diff options
55 files changed, 698 insertions, 1560 deletions
| diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java index 5fa6f3531..abcfd67e9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/Authenticate.java @@ -211,6 +211,8 @@ public class Authenticate extends HttpServlet {  			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");  			engine.setProperty("classpath.resource.loader.class",  					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); +			engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, +					"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");  			engine.init();  			HTTPPostEncoder encoder = new HTTPPostEncoder(engine, diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index b58b997ec..4e8dfc259 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -585,7 +585,7 @@  								<div id="formCustomPreview">  										<iframe scrolling="none"   														title="BKUForm Preview" -														height="220" +														height="260"  														width="250">  										</iframe>  								</div> diff --git a/id/oa/pom.xml b/id/oa/pom.xml index c5664c281..621c428bd 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -46,7 +46,7 @@  			<dependency>    			<groupId>org.opensaml</groupId>    			<artifactId>opensaml</artifactId> -  			<version>2.5.3</version> +  			<version>2.6.0</version>    		</dependency>  		  			<dependency>  				<groupId>org.opensaml</groupId> diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java index 917493848..5bf9c4970 100644 --- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java +++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/Authenticate.java @@ -197,6 +197,8 @@ public class Authenticate extends HttpServlet {  			engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");  			engine.setProperty("classpath.resource.loader.class",  					"org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); +			engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, +					"org.apache.velocity.runtime.log.SimpleLog4JLogSystem");  			engine.init();  			HTTPPostEncoder encoder = new HTTPPostEncoder(engine, diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index e5670f9a7..81213f721 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -25,16 +25,17 @@  	</repositories>
  	<dependencies>
 -        <dependency>
 -            <groupId>eu.stork</groupId>
 -            <artifactId>SamlEngine</artifactId>
 -            <version>1.1.0</version>
 -        </dependency>
 -        <dependency>
 -        	<groupId>eu.stork</groupId>
 -        	<artifactId>oasis-dss-api</artifactId>
 -        	<version>1.0.0-SNAPSHOT</version>
 -        </dependency>
 +  	<dependency>
 +    	<groupId>eu.stork</groupId>
 +      <artifactId>SamlEngine</artifactId>
 +     <version>1.1.0</version>
 +     </dependency>
 +     <dependency>
 +     	<groupId>eu.stork</groupId>
 +      <artifactId>oasis-dss-api</artifactId>
 +      <version>1.0.0-SNAPSHOT</version>
 +    </dependency>
 +    
      <dependency>
      		<groupId>MOA.id.server</groupId>
      		<artifactId>moa-id-commons</artifactId>
 @@ -60,7 +61,7 @@  			<artifactId>axis</artifactId>
  		</dependency>
 -		<dependency>
 +<!-- 		<dependency>
  			<groupId>com.sun</groupId>
  			<artifactId>webservices-tools</artifactId>
  			<version>2.0.1</version>
 @@ -69,7 +70,7 @@  			<groupId>com.sun</groupId>
  			<artifactId>webservices-rt</artifactId>
  			<version>2.0.1</version>
 -		</dependency>
 +		</dependency> -->
  		<dependency>
  			<groupId>javax.mail</groupId>
 @@ -162,7 +163,7 @@  		</dependency>
  		<!-- <dependency> <groupId>iaik</groupId> <artifactId>moa</artifactId> 
  			<version>1.28</version> </dependency> -->
 -		<dependency>
 +<!-- 		<dependency>
  			<groupId>edu.internet2.middleware</groupId>
  			<artifactId>shibboleth-common</artifactId>
  			<version>1.4.0</version>
 @@ -172,6 +173,18 @@  					<groupId>ch.qos.logback</groupId>
  				</exclusion>
  			</exclusions>
 +		</dependency> -->
 +		
 +		<dependency>
 +  		<groupId>org.opensaml</groupId>
 +  		<artifactId>opensaml</artifactId>
 +  		<version>2.6.0</version>
 +  	</dependency>  	
 +		
 +		<dependency>
 +			<groupId>org.opensaml</groupId>
 +			<artifactId>xmltooling</artifactId>
 +			<version>1.4.0</version>
  		</dependency>
  		<dependency>
  			<groupId>regexp</groupId>
 @@ -228,8 +241,8 @@  				<groupId>org.apache.maven.plugins</groupId>
  				<artifactId>maven-compiler-plugin</artifactId>
  				<configuration>
 -					<source>1.5</source>
 -					<target>1.5</target>
 +					<source>1.6</source>
 +					<target>1.6</target>
  				</configuration>
  			</plugin>
  			<plugin>
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index e9c8dbc75..06d5b01bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -97,6 +97,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.config.stork.CPEPS;  import at.gv.egovernment.moa.id.config.stork.STORKConfig;  import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.storage.AssertionStorage;  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; @@ -1269,7 +1270,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {  			session.setAuthenticatedUsed(false);  			session.setAuthenticated(true); - +			 +	    	//set QAA Level four in case of card authentifcation +	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4); +			 +			  			String oldsessionID = session.getSessionID();  			//Session is implicte stored in changeSessionID!!! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 767172823..896feed9e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -231,6 +231,8 @@ public class AuthenticationSession implements Serializable {  	private boolean ssoRequested = false; +	private String QAALevel = null; +	  //	private OAuth20SessionObject oAuth20SessionObject;  	// /** @@ -1005,20 +1007,21 @@ public class AuthenticationSession implements Serializable {  	public IPersonalAttributeList getStorkAttributes() {  		return this.storkAttributes;  	} -	 +  	/** -//	 * @return the oAuth20SessionObject -//	 */ -//	public OAuth20SessionObject getoAuth20SessionObject() { -//		return oAuth20SessionObject; -//	} -//	 -//	/** -//	 * @param oAuth20SessionObject -//	 *            the oAuth20SessionObject to set -//	 */ -//	public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) { -//		this.oAuth20SessionObject = oAuth20SessionObject; -//	} +	 * @return the qAALevel +	 */ +	public String getQAALevel() { +		return QAALevel; +	} + +	/** +	 * @param qAALevel the qAALevel to set +	 */ +	public void setQAALevel(String qAALevel) { +		QAALevel = qAALevel; +	} + +	  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 7908578ef..f4212cc78 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -73,6 +73,7 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;  import at.gv.egovernment.moa.id.client.SZRGWClientException;  import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
  import at.gv.egovernment.moa.id.moduls.ModulUtils;
 +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
  import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
  import at.gv.egovernment.moa.logging.Logger;
 @@ -197,6 +198,9 @@ public class GetForeignIDServlet extends AuthServlet {  		    	IdentityLink identitylink = ilParser.parseIdentityLink();
  		    	session.setIdentityLink(identitylink);
 +		    	//set QAA Level four in case of card authentifcation
 +		    	session.setQAALevel(PVPConstants.STORK_QAA_1_4);
 +		    	
  		    	String samlArtifactBase64 = 
  		    		AuthenticationServer.getInstance().getForeignAuthenticationData(session);
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index b2224e10c..8bf437cca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -72,6 +72,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;  import at.gv.egovernment.moa.id.config.ConnectionParameter;  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;  import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils;  import at.gv.egovernment.moa.id.util.SSLUtils; @@ -218,6 +219,9 @@ public class GetMISSessionIDServlet extends AuthServlet {  			session.setAuthenticatedUsed(false);  			session.setAuthenticated(true); +	    	//set QAA Level four in case of card authentifcation +	    	session.setQAALevel(PVPConstants.STORK_QAA_1_4); +			  			String oldsessionID = session.getSessionID();  			//Session is implicite stored in changeSessionID!!! diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 23eb138d9..b356c6f35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -54,9 +54,11 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;  import at.gv.egovernment.moa.id.auth.stork.STORKException;
  import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
  import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
 +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
  import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
  import at.gv.egovernment.moa.id.moduls.ModulUtils;
 +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
  import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
  import at.gv.egovernment.moa.id.util.HTTPUtils;
  import at.gv.egovernment.moa.logging.Logger;
 @@ -327,6 +329,18 @@ public class PEPSConnectorServlet extends AuthServlet {  			// stork did the authentication step
  			moaSession.setAuthenticated(true);
 +			//TODO: found better solution, but QAA Level in response could be not supported yet
 +			try {
 +				moasession.setQAALevel(authnResponse.getAssertions().get(0).
 +						getAuthnStatements().get(0).getAuthnContext().
 +						getAuthnContextClassRef().getAuthnContextClassRef());
 +				
 +			} catch (Throwable e) {
 +				Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
 +				moasession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
 +				
 +			}
 +			
      		//session is implicit stored in changeSessionID!!!!
      		String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java deleted file mode 100644 index 80089a423..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java +++ /dev/null @@ -1,72 +0,0 @@ -/*******************************************************************************
 - * Copyright 2014 Federal Chancellery Austria
 - * MOA-ID has been developed in a cooperation between BRZ, the Federal
 - * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 - * 
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - * 
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - * 
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - ******************************************************************************/
 -/*
 - * Copyright 2011 by Graz University of Technology, Austria
 - * The Austrian STORK Modules have been developed by the E-Government
 - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
 - * Austria and Graz University of Technology.
 - *
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - *
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - *
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - */
 -
 -
 -/**
 - * 
 - */
 -package at.gv.egovernment.moa.id.auth.stork;
 -
 -import org.opensaml.xml.security.credential.Credential;
 -
 -import eu.stork.vidp.messages.exception.SAMLException;
 -
 -/**
 - * Interface supporting different kinds of Credentials
 - * 
 - * @author bzwattendorfer
 - *
 - */
 -public interface CredentialProvider {
 -	
 -	/**
 -	 * Gets appropriate credentials
 -	 * @return Credential object
 -	 * @throws SAMLException
 -	 */
 -	public Credential getCredential() throws SAMLException;
 -
 -}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java deleted file mode 100644 index cf167ba84..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java +++ /dev/null @@ -1,148 +0,0 @@ -/*******************************************************************************
 - * Copyright 2014 Federal Chancellery Austria
 - * MOA-ID has been developed in a cooperation between BRZ, the Federal
 - * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 - * 
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - * 
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - * 
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - ******************************************************************************/
 -/*
 - * Copyright 2011 by Graz University of Technology, Austria
 - * The Austrian STORK Modules have been developed by the E-Government
 - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
 - * Austria and Graz University of Technology.
 - *
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - *
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - *
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - */
 -
 -
 -package at.gv.egovernment.moa.id.auth.stork;
 -
 -import java.security.KeyStore;
 -import java.security.PrivateKey;
 -import java.security.cert.X509Certificate;
 -
 -import org.opensaml.xml.security.credential.Credential;
 -import org.opensaml.xml.security.x509.BasicX509Credential;
 -import org.slf4j.Logger;
 -import org.slf4j.LoggerFactory;
 -
 -import at.gv.egovernment.moa.util.KeyStoreUtils;
 -import at.gv.egovernment.moa.util.StringUtils;
 -import eu.stork.vidp.messages.exception.SAMLException;
 -
 -/**
 - * Provides credentials from a KeyStore
 - * @author bzwattendorfer
 - *
 - */
 -public class KeyStoreCredentialProvider implements CredentialProvider {
 -	
 -	private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class);
 -	
 -	/** KeyStore Path */
 -	private String keyStorePath;
 -	
 -	/** KeyStore Password */
 -	private String keyStorePassword;
 -	
 -	/** Specific Key Name as Credential */
 -	private String keyName;
 -	
 -	/** Key password */
 -	private String keyPassword;
 -	
 -	/**
 -	 * Creates a KeyStoreCredentialProvider object
 -	 * @param keyStorePath KeyStore Path
 -	 * @param keyStorePassword KeyStore Password
 -	 * @param keyName KeyName of the key to be retrieved
 -	 * @param keyPassword Password for the Key
 -	 */
 -	public KeyStoreCredentialProvider(String keyStorePath,
 -			String keyStorePassword, String keyName, String keyPassword) {
 -		super();
 -		this.keyStorePath = keyStorePath;
 -		this.keyStorePassword = keyStorePassword;
 -		this.keyName = keyName;
 -		this.keyPassword = keyPassword;
 -	}
 -
 -
 -	/**
 -	 * Gets the credential object from the KeyStore
 -	 */
 -	public Credential getCredential() throws SAMLException {
 -		log.trace("Retrieving credentials for signing SAML Response.");
 -		
 -		if (StringUtils.isEmpty(this.keyStorePath))
 -			throw new SAMLException("No keyStorePath specified");
 -		
 -		//KeyStorePassword optional
 -		//if (StringUtils.isEmpty(this.keyStorePassword))
 -		//	throw new SAMLException("No keyStorePassword specified");
 -		
 -		if (StringUtils.isEmpty(this.keyName))
 -			throw new SAMLException("No keyName specified");
 -		
 -		//KeyStorePassword optional
 -		//if (StringUtils.isEmpty(this.keyPassword))
 -		//	throw new SAMLException("No keyPassword specified");
 -		
 -		KeyStore ks;
 -		try {
 -			ks = KeyStoreUtils.loadKeyStore(this.keyStorePath, this.keyStorePassword);					
 -		} catch (Exception e) {
 -			log.error("Failed to load keystore information", e);
 -			throw new SAMLException(e);
 -		}
 -		
 -		//return new KeyStoreX509CredentialAdapter(ks, keyName, keyPwd.toCharArray());
 -		BasicX509Credential credential = null;
 -		try {
 -			java.security.cert.X509Certificate certificate = (X509Certificate) ks.getCertificate(this.keyName);
 -			PrivateKey privateKey = (PrivateKey) ks.getKey(this.keyName, this.keyPassword.toCharArray());
 -			credential = new BasicX509Credential();
 -			credential.setEntityCertificate(certificate);			
 -			credential.setPrivateKey(privateKey);
 -						
 -		} catch (Exception e) {
 -			log.error("Error retrieving signing credentials.", e);
 -			throw new SAMLException(e);
 -		}
 -						
 -		return credential;
 -		
 -	}
 -	
 -		
 -}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java deleted file mode 100644 index dcd1a8a1a..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java +++ /dev/null @@ -1,263 +0,0 @@ -/*******************************************************************************
 - * Copyright 2014 Federal Chancellery Austria
 - * MOA-ID has been developed in a cooperation between BRZ, the Federal
 - * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 - * 
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - * 
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - * 
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - ******************************************************************************/
 -/*
 - * Copyright 2011 by Graz University of Technology, Austria
 - * The Austrian STORK Modules have been developed by the E-Government
 - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
 - * Austria and Graz University of Technology.
 - *
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - *
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - *
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - */
 -
 -
 -/**
 - * 
 - */
 -package at.gv.egovernment.moa.id.auth.stork;
 -
 -import java.util.List;
 -
 -import org.joda.time.DateTime;
 -import org.opensaml.saml2.core.Assertion;
 -import org.opensaml.saml2.core.Attribute;
 -import org.opensaml.saml2.core.Audience;
 -import org.opensaml.saml2.core.AudienceRestriction;
 -import org.opensaml.saml2.core.Conditions;
 -import org.opensaml.saml2.core.SubjectConfirmation;
 -import org.opensaml.saml2.core.SubjectConfirmationData;
 -import org.opensaml.saml2.metadata.RequestedAttribute;
 -
 -import at.gv.egovernment.moa.logging.Logger;
 -import eu.stork.vidp.messages.saml.STORKAttribute;
 -import eu.stork.vidp.messages.util.SAMLUtil;
 -
 -/**
 - * Verifies the SAML assertion according to the STORK specification
 - * @author bzwattendorfer
 - *
 - */
 -public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
 -			
 -	private static final int CLOCK_SKEW_MINUTES = 5;
 -	
 -	private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false;
 -
 -	/* (non-Javadoc)
 -	 * @see eu.stork.mw.peps.connector.validation.AssertionVerifier#verifyAssertion(org.opensaml.saml2.core.Assertion, java.lang.String, java.lang.String, java.lang.String)
 -	 */
 -	public void verify(Assertion assertion, String reqIPAddress,
 -			String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException {
 -
 -		//SAML assertion need not to be signed, skipping signature validation
 -		
 -		verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient);
 -		
 -		Logger.debug("SubjectConfirmationData successfully verified");
 -		
 -		verifyConditions(assertion, audience);
 -		
 -		Logger.debug("Conditions successfully verified");
 -	}
 -	
 -	
 -	private void verifySubjectConfirmation(Assertion assertion, String reqAddress, String requestID, String recipient) throws SecurityException {		
 -		for (SubjectConfirmation sc : assertion.getSubject().getSubjectConfirmations()) {
 -			verifySubjectConfirmationData(sc.getSubjectConfirmationData(), reqAddress, requestID, recipient);
 -		}
 -				
 -	}
 -	
 -	private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException {				
 -		//NotBefore not allowed in SSO profile
 -		verifyNotOnOrAfter(scData.getNotOnOrAfter());
 -		
 -		Logger.trace("NotOnOrAfter successfully verified");
 -		
 -		if(IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY) {
 -			verifyClientAddress(scData, reqAddress);
 -			Logger.trace("User's client IP address successfully verified.");
 -		} else {
 -			Logger.warn("User's client IP address will not be verified.");
 -		}
 -		
 -		verifyRecipient(scData, recipient);
 -		Logger.trace("Recipient successfully verified");
 -		
 -		verifyInResponseTo(scData, requestID);
 -		Logger.trace("InResponseTo successfully verified");
 -				 
 -	}
 -	
 -	private void verifyNotBefore(DateTime notBefore) throws SecurityException {
 -		if (notBefore.minusMinutes(CLOCK_SKEW_MINUTES).isAfterNow()) {
 -			String msg = "Subject/Assertion not yet valid, Timestamp: ";
 -			Logger.error(msg + notBefore);
 -			throw new SecurityException(msg);
 -		}
 -		
 -		Logger.trace("Subject/Assertion already valid, notBefore: " + notBefore);
 -		
 -	}
 -	
 -	private void verifyNotOnOrAfter(DateTime notOnOrAfter) throws SecurityException {
 -		if (notOnOrAfter.plusMinutes(CLOCK_SKEW_MINUTES).isBeforeNow()) {
 -			String msg = "Subject/Assertion no longer valid.";
 -			Logger.error(msg);
 -			throw new SecurityException(msg);
 -		}
 -		
 -		Logger.trace("Subject/Assertion still valid, notOnOrAfter: " + notOnOrAfter);
 -	}
 -
 -	private void verifyClientAddress(SubjectConfirmationData scData, String reqAddress) throws SecurityException {
 -		if (!reqAddress.equals(scData.getAddress())) {
 -			String msg = "Response coming from wrong Client-Address";
 -			Logger.error("Response coming from wrong Client-Address " +  reqAddress + ", expected " + scData.getAddress());
 -			throw new SecurityException(msg);
 -		}
 -		
 -	}
 -	
 -	private void verifyInResponseTo(SubjectConfirmationData scData, String requestID) throws SecurityException {
 -		if (!scData.getInResponseTo().equals(requestID)) {
 -			String msg = "Assertion issued for wrong request";
 -			Logger.error(msg);
 -			throw new SecurityException(msg);
 -		}
 -	}
 -	
 -	private void verifyRecipient(SubjectConfirmationData scData, String reqRecipient) throws SecurityException {
 -		if (!scData.getRecipient().equals(reqRecipient)) {
 -			String msg = "Assertion intended for another recipient";
 -			Logger.error("Assertion intended for recipient " + scData.getRecipient() + "but expected " + reqRecipient);
 -			throw new SecurityException(msg);
 -		}
 -		
 -	}
 -	
 -	private void verifyAudience(AudienceRestriction audienceRestriction, String reqAudience) throws SecurityException {
 -		for (Audience audience : audienceRestriction.getAudiences()) {
 -			if (audience.getAudienceURI().equals(reqAudience))
 -				return;
 -		}
 -		String msg = "Assertion sent to wrong audience";
 -		Logger.error("Assertion intended for wrong audience, expected " + reqAudience);
 -		throw new SecurityException(msg);
 -	}
 -	
 -	private void verifyOneTimeUse(String assertionID) {
 -		//not necessarily required to check since notBefore and notOnOrAfter are verified   
 -		//check response Store for already existing assertion
 -		
 -	}
 -	
 -	private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException {		
 -		Conditions conditions = assertion.getConditions();
 -		
 -		verifyNotBefore(conditions.getNotBefore());
 -		Logger.trace("NotBefore successfully verified");
 -		
 -		verifyNotOnOrAfter(conditions.getNotOnOrAfter());
 -		Logger.trace("NotOnOrAfter successfully verified");
 -		
 -		verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience);
 -		
 -		Logger.trace("Audience successfully verified");
 -		
 -	}
 -	
 -	public static void validateRequiredAttributes(
 -			List<RequestedAttribute> reqAttrList,
 -			List<Attribute> attrList)
 -			throws STORKException {
 -		
 -		Logger.debug("Starting required attribute validation");
 -		
 -		if (reqAttrList == null || reqAttrList.isEmpty()) {
 -			Logger.error("Requested Attributes list is empty.");
 -			throw new STORKException("No attributes have been requested");
 -		}
 -		
 -		if (attrList == null || attrList.isEmpty()) {
 -			Logger.error("STORK AttributeStatement is empty.");
 -			throw new STORKException("No attributes have been received");
 -		}
 -		
 -		Logger.trace("These attributes have been requested and received: ");
 -		int count = 0;
 -		for (RequestedAttribute reqAttr : reqAttrList) {
 -			Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired());
 -			for(Attribute attr : attrList) {
 -				if (verifyRequestedAttribute(reqAttr, attr))
 -					count++;
 -			}
 -		}
 -		
 -		int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList);
 -		Logger.trace("Number of requested required attributes: " + numRequiredReqAttr);
 -		Logger.trace("Number of received required attributes: " + count);
 -		
 -		if (count != numRequiredReqAttr) {
 -			Logger.error("Not all required attributes have been received");
 -			throw new STORKException("Not all required attributes have been received");
 -		}
 -		Logger.debug("Received all required attributes!");			
 -		
 -	}
 -	
 -	private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) {
 -		
 -		if ((reqAttr.getName()).equals(attr.getName())) {
 -			if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
 -				Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr));
 -				return true;
 -			}			
 -		}
 -		return false;
 -	}
 -	
 -	private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) {
 -		int count = 0;
 -		for (RequestedAttribute reqAttr : reqAttrList)
 -			if (reqAttr.isRequired()) count++;
 -		
 -		return count;
 -	}
 -	
 -	
 -}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java deleted file mode 100644 index f9589950f..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java +++ /dev/null @@ -1,182 +0,0 @@ -/*******************************************************************************
 - * Copyright 2014 Federal Chancellery Austria
 - * MOA-ID has been developed in a cooperation between BRZ, the Federal
 - * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 - * 
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - * 
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - * 
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - ******************************************************************************/
 -/*
 - * Copyright 2011 by Graz University of Technology, Austria
 - * The Austrian STORK Modules have been developed by the E-Government
 - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
 - * Austria and Graz University of Technology.
 - *
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - *
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - *
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - */
 -
 -
 -/**
 - * 
 - */
 -package at.gv.egovernment.moa.id.auth.stork;
 -
 -import org.opensaml.xml.validation.ValidationException;
 -import org.w3c.dom.Element;
 -
 -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
 -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
 -import at.gv.egovernment.moa.id.auth.exception.BuildException;
 -import at.gv.egovernment.moa.id.auth.exception.ParseException;
 -import at.gv.egovernment.moa.id.auth.exception.ServiceException;
 -import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 -import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
 -import at.gv.egovernment.moa.id.config.ConfigurationException;
 -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
 -import at.gv.egovernment.moa.id.util.XMLUtil;
 -import at.gv.egovernment.moa.logging.Logger;
 -import eu.stork.mw.messages.saml.STORKResponse;
 -import eu.stork.vidp.messages.exception.SAMLValidationException;
 -import eu.stork.vidp.messages.util.SAMLUtil;
 -
 -/**
 - * Verifies the SMAL response according to the STORK specification
 - * @author bzwattendorfer
 - *
 - */
 -public class PEPSConnectorResponseVerifier implements ResponseVerifier {
 -		
 -		
 -	/* (non-Javadoc)
 -	 * @see eu.stork.mw.peps.connector.validation.ResponseVerifier#verify(org.opensaml.saml2.core.Response)
 -	 */
 -	public void verify(STORKResponse response) throws SecurityException {
 -		
 -		verifySignature(response);
 -		Logger.debug("Signature of SAML response valid.");
 -		
 -		verifyStandardValidation(response);
 -		
 -		Logger.debug("SAML response format valid.");
 -		
 -	}
 -	
 -	
 -	private void verifySignature(STORKResponse response) throws SecurityException {
 -		//validate Signature
 -		try {
 -			if (response.isSigned()) {		
 -				
 -				String trustProfileID = AuthConfigurationProvider.getInstance().getStorkConfig().getSignatureVerificationParameter().getTrustProfileID();
 -				
 -				Logger.trace("Starting validation of Signature references");
 -				try {
 -					SAMLUtil.validateSignatureReferences(response);
 -				} catch (ValidationException e) {
 -					Logger.error("Validation of XML Signature refrences failed: " + e.getMessage());
 -					throw new SecurityException(e);
 -				}
 -				Logger.debug("XML Signature references are OK.");
 -				
 -				Logger.debug("Invoking MOA-SP with TrustProfileID: " + trustProfileID);
 -				
 -				// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
 -				Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
 -						.build(XMLUtil.printXML(response.getDOM()).getBytes(), trustProfileID);
 -
 -				Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
 -				
 -				Logger.trace("Calling MOA-SP");
 -				// invokes the call
 -				Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
 -						.verifyXMLSignature(domVerifyXMLSignatureRequest);								
 -				
 -				// parses the <VerifyXMLSignatureResponse>
 -				VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
 -						domVerifyXMLSignatureResponse).parseData();
 -				
 -				Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP");
 -
 -				if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) {
 -					String msg = "Signature of SAMLResponse not valid";
 -					Logger.error(msg);					
 -					throw new SecurityException(msg);
 -				}
 -				
 -				Logger.debug("Signature of SAML response successfully verified");
 -				
 -				if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
 -					String msg = "Certificate of SAMLResponse not valid";
 -					Logger.error(msg);					
 -					throw new SecurityException(msg);
 -				}
 -				
 -				Logger.debug("Signing certificate of SAML response succesfully verified");
 -				
 -			} else {
 -				String msg = "SAML Response is not signed.";
 -				throw new SecurityException(msg);
 -			}
 -			
 -		} catch (ConfigurationException e) {
 -			String msg = "Unable to load STORK configuration for STORK SAML Response signature verification.";
 -			Logger.error(msg, e);
 -			throw new SecurityException(msg, e);
 -		} catch (ParseException e) {
 -			String msg = "Unable to parse VerifyXMLSignature Request or Response.";
 -			Logger.error(msg, e);
 -			throw new SecurityException(msg, e);
 -		} catch (BuildException e) {
 -			String msg = "Unable to parse VerifyXMLSignature Request or Response.";
 -			Logger.error(msg, e);
 -			throw new SecurityException(msg, e);
 -		} catch (ServiceException e) {
 -			String msg = "Unable to invoke MOA-SP.";
 -			Logger.error(msg, e);
 -			throw new SecurityException(msg, e);
 -		} 			
 -		
 -	}
 -	
 -	private void verifyStandardValidation(STORKResponse response) throws SecurityException {
 -		try {
 -			SAMLUtil.verifySAMLObjectStandardValidation(response, "saml2-core-schema-and-stork-validator");
 -		} catch (SAMLValidationException e) {
 -			String msg ="SAML Response received not valid.";
 -			throw new SecurityException(msg, e);
 -		}
 -		
 -	}
 -	
 -	
 -
 -}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java deleted file mode 100644 index ea3d4101b..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java +++ /dev/null @@ -1,66 +0,0 @@ -/*******************************************************************************
 - * Copyright 2014 Federal Chancellery Austria
 - * MOA-ID has been developed in a cooperation between BRZ, the Federal
 - * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 - * 
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - * 
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - * 
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - ******************************************************************************/
 -/*
 - * Copyright 2011 by Graz University of Technology, Austria
 - * The Austrian STORK Modules have been developed by the E-Government
 - * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
 - * Austria and Graz University of Technology.
 - *
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - *
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - *
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - */
 -
 -
 -package at.gv.egovernment.moa.id.auth.stork;
 -
 -import eu.stork.mw.messages.saml.STORKResponse;
 -
 -/**
 - * Interface to be implemented for SAML response verification
 - * @author bzwattendorfer
 - *
 - */
 -public interface ResponseVerifier {
 -	
 -	/**
 -	 * Verifies a STORK response
 -	 * @param response STORK response
 -	 * @throws SecurityException
 -	 */
 -	public void verify(STORKResponse response) throws SecurityException;
 -
 -}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java deleted file mode 100644 index 5dc615b6c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java +++ /dev/null @@ -1,187 +0,0 @@ -/*******************************************************************************
 - * Copyright 2014 Federal Chancellery Austria
 - * MOA-ID has been developed in a cooperation between BRZ, the Federal
 - * Chancellery Austria - ICT staff unit, and Graz University of Technology.
 - * 
 - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
 - * the European Commission - subsequent versions of the EUPL (the "Licence");
 - * You may not use this work except in compliance with the Licence.
 - * You may obtain a copy of the Licence at:
 - * http://www.osor.eu/eupl/
 - * 
 - * Unless required by applicable law or agreed to in writing, software
 - * distributed under the Licence is distributed on an "AS IS" basis,
 - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 - * See the Licence for the specific language governing permissions and
 - * limitations under the Licence.
 - * 
 - * This product combines work with different licenses. See the "NOTICE" text
 - * file for details on the various modules and licenses.
 - * The "NOTICE" text file is part of the distribution. Any derivative works
 - * that you distribute must include a readable copy of the "NOTICE" text file.
 - ******************************************************************************/
 -/**
 - * 
 - */
 -package at.gv.egovernment.moa.id.auth.stork;
 -
 -import javax.servlet.http.HttpServletRequest;
 -import javax.servlet.http.HttpServletResponse;
 -
 -import org.apache.velocity.app.VelocityEngine;
 -import org.opensaml.common.binding.BasicSAMLMessageContext;
 -import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
 -import org.opensaml.saml2.metadata.AssertionConsumerService;
 -import org.opensaml.saml2.metadata.Endpoint;
 -import org.opensaml.ws.transport.http.HTTPOutTransport;
 -import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
 -import org.opensaml.xml.security.credential.Credential;
 -
 -import at.gv.egovernment.moa.logging.Logger;
 -import eu.stork.mw.messages.saml.STORKAuthnRequest;
 -import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
 -import eu.stork.vidp.messages.exception.SAMLException;
 -import eu.stork.vidp.messages.exception.SAMLValidationException;
 -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
 -import eu.stork.vidp.messages.stork.RequestedAttributes;
 -import eu.stork.vidp.messages.util.SAMLUtil;
 -
 -/**
 - * Class handling all necessary functionality for STORK AuthnRequest processing
 - * 
 - * @author bzwattendorfer
 - *
 - */
 -public class STORKAuthnRequestProcessor {
 -	
 -	/**
 -	 * Creates a STORK AuthnRequest
 -	 * @param destination Destination URL
 -	 * @param acsURL Assertion Consumer Service URL
 -	 * @param providerName SP Provider Name
 -	 * @param issuerValue Issuer Name
 -	 * @param qaaLevel STORK QAALevel to be requested
 -	 * @param requestedAttributes Requested Attributes to be requested
 -	 * @param spSector Sp Sector
 -	 * @param spInstitution SP Institution
 -	 * @param spApplication SP Application
 -	 * @param spCountry SP Country
 -	 * @param textToBeSigned text to be included in signedDoc element
 -	 * @param mimeType mimeType for the text to be signed in signedDoc
 -	 * @return STORK AuthnRequest
 -	 */
 -	public static STORKAuthnRequest generateSTORKAuthnRequest(
 -			String destination, 
 -			String acsURL, 
 -			String providerName, 
 -			String issuerValue, 
 -			QualityAuthenticationAssuranceLevel qaaLevel, 
 -			RequestedAttributes requestedAttributes, 
 -			String spSector, 
 -			String spInstitution, 
 -			String spApplication, 
 -			String spCountry,
 -			String textToBeSigned,
 -			String mimeType) {
 -		
 -			
 -		STORKAuthnRequest storkAuthnRequest =  
 -			STORKMessagesBuilder.buildSTORKAuthnRequest(
 -					destination, 
 -					acsURL, 
 -					providerName, 
 -					issuerValue, 
 -					qaaLevel, 
 -					requestedAttributes, 
 -					spSector, 
 -					spInstitution, 
 -					spApplication, 
 -					spCountry);				
 -		
 -		STORKMessagesBuilder.buildAndAddSignatureRequestToAuthnRequest(storkAuthnRequest, textToBeSigned, mimeType, true);
 -		
 -		Logger.debug("Added signedDoc attribute to STORK AuthnRequest");
 -		
 -		return storkAuthnRequest;
 -		
 -	}
 -	
 -	/**
 -	 * Signs a STORK AuthnRequest
 -	 * @param storkAuthnRequest STORK AuthRequest to sign
 -	 * @param keyStorePath KeyStorePath to the signing key
 -	 * @param keyStorePassword KeyStore Password
 -	 * @param keyName Signing key name
 -	 * @param keyPassword Signing key password
 -	 * @return Signed STORK AuthnRequest
 -	 * @throws SAMLException
 -	 */
 -	public static STORKAuthnRequest signSTORKAuthnRequest(
 -			STORKAuthnRequest storkAuthnRequest,
 -			String keyStorePath,
 -			String keyStorePassword,
 -			String keyName,
 -			String keyPassword) throws SAMLException {
 -		
 -		Logger.trace("Building Credential Provider for signing process");
 -		
 -		CredentialProvider credentialProvider = new KeyStoreCredentialProvider(keyStorePath, keyStorePassword, keyName, keyPassword);
 -		
 -		Credential credential = credentialProvider.getCredential();
 -		
 -		Logger.trace("Credentials found");
 -		
 -		SAMLUtil.signSAMLObject(storkAuthnRequest, credential);
 -		
 -		return storkAuthnRequest;
 -	}
 -	
 -	/**
 -	 * Validates a STORK AuthnRequest
 -	 * @param storkAuthnRequest STORK AuthnRequest to validate
 -	 * @throws SAMLValidationException
 -	 */
 -	public static void validateSTORKAuthnRequest(STORKAuthnRequest storkAuthnRequest) throws SAMLValidationException {
 -				
 -		SAMLUtil.verifySAMLObjectStandardValidation(storkAuthnRequest, "saml2-core-schema-and-stork-validator");
 -		
 -	}
 -	
 -	/**
 -	 * Sends a STORK AuthnRequest (Endpoint taken out of AuthnRequest)
 -	 * @param request HttpServletRequest
 -	 * @param response HttpServletResponse
 -	 * @param storkAuthnRequest STORK AuthnRequest to send
 -	 * @throws Exception
 -	 */
 -	public static void sendSTORKAuthnRequest(HttpServletRequest request, HttpServletResponse response, STORKAuthnRequest storkAuthnRequest) throws Exception {
 -		
 -		Logger.trace("Create endpoint...");
 -		Endpoint endpoint = STORKMessagesBuilder.buildSAMLObject(AssertionConsumerService.DEFAULT_ELEMENT_NAME);
 -		endpoint.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
 -		endpoint.setLocation(storkAuthnRequest.getDestination());
 -
 -		
 -		Logger.trace("Prepare SAMLMessageContext...");
 -		HTTPOutTransport outTransport = new HttpServletResponseAdapter(response, request.isSecure());		
 -		BasicSAMLMessageContext<?, STORKAuthnRequest, ?> samlMessageContext = new BasicSAMLMessageContext();
 -		samlMessageContext.setOutboundMessageTransport(outTransport);
 -		samlMessageContext.setPeerEntityEndpoint(endpoint);
 -
 -		Logger.trace("Set STORK SAML AuthnRequest to SAMLMessageContext...");
 -		samlMessageContext.setOutboundSAMLMessage(storkAuthnRequest);
 -				
 -		Logger.trace("Initialize VelocityEngine...");
 -
 -		VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
 -		
 -//		HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
 -		HTTPPostEncoder encoder = new HTTPPostEncoder(velocityEngine, "/saml2-post-binding-moa.vm");
 -
 -		Logger.trace("HTTP-Post encode SAMLMessageContext...");
 -		encoder.encode(samlMessageContext);
 -	}
 -		
 -	
 -	
 -}
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 1fa7e5eb2..1804b5fd5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -63,6 +63,7 @@ import javax.xml.bind.JAXBContext;  import javax.xml.bind.Unmarshaller;  import org.hibernate.cfg.Configuration; +import org.opensaml.DefaultBootstrap;  import at.gv.egovernment.moa.id.auth.AuthenticationServer;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -363,9 +364,9 @@ public class AuthConfigurationProvider extends ConfigurationProvider {  		//Initialize OpenSAML for STORK -//		Logger.info("Starting initialization of OpenSAML..."); -//		STORKBootstrap.bootstrap(); -//		Logger.debug("OpenSAML successfully initialized"); +		Logger.info("Starting initialization of OpenSAML..."); +		DefaultBootstrap.bootstrap(); +		Logger.debug("OpenSAML successfully initialized");  		String legacyconfig = props.getProperty("configuration.xml.legacy"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 998e28f6a..7a38e2afd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -273,7 +273,12 @@ public boolean isOnlyMandateAllowed() {  	 * @return true, if is we should show stork login  	 */  	public boolean isShowStorkLogin() { -		return oa_auth.getOASTORK().isStorkLogonEnabled(); +		try { +			return oa_auth.getOASTORK().isStorkLogonEnabled(); +		 +		} catch (NullPointerException e) { +			return false; +		}  	}  public Map<String, String> getFormCustomizaten() { @@ -322,7 +327,12 @@ public Map<String, String> getFormCustomizaten() {  }  public Integer getQaaLevel() { -	return oa_auth.getOASTORK().getQaa(); +	 +	if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null) +		return oa_auth.getOASTORK().getQaa(); +	 +	else +		return 4;  }  /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 5b4843752..0172cce2d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x;  public interface PVPConstants { +	public static final String STORK_QAA_PREFIX = "http://www.stork.gov.eu/1.0/citizenQAALevel/";  	public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1";  	public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2";  	public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index 28299871c..7c9cc6259 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.binding;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import org.jcp.xml.dsig.internal.dom.DOMURIDereferencer;  import org.opensaml.common.SAMLObject;  import org.opensaml.common.binding.BasicSAMLMessageContext;  import org.opensaml.common.xml.SAMLConstants; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 17f76d35a..bc90da8df 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -74,6 +74,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedExcept  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;  import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.id.util.QAALevelVerifier;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.Constants; @@ -89,45 +90,59 @@ public class PVP2AssertionBuilder implements PVPConstants {  		AuthnContextClassRef authnContextClassRef = SAML2Utils  				.createSAMLObject(AuthnContextClassRef.class); +		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +				.getOnlineApplicationParameter( +						peerEntity.getEntityID()); +		  		if (reqAuthnContext == null) {  			 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); -		} else { +		} -			boolean stork_qaa_1_4_found = false; +		boolean stork_qaa_1_4_found = false; +	 +		 List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext +				.getAuthnContextClassRefs(); -			 List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext -					.getAuthnContextClassRefs(); +		 if (reqAuthnContextClassRefIt.size() == 0) { +			  +			 QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),  +					 STORK_QAA_1_4); -			 if (reqAuthnContextClassRefIt.size() == 0) { -				 stork_qaa_1_4_found = true; -				 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); -				  -			 } else { -				 for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { -					 String qaa_uri = authnClassRef.getAuthnContextClassRef(); -					 if (qaa_uri.trim().equals(STORK_QAA_1_4) -							 || qaa_uri.trim().equals(STORK_QAA_1_3) -							 || qaa_uri.trim().equals(STORK_QAA_1_2) -							 || qaa_uri.trim().equals(STORK_QAA_1_1)) { -						 -						 if (authSession.isForeigner()) { -							 //TODO: insert QAA check -						 -							 stork_qaa_1_4_found = false; -						 -						 } else { -							 stork_qaa_1_4_found = true; -							 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); -						 } -						 break; +			 stork_qaa_1_4_found = true; +			 authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); +			  +		 } else { +			 for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { +				 String qaa_uri = authnClassRef.getAuthnContextClassRef(); +				 if (qaa_uri.trim().equals(STORK_QAA_1_4) +						 || qaa_uri.trim().equals(STORK_QAA_1_3) +						 || qaa_uri.trim().equals(STORK_QAA_1_2) +						 || qaa_uri.trim().equals(STORK_QAA_1_1)) { +					 +					 if (authSession.isForeigner()) { +						 QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),  +								 STORK_QAA_PREFIX + oaParam.getQaaLevel()); +						  +						 stork_qaa_1_4_found = true; +						 authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); +						  +					 } else { +						  +						 QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(),  +								 qaa_uri.trim()); +						  +						 stork_qaa_1_4_found = true; +						 authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); +						 							   					 } +					 break;  				 }  			 } -	 -			if (!stork_qaa_1_4_found) { -				throw new QAANotSupportedException(STORK_QAA_1_4); -			} +		 } + +		if (!stork_qaa_1_4_found) { +			throw new QAANotSupportedException(STORK_QAA_1_4);  		}  //		reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() @@ -209,12 +224,6 @@ public class PVP2AssertionBuilder implements PVPConstants {  		 * null, true); } }  		 */ -		// TODO: LOAD oaParam from request and not from MOASession in case of -		// SSO -		OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() -				.getOnlineApplicationParameter( -						peerEntity.getEntityID()); -  		AuthenticationData authData = AuthenticationServer  				.buildAuthenticationData(authSession, oaParam,  						oaParam.getTarget()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java index 523063c6e..f3d815e7d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.data.AuthenticationData;  import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.util.MiscUtil;  public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { @@ -44,11 +45,19 @@ public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {  			IAttributeGenerator<ATT> g) throws AttributeException {  		try {  			DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); -			Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); -			DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); -			String dateString = pvpDateFormat.format(date); -			return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); +			if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) {			 +				Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); +				DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); +				String dateString = pvpDateFormat.format(date); +			 +				return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); +				 +			} else { +				//build empty attribute if no Birthday date is found (STORK2) +				return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); +				 +			}  			//return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);  		} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index d318792f1..f4b48ece3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -22,14 +22,11 @@   *******************************************************************************/  package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; -import java.io.IOException;  import java.util.ArrayList; -import java.util.Date;  import java.util.List;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException;  import org.joda.time.DateTime;  import org.opensaml.Configuration; @@ -40,12 +37,10 @@ import org.opensaml.saml2.core.EncryptedAssertion;  import org.opensaml.saml2.core.Issuer;  import org.opensaml.saml2.core.NameID;  import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.core.impl.EncryptedAssertionBuilder;  import org.opensaml.saml2.encryption.Encrypter;  import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;  import org.opensaml.saml2.metadata.AssertionConsumerService;  import org.opensaml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml2.metadata.KeyDescriptor;  import org.opensaml.saml2.metadata.SPSSODescriptor;  import org.opensaml.security.MetadataCredentialResolver;  import org.opensaml.security.MetadataCriteria; @@ -54,17 +49,13 @@ import org.opensaml.xml.encryption.EncryptionConstants;  import org.opensaml.xml.encryption.EncryptionException;  import org.opensaml.xml.encryption.EncryptionParameters;  import org.opensaml.xml.encryption.KeyEncryptionParameters; -import org.opensaml.xml.io.MarshallingException;  import org.opensaml.xml.security.CriteriaSet;  import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.Credential;  import org.opensaml.xml.security.credential.UsageType;  import org.opensaml.xml.security.criteria.EntityIDCriteria;  import org.opensaml.xml.security.criteria.UsageCriteria;  import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.BasicX509Credential;  import org.opensaml.xml.security.x509.X509Credential; -import org.opensaml.xml.signature.KeyInfo;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;  import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -80,7 +71,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedEx  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;  import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;  import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.PrettyPrinter;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;  import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index 1963115da..e3e25b1a9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -37,7 +37,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;  import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;  import at.gv.egovernment.moa.logging.Logger;  import at.gv.egovernment.moa.util.KeyStoreUtils; -import at.gv.egovernment.moa.util.MiscUtil;  public class CredentialProvider { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java index d398ca533..f0ae6f446 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -113,10 +113,12 @@ public class MetadataSignatureFilter implements MetadataFilter {  					throw new MOAIDException("Root element of metadata file has to be signed", null);  				}  				processEntitiesDescriptor(entitiesDescriptor); -			} /*else if (metadata instanceof EntityDescriptor) { +				 +			} else if (metadata instanceof EntityDescriptor) {  				EntityDescriptor entityDescriptor = (EntityDescriptor) metadata;  				processEntityDescriptorr(entityDescriptor); -			} */else { +				 +			} else {  				throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);  			} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java index e48c7bb98..67a91f6e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java @@ -34,36 +34,36 @@ import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider;  import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;  import org.opensaml.xml.signature.SignatureTrustEngine;  import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; -import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; +//import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;  import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; +//import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;  public class TrustEngineFactory { -	public static SignatureTrustEngine getSignatureTrustEngine() { -		try { -			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( -					MOAMetadataProvider.getInstance()); - -			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); -			keyInfoProvider.add(new DSAKeyValueProvider()); -			keyInfoProvider.add(new RSAKeyValueProvider()); -			keyInfoProvider.add(new InlineX509DataProvider()); - -			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( -					keyInfoProvider); - -			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( -					mdResolver, keyInfoResolver); - -			return engine; - -		} catch (Exception e) { -			e.printStackTrace(); -			return null; -		} -	} +//	public static SignatureTrustEngine getSignatureTrustEngine() { +//		try { +//			MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( +//					MOAMetadataProvider.getInstance()); +// +//			List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); +//			keyInfoProvider.add(new DSAKeyValueProvider()); +//			keyInfoProvider.add(new RSAKeyValueProvider()); +//			keyInfoProvider.add(new InlineX509DataProvider()); +// +//			KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( +//					keyInfoProvider); +// +//			PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( +//					mdResolver, keyInfoResolver); +// +//			return engine; +// +//		} catch (Exception e) { +//			e.printStackTrace(); +//			return null; +//		} +//	}  	public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() {  		MetadataCredentialResolver resolver; diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java index 77969010f..9562d1c42 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWService.java @@ -14,7 +14,7 @@ import javax.xml.ws.WebServiceFeature;  /**   * This class was generated by the JAX-WS RI.   * JAX-WS RI 2.2.4-b01 - * Generated source version: 2.2 + * Generated source version: 2.1   *    */  @WebServiceClient(name = "SZRGWService", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", wsdlLocation = "file:/D:/Projekte/svn/online-vollmachten/egovutils/src/main/resources/wsdl/szrgw/szrgw.wsdl") @@ -42,26 +42,10 @@ public class SZRGWService          super(__getWsdlLocation(), SZRGWSERVICE_QNAME);      } -    public SZRGWService(WebServiceFeature... features) { -        super(__getWsdlLocation(), SZRGWSERVICE_QNAME, features); -    } - -    public SZRGWService(URL wsdlLocation) { -        super(wsdlLocation, SZRGWSERVICE_QNAME); -    } - -    public SZRGWService(URL wsdlLocation, WebServiceFeature... features) { -        super(wsdlLocation, SZRGWSERVICE_QNAME, features); -    } -      public SZRGWService(URL wsdlLocation, QName serviceName) {          super(wsdlLocation, serviceName);      } -    public SZRGWService(URL wsdlLocation, QName serviceName, WebServiceFeature... features) { -        super(wsdlLocation, serviceName, features); -    } -      /**       *        * @return diff --git a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java index 01ca437c9..9f0a8bd6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/wsdl/szrgw/SZRGWType.java @@ -14,7 +14,7 @@ import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;  /**   * This class was generated by the JAX-WS RI.   * JAX-WS RI 2.2.4-b01 - * Generated source version: 2.2 + * Generated source version: 2.1   *    */  @WebService(name = "SZRGWType", targetNamespace = "http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl") diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java index eb9ff0739..ebcee3d1d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/AbstractPersonType.java @@ -62,7 +62,7 @@ public class AbstractPersonType {      @XmlElement(name = "Identification")      protected List<IdentificationType> identification; -    @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) +    @XmlElementRef(name = "AbstractSimpleIdentification", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)      protected List<JAXBElement<? extends AbstractSimpleIdentificationType>> abstractSimpleIdentification;      @XmlAttribute(name = "Id")      @XmlJavaTypeAdapter(CollapsedStringAdapter.class) @@ -120,14 +120,14 @@ public class AbstractPersonType {       * <p>       * Objects of the following type(s) are allowed in the list       * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} -     * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >}       * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} -     * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >}       * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} -     * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >} -     * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >}       * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} +     * {@link JAXBElement }{@code <}{@link ZMRzahl }{@code >}       * {@link JAXBElement }{@code <}{@link AbstractSimpleIdentificationType }{@code >} +     * {@link JAXBElement }{@code <}{@link Vereinsnummer }{@code >} +     * {@link JAXBElement }{@code <}{@link Firmenbuchnummer }{@code >} +     * {@link JAXBElement }{@code <}{@link ERJPZahl }{@code >}       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java index 0a542e073..bd7d32493 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactCorporateBodyType.java @@ -188,8 +188,8 @@ public class CompactCorporateBodyType       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java index 1aa6acbf4..aad9fa004 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPersonDataType.java @@ -63,7 +63,7 @@ public class CompactPersonDataType      @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)      protected JAXBElement<? extends AbstractPersonType> person; -    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) +    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)      protected List<JAXBElement<? extends AbstractAddressType>> address;      @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")      protected List<SignatureType> signature; @@ -75,11 +75,11 @@ public class CompactPersonDataType       *        * @return       *     possible object is -     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} +     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}       *            */      public JAXBElement<? extends AbstractPersonType> getPerson() { @@ -91,11 +91,11 @@ public class CompactPersonDataType       *        * @param value       *     allowed object is -     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} +     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}       *            */      public void setPerson(JAXBElement<? extends AbstractPersonType> value) { @@ -120,12 +120,12 @@ public class CompactPersonDataType       *        * <p>       * Objects of the following type(s) are allowed in the list +     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} +     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >} -     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} -     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java index 94e97ea12..1e37799b0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CompactPhysicalPersonType.java @@ -240,8 +240,8 @@ public class CompactPhysicalPersonType       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java index 19d957d80..6596ae3ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/CorporateBodyType.java @@ -256,8 +256,8 @@ public class CorporateBodyType       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java index f22d6858a..df20e777f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/IdentificationType.java @@ -172,8 +172,8 @@ public class IdentificationType {       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java index 2afa51544..90dfd4110 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/InternetAddressType.java @@ -121,8 +121,8 @@ public class InternetAddressType       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java index 4a426fc93..ebc563acb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/NationalityType.java @@ -52,10 +52,10 @@ import org.w3c.dom.Element;  public class NationalityType {      @XmlElementRefs({ -        @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), -        @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class),          @XmlElementRef(name = "CountryNameFR", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), -        @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) +        @XmlElementRef(name = "CountryNameEN", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), +        @XmlElementRef(name = "CountryNameDE", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), +        @XmlElementRef(name = "ISOCode3", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)      })      @XmlMixed      @XmlAnyElement(lax = true) @@ -79,13 +79,13 @@ public class NationalityType {       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link JAXBElement }{@code <}{@link String }{@code >}       * {@link JAXBElement }{@code <}{@link String }{@code >} -     * {@link Object }       * {@link String }       * {@link JAXBElement }{@code <}{@link String }{@code >}       * {@link JAXBElement }{@code <}{@link String }{@code >} +     * {@link Element } +     * {@link Object }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java index cefaa3bbd..699519798 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PersonDataType.java @@ -63,7 +63,7 @@ public class PersonDataType      @XmlElementRef(name = "Person", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)      protected JAXBElement<? extends AbstractPersonType> person; -    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class, required = false) +    @XmlElementRef(name = "Address", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class)      protected List<JAXBElement<? extends AbstractAddressType>> address;      @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#")      protected List<SignatureType> signature; @@ -75,11 +75,11 @@ public class PersonDataType       *        * @return       *     possible object is -     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} +     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}       *            */      public JAXBElement<? extends AbstractPersonType> getPerson() { @@ -91,11 +91,11 @@ public class PersonDataType       *        * @param value       *     allowed object is -     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >} -     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link CompactPhysicalPersonType }{@code >} +     *     {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}       *     {@link JAXBElement }{@code <}{@link CompactCorporateBodyType }{@code >} +     *     {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}       *            */      public void setPerson(JAXBElement<? extends AbstractPersonType> value) { @@ -120,12 +120,12 @@ public class PersonDataType       *        * <p>       * Objects of the following type(s) are allowed in the list +     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >} +     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}       * {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >} -     * {@link JAXBElement }{@code <}{@link CompactPostalAddressType }{@code >} -     * {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java index f2727635e..4c5a5e34f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/PhysicalPersonType.java @@ -484,8 +484,8 @@ public class PhysicalPersonType       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java index eb7640237..2e8e7e6e3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TelephoneAddressType.java @@ -125,8 +125,8 @@ public class TelephoneAddressType       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java index c85e2ec69..0b53e5e6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/persondata/TypedPostalAddressType.java @@ -120,8 +120,8 @@ public class TypedPostalAddressType       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link Object } +     * {@link Element }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java index e8ec84ccf..fb556ea95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/AdviceType.java @@ -41,8 +41,8 @@ import org.w3c.dom.Element;  public class AdviceType {      @XmlElementRefs({ -        @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false) +        @XmlElementRef(name = "Assertion", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class), +        @XmlElementRef(name = "AssertionIDReference", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class)      })      @XmlAnyElement(lax = true)      protected List<Object> assertionIDReferenceOrAssertionOrAny; @@ -65,10 +65,10 @@ public class AdviceType {       *        * <p>       * Objects of the following type(s) are allowed in the list +     * {@link JAXBElement }{@code <}{@link String }{@code >}       * {@link Element }       * {@link JAXBElement }{@code <}{@link AssertionType }{@code >}       * {@link Object } -     * {@link JAXBElement }{@code <}{@link String }{@code >}       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java index 6845e807a..89b61c35c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/saml/assertion/SubjectType.java @@ -41,8 +41,8 @@ import javax.xml.bind.annotation.XmlType;  public class SubjectType {      @XmlElementRefs({ -        @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class, required = false) +        @XmlElementRef(name = "NameIdentifier", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class), +        @XmlElementRef(name = "SubjectConfirmation", namespace = "urn:oasis:names:tc:SAML:1.0:assertion", type = JAXBElement.class)      })      protected List<JAXBElement<?>> content; diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java index 1f980f6df..c6845af5e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyInfoType.java @@ -53,13 +53,13 @@ import org.w3c.dom.Element;  public class KeyInfoType {      @XmlElementRefs({ -        @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) +        @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)      })      @XmlMixed      @XmlAnyElement(lax = true) @@ -88,16 +88,16 @@ public class KeyInfoType {       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element } -     * {@link JAXBElement }{@code <}{@link String }{@code >}       * {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}       * {@link JAXBElement }{@code <}{@link X509DataType }{@code >} +     * {@link JAXBElement }{@code <}{@link String }{@code >}       * {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >} -     * {@link Object } -     * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}       * {@link String }       * {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >} +     * {@link Element } +     * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}       * {@link JAXBElement }{@code <}{@link String }{@code >} +     * {@link Object }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java index 55001162c..68693eace 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/KeyValueType.java @@ -42,8 +42,8 @@ import org.w3c.dom.Element;  public class KeyValueType {      @XmlElementRefs({ -        @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) +        @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)      })      @XmlMixed      @XmlAnyElement(lax = true) @@ -68,10 +68,10 @@ public class KeyValueType {       * <p>       * Objects of the following type(s) are allowed in the list       * {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >} -     * {@link Element } +     * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}       * {@link String } +     * {@link Element }       * {@link Object } -     * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java index a32d3badc..167a019bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/ObjectFactory.java @@ -25,6 +25,7 @@ import javax.xml.namespace.QName;  @XmlRegistry  public class ObjectFactory { +    private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength");      private final static QName _PGPData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPData");      private final static QName _SPKIData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKIData");      private final static QName _CanonicalizationMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod"); @@ -49,16 +50,15 @@ public class ObjectFactory {      private final static QName _Transform_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transform");      private final static QName _DigestValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestValue");      private final static QName _KeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue"); -    private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath"); +    private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID"); +    private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket"); +    private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp");      private final static QName _X509DataTypeX509IssuerSerial_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial");      private final static QName _X509DataTypeX509Certificate_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");      private final static QName _X509DataTypeX509SKI_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SKI");      private final static QName _X509DataTypeX509SubjectName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName");      private final static QName _X509DataTypeX509CRL_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509CRL"); -    private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength"); -    private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp"); -    private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID"); -    private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket"); +    private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath");      /**       * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.util.xsd.xmldsig @@ -244,6 +244,15 @@ public class ObjectFactory {      }      /** +     * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}} +     *  +     */ +    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class) +    public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) { +        return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value); +    } + +    /**       * Create an instance of {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}}       *        */ @@ -463,9 +472,27 @@ public class ObjectFactory {       * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}       *        */ -    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class) -    public JAXBElement<String> createTransformTypeXPath(String value) { -        return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value); +    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class) +    public JAXBElement<String> createPGPDataTypePGPKeyID(String value) { +        return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value); +    } + +    /** +     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} +     *  +     */ +    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class) +    public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) { +        return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value); +    } + +    /** +     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} +     *  +     */ +    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class) +    public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) { +        return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value);      }      /** @@ -514,39 +541,12 @@ public class ObjectFactory {      }      /** -     * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}} -     *  -     */ -    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class) -    public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) { -        return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value); -    } - -    /** -     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} -     *  -     */ -    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class) -    public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) { -        return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value); -    } - -    /**       * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}}       *        */ -    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class) -    public JAXBElement<String> createPGPDataTypePGPKeyID(String value) { -        return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value); -    } - -    /** -     * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} -     *  -     */ -    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class) -    public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) { -        return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value); +    @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class) +    public JAXBElement<String> createTransformTypeXPath(String value) { +        return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value);      }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java index e45501db6..add2d8886 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/PGPDataType.java @@ -47,8 +47,8 @@ import org.w3c.dom.Element;  public class PGPDataType {      @XmlElementRefs({ -        @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) +        @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)      })      @XmlAnyElement(lax = true)      protected List<Object> content; @@ -81,10 +81,10 @@ public class PGPDataType {       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element } -     * {@link Object }       * {@link JAXBElement }{@code <}{@link String }{@code >} +     * {@link Element }       * {@link JAXBElement }{@code <}{@link String }{@code >} +     * {@link Object }       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java index f829d355d..e6a187e9b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SPKIDataType.java @@ -60,8 +60,8 @@ public class SPKIDataType {       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element }       * {@link JAXBElement }{@code <}{@link String }{@code >} +     * {@link Element }       * {@link Object }       *        *  diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java index 70695afdf..1a463591b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/SignatureMethodType.java @@ -42,7 +42,7 @@ import javax.xml.bind.annotation.XmlType;  })  public class SignatureMethodType { -    @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) +    @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)      @XmlMixed      @XmlAnyElement(lax = true)      protected List<Object> content; @@ -68,9 +68,9 @@ public class SignatureMethodType {       *        * <p>       * Objects of the following type(s) are allowed in the list +     * {@link JAXBElement }{@code <}{@link BigInteger }{@code >}       * {@link String }       * {@link Object } -     * {@link JAXBElement }{@code <}{@link BigInteger }{@code >}       *        *        */ diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java index 2b96c553e..e92465a4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/TransformType.java @@ -42,7 +42,7 @@ import org.w3c.dom.Element;  })  public class TransformType { -    @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) +    @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)      @XmlMixed      @XmlAnyElement(lax = true)      protected List<Object> content; @@ -68,9 +68,9 @@ public class TransformType {       *        * <p>       * Objects of the following type(s) are allowed in the list +     * {@link String }       * {@link JAXBElement }{@code <}{@link String }{@code >}       * {@link Element } -     * {@link String }       * {@link Object }       *        *  diff --git a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java index e3148b2d0..c70b72293 100644 --- a/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java +++ b/id/server/idserverlib/src/main/java/at/gv/util/xsd/xmldsig/X509DataType.java @@ -46,11 +46,11 @@ import org.w3c.dom.Element;  public class X509DataType {      @XmlElementRefs({ -        @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false), -        @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class, required = false) +        @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), +        @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class)      })      @XmlAnyElement(lax = true)      protected List<Object> x509IssuerSerialOrX509SKIOrX509SubjectName; @@ -73,13 +73,13 @@ public class X509DataType {       *        * <p>       * Objects of the following type(s) are allowed in the list -     * {@link Element } -     * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}       * {@link JAXBElement }{@code <}{@link String }{@code >} +     * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}       * {@link JAXBElement }{@code <}{@link String }{@code >} -     * {@link Object } +     * {@link Element }       * {@link JAXBElement }{@code <}{@link String }{@code >}       * {@link JAXBElement }{@code <}{@link String }{@code >} +     * {@link Object }       *        *        */ diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index dc698782a..a6c0601e4 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -220,6 +220,7 @@ pvp2.13=Interner Server Fehler  pvp2.14=SAML Anfrage verweigert
  pvp2.15=Keine Metadateninformation gefunden
  pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
 +pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
  oauth20.01=Fehlerhafte redirect url
  oauth20.02=Fehlender Parameter "{0}"
 diff --git a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html index 3eff06daf..9d6ad4085 100644 --- a/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html +++ b/id/server/idserverlib/src/main/resources/resources/templates/loginFormFull.html @@ -3,333 +3,318 @@  <head>  <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> -<!-- MOA-ID 2.x BKUSelection Layout CSS --> -<style type="text/css"> -@media screen and (min-width: 650px) { -	body { -		margin: 0; -		padding: 0; -		color: #000; -		background-color: #fff; -		text-align: center; -		background-color: #6B7B8B; -	} -	#localBKU p { -		font-size: 0.7em; -	} -	#localBKU input { -		font-size: 0.7em; -		/*border-radius: 5px;*/ -	} -	#bkuselectionarea input[type=button] { -		font-size: 0.85em; -		/*border-radius: 7px;*/ -		margin-bottom: 25px; -		min-width: 80px; -	} -	#mandateLogin { -		font-size: 0.85em; -	} -	#bku_header h2 { -		font-size: 0.8em; -	} -	#page { -		display: block; -		border: 2px solid rgb(0, 0, 0); -		width: 650px; -		height: 440px; -		margin: 0 auto; -		margin-top: 5%; -		position: relative; -		border-radius: 25px; -		background: rgb(255, 255, 255); -	} -	#page1 { -		text-align: center; -	} -	#main { -		/*	clear:both; */ -		position: relative; -		margin: 0 auto; -		width: 250px; -		text-align: center; -	} -	.OA_header { -		/*	  background-color: white;*/ -		font-size: 20pt; -		margin-bottom: 25px; -		margin-top: 25px; -	} -	#leftcontent { -		/*float:left; */ -		width: 250px; -		margin-bottom: 25px; -		text-align: left; -		border: 1px solid rgb(0, 0, 0); -	} -	#selectArea { -		font-size: 15px; -		padding-bottom: 65px; -	} -	#leftcontent { -		width: 300px; -		margin-top: 30px; -	} -	#bku_header { -		height: 5%; -		padding-bottom: 3px; -		padding-top: 3px; -	} -	#bkulogin { -		overflow: hidden; -		min-width: 190px; -		min-height: 180px; -		/*height: 260px;*/ -	} -	h2#tabheader { -		font-size: 1.1em; -		padding-left: 2%; -		padding-right: 2%; -		position: relative; -	} -	.setAssertionButton_full { -		background: #efefef; -		cursor: pointer; -		margin-top: 15px; -		width: 100px; -		height: 30px -	} -	#leftbutton { -		width: 30%; -		float: left; -		margin-left: 40px; -	} -	#rightbutton { -		width: 30%; -		float: right; -		margin-right: 45px; -		text-align: right; -	} -	button { -		height: 25px; -		width: 75px; -		margin-bottom: 10px; -	} -	#validation { -		position: absolute; -		bottom: 0px; -		margin-left: 270px; -		padding-bottom: 10px; -	} -} +   <!-- MOA-ID 2.x BKUSelection Layout CSS -->                +    <style type="text/css"> +			@media screen and (min-width: 650px) { +			 +				body { +					margin:0; +					padding:0; +					color : #000; +					background-color : #fff; +			  	text-align: center; +			  	background-color: #6B7B8B; +				} +				 +        #localBKU p { +          font-size: 0.7em; +        }  +         +        #localBKU input{ +          font-size: 0.7em; +          /*border-radius: 5px;*/ +        } +         +         #bkuselectionarea input[type=button] { +          font-size: 0.85em; +          /*border-radius: 7px;*/ +          margin-bottom: 25px; +          min-width: 80px; +         } +         +        #mandateLogin { +          font-size: 0.85em; +        } +         +        #bku_header h2 { +          font-size: 0.8em; +        }  +         +         +			  #page { +			    display: block; +			    border: 2px solid rgb(0,0,0); +			    width: 650px; +			    height: 460px; +			    margin: 0 auto; +			    margin-top: 5%; +			    position: relative; +			    border-radius: 25px; +			    background: rgb(255,255,255); +			  } +			   +			  #page1 { +			    text-align: center; +			  } +			   +			  #main { +			    /*	clear:both; */ +				  position:relative; +			    margin: 0 auto; +			    width: 250px; +			    text-align: center; +			  } +			   +			  .OA_header { +			/*	  background-color: white;*/ +			    font-size: 20pt; +			    margin-bottom: 25px; +			    margin-top: 25px; +			  } +			 +			  #leftcontent { +			    /*float:left; */ +				  width:250px; +				  margin-bottom: 25px; +			    text-align: left; +			    border: 1px solid rgb(0,0,0); +			  } +			  			   +			  #selectArea { +				 font-size: 15px; +				 padding-bottom: 65px; +			  } +			 +			  #leftcontent { +				 width: 300px; +				 margin-top: 30px; +			  } +			 +        #bku_header { +          height: 5%; +          padding-bottom: 3px; +          padding-top: 3px; +        } +       +        #bkulogin { +				  overflow:hidden;	 +          min-width: 190px; +          min-height: 180px; +          /*height: 260px;*/	 +			  } +       +        h2#tabheader{ +				  font-size: 1.1em;  +          padding-left: 2%; +          padding-right: 2%; +          position: relative; +			  } +      	 +        #stork h2 { +          font-size: 1.0em; +          margin-bottom: 2%; +        } +        		   +			  .setAssertionButton_full { +			  	background: #efefef; +				  cursor: pointer; +				  margin-top: 15px; +			    width: 100px; +			    height: 30px +			  } +			 +			  #leftbutton  { +				 width: 30%;  +				 float:left;  +				 margin-left: 40px; +			  } +			 +			  #rightbutton { +				 width: 30%;  +				 float:right;  +				 margin-right: 45px;  +				 text-align: right; +			  } +         +        button { +          height: 25px; +          width: 75px; +          margin-bottom: 10px; +        } +         +       #validation { +        position: absolute; +        bottom: 0px; +        margin-left: 270px; +        padding-bottom: 10px; +      } +			 +			} -@media screen and (max-width: 205px) { -	#localBKU p { -		font-size: 0.6em; -	} -	#localBKU input { -		font-size: 0.6em; -		min-width: 60px; -		/* max-width: 65px; */ -		min-height: 1.0em; -		/* border-radius: 5px; */ -	} -	#bkuselectionarea input[type=button] { -		font-size: 0.7em; -		min-width: 55px; -		/*min-height: 1.1em; +      @media screen and (max-width: 205px) { +        #localBKU p { +          font-size: 0.6em; +        }  +         +        #localBKU input { +          font-size: 0.6em; +          min-width: 60px; +         /* max-width: 65px; */ +          min-height: 1.0em; +         /* border-radius: 5px; */ +        } +         +        #bkuselectionarea input[type=button] { +          font-size: 0.7em; +          min-width: 55px; +          /*min-height: 1.1em;            border-radius: 5px;*/ -		margin-bottom: 2% -	} -	#mandateLogin { -		font-size: 0.65em; -	} -	#bku_header h2 { -		font-size: 0.8em; -		margin-top: -0.4em; -		padding-top: 0.4em; -	} -	#bkulogin { -		min-height: 150px; -	} -} +          margin-bottom: 2% +        } +         +        #mandateLogin { +          font-size: 0.65em; +        } +         +        #bku_header h2 { +          font-size: 0.8em; +          margin-top: -0.4em; +          padding-top: 0.4em; +        } +         +        #bkulogin { +        min-height: 150px; +        }  +      } -@media screen and (max-width: 249px) and (min-width: 206px) { -	#localBKU p { -		font-size: 0.7em; -	} -	#localBKU input { -		font-size: 0.7em; -		min-width: 70px; -		/*    max-width: 75px;    */ -		min-height: 0.95em; -		/*  border-radius: 6px;    */ -	} -	#bkuselectionarea input[type=button] { -		font-size: 0.75em; -		min-width: 60px; -		/*    min-height: 0.95em; +      @media screen and (max-width: 249px) and (min-width: 206px) { +        #localBKU p { +          font-size: 0.7em; +        }  +         +        #localBKU input { +          font-size: 0.7em; +          min-width: 70px; +       /*    max-width: 75px;    */ +          min-height: 0.95em; +        /*  border-radius: 6px;    */ +        } +         +        #bkuselectionarea input[type=button] { +          font-size: 0.75em; +          min-width: 60px; +      /*    min-height: 0.95em;            border-radius: 6px;    */ -		margin-bottom: 5% -	} -	#mandateLogin { -		font-size: 0.75em; -	} -	#bku_header h2 { -		font-size: 0.9em; -		margin-top: -0.45em; -		padding-top: 0.45em; -	} -	#bkulogin { -		min-height: 180px; -	} -} +          margin-bottom: 5% +        } +         +        #mandateLogin { +          font-size: 0.75em; +        } +         +        #bku_header h2 { +          font-size: 0.9em; +          margin-top: -0.45em; +          padding-top: 0.45em; +        } +         +        #bkulogin { +          min-height: 180px; +        }   +      } -@media screen and (max-width: 299px) and (min-width: 250px) { -	#localBKU p { -		font-size: 0.9em; -	} -	#localBKU input { -		font-size: 0.8em; -		min-width: 70px; -		/*    max-width: 75px;      */ -		/*    border-radius: 6px;  */ -	} -	#bkuselectionarea input[type=button] { -		font-size: 0.85em; -		/*     min-height: 1.05em; +      @media screen and (max-width: 299px) and (min-width: 250px) { +        #localBKU p { +          font-size: 0.9em; +        }  +         +        #localBKU input { +          font-size: 0.8em; +          min-width: 70px; +       /*    max-width: 75px;      */ +      /*    border-radius: 6px;  */ +        } +         +        #bkuselectionarea input[type=button] { +          font-size: 0.85em; +     /*     min-height: 1.05em;            border-radius: 7px;        */ -		margin-bottom: 10%; -	} -	#mandateLogin { -		font-size: 1em; -	} -	#bku_header h2 { -		font-size: 1.0em; -		margin-top: -0.50em; -		padding-top: 0.50em; -	} -} +          margin-bottom: 10%; +        } +         +        #mandateLogin { +          font-size: 1em; +        } +         +        #bku_header h2 { +          font-size: 1.0em; +          margin-top: -0.50em; +          padding-top: 0.50em; +        }  +      } -@media screen and (max-width: 399px) and (min-width: 300px) { -	#localBKU p { -		font-size: 0.9em; -	} -	#localBKU input { -		font-size: 0.8em; -		min-width: 70px; -		/*     max-width: 75px;     */ -		/*    border-radius: 6px;       */ -	} -	#bkuselectionarea input[type=button] { -		font-size: 0.9em; -		/*       min-height: 1.2em; +      @media screen and (max-width: 399px) and (min-width: 300px) { +        #localBKU p { +          font-size: 0.9em; +        }  +         +        #localBKU input { +          font-size: 0.8em; +          min-width: 70px; +      /*     max-width: 75px;     */ +      /*    border-radius: 6px;       */ +        } +         +        #bkuselectionarea input[type=button] { +          font-size: 0.9em; +   /*       min-height: 1.2em;            border-radius: 8px;          */ -		margin-bottom: 10%; -		max-width: 80px; -	} -	#mandateLogin { -		font-size: 1em; -	} -	#bku_header h2 { -		font-size: 1.1em; -		margin-top: -0.55em; -		padding-top: 0.55em; -	} -} - -@media screen and (max-width: 649px) and (min-width: 400px) { -	#localBKU p { -		font-size: 0.9em; -	} -	#localBKU input { -		font-size: 0.8em; -		min-width: 70px; -		/*     max-width: 80px;       */ -		/*     border-radius: 6px;          */ -	} -	#bkuselectionarea input[type=button] { -		font-size: 1.0em; -		/*      min-height: 1.3em; +          margin-bottom: 10%; +          max-width: 80px; +        } +         +        #mandateLogin { +          font-size: 1em; +        } +         +        #bku_header h2 { +          font-size: 1.1em; +          margin-top: -0.55em; +          padding-top: 0.55em; +        }  +      } +       +      @media screen and (max-width: 649px) and (min-width: 400px) { +        #localBKU p { +          font-size: 0.9em; +        }  +         +        #localBKU input { +          font-size: 0.8em; +          min-width: 70px; +      /*     max-width: 80px;       */ +     /*     border-radius: 6px;          */ +        } +         +        #bkuselectionarea input[type=button] { +          font-size: 1.0em; +     /*      min-height: 1.3em;           border-radius: 10px;         */ -		margin-bottom: 10%; -		max-width: 85px; -	} -	#mandateLogin { -		font-size: 1.2em; -	} -	#bku_header h2 { -		font-size: 1.3em; -		margin-top: -0.65em; -		padding-top: 0.65em; -	} -} +          margin-bottom: 10%; +          max-width: 85px; +        } +         +        #mandateLogin { +          font-size: 1.2em; +        } +         +        #bku_header h2 { +          font-size: 1.3em; +          margin-top: -0.65em; +          padding-top: 0.65em; +        }  +      } -@media screen and (max-width: 649px) { -	body { -		margin: 0; -		padding: 0; -		color: #000; -		text-align: center; -		font-size: 100%; -		background-color: #MAIN_BACKGOUNDCOLOR#; -	} -	#page { -		visibility: hidden; -		margin-top: 0%; -	} -	#page1 { -		visibility: hidden; -	} -	#main { -		visibility: hidden; -	} -	#validation { -		visibility: hidden; -		display: none; -	} -	.OA_header { -		margin-bottom: 0px; -		margin-top: 0px; -		font-size: 0pt; -		visibility: hidden; -	} -	#leftcontent { -		visibility: visible; -		margin-bottom: 0px; -		text-align: left; -		border: none; -		vertical-align: middle; -		min-height: 173px; -		min-width: 204px; -	} -	#bku_header { -		height: 10%; -		min-height: 1.2em; -		margin-top: 1%; -	} -	h2#tabheader { -		padding-left: 2%; -		padding-right: 2%; -		position: relative; -		top: 50%; -	} -	#bkulogin { -		min-width: 190px; -		min-height: 155px; -	} -	.setAssertionButton_full { -		background: #efefef; -		cursor: pointer; -		margin-top: 15px; -		width: 70px; -		height: 25px; -	} -	input[type=button] { -		/*          height: 11%;  */ -		width: 70%; -	} -}  			@media screen and (max-width: 649px) { @@ -392,6 +377,11 @@            top: 50%;  			  } +        #stork h2 { +          font-size: 0.9em; +          margin-bottom: 2%; +        } +                 	#bkulogin {	            min-width: 190px;            min-height: 155px;	 @@ -444,6 +434,11 @@  				text-align: right;  			} +			#stork { +			    /*margin-bottom: 10px;*/ +			   /* margin-top: 5px; */ +			} +      			        #mandateLogin {          padding-bottom: 4%;          padding-top: 4%; @@ -472,7 +467,7 @@          padding-left: 5%;          padding-right: 2%;          padding-bottom: 4%; -        padding-top: 4%; +        /*padding-top: 4%;*/          position: relative;          clear: both;          			} @@ -523,83 +518,86 @@  /*        box-shadow: -1px -1px 3px #222222;  */  /*			} -*/ -input { -	/*border:1px solid #000;*/ -	cursor: pointer; -} - -#localBKU input { -	/*        color: #BUTTON_COLOR#;  */ -	border: 0px; -	display: inline-block; -} - -#localBKU input:hover,#localBKU input:focus,#localBKU input:active { -	text-decoration: underline; -} - -#installJava,#BrowserNOK { -	clear: both; -	font-size: 0.8em; -	padding: 4px; -} - -.selectText { -	 -} - -.selectTextHeader { -	 -} - -.sendButton { -	width: 30%; -	margin-bottom: 1%; -} - -#leftcontent a { -	text-decoration: none; -	color: #000; -	/*	display:block;*/ -	padding: 4px; -} - -#leftcontent a:hover,#leftcontent a:focus,#leftcontent a:active { -	text-decoration: underline; -	color: #000; -} - -.infobutton { -	background-color: #005a00; -	color: white; -	font-family: serif; -	text-decoration: none; -	padding-top: 2px; -	padding-right: 4px; -	padding-bottom: 2px; -	padding-left: 4px; -	font-weight: bold; -} - -.hell { -	background-color: #MAIN_BACKGOUNDCOLOR#; -	color: #MAIN_COLOR#; -} - -.dunkel { -	background-color: #HEADER_BACKGROUNDCOLOR#; -	color: #HEADER_COLOR#; -} - -.main_header { -	color: black; -	font-size: 32pt; -	position: absolute; -	right: 10%; -	top: 40px; -} -</style> +*/       +			input { +				/*border:1px solid #000;*/ +				cursor: pointer; +			} +       +      #localBKU input { +/*        color: #BUTTON_COLOR#;  */ +        border: 0px; +        display: inline-block; +         +      } +			 +      #localBKU input:hover, #localBKU input:focus, #localBKU input:active { +        text-decoration: underline; +      } +       +			#installJava, #BrowserNOK { +				clear:both; +				font-size:0.8em; +				padding:4px; +			} +						 +			.selectText{ +			 +			} +			 +			.selectTextHeader{ +			 +			} +			 +			.sendButton { +        width: 30%; +        margin-bottom: 1%;	 +			} +			 +			#leftcontent a { +				text-decoration:none;  +				color: #000; +			/*	display:block;*/ +				padding:4px;	 +			} +			 +			#leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { +				text-decoration:underline; +				color: #000;	 +			} +						 +			.infobutton { +				background-color: #005a00; +				color: white; +				font-family: serif; +				text-decoration: none; +				padding-top: 2px; +				padding-right: 4px; +				padding-bottom: 2px; +				padding-left: 4px; +				font-weight: bold; +			} +			 +			.hell { +				background-color : #MAIN_BACKGOUNDCOLOR#; +        color: #MAIN_COLOR#;	 +			} +			 +			.dunkel { +				background-color: #HEADER_BACKGROUNDCOLOR#; +        color: #HEADER_COLOR#; +			} +			       +			.main_header { +			   color: black; +			    font-size: 32pt; +			    position: absolute; +			    right: 10%; +			    top: 40px; +				 +			} +      			                         +    </style>         <!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->  <script type="text/javascript">  		function isIE() { @@ -806,6 +804,7 @@ input {                    </p-->								                                                    </form>								                                                                          </div> +                              <div id="stork" align="center" style="#STORKVISIBLE#">                  <h2 id="tabheader" class="dunkel">Home Country Selection</h2>                  <p> diff --git a/id/server/pom.xml b/id/server/pom.xml index bc664e890..056accdad 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -17,8 +17,8 @@          <module>idserverlib</module>
          <module>proxy</module>
          <module>auth</module>
 -        <module>stork-saml-engine</module>
          <module>moa-id-commons</module>
 +        <module>stork2-saml-engine</module>
      </modules>
      <properties>
 diff --git a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF b/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF index 5e9495128..58630c02e 100644 --- a/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF +++ b/id/server/proxy/src/main/webapp/META-INF/MANIFEST.MF @@ -1,3 +1,2 @@  Manifest-Version: 1.0
 -Class-Path: 
 diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml index 6be0472a7..b002471db 100644 --- a/id/server/stork2-saml-engine/pom.xml +++ b/id/server/stork2-saml-engine/pom.xml @@ -1,5 +1,11 @@  <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
 +	<parent>
 +		<groupId>MOA.id</groupId>
 +		<artifactId>moa-id</artifactId>
 +		<version>1.9.98-SNAPSHOT</version>
 +	</parent>
 +	
  	<modelVersion>4.0.0</modelVersion>
  	<groupId>eu.stork</groupId>
  	<artifactId>SamlEngine</artifactId>
 | 
