diff options
24 files changed, 252 insertions, 74 deletions
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java index 5fa31336b..13c2809ac 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DOMUtils.java @@ -110,6 +110,16 @@ public class DOMUtils { * without a namespace. */ private static final String EXTERNAL_NO_NAMESPACE_SCHEMA_LOCATION_PROPERTY = "http://apache.org/xml/properties/schema/external-noNamespaceSchemaLocation"; + + private static final String EXTERNAL_GENERAL_ENTITIES_FEATURE = + "http://xml.org/sax/features/external-general-entities"; + + private static final String EXTERNAL_PARAMETER_ENTITIES_FEATURE = + "http://xml.org/sax/features/external-parameter-entities"; + + + + /** Property URI for the Xerces grammar pool. */ private static final String GRAMMAR_POOL = org.apache.xerces.impl.Constants.XERCES_PROPERTY_PREFIX @@ -234,8 +244,8 @@ public class DOMUtils { parser.setFeature(NORMALIZED_VALUE_FEATURE, false); parser.setFeature(INCLUDE_IGNORABLE_WHITESPACE_FEATURE, true); parser.setFeature(CREATE_ENTITY_REF_NODES_FEATURE, false); - //parser.setFeature("http://xml.org/sax/features/external-general-entities", false); - //parser.setFeature("http://xml.org/sax/features/external-parameter-entities", false); + parser.setFeature(EXTERNAL_GENERAL_ENTITIES_FEATURE, false); + parser.setFeature(EXTERNAL_PARAMETER_ENTITIES_FEATURE, false); if (validating) { if (externalSchemaLocations != null) { diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd index f8c38bdd3..cc562187a 100644 --- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd +++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->
<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
@@ -137,6 +136,8 @@ </xsd:attribute>
<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+ <xsd:attribute name="target" type="xsd:string" use="optional"/>
+ <xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
diff --git a/id/history.txt b/id/history.txt index 8d88f1bb1..6a5e363f7 100644 --- a/id/history.txt +++ b/id/history.txt @@ -8,10 +8,12 @@ History MOA-ID: Version MOA-ID 1.5.1: Änderungen seit Version MOA-ID 1.5.0:
- Fixed Bug #556 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=556&group_id=6&atid=105)
-- Fixed Bug @TODO Apostroph
+- Fixed Bug #557 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=557&group_id=6&atid=105)
- Update Einbindung Online-Vollmachten (Vor Auswahl der Vollmacht werden die Signaturdaten signiert)
- Update Transformationen (für Online-Vollmachten)
-- Änderung der Konfiguration für Online-Vollmachten
+- Änderung der Konfiguration
+ - für Online-Vollmachten
+ - Fixer Target-Parameter für Online-Applikation konfigurierbar
=====
diff --git a/id/server/auth/src/main/webapp/iframeHandyBKU.html b/id/server/auth/src/main/webapp/iframeHandyBKU.html index a7e541b85..f07b73265 100644 --- a/id/server/auth/src/main/webapp/iframeHandyBKU.html +++ b/id/server/auth/src/main/webapp/iframeHandyBKU.html @@ -8,13 +8,11 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- // var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Handy Signatur an -->
<!-- z.B.: value="https://yoururl.at/moa-id-auth/template_handyBKU.html"-->
- //var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
- var URL_TO_HANDYSIGNATUR_TEMPLATE = "https://localhost:8443/moa-id-auth/template_handyBKU.html";
+ var URL_TO_HANDYSIGNATUR_TEMPLATE = "[URL_TO_HANDYSIGNATUR_TEMPLATE]";
window.onload=function() {
diff --git a/id/server/auth/src/main/webapp/iframeOnlineBKU.html b/id/server/auth/src/main/webapp/iframeOnlineBKU.html index 60f44ace9..4873245be 100644 --- a/id/server/auth/src/main/webapp/iframeOnlineBKU.html +++ b/id/server/auth/src/main/webapp/iframeOnlineBKU.html @@ -8,19 +8,16 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- // var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die Online BKU an
// z.B.: "https://yoururl.at/moa-id-auth/template_onlineBKU.html"
- //var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
- var URL_TO_ONLINEBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_onlineBKU.html";
-
+ var URL_TO_ONLINEBKU_TEMPLATE = "[URL_TO_ONLINEBKU_TEMPLATE]";
+
// [MUSS] Geben Sie hier die URL zur Online BKU an
// z.B.: value="https://yoururl.at/bkuonline/https-security-layer-request"
// Hinweis: Diese URL muss auch bei den vertrauenswürdigen BKUs in der MOA-ID Konfiguration angegeben werden (siehe Element MOA-IDConfiguration/TrustedBKUs/BKUURL)
- //var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
- var URL_TO_ONLINEBKU = "https://localhost:8444/bkuonline/https-security-layer-request";
+ var URL_TO_ONLINEBKU = "[URL_TO_ONLINEBKU]";
window.onload=function() {
document.getElementById('moaidform').action = MOA_ID_STARTAUTHENTICATION;
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index d78f01f2a..6e60ae433 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -11,13 +11,11 @@ <script type="text/javascript">
// [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an
// z.B.: https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at
- // var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
- var MOA_ID_STARTAUTHENTICATION = "https://localhost:8443/moa-id-auth/StartAuthentication?Target=ZU&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample";
+ var MOA_ID_STARTAUTHENTICATION = "[MOA_ID_STARTAUTHENTICATION]";
// [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an
// z.B.: https://yoururl.at/moa-id-auth/template_localBKU.html
- //var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
- var URL_TO_LOKALBKU_TEMPLATE = "https://localhost:8443/moa-id-auth/template_localBKU.html";
+ var URL_TO_LOKALBKU_TEMPLATE = "[URL_TO_LOKALBKU_TEMPLATE]";
window.onload=function() {
@@ -137,12 +135,8 @@ <div id="localBKU" style="display:none" class="hell">
<hr>
- <!-- [MUSS] Geben Sie hier die URL zum Aufruf von MOA-ID an -->
- <!-- z.B.: action="https://yoururl.at/moa-id-auth/StartAuthentication?Target=IT&OA=https://youronlineapplication.at"-->
<form method="post" id="moaidform">
<input type="hidden" name="show" value="false">
- <!-- [MUSS] Geben Sie hier die URL zum MOA-ID Template fuer die lokale BKU an -->
- <!-- z.B.: value="https://yoururl.at/moa-id-auth/template_localBKU.html"-->
<input type="hidden" name="Template" id="Template">
<input type="hidden" name="bkuURI" value="https://localhost:3496/https-security-layer-request">
<input type="hidden" name="useMandate" id="useMandate">
@@ -178,10 +172,10 @@ <div id="rightcontent">
<p>
- <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren" width="210"></a>
+ <a href="http://www.buergerkarte.at/de/aktivieren/online.html" target="_blank"><img src="img/ecard_aktivieren.jpg" border="0" alt="eCard online aktivieren"></a>
</p>
<p>
- <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Mobile Signatur aktivieren" width="210"></a>
+ <a href="http://www.buergerkarte.at/de/aktivieren/mobil.html" target="_blank"><img src="img/mobilsig_aktivieren.jpg" border="0" alt="Handy Signatur aktivieren"></a>
</p>
</div>
diff --git a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd index f8c38bdd3..cc562187a 100644 --- a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd +++ b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd @@ -1,5 +1,4 @@ <?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSpy v2006 sp2 U (http://www.altova.com) by Klaus Stranacher (Technische Universität Graz) -->
<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.4.3">
<!-- es werden lokale Schemas referenziert für real aufgelöste Schemas bitte ersetzen: http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd -->
<xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="xmldsig-core-schema.xsd"/>
@@ -137,6 +136,8 @@ </xsd:attribute>
<xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
<xsd:attribute name="friendlyName" type="xsd:string" use="optional"/>
+ <xsd:attribute name="target" type="xsd:string" use="optional"/>
+ <xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
diff --git a/id/server/doc/MOA_ID_1.5_Anhang.pdf b/id/server/doc/MOA_ID_1.5_Anhang.pdf Binary files differnew file mode 100644 index 000000000..454ff933a --- /dev/null +++ b/id/server/doc/MOA_ID_1.5_Anhang.pdf diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm index 12f71808d..ea4874edd 100644 --- a/id/server/doc/moa_id/id-admin_2.htm +++ b/id/server/doc/moa_id/id-admin_2.htm @@ -574,8 +574,9 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt <p>Mit dem Attribut <tt>OnlineApplication/@friendlyName</tt> kann eine benutzerfreundlicher Name für die Online-Applikation angegeben werden. Dieser Name scheint beim Login des Benutzer auf.</p> <p>Das Attribut <tt>OnlineApplication/@keyBoxIdentifier</tt> gibt das Schlüsselpaar an, welches von der Bürgerkartenumgebung zum Signieren des Auth Blocks verwendet wird. Mögliche - Werte: <tt>CertifiedKeypair </tt>sowie<tt> SecureSignatureKeypair.<br> - </tt><br /> + Werte: <tt>CertifiedKeypair </tt>sowie<tt> SecureSignatureKeypair.</tt></p> + <p>Das Attribut <tt>OnlineApplication/@target</tt> gibt einen konkreten Geschäftsbereich für eine Online-Applikation vor. D.h. es wird der Target-Parameter aus dem Request mit diesem Wert überschrieben. Zusätzlich kann noch ein benutzerfreundlicher Name mittels des Attributs <tt>OnlineApplication/@targetFriendlyName</tt> für den Geschäftsbereich angegeben werden. Beide Attribute können nur bei einer Online-Applikation für den öffentlichen Bereich angegeben werden.<br> + </tt><br /> Das Element <tt>OnlineApplication</tt> hat optional zwei Kind-Elemente: <tt>AuthComponent</tt> und <tt>ProxyComponent</tt>. </p> <div id="OnlineApplication/AuthComponent" /> diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm index b3633736e..94f4a35ea 100644 --- a/id/server/doc/moa_id/moa.htm +++ b/id/server/doc/moa_id/moa.htm @@ -114,7 +114,7 @@ Diese beiden Komponenten können auf unterschiedlichen Rechnern oder auf dem gleichen Rechner eingesetzt werden. <br /><br /> Die Funktionalität und der Aufbau der Schnittstelle zu MOA-ID ist in der -<a href="../MOA_ID_1.4_20070802.pdf" target="_new">Spezifikation</a> bzw. im <a href="../MOA_ID_1.4_Anhang.pdf" target="_new">Anhang zur Spezifikation</a> detailliert beschrieben. +<a href="../MOA_ID_1.4_20070802.pdf" target="_new">Spezifikation</a> bzw. im <a href="../MOA_ID_1.5_Anhang.pdf" target="_new">Anhang zur Spezifikation</a> detailliert beschrieben. <br /> <br /> Für den Betrieb von MOA-ID ist der Einsatz von MOA-Signaturprüfung (MOA-SP) erforderlich. @@ -130,8 +130,7 @@ Für den Betrieb von MOA-ID ist der Einsatz von MOA-Signaturprüfung (MO <tr> <td valign="top" width="30">1</td> -<td id="block">Der Benutzer verbindet sich zu einem Web-Portal, über das die verfügbaren Online-Applikationen (OA) erreichbar -sind. Jeder Link zu einer OA verweist auf die Authentisierungs-komponente. +<td id="block">Der Benutzer verbindet sich zu einem Web-Portal, über das die verfügbaren Online-Applikationen (OA) erreichbar sind. Jeder Link zu einer OA verweist auf die Authentisierungs-komponente. </td> </tr> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 9e15e04dd..27a2f3050 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,11 +24,15 @@ package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils; import iaik.pki.PKIException; import iaik.x509.X509Certificate; import java.io.ByteArrayInputStream; import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; import java.security.GeneralSecurityException; import java.security.Principal; @@ -90,7 +94,6 @@ import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidat import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; -import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -114,6 +117,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.StringUtils; + /** * API for MOA ID Authentication Service.<br> * {@link AuthenticationSession} is stored in a session store and retrieved @@ -295,6 +299,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * </ul> * @param authURL URL of the servlet to be used as data URL * @param target "Geschäftsbereich" of the online application requested + * @param targetFriendlyName Friendly name of the target if the target is configured via configuration * @param oaURL online application URL requested * @param bkuURL URL of the "Bürgerkartenumgebung" to be used; * may be <code>null</code>; in this case, the default location will be used @@ -310,6 +315,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { public String startAuthentication( String authURL, String target, + String targetFriendlyName, String oaURL, String templateURL, String bkuURL, @@ -343,15 +349,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); if (oaParam == null) throw new AuthenticationException("auth.00", new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { + if (!oaParam.getBusinessService()) { if (isEmpty(target)) throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); } else { target = null; + targetFriendlyName = null; } session = newSession(); Logger.info("MOASession " + session.getSessionID() + " angelegt"); session.setTarget(target); + session.setTargetFriendlyName(targetFriendlyName); session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); @@ -509,7 +517,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { // e.printStackTrace(); // } // - + // parses the <InfoboxReadResponse> IdentityLink identityLink = @@ -845,6 +853,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); + String targetFriendlyName = session.getTargetFriendlyName(); //Bug #485 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) //String oaURL = session.getPublicOAURLPrefix(); String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); @@ -854,6 +863,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { issueInstant, authURL, target, + targetFriendlyName, identificationValue, identificationType, oaURL, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 35c4244c6..db70a6111 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -150,6 +150,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String issueInstant, String authURL, String target, + String targetFriendlyName, String identityLinkValue, String identityLinkType, String oaURL, @@ -192,7 +193,15 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } } else { // OA is a govermental application - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); + if (StringUtils.isEmpty(sectorName)) { + if (targetFriendlyName != null) + sectorName = targetFriendlyName; + } + + System.out.println("targetFriendlyName: " + targetFriendlyName); + System.out.println("sectorName: " + sectorName); + //gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target }); gebeORwbpk = MessageFormat.format(GESCHAEFTS_BEREICH_ATTRIBUTE, new Object[] { target + " (" + sectorName + ")" }); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 61e4cd28b..e13379bda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -61,6 +61,14 @@ public class AuthenticationSession { */ private String target; /** + * Friendly name for the target, if target is configured via MOA-ID configuration + */ + private String targetFriendlyName; + /** + * Indicates if target from configuration is used or not + */ + private boolean useTargetFromConfig; + /** * public online application URL requested */ private String oaURLRequested; @@ -277,6 +285,14 @@ public class AuthenticationSession { public String getTarget() { return target; } + + /** + * Returns the target friendly name. + * @return String + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } /** * Sets the oaURLRequested. @@ -318,6 +334,13 @@ public class AuthenticationSession { this.target = target; } } + /** + * Sets the target. If the target includes the target prefix, the prefix will be stripped off. + * @param target The target to set + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } /** * Returns the authURL. @@ -643,6 +666,23 @@ public class AuthenticationSession { /** * + * @param useTargetFromConfig indicates if target from config is used or not + */ + public void setUseTargetFromConfig(boolean useTargetFromConfig) { + this.useTargetFromConfig = useTargetFromConfig; + + } + + /** + * Returns if target is used from mandate or not + * @return + */ + public boolean getUseTargetFromConfig() { + return this.useTargetFromConfig; + } + + /** + * * @param misSessionID indicates the MIS session ID */ public void setMISSessionID(String misSessionID) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index da787fe3f..2e20f483c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -246,10 +246,16 @@ public class IdentityLinkAssertionParser { XPathUtils.getElementValue(assertionElem, PERSON_IDENT_VALUE_XPATH, "")); identityLink.setIdentificationType( XPathUtils.getElementValue(assertionElem, PERSON_IDENT_TYPE_XPATH, "")); - identityLink.setGivenName( - XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, "")); - identityLink.setFamilyName( - XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, "")); + + String givenname = XPathUtils.getElementValue(assertionElem, PERSON_GIVEN_NAME_XPATH, ""); + String familyname = XPathUtils.getElementValue(assertionElem, PERSON_FAMILY_NAME_XPATH, ""); + + // replace ' in name with ' + givenname = givenname.replace("'", "'"); + familyname = familyname.replace("'", "'"); + + identityLink.setGivenName(givenname); + identityLink.setFamilyName(familyname); identityLink.setDateOfBirth( XPathUtils.getElementValue(assertionElem, PERSON_DATE_OF_BIRTH_XPATH, "")); NodeIterator dsigRefTransforms = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index dc1cee3b2..dd8a3144a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -35,14 +35,17 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; /** * Servlet requested for selecting a BKU. @@ -114,8 +117,6 @@ public class SelectBKUServlet extends AuthServlet { try { // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) @@ -123,9 +124,33 @@ public class SelectBKUServlet extends AuthServlet { if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); + + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + + String returnValue = null; + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + } + else { + // use target from config + returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); + } - String returnValue = AuthenticationServer.getInstance().selectBKU( - authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); + String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { // bkuSelectionType==HTMLComplete diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 0eed89655..ca3883dad 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -24,14 +24,9 @@ package at.gv.egovernment.moa.id.auth.servlet; -import iaik.pki.PKIException; - import java.io.IOException; import java.io.PrintWriter; -import java.security.GeneralSecurityException; -import java.util.List; -import javax.net.ssl.SSLSocketFactory; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -39,19 +34,17 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.SSLUtils; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; -import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; /** * Servlet requested for starting a MOA ID authentication session. @@ -109,9 +102,7 @@ public class StartAuthenticationServlet extends AuthServlet { try { // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - if (!ParamValidatorUtils.isValidOA(oaURL)) + if (!ParamValidatorUtils.isValidOA(oaURL)) throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); @@ -122,12 +113,30 @@ public class StartAuthenticationServlet extends AuthServlet { if (!ParamValidatorUtils.isValidUseMandate(useMandate)) throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { oaURL }); + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - - String getIdentityLinkForm = - AuthenticationServer.getInstance().startAuthentication(authURL, target, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); - + String getIdentityLinkForm = null; + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + } + else { + // use target from config + getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); + } + resp.setContentType("text/html;charset=UTF-8"); PrintWriter out = new PrintWriter(resp.getOutputStream()); out.print(getIdentityLinkForm); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index f6127eb12..d49d038fa 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -96,12 +96,16 @@ public class CreateXMLSignatureResponseValidator { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); } + // replace ' in name with ' + issuer = issuer.replace("'", "'"); + String issueInstant = samlAssertion.getAttribute("IssueInstant"); if (!issueInstant.equals(session.getIssueInstant())) { throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); } String name = identityLink.getName(); + if (!issuer.equals(name)) { throw new ValidateException("validator.33", new Object[] {issuer, name}); } @@ -174,10 +178,16 @@ public class CreateXMLSignatureResponseValidator { } } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundGB = true; - //BZ.. - gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; - //..BZ + foundGB = true; + String targetFriendlyName = session.getTargetFriendlyName(); + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget); + if (StringUtils.isEmpty(sectorName)) { + if (targetFriendlyName != null) + sectorName = targetFriendlyName; + } + gbTarget = gbTarget + " (" + sectorName + ")"; + //gbTarget = gbTarget + " (" + TargetToSectorNameMapper.getSectorNameViaTarget(gbTarget) + ")"; + System.out.println("Validate: " + gbTarget + " - " + samlAttribute.getValue()); if (!gbTarget.equals((String)samlAttribute.getValue())) { throw new ValidateException("validator.13", null); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index bdd0c3294..d81435f83 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -504,6 +504,8 @@ public class ConfigurationBuilder { oap.setPublicURLPrefix(publicURLPrefix); oap.setKeyBoxIdentier(oAElem.getAttribute("keyBoxIdentifier")); oap.setFriendlyName(oAElem.getAttribute("friendlyName")); + String targetConfig = oAElem.getAttribute("target"); + String targetFriendlyNameConfig = oAElem.getAttribute("targetFriendlyName"); // get the type of the online application String oaType = oAElem.getAttribute("type"); @@ -525,6 +527,17 @@ public class ConfigurationBuilder { Logger.error("Missing \"IdentificationNumber\" for OA of type \"businessService\""); throw new ConfigurationException("config.02", null); } + + if (!StringUtils.isEmpty(targetConfig)) { + Logger.error("Target attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + if (!StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + + if ("false".equalsIgnoreCase(oAElem.getAttribute("calculateHPI"))) { oap.setIdentityLinkDomainIdentifier(buildIdentityLinkDomainIdentifier(identificationNumberChild)); //BZ.., setting type of IdLinkDomainIdentifier @@ -542,11 +555,19 @@ public class ConfigurationBuilder { slVersion = "1.2"; } else { - + + if (StringUtils.isEmpty(targetConfig) && !StringUtils.isEmpty(targetFriendlyNameConfig)) { + Logger.error("Target friendly name attribute can not be set alone for OA of type \"businessService\""); + throw new ConfigurationException("config.02", null); + } + oap.setTarget(targetConfig); + oap.setTargetFriendlyName(targetFriendlyNameConfig); + if (authComponent!=null) { slVersion = authComponent.getAttribute("slVersion"); } + } oap.setSlVersion(slVersion); //Check if there is an Auth-Block to read from configuration diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 0c747b29f..56c97a802 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -55,6 +55,15 @@ public class OAParameter { private String friendlyName; /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + private String target; + /** + * specifies a friendly name for the target + */ + private String targetFriendlyName; + + /** * Returns the type of the online application. * @return the type of the online application. */ @@ -119,6 +128,37 @@ public class OAParameter { this.friendlyName = friendlyName; } + /** + * Gets the target of the OA + * @return target of the OA + */ + public String getTarget() { + return target; + } + + /** + * Sets the target of the OA + * @param target + */ + public void setTarget(String target) { + this.target = target; + } + /** + * Gets the target friendly name of the OA + * @return target Friendly Name of the OA + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the target friendly name of the OA + * @param targetFriendlyName + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + } diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java index a1ba1b8fb..fcf7477c5 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java @@ -43,6 +43,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL "gb", //target + null, "http://localhost:9080/", //oaURL "file:" + findXmldata("AuthTemplate.html"), "http://localhost:3495/http-security-layer-request", @@ -62,6 +63,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL "gb", //target + null, "http://localhost:9080/", //oaURL null, "http://localhost:3495/http-security-layer-request", null, null, null); @@ -80,6 +82,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { String htmlForm = server.startAuthentication("https://localhost:8443/auth", //authURL "gb", //target + null, "http://localhost:9080/", //oaURL "file:" + findXmldata("AuthTemplate.html"), null, @@ -101,6 +104,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { server.startAuthentication(null, //authURL "gb", //target + null, "http://localhost:9080/", //oaURL null, null, null, null, null); //assertEquals("",htmlForm); @@ -121,7 +125,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { try { server.startAuthentication("http://localhost:8080/auth", //authURL - "gb", "http://localhost:9080/", //oaURL + "gb", null, "http://localhost:9080/", //oaURL null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); @@ -139,7 +143,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { try { server.startAuthentication("https://localhost:8443/auth", //authURL - "gb", "http://host_not_in_config/", //oaURL + "gb", null, "http://host_not_in_config/", //oaURL null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); @@ -158,7 +162,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { try { server.startAuthentication("https://localhost:8443/auth", //authURL - "gb", null, //oaURL + "gb", null, null, //oaURL null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); @@ -177,7 +181,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase { try { try { server.startAuthentication("https://localhost:8443/auth", //authURL - null, "http://localhost:9080/", //oaURL + null, null, "http://localhost:9080/", //oaURL null, null, null, null, null); System.err.println(this.getName() + " hat KEINE FEHLER geworfen"); fail(this.getName() + " hat KEINE FEHLER geworfen"); diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java index 636d301bb..69f33f82c 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java @@ -136,6 +136,7 @@ public class AbnahmeTestCase extends MOAIDTestCase { String htmlForm = AuthenticationServer.getInstance().startAuthentication( "https://localhost:8443/auth", "gb", + null, oaURL, null, null, diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java index 31c09bb01..052c1fed4 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java @@ -54,7 +54,7 @@ public class AuthenticationServerTest extends UnitTestCase { public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception { String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/"; AuthenticationServer server = AuthenticationServer.getInstance(); - String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null, null, null); + String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null); String sessionID = parseSessionIDFromForm(htmlForm); String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml"); HashMap parameters = new HashMap(1); diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java index e79394a28..d369c39bd 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java @@ -63,7 +63,7 @@ public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase { public void testBuild() throws Exception { AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder(); - String assertionBuilt = builder.buildAuthBlock(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, "", "", OA_URL, GEB_DAT, null, null); + String assertionBuilt = builder.buildAuthBlock(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, null, "", "", OA_URL, GEB_DAT, null, null); assertionBuilt = XML_DECL + assertionBuilt; String assertionShould = XML_DECL + ASSERTION_SHOULD; assertXmlEquals(assertionShould, assertionBuilt); @@ -97,7 +97,7 @@ <dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
- <version>1.0_IAIK</version>
+ <version>1.0_IAIK</version>
<scope>compile</scope>
</dependency>
<dependency>
|