVerificationFilter;
import at.gv.egovernment.moa.util.MiscUtil;
import iaik.x509.X509Certificate;
+import lombok.extern.slf4j.Slf4j;
-
+@Slf4j
public class Configuration {
-
- private static final Logger log = Logger.getLogger(Configuration.class);
private Properties props;
private static final String SYSTEM_PROP_CONFIG = "moa.id.demoOA";
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
index d4c67cfae..040ec330c 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java
@@ -48,12 +48,10 @@ import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
-import org.opensaml.saml2.common.Extensions;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
-import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
@@ -64,12 +62,10 @@ import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.io.UnmarshallingException;
-import org.opensaml.xml.schema.XSAny;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
@@ -82,296 +78,299 @@ import org.xml.sax.SAXException;
import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
-import at.gv.egiz.eaaf.core.impl.utils.EAAFDomEntityResolver;
import at.gv.egovernment.moa.id.demoOA.Configuration;
import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
import at.gv.egovernment.moa.util.MiscUtil;
-
-
/**
* Servlet implementation class Authenticate
*/
public class Authenticate extends HttpServlet {
- private static final long serialVersionUID = 1L;
-
- private static final Logger log = LoggerFactory
- .getLogger(Authenticate.class);
-
- /**
- * @see HttpServlet#HttpServlet()
- */
- public Authenticate() {
- super();
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- try {
- builder = factory.newDocumentBuilder();
-
- } catch (ParserConfigurationException e) {
- log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
- }
- }
-
- DocumentBuilder builder;
-
-
- //generate AuthenticationRequest
- protected void process(HttpServletRequest request,
- HttpServletResponse response, Map<String,String> legacyParameter) throws ServletException, IOException {
- try {
-
- Configuration config = Configuration.getInstance();
- config.initializePVP2Login();
-
- AuthnRequest authReq = SAML2Utils
- .createSAMLObject(AuthnRequest.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- authReq.setID(gen.generateIdentifier());
-
- String relayState = String.valueOf(RandomUtils.nextLong());
-
- if (config.useRedirectBindingResponse())
- authReq.setAssertionConsumerServiceIndex(1);
- else
- authReq.setAssertionConsumerServiceIndex(0);
-
- authReq.setAttributeConsumingServiceIndex(0);
-
- authReq.setIssueInstant(new DateTime());
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = LoggerFactory
+ .getLogger(Authenticate.class);
+
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public Authenticate() {
+ super();
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ try {
+ builder = factory.newDocumentBuilder();
+
+ } catch (final ParserConfigurationException e) {
+ log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
+ }
+ }
+
+ DocumentBuilder builder;
+
+ // generate AuthenticationRequest
+ protected void process(HttpServletRequest request,
+ HttpServletResponse response, Map<String, String> legacyParameter) throws ServletException,
+ IOException {
+ try {
+
+ final Configuration config = Configuration.getInstance();
+ config.initializePVP2Login();
+
+ AuthnRequest authReq = SAML2Utils
+ .createSAMLObject(AuthnRequest.class);
+ final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ authReq.setID(gen.generateIdentifier());
+
+ final String relayState = String.valueOf(RandomUtils.nextLong());
+
+ if (config.useRedirectBindingResponse()) {
+ authReq.setAssertionConsumerServiceIndex(1);
+ } else {
+ authReq.setAssertionConsumerServiceIndex(0);
+ }
+
+ authReq.setAttributeConsumingServiceIndex(0);
+
+ authReq.setIssueInstant(new DateTime());
// Subject subject = SAML2Utils.createSAMLObject(Subject.class);
// NameID name = SAML2Utils.createSAMLObject(NameID.class);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
- //name.setValue(serviceURL);
- issuer.setValue(serviceURL);
-
+ final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+ // name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+
// subject.setNameID(name);
// authReq.setSubject(subject);
- issuer.setFormat(NameIDType.ENTITY);
- authReq.setIssuer(issuer);
-
- if (config.setNameIdPolicy()) {
- NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
- policy.setAllowCreate(true);
- policy.setFormat(NameID.PERSISTENT);
- authReq.setNameIDPolicy(policy);
- }
-
- String entityname = config.getPVP2IDPMetadataEntityName();
- if (MiscUtil.isEmpty(entityname)) {
- log.info("No IDP EntityName configurated");
- throw new ConfigurationException("No IDP EntityName configurated");
- }
-
- //get IDP metadata from metadataprovider
- HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
- EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
- if (idpEntity == null) {
- log.info("IDP EntityName is not found in IDP Metadata");
- throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
- }
-
- //select authentication-service url from metadata
- SingleSignOnService redirectEndpoint = null;
- for (SingleSignOnService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) {
-
- //Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config.useRedirectBindingRequest()) {
- redirectEndpoint = sss;
- }
-
- //Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config.useRedirectBindingRequest()) {
- redirectEndpoint = sss;
- }
-
- }
-
- if (redirectEndpoint == null) {
- log.warn("Can not find valid EndPoint for SAML2 response");
- throw new ConfigurationException("Can not find valid EndPoint for SAML2 response");
-
- }
-
- authReq.setDestination(redirectEndpoint.getLocation());
-
- //authReq.setDestination("http://test.test.test");
-
- if (config.setAuthnContextClassRef()) {
- RequestedAuthnContext reqAuthContext =
- SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
- AuthnContextClassRef authnClassRef =
- SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
-
- if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) {
- authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue());
-
- } else {
- authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
-
- }
-
- reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
- reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
- authReq.setRequestedAuthnContext(reqAuthContext);
- }
-
- if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
- Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
- RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
- requesterId.setRequesterID(config.getScopeRequesterId());
- scope.getRequesterIDs().add(requesterId );
- authReq.setScoping(scope );
-
- }
-
- if (config.isEidasProxySimulatorEnabled()) {
- authReq = injectEidasMsProxyAttributes(request, authReq);
-
- }
-
-
- //sign authentication request
- KeyStore keyStore = config.getPVP2KeyStore();
- X509Credential authcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestKeyAlias(),
- config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
-
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(authcredential);
- authReq.setSignature(signer);
-
-
- if (!config.useRedirectBindingRequest()) {
- //generate Http-POST Binding message
- VelocityEngine engine = new VelocityEngine();
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- engine.setProperty("classpath.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
- engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
- "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
- engine.init();
-
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "templates/pvp_postbinding_template.html");
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- response, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- service.setLocation(redirectEndpoint.getLocation());;
- context.setOutboundSAMLMessageSigningCredential(authcredential);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(authReq);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
- encoder.encode(context);
-
- } else {
- //generate Redirect Binding message
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- response, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(redirectEndpoint.getLocation());
- context.setOutboundSAMLMessageSigningCredential(authcredential);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(authReq);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(relayState);
- encoder.encode(context);
-
- }
-
- } catch (Exception e) {
- log.warn("Authentication Request can not be generated", e);
- throw new ServletException("Authentication Request can not be generated.", e);
- }
- }
-
-
- private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq)
- throws SAXException, IOException, ParserConfigurationException, MarshallingException, UnmarshallingException {
-
- //build extension from template
- String xmlTemplate = IOUtils.toString(
- Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"),
- StandardCharsets.UTF_8);
-
- String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request, "eidasCountry", "DE");
- String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high");
- String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix", "test");
- String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector);
+ issuer.setFormat(NameIDType.ENTITY);
+ authReq.setIssuer(issuer);
+
+ if (config.setNameIdPolicy()) {
+ final NameIDPolicy policy = SAML2Utils.createSAMLObject(NameIDPolicy.class);
+ policy.setAllowCreate(true);
+ policy.setFormat(NameIDType.PERSISTENT);
+ authReq.setNameIDPolicy(policy);
+ }
+
+ final String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ // get IDP metadata from metadataprovider
+ final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+ }
+
+ // select authentication-service url from metadata
+ SingleSignOnService redirectEndpoint = null;
+ for (final SingleSignOnService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)
+ .getSingleSignOnServices()) {
+
+ // Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) && !config
+ .useRedirectBindingRequest()) {
+ redirectEndpoint = sss;
+ }
+
+ // Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && config
+ .useRedirectBindingRequest()) {
+ redirectEndpoint = sss;
+ }
+
+ }
+
+ if (redirectEndpoint == null) {
+ log.warn("Can not find valid EndPoint for SAML2 response");
+ throw new ConfigurationException("Can not find valid EndPoint for SAML2 response");
+
+ }
+
+ authReq.setDestination(redirectEndpoint.getLocation());
+
+ // authReq.setDestination("http://test.test.test");
+
+ if (config.setAuthnContextClassRef()) {
+ final RequestedAuthnContext reqAuthContext =
+ SAML2Utils.createSAMLObject(RequestedAuthnContext.class);
+ final AuthnContextClassRef authnClassRef =
+ SAML2Utils.createSAMLObject(AuthnContextClassRef.class);
+
+ if (MiscUtil.isNotEmpty(config.getAuthnContextClassRefValue())) {
+ authnClassRef.setAuthnContextClassRef(config.getAuthnContextClassRefValue());
+
+ } else {
+ authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4");
+
+ }
+
+ reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM);
+ reqAuthContext.getAuthnContextClassRefs().add(authnClassRef);
+ authReq.setRequestedAuthnContext(reqAuthContext);
+ }
+
+ if (StringUtils.isNotEmpty(config.getScopeRequesterId())) {
+ final Scoping scope = SAML2Utils.createSAMLObject(Scoping.class);
+ final RequesterID requesterId = SAML2Utils.createSAMLObject(RequesterID.class);
+ requesterId.setRequesterID(config.getScopeRequesterId());
+ scope.getRequesterIDs().add(requesterId);
+ authReq.setScoping(scope);
+
+ }
+
+ if (config.isEidasProxySimulatorEnabled()) {
+ authReq = injectEidasMsProxyAttributes(request, authReq);
+
+ }
+
+ // sign authentication request
+ final KeyStore keyStore = config.getPVP2KeyStore();
+ final X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+ final Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(authcredential);
+ authReq.setSignature(signer);
+
+ if (!config.useRedirectBindingRequest()) {
+ // generate Http-POST Binding message
+ final VelocityEngine engine = new VelocityEngine();
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
+ engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
+ engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
+ engine.setProperty("classpath.resource.loader.class",
+ "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+ engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
+ "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
+ engine.init();
+
+ final HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
+ "templates/pvp_postbinding_template.html");
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ response, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(redirectEndpoint.getLocation());
+ context.setOutboundSAMLMessageSigningCredential(authcredential);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(authReq);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+ encoder.encode(context);
+
+ } else {
+ // generate Redirect Binding message
+ final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ response, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(redirectEndpoint.getLocation());
+ context.setOutboundSAMLMessageSigningCredential(authcredential);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(authReq);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(relayState);
+ encoder.encode(context);
+
+ }
+
+ } catch (final Exception e) {
+ log.warn("Authentication Request can not be generated", e);
+ throw new ServletException("Authentication Request can not be generated.", e);
+ }
+ }
+
+ private AuthnRequest injectEidasMsProxyAttributes(HttpServletRequest request, AuthnRequest authReq)
+ throws SAXException, IOException, ParserConfigurationException, MarshallingException,
+ UnmarshallingException {
+
+ // build extension from template
+ final String xmlTemplate = IOUtils.toString(
+ Authenticate.class.getResourceAsStream("/templates/reqAttributes.xml"),
+ StandardCharsets.UTF_8);
+
+ final String target = EAAFConstants.URN_PREFIX_EIDAS + "AT+" + getParameterOrDefault(request,
+ "eidasCountry", "DE");
+ final String loa = EAAFConstants.EIDAS_LOA_PREFIX + getParameterOrDefault(request, "loa", "high");
+ final String eidasConnector = "https://simple.test/" + getParameterOrDefault(request, "eidasIdPostfix",
+ "test");
+ final String xmlString = MessageFormat.format(xmlTemplate, target, loa, eidasConnector);
log.debug("Formated requested attributes: " + xmlString);
-
- Document extension = DOMUtils.parseDocument(xmlString, false, null, null);
-
-
- //marshalle, inject, and unmarshalle request to set extension
- //TODO: find better solution, be it is good enough for a first simple test
+
+ final Document extension = DOMUtils.parseDocument(xmlString, false, null, null);
+
+ // marshalle, inject, and unmarshalle request to set extension
+ // TODO: find better solution, be it is good enough for a first simple test
DocumentBuilder builder;
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
builder = factory.newDocumentBuilder();
- Document document = builder.newDocument();
- Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(authReq);
+ final Document document = builder.newDocument();
+ final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(authReq);
out.marshall(authReq, document);
-
- Node extElement = document.importNode(extension.getDocumentElement(), true);
- //document.getDocumentElement().appendChild(extElement);
+
+ final Node extElement = document.importNode(extension.getDocumentElement(), true);
+ // document.getDocumentElement().appendChild(extElement);
document.getDocumentElement().insertBefore(extElement, document.getChildNodes().item(2));
-
- Unmarshaller in = org.opensaml.Configuration.getUnmarshallerFactory().getUnmarshaller(document.getDocumentElement());
+
+ final Unmarshaller in = org.opensaml.xml.Configuration.getUnmarshallerFactory().getUnmarshaller(document
+ .getDocumentElement());
return (AuthnRequest) in.unmarshall(document.getDocumentElement());
-
+
}
-
-
+
private String getParameterOrDefault(HttpServletRequest request, String paramName, String defaultValue) {
- String reqParam = request.getParameter(paramName);
+ final String reqParam = request.getParameter(paramName);
if (MiscUtil.isEmpty(reqParam)) {
return defaultValue;
-
+
} else {
return reqParam;
-
+
}
-
+
}
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response, null);
+ }
/**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
- process(request, response, null);
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- process(request, response, null);
- }
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response, null);
+ }
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
index d28f94fd6..005291082 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/BuildMetadata.java
@@ -42,7 +42,6 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
@@ -75,267 +74,263 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.AttributeListBuilder;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+import lombok.extern.slf4j.Slf4j;
-
+@Slf4j
public class BuildMetadata extends HttpServlet {
- Logger log = Logger.getLogger(BuildMetadata.class);
-
- private static final long serialVersionUID = 1L;
-
- private static final int VALIDUNTIL_IN_HOURS = 24;
-
- /**
- * @see HttpServlet#HttpServlet()
- */
- public BuildMetadata() {
- super();
- }
-
- protected static Signature getSignature(Credential credentials) {
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(credentials);
- return signer;
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- try {
- Configuration config = Configuration.getInstance();
-
- SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator();
-
- EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.
- createSAMLObject(EntitiesDescriptor.class);
-
- DateTime date = new DateTime();
- spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
-
- String name = config.getPVP2MetadataEntitiesName();
- if (MiscUtil.isEmpty(name)) {
- log.info("NO Metadata EntitiesName configurated");
- throw new ConfigurationException("NO Metadata EntitiesName configurated");
- }
-
- spEntitiesDescriptor.setName(name);
- spEntitiesDescriptor.setID(idGen.generateIdentifier());
-
- //set period of validity for metadata information
- DateTime validUntil = new DateTime();
- spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7));
-
-
- EntityDescriptor spEntityDescriptor = SAML2Utils
- .createSAMLObject(EntityDescriptor.class);
-
- spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
-
- spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
-
- //set OA-ID (PublicURL Prefix) as identifier
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
-
- log.debug("Set OnlineApplicationURL to " + serviceURL);
- spEntityDescriptor.setEntityID(serviceURL);
-
- SPSSODescriptor spSSODescriptor = SAML2Utils
- .createSAMLObject(SPSSODescriptor.class);
-
- spSSODescriptor.setAuthnRequestsSigned(true);
- spSSODescriptor.setWantAssertionsSigned(true);
-
- X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
- keyInfoFactory.setEmitEntityCertificate(true);
- KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
-
-
- KeyStore keyStore = config.getPVP2KeyStore();
-
- X509Credential signingcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreMetadataKeyAlias(),
- config.getPVP2KeystoreMetadataKeyPassword().toCharArray());
-
-
- log.debug("Set Metadata key information");
- //Set MetaData Signing key
- KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- entitiesSignKeyDescriptor.setUse(UsageType.SIGNING);
- entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential));
- Signature entitiesSignature = getSignature(signingcredential);
- spEntitiesDescriptor.setSignature(entitiesSignature);
-
-
- //Set AuthRequest Signing certificate
- X509Credential authcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestKeyAlias(),
- config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
-
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
-
- spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
-
-
- //set AuthRequest encryption certificate
- if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) ||
- MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) {
- X509Credential authEncCredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
- config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
- KeyDescriptor encryKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
- encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
-
- //set encryption methode
+
+ private static final long serialVersionUID = 1L;
+
+ private static final int VALIDUNTIL_IN_HOURS = 24;
+
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public BuildMetadata() {
+ super();
+ }
+
+ protected static Signature getSignature(Credential credentials) {
+ final Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(credentials);
+ return signer;
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+ final Configuration config = Configuration.getInstance();
+
+ final SecureRandomIdentifierGenerator idGen = new SecureRandomIdentifierGenerator();
+
+ final EntitiesDescriptor spEntitiesDescriptor = SAML2Utils.createSAMLObject(EntitiesDescriptor.class);
+
+ final DateTime date = new DateTime();
+ spEntitiesDescriptor.setValidUntil(date.plusHours(VALIDUNTIL_IN_HOURS));
+
+ final String name = config.getPVP2MetadataEntitiesName();
+ if (MiscUtil.isEmpty(name)) {
+ log.info("NO Metadata EntitiesName configurated");
+ throw new ConfigurationException("NO Metadata EntitiesName configurated");
+ }
+
+ spEntitiesDescriptor.setName(name);
+ spEntitiesDescriptor.setID(idGen.generateIdentifier());
+
+ // set period of validity for metadata information
+ final DateTime validUntil = new DateTime();
+ spEntitiesDescriptor.setValidUntil(validUntil.plusDays(7));
+
+ final EntityDescriptor spEntityDescriptor = SAML2Utils
+ .createSAMLObject(EntityDescriptor.class);
+
+ spEntityDescriptor.setValidUntil(date.plusDays(VALIDUNTIL_IN_HOURS));
+
+ spEntitiesDescriptor.getEntityDescriptors().add(spEntityDescriptor);
+
+ // set OA-ID (PublicURL Prefix) as identifier
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+
+ log.debug("Set OnlineApplicationURL to " + serviceURL);
+ spEntityDescriptor.setEntityID(serviceURL);
+
+ final SPSSODescriptor spSSODescriptor = SAML2Utils
+ .createSAMLObject(SPSSODescriptor.class);
+
+ spSSODescriptor.setAuthnRequestsSigned(true);
+ spSSODescriptor.setWantAssertionsSigned(true);
+
+ final X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory();
+ keyInfoFactory.setEmitEntityCertificate(true);
+ final KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
+
+ final KeyStore keyStore = config.getPVP2KeyStore();
+
+ final X509Credential signingcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreMetadataKeyAlias(),
+ config.getPVP2KeystoreMetadataKeyPassword().toCharArray());
+
+ log.debug("Set Metadata key information");
+ // Set MetaData Signing key
+ final KeyDescriptor entitiesSignKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ entitiesSignKeyDescriptor.setUse(UsageType.SIGNING);
+ entitiesSignKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(signingcredential));
+ final Signature entitiesSignature = getSignature(signingcredential);
+ spEntitiesDescriptor.setSignature(entitiesSignature);
+
+ // Set AuthRequest Signing certificate
+ final X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+ final KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential));
+
+ spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor);
+
+ // set AuthRequest encryption certificate
+ if (MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyAlias()) ||
+ MiscUtil.isNotEmpty(config.getPVP2KeystoreAuthRequestEncryptionKeyPassword())) {
+ final X509Credential authEncCredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
+ config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
+ final KeyDescriptor encryKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ encryKeyDescriptor.setUse(UsageType.ENCRYPTION);
+ encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential));
+
+ // set encryption methode
// EncryptionMethod encMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class);
-// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
+// encMethode.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128_GCM);
// encryKeyDescriptor.getEncryptionMethods().add(encMethode);
-//
+//
// EncryptionMethod keyencMethode = SAML2Utils.createSAMLObject(EncryptionMethod.class);
-// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
+// keyencMethode.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
// encryKeyDescriptor.getEncryptionMethods().add(keyencMethode);
-
- spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
-
- } else {
- log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
-
- }
-
-
- NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
-
- spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
-
- NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
-
- spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
-
- NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
- unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
-
- spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
-
- //set HTTP-POST Binding assertion consumer service
- AssertionConsumerService postassertionConsumerService =
- SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- postassertionConsumerService.setIndex(0);
- postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
- postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
- spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
-
- //set HTTP-Redirect Binding assertion consumer service
- AssertionConsumerService redirectassertionConsumerService =
- SAML2Utils.createSAMLObject(AssertionConsumerService.class);
- redirectassertionConsumerService.setIndex(1);
- redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
- spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
-
- //set Single Log-Out service
- SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
- sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT);
- spSSODescriptor.getSingleLogoutServices().add(sloService);
-
- spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
-
- spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
-
- AttributeConsumingService attributeService =
- SAML2Utils.createSAMLObject(AttributeConsumingService.class);
-
- attributeService.setIndex(0);
- attributeService.setIsDefault(true);
- ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
- serviceName.setName(new LocalizedString("Default Service", "de"));
- attributeService.getNames().add(serviceName);
-
- //set attributes which are requested
- attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes());
- spSSODescriptor.getAttributeConsumingServices().add(attributeService);
-
-
- //build metadata
- DocumentBuilder builder;
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
-
- builder = factory.newDocumentBuilder();
- Document document = builder.newDocument();
- Marshaller out = org.opensaml.Configuration.getMarshallerFactory().getMarshaller(spEntitiesDescriptor);
- out.marshall(spEntitiesDescriptor, document);
-
- Signer.signObject(entitiesSignature);
-
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
-
- StringWriter sw = new StringWriter();
- StreamResult sr = new StreamResult(sw);
- DOMSource source = new DOMSource(document);
- transformer.transform(source, sr);
- sw.close();
-
- String metadataXML = sw.toString();
-
- response.setContentType("text/xml");
- response.getOutputStream().write(metadataXML.getBytes());
-
- response.getOutputStream().close();
-
- } catch (ConfigurationException e) {
- log.warn("Configuration can not be loaded.", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (NoSuchAlgorithmException e) {
- log.warn("Requested Algorithm could not found.", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (ParserConfigurationException e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (TransformerConfigurationException e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (TransformerFactoryConfigurationError e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
-
- } catch (TransformerException e) {
- log.warn("PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
- }
-
- catch (Exception e) {
- log.warn("Unspecific PVP2 Metadata createn error", e);
- throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
- }
-
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- }
+
+ spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor);
+
+ } else {
+ log.warn("No Assertion Encryption-Key defined. This setting is not recommended!");
+
+ }
+
+ final NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ persistentnameIDFormat.setFormat(NameIDType.PERSISTENT);
+
+ spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat);
+
+ final NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ transientnameIDFormat.setFormat(NameIDType.TRANSIENT);
+
+ spSSODescriptor.getNameIDFormats().add(transientnameIDFormat);
+
+ final NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
+ unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED);
+
+ spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat);
+
+ // set HTTP-POST Binding assertion consumer service
+ final AssertionConsumerService postassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ postassertionConsumerService.setIndex(0);
+ postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI);
+ postassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
+ spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService);
+
+ // set HTTP-Redirect Binding assertion consumer service
+ final AssertionConsumerService redirectassertionConsumerService =
+ SAML2Utils.createSAMLObject(AssertionConsumerService.class);
+ redirectassertionConsumerService.setIndex(1);
+ redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ redirectassertionConsumerService.setLocation(serviceURL + Constants.SERVLET_PVP2ASSERTION);
+ spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService);
+
+ // set Single Log-Out service
+ final SingleLogoutService sloService = SAML2Utils.createSAMLObject(SingleLogoutService.class);
+ sloService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ sloService.setLocation(serviceURL + Constants.SERVLET_PVPSINGLELOGOUT);
+ spSSODescriptor.getSingleLogoutServices().add(sloService);
+
+ spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS);
+
+ spEntityDescriptor.getRoleDescriptors().add(spSSODescriptor);
+
+ final AttributeConsumingService attributeService =
+ SAML2Utils.createSAMLObject(AttributeConsumingService.class);
+
+ attributeService.setIndex(0);
+ attributeService.setIsDefault(true);
+ final ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class);
+ serviceName.setName(new LocalizedString("Default Service", "de"));
+ attributeService.getNames().add(serviceName);
+
+ // set attributes which are requested
+ attributeService.getRequestAttributes().addAll(AttributeListBuilder.getRequestedAttributes());
+ spSSODescriptor.getAttributeConsumingServices().add(attributeService);
+
+ // build metadata
+ DocumentBuilder builder;
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+
+ builder = factory.newDocumentBuilder();
+ final Document document = builder.newDocument();
+ final Marshaller out = org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(
+ spEntitiesDescriptor);
+ out.marshall(spEntitiesDescriptor, document);
+
+ Signer.signObject(entitiesSignature);
+
+ final Transformer transformer = TransformerFactory.newInstance().newTransformer();
+
+ final StringWriter sw = new StringWriter();
+ final StreamResult sr = new StreamResult(sw);
+ final DOMSource source = new DOMSource(document);
+ transformer.transform(source, sr);
+ sw.close();
+
+ final String metadataXML = sw.toString();
+
+ response.setContentType("text/xml");
+ response.getOutputStream().write(metadataXML.getBytes());
+
+ response.getOutputStream().close();
+
+ } catch (final ConfigurationException e) {
+ log.warn("Configuration can not be loaded.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final NoSuchAlgorithmException e) {
+ log.warn("Requested Algorithm could not found.", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final ParserConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final TransformerConfigurationException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final TransformerFactoryConfigurationError e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+
+ } catch (final TransformerException e) {
+ log.warn("PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ catch (final Exception e) {
+ log.warn("Unspecific PVP2 Metadata createn error", e);
+ throw new ServletException("MetaData can not be created. Look into LogFiles for more details.");
+ }
+
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ }
} \ No newline at end of file
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
index e36a880ba..e4acd8152 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/DemoApplication.java
@@ -33,7 +33,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
@@ -41,6 +40,7 @@ import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
+import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.EncryptedAssertion;
@@ -84,263 +84,285 @@ import at.gv.egovernment.moa.id.demoOA.Constants;
import at.gv.egovernment.moa.id.demoOA.PVPConstants;
import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class DemoApplication extends HttpServlet {
- Logger log = Logger.getLogger(DemoApplication.class);
-
- private static final long serialVersionUID = -2129228304760706063L;
-
-
-
- private void process(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
-
- ApplicationBean bean = new ApplicationBean();
-
- log.debug("Receive request on secure-area endpoint ...");
-
- String method = request.getMethod();
- HttpSession session = request.getSession();
- if (session == null) {
- log.info("NO HTTP Session");
- bean.setErrorMessage("NO HTTP session");
- setAnser(request, response, bean);
- return;
- }
-
- try {
- Configuration config = Configuration.getInstance();
- Response samlResponse = null;
-
- if (method.equals("GET")) {
- log.debug("Find possible SAML2 Redirect-Binding response ...");
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
-
- messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- messageContext.setMetadataProvider(config.getMetaDataProvier());
-
- MetadataCredentialResolver resolver = new MetadataCredentialResolver(config.getMetaDataProvier());
- List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
- keyInfoProvider.add(new DSAKeyValueProvider());
- keyInfoProvider.add(new RSAKeyValueProvider());
- keyInfoProvider.add(new InlineX509DataProvider());
- KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
- keyInfoProvider);
- ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
- resolver, keyInfoResolver);
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(engine);
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
- SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy);
- messageContext.setSecurityPolicyResolver(resolver1);
-
- decode.decode(messageContext);
-
- log.info("PVP2 Assertion with Redirect-Binding is valid");
-
- } else if (method.equals("POST")) {
- log.debug("Find possible SAML2 Post-Binding response ...");
- //Decode with HttpPost Binding
- HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
- BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(
- request));
- decode.decode(messageContext);
-
- samlResponse = (Response) messageContext.getInboundMessage();
-
- Signature sign = samlResponse.getSignature();
- if (sign == null) {
- log.info("Only http POST Requests can be used");
- bean.setErrorMessage("Only http POST Requests can be used");
- setAnser(request, response, bean);
- return;
- }
-
- //Validate Signature
- SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
- profileValidator.validate(sign);
-
- //Verify Signature
- List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
- keyInfoProvider.add(new DSAKeyValueProvider());
- keyInfoProvider.add(new RSAKeyValueProvider());
- keyInfoProvider.add(new InlineX509DataProvider());
-
- KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
- keyInfoProvider);
-
- MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory();
- MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier());
-
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
- criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName()));
- criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
-
- ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver);
- trustEngine.validate(sign, criteriaSet);
-
- log.info("PVP2 Assertion with POST-Binding is valid");
-
- } else {
- bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding.");
- setAnser(request, response, bean);
- return;
-
- }
-
-
- if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
-
- List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
-
- //check encrypted Assertion
- List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions();
- if (encryAssertionList != null && encryAssertionList.size() > 0) {
- //decrypt assertions
-
- log.debug("Found encryped assertion. Start decryption ...");
-
- KeyStore keyStore = config.getPVP2KeyStore();
-
- X509Credential authDecCredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
- config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
-
-
- StaticKeyInfoCredentialResolver skicr =
- new StaticKeyInfoCredentialResolver(authDecCredential);
-
- ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
- encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() );
- encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() );
- encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() );
-
- Decrypter samlDecrypter =
- new Decrypter(null, skicr, encryptedKeyResolver);
-
- for (EncryptedAssertion encAssertion : encryAssertionList) {
- saml2assertions.add(samlDecrypter.decrypt(encAssertion));
-
- }
-
- log.debug("Assertion decryption finished. ");
-
- } else {
- saml2assertions = samlResponse.getAssertions();
-
- }
-
- samlResponse.getAssertions().clear();
- samlResponse.getAssertions().addAll(saml2assertions);
-
- //set assertion
- org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
- String assertion = DOMUtils.serializeNode(doc);
- bean.setAssertion(assertion);
-
- String principleId = null;
- String givenName = null;
- String familyName = null;
- String birthday = null;
-
- for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
-
- try {
- principleId = saml2assertion.getSubject().getNameID().getValue();
-
- } catch (Exception e) {
- log.warn("Can not read SubjectNameId", e);
- }
-
- //loop through the nodes to get what we want
- List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
- for (int i = 0; i < attributeStatements.size(); i++)
- {
- List<Attribute> attributes = attributeStatements.get(i).getAttributes();
- for (int x = 0; x < attributes.size(); x++)
- {
- String strAttributeName = attributes.get(x).getDOM().getAttribute("Name");
-
- if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME))
- familyName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
- if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME))
- givenName = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
-
- if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) {
- birthday = attributes.get(x).getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
- }
- }
- }
- request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT,
- saml2assertion.getSubject().getNameID().getFormat());
- request.getSession().setAttribute(Constants.SESSION_NAMEID,
- saml2assertion.getSubject().getNameID().getValue());
-
- }
-
- bean.setPrincipleId(principleId);
- bean.setDateOfBirth(birthday);
- bean.setFamilyName(familyName);
- bean.setGivenName(givenName);
- bean.setLogin(true);
-
- setAnser(request, response, bean);
- return;
-
-
- } else {
- bean.setErrorMessage("Der Anmeldevorgang wurde abgebrochen.<br>Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion.");
- setAnser(request, response, bean);
- return;
-
- }
-
- } catch (Exception e) {
- log.warn(e);
- bean.setErrorMessage("Internal Error: " + e.getMessage());
- setAnser(request, response, bean);
- return;
- }
-
- }
-
- private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException {
- // store bean in session
- request.setAttribute("answers", answersBean);
-
- // you now can forward to some view, for example some results.jsp
- request.getRequestDispatcher("demoapp.jsp").forward(request, response);
-
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
- process(request, response);
- }
-
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- process(request, response);
- }
+
+ private static final long serialVersionUID = -2129228304760706063L;
+
+ private void process(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ final ApplicationBean bean = new ApplicationBean();
+
+ log.debug("Receive request on secure-area endpoint ...");
+
+ final String method = request.getMethod();
+ final HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("NO HTTP Session");
+ bean.setErrorMessage("NO HTTP session");
+ setAnser(request, response, bean);
+ return;
+ }
+
+ try {
+ final Configuration config = Configuration.getInstance();
+ Response samlResponse = null;
+
+ if (method.equals("GET")) {
+ log.debug("Find possible SAML2 Redirect-Binding response ...");
+ final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(new BasicParserPool());
+ final BasicSAMLMessageContext<Response, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+
+ messageContext.setInboundMessageTransport(new HttpServletRequestAdapter(request));
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ messageContext.setMetadataProvider(config.getMetaDataProvier());
+
+ final MetadataCredentialResolver resolver = new MetadataCredentialResolver(config
+ .getMetaDataProvier());
+ final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+ final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+ final ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine(
+ resolver, keyInfoResolver);
+
+ final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ engine);
+ final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
+ final BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
+ final SecurityPolicyResolver resolver1 = new StaticSecurityPolicyResolver(policy);
+ messageContext.setSecurityPolicyResolver(resolver1);
+
+ decode.decode(messageContext);
+
+ log.info("PVP2 Assertion with Redirect-Binding is valid");
+
+ } else if (method.equals("POST")) {
+ log.debug("Find possible SAML2 Post-Binding response ...");
+ // Decode with HttpPost Binding
+ final HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool());
+ final BasicSAMLMessageContext<Response, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(
+ request));
+ decode.decode(messageContext);
+
+ samlResponse = (Response) messageContext.getInboundMessage();
+
+ final Signature sign = samlResponse.getSignature();
+ if (sign == null) {
+ log.info("Only http POST Requests can be used");
+ bean.setErrorMessage("Only http POST Requests can be used");
+ setAnser(request, response, bean);
+ return;
+ }
+
+ // Validate Signature
+ final SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
+ profileValidator.validate(sign);
+
+ // Verify Signature
+ final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory
+ .getFactory();
+ final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config
+ .getMetaDataProvier());
+
+ final CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
+ SAMLConstants.SAML20P_NS));
+ criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName()));
+ criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
+
+ final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(
+ credentialResolver, keyInfoResolver);
+ trustEngine.validate(sign, criteriaSet);
+
+ log.info("PVP2 Assertion with POST-Binding is valid");
+
+ } else {
+ bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding.");
+ setAnser(request, response, bean);
+ return;
+
+ }
+
+ if (samlResponse.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ final List<org.opensaml.saml2.core.Assertion> saml2assertions =
+ new ArrayList<>();
+
+ // check encrypted Assertion
+ final List<EncryptedAssertion> encryAssertionList = samlResponse.getEncryptedAssertions();
+ if (encryAssertionList != null && encryAssertionList.size() > 0) {
+ // decrypt assertions
+
+ log.debug("Found encryped assertion. Start decryption ...");
+
+ final KeyStore keyStore = config.getPVP2KeyStore();
+
+ final X509Credential authDecCredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestEncryptionKeyAlias(),
+ config.getPVP2KeystoreAuthRequestEncryptionKeyPassword().toCharArray());
+
+ final StaticKeyInfoCredentialResolver skicr =
+ new StaticKeyInfoCredentialResolver(authDecCredential);
+
+ final ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver();
+ encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
+ encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
+ encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());
+
+ final Decrypter samlDecrypter =
+ new Decrypter(null, skicr, encryptedKeyResolver);
+
+ for (final EncryptedAssertion encAssertion : encryAssertionList) {
+ final Assertion decryptedAssertion = samlDecrypter.decrypt(encAssertion);
+ samlResponse.getAssertions().add(decryptedAssertion);
+ log.debug("Decrypted Assertion: " + DOMUtils.serializeNode(SAML2Utils.asDOMDocument(
+ decryptedAssertion)));
+
+ }
+
+ log.debug("Assertion decryption finished. ");
+
+ } else {
+ log.debug("Assertiojn is not encryted. Use it as it is");
+
+ }
+
+ // set assertion
+ final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+ final String assertion = DOMUtils.serializeNode(doc);
+ bean.setAssertion(assertion);
+
+ String principleId = null;
+ String givenName = null;
+ String familyName = null;
+ String birthday = null;
+
+ log.debug("Find #" + samlResponse.getAssertions().size() + " assertions after decryption");
+
+ for (final org.opensaml.saml2.core.Assertion saml2assertion : samlResponse.getAssertions()) {
+
+ try {
+ principleId = saml2assertion.getSubject().getNameID().getValue();
+
+ } catch (final Exception e) {
+ log.warn("Can not read SubjectNameId", e);
+ }
+
+ // loop through the nodes to get what we want
+ final List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements();
+ for (final AttributeStatement attributeStatement : attributeStatements) {
+ final List<Attribute> attributes = attributeStatement.getAttributes();
+ for (final Attribute attribute : attributes) {
+
+ final String strAttributeName = attribute.getName();
+
+ log.debug("Find attribute with name: " + strAttributeName + " and value: "
+ + attribute.getAttributeValues().get(0).getDOM().getNodeValue());
+
+ if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) {
+ familyName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
+
+ }
+
+ if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) {
+ givenName = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
+
+ }
+
+ if (strAttributeName.equals(PVPConstants.BIRTHDATE_NAME)) {
+ birthday = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
+
+ }
+
+ if (strAttributeName.equals(PVPConstants.BPK_NAME)) {
+ principleId = attribute.getAttributeValues().get(0).getDOM().getFirstChild().getNodeValue();
+
+ }
+ }
+ }
+ request.getSession().setAttribute(Constants.SESSION_NAMEIDFORMAT,
+ saml2assertion.getSubject().getNameID().getFormat());
+ request.getSession().setAttribute(Constants.SESSION_NAMEID,
+ saml2assertion.getSubject().getNameID().getValue());
+
+ }
+
+ bean.setPrincipleId(principleId);
+ bean.setDateOfBirth(birthday);
+ bean.setFamilyName(familyName);
+ bean.setGivenName(givenName);
+ bean.setLogin(true);
+
+ setAnser(request, response, bean);
+ return;
+
+ } else {
+ bean.setErrorMessage(
+ "Der Anmeldevorgang wurde abgebrochen.<br>Eine genaue Beschreibung des Fehlers finden Sie in der darunterliegenden Assertion.");
+ setAnser(request, response, bean);
+ return;
+
+ }
+
+ } catch (final Exception e) {
+ log.warn(e.getMessage(), e);
+ bean.setErrorMessage("Internal Error: " + e.getMessage());
+ setAnser(request, response, bean);
+ return;
+ }
+
+ }
+
+ private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean)
+ throws ServletException, IOException {
+ // store bean in session
+ request.setAttribute("answers", answersBean);
+
+ // you now can forward to some view, for example some results.jsp
+ request.getRequestDispatcher("demoapp.jsp").forward(request, response);
+
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response);
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response);
+ }
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
index bac3e1949..1b0eb35c9 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Index.java
@@ -90,241 +90,240 @@ import at.gv.egovernment.moa.id.demoOA.utils.ApplicationBean;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
import at.gv.egovernment.moa.util.MiscUtil;
+public class Index extends HttpServlet {
+ private static final long serialVersionUID = -2129228304760706063L;
+ private static final Logger log = LoggerFactory
+ .getLogger(Index.class);
-public class Index extends HttpServlet {
+ private void process(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ final ApplicationBean bean = new ApplicationBean();
+
+ final String method = request.getMethod();
+ final HttpSession session = request.getSession();
+ if (session == null) {
+ log.info("NO HTTP Session");
+ bean.setErrorMessage("NO HTTP session");
+ setAnser(request, response, bean);
+ return;
+ }
+
+ if (method.equals("GET")) {
+ try {
+ final Configuration config = Configuration.getInstance();
+
+ // Decode with HttpPost Binding
+ final HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
+ new BasicParserPool());
+ final BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext =
+ new BasicSAMLMessageContext<>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(request));
+
+ decode.decode(messageContext);
+
+ messageContext.setMetadataProvider(config.getMetaDataProvier());
+ final CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME,
+ SAMLConstants.SAML20P_NS));
+ criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName()));
+ criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
+
+ final MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory
+ .getFactory();
+ final MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config
+ .getMetaDataProvier());
+
+ // Verify Signature
+ final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>();
+ keyInfoProvider.add(new DSAKeyValueProvider());
+ keyInfoProvider.add(new RSAKeyValueProvider());
+ keyInfoProvider.add(new InlineX509DataProvider());
+
+ final KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
+ keyInfoProvider);
+
+ final ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(
+ credentialResolver, keyInfoResolver);
+
+ final SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ trustEngine);
+ final SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
+ final BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signatureRule);
+ policy.getPolicyRules().add(signedRole);
+ final SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
+ policy);
+ messageContext.setSecurityPolicyResolver(resolver);
+
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+
+ signatureRule.evaluate(messageContext);
+
+ final SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage();
+
+ log.info("PVP2 statusrequest or statusresponse is valid");
+
+ if (samlResponse instanceof LogoutResponse) {
+
+ final LogoutResponse sloResp = (LogoutResponse) samlResponse;
+
+ // set assertion
+ final org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
+ final String assertion = DOMUtils.serializeNode(doc);
+ bean.setAssertion(assertion);
+
+ if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
+
+ bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden.");
+
+ setAnser(request, response, bean);
+ return;
+
+ } else {
+ bean.setErrorMessage(
+ "Der Single Log-Out Vorgang war nicht erfolgreich.<br>Bitte schließen Sie aus sicherheitsgründen den Browser!");
+ setAnser(request, response, bean);
+ return;
+
+ }
+
+ } else if (samlResponse instanceof LogoutRequest) {
+ // invalidate user session
+ request.getSession().invalidate();
+
+ // build LogOutResponse
+ final LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
+ final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ sloResp.setID(gen.generateIdentifier());
+ sloResp.setIssueInstant(new DateTime());
+ final NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+ issuer.setFormat(NameIDType.ENTITY);
+ sloResp.setIssuer(issuer);
+
+ final Status status = SAML2Utils.createSAMLObject(Status.class);
+ sloResp.setStatus(status);
+ final StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ statusCode.setValue(StatusCode.SUCCESS_URI);
+ status.setStatusCode(statusCode);
+
+ final String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ // get IDP metadata from metadataprovider
+ final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+ }
+
+ // select authentication-service url from metadata
+ SingleLogoutService redirectEndpoint = null;
+ for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)
+ .getSingleLogoutServices()) {
+
+ // Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ redirectEndpoint = sss;
+ }
+ }
+ sloResp.setDestination(redirectEndpoint.getLocation());
+
+ // sign authentication request
+ final KeyStore keyStore = config.getPVP2KeyStore();
+ final X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+ final Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(authcredential);
+ sloResp.setSignature(signer);
+
+ final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ response, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
+ service.setLocation(redirectEndpoint.getLocation());
+
+ context.setOutboundSAMLMessageSigningCredential(authcredential);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(sloResp);
+ context.setOutboundMessageTransport(responseAdapter);
+ context.setRelayState(messageContext.getRelayState());
+
+ encoder.encode(context);
+
+ } else {
+ bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response");
+ setAnser(request, response, bean);
+ return;
+
+ }
+
+ } catch (final Exception e) {
+ log.warn("Internal error", e);
+ bean.setErrorMessage("Internal Error: " + e.getMessage());
+ setAnser(request, response, bean);
+ return;
+ }
+
+ } else {
+ bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding.");
+ setAnser(request, response, bean);
+ return;
+
+ }
+ }
+
+ private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean)
+ throws ServletException, IOException {
+ // store bean in session
+ request.setAttribute("answers", answersBean);
+
+ // you now can forward to some view, for example some results.jsp
+ request.getRequestDispatcher("demoapp.jsp").forward(request, response);
+
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response);
+ }
- private static final long serialVersionUID = -2129228304760706063L;
- private static final Logger log = LoggerFactory
- .getLogger(Index.class);
-
-
- private void process(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
-
- ApplicationBean bean = new ApplicationBean();
-
-
- String method = request.getMethod();
- HttpSession session = request.getSession();
- if (session == null) {
- log.info("NO HTTP Session");
- bean.setErrorMessage("NO HTTP session");
- setAnser(request, response, bean);
- return;
- }
-
- if (method.equals("GET")) {
- try {
- Configuration config = Configuration.getInstance();
-
- //Decode with HttpPost Binding
- HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
- new BasicParserPool());
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(request));
-
- decode.decode(messageContext);
-
- messageContext.setMetadataProvider(config.getMetaDataProvier());
- CriteriaSet criteriaSet = new CriteriaSet();
- criteriaSet.add(new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS));
- criteriaSet.add(new EntityIDCriteria(config.getPVP2IDPMetadataEntityName()));
- criteriaSet.add(new UsageCriteria(UsageType.SIGNING));
-
- MetadataCredentialResolverFactory credentialResolverFactory = MetadataCredentialResolverFactory.getFactory();
- MetadataCredentialResolver credentialResolver = credentialResolverFactory.getInstance(config.getMetaDataProvier());
-
- //Verify Signature
- List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>();
- keyInfoProvider.add(new DSAKeyValueProvider());
- keyInfoProvider.add(new RSAKeyValueProvider());
- keyInfoProvider.add(new InlineX509DataProvider());
-
- KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver(
- keyInfoProvider);
-
-
- ExplicitKeySignatureTrustEngine trustEngine = new ExplicitKeySignatureTrustEngine(credentialResolver, keyInfoResolver);
-
-
- SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
- trustEngine);
- SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
- BasicSecurityPolicy policy = new BasicSecurityPolicy();
- policy.getPolicyRules().add(signatureRule);
- policy.getPolicyRules().add(signedRole);
- SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
- policy);
- messageContext.setSecurityPolicyResolver(resolver);
-
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
- signatureRule.evaluate(messageContext);
-
- SignableXMLObject samlResponse = (SignableXMLObject) messageContext.getInboundMessage();
-
-
-
- log.info("PVP2 statusrequest or statusresponse is valid");
-
-
- if (samlResponse instanceof LogoutResponse) {
-
- LogoutResponse sloResp = (LogoutResponse) samlResponse;
-
- //set assertion
- org.w3c.dom.Document doc = SAML2Utils.asDOMDocument(samlResponse);
- String assertion = DOMUtils.serializeNode(doc);
- bean.setAssertion(assertion);
-
- if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
-
- bean.setSuccessMessage("Der Single Log-Out Vorgang konnte erfolgreich durchgeführt werden.");
-
- setAnser(request, response, bean);
- return;
-
- } else {
- bean.setErrorMessage("Der Single Log-Out Vorgang war nicht erfolgreich.<br>Bitte schließen Sie aus sicherheitsgründen den Browser!");
- setAnser(request, response, bean);
- return;
-
- }
-
- } else if (samlResponse instanceof LogoutRequest) {
- //invalidate user session
- request.getSession().invalidate();
-
- //build LogOutResponse
- LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- sloResp.setID(gen.generateIdentifier());
- sloResp.setIssueInstant(new DateTime());
- NameID name = SAML2Utils.createSAMLObject(NameID.class);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
- name.setValue(serviceURL);
- issuer.setValue(serviceURL);
- issuer.setFormat(NameIDType.ENTITY);
- sloResp.setIssuer(issuer);
-
- Status status = SAML2Utils.createSAMLObject(Status.class);
- sloResp.setStatus(status);
- StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
- statusCode.setValue(StatusCode.SUCCESS_URI);
- status.setStatusCode(statusCode );
-
- String entityname = config.getPVP2IDPMetadataEntityName();
- if (MiscUtil.isEmpty(entityname)) {
- log.info("No IDP EntityName configurated");
- throw new ConfigurationException("No IDP EntityName configurated");
- }
-
- //get IDP metadata from metadataprovider
- HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
- EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
- if (idpEntity == null) {
- log.info("IDP EntityName is not found in IDP Metadata");
- throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
- }
-
- //select authentication-service url from metadata
- SingleLogoutService redirectEndpoint = null;
- for (SingleLogoutService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) {
-
- //Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- redirectEndpoint = sss;
- }
- }
- sloResp.setDestination(redirectEndpoint.getLocation());
-
- //sign authentication request
- KeyStore keyStore = config.getPVP2KeyStore();
- X509Credential authcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestKeyAlias(),
- config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
-
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(authcredential);
- sloResp.setSignature(signer);
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- response, true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- service.setLocation(redirectEndpoint.getLocation());;
-
- context.setOutboundSAMLMessageSigningCredential(authcredential);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(sloResp);
- context.setOutboundMessageTransport(responseAdapter);
- context.setRelayState(messageContext.getRelayState());
-
- encoder.encode(context);
-
- } else {
- bean.setErrorMessage("Kein gültiger LogOut Request oder LogOut Response");
- setAnser(request, response, bean);
- return;
-
- }
-
-
- } catch (Exception e) {
- log.warn("Internal error", e);
- bean.setErrorMessage("Internal Error: " + e.getMessage());
- setAnser(request, response, bean);
- return;
- }
-
- } else {
- bean.setErrorMessage("Die Demoapplikation unterstützt nur SAML2 POST-Binding.");
- setAnser(request, response, bean);
- return;
-
- }
- }
-
- private void setAnser(HttpServletRequest request, HttpServletResponse response, ApplicationBean answersBean) throws ServletException, IOException {
- // store bean in session
- request.setAttribute("answers", answersBean);
-
- // you now can forward to some view, for example some results.jsp
- request.getRequestDispatcher("demoapp.jsp").forward(request, response);
-
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
- process(request, response);
- }
-
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- process(request, response);
- }
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response);
+ }
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
index 9bd0ff2e3..49d7b2cc6 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
@@ -62,156 +62,158 @@ import at.gv.egovernment.moa.id.demoOA.exception.ConfigurationException;
import at.gv.egovernment.moa.id.demoOA.utils.SAML2Utils;
import at.gv.egovernment.moa.util.MiscUtil;
-
/**
* Servlet implementation class Authenticate
*/
public class SingleLogOut extends HttpServlet {
- private static final long serialVersionUID = 1L;
-
- private static final Logger log = LoggerFactory
- .getLogger(SingleLogOut.class);
-
- /**
- * @see HttpServlet#HttpServlet()
- */
- public SingleLogOut() {
- super();
- DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- try {
- builder = factory.newDocumentBuilder();
-
- } catch (ParserConfigurationException e) {
- log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
- }
- }
-
- DocumentBuilder builder;
-
-
- //generate AuthenticationRequest
- protected void process(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- try {
-
- Configuration config = Configuration.getInstance();
- config.initializePVP2Login();
-
- String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT);
- String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID);
-
- if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) {
- log.warn("No user information found. Single Log-Out not possible");
- throw new ServletException("No user information found. Single Log-Out not possible");
-
- } else
- log.info("Fount user information for user nameID: " + nameID
- + " , nameIDFormat: " + nameIDFormat
- + ". Build Single Log-Out request ...");
-
- //invalidate local session
- request.getSession().invalidate();
-
- //build Single LogOut request
- LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
- SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
- sloReq.setID(gen.generateIdentifier());
- sloReq.setIssueInstant(new DateTime());
- NameID name = SAML2Utils.createSAMLObject(NameID.class);
- Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
-
- String serviceURL = config.getPublicUrlPreFix(request);
- if (!serviceURL.endsWith("/"))
- serviceURL = serviceURL + "/";
- name.setValue(serviceURL);
- issuer.setValue(serviceURL);
- issuer.setFormat(NameIDType.ENTITY);
- sloReq.setIssuer(issuer);
-
- NameID userNameID = SAML2Utils.createSAMLObject(NameID.class);
- sloReq.setNameID(userNameID);
- userNameID.setFormat(nameIDFormat);
- userNameID.setValue(nameID);
-
- String entityname = config.getPVP2IDPMetadataEntityName();
- if (MiscUtil.isEmpty(entityname)) {
- log.info("No IDP EntityName configurated");
- throw new ConfigurationException("No IDP EntityName configurated");
- }
-
- //get IDP metadata from metadataprovider
- HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
- EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
- if (idpEntity == null) {
- log.info("IDP EntityName is not found in IDP Metadata");
- throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
- }
-
- //select authentication-service url from metadata
- SingleLogoutService redirectEndpoint = null;
- for (SingleLogoutService sss :
- idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) {
-
- //Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
- redirectEndpoint = sss;
- }
- }
- sloReq.setDestination(redirectEndpoint.getLocation());
-
- //sign authentication request
- KeyStore keyStore = config.getPVP2KeyStore();
- X509Credential authcredential = new KeyStoreX509CredentialAdapter(
- keyStore,
- config.getPVP2KeystoreAuthRequestKeyAlias(),
- config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
-
- Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
- signer.setSigningCredential(authcredential);
- sloReq.setSignature(signer);
-
- HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
- HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- response
- , true);
- BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- SingleSignOnService service = new SingleSignOnServiceBuilder()
- .buildObject();
- service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
- service.setLocation(redirectEndpoint.getLocation());
- context.setOutboundSAMLMessageSigningCredential(authcredential);
- context.setPeerEntityEndpoint(service);
- context.setOutboundSAMLMessage(sloReq);
- context.setOutboundMessageTransport(responseAdapter);
-
- encoder.encode(context);
-
- } catch (Exception e) {
- log.warn("Authentication Request can not be generated", e);
- throw new ServletException("Authentication Request can not be generated.", e);
- }
- }
-
- /**
- * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doGet(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
-
- process(request, response);
- }
-
- /**
- * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
- * response)
- */
- protected void doPost(HttpServletRequest request,
- HttpServletResponse response) throws ServletException, IOException {
- process(request, response);
- }
+ private static final long serialVersionUID = 1L;
+
+ private static final Logger log = LoggerFactory
+ .getLogger(SingleLogOut.class);
+
+ /**
+ * @see HttpServlet#HttpServlet()
+ */
+ public SingleLogOut() {
+ super();
+ final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ try {
+ builder = factory.newDocumentBuilder();
+
+ } catch (final ParserConfigurationException e) {
+ log.warn("PVP2 AuthenticationServlet can not be initialized.", e);
+ }
+ }
+
+ DocumentBuilder builder;
+
+ // generate AuthenticationRequest
+ protected void process(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ try {
+
+ final Configuration config = Configuration.getInstance();
+ config.initializePVP2Login();
+
+ final String nameIDFormat = (String) request.getSession().getAttribute(Constants.SESSION_NAMEIDFORMAT);
+ final String nameID = (String) request.getSession().getAttribute(Constants.SESSION_NAMEID);
+
+ if (MiscUtil.isEmpty(nameID) || MiscUtil.isEmpty(nameIDFormat)) {
+ log.warn("No user information found. Single Log-Out not possible");
+ throw new ServletException("No user information found. Single Log-Out not possible");
+
+ } else {
+ log.info("Fount user information for user nameID: " + nameID
+ + " , nameIDFormat: " + nameIDFormat
+ + ". Build Single Log-Out request ...");
+ }
+
+ // invalidate local session
+ request.getSession().invalidate();
+
+ // build Single LogOut request
+ final LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class);
+ final SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+ sloReq.setID(gen.generateIdentifier());
+ sloReq.setIssueInstant(new DateTime());
+ final NameID name = SAML2Utils.createSAMLObject(NameID.class);
+ final Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
+
+ String serviceURL = config.getPublicUrlPreFix(request);
+ if (!serviceURL.endsWith("/")) {
+ serviceURL = serviceURL + "/";
+ }
+ name.setValue(serviceURL);
+ issuer.setValue(serviceURL);
+ issuer.setFormat(NameIDType.ENTITY);
+ sloReq.setIssuer(issuer);
+
+ final NameID userNameID = SAML2Utils.createSAMLObject(NameID.class);
+ sloReq.setNameID(userNameID);
+ userNameID.setFormat(nameIDFormat);
+ userNameID.setValue(nameID);
+
+ final String entityname = config.getPVP2IDPMetadataEntityName();
+ if (MiscUtil.isEmpty(entityname)) {
+ log.info("No IDP EntityName configurated");
+ throw new ConfigurationException("No IDP EntityName configurated");
+ }
+
+ // get IDP metadata from metadataprovider
+ final HTTPMetadataProvider idpmetadata = config.getMetaDataProvier();
+ final EntityDescriptor idpEntity = idpmetadata.getEntityDescriptor(entityname);
+ if (idpEntity == null) {
+ log.info("IDP EntityName is not found in IDP Metadata");
+ throw new ConfigurationException("IDP EntityName is not found in IDP Metadata");
+ }
+
+ // select authentication-service url from metadata
+ SingleLogoutService redirectEndpoint = null;
+ for (final SingleLogoutService sss : idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS)
+ .getSingleLogoutServices()) {
+
+ // Get the service address for the binding you wish to use
+ if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
+ redirectEndpoint = sss;
+ }
+ }
+ sloReq.setDestination(redirectEndpoint.getLocation());
+
+ // sign authentication request
+ final KeyStore keyStore = config.getPVP2KeyStore();
+ final X509Credential authcredential = new KeyStoreX509CredentialAdapter(
+ keyStore,
+ config.getPVP2KeystoreAuthRequestKeyAlias(),
+ config.getPVP2KeystoreAuthRequestKeyPassword().toCharArray());
+
+ final Signature signer = SAML2Utils.createSAMLObject(Signature.class);
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ signer.setSigningCredential(authcredential);
+ sloReq.setSignature(signer);
+
+ final HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
+ final HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
+ response, true);
+ final BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context =
+ new BasicSAMLMessageContext<>();
+ final SingleSignOnService service = new SingleSignOnServiceBuilder()
+ .buildObject();
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(redirectEndpoint.getLocation());
+ context.setOutboundSAMLMessageSigningCredential(authcredential);
+ context.setPeerEntityEndpoint(service);
+ context.setOutboundSAMLMessage(sloReq);
+ context.setOutboundMessageTransport(responseAdapter);
+
+ encoder.encode(context);
+
+ } catch (final Exception e) {
+ log.warn("Authentication Request can not be generated", e);
+ throw new ServletException("Authentication Request can not be generated.", e);
+ }
+ }
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doGet(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+
+ process(request, response);
+ }
+
+ /**
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse
+ * response)
+ */
+ @Override
+ protected void doPost(HttpServletRequest request,
+ HttpServletResponse response) throws ServletException, IOException {
+ process(request, response);
+ }
}
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
index 1dcc66a56..9dc0d1d6f 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
@@ -47,19 +47,19 @@ public class AttributeListBuilder implements PVPConstants{
//select PVP2 attributes which are needed for this application
- requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
requestedAttributes.add(buildReqAttribute(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(BPK_NAME, BPK_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, true));
- requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_CITIZEN_QAA_LEVEL_NAME, EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_SIGNER_CERTIFICATE_NAME, EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false));
- requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_CCS_URL_NAME, EID_CCS_URL_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(EID_AUTH_BLOCK_NAME, EID_AUTH_BLOCK_FRIENDLY_NAME, false));
- requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, true));
+ requestedAttributes.add(buildReqAttribute(EID_IDENTITY_LINK_NAME, EID_IDENTITY_LINK_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_FULL_MANDATE_NAME, MANDATE_FULL_MANDATE_FRIENDLY_NAME, false));
diff --git a/id/oa/src/main/resources/logback.xml b/id/oa/src/main/resources/logback.xml
new file mode 100644
index 000000000..b94b7476a
--- /dev/null
+++ b/id/oa/src/main/resources/logback.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <appender name="DEMO_SP" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-demo-sp.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-demo-sp.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTrimoa-demo-spggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="at.gv.egovernment.moa.id.demoOA" level="info">
+ <appender-ref ref="DEMO_SP"/>
+ </logger>
+
+ <root level="warn">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>
diff --git a/id/pom.xml b/id/pom.xml
index 84506b71c..95dd3a3f5 100644
--- a/id/pom.xml
+++ b/id/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>MOA</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/id/readme_4.1.6-RC1.txt b/id/readme_4.1.6-RC1.txt
new file mode 100644
index 000000000..d3388ce82
--- /dev/null
+++ b/id/readme_4.1.6-RC1.txt
@@ -0,0 +1,573 @@
+===============================================================================
+MOA ID Version Release 4.1.6-RC1 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 4.1.6 unterstützt MOA-ID nun wieder Authentifizierung mittels
+Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum
+zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis.
+Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch
+history.txt im gleichen Verzeichnis).
+
+ - Änderungen
+ - Aktualisierung von Dritthersteller Bibliotheken
+
+Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen
+ Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader
+ im Tomcat Appliactionsserver kommen kann.
+
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
+angebebenen Updateschritte.
+
+Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend
+übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter
+nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist
+ein Löschen der bestehenden Konfiguration nicht zwingend notwendig.
+Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue
+E-ID Proxy Authentifizierungsmodul hinzugefügt wurde.
+
+Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x
+reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
+Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
+Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x.
+
+...............................................................................
+B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.6
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.6
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+6.1 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+6.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+ > -Dhttp.nonProxyHosts=
+
+7. Neue Zertifikate für die Anbindung an das E-ID System
+7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.6
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+7.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+7.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+7.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+8. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System
+9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.6
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System
+10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.6
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.6
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+ 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+ 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
+ Verzeichnis CATALINA_HOME_ID\endorsed.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+
+12. Optionale Updates:
+12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect'
+ sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber
+ für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer
+ Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'.
+ Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch:
+ a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+
+...............................................................................
+B.6 Durchführung eines Updates von Version < 3.0.0
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/readme_4.1.6.txt b/id/readme_4.1.6.txt
new file mode 100644
index 000000000..15973c13d
--- /dev/null
+++ b/id/readme_4.1.6.txt
@@ -0,0 +1,574 @@
+===============================================================================
+MOA ID Version Release 4.1.6 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 4.1.6 unterstützt MOA-ID nun wieder Authentifizierung mittels
+Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum
+zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis.
+Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch
+history.txt im gleichen Verzeichnis).
+
+ - Änderungen
+ - Erfordert mindestens Java 8
+ - Aktualisierung von Dritthersteller Bibliotheken
+
+Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen
+ Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader
+ im Tomcat Appliactionsserver kommen kann.
+
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
+angebebenen Updateschritte.
+
+Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend
+übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter
+nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist
+ein Löschen der bestehenden Konfiguration nicht zwingend notwendig.
+Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue
+E-ID Proxy Authentifizierungsmodul hinzugefügt wurde.
+
+Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x
+reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
+Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
+Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x.
+
+...............................................................................
+B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.6
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.6
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+6.1 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+6.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+ > -Dhttp.nonProxyHosts=
+
+7. Neue Zertifikate für die Anbindung an das E-ID System
+7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.6
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+7.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+7.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+7.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+8. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System
+9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.6
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System
+10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.6
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.6
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.6.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+ 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+ 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
+ Verzeichnis CATALINA_HOME_ID\endorsed.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+
+12. Optionale Updates:
+12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect'
+ sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber
+ für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer
+ Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'.
+ Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch:
+ a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+
+...............................................................................
+B.6 Durchführung eines Updates von Version < 3.0.0
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/readme_4.1.7.txt b/id/readme_4.1.7.txt
new file mode 100644
index 000000000..a39ad572b
--- /dev/null
+++ b/id/readme_4.1.7.txt
@@ -0,0 +1,574 @@
+===============================================================================
+MOA ID Version Release 4.1.7 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 4.1.7 unterstützt MOA-ID nun wieder Authentifizierung mittels
+Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum
+zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis.
+Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch
+history.txt im gleichen Verzeichnis).
+
+ - Änderungen
+ - Erfordert mindestens Java 8
+ - Aktualisierung von Dritthersteller Bibliotheken
+
+Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen
+ Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader
+ im Tomcat Appliactionsserver kommen kann.
+
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
+angebebenen Updateschritte.
+
+Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend
+übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter
+nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist
+ein Löschen der bestehenden Konfiguration nicht zwingend notwendig.
+Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue
+E-ID Proxy Authentifizierungsmodul hinzugefügt wurde.
+
+Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x
+reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
+Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
+Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x.
+
+...............................................................................
+B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.1.7
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.1.7
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+6.1 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+6.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+ > -Dhttp.nonProxyHosts=
+
+7. Neue Zertifikate für die Anbindung an das E-ID System
+7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.1.7
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+7.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+7.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+7.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+8. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System
+9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.1.7
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System
+10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.1.7
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.1.7
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.1.7.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+ 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+ 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
+ Verzeichnis CATALINA_HOME_ID\endorsed.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+
+12. Optionale Updates:
+12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect'
+ sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber
+ für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer
+ Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'.
+ Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch:
+ a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+
+...............................................................................
+B.6 Durchführung eines Updates von Version < 3.0.0
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/readme_4.2.0.txt b/id/readme_4.2.0.txt
new file mode 100644
index 000000000..9e02a41d1
--- /dev/null
+++ b/id/readme_4.2.0.txt
@@ -0,0 +1,594 @@
+===============================================================================
+MOA ID Version Release 4.2.0 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 4.2.0 unterstützt MOA-ID nun wieder Authentifizierung mittels
+Bürgerkarte, Handy-Signatur oder eIDAS als auch den Betrieb als SAML1 Proxy zum
+zentralen E-ID System entsprechend dem neuen elektronischen Identitätsnachweis.
+Im Detail umfasst das folgende Neuerungen und Änderungen (siehe auch
+history.txt im gleichen Verzeichnis).
+
+ - Änderungen
+ - Erfordert mindestens Java 8
+ - Aktualisierung von Dritthersteller Bibliotheken
+ - Wechsel von log4j auf logback
+
+Hinweis: Vor einem Parallelbetrieb von MOA-ID und MOA-SPSS als eigenständige Web-Applikationen in der gleichen
+ Apache Tomcat Instanz wird seit Java >= 9 abgeraten da es potentiell zu Problem mit dem Java Classloader
+ im Tomcat Appliactionsserver kommen kann.
+
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
+angebebenen Updateschritte.
+
+Hinweis: Die bestehende Konfiguration von MOA-ID 3.x.x kann weitestgehend
+übernommen werden da mit dem Update auf die Version 4.0.x viele Konfigurationsparameter
+nicht mehr erforderlich sind und somit (sofern vorhanden) ignoriert werden. Somit ist
+ein Löschen der bestehenden Konfiguration nicht zwingend notwendig.
+Für den Betrieb als E-ID Proxy muss in diesem Fall nur die Konfiguration für das das neue
+E-ID Proxy Authentifizierungsmodul hinzugefügt wurde.
+
+Hinweis: Wenn Sie die bestehende Konfiguration von MOA-ID 2.x.x in MOA-ID 4.0.x
+reimportieren möchten, so muss diese vor dem Update mit Hilfe der import/export
+Funktion der grafischen Konfigurationsoberfläche in eine Datei exportiert werden.
+Diese Datei dient dann als Basis für den Import in MOA-ID 4.0.x.
+
+...............................................................................
+B.0 Durchführung eines Updates von Version 4.1.5 auf Version 4.2.0
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des
+ Java Startparameters:
+ -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
+
+7. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 4.1.2 auf Version 4.2.0
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+6.1 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+6.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+ > -Dhttp.nonProxyHosts=
+6.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des
+ Java Startparameters:
+ -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
+
+7. Neue Zertifikate für die Anbindung an das E-ID System
+7.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 4.1.x auf Version 4.2.0
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+4 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 4.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 4.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+7.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+7.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+7.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+7.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des
+ Java Startparameters:
+ -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
+
+8. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+9. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und für die Anbindung an das E-ID System
+9.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+9.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 4.0.0 auf Version 4.2.0
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.endpoint.appreginfo.enable
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.2 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des
+ Java Startparameters:
+ -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
+
+9. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+10. Neue A-Trust Zertifikate für Handy-Signatur Anmeldung und die Anbindung an das E-ID System
+10.1 Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+10.2 Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+11. Zusätzliche Funktionalität für den MOA E-ID Proxy Mode:
+ Mit der Version 4.1.2 des MOA E-ID Proxy wurde die eindeutigen Applikationsidentifier
+ von Onlineapplikationen am MOA E-ID Proxy, welche im zentralen Applikationsregister
+ registriert werden müssen, geändert um die Eindeutigkeit im Applikationsregister gewährleisten
+ zu können. Somit können die Unique Identifier (PublicUrlPrefix) aus der MOA E-ID Proxy
+ konfiguration nicht mehr direkt für die Registriergung am E-ID System verwendet werden.
+ Der MOA E-ID Proxy bietet unter der URL $MOA_EID_PROXY$/eid/getappregid (z.B.
+ https://demo.egiz.gv.at/moa-id-auth/eid/getappregid?OA=https://labda.iaik.tugraz.at:5553/demologin/test1)
+ einen Endpunkt an über der eindeute Identifier für die Eintragung ins Applikationsregister abgefragt
+ werde kann. Als Abfrageparameter dienen die selben Parameter wie sie auch für einen SAML1
+ Authentifizierungsrequest verwendet werden (siehe Handbuch
+ https://apps.egiz.gv.at/handbooks/moa-id/handbook/protocol/protocol.html#saml1_startauth).
+ Eine Abfrage ist jedoch nur für am MOA E-ID Proxy registrierte Onlineapplikationen möglich.
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 3.4.x auf Version 4.2.0
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des
+ Java Startparameters:
+ -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.5 Durchführung eines Updates von Version 3.x.x auf Version 4.2.0
+...............................................................................
+1. Exportieren Sie die aktuelle Konfiguration von MOA-ID mit Hilfe der import/export
+ Funktion der grafischen Konfigurationsoberfläche in eine Datei. Dieser Export
+ dient nur als Backup und wird für den Updateprozess nicht zwingend benötigt.
+
+2. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+3. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-4.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+4. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war
+ als auch das komplette Verzeichnis moa-id-auth.
+
+5 Umstellung auf Java JDK 9
+ Die 'JAVA_HOME\jre\lib\ext' und die 'CATALINA_HOME_ID\endorsed' wird in Java 9
+ nicht mehr unterstützt und entsprechende Referenzen müssen aus den Start-Scripts
+ entfernt werden. Ab MOA-ID 3.3.2 sind die Bibliotheken, welche früher in
+ den beiden Verzeichnissen hinterlegt waren, direkt in MOA-ID integriert.
+ Falls sie eine Java Version < 9 verwenden und aktuell Bibliotheken in diesen
+ Verzeichnissen abgelegt haben müssen diese aktualisiert werden:
+
+ 5.1. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+ 5.2. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.6.x wird nicht mehr
+ unterstuetzt).
+
+ 5.3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+ 5.4 Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
+ Verzeichnis CATALINA_HOME_ID\endorsed.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+8.1 Anbindung an das zentrale E-ID System
+ > modules.eidproxyauth.keystore.path=
+ > modules.eidproxyauth.keystore.password=
+ > modules.eidproxyauth.metadata.sign.password=password
+ > modules.eidproxyauth.metadata.sign.alias=pvp_metadata
+ > modules.eidproxyauth.request.sign.password=password
+ > modules.eidproxyauth.request.sign.alias=pvp_assertion
+ > modules.eidproxyauth.response.encryption.password=password
+ > modules.eidproxyauth.response.encryption.alias=pvp_assertion
+ > modules.eidproxyauth.EID.trustprofileID=eid_metadata
+ > modules.eidproxyauth.endpoint.appreginfo.enable=true
+8.2 SAML1 Requestparameter Validierung
+ >configuration.validate.saml1.parameter.strict
+8.3 HTTP Proxy Konfiguration via JAVA System-Properties
+ > -Dhttp.proxyHost=
+ > -Dhttp.proxyPort=
+ > -Dhttp.proxyUser=
+ > -Dhttp.proxyPassword=
+8.3 Falls Sie eine externe Logger-Konfiguration konfigurieren Sie diese mittels des
+ Java Startparameters:
+ -Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
+
+9. Update der MOA-SPSS Konfiguration
+ a.) Erstellen Sie eine Sicherungskopie der Verzeichnisse:
+ - CATALINA_HOME\conf\moa-spss
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\EID_metadata
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\trustProfiles\EID_metadata
+ c.) Kopieren Sie die Datei MOA_ID_INST_AUTH\conf\moa-spss\SampleMOASPSSConfiguration.xml
+ in das Verzeichnis CATALINA_HOME\conf\moa-spss\ , oder aktualisieren Sie ihre aktuell
+ verwendete MOA-SPSS Konfiguration manuell. Folgende Teile wurden ergänzt:
+ ...
+ <cfg:Id>eid_metadata</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/EID_metadata</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ ...
+ d.) Kopieren sie folgende Zertifikate in den jeweiligen TrustStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Mobile-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Testsystem_eid2.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-spss/trustProfiles/EID_metadata/E-ID_Prodsystem_eid.oesterreich.gv.at.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/Terena_SSL_CA3.crt
+ > MOA_ID_AUTH_INST/conf/moa-id/certs/ca-certs/DigiCert_Assured_ID_Root_CA.crt
+
+ e.) Kopieren sie folgende Zertifikate in den CertStore ihrer MOA-ID Konfiguration
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Sig-07.cer
+ > MOA_ID_AUTH_INST/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Mobile-07.cer
+
+
+10. Update the MOA-ID Konfiguration via Web-basierten Konfigurationstool
+ Diese Schitte können erst nach der Installation und dem Start der Applikation
+ moa-id-configuration.war durchgeführt werden
+10.1 Anbindung das zentrale E-ID System
+ a.) Bekanntgabe von Endpunkten (Produktiv, Test, ... ) der zu verwendenten
+ IDPs des zentralen E-ID Systems
+
+ b.) Auswahl des gewünschte EndPunkts je Online-Applikation
+ sofern im Schritt a. mehr als Ein Endpunkt konfiguriert wurde.
+ Hinweis: Als Default wird immer der Erste im Schritt a. hinterlegte Endpunkt verwendet
+
+11. Geänderte GUI Templates
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/css_template.css
+ > MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/javascript_tempalte.js
+
+
+12. Optionale Updates:
+12.1. Die mySQL Treiber 'com.mysql.jdbc.Drive' und 'org.hibernate.dialect.MySQLDialect'
+ sind deprecated für aktuelle mySQL DB Versionen. Der neue Treiber
+ für mySQL Datenbanken lautet 'com.mysql.cj.jdbc.Driver' und ein aktuellerer
+ Hibernate Dialect lautet 'org.hibernate.dialect.MySQL5Dialect'.
+ Sollte es zu Problemen kommen ersetzen Sie entsprechenden Zeilen durch:
+ a.) Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ moasession.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ moasession.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ configuration.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ configuration.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect
+ advancedlogging.hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+ b.) Konfigurationsdatei CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ hibernate.connection.driver_class=com.mysql.cj.jdbc.Driver
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+
+...............................................................................
+B.6 Durchführung eines Updates von Version < 3.0.0
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth-edu/pom.xml b/id/server/auth-edu/pom.xml
index 5a743549b..53cbacedf 100644
--- a/id/server/auth-edu/pom.xml
+++ b/id/server/auth-edu/pom.xml
@@ -2,7 +2,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -207,7 +207,12 @@
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId>
</dependency>
-
+
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-dummy-authenticatiuon</artifactId>
+ </dependency>
+
<dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-sl20_authentication</artifactId>
@@ -223,6 +228,16 @@
<artifactId>moa-id-module-EID_connector</artifactId>
</dependency>
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-ehvd_integration</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </dependency>
+
<!--
<dependency>
<groupId>org.apache.santuario</groupId>
diff --git a/id/server/auth-edu/src/main/resources/logback.xml b/id/server/auth-edu/src/main/resources/logback.xml
new file mode 100644
index 000000000..582f6d44c
--- /dev/null
+++ b/id/server/auth-edu/src/main/resources/logback.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <appender name="moaid" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-id.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-id.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="moaspss" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-spss.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-id-reversion.log</File>
+ <encoder>
+ <pattern>%5p | %d{ISO8601} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>9999</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-id-reversion.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="at.gv.egovernment.moa.id" level="info">
+ <appender-ref ref="moaid"/>
+ </logger>
+
+ <logger name="at.gv.egiz.eventlog.plain.all" level="info">
+ <appender-ref ref="reversion"/>
+ </logger>
+
+ <logger name="at.gv.egiz.eaaf" level="info">
+ <appender-ref ref="moaid"/>
+ </logger>
+ <logger name="at.gv.egiz.components.configuration" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+
+ <logger name="at.gv.egovernment.moa.spss" level="info">
+ <appender-ref ref="moaspss"/>
+ </logger>
+ <logger name="pki" level="info">
+ <appender-ref ref="moaspss"/>
+ </logger>
+ <logger name="iaik.server" level="info">
+ <appender-ref ref="moaspss"/>
+ </logger>
+
+ <root level="warn">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>
diff --git a/id/server/auth-final/pom.xml b/id/server/auth-final/pom.xml
index 72d5b51d7..e83448eec 100644
--- a/id/server/auth-final/pom.xml
+++ b/id/server/auth-final/pom.xml
@@ -2,7 +2,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -170,7 +170,16 @@
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-EID_connector</artifactId>
</dependency>
+
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-ehvd_integration</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ </dependency>
<!-- transitive dependencies we don't want to include into the war -->
<dependency>
diff --git a/id/server/data/deploy/conf/moa-id/logback_config.xml b/id/server/auth-final/src/main/resources/logback.xml
index fa221fbc2..0e86d3c68 100644
--- a/id/server/data/deploy/conf/moa-id/logback_config.xml
+++ b/id/server/auth-final/src/main/resources/logback.xml
@@ -1,12 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
-
-<!-- For assistance related to logback-translator or configuration -->
-<!-- files in general, please contact the logback user mailing list -->
-<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
-<!-- -->
-<!-- For professional support please see -->
-<!-- http://www.qos.ch/shop/products/professionalSupport -->
-<!-- -->
<configuration>
<appender name="moaid" class="ch.qos.logback.core.rolling.RollingFileAppender">
<!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
@@ -16,7 +8,7 @@
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<maxIndex>1</maxIndex>
- <FileNamePattern>${catalina.base}/logs/moa-id.log.%i</FileNamePattern>
+ <FileNamePattern>${catalina.base}/logs/moa-id.log.%i.gz</FileNamePattern>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>10000KB</MaxFileSize>
@@ -30,7 +22,7 @@
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<maxIndex>1</maxIndex>
- <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i</FileNamePattern>
+ <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i.gz</FileNamePattern>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>10000KB</MaxFileSize>
@@ -44,7 +36,7 @@
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<maxIndex>1</maxIndex>
- <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i</FileNamePattern>
+ <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i.gz</FileNamePattern>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>10000KB</MaxFileSize>
@@ -52,13 +44,13 @@
</appender>
<appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender">
<!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
- <File>${catalina.base}/moa-id-reversion.log</File>
+ <File>${catalina.base}/logs/moa-id-reversion.log</File>
<encoder>
<pattern>%5p | %d{ISO8601} | %t | %m%n</pattern>
</encoder>
<rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
<maxIndex>9999</maxIndex>
- <FileNamePattern>${catalina.base}/moa-id-reversion.log.%i</FileNamePattern>
+ <FileNamePattern>${catalina.base}/logs/moa-id-reversion.log.%i.gz</FileNamePattern>
</rollingPolicy>
<triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
<MaxFileSize>10000KB</MaxFileSize>
@@ -68,37 +60,40 @@
<encoder>
<pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern>
</encoder>
- </appender>
- <logger name="at.gv.egiz.eaaf" level="info">
+ </appender>
+
+ <logger name="at.gv.egovernment.moa.id" level="info">
<appender-ref ref="moaid"/>
</logger>
- <logger name="at.gv.egovernment.moa.spss" level="info">
- <appender-ref ref="moaspss"/>
- </logger>
- <logger name="pki" level="info">
- <appender-ref ref="moaspss"/>
- </logger>
- <logger name="at.gv.egovernment.moa.id.commons" level="info">
- <appender-ref ref="CONFIGTOOL"/>
+
+ <logger name="at.gv.egiz.eventlog.plain.all" level="info">
+ <appender-ref ref="reversion"/>
</logger>
+
<logger name="at.gv.egovernment.moa.id.configuration" level="info">
<appender-ref ref="CONFIGTOOL"/>
</logger>
- <logger name="at.gv.egiz.eventlog.plain.all" level="info">
- <appender-ref ref="reversion"/>
- </logger>
<logger name="at.gv.egovernment.moa.id.config.webgui" level="info">
<appender-ref ref="CONFIGTOOL"/>
</logger>
+
+ <logger name="at.gv.egiz.eaaf" level="info">
+ <appender-ref ref="moaid"/>
+ </logger>
<logger name="at.gv.egiz.components.configuration" level="info">
<appender-ref ref="CONFIGTOOL"/>
</logger>
- <logger name="at.gv.egovernment.moa.id" level="info">
- <appender-ref ref="moaid"/>
+
+ <logger name="at.gv.egovernment.moa.spss" level="info">
+ <appender-ref ref="moaspss"/>
</logger>
+ <logger name="pki" level="info">
+ <appender-ref ref="moaspss"/>
+ </logger>
<logger name="iaik.server" level="info">
<appender-ref ref="moaspss"/>
</logger>
+
<root level="warn">
<appender-ref ref="stdout"/>
</root>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/logback.xml b/id/server/data/deploy/conf/moa-id-configuration/logback.xml
new file mode 100644
index 000000000..fc7508598
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-configuration/logback.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-id-webgui.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="at.gv.egovernment.moa.id.configuration" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+ <logger name="at.gv.egovernment.moa.id.config.webgui" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+
+ <logger name="at.gv.egiz.eaaf" level="info">
+ <appender-ref ref="moaid"/>
+ </logger>
+ <logger name="at.gv.egiz.components.configuration" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+
+ <root level="warn">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>
diff --git a/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml b/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml
deleted file mode 100644
index c00e62e52..000000000
--- a/id/server/data/deploy/conf/moa-id-configuration/logback_config.xml
+++ /dev/null
@@ -1,71 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!-- For assistance related to logback-translator or configuration -->
-<!-- files in general, please contact the logback user mailing list -->
-<!-- at http://www.qos.ch/mailman/listinfo/logback-user -->
-<!-- -->
-<!-- For professional support please see -->
-<!-- http://www.qos.ch/shop/products/professionalSupport -->
-<!-- -->
-<configuration>
- <!-- Errors were reported during translation. -->
- <!-- No class found for appender CONFIGTOOL R -->
- <!-- Could not find transformer for null -->
- <appender name="R" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
- <File>${catalina.base}/logs/moa-id.log</File>
- <encoder>
- <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>1</maxIndex>
- <FileNamePattern>${catalina.base}/logs/moa-id.log.%i</FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <MaxFileSize>10000KB</MaxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="CONFIGTOOL R">
- <!--No layout specified for appender named [CONFIGTOOL R] of class [null]-->
- </appender>
- <appender name="CONFIGTOOL" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
- <File>${catalina.base}/logs/moa-id-webgui.log</File>
- <encoder>
- <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} | %t | %m%n</pattern>
- </encoder>
- <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
- <maxIndex>1</maxIndex>
- <FileNamePattern>${catalina.base}/logs/moa-id-webgui.log.%i</FileNamePattern>
- </rollingPolicy>
- <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
- <MaxFileSize>10000KB</MaxFileSize>
- </triggeringPolicy>
- </appender>
- <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
- <encoder>
- <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{transactionId} |%20.20c | %10t | %m%n</pattern>
- </encoder>
- </appender>
- <logger name="eu.stork" level="info"/>
- <logger name="iaik.server" level="info"/>
- <logger name="at.gv.egovernment.moa.id" level="info">
- <appender-ref ref="R"/>
- </logger>
- <logger name="at.gv.egovernment.moa.id.commons" level="info">
- <appender-ref ref="CONFIGTOOL R"/>
- </logger>
- <logger name="org.hibernate" level="warn"/>
- <logger name="at.gv.egiz.components.configuration" level="info">
- <appender-ref ref="CONFIGTOOL"/>
- </logger>
- <logger name="at.gv.egovernment.moa.id.proxy" level="info"/>
- <logger name="at.gv.egovernment.moa.id.config.webgui" level="info">
- <appender-ref ref="CONFIGTOOL"/>
- </logger>
- <logger name="at.gv.egovernment.moa.spss" level="info"/>
- <logger name="at.gv.egovernment.moa" level="info"/>
- <root level="info">
- <appender-ref ref="stdout"/>
- </root>
-</configuration>
diff --git a/id/server/data/deploy/conf/moa-id-oa/logback.xml b/id/server/data/deploy/conf/moa-id-oa/logback.xml
new file mode 100644
index 000000000..b94b7476a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id-oa/logback.xml
@@ -0,0 +1,30 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <appender name="DEMO_SP" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-demo-sp.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-demo-sp.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTrimoa-demo-spggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="at.gv.egovernment.moa.id.demoOA" level="info">
+ <appender-ref ref="DEMO_SP"/>
+ </logger>
+
+ <root level="warn">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>
diff --git a/id/server/data/deploy/conf/moa-id/log4j.properties b/id/server/data/deploy/conf/moa-id/log4j.properties
deleted file mode 100644
index 2914fcff1..000000000
--- a/id/server/data/deploy/conf/moa-id/log4j.properties
+++ /dev/null
@@ -1,62 +0,0 @@
-# commons-logging setup
-org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
-
-# define log4j root loggers
-log4j.rootLogger=warn,stdout
-
-### MOA-ID process log ###
-log4j.logger.at.gv.egiz.eaaf=info,moaid
-log4j.logger.at.gv.egovernment.moa.id=info,moaid
-log4j.logger.at.gv.egovernment.moa.spss=info,moaid
-
-### process revision log with event-codes ###
-log4j.logger.at.gv.egiz.eventlog.plain.all=info,reversion
-
-### Signature verification and certificate proofing ####
-log4j.logger.at.gv.egovernment.moa.spss=info,moaspss
-log4j.logger.iaik.server=info,moaspss
-log4j.logger.pki=info,moaspss
-
-### ConfigTool Logs ####
-log4j.logger.at.gv.egiz.components.configuration=info,CONFIGTOOL
-log4j.logger.at.gv.egovernment.moa.id.commons=info,CONFIGTOOL
-log4j.logger.at.gv.egovernment.moa.id.config.webgui=info,CONFIGTOOL
-log4j.logger.at.gv.egovernment.moa.id.configuration=info,CONFIGTOOL
-
-
-### Log Appender ####
-# configure the stdout appender
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n
-
-# configure the rolling file appender (moaid)
-log4j.appender.moaid=org.apache.log4j.RollingFileAppender
-log4j.appender.moaid.File=${catalina.base}/logs/moa-id.log
-log4j.appender.moaid.MaxFileSize=10000KB
-log4j.appender.moaid.MaxBackupIndex=1
-log4j.appender.moaid.layout=org.apache.log4j.PatternLayout
-log4j.appender.moaid.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
-
-# configure the rolling file appender (moaid)
-log4j.appender.moaspss=org.apache.log4j.RollingFileAppender
-log4j.appender.moaspss.File=${catalina.base}/logs/moa-spss.log
-log4j.appender.moaspss.MaxFileSize=10000KB
-log4j.appender.moaspss.MaxBackupIndex=1
-log4j.appender.moaspss.layout=org.apache.log4j.PatternLayout
-log4j.appender.moaspss.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n
-
-log4j.appender.reversion=org.apache.log4j.RollingFileAppender
-log4j.appender.reversion.File=${catalina.base}/moa-id-reversion.log
-log4j.appender.reversion.MaxFileSize=10000KB
-log4j.appender.reversion.MaxBackupIndex=9999
-log4j.appender.reversion.layout=org.apache.log4j.PatternLayout
-log4j.appender.reversion.layout.ConversionPattern=%5p | %d{ISO8601} | %t | %m%n
-
-# configure the rolling file appender (configtool)
-log4j.appender.CONFIGTOOL=org.apache.log4j.RollingFileAppender
-log4j.appender.CONFIGTOOL.File=${catalina.base}/logs/moa-id-webgui.log
-log4j.appender.CONFIGTOOL.MaxFileSize=10000KB
-log4j.appender.CONFIGTOOL.MaxBackupIndex=1
-log4j.appender.CONFIGTOOL.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONFIGTOOL.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/logback.xml b/id/server/data/deploy/conf/moa-id/logback.xml
new file mode 100644
index 000000000..3f0d54fe5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/logback.xml
@@ -0,0 +1,79 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ <appender name="moaid" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-id.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-id.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="moaspss" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/logs/moa-spss.log</File>
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>1</maxIndex>
+ <FileNamePattern>${catalina.base}/logs/moa-spss.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="reversion" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
+ <File>${catalina.base}/moa-id-reversion.log</File>
+ <encoder>
+ <pattern>%5p | %d{ISO8601} | %t | %m%n</pattern>
+ </encoder>
+ <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
+ <maxIndex>9999</maxIndex>
+ <FileNamePattern>${catalina.base}/moa-id-reversion.log.%i.gz</FileNamePattern>
+ </rollingPolicy>
+ <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
+ <MaxFileSize>10000KB</MaxFileSize>
+ </triggeringPolicy>
+ </appender>
+ <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+ <encoder>
+ <pattern>%5p | %d{dd HH:mm:ss,SSS} | %X{sessionId} | %X{transactionId} | %X{oaId} |%20.20c | %10t | %m%n</pattern>
+ </encoder>
+ </appender>
+
+ <logger name="at.gv.egovernment.moa.id" level="info">
+ <appender-ref ref="moaid"/>
+ </logger>
+
+ <logger name="at.gv.egiz.eventlog.plain.all" level="info">
+ <appender-ref ref="reversion"/>
+ </logger>
+
+ <logger name="at.gv.egiz.eaaf" level="info">
+ <appender-ref ref="moaid"/>
+ </logger>
+ <logger name="at.gv.egiz.components.configuration" level="info">
+ <appender-ref ref="CONFIGTOOL"/>
+ </logger>
+
+ <logger name="at.gv.egovernment.moa.spss" level="info">
+ <appender-ref ref="moaspss"/>
+ </logger>
+ <logger name="pki" level="info">
+ <appender-ref ref="moaspss"/>
+ </logger>
+ <logger name="iaik.server" level="info">
+ <appender-ref ref="moaspss"/>
+ </logger>
+
+ <root level="warn">
+ <appender-ref ref="stdout"/>
+ </root>
+</configuration>
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index 0a579a53d..03640b252 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -226,6 +226,14 @@ modules.elga_mandate.request.sign.password=password
modules.elga_mandate.response.encryption.alias=pvp_assertion
modules.elga_mandate.response.encryption.password=password
+######## EHVD Service module
+modules.ehvd.enabled=false
+#modules.ehvd.sp.1=
+#modules.ehvd.sp.2=
+modules.ehvd.service.url=
+modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$
+modules.ehvd.role.pvp=EPI-GDA()
+
######## SSO Interfederation client module ########
modules.federatedAuth.keystore.path=keys/moa_idp[password].p12
modules.federatedAuth.keystore.password=password
@@ -280,4 +288,4 @@ service.egovutil.szr.ssl.laxhostnameverification=false
## Additonal encryption keys can be added by add a ney configuration line, like
## configuration.foreignsectors.pubkey.BMI+T1=MIICuTCCAaG (VKZ='BMI', Public Target='T1')
########
-#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw... \ No newline at end of file
+#configuration.foreignsectors.pubkey.wbpk+FN+195755b=MIIF2TCCA8GgAw...
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt
index ee17cdb80..ee17cdb80 100644
--- a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20241209.SerNo165fb8.crt
diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
index d717ecd25..0ad50ff0e 100644
--- a/id/server/data/deploy/tomcat/unix/tomcat-start.sh
+++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
@@ -7,8 +7,7 @@ export CATALINA_BASE=$CATALINA_HOME
FILE_ENCODING=-Dfile.encoding=UTF-8
RAND_FILE=-Djava.security.egd=file:///dev/urandom
-LOGGING_OPT=-Dlog4j.configuration=file:$CATALINA_BASE/conf/moa-id/log4j.properties
-LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback_config.xml
+LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=$CATALINA_BASE/conf/moa-id/logback.xml
CONFIG_OPT=-Dmoa.id.configuration=file:$CATALINA_BASE/conf/moa-id/moa-id.properties
SPSS_OPT=-Dmoa.spss.server.configuration=$CATALINA_BASE/conf/moa-spss/SampleMOASPSSConfiguration.xml
diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat
index afdd907c8..93eb3ea80 100644
--- a/id/server/data/deploy/tomcat/win32/startTomcat.bat
+++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat
@@ -12,8 +12,7 @@ rem ----------------------------------------------------------------------------
set FILE_ENCODING=-Dfile.encoding=UTF-8
set RAND_FILE=-Djava.security.egd=file:///dev/urandom
-set LOGGING_OPT=-Dlog4j.configuration=file:%CATALINA_HOME%/conf/moa-id/log4j.properties
-set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/logback_config.xml
+set LOGGING_LOGBACK_OPT=-Dlogback.configurationFile=%CATALINA_HOME%/conf/moa-id/logback.xml
set CONFIG_OPT_SPSS=-Dmoa.spss.server.configuration=%CATALINA_HOME%/conf/moa-spss/SampleMOASPSSConfiguration.xml
set CONFIG_OPT_ID=-Dmoa.id.configuration=file:%CATALINA_HOME%/conf/moa-id/moa-id.properties
diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html
index f755fd782..1e55aed78 100644
--- a/id/server/doc/handbook/install/install.html
+++ b/id/server/doc/handbook/install/install.html
@@ -7,7 +7,7 @@
<link rel="stylesheet" href="../common/MOA.css" type="text/css">
<link href='https://fonts.googleapis.com/css?family=Roboto:300,400' rel='stylesheet' type='text/css'>
</head>
-<body link="#990000">
+<body link="#990000">
<div id="headline">
<div class="container">
<a href="http://www.digitales.oesterreich.gv.at/"><img src="../common/logo_digAT.png"/></a>
@@ -16,65 +16,65 @@
</div>
</div>
<div class="container">
-<h1 align="center">Installation</h1>
+<h1 align="center">Installation</h1>
<h2>Inhalt</h2>
- <ol class="index">
- <li>
- <p><a href="#webservice">MOA-ID-Auth und MOA-ID-Configuration</a></p>
- <ol>
- <li><a href="#webservice_basisinstallation">Basisinstallation</a>
- <ol>
- <li><a href="#webservice_basisinstallation_einfuehrung">Einf&uuml;hrung</a></li>
- <li><a href="#webservice_basisinstallation_installation">Installation</a>
- <ol>
- <li><a href="#webservice_basisinstallation_installation_vorbereitung">Vorbereitung</a></li>
- <li><a href="#webservice_basisinstallation_installation_tomcatconfig">Konfiguration von Apache Tomcat</a>
- <ol>
- <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpconn">Konfiguration des HTTP Connectors</a></li>
- <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpsconn">Konfiguration des HTTPS Connectors</a></li>
- </ol>
- </li>
+ <ol class="index">
+ <li>
+ <p><a href="#webservice">MOA-ID-Auth und MOA-ID-Configuration</a></p>
+ <ol>
+ <li><a href="#webservice_basisinstallation">Basisinstallation</a>
+ <ol>
+ <li><a href="#webservice_basisinstallation_einfuehrung">Einf&uuml;hrung</a></li>
+ <li><a href="#webservice_basisinstallation_installation">Installation</a>
+ <ol>
+ <li><a href="#webservice_basisinstallation_installation_vorbereitung">Vorbereitung</a></li>
+ <li><a href="#webservice_basisinstallation_installation_tomcatconfig">Konfiguration von Apache Tomcat</a>
+ <ol>
+ <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpconn">Konfiguration des HTTP Connectors</a></li>
+ <li><a href="#webservice_basisinstallation_installation_tomcatconfig_httpsconn">Konfiguration des HTTPS Connectors</a></li>
+ </ol>
+ </li>
<li><a href="#webservice_basisinstallation_installation_spssdeploy">Einsatz des Moduls MOA-ID-Auth in Tomcat</a></li>
- <li><a href="#moa_id_configuration_deploy">Einsatz des Moduls MOA-ID-Configuration in Tomcat</a></li>
- <li><a href="#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a>
- <ol>
- <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_windows">Unter Windows</a></li>
- <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_unix">Unter Unix</a></li>
- <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_verify">Pr&uuml;fen des erfolgreichen Starts</a> </li>
- </ol>
- </li>
- <li><a href="#webservice_basisinstallation_installation_changeonthefly">&Auml;nderung der Konfiguration im laufenden Betrieb</a></li>
- </ol>
- </li>
- <li><a href="#webservice_basisinstallation_logging">Logging</a>
- <ol>
- <li><a href="#webservice_basisinstallation_logging_format">Format der Log-Meldungen</a></li>
- <li><a href="#webservice_basisinstallation_logging_messages">Wichtige Log-Meldungen</a></li>
- </ol>
- </li>
- </ol>
- </li>
- <li><a href="#webservice_erweiterungsmoeglichkeiten">Erweiterungsm&ouml;glichkeiten</a> <ol>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver">Vorgeschalteter Webserver</a> <ol>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis">Microsoft Internet Information Server (MS IIS)</a> <ol>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_jk">Konfiguration von <span class="term"> mod_jk</span> im MS IIS</a></li>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_tomcat">Konfiguration von Tomcat</a></li>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_ssl">Konfiguration von SSL</a></li>
- </ol>
- </li>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache">Apache</a> <ol>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_jk">Konfiguration von <span class="term"> mod_jk</span> im Apache </a></li>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_tomcat">Konfiguration von Tomcat</a></li>
- <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_ssl">Konfiguration von SSL mit <span class="term">mod_SSL</span></a></li>
- </ol>
- </li>
+ <li><a href="#moa_id_configuration_deploy">Einsatz des Moduls MOA-ID-Configuration in Tomcat</a></li>
+ <li><a href="#webservice_basisinstallation_installation_tomcatstartstop">Starten und Stoppen von Tomcat</a>
+ <ol>
+ <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_windows">Unter Windows</a></li>
+ <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_unix">Unter Unix</a></li>
+ <li><a href="#webservice_basisinstallation_installation_tomcatstartstop_verify">Pr&uuml;fen des erfolgreichen Starts</a> </li>
+ </ol>
+ </li>
+ <li><a href="#webservice_basisinstallation_installation_changeonthefly">&Auml;nderung der Konfiguration im laufenden Betrieb</a></li>
+ </ol>
+ </li>
+ <li><a href="#webservice_basisinstallation_logging">Logging</a>
+ <ol>
+ <li><a href="#webservice_basisinstallation_logging_format">Format der Log-Meldungen</a></li>
+ <li><a href="#webservice_basisinstallation_logging_messages">Wichtige Log-Meldungen</a></li>
+ </ol>
+ </li>
+ </ol>
+ </li>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten">Erweiterungsm&ouml;glichkeiten</a> <ol>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver">Vorgeschalteter Webserver</a> <ol>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis">Microsoft Internet Information Server (MS IIS)</a> <ol>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_jk">Konfiguration von <span class="term"> mod_jk</span> im MS IIS</a></li>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_tomcat">Konfiguration von Tomcat</a></li>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_iis_ssl">Konfiguration von SSL</a></li>
+ </ol>
+ </li>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache">Apache</a> <ol>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_jk">Konfiguration von <span class="term"> mod_jk</span> im Apache </a></li>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_tomcat">Konfiguration von Tomcat</a></li>
+ <li><a href="#webservice_erweiterungsmoeglichkeiten_webserver_apache_ssl">Konfiguration von SSL mit <span class="term">mod_SSL</span></a></li>
+ </ol>
+ </li>
</ol>
</li>
</ol>
</li>
- </ol>
+ </ol>
</ol>
- <ol type="A" class="index">
+ <ol type="A" class="index">
<li><a href="#referenzierte_software">Referenzierte Software</a></li>
</ol>
<h2><a name="uebersicht" id="uebersicht"></a>1 &Uuml;bersicht</h2>
@@ -95,7 +95,7 @@
<li><a href="#referenziertesoftware">Java SE Update SE 7 (neuestes Update) bzw. Java SE 8 (neuestes Update)</a><a href="#referenziertesoftware"></a></li>
<li><a href="#referenziertesoftware">Apache Tomcat 7 (neuestes Update) bzw. Apache Tomcat 8</a><a href="#referenziertesoftware"> (neuestes Update)</a></li>
</ul>
- <p>In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module k&ouml;nnen sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. F&uuml;r den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgef&uuml;hrt werden. In beiden F&auml;llen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration Log4j als Logging Toolkit verwenden.</p>
+ <p>In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module k&ouml;nnen sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. F&uuml;r den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgef&uuml;hrt werden. In beiden F&auml;llen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration LogBack als Logging Toolkit verwenden.</p>
<h4><a name="webservice_basisinstallation_installation" id="webservice_basisinstallation_installation"></a>2.1.2 Installation</h4>
<h5><a name="webservice_basisinstallation_installation_vorbereitung" id="webservice_basisinstallation_installation_vorbereitung"></a>2.1.2.1 Vorbereitung</h5>
<p>Die folgenden Schritte dienen der Vorbereitung der Installation.</p>
@@ -108,9 +108,9 @@
<dd> Entpacken Sie die Datei <code>moa-id-auth-3.0.0.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_ID_AUTH_INST</code> bezeichnet. </dd>
<dt>Installation der Kryptographiebibliotheken von SIC/IAIK</dt>
<dd>
- <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zus&auml;tzlich m&uuml;ssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength
-
-
+ <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zus&auml;tzlich m&uuml;ssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength
+
+
Jurisdiction Policy Files</span> von der <a href="http://java.com/download" target="_blank">Java SE Downloadseite </a>und achten Sie darauf die f&uuml;r ihre verwendete Java SE Installation richtige Version zu nehmen. Anschlie&szlig;end folgen Sie der darin enthaltenen Installationsanweisung. </p>
</dd>
<dt>Installation einer Datenbank</dt>
@@ -142,8 +142,7 @@
<li id="klein"><code>moa.id.configuration</code>: Pfad und Name der Basiskonfigurationsdatei f&uuml;r MOA-ID-Auth. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../deploy/conf/moa-id/moa-id.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li>
<li><code>moa.spss.server.configuration</code>: Pfad und Name der zentralen Konfigurationsdatei f&uuml;r MOA SP/SS. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-spss/SampleMOASPSSConfiguration.xml">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/conf</code> enthaltene Default-Konfiguration herangezogen.</li>
<li><code>eu.stork.samlengine.config.location</code>: Pfad auf den Ordner mit den zentralen Konfigurationsdateien f&uuml;r STORK. Die Beispielkonfiguration f&uuml;r das Modul MOA-ID-Auth enth&auml;lt bereits den<a href="../../../conf/moa-id/stork/"> Ordner f&uuml;r die STORK Konfiguration</a>. </li>
- <li id="klein"><code>log4j.configuration</code>: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie <a href="../../../conf/moa-id/log4j.properties">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen.</li>
- <li><code>-Dlogback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback_config.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. &Uuml;berdies besteht die M&ouml;glichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu &uuml;berf&uuml;hren (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>). </li>
+ <li><code>-Dlogback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. &Uuml;berdies besteht die M&ouml;glichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu &uuml;berf&uuml;hren (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>). </li>
<li id="klein"><code>javax.net.ssl.trustStore</code>: Pfad und Dateiname des <span class="term">Truststores</span> f&uuml;r vertrauensw&uuml;rdige SSL Zertifikate. Die SSL Serverzertifikate der Server von denen mittels https Dateien bezogen werden m&uuml;ssen im Truststore abgelegt werden. Ein relativer Pfad werden relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li>
<li id="klein"><code>javax.net.ssl.trustStorePassword</code>: Passwort f&uuml;r den <span class="term">Truststore</span> (optional; nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt werden soll). </li>
<li id="klein"><code>javax.net.ssl.trustStoreType</code>: Truststore-Typ (optional; nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt werden soll). Je nach verwendetem Keystore-Typ muss <code>jks</code> (<span class="term">Java Key Store</span>) oder <code>pkcs12</code> (PKCS#12-Datei) angegeben werden.</li>
@@ -162,8 +161,7 @@
<ul>
<li><code>moa.id.webconfig</code>: Pfad und Name der Basiskonfigurationsdatei f&uuml;r MOA-ID-Configuration. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-id-configuration/moa-id-configtool.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li>
<li><code>user.properties</code>: Pfad und Name der Basiskonfigurationsdatei f&uuml;r das Usermanagement der Konfigurationsoberfl&auml;che. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-id-configuration/userdatabase.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li>
- <li><code>log4j.configuration</code>: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie <a href="../../../conf/moa-id/log4j.properties">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen.</li>
- <li><code>logback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback_config.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. &Uuml;berdies besteht die M&ouml;glichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu &uuml;berf&uuml;hren (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>).</li>
+ <li><code>logback.configurationFile</code>: URL der LogBack Konfigurationsdatei. Eine beispielhafte LobBack-Konfiguration finden Sie <a href="../../../conf/moa-id/logback.xml">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen. &Uuml;berdies besteht die M&ouml;glichkeit eine bestehende Log44 Konfigurationsdatei in der LogBack Format zu &uuml;berf&uuml;hren (<a href="http://logback.qos.ch/translator/">http://logback.qos.ch/translator/</a>).</li>
<li><code>javax.net.ssl.trustStore</code>: Pfad und Dateiname des <span class="term">Truststores</span> f&uuml;r vertrauensw&uuml;rdige SSL Zertifikate Die SSL Serverzertifikate der Server von denen mittels https Dateien bezogen werden m&uuml;ssen im Truststore abgelegt werden. Ein relativer Pfad werden relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li>
<li><code>javax.net.ssl.trustStorePassword</code>: Passwort f&uuml;r den <span class="term">Truststore</span> (optional; nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt werden soll). </li>
<li><code>javax.net.ssl.trustStoreType</code>: Truststore-Typ (optional; nur, wenn SSL Client-Authentisierung durchgef&uuml;hrt werden soll). Je nach verwendetem Keystore-Typ muss <code>jks</code> (<span class="term">Java Key Store</span>) oder <code>pkcs12</code> (PKCS#12-Datei) angegeben werden.</li>
@@ -187,7 +185,7 @@ gestartet werden. Das Stoppen von Tomcat erfolgt analog mit
<p>Ein erfolgreicher Start des MOA-ID-Auth Modules ist an folgender Log-Meldung ersichtlich: <br>
</p>
</div>
-<pre>32131 [localhost-startStop-1] INFO moa.id.auth - MOA ID Authentisierung wurde erfolgreich gestartet
+<pre>32131 [localhost-startStop-1] INFO moa.id.auth - MOA ID Authentisierung wurde erfolgreich gestartet
32131 [localhost-startStop-1] INFO moa.id.auth - Dispatcher Servlet initialization finished.</pre>
<p>Analog bei MOA-ID-Configuration</p>
<pre>INFO | 21 10:16:22 | localhost-startStop-1 | Loading config module: MOAIDConfigurationModul</pre>
@@ -203,7 +201,7 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/
https://&lt;host&gt;:&lt;port&gt;/egiz-configuration-webapp/</pre>
<p>Die Verf&uuml;gbarkeit des Services k&ouml;nnen Sie einfach &uuml;berpr&uuml;fen, indem Sie die Endpunkte mit einem Web-Browser aufgerufen; dies sollte nach erfolgreichem Start zur Anzeige einer Informationsseite f&uuml;hren. </p>
<h5><a name="webservice_basisinstallation_logging" id="webservice_basisinstallation_logging"></a>2.1.3 Logging </h5>
-<p>Beide Module verwenden <a href="#referenziertesoftware">Log4j</a> f&uuml;r die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. Log4j bietet zahlreiche Konfigurationsm&ouml;glichkeiten, die ausf&uuml;hrlich im Log4j Handbuch beschrieben sind. Unter anderem gibt es die M&ouml;glichkeit, folgende Einstellungen vorzunehmen:
+<p>Beide Module verwenden <a href="#referenziertesoftware">LobBack</a> f&uuml;r die Ausgabe von Log-Meldungen am Bildschirm bzw. in Log-Dateien. LogBack bietet zahlreiche Konfigurationsm&ouml;glichkeiten, die ausf&uuml;hrlich im LogBack Handbuch beschrieben sind. Unter anderem gibt es die M&ouml;glichkeit, folgende Einstellungen vorzunehmen:
<ul>
<li id="klein">
<p>Das verwendete Log-Level (<code>DEBUG</code>, <code>INFO</code>, <code>WARN</code>, <code>ERROR</code>, <code>FATAL</code>);</p>
@@ -229,16 +227,16 @@ https://&lt;host&gt;:&lt;port&gt;/egiz-configuration-webapp/</pre>
</li>
<li>
<p><code>at.gv.egiz.eventlog.plain.all</code> f&uuml;r alle Log-Meldungen aus dem MOA-ID EventLog zur Revisionssicherung</p>
- </li>
+ </li>
<li>
<p><code>iaik.server</code> f&uuml;r alle Log-Meldungen aus den SIC/IAIK Kryptographie-Modulen. </p>
</li>
</ul>
-<p>Eine f&uuml;r beide Module passende Konfigurationsdatei f&uuml;r Log4j finden Sie <a href="../../../conf/moa-spss/log4j.properties">hier</a>. Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Dateien <code>moa-id-auth.log</code> und <code>moa-id-configuration.log</code> geschrieben. </p>
+<p>Wird diese Datei als Logging-Konfiguration verwendet, so werden alle Log-Meldungen sowohl in die Konsole, als auch in die Dateien <code>moa-id-auth.log</code> und <code>moa-id-configuration.log</code> geschrieben. </p>
<h5><a name="webservice_basisinstallation_logging_format" id="webservice_basisinstallation_logging_format"></a>2.1.3.1 Format der Log-Meldungen</h5>
- <p> Anhand einer konkreten Log-Meldung wird das Format der MOA SP/SS Log-Meldungen erl&auml;utert: </p>
+ <p> Anhand einer konkreten Log-Meldung wird das Format der MOA-ID-Meldungen erl&auml;utert: </p>
<pre>
- INFO | 2017-09-18 10:29:22,904 | SID-7947921060553739539 | TID-4708232418268334030 | https://sso.demosp.at/handysignatur
+ INFO | 2017-09-18 10:29:22,904 | SID-7947921060553739539 | TID-4708232418268334030 | https://sso.demosp.at/handysignatur
| ajp-nio-28109-exec-7 | No SSO Session cookie found
</pre>
<p> Der Wert <code>INFO</code> besagt, dass die Log-Meldung im Log-Level <code>INFO</code> entstanden ist. Folgende Log-Levels existieren:</p>
@@ -260,19 +258,19 @@ https://&lt;host&gt;:&lt;port&gt;/egiz-configuration-webapp/</pre>
</li>
</ul>
<p>Der n&auml;chste Wert <code>01 21:25:26,540</code> gibt den Zeitpunkt an, zu dem die Log-Meldung generiert wurde (in diesem Fall den 1. Tag im aktuellen Monat, sowie die genaue Uhrzeit). </p>
- <p>Der Wert <code>SID-7947921060553739539</code> bezeichnet die SessionID, welche diesem Request zugeordnet wurde. Eine SessionID ist innerhalb einer SSO auch &uuml;ber mehrere Authentifizierungsrequests eindeutig. Das Loggen der SessionID kann mittels <code>%X{sessionId}</code> in der log4j Konfiguration gesetzt werden</p>
- <p>Der Wert <code>TID-4708232418268334030</code> bezeichnet die TransactionsID, welche diesem Request zugeordnet wurde. Eine TransactionsID ist innerhalb eines Authentifizierungsrequests eindeutig. Das Loggen der TransactionsID kann mittels <code>%X{transactionId}</code> in der log4j Konfiguration gesetzt werden</p>
- <p>Der Wert <code>https://sso.demosp.at/handysignatur</code> bezeichnet die Online Applikation (eindeutiger Identifier dieses Service Providers) f&uuml;r welchen dieser Authentifizierungsrequest durchgef&uuml;hrt wird. Das Loggen des OA Identifiers kann mittels <code>%X{oaId}</code> in der log4j Konfiguration gesetzt werden</p>
+ <p>Der Wert <code>SID-7947921060553739539</code> bezeichnet die SessionID, welche diesem Request zugeordnet wurde. Eine SessionID ist innerhalb einer SSO auch &uuml;ber mehrere Authentifizierungsrequests eindeutig. Das Loggen der SessionID kann mittels <code>%X{sessionId}</code> in der LogBack Konfiguration gesetzt werden</p>
+ <p>Der Wert <code>TID-4708232418268334030</code> bezeichnet die TransactionsID, welche diesem Request zugeordnet wurde. Eine TransactionsID ist innerhalb eines Authentifizierungsrequests eindeutig. Das Loggen der TransactionsID kann mittels <code>%X{transactionId}</code> in der LogBack Konfiguration gesetzt werden</p>
+ <p>Der Wert <code>https://sso.demosp.at/handysignatur</code> bezeichnet die Online Applikation (eindeutiger Identifier dieses Service Providers) f&uuml;r welchen dieser Authentifizierungsrequest durchgef&uuml;hrt wird. Das Loggen des OA Identifiers kann mittels <code>%X{oaId}</code> in der LogBack Konfiguration gesetzt werden</p>
<p>Der Wert <code>ajp-nio-28109-exec-7</code> bezeichnet den Thread, von dem die Anfrage bearbeitet wird.</p>
<p> Der Rest der Zeile einer Log-Meldung ist der eigentliche Text, mit dem das System bestimmte Informationen anzeigt. Im Fehlerfall ist h&auml;ufig ein Java Stack-Trace angef&uuml;gt, der eine genauere Ursachen-Forschung erm&ouml;glicht.</p>
<h5> <a name="webservice_basisinstallation_logging_messages" id="webservice_basisinstallation_logging_messages"></a>2.1.3.2 Wichtige Log-Meldungen</h5>
<p> Neben den im Abschnitt <a href="#webservice_basisinstallation_installation_tomcatstartstop_verify">2.1.2.4.3</a> beschriebenen Log-Meldungen, die anzeigen, ob das Service ordnungsgem&auml;&szlig; gestartet wurde, geben nachfolgenden Log-Meldungen Aufschluss &uuml;ber die Abarbeitung von Anfragen. </p>
<p>Die Entgegennahme einer Anfrage wird angezeigt durch:
-
+
</p>
<pre>125690 [ajp-bio-129.27.142.119-38609-exec-1] INFO moa.id.auth - REQUEST: /moa-id-auth/dispatcher
125690 [ajp-bio-129.27.142.119-38609-exec-1] INFO moa.id.auth - QUERY : mod=id_pvp2x&amp;action=Post&amp;</pre>
-<p>Ein Fehler beim Abarbeiten der Anfrage wird angezeigt durch:
+<p>Ein Fehler beim Abarbeiten der Anfrage wird angezeigt durch:
<pre>2435298 [ajp-bio-129.27.142.119-38609-exec-10] ERROR moa.id.auth - Failed to generate a valid protocol request!</pre>
<div id="block">
<p>In diesem Fall gibt der mitgeloggte Stacktrace Auskunft &uuml;ber die Art des Fehlers.</p>
@@ -319,7 +317,7 @@ https://&lt;host&gt;:&lt;port&gt;/egiz-configuration-webapp/</pre>
<td>Java Standard Edition (Software Development Kit bzw. Java Runtime Environment) </td>
</tr>
<tr>
- <td><a href="http://logging.apache.org/log4j/1.2/" target="_blank"> Log4J </a></td>
+ <td><a href="http://logback.qos.ch/" target="_blank"> LogBack </a></td>
<td>Logging Framework </td>
</tr>
</table>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index 28d0b3f68..995d15476 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server</groupId>
@@ -228,6 +228,10 @@
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-beanutils</groupId>
+ <artifactId>commons-beanutils</artifactId>
+ </dependency>
<!-- <dependency>
<groupId>MOA</groupId>
@@ -287,6 +291,10 @@
<artifactId>bcprov-jdk15on</artifactId>
<groupId>org.bouncycastle</groupId>
</exclusion>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
</exclusions>
</dependency>
<dependency>
@@ -321,7 +329,17 @@
<type>test-jar</type>
<classifier>tests</classifier>
<version>1.0.0</version>
- <scope>test</scope>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ <exclusion>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<!-- <dependency>
<groupId>org.opensaml</groupId>
@@ -495,13 +513,13 @@
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-pool2</artifactId>
- <version>2.9.0</version>
+ <version>2.11.1</version>
</dependency>
<dependency>
<groupId>redis.clients</groupId>
<artifactId>jedis</artifactId>
<!-- version>3.0.1</version -->
- <version>3.3.0</version>
+ <version>3.7.1</version>
</dependency>
<!-- <dependency>
@@ -694,8 +712,8 @@
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index b0f452861..baf4349e8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -77,10 +77,10 @@ public class MOAIDAuthInitializer {
System.setProperty(
"https.cipherSuites",
//high secure RSA bases ciphers
- ",TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
- ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
- ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
//high secure ECC bases ciphers
",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
index 8fdf1eab8..1bf240589 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -33,7 +33,6 @@ import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.GCMParameterSpec;
-import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
@@ -114,27 +113,18 @@ public abstract class AbstractEncrytionUtil {
}
}
- public EncryptedData encrypt(byte[] data) throws BuildException {
- Cipher cipher;
-
+ public EncryptedData encrypt(byte[] data) throws BuildException {
if (secret != null) {
- try {
- final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
-
-// final byte[] nonce = new byte[GCM_NONCE_LENGTH];
-// SecureRandom.getInstanceStrong().nextBytes(nonce);
-
- GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
-
- Logger.debug("Encrypt MOASession");
-
- byte[] encdata = cipher.doFinal(data);
- byte[] iv = cipher.getIV();
-
- return new EncryptedData(encdata, iv);
+ try {
+ final byte[] nonce = Random.nextBytes(GCM_NONCE_LENGTH);
+ final GCMParameterSpec spec = new GCMParameterSpec(GCM_TAG_LENGTH * 8, nonce);
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ cipher.init(Cipher.ENCRYPT_MODE, secret, spec);
+
+ final byte[] encdata = cipher.doFinal(data);
+ final byte[] iv = cipher.getIV();
+ Logger.trace("Encrypt MOASession");
+ return new EncryptedData(encdata, iv);
} catch (Exception e) {
Logger.warn("MOASession is not encrypted",e);
@@ -145,17 +135,14 @@ public abstract class AbstractEncrytionUtil {
}
public byte[] decrypt(EncryptedData data) throws BuildException {
- Cipher cipher;
if (secret != null) {
- try {
- IvParameterSpec iv = new IvParameterSpec(data.getIv());
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-
- Logger.debug("Decrypt MOASession");
- return cipher.doFinal(data.getEncData());
+ try {
+ final Cipher cipher = Cipher.getInstance(CIPHER_MODE);
+ final GCMParameterSpec iv = new GCMParameterSpec(GCM_TAG_LENGTH * 8, data.getIv());
+ cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+ Logger.trace("Decrypt MOASession");
+ return cipher.doFinal(data.getEncData());
} catch (Exception e) {
Logger.warn("MOASession is not decrypted",e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index 498f8408b..d4a6ee786 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -32,14 +32,15 @@ public class SessionEncrytionUtil extends AbstractEncrytionUtil {
private static String key = null;
public static SessionEncrytionUtil getInstance() {
- if (instance == null) {
+ if (instance == null) {
try {
key = AuthConfigurationProviderFactory.getInstance().getMOASessionEncryptionKey();
- instance = new SessionEncrytionUtil();
+ instance = new SessionEncrytionUtil();
} catch (Exception e) {
Logger.warn("MOASession encryption can not be inizialized.", e);
-
+ throw new RuntimeException("MOASession encryption can not be inizialized.", e);
+
}
}
return instance;
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
index 645cb601f..a3a717072 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java
@@ -1,9 +1,12 @@
package at.gv.egovernment.moa.id.config.auth.data;
+import static org.junit.Assert.assertEquals;
+
import java.io.ByteArrayInputStream;
import java.util.Arrays;
import java.util.List;
+import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
@@ -13,6 +16,8 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
import at.gv.egovernment.moa.id.data.IMOAAuthData;
@@ -153,6 +158,33 @@ public class AuthenticationDataBuilderTest {
}
+ @Test
+ public void genericDataTransfer() throws Exception {
+ TestRequestImpl pendingReq = new TestRequestImpl();
+ DummyOAConfig oaParam = new DummyOAConfig();
+ oaParam.setHasBaseIdTransferRestriction(false);
+ oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH");
+ oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a"));
+ pendingReq.setSpConfig(oaParam);
+
+ final AuthenticationSessionWrapper session = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+ session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
+
+ // set random data to transfer
+ String key = RandomStringUtils.randomAlphabetic(5);
+ String value = RandomStringUtils.randomAlphabetic(5);
+ session.setGenericDataToSession(key, value);
+
+
+ // execute test
+ IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
+
+
+ assertEquals("generic data-transfer failed", value, authData.getGenericData(key, String.class));
+
+ }
+
@Test
public void buildAuthDataWithIDLOnly_1() throws Exception {
@@ -166,7 +198,7 @@ public class AuthenticationDataBuilderTest {
IAuthenticationSession session = new DummyAuthSession();
session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL_1, false))).parseIdentityLink());
pendingReq.setRawDataToTransaction(session.getKeyValueRepresentationFromAuthSession());
-
+
IMOAAuthData authData = (IMOAAuthData) authBuilder.buildAuthenticationData(pendingReq);
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 545a9d953..1cb2db257 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -6,7 +6,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-commons</artifactId>
<name>moa-id-commons</name>
@@ -167,7 +167,6 @@
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
- <version>${jodatime.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
@@ -182,14 +181,13 @@
<artifactId>jul-to-slf4j</artifactId>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-1.2-api</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.logging.log4j</groupId>
+ <artifactId>log4j-to-slf4j</artifactId>
</dependency>
- <!-- <dependency> <groupId>log4j</groupId> <artifactId>log4j</artifactId>
- </dependency> -->
- <!-- <dependency> <groupId>org.apache.logging.log4j</groupId> <artifactId>log4j-core</artifactId>
- </dependency> -->
-
<dependency>
<groupId>org.hibernate</groupId>
@@ -347,8 +345,8 @@
<artifactId>maven-compiler-plugin</artifactId>
<version>3.6.1</version>
<configuration>
- <source>1.7</source>
- <target>1.7</target>
+ <source>1.8</source>
+ <target>1.8</target>
<encoding>UTF-8</encoding>
</configuration>
</plugin>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
index dd606ea18..4da6888a9 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java
@@ -156,8 +156,8 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
certList.add(cert);
} catch (Exception e) {
- Logger.error("Can NOT initialize SSLTrustManager. Certificate: " + certFile.getPath()
- + " is not loadable, Reason: " + e.getMessage());
+ Logger.warn("Can NOT import Certificate: " + certFile.getPath()
+ + " into SSLTrustManager. Reason: " + e.getMessage());
if (Logger.isDebugEnabled()) {
try {
@@ -171,13 +171,13 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
}
}
- throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e);
+ //throw new SSLConfigurationException("config.28", new Object[]{certFile.getPath(), e.getMessage()}, e);
} finally {
if (fis != null)
fis.close();
- }
+ }
}
// store acceptedServerCertificates
diff --git a/id/server/moa-id-frontend-resources/pom.xml b/id/server/moa-id-frontend-resources/pom.xml
index 85857cd59..b0dac8718 100644
--- a/id/server/moa-id-frontend-resources/pom.xml
+++ b/id/server/moa-id-frontend-resources/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server</groupId>
diff --git a/id/server/moa-id-jaxb_classes/pom.xml b/id/server/moa-id-jaxb_classes/pom.xml
index 427bab738..293ff0b77 100644
--- a/id/server/moa-id-jaxb_classes/pom.xml
+++ b/id/server/moa-id-jaxb_classes/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-jaxb_classes</artifactId>
diff --git a/id/server/moa-id-spring-initializer/pom.xml b/id/server/moa-id-spring-initializer/pom.xml
index e4441dc95..fb638a2c6 100644
--- a/id/server/moa-id-spring-initializer/pom.xml
+++ b/id/server/moa-id-spring-initializer/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server</groupId>
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
index b1dd44779..b5d99d53d 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-modul-citizencard_authentication</artifactId>
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
index b826597e9..8ae8c9a63 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-AT_eIDAS_connector</artifactId>
<name>moa-id-module-AT_eIDAS_connector</name>
diff --git a/id/server/modules/moa-id-module-E-ID_connector/pom.xml b/id/server/modules/moa-id-module-E-ID_connector/pom.xml
index 9764a8ee6..ac08879d3 100644
--- a/id/server/modules/moa-id-module-E-ID_connector/pom.xml
+++ b/id/server/modules/moa-id-module-E-ID_connector/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-EID_connector</artifactId>
<name>moa-id-module-E-ID_connector</name>
@@ -50,7 +50,13 @@
<dependency>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_module_pvp2_core</artifactId>
- </dependency>
+ <exclusions>
+ <exclusion>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>at.gv.egiz.eaaf</groupId>
<artifactId>eaaf_module_pvp2_sp</artifactId>
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml
index e3cc3cb52..a190c861a 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId>
<description>BKA MobileAuth Test for SAML2 applications</description>
@@ -12,12 +12,12 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
- <version>1.52</version>
+ <version>1.70</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
- <version>1.52</version>
+ <version>1.70</version>
</dependency>
<!-- JSON JWT implementation -->
diff --git a/id/server/modules/moa-id-module-dummyAuth/pom.xml b/id/server/modules/moa-id-module-dummyAuth/pom.xml
new file mode 100644
index 000000000..7b7e2d77e
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/pom.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modules</artifactId>
+ <version>4.2.0</version>
+ </parent>
+ <artifactId>moa-id-module-dummy-authenticatiuon</artifactId>
+ <version>${moa-id-dummy-auth.version}</version>
+ <description>Module for dummy authentication in MOA-ID</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_core_utils</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf-core</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ </dependencies>
+
+
+
+</project>
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java
new file mode 100644
index 000000000..b42e5b0f7
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/ConfigurationProperties.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy;
+
+import java.util.Collection;
+import java.util.Set;
+
+import com.google.common.collect.Sets;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+
+public class ConfigurationProperties {
+
+ // configuration properties
+ private static final String MODULE_PREFIX = "modules.dummyauth.";
+
+ public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled";
+ public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp";
+ public static final String PROP_MODULE_IDENTITY_STORE_PATH = MODULE_PREFIX + "identity.store.path";
+
+ // http parameter
+ public static final String HTTP_PARAM_START_DUMMY_AUTH = "dummyauth";
+
+ // configuration filetype
+ public static final String ALLOWED_FILE_TYPE = "json";
+
+
+ //minimum required attributes
+ public static final Collection<String> MINIMUM_REQ_ATTRIBUTES = Sets.newHashSet(
+ PVPAttributeDefinitions.BIRTHDATE_NAME,
+ PVPAttributeDefinitions.GIVEN_NAME_NAME,
+ PVPAttributeDefinitions.PRINCIPAL_NAME_NAME,
+ PVPAttributeDefinitions.BPK_NAME);
+
+ private ConfigurationProperties() {
+ // hide constructor or static class
+ }
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java
new file mode 100644
index 000000000..e2f550736
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthModule.java
@@ -0,0 +1,152 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy;
+
+import java.io.Serializable;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.stream.Collectors;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DummyIdentityAuthModule implements AuthModule {
+
+ private int priority = 2;
+
+ @Autowired(required = true)
+ protected IConfigurationWithSP authConfig;
+ @Autowired(required = true)
+ private IAuthenticationManager authManager;
+
+ private Collection<String> uniqueIDsDummyAuthEnabled;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+ */
+ @Override
+ public int getPriority() {
+ return priority;
+ }
+
+ /**
+ * Sets the priority of this module. Default value is {@code 0}.
+ *
+ * @param priority The priority.
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+ }
+
+ @PostConstruct
+ private void initialDummyAuthWhiteList() {
+ if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ Logger.info("AuthModule for 'dummy-identities' is enabled");
+
+ // load allowed service-provider Id's
+ uniqueIDsDummyAuthEnabled = authConfig.getBasicConfigurationWithPrefix(
+ ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream()
+ .filter(el -> StringUtils.isNotEmpty(el))
+ .collect(Collectors.toSet());
+
+ if (!uniqueIDsDummyAuthEnabled.isEmpty()) {
+ Logger.info("Dummy authentication is enabled for ....");
+ uniqueIDsDummyAuthEnabled.forEach(el -> Logger.info(" EntityID: " + el));
+
+ }
+
+ // TODO: do we need a selection parameter from external
+ authManager.addParameterNameToWhiteList(ConfigurationProperties.HTTP_PARAM_START_DUMMY_AUTH);
+
+ } else {
+ uniqueIDsDummyAuthEnabled = Collections.emptySet();
+ Logger.info("AuthModule for 'dummy-identities' is disabled");
+
+ }
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.
+ * egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+
+ if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
+ Logger.trace("Check dummy-auth for SP: " + spEntityID);
+ if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) {
+ final Serializable flagObj = context.get(ConfigurationProperties.HTTP_PARAM_START_DUMMY_AUTH);
+ if (flagObj instanceof String && Boolean.valueOf((String) flagObj)) {
+ Logger.info("Starting Dummy-Identity authentication for SP: " + spEntityID);
+ return "dummyIdentityAuthentication";
+
+ } else {
+ Logger.debug("Dummy-Identity authentication flag not 'true'. Skip it ... ");
+
+ }
+
+ } else {
+ Logger.debug("Unique SP-Id: " + spEntityID
+ + " is not in whitelist for Dummy-Identity authentication.");
+
+ }
+
+ } else {
+ Logger.trace("Dummy-Identity authentication is disabled");
+
+ }
+
+ return null;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:/dummy_identity_auth.process.xml" };
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java
new file mode 100644
index 000000000..d8218b7f1
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/DummyIdentityAuthSpringResourceProvider.java
@@ -0,0 +1,62 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DummyIdentityAuthSpringResourceProvider implements SpringResourceProvider {
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+ */
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource authConfig = new ClassPathResource("/moaid_dummy_identity_auth.beans.xml", DummyIdentityAuthSpringResourceProvider.class);
+ return new Resource[] {authConfig};
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+ */
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+ */
+ @Override
+ public String getName() {
+ return "Module for 'Dummy Authentication'";
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java
new file mode 100644
index 000000000..9bb961e47
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/service/DummyIdentityService.java
@@ -0,0 +1,182 @@
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.service;
+
+import java.io.IOException;
+import java.nio.file.FileVisitOption;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.io.FilenameUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import com.fasterxml.jackson.annotation.JsonAutoDetect.Visibility;
+import com.fasterxml.jackson.annotation.PropertyAccessor;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.ConfigurationProperties;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Service that holdes and selects dummy-identities for dummy-authentication.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyIdentityService {
+
+ @Autowired IConfiguration config;
+
+ private List<Map<String, String>> availableIdentities = new ArrayList<>();
+
+
+ private static ObjectMapper jsonMapper = new ObjectMapper();
+
+ static {
+ // initialize JSON Mapper
+ jsonMapper.configure(DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY, true);
+ jsonMapper.configure(DeserializationFeature.FAIL_ON_TRAILING_TOKENS, true);
+ jsonMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true);
+ jsonMapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE);
+ jsonMapper.setVisibility(PropertyAccessor.GETTER, Visibility.PUBLIC_ONLY);
+ jsonMapper.setVisibility(PropertyAccessor.IS_GETTER, Visibility.PUBLIC_ONLY);
+
+ }
+
+
+ /**
+ * Get an identity randomly from available identities.
+ *
+ * @return Map of identity attributes
+ * @throws EAAFAuthenticationException In case of an empty identity store
+ */
+ public Map<String, String> getIdentityRandomly() throws EAAFAuthenticationException {
+ if (availableIdentities.isEmpty()) {
+ throw new EAAFAuthenticationException("builder.08", new Object[] {"No Dummy-Identity available"});
+
+ }
+
+
+
+ int num = (int) (Math.random() * 1000000) % availableIdentities.size();
+ Logger.debug("Select element: " + num + " from dummy-identity store");
+ return availableIdentities.get(num);
+
+ }
+
+ /**
+ * Get number of available identity sets.
+ *
+ * @return available dummy identities
+ */
+ public int getNumberOfLoadedIdentitySets( ) {
+ return availableIdentities.size();
+
+ }
+
+
+ @PostConstruct
+ private void initialize() throws EAAFException {
+ try {
+ Logger.debug("Initializing Dummy-Identity authentication service ... ");
+
+ //get all files from datastore
+ Set<Path> identityConfigFiles = getAllFilesFromIdentityStore();
+ Logger.debug("Find #" + identityConfigFiles.size() + " files in identity-store. Starting identity extraction ... ");
+
+ //extract identity informations
+ identityConfigFiles.stream()
+ .filter(el -> FilenameUtils.isExtension(el.getFileName().toString(), ConfigurationProperties.ALLOWED_FILE_TYPE))
+ .forEach(el -> loadJson(el));
+
+ Logger.info("Dummy-Identity authentication service contains #" + availableIdentities.size() + " data-sets");
+
+ } catch (EAAFException e) {
+ handleError(e);
+
+ } catch (IOException e) {
+ handleError(new EAAFException("config.05",
+ new Object[] {ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH}, e));
+
+ }
+ }
+
+
+ private void loadJson(Path file) {
+ try {
+ Logger.debug("Reading dummy-identity from file: " + file.getFileName() + " ... ");
+ Map<String, String> dummyEid = jsonMapper.readValue(file.toFile(), Map.class);
+
+ // check minimum required attributes
+ ConfigurationProperties.MINIMUM_REQ_ATTRIBUTES.stream().forEach(
+ el -> {
+ if (!dummyEid.containsKey(el)) {
+ throw new RuntimeException("dummy-identity from file: " + file.getFileName() + " missing attribute: " + el);
+
+ }
+ });
+
+ Logger.debug("Add dummy-identity from file: " + file.getFileName());
+ availableIdentities.add(dummyEid);
+
+
+ } catch (Exception e) {
+ Logger.warn("Can NOT read dummy-identity from file: " + file.getFileName() + " Identity will be skipped", e);
+
+ }
+
+ }
+
+
+ private Set<Path> getAllFilesFromIdentityStore() throws IOException, EAAFConfigurationException {
+ String identityStorePath = config.getBasicConfiguration(ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH);
+ if (StringUtils.isEmpty(identityStorePath)) {
+ throw new EAAFConfigurationException("config.08",
+ new Object[] {ConfigurationProperties.PROP_MODULE_IDENTITY_STORE_PATH});
+
+ }
+
+ String absIdentityStorePath = FileUtils.makeAbsoluteURL(identityStorePath, config.getConfigurationRootDirectory());
+ if (absIdentityStorePath.startsWith("file:")) {
+ absIdentityStorePath = absIdentityStorePath.substring("file:".length());
+
+ }
+
+ return Files.walk(Paths.get(absIdentityStorePath), FileVisitOption.FOLLOW_LINKS)
+ .filter(Files::isRegularFile)
+ .filter(Files::isReadable)
+ .collect(Collectors.toSet());
+
+ }
+
+
+ private void handleError(EAAFException e) throws EAAFException {
+ if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ throw e;
+
+ } else {
+ Logger.info("Dummy-Identity authentication is disabled. Ignore exception: " + e.getMessage());
+
+ }
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java
new file mode 100644
index 000000000..5eb441bc9
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/task/InjectDummyIdentityInformationTask.java
@@ -0,0 +1,140 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.task;
+
+import java.util.Map;
+import java.util.Map.Entry;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("InjectDummyIdentityInformationTask")
+public class InjectDummyIdentityInformationTask extends AbstractAuthServletTask {
+
+ @Autowired
+ IConfiguration moaAuthConfig;
+ @Autowired
+ DummyIdentityService service;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.
+ * egovernment.moa.id.process.api.ExecutionContext,
+ * javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request,
+ HttpServletResponse response)
+ throws TaskExecutionException {
+
+ try {
+ Logger.debug("Injecting user credentials for Dummy-Identity authentication ... ");
+ parseDemoValuesIntoMOASession(pendingReq);
+
+ // set 'needConsent' to false, because user gives consent during authentication
+ pendingReq.setNeedUserConsent(false);
+
+ // set 'authenticated' flag to true
+ pendingReq.setAuthenticated(true);
+
+ // store MOASession into database
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } catch (final MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (final Exception e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
+ }
+
+ /**
+ * @param pendingReq
+ * @param moaSession
+ * @throws MOAIDException
+ * @throws EAAFStorageException
+ * @throws EAAFAuthenticationException
+ */
+ private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException,
+ EAAFAuthenticationException {
+ final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+ moaSession.setForeigner(false);
+ moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
+
+ final Map<String, String> rawIdentity = service.getIdentityRandomly();
+
+ // add attributes into session
+ for (final Entry<String, String> el : rawIdentity.entrySet()) {
+ moaSession.setGenericDataToSession(el.getKey(), el.getValue());
+ Logger.debug("Add PVP-attribute " + el.getKey() + " into MOASession");
+
+ }
+
+ // set BKU URL
+ if (rawIdentity.containsKey(PVPAttributeDefinitions.EID_CCS_URL_NAME)) {
+ moaSession.setBkuURL(rawIdentity.get(PVPAttributeDefinitions.EID_CCS_URL_NAME));
+
+ } else {
+ moaSession.setBkuURL("http://egiz.gv.at/dummy-authentication");
+
+ }
+
+ // check if mandates are included
+ if (rawIdentity.containsKey(PVPAttributeDefinitions.MANDATE_TYPE_NAME)
+ || rawIdentity.containsKey(PVPAttributeDefinitions.MANDATE_TYPE_OID_NAME)) {
+ Logger.debug("Find Mandate-Attributes in E-ID response. Switch to mandate-mode ... ");
+ moaSession.setUseMandates(true);
+
+ } else {
+ moaSession.setUseMandates(false);
+
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..a60db29cb
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthSpringResourceProvider \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml
new file mode 100644
index 000000000..d7351fbbd
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/dummy_identity_auth.process.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="dummyIdentityAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+ <pd:Task id="dummyAuth" class="InjectDummyIdentityInformationTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="dummyAuth" />
+ <pd:Transition from="dummyAuth" to="finalizeAuthentication" />
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml
new file mode 100644
index 000000000..5c2ea1176
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/main/resources/moaid_dummy_identity_auth.beans.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="dummyIdentityAuthModule" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule">
+ <property name="priority" value="4" />
+ </bean>
+
+ <bean id="dummyIdentityService"
+ class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService" />
+
+ <bean id="InjectDummyIdentityInformationTask"
+ class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.task.InjectDummyIdentityInformationTask"
+ scope="prototype"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java
new file mode 100644
index 000000000..7fa2eab93
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/BeanCreationTest.java
@@ -0,0 +1,67 @@
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.BeanCreationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_dummy_identity_auth_lazy.beans.xml" })
+public class BeanCreationTest {
+
+ @Autowired DummyAuthConfigMap config;
+ @Autowired ApplicationContext context;
+
+ @Before
+ public void initialize() {
+ // re-set config
+ config.putConfigValue("modules.dummyauth.enabled", String.valueOf(false));
+
+ }
+
+ @Test
+ public void authModuleDeactivated() {
+ assertNotNull("AuthModule", context.getBean(DummyIdentityAuthModule.class));
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void dummyIdentityServiceDisabled() {
+ assertNotNull("IdentityService", context.getBean(DummyIdentityService.class));
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void dummyIdentityServiceEnabled() {
+ config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true));
+
+ try {
+ context.getBean(DummyIdentityService.class);
+ fail("Wrong config not detected");
+
+ } catch (Exception e) {
+ assertTrue("wrong exception", e instanceof BeanCreationException);
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java
new file mode 100644
index 000000000..37bb0d9b4
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthModuleTest.java
@@ -0,0 +1,117 @@
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_dummy_identity_auth.beans.xml" })
+public class DummyIdentityAuthModuleTest {
+
+ @Autowired DummyAuthConfigMap config;
+ @Autowired DummyIdentityAuthModule module;
+
+ private ExecutionContext context;
+ private TestRequestImpl pendingReq;
+ private Map<String, String> spConfigMap;
+
+ @Before
+ public void initialize() {
+ context = new ExecutionContextImpl();
+
+ spConfigMap = new HashMap<>();
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10));
+
+ ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config);
+ pendingReq = new TestRequestImpl();
+ pendingReq.setSpConfig(spConfig);
+
+ // re-set config
+ config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true));
+
+ }
+
+ @Test
+ public void checkProcessDefinition() {
+ String[] def = module.getProcessDefinitions();
+
+ assertNotNull("no process definition", def);
+ Arrays.asList(def).stream().forEach(
+ el -> DummyIdentityAuthModuleTest.class.getResourceAsStream(el));
+
+ }
+
+
+ @Test
+ public void deactivated() {
+ config.putConfigValue("modules.dummyauth.enabled", String.valueOf(false));
+
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void unknownServiceProvider() {
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void allowedServiceProviderButNotRequested() {
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323");
+
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void allowedServiceProviderButWrongRequested() {
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323");
+ context.put("dummyauth", 27);
+
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void allowedServiceProviderButFalseRequested() {
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323");
+ context.put("dummyauth", "false");
+
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void allowedServiceProviderAndRequested() {
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323");
+ context.put("dummyauth", "true");
+
+ assertEquals("wrong authmethod identifier", "dummyIdentityAuthentication",
+ module.selectProcess(context, pendingReq));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java
new file mode 100644
index 000000000..0e9da9fea
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityAuthSpringResourceProviderTest.java
@@ -0,0 +1,55 @@
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthSpringResourceProvider;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class DummyIdentityAuthSpringResourceProviderTest {
+
+ @Test
+ public void testSpringConfig() {
+ final DummyIdentityAuthSpringResourceProvider test =
+ new DummyIdentityAuthSpringResourceProvider();
+ for (final Resource el : test.getResourcesToLoad()) {
+ try {
+ IOUtils.toByteArray(el.getInputStream());
+
+ } catch (final IOException e) {
+ Assert.fail("Ressouce: " + el.getFilename() + " not found");
+ }
+
+ }
+
+ Assert.assertNotNull("no Name", test.getName());
+ Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+ }
+
+ @Test
+ public void testSpILoaderConfig() {
+ final InputStream el = this.getClass().getResourceAsStream(
+ "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider");
+ try {
+ final String spiFile = IOUtils.toString(el, "UTF-8");
+
+ Assert.assertEquals("Wrong classpath in SPI file",
+ DummyIdentityAuthSpringResourceProvider.class.getName(), spiFile);
+
+
+ } catch (final IOException e) {
+ Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found");
+
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java
new file mode 100644
index 000000000..19a9fc72e
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/DummyIdentityServiceTest.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.util.Map;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFAuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_dummy_identity_auth.beans.xml" })
+public class DummyIdentityServiceTest {
+
+ @Autowired DummyIdentityService service;
+
+
+ @Test
+ public void numberOfLoadedIdentities() {
+ assertEquals("wrong number of identities in store", 3, service.getNumberOfLoadedIdentitySets());
+
+ }
+
+ @Test
+ public void getRandomIdentity() throws EAAFAuthenticationException {
+ Map<String, String> idl = service.getIdentityRandomly();
+
+ assertNotNull("idl", idl);
+ assertEquals("wrong number of attributes", 4, idl.size());
+
+ }
+
+ @Test
+ public void getManyRandomIdentity() throws EAAFAuthenticationException {
+ for(int i=0; i<50; i++) {
+ assertNotNull("idl", service.getIdentityRandomly());
+
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java
new file mode 100644
index 000000000..5d41496e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/InjectDummyIdentityInformationTaskTest.java
@@ -0,0 +1,92 @@
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.task.InjectDummyIdentityInformationTask;
+import at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_dummy_identity_auth.beans.xml" })
+public class InjectDummyIdentityInformationTaskTest {
+
+ @Autowired InjectDummyIdentityInformationTask task;
+ @Autowired DummyAuthConfigMap config;
+ @Autowired IRequestStorage storage;
+
+ protected MockHttpServletRequest httpReq;
+ protected MockHttpServletResponse httpResp;
+ private ExecutionContext context;
+ private TestRequestImpl pendingReq;
+ private Map<String, String> spConfigMap;
+
+ @Before
+ public void initialize() {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ context = new ExecutionContextImpl();
+
+ spConfigMap = new HashMap<>();
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10));
+
+ ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config);
+ pendingReq = new TestRequestImpl();
+ pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setSpConfig(spConfig);
+
+ // re-set config
+ config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true));
+
+ }
+
+ @Test
+ public void injectIdentityData() throws TaskExecutionException, PendingReqIdValidationException {
+
+ task.execute(pendingReq, context);
+
+ // validate state
+ IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ assertNotNull("pendingReq not stored", storedReq);
+
+ final AuthenticationSessionWrapper moaSession = storedReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ assertFalse("foreign", moaSession.isForeigner());
+ assertFalse("mandate", moaSession.isMandateUsed());
+ assertNotNull("bkuUrl", moaSession.getBkuURL());
+ assertEquals("missing attributes", 4, moaSession.getGenericSessionDataStorage().size());
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java
new file mode 100644
index 000000000..3c0f9edf1
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/java/at/gv/egovernment/moa/id/auth/modules/auth/dummy/test/dummy/DummyAuthConfigMap.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+ private Map<String, String> config = new HashMap<>();
+
+ public DummyAuthConfigMap() {
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param configIs Property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(configIs);
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param path Path to property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final String path) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(this.getClass().getResourceAsStream(path));
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+
+ @Override
+ public String getBasicConfiguration(final String key) {
+ return config.get(key);
+
+ }
+
+ @Override
+ public String getBasicConfiguration(final String key, final String defaultValue) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return defaultValue;
+ } else {
+ return value;
+ }
+
+ }
+
+ @Override
+ public Boolean getBasicConfigurationBoolean(final String key) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return false;
+ } else {
+ return Boolean.valueOf(value);
+ }
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+ return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+ }
+
+ @Override
+ public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+ return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+ }
+
+ @Override
+ public ISPConfiguration getServiceProviderConfiguration(final String uniqueID)
+ throws EAAFConfigurationException {
+ return null;
+ }
+
+ @Override
+ public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+ throws EAAFConfigurationException {
+ return null;
+ }
+
+ @Override
+ public URI getConfigurationRootDirectory() {
+ return new java.io.File(".").toURI();
+
+ }
+
+ @Override
+ public String validateIDPURL(final URL authReqUrl) throws EAAFException {
+ return null;
+ }
+
+ public void putConfigValue(final String key, final String value) {
+ config.put(key, value);
+ }
+
+ public void removeConfigValue(final String key) {
+ config.remove(key);
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties
new file mode 100644
index 000000000..18bd21df1
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config1.properties
@@ -0,0 +1,6 @@
+modules.dummyauth.enabled=true
+modules.dummyauth.identity.store.path=src/test/resources/config/idlstore/
+modules.dummyauth.sp.1=aaabbccddeeffgg
+modules.dummyauth.sp.2=yyasdfasfsa2323
+modules.dummyauth.sp.3=
+modules.dummyauth.sp.4=435344534egewgegf
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties
new file mode 100644
index 000000000..d38ba692b
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/config2.properties
@@ -0,0 +1,5 @@
+modules.dummyauth.enabled=false
+modules.dummyauth.identity.store.path=notexit
+modules.dummyauth.sp.1=aaabbccddeeffgg
+modules.dummyauth.sp.2=yyasdfasfsa2323
+modules.dummyauth.sp.3=435344534egewgegf
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json
new file mode 100644
index 000000000..4d927b7ad
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_1.json
@@ -0,0 +1,6 @@
+{
+ "urn:oid:2.5.4.42": "Max",
+ "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann",
+ "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01",
+ "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg"
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json
new file mode 100644
index 000000000..1cffdd696
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_2.json
@@ -0,0 +1,6 @@
+{
+ "urn:oid:2.5.4.42": "Susi",
+ "urn:oid:1.2.40.0.10.2.1.1.261.20": "Musterfrau",
+ "urn:oid:1.2.40.0.10.2.1.1.55": "1950-02-02",
+ "urn:oid:1.2.40.0.10.2.1.1.149": "GH:zzyyxx99887dd"
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json
new file mode 100644
index 000000000..ec1a4ba49
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_1.json
@@ -0,0 +1,6 @@
+{
+ "urn:oid:2.5.4.42": "Max"
+ "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann",
+ "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01",
+ "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg"
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json
new file mode 100644
index 000000000..71c2f654e
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_2.json
@@ -0,0 +1,7 @@
+{
+ "urn:oid:2.5.4.42": {
+ "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann"
+ },
+ "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01",
+ "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg"
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json
new file mode 100644
index 000000000..29a245ca4
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_invalid_json_3.json
@@ -0,0 +1,8 @@
+{
+ "urn:oid:2.5.4.42": {
+ "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann"
+ },
+ "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann",
+ "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01",
+ "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg"
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json
new file mode 100644
index 000000000..2f241c291
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_missing_attr.json
@@ -0,0 +1,5 @@
+{
+ "urn:oid:2.5.4.42": "Max",
+ "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01",
+ "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg"
+}
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt
new file mode 100644
index 000000000..4d927b7ad
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/config/idlstore/idl_wrong_extension.txt
@@ -0,0 +1,6 @@
+{
+ "urn:oid:2.5.4.42": "Max",
+ "urn:oid:1.2.40.0.10.2.1.1.261.20": "Mustermann",
+ "urn:oid:1.2.40.0.10.2.1.1.55": "1940-01-01",
+ "urn:oid:1.2.40.0.10.2.1.1.149": "GH:aaabbccddeeffgg"
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml
new file mode 100644
index 000000000..cca27822e
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth.beans.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <import resource="classpath:/SpringTest-context_authManager.xml" />
+ <import resource="classpath:/moaid_dummy_identity_auth.beans.xml" />
+
+ <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap">
+ <constructor-arg name="path" value="/config/config1.properties" />
+ </bean>
+
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml
new file mode 100644
index 000000000..e818bd29c
--- /dev/null
+++ b/id/server/modules/moa-id-module-dummyAuth/src/test/resources/test_dummy_identity_auth_lazy.beans.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <import resource="classpath:/SpringTest-context_authManager.xml" />
+
+ <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.test.dummy.DummyAuthConfigMap">
+ <constructor-arg name="path" value="/config/config2.properties" />
+ </bean>
+
+ <beans default-lazy-init="true">
+ <bean id="dummyIdentityAuthModule" class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.DummyIdentityAuthModule">
+ <property name="priority" value="4" />
+ </bean>
+
+ <bean id="dummyIdentityService"
+ class="at.gv.egovernment.moa.id.auth.modules.auth.dummy.service.DummyIdentityService" />
+ </beans>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/pom.xml b/id/server/modules/moa-id-module-eIDAS/pom.xml
index 45fd97508..fc73206a7 100644
--- a/id/server/modules/moa-id-module-eIDAS/pom.xml
+++ b/id/server/modules/moa-id-module-eIDAS/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-eIDAS</artifactId>
<name>MOA-ID eIDAS Module</name>
@@ -237,14 +237,14 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
- <version>1.52</version>
+ <version>1.70</version>
<!-- <scope>provided</scope> -->
</dependency>
<dependency>
<groupId>com.ibm.icu</groupId>
<artifactId>icu4j</artifactId>
- <version>58.2</version>
+ <version>70.1</version>
</dependency>
diff --git a/id/server/modules/moa-id-module-ehvd_integration/pom.xml b/id/server/modules/moa-id-module-ehvd_integration/pom.xml
new file mode 100644
index 000000000..15edb681e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/pom.xml
@@ -0,0 +1,145 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modules</artifactId>
+ <version>4.2.0</version>
+ </parent>
+ <artifactId>moa-id-module-ehvd_integration</artifactId>
+ <version>${moa-id-ehvd_integration.version}</version>
+ <description>Module to integrate information from EHVD into MOA-ID response</description>
+
+ <dependencies>
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modul-citizencard_authentication</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>javax.servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-jaxws</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ <scope>provided</scope>
+ </dependency>
+
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_core_utils</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf-core</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
+ <dependency>
+ <groupId>com.github.skjolber</groupId>
+ <artifactId>mockito-soap-cxf</artifactId>
+ <version>1.2.0</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http-jetty</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-extension-providers</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.tomcat</groupId>
+ <artifactId>tomcat-servlet-api</artifactId>
+ <version>9.0.56</version>
+ <scope>test</scope>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-codegen-plugin</artifactId>
+ <version>3.3.12</version>
+ <dependencies>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ <version>2.8.1</version>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.xml.bind</groupId>
+ <artifactId>jaxb-impl</artifactId>
+ <version>2.2.5</version>
+ </dependency>
+ <dependency>
+ <groupId>com.sun.xml.bind</groupId>
+ <artifactId>jaxb-xjc</artifactId>
+ <version>2.2.5</version>
+ </dependency>
+ </dependencies>
+ <executions>
+ <execution>
+ <id>generate-sources</id>
+ <phase>generate-sources</phase>
+ <configuration>
+ <sourceRoot>${project.build.directory}/generated/cxf</sourceRoot>
+ <wsdlOptions>
+ <wsdlOption>
+ <wsdl>${basedir}/src/main/resources/wsdl/eHVD.wsdl</wsdl>
+ <packagenames>
+ <packagename>eHVD=at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl</packagename>
+ </packagenames>
+ <extraargs>
+ <extraarg>-verbose </extraarg>
+ </extraargs>
+ </wsdlOption>
+ </wsdlOptions>
+ </configuration>
+ <goals>
+ <goal>wsdl2java</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
new file mode 100644
index 000000000..6cb9c08e3
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java
@@ -0,0 +1,61 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+
+public class ConfigurationProperties {
+
+ // configuration properties
+ private static final String MODULE_PREFIX = "modules.ehvd.";
+
+ public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled";
+ public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp";
+
+ public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target";
+ public static final String PROP_MODULE_SERVICE_ENDPOINT = MODULE_PREFIX + "service.url";
+ public static final String PROP_MODULE_EHVD_ROLE_REGEX = MODULE_PREFIX + "service.role.regex";
+ public static final String PROP_MODULE_EHVD_OTHERID_PREFIX = MODULE_PREFIX + "service.otherid.prefix";
+
+ public static final String PROP_MODULE_PVP_ROLE = MODULE_PREFIX + "role.pvp";
+
+ public static final String PROP_MODULE_PROXY_SOCKS_PORT = MODULE_PREFIX + "proxy.socks.port";
+
+ public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH";
+
+
+ //TODO: define custom EHVD SAML2 attributes
+ public static final String ATTRIBUTE_URN_EHVD_PREFIX = "urn:brzgvat:attributes.ehvd.";
+ public static final String ATTRIBUTE_URN_EHVD_TITLE = ATTRIBUTE_URN_EHVD_PREFIX + "title";
+ public static final String ATTRIBUTE_URN_EHVD_FIRSTNAME = ATTRIBUTE_URN_EHVD_PREFIX + "firstname";
+ public static final String ATTRIBUTE_URN_EHVD_SURNAME = ATTRIBUTE_URN_EHVD_PREFIX + "surname";
+ public static final String ATTRIBUTE_URN_EHVD_ZIPCODE = ATTRIBUTE_URN_EHVD_PREFIX + "zip";
+ public static final String ATTRIBUTE_URN_EHVD_STATE = ATTRIBUTE_URN_EHVD_PREFIX + "state";
+ public static final String ATTRIBUTE_URN_EHVD_ID = ATTRIBUTE_URN_EHVD_PREFIX + "id";
+ public static final String ATTRIBUTE_URN_EHVD_OTHERID = ATTRIBUTE_URN_EHVD_PREFIX + "otherid";
+
+
+ private ConfigurationProperties() {
+ // hide constructor or static class
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
new file mode 100644
index 000000000..d087b9fe2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import java.util.Collection;
+import java.util.Collections;
+import java.util.stream.Collectors;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl {
+
+ private int priority = 2;
+
+ @Autowired(required = true)
+ protected IConfigurationWithSP authConfig;
+
+ private Collection<String> uniqueIDsEnabled;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+ */
+ @Override
+ public int getPriority() {
+ return priority;
+
+ }
+
+ /**
+ * Sets the priority of this module. Default value is {@code 0}.
+ *
+ * @param priority The priority.
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+
+ }
+
+ @PostConstruct
+ private void initialDummyAuthWhiteList() {
+ if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ Logger.info("AuthModule for 'EHVD injection' is enabled");
+
+ // load allowed service-provider Id's
+ uniqueIDsEnabled = authConfig.getBasicConfigurationWithPrefix(
+ ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream()
+ .filter(el -> StringUtils.isNotEmpty(el))
+ .collect(Collectors.toSet());
+
+ if (!uniqueIDsEnabled.isEmpty()) {
+ Logger.info("EHVD communication is enabled for ....");
+ uniqueIDsEnabled.forEach(el -> Logger.info(" EntityID: " + el));
+
+ }
+
+ } else {
+ uniqueIDsEnabled = Collections.emptySet();
+ Logger.info("AuthModule for 'EHVD injection' is disabled");
+
+ }
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.
+ * egovernment.moa.id.process.api.ExecutionContext)
+ */
+ @Override
+ public String selectProcess(ExecutionContext context, IRequest pendingReq) {
+
+ if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier();
+ Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ....");
+ final boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq));
+ if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) {
+ Logger.debug("EHVD communication is allowed for SP: " + spEntityID);
+ return "DefaultAuthenticationWithEHVDInteraction";
+
+ } else {
+ if (Logger.isDebugEnabled()) {
+ if (ccAuthRequested) {
+ Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication.");
+
+ } else {
+ Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too");
+
+ }
+ }
+ }
+
+ } else {
+ Logger.trace("'EHVD injection' authentication is disabled");
+
+ }
+
+ return null;
+
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:/DefaultAuth_with_ehvd_interaction.process.xml" };
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
new file mode 100644
index 000000000..589a316fe
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java
@@ -0,0 +1,71 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider {
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+ */
+ @Override
+ public Resource[] getResourcesToLoad() {
+ final ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml",
+ EhvdServiceAuthSpringResourceProvider.class);
+ return new Resource[] { authConfig };
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+ */
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+ */
+ @Override
+ public String getName() {
+ return "Module for 'Dummy Authentication'";
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java
new file mode 100644
index 000000000..af413ffc3
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/AbstractEhvdAttributeBuilder.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+import at.gv.egovernment.moa.logging.Logger;
+
+public abstract class AbstractEhvdAttributeBuilder implements IPVPAttributeBuilder {
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration spConfig, IAuthData authData, IAttributeGenerator<ATT> g)
+ throws AttributeBuilderException {
+ try {
+ GdaDescriptor fullGdaInfo =
+ authData.getGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, GdaDescriptor.class);
+
+ if (fullGdaInfo != null) {
+ String attrValue = generateAttributeValue(fullGdaInfo);
+ Logger.debug(StringUtils.isEmpty(attrValue) ? "Skip" : "Build"
+ + "attribute: " + getName());
+ return g.buildStringAttribute(getName(), getName(),
+ StringUtils.isNotEmpty(attrValue) ? attrValue : null);
+
+ } else {
+ Logger.trace("Skipping attr: " + getName() + " because no GDA info available");
+ return null;
+
+ }
+
+ } catch (ClassCastException e) {
+ Logger.trace("Skipping attr: " + getName() + " because no GDA info available");
+ return null;
+
+ }
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(getName(), getName());
+
+ }
+
+ protected abstract String generateAttributeValue(GdaDescriptor fullGdaInfo);
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java
new file mode 100644
index 000000000..7056c3099
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressStateAttributeBuilder.java
@@ -0,0 +1,28 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+//
+//import java.util.stream.Collectors;
+//
+//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//
+//@PVPMETADATA
+//public class EhvdAddressStateAttributeBuilder extends AbstractEhvdAttributeBuilder {
+//
+// private static final String ATTR_VALUE_DELIMITER = "|";
+//
+// @Override
+// public String getName() {
+// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_STATE;
+//
+// }
+//
+// @Override
+// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+// return fullGdaInfo.getAddress().stream()
+// .map(el -> el.getState() != null ? el.getState() : "")
+// .collect(Collectors.joining(ATTR_VALUE_DELIMITER));
+//
+// }
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java
new file mode 100644
index 000000000..98a0567f2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdAddressZipcodeAttributeBuilder.java
@@ -0,0 +1,28 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+//
+//import java.util.stream.Collectors;
+//
+//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//
+//@PVPMETADATA
+//public class EhvdAddressZipcodeAttributeBuilder extends AbstractEhvdAttributeBuilder {
+//
+// private static final String ATTR_VALUE_DELIMITER = "|";
+//
+// @Override
+// public String getName() {
+// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ZIPCODE;
+//
+// }
+//
+// @Override
+// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+// return fullGdaInfo.getAddress().stream()
+// .map(el -> el.getZip() != null ? el.getZip() : "")
+// .collect(Collectors.joining(ATTR_VALUE_DELIMITER));
+//
+// }
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java
new file mode 100644
index 000000000..1bb923cf4
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdFirstnameAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdFirstnameAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_FIRSTNAME;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getFirstname();
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java
new file mode 100644
index 000000000..918b02c2e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdIdAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdIdAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_ID;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getId() != null ? fullGdaInfo.getId().getId() : null;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java
new file mode 100644
index 000000000..2d0e20c9c
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdOtherIdAttributeBuilder.java
@@ -0,0 +1,54 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+//
+//import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+//import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+//import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
+//import at.gv.egovernment.moa.logging.Logger;
+//
+//@PVPMETADATA
+//public class EhvdOtherIdAttributeBuilder extends AbstractEhvdAttributeBuilder {
+//
+// private static final String DEFAULT_ID_PREFIX = "1.2.40.0.34.4.18:";
+//
+// private String idPrefix;
+//
+// public EhvdOtherIdAttributeBuilder() {
+// try {
+// AuthConfiguration config = AuthConfigurationProviderFactory.getInstance();
+// if (config != null) {
+// idPrefix = config.getBasicConfiguration(
+// ConfigurationProperties.PROP_MODULE_EHVD_OTHERID_PREFIX, DEFAULT_ID_PREFIX);
+//
+// } else {
+// idPrefix = DEFAULT_ID_PREFIX;
+//
+// }
+// } catch (ConfigurationException e) {
+// idPrefix = DEFAULT_ID_PREFIX;
+//
+// }
+//
+// Logger.info(" Set-up " + getName() + " with otherId prefix: " + idPrefix);
+//
+// }
+//
+// @Override
+// public String getName() {
+// return ConfigurationProperties.ATTRIBUTE_URN_EHVD_OTHERID;
+//
+// }
+//
+// @Override
+// protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+// return fullGdaInfo.getOtherID().stream()
+// .filter(el -> el.startsWith(idPrefix))
+// .findFirst()
+// .map(el -> el.substring(idPrefix.length()))
+// .orElse(null);
+//
+// }
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java
new file mode 100644
index 000000000..db8de397b
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdSurnameAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdSurnameAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_SURNAME;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getSurname();
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java
new file mode 100644
index 000000000..c978d4dd2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/EhvdTitelAttributeBuilder.java
@@ -0,0 +1,22 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@PVPMETADATA
+public class EhvdTitelAttributeBuilder extends AbstractEhvdAttributeBuilder {
+
+ @Override
+ public String getName() {
+ return ConfigurationProperties.ATTRIBUTE_URN_EHVD_TITLE;
+
+ }
+
+ @Override
+ protected String generateAttributeValue(GdaDescriptor fullGdaInfo) {
+ return fullGdaInfo.getTitle();
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
new file mode 100644
index 000000000..a79aa86dd
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java
@@ -0,0 +1,57 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes;
+
+import java.util.stream.Collectors;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA;
+import at.gv.egovernment.moa.id.data.IMOAAuthData;
+import at.gv.egovernment.moa.logging.Logger;
+
+@PVPMETADATA
+public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder {
+
+ private static final String ROLE_NAME_DELIMITER = ";";
+
+ @Override
+ public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeBuilderException {
+ if (authData instanceof IMOAAuthData) {
+ final IMOAAuthData moaAuthData = (IMOAAuthData) authData;
+ if (moaAuthData.getAuthenticationRoles() != null
+ && !moaAuthData.getAuthenticationRoles().isEmpty()) {
+ return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME,
+ moaAuthData.getAuthenticationRoles().stream()
+ .map(el -> el.getRawRoleString())
+ .collect(Collectors.joining(ROLE_NAME_DELIMITER)));
+
+ } else {
+ Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME);
+
+ }
+
+ } else {
+ Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context");
+
+ }
+
+ return null;
+
+ }
+
+ @Override
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME);
+
+ }
+
+ @Override
+ public String getName() {
+ return ROLES_NAME;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java
new file mode 100644
index 000000000..f621d1bb4
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/exception/EhvdException.java
@@ -0,0 +1,19 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.exception;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
+public class EhvdException extends AuthenticationException {
+
+ private static final long serialVersionUID = 380654627005502948L;
+
+ public EhvdException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+
+ }
+
+ public EhvdException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
new file mode 100644
index 000000000..b165d05e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java
@@ -0,0 +1,321 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
+
+import java.net.URL;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.Set;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.annotation.Nonnull;
+import javax.annotation.PostConstruct;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.handler.Handler;
+import javax.xml.ws.soap.SOAPFaultException;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transports.http.configuration.ProxyServerType;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import com.google.common.collect.Sets;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVDService;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GetGdaDescriptors;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.exception.EhvdException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.util.LoggingHandler;
+
+/**
+ * Implement interaction with EHVD service to get GDA information.
+ *
+ * @author tlenz
+ *
+ */
+public class EhvdCommunicationService implements IEhvdCommunication {
+
+ private static final String GDA_RESP_STATUS_ACTIVE = "Aktiv";
+
+ private static final String ERROR_EHVD_00 = "ehvd.00";
+ private static final String ERROR_EHVD_01 = "ehvd.01";
+ private static final String ERROR_EHVD_02 = "ehvd.02";
+ private static final String ERROR_EHVD_03 = "ehvd.03";
+ private static final String ERROR_EHVD_04 = "ehvd.04";
+ private static final String ERROR_CONFIG_05 = "config.05";
+
+ private static final Set<String> SERVICE_ERRORS_LOG_INFO = Sets.newHashSet("6002");
+
+ @Autowired
+ IConfiguration config;
+
+ private String ehvdBpkTarget;
+
+ private EHVD ehvdClient;
+ private Pattern ehvdRolePattern;
+
+ private List<String> ehvhPvpRoleList;
+
+ /**
+ * Get user's GDA roles from EHVD Service.
+ *
+ * @param identityLink IdentityLink of the user
+ * @return {@link List} of Roles that are received from EHVD
+ * @throws AuthenticationException In case of an EHVD communication error
+ * @throws EAAFBuilderException In case of a bPK generation error
+ */
+ @Override
+ @Nonnull
+ public EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException,
+ EAAFBuilderException {
+
+ // get bPK for EHVD request
+ final Pair<String, String> ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier(
+ identityLink.getIdentificationValue(),
+ identityLink.getIdentificationType(),
+ ehvdBpkTarget);
+
+ // request EHVD and handle errors
+ final GdaIndexResponse gdaResp = requestingGda(ehvdBpk.getFirst());
+
+ // parse roles from response
+ return EhvdResponseHolder.getInstance(gdaResp.getGda(), parseGdaResponse(gdaResp));
+
+ }
+
+ @Nonnull
+ private GdaIndexResponse requestingGda(String bpk) throws EhvdException {
+ try {
+ final GetGdaDescriptors gdaReq = buildGdaRequest(bpk);
+ Logger.debug("Requesting EHVD to get GDA status ... ");
+ final GdaIndexResponse gdaResp = ehvdClient.getGDA(gdaReq);
+ Logger.debug("Receive GDA status. Starting response validation ... ");
+ return gdaResp;
+
+ } catch (final SOAPFaultException e) {
+ throw handleSoapFaultError(e);
+
+ } catch (final Exception e) {
+ Logger.error("EHVD communication failed with generic error: " + e.getMessage(), e);
+ throw new EhvdException(ERROR_EHVD_01, new Object[] {}, e);
+
+ }
+
+ }
+
+ private EhvdException handleSoapFaultError(SOAPFaultException e) {
+ // extract reason for this error
+ final String errorMsg = e.getFault() != null
+ ? StringUtils.isNotEmpty(e.getFault().getFaultString()) ? e.getFault().getFaultString()
+ : e.getMessage()
+ : e.getMessage();
+
+ if (SERVICE_ERRORS_LOG_INFO.stream()
+ .filter(el -> errorMsg.contains(el))
+ .findFirst()
+ .isPresent()) {
+ Logger.info("EHVD communication failed with SOAP response: " + errorMsg);
+ return new EhvdException(ERROR_EHVD_03, new Object[] { errorMsg });
+
+ } else {
+ Logger.warn("EHVD communication failed with SOAP response: " + errorMsg, e);
+ return new EhvdException(ERROR_EHVD_02, new Object[] { errorMsg });
+
+ }
+
+
+
+ }
+
+ private List<String> parseGdaResponse(GdaIndexResponse ehvdResp) throws EhvdException {
+ if (ehvdResp.getGda() != null) {
+ final GdaDescriptor gdaInfo = ehvdResp.getGda();
+ if (GDA_RESP_STATUS_ACTIVE.equals(gdaInfo.getStatus().getEhvdstatus())) {
+ Logger.debug("Find #" + gdaInfo.getRoles().getRole().size() + " roles");
+
+ // match roles with regex from configuration
+ final Optional<String> validGdaRole = gdaInfo.getRoles().getRole().stream()
+ .filter(el -> matchGdaRole(el))
+ .findFirst();
+
+ if (validGdaRole.isPresent()) {
+ Logger.info("Find valid GDA role: " + validGdaRole.get() + " Set PVP Role: "
+ + StringUtils.join(ehvhPvpRoleList, ",") + " into Session");
+
+ // set role into response
+ return ehvhPvpRoleList;
+
+ } else {
+ Logger.info("No valid GDA role in EHVD response");
+ throw new EhvdException(ERROR_EHVD_04, null);
+
+ }
+
+ } else {
+ Logger.info("GDA is marked as 'inactive'. Stopping process with an error ... ");
+ throw new EhvdException(ERROR_EHVD_00, null);
+
+ }
+
+ } else {
+ Logger.info("Receive empty GDA response");
+ throw new EhvdException(ERROR_EHVD_03, new Object[] {});
+
+ }
+ }
+
+ private boolean matchGdaRole(String role) {
+ final Matcher matcher = ehvdRolePattern.matcher(role);
+ final boolean matches = matcher.matches();
+ Logger.trace(matches ? "EHVD role: " + role + " matches"
+ : "EHVD role: " + role + " does not matche to pattern: " + matcher.toString());
+ return matches;
+
+ }
+
+ private GetGdaDescriptors buildGdaRequest(String bPK) {
+ final GetGdaDescriptors req = new GetGdaDescriptors();
+ final InstanceIdentifier gdaIdentifier = new InstanceIdentifier();
+ gdaIdentifier.setOidIssuingAuthority(PVPAttributeDefinitions.BPK_OID);
+ gdaIdentifier.setId(bPK);
+ req.setHcIdentifier(gdaIdentifier);
+ return req;
+
+ }
+
+ @PostConstruct
+ private void initialize() throws EAAFConfigurationException {
+ if (config.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) {
+ initializeEhvdClient();
+
+ // load EHVD bPK target
+ ehvdBpkTarget = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_SERVICE_TARGET,
+ ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET);
+ Logger.info("Set-up EHVD Client with bPK target: " + ehvdBpkTarget);
+
+ // load Regex to match EHVD Roles to PVP Roles
+ final String ehvdRoleRegex = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX);
+ checkConfigPropertyNotNull(ehvdRoleRegex, ConfigurationProperties.PROP_MODULE_EHVD_ROLE_REGEX);
+ ehvdRolePattern = Pattern.compile(ehvdRoleRegex);
+
+ Logger.info("Set-up EHVD Client with Role regex: " + ehvdRolePattern.toString());
+
+ // load PVP Roles for EHVD integration
+ final String ehvdPvpRole = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_PVP_ROLE);
+ checkConfigPropertyNotNull(ehvdPvpRole, ConfigurationProperties.PROP_MODULE_PVP_ROLE);
+ ehvhPvpRoleList = KeyValueUtils.getListOfCSVValues(ehvdPvpRole);
+ Logger.info("Set-up EHVD module with PVP Role: " + StringUtils.join(ehvhPvpRoleList, ","));
+
+ } else {
+ Logger.info("Skipping EHVD client because it's not active");
+
+ }
+ }
+
+ private void checkConfigPropertyNotNull(String valueToCheck, String configPropName)
+ throws EAAFConfigurationException {
+ if (StringUtils.isEmpty(valueToCheck)) {
+ Logger.error("Missing configuration for EHVD module. "
+ + "(Property: " + configPropName + ")");
+ throw new EAAFConfigurationException(ERROR_CONFIG_05,
+ new Object[] { configPropName });
+
+ }
+
+ }
+
+ private void initializeEhvdClient() throws EAAFConfigurationException {
+ Logger.debug("Initializing EHVD client ... ");
+ final URL url = EhvdCommunicationService.class.getResource("/wsdl/eHVD.wsdl");
+ final EHVDService service = new EHVDService(url);
+ ehvdClient = service.getEHVDPort12();
+
+ // load service end-point URL from configuration
+ final String ehvdEndpointUrl = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT);
+ if (StringUtils.isEmpty(ehvdEndpointUrl)) {
+ Logger.error("Missing configuration for EHVD WebService endpoint. "
+ + "(Property: " + ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT + ")");
+ throw new EAAFConfigurationException(ERROR_CONFIG_05,
+ new Object[] { ConfigurationProperties.PROP_MODULE_SERVICE_ENDPOINT });
+
+ }
+
+ // inject service end-point URL
+ final Map<String, Object> requestContext = ((BindingProvider) ehvdClient).getRequestContext();
+ requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, ehvdEndpointUrl);
+
+ // inject Logging handler
+ List<Handler> handlerList = ((BindingProvider) ehvdClient).getBinding().getHandlerChain();
+ if (handlerList == null) {
+ handlerList = new ArrayList<>();
+
+ }
+
+ handlerList.add(new LoggingHandler());
+ ((BindingProvider) ehvdClient).getBinding().setHandlerChain(handlerList);
+
+ Logger.info("Initialize EHVD Client with service end-point: " + ehvdEndpointUrl);
+
+ // these code is only for local testing
+ final String socksPort = config.getBasicConfiguration(
+ ConfigurationProperties.PROP_MODULE_PROXY_SOCKS_PORT);
+ if (StringUtils.isNotEmpty(socksPort)) {
+ Logger.warn("Injecting SOCKS5 Proxy for service communication!");
+ final Client client = ClientProxy.getClient(ehvdClient);
+ final HTTPConduit http = (HTTPConduit) client.getConduit();
+ http.getClient().setProxyServerType(ProxyServerType.SOCKS);
+ http.getClient().setProxyServer("127.0.0.1");
+ http.getClient().setProxyServerPort(Integer.valueOf(socksPort));
+
+ }
+ }
+
+ public static class EhvdResponseHolder {
+ final List<String> roles;
+ final GdaDescriptor fullGdaResponse;
+
+
+ public static EhvdResponseHolder getInstance(GdaDescriptor gdaInfo, List<String> processedRoles) {
+ return new EhvdResponseHolder(gdaInfo, processedRoles);
+
+ }
+
+ private EhvdResponseHolder(GdaDescriptor gdaInfo, List<String> processedRoles) {
+ this.roles = processedRoles;
+ this.fullGdaResponse = gdaInfo;
+
+ }
+
+ public List<String> getRoles() {
+ return roles;
+ }
+
+ public GdaDescriptor getFullGdaResponse() {
+ return fullGdaResponse;
+ }
+
+
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
new file mode 100644
index 000000000..6b7c7e2f5
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java
@@ -0,0 +1,20 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.service;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder;
+
+public interface IEhvdCommunication {
+
+ /**
+ * Get user's GDA roles from EHVD Service.
+ *
+ * @param identityLink IdentityLink of the user
+ * @return {@link EhvdResponseHolder} that contains the Roles received from EHVD and the full GDA response
+ * @throws AuthenticationException In case of an EHVD communication error
+ * @throws EAAFBuilderException In case of a bPK generation error
+ */
+ EhvdResponseHolder getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException;
+
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
new file mode 100644
index 000000000..ee5dbb2fd
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java
@@ -0,0 +1,109 @@
+/*
+ * Copyright 2021 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.ehvd.task;
+
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService.EhvdResponseHolder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("InjectEhvdInformationTask")
+public class InjectEhvdInformationTask extends AbstractAuthServletTask {
+
+ @Autowired
+ IEhvdCommunication ehvdService;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.
+ * egovernment.moa.id.process.api.ExecutionContext,
+ * javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse)
+ */
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request,
+ HttpServletResponse response)
+ throws TaskExecutionException {
+ try {
+ final AuthenticationSessionWrapper session = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ // validate internal state
+ validateInternalState(session);
+
+ // requesting roles from EHVD
+ final EhvdResponseHolder ehvdResponse = ehvdService.getRoles(session.getIdentityLink());
+
+ // inject EHVD roles
+ session.setGenericDataToSession(PVPAttributeDefinitions.ROLES_NAME,
+ StringUtils.join(ehvdResponse.getRoles(), ";"));
+
+ // inject full EHVD response
+ session.setGenericDataToSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX,
+ ehvdResponse.getFullGdaResponse());
+
+ // store MOASession into database
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } catch (final MOAIDException e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } catch (final Exception e) {
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ }
+ }
+
+ private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException {
+ // check if identityLink is available
+ if (session.getIdentityLink() == null) {
+ Logger.error("No IdentityLink in session. There is an internal error in process definition");
+ throw new AuthenticationException("process.04", null);
+
+ }
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml
new file mode 100644
index 000000000..2ff0d552f
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml
@@ -0,0 +1,32 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthenticationWithEHVDInteraction" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+ <!-- Tasks involved in this authentication flow -->
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+ <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
+
+ <pd:Task id="injectEhvdInformation" class="InjectEhvdInformationTask" />
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+
+
+ <!-- definition of the authentication flow -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+ <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+ <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" />
+ <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+ <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" />
+ <pd:Transition from="userRestrictionTask" to="injectEhvdInformation" />
+ <pd:Transition from="injectEhvdInformation" to="finalizeAuthentication" />
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..6985f2b7d
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
new file mode 100644
index 000000000..44f8d26cf
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder
@@ -0,0 +1,5 @@
+at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder
+at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder
+at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder
+at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder
+at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdIdAttributeBuilder
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml
new file mode 100644
index 000000000..4ef523ec8
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="ehvdServiceAuthModule" class="at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule">
+ <property name="priority" value="4" />
+ </bean>
+
+ <bean id="ehvdCommunicationService"
+ class="at.gv.egovernment.moa.id.auth.modules.ehvd.service.EhvdCommunicationService"/>
+
+ <bean id="InjectEhvdInformationTask"
+ class="at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask"
+ scope="prototype"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
new file mode 100644
index 000000000..b4a752a2d
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties
@@ -0,0 +1,7 @@
+ehvd.00=Für den abgefragtem GDA liegt keine Berechtigung vor
+ehvd.01=Technischer Fehler bei der Abfrage von GDA Informationen. Ursache: {0}
+ehvd.02=Fehler bei der Abfrage von GDA Informationen. Ursache: {0}
+ehvd.03=Antwort des EHVD Service beinhaltet keine GDA Informationen
+ehvd.04=Keine gültige EHVD Role gefunden
+
+ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
new file mode 100644
index 000000000..d3ba65c11
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties
@@ -0,0 +1,9 @@
+test.01=aabbccdd
+test.02=zzzyyyxxx
+
+ehvd.00=7000
+ehvd.01=7001
+ehvd.02=7001
+ehvd.03=7003
+ehvd.04=7002
+ehvd.99=7099 \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl
new file mode 100644
index 000000000..a1138f068
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/wsdl/eHVD.wsdl
@@ -0,0 +1,220 @@
+<?xml version="1.0" encoding="UTF-8"?><wsdl:definitions xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="eHVD" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:mime="http://www.w3.org/2003/01/wsdl/mime" targetNamespace="eHVD">
+
+ <wsdl:documentation>
+ Service: eHVD
+ Version: 2
+ Owner: BRZ
+ </wsdl:documentation>
+
+ <wsdl:types>
+ <xs:schema xmlns:ehvd="eHVD" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" xmlns:xs="http://www.w3.org/2001/XMLSchema" jaxb:extensionBindingPrefixes="xjc" jaxb:version="2.0" elementFormDefault="qualified" targetNamespace="eHVD" version="1.0">
+ <xs:annotation>
+ <xs:appinfo>
+ <jaxb:globalBindings>
+ <jaxb:serializable uid="1"/>
+ </jaxb:globalBindings>
+ </xs:appinfo>
+ </xs:annotation>
+
+ <xs:complexType name="InstanceIdentifier">
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="0" name="oidIssuingAuthority" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="id" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="InstanceIdentifierSearch">
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="0" name="firstname" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="surname" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="rolecode" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="postcode" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="streetNumber" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="streetName" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="city" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="state" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="maxResults" type="xs:integer"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="ehvdstatus" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="elgastatus" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="description" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GDAStatus">
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="1" name="ehvdstatus" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="elgastatus" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GDARoles">
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="role" type="xs:string"/>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="elgaRole" type="xs:string"/>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="specialisation" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GdaAddress">
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="0" name="streetNumber" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="streetName" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="city" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="state" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="zip" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="country" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GDARelationship">
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="memberof" type="xs:string"/>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="ownerof" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GDADBTimestamps">
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="0" name="add" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="modify" type="xs:string"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:complexType name="GdaDescriptor">
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="1" name="id" type="ehvd:InstanceIdentifier"/>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="otherID" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="status" type="ehvd:GDAStatus"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="firstname" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="surname" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="gender" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="title" type="xs:string"/>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="knownname" type="xs:string"/>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="address" type="ehvd:GdaAddress"/>
+ <xs:element maxOccurs="unbounded" minOccurs="1" name="description" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="roles" type="ehvd:GDARoles"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="relations" type="ehvd:GDARelationship"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="tel" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="fax" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="web" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="0" name="mail" type="xs:string"/>
+ <xs:element maxOccurs="1" minOccurs="1" name="timestamps" type="ehvd:GDADBTimestamps"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <xs:element name="GetGdaSearch">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="1" name="hcIdentifierSearch" type="ehvd:InstanceIdentifierSearch"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="GetGdaDescriptors">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="1" name="hcIdentifier" type="ehvd:InstanceIdentifier"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="GdaIndexResponse">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="1" minOccurs="0" name="gda" type="ehvd:GdaDescriptor"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="GdaIndexResponseList">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element maxOccurs="unbounded" minOccurs="0" name="gda" type="ehvd:GdaDescriptor"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ </xs:schema>
+ </wsdl:types>
+
+ <wsdl:message name="GetGdaDescriptors">
+ <wsdl:part element="tns:GetGdaDescriptors" name="GetGdaDescriptors">
+ </wsdl:part>
+ </wsdl:message>
+
+ <wsdl:message name="GetGdaSearch">
+ <wsdl:part element="tns:GetGdaSearch" name="GetGdaSearch">
+ </wsdl:part>
+ </wsdl:message>
+
+
+ <wsdl:message name="GdaIndexResponse">
+ <wsdl:part element="tns:GdaIndexResponse" name="GdaIndexResponse">
+ </wsdl:part>
+ </wsdl:message>
+
+ <wsdl:message name="GdaIndexResponseList">
+ <wsdl:part element="tns:GdaIndexResponseList" name="GdaIndexResponseList">
+ </wsdl:part>
+ </wsdl:message>
+
+ <wsdl:portType name="eHVD">
+
+ <wsdl:documentation>eHVD Service Interfaces
+ </wsdl:documentation>
+
+ <wsdl:operation name="GetGDA">
+ <wsdl:input message="tns:GetGdaDescriptors" name="GetGdaDescriptors">
+ </wsdl:input>
+ <wsdl:output message="tns:GdaIndexResponse" name="GdaIndexResponse">
+ </wsdl:output>
+ </wsdl:operation>
+
+ <wsdl:operation name="GdaSearch">
+ <wsdl:input message="tns:GetGdaSearch" name="GetGdaSearch">
+ </wsdl:input>
+ <wsdl:output message="tns:GdaIndexResponseList" name="GdaIndexResponseList">
+ </wsdl:output>
+ </wsdl:operation>
+
+ </wsdl:portType>
+
+ <wsdl:binding name="eHVDSOAPBinding12" type="tns:eHVD">
+ <wsdl:documentation>SOAP 1.2 Binding</wsdl:documentation>
+
+ <soap12:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
+
+ <wsdl:operation name="GetGDA">
+ <soap12:operation soapAction="eHVD/GetGDA"/>
+ <wsdl:input name="GetGdaDescriptors">
+ <mime:content type="application/soap+xml"/>
+ <soap12:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output name="GdaIndexResponse">
+ <soap12:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+
+ <wsdl:operation name="GdaSearch">
+ <soap12:operation soapAction="eHVD/GdaSearch"/>
+ <wsdl:input name="GetGdaSearch">
+ <mime:content type="application/soap+xml"/>
+ <soap12:body use="literal"/>
+ </wsdl:input>
+ <wsdl:output name="GdaIndexResponseList">
+ <soap12:body use="literal"/>
+ </wsdl:output>
+ </wsdl:operation>
+
+ </wsdl:binding>
+
+ <wsdl:service name="eHVDService">
+ <wsdl:documentation>eHVD Service</wsdl:documentation>
+
+ <wsdl:port name="eHVDPort12" binding="tns:eHVDSOAPBinding12">
+ <soap12:address location="https://ehvdws.gesundheit.gv.at"/>
+ </wsdl:port>
+
+ </wsdl:service>
+
+</wsdl:definitions> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java
new file mode 100644
index 000000000..91bf67b2d
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java
@@ -0,0 +1,39 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test;
+
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth_lazy.beans.xml" })
+public class BeanCreationTest {
+
+ @Autowired
+ DummyAuthConfigMap config;
+ @Autowired
+ ApplicationContext context;
+
+ @Before
+ public void initialize() {
+ // re-set config
+ config.putConfigValue("modules.ehvd.enabled", String.valueOf(false));
+
+ }
+
+ @Test
+ public void authModuleDeactivated() {
+ assertNotNull("AuthModule", context.getBean(EhvdServiceAuthModule.class));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java
new file mode 100644
index 000000000..4a7c98803
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java
@@ -0,0 +1,101 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth.beans.xml" })
+public class EhvdServiceAuthModuleTest {
+
+ @Autowired DummyAuthConfigMap config;
+ @Autowired EhvdServiceAuthModule module;
+
+ private ExecutionContext context;
+ private TestRequestImpl pendingReq;
+ private Map<String, String> spConfigMap;
+
+ @Before
+ public void initialize() {
+ context = new ExecutionContextImpl();
+
+ spConfigMap = new HashMap<>();
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10));
+
+ ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config);
+ pendingReq = new TestRequestImpl();
+ pendingReq.setSpConfig(spConfig);
+
+ // re-set config
+ config.putConfigValue("modules.ehvd.enabled", String.valueOf(true));
+
+ context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(false));
+ context.put(MOAIDAuthConstants.PARAM_BKU, RandomStringUtils.randomAlphabetic(5));
+
+ }
+
+ @Test
+ public void checkProcessDefinition() {
+ String[] def = module.getProcessDefinitions();
+
+ assertNotNull("no process definition", def);
+ Arrays.asList(def).stream().forEach(
+ el -> EhvdServiceAuthModuleTest.class.getResourceAsStream(el));
+
+ }
+
+ @Test
+ public void bkuSelectionActiv() {
+ context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(true));
+
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void deactivated() {
+ config.putConfigValue("modules.ehvd.enabled", String.valueOf(false));
+
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void unknownServiceProvider() {
+ assertNull("wrong authModule selected", module.selectProcess(context, pendingReq));
+
+ }
+
+ @Test
+ public void allowedServiceProviderAndRequested() {
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323");
+
+ assertEquals("wrong authmethod identifier", "DefaultAuthenticationWithEHVDInteraction",
+ module.selectProcess(context, pendingReq));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java
new file mode 100644
index 000000000..b584e8753
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java
@@ -0,0 +1,56 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class EhvdServiceAuthSpringResourceProviderTest {
+
+ @Test
+ public void testSpringConfig() {
+ final EhvdServiceAuthSpringResourceProvider test =
+ new EhvdServiceAuthSpringResourceProvider();
+ for (final Resource el : test.getResourcesToLoad()) {
+ try {
+ IOUtils.toByteArray(el.getInputStream());
+
+ } catch (final IOException e) {
+ Assert.fail("Ressouce: " + el.getFilename() + " not found");
+ }
+
+ }
+
+ Assert.assertNotNull("no Name", test.getName());
+ Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+ }
+
+ @Test
+ public void testSpILoaderConfig() {
+ final InputStream el = this.getClass().getResourceAsStream(
+ "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider");
+ try {
+ final String spiFile = IOUtils.toString(el, "UTF-8");
+
+ Assert.assertEquals("Wrong classpath in SPI file",
+ EhvdServiceAuthSpringResourceProvider.class.getName(), spiFile);
+
+
+ } catch (final IOException e) {
+ Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found");
+
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java
new file mode 100644
index 000000000..b1ac7d99a
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/AbstractEhvdAttributeBuilderTest.java
@@ -0,0 +1,97 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.util.Collections;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+public abstract class AbstractEhvdAttributeBuilderTest {
+
+ @Autowired
+ protected IConfiguration basicConfig;
+
+ protected DummySPConfiguration oaParam;
+ protected AuthenticationData authData;
+ protected IAttributeGenerator<String> g = new SimpleStringAttributeGenerator();
+
+ protected abstract String expectedAttrName();
+ protected abstract IAttributeBuilder getAttributeBuilderUnderTest();
+
+ protected GdaAddress generateAddress(String zip, String state) {
+ GdaAddress addr = new GdaAddress();
+ addr.setZip(zip);
+ addr.setState(state);
+ return addr;
+
+ }
+
+ @Before
+ public void initialize() {
+ oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig);
+ authData = new AuthenticationData();
+
+ }
+
+ @Test
+ public void checkAttributeRegistration() {
+ assertNotNull("Attribute: " + expectedAttrName() + " not registrated",
+ PVPAttributeBuilder.getAttributeBuilder(expectedAttrName()));
+
+ }
+
+ @Test
+ public void checkName() {
+ assertEquals("wrong attr. name", expectedAttrName(), getAttributeBuilderUnderTest().getName());
+
+ }
+
+ @Test
+ public void checkEmptyAttribute() {
+ assertNull("wrong empty attr.", getAttributeBuilderUnderTest().buildEmpty(g));
+
+ }
+
+ @Test
+ public void noGdaInfos() throws AttributeBuilderException {
+ IAuthData authData = new AuthenticationData();
+ assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+ @Test
+ public void wrongGdaInfos() throws AttributeBuilderException, EAAFStorageException {
+ AuthenticationData authData = new AuthenticationData();
+ authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, RandomStringUtils.randomAlphabetic(10));
+ assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+ @Test
+ public void emptyGdaInfos() throws AttributeBuilderException, EAAFStorageException {
+ AuthenticationData authData = new AuthenticationData();
+ authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, new GdaDescriptor());
+ assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java
new file mode 100644
index 000000000..d342d331b
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressStateAttributeBuilderTest.java
@@ -0,0 +1,106 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+//
+//import static org.junit.Assert.assertEquals;
+//import static org.junit.Assert.assertNull;
+//
+//import org.apache.commons.lang3.RandomStringUtils;
+//import org.junit.Test;
+//import org.junit.runner.RunWith;
+//import org.springframework.test.context.ContextConfiguration;
+//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+//
+//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressStateAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressZipcodeAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier;
+//
+//@RunWith(SpringJUnit4ClassRunner.class)
+//@ContextConfiguration({
+// "/test_ehvd_service_auth.beans.xml" })
+//public class EhvdAddressStateAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest {
+//
+// @Override
+// protected String expectedAttrName() {
+// return "urn:brzgvat:attributes.ehvd.state";
+//
+// }
+//
+// @Override
+// protected IAttributeBuilder getAttributeBuilderUnderTest() {
+// return new EhvdAddressStateAttributeBuilder();
+//
+// }
+//
+// @Test
+// public void checkMissing() throws EAAFStorageException, AttributeBuilderException {
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void singleAddress() throws EAAFStorageException, AttributeBuilderException {
+// String state = RandomStringUtils.randomAlphabetic(5);
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(5), state));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", state,
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void multiAddress() throws EAAFStorageException, AttributeBuilderException {
+// String state1 = RandomStringUtils.randomAlphabetic(4);
+// String state2 = RandomStringUtils.randomAlphabetic(4);
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1));
+// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", state1 + "|" + state2,
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void multiAddressNullBefore() throws EAAFStorageException, AttributeBuilderException {
+// String state1 = null;
+// String state2 = RandomStringUtils.randomAlphabetic(4);
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1));
+// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", "|" + state2,
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void multiAddressNullAfter() throws EAAFStorageException, AttributeBuilderException {
+// String state1 = RandomStringUtils.randomAlphabetic(4);
+// String state2 = null;
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state1));
+// gdaInfo.getAddress().add(generateAddress(RandomStringUtils.randomNumeric(4), state2));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", state1 + "|",
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java
new file mode 100644
index 000000000..69d17f8c3
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdAddressZipAttributeBuilderTest.java
@@ -0,0 +1,107 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+//
+//import static org.junit.Assert.assertEquals;
+//import static org.junit.Assert.assertNull;
+//
+//import org.apache.commons.lang3.RandomStringUtils;
+//import org.junit.Test;
+//import org.junit.runner.RunWith;
+//import org.springframework.test.context.ContextConfiguration;
+//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+//
+//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdAddressZipcodeAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier;
+//
+//@RunWith(SpringJUnit4ClassRunner.class)
+//@ContextConfiguration({
+// "/test_ehvd_service_auth.beans.xml" })
+//public class EhvdAddressZipAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest {
+//
+// @Override
+// protected String expectedAttrName() {
+// return "urn:brzgvat:attributes.ehvd.zip";
+//
+// }
+//
+// @Override
+// protected IAttributeBuilder getAttributeBuilderUnderTest() {
+// return new EhvdAddressZipcodeAttributeBuilder();
+//
+// }
+//
+// @Test
+// public void checkMissing() throws EAAFStorageException, AttributeBuilderException {
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void singleAddress() throws EAAFStorageException, AttributeBuilderException {
+// String zip = RandomStringUtils.randomNumeric(4);
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(
+// zip,
+// RandomStringUtils.randomAlphabetic(5)));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", zip,
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void multiAddress() throws EAAFStorageException, AttributeBuilderException {
+// String zip1 = RandomStringUtils.randomNumeric(4);
+// String zip2 = RandomStringUtils.randomNumeric(4);
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5)));
+// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5)));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", zip1 + "|" + zip2,
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void multiAddressNullBefore() throws EAAFStorageException, AttributeBuilderException {
+// String zip1 = null;
+// String zip2 = RandomStringUtils.randomNumeric(4);
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5)));
+// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5)));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", "|" + zip2,
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void multiAddressNullAfter() throws EAAFStorageException, AttributeBuilderException {
+// String zip1 = RandomStringUtils.randomNumeric(4);
+// String zip2 = null;
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getAddress().add(generateAddress(zip1, RandomStringUtils.randomAlphabetic(5)));
+// gdaInfo.getAddress().add(generateAddress(zip2, RandomStringUtils.randomAlphabetic(5)));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", zip1 + "|",
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java
new file mode 100644
index 000000000..66f1b5028
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdFirstnameAttributeBuilderTest.java
@@ -0,0 +1,47 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+
+import static org.junit.Assert.assertEquals;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth.beans.xml" })
+public class EhvdFirstnameAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest {
+
+ @Override
+ protected String expectedAttrName() {
+ return "urn:brzgvat:attributes.ehvd.firstname";
+
+ }
+
+ @Override
+ protected IAttributeBuilder getAttributeBuilderUnderTest() {
+ return new EhvdFirstnameAttributeBuilder();
+
+ }
+
+ @Test
+ public void checkValid() throws EAAFStorageException, AttributeBuilderException {
+ final GdaDescriptor gdaInfo = new GdaDescriptor();
+ gdaInfo.setFirstname(RandomStringUtils.randomAlphabetic(5));
+
+ authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+ assertEquals("wrong empty attr.", gdaInfo.getFirstname(),
+ getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java
new file mode 100644
index 000000000..db73f9191
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdIdAttributeBuilderTest.java
@@ -0,0 +1,64 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNull;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdIdAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth.beans.xml" })
+public class EhvdIdAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest {
+
+ @Override
+ protected String expectedAttrName() {
+ return "urn:brzgvat:attributes.ehvd.id";
+
+ }
+
+ @Override
+ protected IAttributeBuilder getAttributeBuilderUnderTest() {
+ return new EhvdIdAttributeBuilder();
+
+ }
+
+ @Test
+ public void checkMissingId() throws EAAFStorageException, AttributeBuilderException {
+ final GdaDescriptor gdaInfo = new GdaDescriptor();
+ InstanceIdentifier id = new InstanceIdentifier();
+ gdaInfo.setId(id );
+
+ authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+ assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+ @Test
+ public void checkValid() throws EAAFStorageException, AttributeBuilderException {
+ final GdaDescriptor gdaInfo = new GdaDescriptor();
+ InstanceIdentifier id = new InstanceIdentifier();
+ id.setId(RandomStringUtils.randomAlphabetic(5));
+ gdaInfo.setId(id );
+
+ authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+ assertEquals("wrong empty attr.", id.getId(),
+ getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java
new file mode 100644
index 000000000..bce8924d9
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdOtherIdAttributeBuilderTest.java
@@ -0,0 +1,86 @@
+//package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+//
+//import static org.junit.Assert.assertEquals;
+//import static org.junit.Assert.assertNull;
+//
+//import org.apache.commons.lang3.RandomStringUtils;
+//import org.junit.Test;
+//import org.junit.runner.RunWith;
+//import org.springframework.test.context.ContextConfiguration;
+//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+//
+//import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+//import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+//import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdOtherIdAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+//import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier;
+//
+//@RunWith(SpringJUnit4ClassRunner.class)
+//@ContextConfiguration({
+// "/test_ehvd_service_auth.beans.xml" })
+//public class EhvdOtherIdAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest {
+//
+// @Override
+// protected String expectedAttrName() {
+// return "urn:brzgvat:attributes.ehvd.otherid";
+//
+// }
+//
+// @Override
+// protected IAttributeBuilder getAttributeBuilderUnderTest() {
+// return new EhvdOtherIdAttributeBuilder();
+//
+// }
+//
+// @Test
+// public void checkMissingId() throws EAAFStorageException, AttributeBuilderException {
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void checkWrongId() throws EAAFStorageException, AttributeBuilderException {
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10));
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertNull("wrong empty attr.", getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void checkValidRandom() throws EAAFStorageException, AttributeBuilderException {
+// String value = RandomStringUtils.randomAlphabetic(5);
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10));
+// gdaInfo.getOtherID().add("1.2.40.0.34.4.18:" + value);
+//
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", value,
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+// @Test
+// public void checkValidBrzReal() throws EAAFStorageException, AttributeBuilderException {
+// final GdaDescriptor gdaInfo = new GdaDescriptor();
+// gdaInfo.getOtherID().add(RandomStringUtils.randomAlphabetic(10));
+// gdaInfo.getOtherID().add("1.2.40.0.34.4.18:1234-12");
+// gdaInfo.getOtherID().add("1.2.40.0.34.4.17:aabbccdd");
+//
+//
+// authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+// assertEquals("wrong empty attr.", "1234-12",
+// getAttributeBuilderUnderTest().build(oaParam, authData, g));
+//
+// }
+//
+//}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java
new file mode 100644
index 000000000..af9e60cb7
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdSurnameAttributeBuilderTest.java
@@ -0,0 +1,48 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+
+import static org.junit.Assert.assertEquals;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdFirstnameAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdSurnameAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth.beans.xml" })
+public class EhvdSurnameAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest {
+
+ @Override
+ protected String expectedAttrName() {
+ return "urn:brzgvat:attributes.ehvd.surname";
+
+ }
+
+ @Override
+ protected IAttributeBuilder getAttributeBuilderUnderTest() {
+ return new EhvdSurnameAttributeBuilder();
+
+ }
+
+ @Test
+ public void checkValid() throws EAAFStorageException, AttributeBuilderException {
+ final GdaDescriptor gdaInfo = new GdaDescriptor();
+ gdaInfo.setSurname(RandomStringUtils.randomAlphabetic(5));
+
+ authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+ assertEquals("wrong empty attr.", gdaInfo.getSurname(),
+ getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java
new file mode 100644
index 000000000..2863c3508
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/EhvdTitelAttributeBuilderTest.java
@@ -0,0 +1,46 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+
+import static org.junit.Assert.assertEquals;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.EhvdTitelAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth.beans.xml" })
+public class EhvdTitelAttributeBuilderTest extends AbstractEhvdAttributeBuilderTest {
+
+ @Override
+ protected String expectedAttrName() {
+ return "urn:brzgvat:attributes.ehvd.title";
+
+ }
+
+ @Override
+ protected IAttributeBuilder getAttributeBuilderUnderTest() {
+ return new EhvdTitelAttributeBuilder();
+
+ }
+
+ @Test
+ public void checkTitelValid() throws EAAFStorageException, AttributeBuilderException {
+ final GdaDescriptor gdaInfo = new GdaDescriptor();
+ gdaInfo.setTitle(RandomStringUtils.randomAlphabetic(5));
+
+ authData.setGenericData(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX, gdaInfo);
+ assertEquals("wrong empty attr.", gdaInfo.getTitle(),
+ getAttributeBuilderUnderTest().build(oaParam, authData, g));
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
new file mode 100644
index 000000000..624abff5f
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java
@@ -0,0 +1,159 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder;
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
+import at.gv.egovernment.moa.id.data.MOAAuthenticationData;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth.beans.xml" })
+public class PvpRoleAttributeBuilderTest {
+
+ @Autowired
+ private IConfiguration basicConfig;
+
+ private PvpRoleAttributeBuilder toTest = new PvpRoleAttributeBuilder();
+ private IAttributeGenerator<String> g = new SimpleStringAttributeGenerator();
+ private ISPConfiguration oaParam;
+
+
+ @Before
+ public void initialize() {
+ oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig);
+
+ }
+
+ @Test
+ public void checkAttributeRegistration() {
+ assertNotNull("Attribute: urn:oid:1.2.40.0.10.2.1.1.261.30 not registrated",
+ PVPAttributeBuilder.getAttributeBuilder("urn:oid:1.2.40.0.10.2.1.1.261.30"));
+
+ }
+
+ @Test
+ public void checkName() {
+ assertEquals("wrong attr. name", "urn:oid:1.2.40.0.10.2.1.1.261.30", toTest.getName());
+
+ }
+
+ @Test
+ public void checkEmptyAttribute() {
+ assertNull("wrong empty attr.", toTest.buildEmpty(g));
+
+ }
+
+ @Test
+ public void wrongAuthData() throws AttributeBuilderException {
+ IAuthData authData = new AuthenticationData();
+ assertNull("wrong attr. value", toTest.build(oaParam, authData, g));
+
+ }
+
+ @Test
+ public void noRoles() throws AttributeBuilderException {
+ IAuthData authData = generateAuthData(null);
+ assertNull("wrong attr. value", toTest.build(oaParam, authData, g));
+
+ }
+
+ @Test
+ public void emptyRoles() throws AttributeBuilderException {
+ IAuthData authData = generateAuthData(Collections.emptyList());
+ assertNull("wrong attr. value", toTest.build(oaParam, authData, g));
+
+ }
+
+ @Test
+ public void randomRoles() throws AttributeBuilderException {
+ String role1 = RandomStringUtils.randomAlphabetic(5);
+ String role2 = RandomStringUtils.randomAlphabetic(5);
+ String role3 = RandomStringUtils.randomAlphabetic(5);
+ String role4 = RandomStringUtils.randomAlphabetic(5);
+
+ IAuthData authData = generateAuthData(Arrays.asList(
+ new AuthenticationRole(role1, role1),
+ new AuthenticationRole(role2, role2),
+ new AuthenticationRole(role3, role3 + "()"),
+ new AuthenticationRole(role4, role4 + "(\"aaa\"=\"bbb\")")
+ ));
+
+ // perform test
+ String attrValue = toTest.build(oaParam, authData, g);
+
+ // validate state
+ assertNotNull("wrong attr. value", attrValue);
+ assertFalse("List delimiter after last element" ,attrValue.endsWith(";"));
+
+
+ String[] el = attrValue.split(";");
+ assertEquals("wrong role count", 4, el.length);
+ assertEquals("wrong 1. role", role1, el[0]);
+ assertEquals("wrong 2. role", role2, el[1]);
+ assertEquals("wrong 3. role", role3 + "()", el[2]);
+ assertEquals("wrong 4. role", role4 + "(\"aaa\"=\"bbb\")", el[3]);
+
+
+ }
+
+ @Test
+ public void brzProductionRole() throws AttributeBuilderException {
+
+ IAuthData authData = generateAuthData(Arrays.asList(
+ AuthenticationRoleFactory.buildFormPVPole("EPI-GDA()")));
+
+ // perform test
+ String attrValue = toTest.build(oaParam, authData, g);
+
+ // validate state
+ assertNotNull("wrong attr. value", attrValue);
+ assertFalse("List delimiter after last element" ,attrValue.endsWith(";"));
+
+
+ String[] el = attrValue.split(";");
+ assertEquals("wrong role count", 1, el.length);
+ assertEquals("wrong 1. role", "EPI-GDA()", el[0]);
+
+ assertEquals("wrong role attr. value", "EPI-GDA()", attrValue);
+
+ }
+
+ private IAuthData generateAuthData(List<AuthenticationRole> roles) {
+ MOAAuthenticationData authData = new MOAAuthenticationData(null);
+ if (roles != null) {
+ roles.forEach(el -> authData.addAuthenticationRole(el));
+
+ }
+
+ return authData;
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java
new file mode 100644
index 000000000..865cf7157
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URL;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+
+/**
+ * Dummy Application-configuration implementation for jUnit tests.
+ *
+ * @author tlenz
+ *
+ */
+public class DummyAuthConfigMap implements IConfigurationWithSP {
+
+ private Map<String, String> config = new HashMap<>();
+
+ public DummyAuthConfigMap() {
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param configIs Property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final InputStream configIs) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(configIs);
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+ /**
+ * Dummy Application-configuration.
+ *
+ * @param path Path to property based configuration
+ * @throws IOException In case of an configuration read error
+ */
+ public DummyAuthConfigMap(final String path) throws IOException {
+
+ final Properties props = new Properties();
+ props.load(this.getClass().getResourceAsStream(path));
+
+ config = KeyValueUtils.convertPropertiesToMap(props);
+
+ }
+
+
+ @Override
+ public String getBasicConfiguration(final String key) {
+ return config.get(key);
+
+ }
+
+ @Override
+ public String getBasicConfiguration(final String key, final String defaultValue) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return defaultValue;
+ } else {
+ return value;
+ }
+
+ }
+
+ @Override
+ public Boolean getBasicConfigurationBoolean(final String key) {
+ final String value = getBasicConfiguration(key);
+ if (StringUtils.isEmpty(value)) {
+ return false;
+ } else {
+ return Boolean.valueOf(value);
+ }
+ }
+
+ @Override
+ public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) {
+ return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue)));
+
+ }
+
+ @Override
+ public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) {
+ return KeyValueUtils.getSubSetWithPrefix(config, prefix);
+
+ }
+
+ @Override
+ public ISPConfiguration getServiceProviderConfiguration(final String uniqueID)
+ throws EAAFConfigurationException {
+ return null;
+ }
+
+ @Override
+ public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator)
+ throws EAAFConfigurationException {
+ return null;
+ }
+
+ @Override
+ public URI getConfigurationRootDirectory() {
+ return new java.io.File(".").toURI();
+
+ }
+
+ @Override
+ public String validateIDPURL(final URL authReqUrl) throws EAAFException {
+ return null;
+ }
+
+ public void putConfigValue(final String key, final String value) {
+ config.put(key, value);
+ }
+
+ public void removeConfigValue(final String key) {
+ config.remove(key);
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java
new file mode 100644
index 000000000..9ab52a27e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java
@@ -0,0 +1,150 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy;
+
+import java.io.IOException;
+import java.security.PublicKey;
+
+import javax.xml.transform.TransformerException;
+
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+
+public class TestUtils {
+
+ public static IIdentityLink generateDummyIdl(String baseId, String baseIdType) {
+ return new IIdentityLink() {
+
+ @Override
+ public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setPublicKey(PublicKey[] publicKey) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setPrPerson(Element prPerson) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIssueInstant(String issueInstant) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIdentificationValue(String identificationValue) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIdentificationType(String identificationType) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setGivenName(String givenName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFamilyName(String familyName) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setDateOfBirth(String dateOfBirth) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public String getSerializedSamlAssertion() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Element getSamlAssertion() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public PublicKey[] getPublicKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Element getPrPerson() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getIssueInstant() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getIdentificationValue() {
+ return baseId;
+
+ }
+
+ @Override
+ public String getIdentificationType() {
+ return baseIdType;
+
+ }
+
+ @Override
+ public String getGivenName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getFamilyName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Element[] getDsigReferenceTransforms() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getDateOfBirth() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+ };
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java
new file mode 100644
index 000000000..8bccefc8d
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationQsSystemTest.java
@@ -0,0 +1,171 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.tasks;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+import java.net.SocketTimeoutException;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.Detail;
+import javax.xml.soap.Name;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPFault;
+import javax.xml.ws.soap.SOAPFaultException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.IfProfileValue;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.Assert;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.w3c.dom.Attr;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.TypeInfo;
+import org.w3c.dom.UserDataHandler;
+
+import com.github.skjolber.mockito.soap.Soap12EndpointRule;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDARoles;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDAStatus;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_qs_service_auth.beans.xml" })
+@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment")
+public class InjectEhvdIdentityInformationQsSystemTest {
+
+ @Autowired
+ InjectEhvdInformationTask task;
+ @Autowired
+ DummyAuthConfigMap config;
+ @Autowired
+ IRequestStorage storage;
+
+ protected MockHttpServletRequest httpReq;
+ protected MockHttpServletResponse httpResp;
+ private ExecutionContext context;
+ private TestRequestImpl pendingReq;
+ private Map<String, String> spConfigMap;
+
+ @BeforeClass
+ public static void classInitializer() {
+ System.setProperty(
+ "https.cipherSuites",
+ //high secure RSA bases ciphers
+ "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_DHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA256" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA256" +
+
+ //high secure ECC bases ciphers
+ ",TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" +
+ ",TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" +
+ ",TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384" +
+ ",TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256" +
+ ",TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256" +
+
+ //secure backup chipers
+ ",TLS_DHE_RSA_WITH_AES_256_CBC_SHA" +
+ ",TLS_DHE_RSA_WITH_AES_128_CBC_SHA" +
+ ",TLS_RSA_WITH_AES_128_CBC_SHA" +
+ ",TLS_RSA_WITH_AES_256_CBC_SHA"
+ );
+
+ }
+
+ @Before
+ public void initialize() throws EAAFParserException {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ context = new ExecutionContextImpl();
+
+ spConfigMap = new HashMap<>();
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10));
+
+ final ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config);
+ pendingReq = new TestRequestImpl();
+ pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setSpConfig(spConfig);
+
+ // re-set config
+ config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true));
+
+ }
+
+ @Test
+ public void validateState() throws TaskExecutionException, PendingReqIdValidationException {
+ // inject identityLink
+ final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+ moaSession.setIdentityLink(TestUtils.generateDummyIdl(
+ "SUTFhJ/FXHmLGfTFchYnnWG/e3A=",
+ EAAFConstants.URN_PREFIX_CDID + "GH"));
+
+ task.execute(pendingReq, context);
+
+ // validate state
+ final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ assertNotNull("pendingReq not stored", storedReq);
+
+ final AuthenticationSessionWrapper moaSessionStored = storedReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ assertFalse("foreign", moaSessionStored.isForeigner());
+ assertFalse("mandate", moaSessionStored.isMandateUsed());
+ assertEquals("missing attributes", 1, moaSessionStored.getGenericSessionDataStorage().size());
+ assertNotNull("no Role attr", moaSessionStored.getGenericDataFromSession(PVPConstants.ROLES_NAME));
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java
new file mode 100644
index 000000000..818a2c34b
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/tasks/InjectEhvdIdentityInformationTaskTest.java
@@ -0,0 +1,1086 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.tasks;
+
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.when;
+
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.Detail;
+import javax.xml.soap.Name;
+import javax.xml.soap.SOAPElement;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPFault;
+import javax.xml.ws.soap.SOAPFaultException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.util.Assert;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.w3c.dom.Attr;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.TypeInfo;
+import org.w3c.dom.UserDataHandler;
+
+import com.github.skjolber.mockito.soap.Soap12EndpointRule;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFParserException;
+import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.EHVD;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDARoles;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GDAStatus;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaAddress;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaDescriptor;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.GdaIndexResponse;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.client.wsdl.InstanceIdentifier;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap;
+import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/test_ehvd_service_auth.beans.xml" })
+public class InjectEhvdIdentityInformationTaskTest {
+
+ @Autowired
+ InjectEhvdInformationTask task;
+ @Autowired
+ DummyAuthConfigMap config;
+ @Autowired
+ IRequestStorage storage;
+
+ @Rule
+ public final Soap12EndpointRule soap = Soap12EndpointRule.newInstance();
+
+ protected MockHttpServletRequest httpReq;
+ protected MockHttpServletResponse httpResp;
+ private ExecutionContext context;
+ private TestRequestImpl pendingReq;
+ private Map<String, String> spConfigMap;
+
+ private EHVD ehvdService;
+
+ @Before
+ public void initialize() throws EAAFParserException {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ context = new ExecutionContextImpl();
+
+ spConfigMap = new HashMap<>();
+ spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10));
+
+ final ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config);
+ pendingReq = new TestRequestImpl();
+ pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setSpConfig(spConfig);
+
+ // re-set config
+ config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true));
+
+ // inject identityLink
+ final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+ moaSession.setIdentityLink(TestUtils.generateDummyIdl(
+ RandomStringUtils.randomAlphanumeric(10),
+ EAAFConstants.URN_PREFIX_BASEID));
+
+ // mock EHVD service
+ ehvdService = soap.mock(EHVD.class, "http://localhost:1234/ehvd");
+
+ }
+
+ @Test
+ public void noIdentityLinkInSession() {
+ final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+ moaSession.setIdentityLink(null);
+
+ try {
+ task.execute(pendingReq, context);
+ fail("wrong state not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");
+ assertEquals("wrong errorCode", "process.04", ((EAAFException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void noActiveGda() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = RandomStringUtils.randomAlphabetic(10);
+ when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(false, Arrays.asList(role1)));
+
+ try {
+ task.execute(pendingReq, context);
+ fail("wrong state not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");
+ assertEquals("wrong errorCode", "ehvd.00", ((EAAFException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void gdaGenericServiceError() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ when(ehvdService.getGDA(any())).thenThrow(new RuntimeException("No anwser from Service"));
+
+ try {
+ task.execute(pendingReq, context);
+ fail("wrong state not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");
+ assertEquals("wrong errorCode", "ehvd.02", ((EAAFException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void gdaServiceError() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String msg = RandomStringUtils.randomAlphabetic(10);
+ SOAPFault fault = generateSoaFault(msg);
+ SOAPFaultException error = new SOAPFaultException(fault );
+ when(ehvdService.getGDA(any())).thenThrow(error);
+
+ try {
+ task.execute(pendingReq, context);
+ fail("wrong state not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");
+ assertEquals("wrong errorCode", "ehvd.02", ((EAAFException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void noGdaInfosInResponse() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ GdaIndexResponse gdaResponse = new GdaIndexResponse();
+ when(ehvdService.getGDA(any())).thenReturn(gdaResponse);
+
+ try {
+ task.execute(pendingReq, context);
+ fail("wrong state not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");
+ assertEquals("wrong errorCode", "ehvd.03", ((EAAFException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+
+ @Test
+ public void noValidGdaRole() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = RandomStringUtils.randomAlphabetic(10);
+ String role2 = RandomStringUtils.randomAlphabetic(10);
+ when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2)));
+
+ try {
+ task.execute(pendingReq, context);
+ fail("wrong state not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion");
+ assertEquals("wrong errorCode", "ehvd.04", ((EAAFException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+
+ @Test
+ public void validateStateWithRandomData() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = RandomStringUtils.randomAlphabetic(10);
+ String role2 = "1.2.40.0.34.5.2:101";
+ String role3 = RandomStringUtils.randomAlphabetic(10);
+ when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3)));
+
+ task.execute(pendingReq, context);
+
+ // validate state
+ final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ assertNotNull("pendingReq not stored", storedReq);
+
+ final AuthenticationSessionWrapper moaSession = storedReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ assertFalse("foreign", moaSession.isForeigner());
+ assertFalse("mandate", moaSession.isMandateUsed());
+ assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size());
+ assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME));
+ assertEquals("wrong role attr",
+ "EPI-GDA()",
+ moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class));
+
+ }
+
+ @Test
+ public void validateState() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = "1.2.40.0.33.5.2.101";
+ String role2 = "1.2.40.0.34.5.2:100";
+ String role3 = RandomStringUtils.randomAlphabetic(10);
+ when(ehvdService.getGDA(any())).thenReturn(generateGdaResponse(true, Arrays.asList(role1, role2, role3)));
+
+ task.execute(pendingReq, context);
+
+ // validate state
+ final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ assertNotNull("pendingReq not stored", storedReq);
+
+ final AuthenticationSessionWrapper moaSession = storedReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ assertFalse("foreign", moaSession.isForeigner());
+ assertFalse("mandate", moaSession.isMandateUsed());
+ assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size());
+ assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME));
+ assertEquals("wrong role attr",
+ "EPI-GDA()",
+ moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class));
+
+ }
+
+ @Test
+ public void validateStateSecondOid() throws TaskExecutionException, PendingReqIdValidationException {
+ // set-up EHVD response
+ String role1 = "1.2.40.0.33.5.2.101";
+ String role2 = "1.2.40.0.34.5.2:158";
+ String role3 = RandomStringUtils.randomAlphabetic(10);
+ GdaIndexResponse gdaResponse = generateGdaResponse(true, Arrays.asList(role1, role2, role3));
+ when(ehvdService.getGDA(any())).thenReturn(gdaResponse);
+
+ task.execute(pendingReq, context);
+
+ // validate state
+ final IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId());
+ assertNotNull("pendingReq not stored", storedReq);
+
+ final AuthenticationSessionWrapper moaSession = storedReq.getSessionData(
+ AuthenticationSessionWrapper.class);
+
+ assertFalse("foreign", moaSession.isForeigner());
+ assertFalse("mandate", moaSession.isMandateUsed());
+ assertEquals("missing attributes", 2, moaSession.getGenericSessionDataStorage().size());
+ assertNotNull("no Role attr", moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME));
+ assertEquals("wrong role attr",
+ "EPI-GDA()",
+ moaSession.getGenericDataFromSession(PVPConstants.ROLES_NAME, String.class));
+
+ assertNotNull("no full GDA response",
+ moaSession.getGenericDataFromSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX));
+ assertTrue("wrong GDA response type",
+ moaSession.getGenericDataFromSession(ConfigurationProperties.ATTRIBUTE_URN_EHVD_PREFIX) instanceof GdaDescriptor);
+
+
+ }
+
+ private GdaIndexResponse generateGdaResponse(boolean isActive, List<String> roles) {
+ GdaIndexResponse resp = new GdaIndexResponse();
+ GdaDescriptor gda = new GdaDescriptor();
+ resp.setGda(gda);
+
+ GDAStatus status = new GDAStatus();
+ gda.setStatus(status);
+ status.setEhvdstatus(isActive ? "Aktiv" : "Inaktiv");
+
+ gda.setFirstname(RandomStringUtils.randomAlphabetic(5));
+ gda.setSurname(RandomStringUtils.randomAlphabetic(5));
+ gda.setTitle(RandomStringUtils.randomAlphabetic(5));
+
+ InstanceIdentifier id = new InstanceIdentifier();
+ id.setId(RandomStringUtils.randomAlphabetic(5));
+ gda.setId(id);
+
+ gda.getOtherID().add(RandomStringUtils.randomAlphabetic(5));
+ gda.getOtherID().add(RandomStringUtils.randomAlphabetic(5));
+
+ gda.getAddress().add(generateAddress());
+ gda.getAddress().add(generateAddress());
+
+ GDARoles gdaRoles = new GDARoles();
+ gda.setRoles(gdaRoles);
+ gdaRoles.getRole().addAll(roles);
+
+ return resp;
+ }
+
+ private GdaAddress generateAddress() {
+ GdaAddress address = new GdaAddress();
+ address.setZip(RandomStringUtils.randomNumeric(4));
+ address.setState(RandomStringUtils.randomAlphabetic(10));
+ return address;
+
+ }
+
+ private SOAPFault generateSoaFault(String msg) {
+ return new SOAPFault() {
+
+ @Override
+ public void setIdAttributeNode(Attr idAttr, boolean isId) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIdAttributeNS(String namespaceURI, String localName, boolean isId) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIdAttribute(String name, boolean isId) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public Attr setAttributeNodeNS(Attr newAttr) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Attr setAttributeNode(Attr newAttr) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void setAttributeNS(String namespaceURI, String qualifiedName, String value) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setAttribute(String name, String value) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public Attr removeAttributeNode(Attr oldAttr) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void removeAttributeNS(String namespaceURI, String localName) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void removeAttribute(String name) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public boolean hasAttributeNS(String namespaceURI, String localName) throws DOMException {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean hasAttribute(String name) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getTagName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public TypeInfo getSchemaTypeInfo() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public NodeList getElementsByTagNameNS(String namespaceURI, String localName) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public NodeList getElementsByTagName(String name) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Attr getAttributeNodeNS(String namespaceURI, String localName) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Attr getAttributeNode(String name) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getAttributeNS(String namespaceURI, String localName) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getAttribute(String name) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Object setUserData(String key, Object data, UserDataHandler handler) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void setTextContent(String textContent) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setPrefix(String prefix) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setNodeValue(String nodeValue) throws DOMException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public Node replaceChild(Node newChild, Node oldChild) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Node removeChild(Node oldChild) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void normalize() {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public String lookupPrefix(String namespaceURI) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String lookupNamespaceURI(String prefix) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isSupported(String feature, String version) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isSameNode(Node other) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isEqualNode(Node arg) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isDefaultNamespace(String namespaceURI) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Node insertBefore(Node newChild, Node refChild) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean hasChildNodes() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean hasAttributes() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Object getUserData(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getTextContent() throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Node getPreviousSibling() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getPrefix() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Node getParentNode() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Document getOwnerDocument() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getNodeValue() throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public short getNodeType() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public String getNodeName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Node getNextSibling() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getNamespaceURI() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getLocalName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Node getLastChild() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Node getFirstChild() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Object getFeature(String feature, String version) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public NodeList getChildNodes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getBaseURI() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public NamedNodeMap getAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public short compareDocumentPosition(Node other) throws DOMException {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public Node cloneNode(boolean deep) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Node appendChild(Node newChild) throws DOMException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void setValue(String value) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setParentElement(SOAPElement parent) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void recycleNode() {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public String getValue() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement getParentElement() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void detachNode() {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setEncodingStyle(String encodingStyle) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public SOAPElement setElementQName(QName newName) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean removeNamespaceDeclaration(String prefix) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public void removeContents() {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public boolean removeAttribute(QName qname) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean removeAttribute(Name name) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Iterator getVisibleNamespacePrefixes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getNamespaceURI(String prefix) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getNamespacePrefixes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getEncodingStyle() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public QName getElementQName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Name getElementName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getChildElements(QName qname) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getChildElements(Name name) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getChildElements() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getAttributeValue(QName qname) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getAttributeValue(Name name) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getAllAttributesAsQNames() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getAllAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public QName createQName(String localName, String prefix) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addTextNode(String text) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addNamespaceDeclaration(String prefix, String uri) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addChildElement(String localName, String prefix, String uri) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addChildElement(String localName, String prefix) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addChildElement(SOAPElement element) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addChildElement(String localName) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addChildElement(QName qname) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addChildElement(Name name) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addAttribute(QName qname, String value) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SOAPElement addAttribute(Name name, String value) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void setFaultString(String faultString, Locale locale) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFaultString(String faultString) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFaultRole(String uri) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFaultNode(String uri) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFaultCode(String faultCode) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFaultCode(QName faultCodeQName) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFaultCode(Name faultCodeQName) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFaultActor(String faultActor) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void removeAllFaultSubcodes() {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public boolean hasDetail() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Iterator getFaultSubcodes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Locale getFaultStringLocale() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getFaultString() {
+ return msg;
+
+ }
+
+ @Override
+ public String getFaultRole() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getFaultReasonTexts() throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getFaultReasonText(Locale locale) throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Iterator getFaultReasonLocales() throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getFaultNode() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public QName getFaultCodeAsQName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Name getFaultCodeAsName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getFaultCode() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getFaultActor() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Detail getDetail() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public void appendFaultSubcode(QName subcode) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void addFaultReasonText(String text, Locale locale) throws SOAPException {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public Detail addDetail() throws SOAPException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+ };
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java
new file mode 100644
index 000000000..5ff8ffba7
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils;
+
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertTrue;
+
+import java.util.List;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.xml.ConfigurationException;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class AttributeBuilderRegistrationTest {
+
+ @BeforeClass
+ public static void classInitializer() throws ConfigurationException {
+ EAAFDefaultSAML2Bootstrap.bootstrap();
+
+ }
+
+ @Test
+ public void checkRegistratedAttributeBuilder() {
+
+ List<Attribute> supportedAttributes = PVPAttributeBuilder.buildSupportedEmptyAttributes();
+
+ assertFalse("Registered Attribute-Builder is empty", supportedAttributes.isEmpty());
+ assertTrue("No role attribute registrated", supportedAttributes.stream()
+ .filter(el -> PVPAttributeDefinitions.ROLES_NAME.equals(el.getName()))
+ .findFirst()
+ .isPresent());
+
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java
new file mode 100644
index 000000000..6d39b926e
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java
@@ -0,0 +1,65 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class AuthenticationRoleFactoryTest {
+
+ @Test
+ public void simpleRole() {
+ String role = RandomStringUtils.randomAlphabetic(5);
+
+ AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(role);
+
+ assertEquals("wrong role name", role, toCheck.getRoleName());
+ assertEquals("wrong raw role", role, toCheck.getRawRoleString());
+ assertNull("wrong role attr", toCheck.getParams());
+
+ }
+
+ @Test
+ public void complexeRoleEmptyParams() {
+ String role = RandomStringUtils.randomAlphabetic(5);
+ String fullRole = role + "()";
+
+ AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole);
+
+ assertEquals("wrong role name", role, toCheck.getRoleName());
+ assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString());
+ assertNull("wrong role attr", toCheck.getParams());
+
+ }
+
+ @Test
+ public void complexeRoleWithParams() {
+ String p1 = RandomStringUtils.randomAlphabetic(5);
+ String v1 = RandomStringUtils.randomAlphabetic(5);
+ String p2 = RandomStringUtils.randomAlphabetic(5);
+ String v2 = RandomStringUtils.randomAlphabetic(5);
+
+ String role = RandomStringUtils.randomAlphabetic(5);
+ String fullRole = role + "(\""
+ + p1 + "\"=\"" + v1 + "\","
+ + p2 + "\"=\"" + v2 + "\""
+ +")";
+
+ AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole);
+
+ assertEquals("wrong role name", role, toCheck.getRoleName());
+ assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString());
+ assertNotNull("wrong role attr", toCheck.getParams());
+ assertEquals("wrong param size", 2, toCheck.getParams().size());
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java
new file mode 100644
index 000000000..387aca540
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java
@@ -0,0 +1,55 @@
+package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils;
+
+import static org.junit.Assert.assertEquals;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({"/test_ehvd_service_messager_auth.beans.xml"})
+public class MoaStatusMessagerTest {
+
+ @Autowired IStatusMessenger messager;
+
+
+ @Test
+ public void checkErrorCodeMapper() {
+ assertEquals("default errorcode", "9199",
+ messager.getResponseErrorCode(new NullPointerException()));
+
+
+ assertEquals("new errorCode file", "aabbccdd",
+ messager.mapInternalErrorToExternalError("test.01"));
+ assertEquals("new errorCode file", "zzzyyyxxx",
+ messager.mapInternalErrorToExternalError("test.02"));
+
+ assertEquals("existing errorCode file", "4401",
+ messager.mapInternalErrorToExternalError("auth.34"));
+ assertEquals("existing errorCode file", "1101",
+ messager.mapInternalErrorToExternalError("parser.07"));
+
+ }
+
+ @Test
+ public void checkErrorMessages() {
+ assertEquals("new error msg",
+ "Für den abgefragtem GDA liegt keine Berechtigung vor", messager.getMessage("ehvd.00", null));
+ assertEquals("new error msg",
+ "Allgemeiner Fehler bei der Abfrage des EHVD Service", messager.getMessage("ehvd.99", null));
+
+
+ assertEquals("existing error msg",
+ "Zertifikat konnte nicht ausgelesen werden.", messager.getMessage("auth.14", null));
+ assertEquals("existing error msg",
+ "\"Issuer\" im AUTH-Block nicht vorhanden.", messager.getMessage("validator.32", null));
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java
new file mode 100644
index 000000000..547401cc3
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/com/github/skjolber/mockito/soap/Soap12EndpointRule.java
@@ -0,0 +1,195 @@
+package com.github.skjolber.mockito.soap;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.ws.soap.SOAPBinding;
+import javax.xml.ws.spi.Provider;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.endpoint.EndpointException;
+import org.apache.cxf.endpoint.ServerImpl;
+import org.apache.cxf.jaxws.EndpointImpl;
+import org.apache.cxf.jaxws.JaxWsServerFactoryBean;
+import org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean;
+import org.apache.cxf.service.ServiceImpl;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.transport.ChainInitiationObserver;
+import org.apache.cxf.transport.Destination;
+import org.apache.cxf.transport.DestinationFactory;
+import org.apache.cxf.transport.DestinationFactoryManager;
+
+
+/**
+ * Fork of {@link SoapEndpointRule} that set <i>endpoint.setBindingUri(SOAPBinding.SOAP12HTTP_BINDING)</i>
+ * into {@link EndpointImpl}.
+ *
+ * @author tlenz
+ *
+ */
+public class Soap12EndpointRule extends SoapServerRule {
+ private static final int PORT_RANGE_START = 1024 + 1;
+ private static final int PORT_RANGE_END = PortManager.PORT_RANGE_MAX;
+
+ public static Soap12EndpointRule newInstance() {
+ return new Soap12EndpointRule();
+ }
+
+ private final Map<String, EndpointImpl> endpoints = new HashMap<>();
+
+ private PortManager<Destination> portManager;
+
+ public Soap12EndpointRule() {
+ this(PORT_RANGE_START, PORT_RANGE_END);
+ }
+
+ public Soap12EndpointRule(String... portNames) {
+ this(PORT_RANGE_START, PORT_RANGE_END, portNames);
+ }
+
+ public Soap12EndpointRule(int portRangeStart, int portRangeEnd, String... portNames) {
+ portManager = new PortManager<Destination>(portRangeStart, portRangeEnd) {
+ @Override
+ public Destination reserve(int port) throws Exception {
+ return createDestination(port);
+ }
+
+ @Override
+ public void release(Destination destination) {
+ destination.shutdown();
+ }
+ };
+
+ portManager.add(portNames);
+ }
+
+ /**
+ * Returns the port number that was reserved for the given name.
+ *
+ * @param portName port name
+ * @return a valid port number if the port has been reserved, -1 otherwise
+ */
+ public int getPort(String portName) {
+ return portManager.getPort(portName);
+ }
+
+ /**
+ * Returns all port names and respective port numbers.
+ *
+ * @return a map of port name and port value (a valid port number if the port
+ * has been reserved, or -1 otherwise)
+ */
+ public Map<String, Integer> getPorts() {
+ return portManager.getPorts();
+ }
+
+ /**
+ * Attempt to reserve a port by starting a server.
+ *
+ * @param port port to reserve
+ * @return destination if successful
+ * @throws IOException
+ * @throws EndpointException
+ */
+ private Destination createDestination(int port) throws IOException, EndpointException {
+ final JaxWsServiceFactoryBean jaxWsServiceFactoryBean = new JaxWsServiceFactoryBean();
+
+ final JaxWsServerFactoryBean serverFactoryBean = new JaxWsServerFactoryBean(jaxWsServiceFactoryBean);
+ final Bus bus = serverFactoryBean.getBus();
+
+ final String address = "http://localhost:" + port;
+ serverFactoryBean.setAddress(address);
+
+ final DestinationFactory destinationFactory = bus.getExtension(DestinationFactoryManager.class)
+ .getDestinationFactoryForUri(address);
+
+ final EndpointInfo ei = new EndpointInfo(null, Integer.toString(port));
+ ei.setAddress(address);
+
+ final Destination destination = destinationFactory.getDestination(ei, bus);
+
+ final ServiceImpl serviceImpl = new ServiceImpl();
+
+ final org.apache.cxf.endpoint.Endpoint endpoint = new org.apache.cxf.endpoint.EndpointImpl(bus,
+ serviceImpl, ei);
+ destination.setMessageObserver(new ChainInitiationObserver(endpoint, bus));
+ return destination;
+ }
+
+ @Override
+ public <T> void proxy(T target, Class<T> port, String address, String wsdlLocation,
+ List<String> schemaLocations, Map<String, Object> properties) {
+ assertValidParams(target, port, address);
+
+ if (endpoints.containsKey(address)) {
+ throw new IllegalArgumentException("Endpoint " + address + " already exists");
+ }
+
+ final T serviceInterface = SoapServiceProxy.newInstance(target);
+
+ final EndpointImpl endpoint = (EndpointImpl) Provider.provider().createEndpoint(null, serviceInterface);
+ endpoint.setBindingUri(SOAPBinding.SOAP12HTTP_BINDING);
+
+ if (wsdlLocation != null) {
+ endpoint.setWsdlLocation(wsdlLocation);
+ }
+
+ if (schemaLocations != null) {
+ endpoint.setSchemaLocations(schemaLocations);
+ }
+
+ endpoint.setProperties(processProperties(properties, wsdlLocation, schemaLocations));
+
+ final Destination destination = portManager.getData(parsePort(address));
+ if (destination != null) {
+ final ServerImpl server = endpoint.getServer();
+ server.setDestination(destination);
+ }
+
+ endpoint.publish(address);
+
+ endpoints.put(address, endpoint);
+ }
+
+ @Override
+ protected void before() {
+ // reserve all ports
+ portManager.start();
+ }
+
+ @Override
+ protected void after() {
+ destroy();
+ }
+
+ /**
+ * Stop and remove endpoints, keeping port reservations.
+ */
+ public void clear() {
+ endpoints.values().forEach(EndpointImpl::stop);
+ endpoints.clear();
+ }
+
+ @Override
+ public void destroy() {
+ endpoints.values().forEach(endpoint -> {
+ endpoint.stop();
+ endpoint.getBus().shutdown(true);
+ });
+ endpoints.clear();
+ portManager.stop();
+ }
+
+ @Override
+ public void stop() {
+ endpoints.values().forEach(endpoint -> endpoint.getServer().stop());
+ }
+
+ @Override
+ public void start() {
+ // republish
+ endpoints.values().forEach(endpoint -> endpoint.getServer().start());
+ }
+}
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
new file mode 100644
index 000000000..580af5559
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties
@@ -0,0 +1,11 @@
+modules.ehvd.enabled=true
+modules.ehvd.sp.1=aaabbccddeeffgg
+modules.ehvd.sp.2=yyasdfasfsa2323
+modules.ehvd.sp.3=
+modules.ehvd.sp.4=435344534egewgegf
+
+modules.ehvd.service.url=http://localhost:1234/ehvd
+#modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at
+
+modules.ehvd.role.pvp=EPI-GDA()
+modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties
new file mode 100644
index 000000000..4e666c204
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties
@@ -0,0 +1,4 @@
+modules.ehvd.enabled=false
+modules.ehvd.sp.1=aaabbccddeeffgg
+modules.ehvd.sp.2=yyasdfasfsa2323
+modules.ehvd.sp.3=435344534egewgegf
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties
new file mode 100644
index 000000000..dc8fe54d5
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config_qs_service.properties
@@ -0,0 +1,12 @@
+modules.ehvd.enabled=true
+modules.ehvd.sp.1=aaabbccddeeffgg
+modules.ehvd.sp.2=yyasdfasfsa2323
+modules.ehvd.sp.3=
+modules.ehvd.sp.4=435344534egewgegf
+
+modules.ehvd.service.url=https://ehvdwsqs.gesundheit.gv.at
+#modules.ehvd.service.bpk.target=
+modules.ehvd.proxy.socks.port=12345
+modules.ehvd.role.pvp=EPI-GDA()
+modules.ehvd.service.role.regex=^1\.2\.40\.0\.34\.5\.2\:(100|101|158)$
+#modules.ehvd.service.otherid.prefix=1.2.40.0.34.4.18: \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml
new file mode 100644
index 000000000..0595d4eb4
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_qs_service_auth.beans.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <import resource="classpath:/SpringTest-context_authManager.xml" />
+ <import resource="classpath:/moaid_ehvd_service_auth.beans.xml" />
+
+ <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap">
+ <constructor-arg name="path" value="/config/config_qs_service.properties" />
+ </bean>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml
new file mode 100644
index 000000000..b499ad395
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <import resource="classpath:/SpringTest-context_authManager.xml" />
+ <import resource="classpath:/moaid_ehvd_service_auth.beans.xml" />
+
+ <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap">
+ <constructor-arg name="path" value="/config/config1.properties" />
+ </bean>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml
new file mode 100644
index 000000000..7116034b7
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <import resource="classpath:/SpringTest-context_authManager.xml" />
+
+ <bean id="dummyConfig" class="at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap">
+ <constructor-arg name="path" value="/config/config2.properties" />
+ </bean>
+
+ <beans default-lazy-init="true">
+ <bean id="ehvdServiceAuthModule" class="at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule">
+ <property name="priority" value="4" />
+ </bean>
+
+ </beans>
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml
new file mode 100644
index 000000000..5d8e03fb5
--- /dev/null
+++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="testMsgProvider"
+ class="at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
index 46b645403..41da7ff51 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-elga_mandate_service</artifactId>
<version>${moa-id-module-elga_mandate_client}</version>
diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml
index 131ae455b..f9ff3333b 100644
--- a/id/server/modules/moa-id-module-openID/pom.xml
+++ b/id/server/modules/moa-id-module-openID/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-openID</artifactId>
@@ -38,13 +38,13 @@
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
- <version>1.22.0</version>
+ <version>1.40.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-jetty</artifactId>
- <version>1.22.0</version>
+ <version>1.32.1</version>
<scope>test</scope>
<exclusions>
<exclusion>
@@ -78,7 +78,6 @@
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
- <version>19.0</version>
</dependency>
<!-- TestNG -->
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
index 0dccba648..d3a2cc94e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-sl20_authentication</artifactId>
<name>moa-id-module-sl20_authentication</name>
@@ -53,20 +53,19 @@
<dependency>
<groupId>com.google.code.gson</groupId>
<artifactId>gson</artifactId>
- <version>2.8.2</version>
+ <version>2.8.9</version>
</dependency>
<dependency>
<groupId>org.bitbucket.b_c</groupId>
<artifactId>jose4j</artifactId>
- <version>0.6.3</version>
+ <version>0.7.9</version>
</dependency>
- <dependency>
- <groupId>org.bouncycastle</groupId>
- <artifactId>bcprov-jdk15on</artifactId>
- <version>1.52</version>
- <!-- <scope>provided</scope> -->
-</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.70</version>
+ </dependency>
<!-- Dependencies for testing -->
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index 759d9c838..6bf297a4e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -13,7 +13,6 @@ import org.apache.http.Header;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.utils.URIBuilder;
-import org.apache.log4j.Logger;
import org.jose4j.base64url.Base64Url;
import com.google.gson.JsonElement;
@@ -23,328 +22,347 @@ import com.google.gson.JsonParser;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import lombok.extern.slf4j.Slf4j;
+@Slf4j
public class SL20JSONExtractorUtils {
- private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class);
-
- /**
- * Extract String value from JSON
- *
- * @param input
- * @param keyID
- * @param isRequired
- * @return
- * @throws SLCommandoParserException
- */
- public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
- try {
- JsonElement internal = getAndCheck(input, keyID, isRequired);
-
- if (internal != null)
- return internal.getAsString();
- else
- return null;
-
- } catch (SLCommandoParserException e) {
- throw e;
-
- } catch (Exception e) {
- throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e);
-
- }
- }
-
- /**
- * Extract Boolean value from JSON
- *
- * @param input
- * @param keyID
- * @param isRequired
- * @return
- * @throws SLCommandoParserException
- */
- public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException {
- try {
- JsonElement internal = getAndCheck(input, keyID, isRequired);
-
- if (internal != null)
- return internal.getAsBoolean();
- else
- return defaultValue;
-
- } catch (SLCommandoParserException e) {
- throw e;
-
- } catch (Exception e) {
- throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
-
- }
- }
-
- /**
- * Extract JSONObject value from JSON
- *
- * @param input
- * @param keyID
- * @param isRequired
- * @return
- * @throws SLCommandoParserException
- */
- public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
- try {
- JsonElement internal = getAndCheck(input, keyID, isRequired);
-
- if (internal != null)
- return internal.getAsJsonObject();
- else
- return null;
-
- } catch (SLCommandoParserException e) {
- throw e;
-
- } catch (Exception e) {
- throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
-
- }
- }
-
- /**
- * Extract a List of String elements from a JSON element
- *
- * @param input
- * @return
- * @throws SLCommandoParserException
- */
- public static List<String> getListOfStringElements(JsonElement input) throws SLCommandoParserException {
- List<String> result = new ArrayList<String>();
- if (input != null) {
- if (input.isJsonArray()) {
- Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
- while(arrayIterator.hasNext()) {
- JsonElement next = arrayIterator.next();
- if (next.isJsonPrimitive())
- result.add(next.getAsString());
- }
-
- } else if (input.isJsonPrimitive()) {
- result.add(input.getAsString());
-
- } else {
- log.warn("JSON Element IS NOT a JSON array or a JSON Primitive");
- throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive");
-
- }
- }
-
- return result;
- }
-
- /**
- * Extract Map of Key/Value pairs from a JSON Element
- *
- * @param input parent JSON object
- * @param keyID KeyId of the child that should be parsed
- * @param isRequired
- * @return
- * @throws SLCommandoParserException
- */
- public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
- JsonElement internal = getAndCheck(input, keyID, isRequired);
- return getMapOfStringElements(internal);
-
- }
-
- /**
- * Extract Map of Key/Value pairs from a JSON Element
- *
- * @param input
- * @return
- * @throws SLCommandoParserException
- */
- public static Map<String, String> getMapOfStringElements(JsonElement input) throws SLCommandoParserException {
- Map<String, String> result = new HashMap<String, String>();
-
- if (input != null) {
- if (input.isJsonArray()) {
- Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
- while(arrayIterator.hasNext()) {
- JsonElement next = arrayIterator.next();
- Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
- entitySetToMap(result, entry);
-
- }
-
- } else if (input.isJsonObject()) {
- Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator();
- entitySetToMap(result, objectKeys);
-
- } else
- throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object");
-
- }
-
- return result;
- }
-
- private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) {
- while (entry.hasNext()) {
- Entry<String, JsonElement> el = entry.next();
- if (result.containsKey(el.getKey()))
- log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
-
- result.put(el.getKey(), el.getValue().getAsString());
-
- }
-
- }
-
-
- public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception {
- JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
- JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
-
- if (result == null && encryptedResult == null)
- throw new SLCommandoParserException("NO result OR encryptedResult FOUND.");
-
- else if (encryptedResult == null && mustBeEncrypted)
- throw new SLCommandoParserException("result MUST be signed.");
-
- else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) {
- try {
- return decrypter.decryptPayload(encryptedResult.getAsString());
-
- } catch (Exception e) {
- log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage());
- if (!mustBeEncrypted) {
- log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible");
-
- //dummy code
- try {
- String[] signedPayload = encryptedResult.toString().split("\\.");
- JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
- return payLoad;
-
- } catch (Exception e1) {
- log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ...");
- throw new SL20Exception(e.getMessage(), null, e);
-
- }
-
- } else
- throw e;
-
- }
-
- } else if (result != null) {
- return result;
-
- } else
- throw new SLCommandoParserException("Internal build error");
-
-
- }
-
- /**
- * Extract payLoad from generic transport container
- *
- * @param container
- * @param joseTools
- * @return
- * @throws SLCommandoParserException
- */
- public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception {
-
- JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD);
- JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD);
-
- if (mustBeSigned && joseTools == null)
- throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'");
-
- if (sl20Payload == null && sl20SignedPayload == null)
- throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND.");
-
- else if (sl20SignedPayload == null && mustBeSigned)
- throw new SLCommandoParserException("payLoad MUST be signed.");
-
- else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {
- return joseTools.validateSignature(sl20SignedPayload.getAsString());
-
- } else if (sl20Payload != null)
- return new VerificationResult(sl20Payload.getAsJsonObject());
-
- else
- throw new SLCommandoParserException("Internal build error");
-
-
- }
-
-
- /**
- * Extract generic transport container from httpResponse
- *
- * @param httpResp
- * @return
- * @throws SLCommandoParserException
- */
- public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException {
- try {
- JsonObject sl20Resp = null;
- if (httpResp.getStatusLine().getStatusCode() == 307) {
- Header[] locationHeader = httpResp.getHeaders("Location");
- if (locationHeader == null)
- throw new SLCommandoParserException("Find Redirect statuscode but not Location header");
-
- String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
- sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject();
-
- } else if (httpResp.getStatusLine().getStatusCode() == 200) {
- if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json"))
- throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
- sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
-
- } else if ( (httpResp.getStatusLine().getStatusCode() == 500) ||
- (httpResp.getStatusLine().getStatusCode() == 401) ||
- (httpResp.getStatusLine().getStatusCode() == 400) ) {
- log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()
- + ". Search for error message");
- sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
-
-
- } else
- throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode());
-
- log.info("Find JSON object in http response");
- return sl20Resp;
-
- } catch (Exception e) {
- throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e);
-
- }
- }
-
- private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception {
- if (resp != null && resp.getContent() != null) {
- JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent()));
- if (sl20Resp != null && sl20Resp.isJsonObject()) {
- return sl20Resp.getAsJsonObject();
-
- } else
- throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object");
-
-
- } else
- throw new SLCommandoParserException("Can NOT find content in http response");
-
- }
-
-
- private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
- JsonElement internal = input.get(keyID);
-
- if (internal == null && isRequired)
- throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist");
-
- return internal;
-
- }
+
+ /**
+ * Extract String value from JSON
+ *
+ * @param input
+ * @param keyID
+ * @param isRequired
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static String getStringValue(JsonObject input, String keyID, boolean isRequired)
+ throws SLCommandoParserException {
+ try {
+ final JsonElement internal = getAndCheck(input, keyID, isRequired);
+
+ if (internal != null) {
+ return internal.getAsString();
+ } else {
+ return null;
+ }
+
+ } catch (final SLCommandoParserException e) {
+ throw e;
+
+ } catch (final Exception e) {
+ throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e);
+
+ }
+ }
+
+ /**
+ * Extract Boolean value from JSON
+ *
+ * @param input
+ * @param keyID
+ * @param isRequired
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired,
+ boolean defaultValue) throws SLCommandoParserException {
+ try {
+ final JsonElement internal = getAndCheck(input, keyID, isRequired);
+
+ if (internal != null) {
+ return internal.getAsBoolean();
+ } else {
+ return defaultValue;
+ }
+
+ } catch (final SLCommandoParserException e) {
+ throw e;
+
+ } catch (final Exception e) {
+ throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
+
+ }
+ }
+
+ /**
+ * Extract JSONObject value from JSON
+ *
+ * @param input
+ * @param keyID
+ * @param isRequired
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired)
+ throws SLCommandoParserException {
+ try {
+ final JsonElement internal = getAndCheck(input, keyID, isRequired);
+
+ if (internal != null) {
+ return internal.getAsJsonObject();
+ } else {
+ return null;
+ }
+
+ } catch (final SLCommandoParserException e) {
+ throw e;
+
+ } catch (final Exception e) {
+ throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e);
+
+ }
+ }
+
+ /**
+ * Extract a List of String elements from a JSON element
+ *
+ * @param input
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static List<String> getListOfStringElements(JsonElement input) throws SLCommandoParserException {
+ final List<String> result = new ArrayList<>();
+ if (input != null) {
+ if (input.isJsonArray()) {
+ final Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
+ while (arrayIterator.hasNext()) {
+ final JsonElement next = arrayIterator.next();
+ if (next.isJsonPrimitive()) {
+ result.add(next.getAsString());
+ }
+ }
+
+ } else if (input.isJsonPrimitive()) {
+ result.add(input.getAsString());
+
+ } else {
+ log.warn("JSON Element IS NOT a JSON array or a JSON Primitive");
+ throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive");
+
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Extract Map of Key/Value pairs from a JSON Element
+ *
+ * @param input parent JSON object
+ * @param keyID KeyId of the child that should be parsed
+ * @param isRequired
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired)
+ throws SLCommandoParserException {
+ final JsonElement internal = getAndCheck(input, keyID, isRequired);
+ return getMapOfStringElements(internal);
+
+ }
+
+ /**
+ * Extract Map of Key/Value pairs from a JSON Element
+ *
+ * @param input
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static Map<String, String> getMapOfStringElements(JsonElement input)
+ throws SLCommandoParserException {
+ final Map<String, String> result = new HashMap<>();
+
+ if (input != null) {
+ if (input.isJsonArray()) {
+ final Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
+ while (arrayIterator.hasNext()) {
+ final JsonElement next = arrayIterator.next();
+ final Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
+ entitySetToMap(result, entry);
+
+ }
+
+ } else if (input.isJsonObject()) {
+ final Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator();
+ entitySetToMap(result, objectKeys);
+
+ } else {
+ throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object");
+ }
+
+ }
+
+ return result;
+ }
+
+ private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) {
+ while (entry.hasNext()) {
+ final Entry<String, JsonElement> el = entry.next();
+ if (result.containsKey(el.getKey())) {
+ log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
+ }
+
+ result.put(el.getKey(), el.getValue().getAsString());
+
+ }
+
+ }
+
+ public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter,
+ boolean mustBeEncrypted) throws SL20Exception {
+ final JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
+ final JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT);
+
+ if (result == null && encryptedResult == null) {
+ throw new SLCommandoParserException("NO result OR encryptedResult FOUND.");
+ } else if (encryptedResult == null && mustBeEncrypted) {
+ throw new SLCommandoParserException("result MUST be signed.");
+ } else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) {
+ try {
+ return decrypter.decryptPayload(encryptedResult.getAsString());
+
+ } catch (final Exception e) {
+ log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage());
+ if (!mustBeEncrypted) {
+ log.warn(
+ "Decrypted results are disabled by configuration. Parse result in plain if it is possible");
+
+ // dummy code
+ try {
+ final String[] signedPayload = encryptedResult.toString().split("\\.");
+ final JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(
+ signedPayload[1])));
+ return payLoad;
+
+ } catch (final Exception e1) {
+ log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ...");
+ throw new SL20Exception(e.getMessage(), null, e);
+
+ }
+
+ } else {
+ throw e;
+ }
+
+ }
+
+ } else if (result != null) {
+ return result;
+
+ } else {
+ throw new SLCommandoParserException("Internal build error");
+ }
+
+ }
+
+ /**
+ * Extract payLoad from generic transport container
+ *
+ * @param container
+ * @param joseTools
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools,
+ boolean mustBeSigned) throws SL20Exception {
+
+ final JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD);
+ final JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD);
+
+ if (mustBeSigned && joseTools == null) {
+ throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'");
+ }
+
+ if (sl20Payload == null && sl20SignedPayload == null) {
+ throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND.");
+ } else if (sl20SignedPayload == null && mustBeSigned) {
+ throw new SLCommandoParserException("payLoad MUST be signed.");
+ } else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {
+ return joseTools.validateSignature(sl20SignedPayload.getAsString());
+
+ } else if (sl20Payload != null) {
+ return new VerificationResult(sl20Payload.getAsJsonObject());
+ } else {
+ throw new SLCommandoParserException("Internal build error");
+ }
+
+ }
+
+ /**
+ * Extract generic transport container from httpResponse
+ *
+ * @param httpResp
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp)
+ throws SLCommandoParserException {
+ try {
+ JsonObject sl20Resp = null;
+ if (httpResp.getStatusLine().getStatusCode() == 307) {
+ final Header[] locationHeader = httpResp.getHeaders("Location");
+ if (locationHeader == null) {
+ throw new SLCommandoParserException("Find Redirect statuscode but not Location header");
+ }
+
+ final String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0)
+ .getValue();
+ sl20Resp = new JsonParser().parse(Base64Url.encode(sl20RespString.getBytes())).getAsJsonObject();
+
+ } else if (httpResp.getStatusLine().getStatusCode() == 200) {
+ if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) {
+ throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp
+ .getEntity().getContentType().getValue());
+ }
+ sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
+
+ } else if (httpResp.getStatusLine().getStatusCode() == 500 ||
+ httpResp.getStatusLine().getStatusCode() == 401 ||
+ httpResp.getStatusLine().getStatusCode() == 400) {
+ log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()
+ + ". Search for error message");
+ sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
+
+ } else {
+ throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine()
+ .getStatusCode());
+ }
+
+ log.info("Find JSON object in http response");
+ return sl20Resp;
+
+ } catch (final Exception e) {
+ throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e);
+
+ }
+ }
+
+ private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception {
+ if (resp != null && resp.getContent() != null) {
+ final JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent()));
+ if (sl20Resp != null && sl20Resp.isJsonObject()) {
+ return sl20Resp.getAsJsonObject();
+
+ } else {
+ throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object");
+ }
+
+ } else {
+ throw new SLCommandoParserException("Can NOT find content in http response");
+ }
+
+ }
+
+ private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired)
+ throws SLCommandoParserException {
+ final JsonElement internal = input.get(keyID);
+
+ if (internal == null && isRequired) {
+ throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist");
+ }
+
+ return internal;
+
+ }
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/pom.xml b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
index d0869994b..70db729e1 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/pom.xml
+++ b/id/server/modules/moa-id-module-ssoTransfer/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-ssoTransfer</artifactId>
<name>MOA-ID_SSO_Transfer_modul</name>
@@ -36,14 +36,14 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
- <version>1.52</version>
+ <version>1.70</version>
<!-- <scope>provided</scope> -->
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
- <version>1.52</version>
+ <version>1.70</version>
</dependency>
<dependency>
diff --git a/id/server/modules/moa-id-modules-federated_authentication/pom.xml b/id/server/modules/moa-id-modules-federated_authentication/pom.xml
index 1148ab31c..4e72ede0c 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/pom.xml
+++ b/id/server/modules/moa-id-modules-federated_authentication/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-modules-federated_authentication</artifactId>
<description>PVP2 ServiceProvider implementation for federated authentication</description>
diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml
index d2cd5686e..a05794be6 100644
--- a/id/server/modules/moa-id-modules-saml1/pom.xml
+++ b/id/server/modules/moa-id-modules-saml1/pom.xml
@@ -3,7 +3,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-saml1</artifactId>
diff --git a/id/server/modules/module-monitoring/pom.xml b/id/server/modules/module-monitoring/pom.xml
index 5b19d44c0..cd9c1087e 100644
--- a/id/server/modules/module-monitoring/pom.xml
+++ b/id/server/modules/module-monitoring/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<artifactId>moa-id-module-monitoring</artifactId>
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index d2bce7b0d..7fd7107e9 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -5,7 +5,7 @@
<parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<groupId>MOA.id.server.modules</groupId>
@@ -36,7 +36,10 @@
<module>moa-id-module-sl20_authentication</module>
<module>moa-id-module-AT_eIDAS_connector</module>
- <module>moa-id-module-E-ID_connector</module>
+ <module>moa-id-module-E-ID_connector</module>
+ <module>moa-id-module-dummyAuth</module>
+ <module>moa-id-module-ehvd_integration</module>
+
</modules>
<dependencies>
diff --git a/id/server/pom.xml b/id/server/pom.xml
index e9fb44b80..8e9d1a14c 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -4,7 +4,7 @@
<parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>4.1.5</version>
+ <version>4.2.0</version>
</parent>
<modelVersion>4.0.0</modelVersion>
diff --git a/id/server/proxy/.gitignore b/id/server/proxy/.gitignore
deleted file mode 100644
index 4dc009173..000000000
--- a/id/server/proxy/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-/target
-/bin
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml
deleted file mode 100644
index 4a18f6b2e..000000000
--- a/id/server/proxy/pom.xml
+++ /dev/null
@@ -1,152 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <parent>
- <groupId>MOA.id</groupId>
- <artifactId>moa-id</artifactId>
- <version>4.0.1-snapshot</version>
- </parent>
-
- <properties>
- <repositoryPath>${basedir}/../../../repository</repositoryPath>
- </properties>
-
- <repositories>
- <repository>
- <id>shibboleth.internet2.edu</id>
- <name>Internet2</name>
- <url>https://apps.egiz.gv.at/shibboleth_nexus/</url>
- </repository>
- </repositories>
-
- <modelVersion>4.0.0</modelVersion>
- <groupId>MOA.id.server</groupId>
- <artifactId>moa-id-proxy</artifactId>
- <version>${moa-id-proxy-version}</version>
- <packaging>war</packaging>
- <name>MOA ID-Proxy WebService</name>
-
- <build>
- <plugins>
-<!-- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>properties-maven-plugin</artifactId>
- <version>1.0-alpha-2</version>
- <executions>
- <execution>
- <phase>initialize</phase>
- <goals>
- <goal>read-project-properties</goal>
- </goals>
- <configuration>
- <files>
- <file>${basedir}/../../../moa-id.properties</file>
- </files>
- </configuration>
- </execution>
- </executions>
- </plugin> -->
-
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-war-plugin</artifactId>
- <version>2.1.1</version>
- <!-- <version>2.0.2</version>-->
- <configuration>
- <archive>
- <manifest>
- <addDefaultSpecificationEntries>false</addDefaultSpecificationEntries>
- <addDefaultImplementationEntries>true</addDefaultImplementationEntries>
- </manifest>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
-<!--
- <webResources>
- <resource>
- <directory>${basedir}/../resources</directory>
- <targetPath>WEB-INF/classes/resources</targetPath>
- </resource>
- <resource>
- <directory>${basedir}/../services</directory>
- <targetPath>WEB-INF/classes/META-INF/services</targetPath>
- </resource>
- </webResources>
--->
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <source>1.7</source>
- <target>1.7</target>
- </configuration>
- </plugin>
- </plugins>
- </build>
-
- <dependencies>
- <!-- we need Axis 1.1 here, 1.0 is included in SPSS -->
- <dependency>
- <groupId>axis</groupId>
- <artifactId>axis</artifactId>
- </dependency>
- <dependency>
- <groupId>MOA.spss.server</groupId>
- <artifactId>moa-spss-lib</artifactId>
- </dependency>
- <dependency>
- <groupId>MOA.id.server</groupId>
- <artifactId>moa-id-lib</artifactId>
- <!--version>${project.version}</version-->
- </dependency>
- <!-- transitive dependencies we don't want to include into the war -->
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_jce_full</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_ecc</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_Pkcs11Provider</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>iaik.prod</groupId>
- <artifactId>iaik_Pkcs11Wrapper</artifactId>
- <!-- should be in the ext directory of the jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xalan</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xerces</groupId>
- <artifactId>xercesImpl</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>xml-apis</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- <dependency>
- <groupId>xalan-bin-dist</groupId>
- <artifactId>serializer</artifactId>
- <!-- should be provided by the container or jre -->
- <scope>provided</scope>
- </dependency>
- </dependencies>
-
-</project>
diff --git a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF b/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF
deleted file mode 100644
index 58630c02e..000000000
--- a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF
+++ /dev/null
@@ -1,2 +0,0 @@
-Manifest-Version: 1.0
-
diff --git a/id/server/proxy/src/main/webapp/WEB-INF/web.xml b/id/server/proxy/src/main/webapp/WEB-INF/web.xml
deleted file mode 100644
index 57926f207..000000000
--- a/id/server/proxy/src/main/webapp/WEB-INF/web.xml
+++ /dev/null
@@ -1,82 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
-<web-app>
- <display-name>MOA ID Proxy</display-name>
- <description>MOA ID Proxy Service</description>
-
- <filter>
- <filter-name>ParameterInOrder Filter</filter-name>
- <filter-class>at.gv.egovernment.moa.id.util.ParameterInOrderFilter</filter-class>
- </filter>
- <filter-mapping>
- <filter-name>ParameterInOrder Filter</filter-name>
- <url-pattern>/*</url-pattern>
- </filter-mapping>
-
- <servlet>
- <servlet-name>Proxy</servlet-name>
- <display-name>Proxy</display-name>
- <description>Forwards requests to the online application</description>
- <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ProxyServlet</servlet-class>
- <load-on-startup>0</load-on-startup>
- </servlet>
- <servlet>
- <servlet-name>ConfigurationUpdate</servlet-name>
- <display-name>ConfigurationUpdate</display-name>
- <description>Update MOA-ID Proxy configuration from the configuration file</description>
- <servlet-class>at.gv.egovernment.moa.id.proxy.servlet.ConfigurationServlet</servlet-class>
- </servlet>
-
- <!-- JSP servlet -->
- <servlet>
- <servlet-name>jspservlet</servlet-name>
- <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
- </servlet>
-
- <!-- servlet mapping for jsp pages -->
- <!-- errorpage.jsp (customizeable) -->
- <servlet-mapping>
- <servlet-name>jspservlet</servlet-name>
- <url-pattern>/errorpage-proxy.jsp</url-pattern>
- </servlet-mapping>
- <!-- message-proxy.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) -->
- <servlet-mapping>
- <servlet-name>jspservlet</servlet-name>
- <url-pattern>/message-proxy.jsp</url-pattern>
- </servlet-mapping>
-
- <servlet-mapping>
- <servlet-name>ConfigurationUpdate</servlet-name>
- <url-pattern>/ConfigurationUpdate</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>Proxy</servlet-name>
- <url-pattern>/*</url-pattern>
- </servlet-mapping>
- <session-config>
- <session-timeout>30</session-timeout>
- </session-config>
- <error-page>
- <error-code>500</error-code>
- <location>/errorpage-proxy.jsp</location>
- </error-page>
- <security-constraint>
- <web-resource-collection>
- <web-resource-name>ConfigurationUpdate</web-resource-name>
- <url-pattern>/ConfigurationUpdate</url-pattern>
- </web-resource-collection>
- <auth-constraint>
- <role-name>moa-admin</role-name>
- </auth-constraint>
- </security-constraint>
- <login-config>
- <auth-method>BASIC</auth-method>
- <realm-name>UserDatabase</realm-name>
- </login-config>
- <security-role>
- <description>
- The role that is required to log in to the moa Application
- </description>
- <role-name>moa-admin</role-name>
- </security-role>
-</web-app>
diff --git a/id/server/proxy/src/main/webapp/errorpage-proxy.jsp b/id/server/proxy/src/main/webapp/errorpage-proxy.jsp
deleted file mode 100644
index 07f3e7f69..000000000
--- a/id/server/proxy/src/main/webapp/errorpage-proxy.jsp
+++ /dev/null
@@ -1,50 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
- String errorMessage = (String)request.getAttribute("ErrorMessage");
- String wrongParameters = (String)request.getAttribute("WrongParameters");
-%>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-<% if (errorMessage != null) { %>
-<p>
-<%= errorMessage%><br>
-</p>
-<% } %>
-<% if (exceptionThrown != null) { %>
-<p>
-<%= exceptionThrown.getMessage()%>
-</p>
-<% } %>
-<% if (wrongParameters != null) { %>
-<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
-<b> <%= wrongParameters %> </b><br>
-<p>
- Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
-<% } %>
-</body>
-</html> \ No newline at end of file
diff --git a/id/server/proxy/src/main/webapp/message-proxy.jsp b/id/server/proxy/src/main/webapp/message-proxy.jsp
deleted file mode 100644
index 0d970898a..000000000
--- a/id/server/proxy/src/main/webapp/message-proxy.jsp
+++ /dev/null
@@ -1,20 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>MOA-ID Proxy</title>
-</head>
-<% String message = (String)request.getAttribute("Message");
-%>
-
-<body>
-<h1>MOA-ID Proxy</h1>
-
-<% if (message != null) { %>
-<p>
-<%= message%><br>
-</p>
-<% } %>
-
-</body>
-</html> \ No newline at end of file