aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/server/auth/pom.xml5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java (renamed from id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java)2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java67
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java4
-rw-r--r--id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder1
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/error_message.html2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/slo_template.html2
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java (renamed from id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java)10
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/.gitignore1
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/pom.xml47
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java51
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java69
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java64
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml53
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml36
-rw-r--r--id/server/modules/pom.xml3
-rw-r--r--pom.xml10
25 files changed, 445 insertions, 31 deletions
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index c601296ac..e3e9ee4f0 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -152,6 +152,11 @@
<artifactId>moa-id-module-openID</artifactId>
</dependency>
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-elga_mandate_service</artifactId>
+ </dependency>
+
<!-- <dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-pvp2</artifactId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 36390ba62..d5fc90023 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -74,7 +74,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "error_message.html";
- private static String CONTEXTPATH = "#CONTEXTPATH#";
+ private static String CONTEXTPATH = "contextPath";
@Autowired protected StatisticLogger statisticLogger;
@Autowired protected IRequestStorage requestStorage;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
index 1d9a57b48..3f9093a21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GUILayoutBuilderServlet.java
@@ -103,19 +103,21 @@ public class GUILayoutBuilderServlet extends AbstractController {
}
private IRequest extractPendingRequest(HttpServletRequest req) {
- try {
- String authURL = HTTPUtils.extractAuthURLFromRequest(req);
+ try {
String pendingReqID = StringEscapeUtils.escapeHtml(
req.getParameter(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
- if (MiscUtil.isNotEmpty(pendingReqID) && authConfig.getPublicURLPrefix().contains(authURL)) {
+ if (MiscUtil.isNotEmpty(pendingReqID)) {
IRequest pendingReq = requestStorage.getPendingRequest(pendingReqID);
- if (pendingReq != null)
+ if (pendingReq != null) {
+ Logger.trace("GUI-Layout builder: Pending-request:"
+ + pendingReqID + " found -> Build specific template");
return pendingReq;
-
+
+ }
}
- Logger.info("Prohibit GUI-Layout builder-request. No pending-request or wrong auth-URL.");
+ Logger.trace("GUI-Layout builder: No pending-request found -> Use default templates");
} catch (Exception e) {
Logger.warn("GUI-Layout builder-servlet has an error during request-preprocessing.", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index 427bb9464..9397f1132 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -111,10 +111,8 @@ public class IDPSingleLogOutServlet extends AbstractController {
else
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
-
- context.put(SSOManager.CONTEXTPATH, authURL);
- ssoManager.printSingleLogOutInfo(context, resp);
+ ssoManager.printSingleLogOutInfo(context, resp, authURL);
} catch (MOAIDException e) {
handleErrorNoRedirect(e, req, resp, false);
@@ -209,7 +207,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
try {
- ssoManager.printSingleLogOutInfo(context, resp);
+ ssoManager.printSingleLogOutInfo(context, resp, authURL);
} catch (MOAIDException e) {
e.printStackTrace();
@@ -223,7 +221,7 @@ public class IDPSingleLogOutServlet extends AbstractController {
context.put("successMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.02", null));
try {
- ssoManager.printSingleLogOutInfo(context, resp);
+ ssoManager.printSingleLogOutInfo(context, resp, authURL);
} catch (MOAIDException e) {
e.printStackTrace();
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
index eb3cfcccb..0b46345d3 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Pair.java
@@ -20,7 +20,7 @@
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
*******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.oauth20;
+package at.gv.egovernment.moa.id.data;
public class Pair<P1, P2> {
private final P1 first;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 73d682c21..a97486097 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -554,8 +554,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
context.put("redirectURLs", sloReqList);
context.put("timeoutURL", timeOutURL);
context.put("timeout", SLOTIMEOUT);
- context.put(SSOManager.CONTEXTPATH, authURL);
- ssoManager.printSingleLogOutInfo(context, httpResp);
+ ssoManager.printSingleLogOutInfo(context, httpResp, authURL);
} else {
@@ -575,7 +574,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
else
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- ssoManager.printSingleLogOutInfo(context, httpResp);
+ ssoManager.printSingleLogOutInfo(context, httpResp, authURL);
}
@@ -593,7 +592,7 @@ public class AuthenticationManager extends MOAIDAuthConstants {
VelocityContext context = new VelocityContext();
context.put("errorMsg",
MOAIDMessageProvider.getInstance().getMessage("slo.01", null));
- ssoManager.printSingleLogOutInfo(context, httpResp);
+ ssoManager.printSingleLogOutInfo(context, httpResp, authURL);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 856410d7b..3b7c99d5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -64,7 +64,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class SSOManager {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "slo_template.html";
- public static String CONTEXTPATH = "#CONTEXTPATH#";
+ public static String CONTEXTPATH = "contextPath";
private static final String SSOCOOKIE = "MOA_ID_SSO";
private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO";
@@ -313,9 +313,10 @@ public class SSOManager {
}
- public void printSingleLogOutInfo(VelocityContext context, HttpServletResponse httpResp) throws MOAIDException {
+ public void printSingleLogOutInfo(VelocityContext context, HttpServletResponse httpResp, String authURL) throws MOAIDException {
try {
Logger.trace("Initialize VelocityEngine...");
+ context.put(CONTEXTPATH, authURL);
InputStream is = null;
String pathLocation = null;
@@ -362,7 +363,7 @@ public class SSOManager {
BufferedReader reader = new BufferedReader(new InputStreamReader(is ));
//set default elements to velocity context
- context.put("contextpath", authConfig.getPublicURLPrefix());
+ //context.put(CONTEXTPATH, authConfig.getPublicURLPrefix());
StringWriter writer = new StringWriter();
//velocityEngine.evaluate(context, writer, "SLO_Template", reader);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
index a9fc994ec..0ab630dc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/ProtocolFinalizationController.java
@@ -67,10 +67,12 @@ public class ProtocolFinalizationController extends AbstractAuthProtocolModulCon
try {
//load stored exception from database
Throwable throwable = transactionStorage.get(errorid, Throwable.class);
- transactionStorage.remove(errorid);
-
+
if (throwable != null) {
- if (pendingReq != null) {
+ //remove exception if it was found
+ transactionStorage.remove(errorid);
+
+ if (pendingReq != null) {
revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.TRANSACTION_ERROR);
//build protocol-specific error message if possible
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
new file mode 100644
index 000000000..4def39d54
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/HolderOfKey.java
@@ -0,0 +1,67 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.builder.attributes;
+
+import java.io.IOException;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+public class HolderOfKey implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return PVP_HOLDEROFKEY_NAME;
+ }
+
+ public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+
+ try {
+ byte[] certEncoded = authData.getGenericData(
+ MOAIDAuthConstants.MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE,
+ byte[].class);
+
+ if (certEncoded != null) {
+ return g.buildStringAttribute(PVP_HOLDEROFKEY_FRIENDLY_NAME, PVP_HOLDEROFKEY_NAME,
+ Base64Utils.encode(certEncoded));
+
+ }
+
+ }
+ catch (IOException e) {
+ Logger.info("Encode AuthBlock BASE64 failed.");
+ }
+ throw new UnavailableAttributeException(PVP_HOLDEROFKEY_NAME);
+
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(PVP_HOLDEROFKEY_NAME, PVP_HOLDEROFKEY_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index dc0cab8c3..1d2754e3f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -274,4 +274,8 @@ public interface PVPConstants {
public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID;
public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE";
public static final int CHARGE_CODE_MAX_LENGTH = 32767;
+
+ public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx";
+ public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
+ public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE";
}
diff --git a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
index bb98bcc6f..8e5d6ee3c 100644
--- a/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
+++ b/id/server/idserverlib/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder
@@ -28,3 +28,4 @@ at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttri
at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.PrincipalNameAttributeBuilder
at.gv.egovernment.moa.id.protocols.builder.attributes.PVPVersionAttributeBuilder
+at.gv.egovernment.moa.id.protocols.builder.attributes.HolderOfKey
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html b/id/server/idserverlib/src/main/resources/resources/templates/error_message.html
index 6cc8b99e2..4fd4d63cd 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/error_message.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/error_message.html
@@ -1,7 +1,7 @@
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
- <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS" />
+ <link rel="stylesheet" href="$contextPath/css/buildCSS" />
<title>An error arise ... </title>
</head>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
index 220dd980a..b3eb18082 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/slo_template.html
@@ -3,7 +3,7 @@
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<!-- MOA-ID 2.x BKUSelection Layout CSS -->
- <link rel="stylesheet" href="#CONTEXTPATH#/css/buildCSS" />
+ <link rel="stylesheet" href="$contextPath/css/buildCSS" />
#if($timeoutURL)
<script type="text/javascript">
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index 29118ac17..cbdef7093 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/AuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -10,13 +10,19 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
/**
* Module descriptor
*/
-public class AuthModuleImpl implements AuthModule {
+public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
@Override
public int getPriority() {
return 0;
}
+ public String getProcessName() {
+ return "DefaultAuthentication";
+
+
+ }
+
@Override
public String selectProcess(ExecutionContext context) {
//select process if BKU is selected and it is no STORK authentication
@@ -29,7 +35,7 @@ public class AuthModuleImpl implements AuthModule {
if (StringUtils.isBlank((String) context.get("ccc")) &&
StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) &&
!performBKUSelection)
- return "DefaultAuthentication";
+ return getProcessName();
else
return null;
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
index 02b4e5d7c..e628fbd1b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule
@@ -1,2 +1,2 @@
# The default moaid process
-at.gv.egovernment.moa.id.auth.modules.internal.AuthModuleImpl
+at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/.gitignore b/id/server/modules/moa-id-module-elga_mandate_service/.gitignore
new file mode 100644
index 000000000..b83d22266
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/.gitignore
@@ -0,0 +1 @@
+/target/
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/pom.xml b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
new file mode 100644
index 000000000..3b5d1ba66
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/pom.xml
@@ -0,0 +1,47 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modules</artifactId>
+ <version>${moa-id-version}</version>
+ </parent>
+ <artifactId>moa-id-module-elga_mandate_service</artifactId>
+ <version>${moa-id-module-elga_mandate_client}</version>
+ <name>ELGA mandate-service client</name>
+ <description>This authentication module implements a
+ client to integrate ELGA mandates in the MOA-ID identification and authentication process.
+ </description>
+ <organization>
+ <name>EGIZ</name>
+ <url>https://www.egiz.gv.at</url>
+ </organization>
+ <developers>
+ <developer>
+ <name>Thomas Lenz</name>
+ <organization>EGIZ</organization>
+ <email>thomas.lenz@egiz.gv.at</email>
+ </developer>
+ </developers>
+
+ <properties>
+ <repositoryPath>${basedir}/../../../../repository</repositoryPath>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ </dependency>
+
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-modul-citizencard_authentication</artifactId>
+ <exclusions>
+ <exclusion>
+ <groupId>*</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ </dependencies>
+
+</project> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
new file mode 100644
index 000000000..935cefdf9
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.auth.modules.elgamandates;
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesAuthConstants {
+
+ public static final int METADATA_VALIDUNTIL_IN_HOURS = 24;
+
+ public static final String ENDPOINT_POST = "/sp/elga_mandate/post";
+ public static final String ENDPOINT_REDIRECT = "/sp/elga_mandate/redirect";
+ public static final String ENDPOINT_METADATA = "/sp/elga_mandate/metadata";
+
+ public static final String CONFIG_PROPS_PREFIX = "modules.elga_mandate.";
+ public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
+ public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
+ public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password";
+ public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias";
+ public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password";
+ public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
+ public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
+ public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";
+
+ public static final String CONFIG_DEFAULT_QAA_STORK_LEVEL = "http://www.stork.gov.eu/1.0/citizenQAALevel/4";
+ public static final String CONFIG_DEFAULT_QAA_SECCLASS_LEVEL = "http://www.ref.gv.at/ns/names/agiz/pvp/secclass/0-3";
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
new file mode 100644
index 000000000..7f7af704c
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java
@@ -0,0 +1,69 @@
+package at.gv.egovernment.moa.id.auth.modules.elgamandates;
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl;
+
+/**
+ * This authentication module extens the default citizen
+ *
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl {
+
+ private int priority = 0;
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+ */
+ @Override
+ public int getPriority() {
+ return priority;
+ }
+
+ @Override
+ public String getProcessName() {
+ return "DefaultAuthenticationWithELGAMandates";
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+ */
+ @Override
+ public String[] getProcessDefinitions() {
+ return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml" };
+ }
+
+ /**
+ * @param priority the priority to set
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java
new file mode 100644
index 000000000..649e8e5f5
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesSpringResourceProvider.java
@@ -0,0 +1,64 @@
+package at.gv.egovernment.moa.id.auth.modules.elgamandates;
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ELGAMandatesSpringResourceProvider implements SpringResourceProvider {
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+ */
+ @Override
+ public Resource[] getResourcesToLoad() {
+ ClassPathResource elgaAuthConfig = new ClassPathResource("/moaid_elga_mandate_client_auth.beans.xml", ELGAMandatesSpringResourceProvider.class);
+
+ return new Resource[] {elgaAuthConfig};
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+ */
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+ */
+ @Override
+ public String getName() {
+ return "MOA-ID Auth-module 'ELGA Mandate-Client'";
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..1ebc153ce
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesSpringResourceProvider \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
new file mode 100644
index 000000000..1c0071c4a
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<pd:ProcessDefinition id="DefaultAuthenticationWithELGAMandates" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1">
+
+<!--
+ - National authentication with Austrian Citizen Card and mobile signature with our without mandate.
+ - Legacy authentication for foreign citizens using MOCCA supported signature cards.
+-->
+ <pd:Task id="initializeBKUAuthentication" class="InitializeBKUAuthenticationTask" />
+ <pd:Task id="createIdentityLinkForm" class="CreateIdentityLinkFormTask" />
+ <pd:Task id="verifyIdentityLink" class="VerifyIdentityLinkTask" async="true" />
+ <pd:Task id="verifyAuthBlock" class="VerifyAuthenticationBlockTask" async="true" />
+ <pd:Task id="verifyCertificate" class="VerifyCertificateTask" async="true" />
+ <pd:Task id="getMISMandate" class="GetMISSessionIDTask" async="true" />
+ <pd:Task id="certificateReadRequest" class="CertificateReadRequestTask" />
+ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
+ <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+
+ <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
+ <pd:StartEvent id="start" />
+
+ <pd:Transition from="start" to="initializeBKUAuthentication" />
+
+ <pd:Transition from="initializeBKUAuthentication" to="createIdentityLinkForm" />
+
+ <pd:Transition from="createIdentityLinkForm" to="verifyIdentityLink" />
+
+ <pd:Transition from="verifyIdentityLink" to="certificateReadRequest" conditionExpression="!ctx['identityLinkAvailable'] || ctx['useMandate']" />
+ <pd:Transition from="verifyIdentityLink" to="prepareAuthBlockSignature" />
+
+ <pd:Transition from="prepareAuthBlockSignature" to="verifyAuthBlock" />
+ <!-- Note: verifyAuthBlock still creates a MIS session and redirects the user to the MIS gui. This should be separated from the auth block verification. -->
+
+ <pd:Transition from="certificateReadRequest" to="verifyCertificate" />
+ <!-- Note: verifyCertificate still creates the auth block to be signed which should be separated from certificat verification. -->
+
+ <pd:Transition from="verifyCertificate" to="verifyAuthBlock" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyCertificate" to="getForeignID" />
+
+ <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
+ <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
+
+ <pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
+
+ <pd:Transition from="getMISMandate" to="finalizeAuthentication" />
+ <pd:Transition from="getForeignID" to="finalizeAuthentication" />
+
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+ <pd:EndEvent id="end" />
+
+</pd:ProcessDefinition>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
new file mode 100644
index 000000000..89f1edd06
--- /dev/null
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/moaid_elga_mandate_client_auth.beans.xml
@@ -0,0 +1,36 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+<!-- ELGA mandate-service client beans -->
+ <bean id="elgaMandatesAuthModule" class="at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthModuleImpl">
+ <property name="priority" value="1" />
+ </bean>
+
+ <bean id="FederatedAuthCredentialProvider"
+ class="at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider"/>
+
+ <bean id="FederatedAuthMetadataController"
+ class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthMetadataController"/>
+
+ <bean id="FederatedAuthSignalController"
+ class="at.gv.egovernment.moa.id.auth.modules.federatedauth.controller.FederatedAuthSignalController"/>
+
+
+<!-- Federated Authentication Process Tasks -->
+ <bean id="CreateFederatedAuthnRequestTask"
+ class="at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks.CreateAuthnRequestTask"
+ scope="prototype"/>
+
+ <bean id="ReceiveFederatedAuthnResponseTask"
+ class="at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks.ReceiveAuthnResponseTask"
+ scope="prototype"/>
+
+</beans> \ No newline at end of file
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index 94e1f7a3b..77d63c35c 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -27,8 +27,7 @@
<module>moa-id-module-eIDAS</module>
<!-- <module>moa-id-module-pvp2</module> -->
<module>moa-id-modules-federated_authentication</module>
-
- <module>moa-id-module-ssoTransfer</module>
+ <module>moa-id-module-elga_mandate_service</module>
</modules>
<dependencies>
diff --git a/pom.xml b/pom.xml
index 14a30d3c0..a450357d8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,6 +28,8 @@
<moa-spss-version>2.0.5-RC1</moa-spss-version>
<configtool-version>2.2.0-OPB-Snapshot</configtool-version>
<demo-oa-version>2.0.5</demo-oa-version>
+
+ <moa-id-module-elga_mandate_client>1.0.0-Snapshot</moa-id-module-elga_mandate_client>
<!-- Library Versions -->
<org.springframework.version>4.2.4.RELEASE</org.springframework.version>
@@ -480,12 +482,18 @@
<artifactId>moa-id-module-pvp2</artifactId>
<version>${moa-id-version}</version>
</dependency>
-
<dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-modules-federated_authentication</artifactId>
<version>${moa-id-version}</version>
</dependency>
+
+ <dependency>
+ <groupId>MOA.id.server.modules</groupId>
+ <artifactId>moa-id-module-elga_mandate_service</artifactId>
+ <version>${moa-id-module-elga_mandate_client}</version>
+ </dependency>
+
<dependency>