diff options
156 files changed, 10382 insertions, 1708 deletions
diff --git a/common/.classpath b/common/.classpath new file mode 100644 index 000000000..01edb156d --- /dev/null +++ b/common/.classpath @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="src" path="src/test/java"/>
+ <classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/common/.project b/common/.project new file mode 100644 index 000000000..d8e7fc611 --- /dev/null +++ b/common/.project @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-common</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ </natures>
+</projectDescription>
diff --git a/common/.settings/org.eclipse.jdt.core.prefs b/common/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..99f54a8bf --- /dev/null +++ b/common/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Wed Sep 12 10:16:21 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/common/pom.xml b/common/pom.xml index e8110385a..850613e97 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -2,12 +2,12 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA</groupId> <artifactId>moa-common</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <packaging>jar</packaging> <name>MOA common library</name> diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index 5c1314296..d1edbc38d 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -23,13 +23,16 @@ public interface Constants { public static final String STB_NS_URI = "http://reference.e-government.gv.at/namespace/standardtextblock/20041105#"; - /** Prefix used for the Mandate XML namespace */ + /** Prefix used for the standard text block XML namespace */ public static final String STB_PREFIX = "stb"; /** URI of the MOA XML namespace. */ public static final String MOA_NS_URI = "http://reference.e-government.gv.at/namespace/moa/20020822#"; + /** Name of the mandates infobox */ + public static final String INFOBOXIDENTIFIER_MANDATES = "Mandates"; + /** Prefix used for the Mandate XML namespace */ public static final String MD_PREFIX = "md"; @@ -78,7 +81,7 @@ public interface Constants { /** Local location of the MOA ID configuration XML schema definition. */ public static final String MOA_ID_CONFIG_SCHEMA_LOCATION = - SCHEMA_ROOT + "MOA-ID-Configuration-1.4.xsd"; + SCHEMA_ROOT + "MOA-ID-Configuration-1.4.2.xsd"; /** URI of the Security Layer 1.0 namespace. */ public static final String SL10_NS_URI = diff --git a/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java index 61b1a18ea..82c10d90f 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/StringUtils.java @@ -87,11 +87,11 @@ public class StringUtils { * Replaces each substring of string <code>s</code> that matches the given * <code>search</code> string by the given <code>replace</code> string. * - * @param s The string where the replacment should take place. + * @param s The string where the replacement should take place. * @param search The pattern that should be replaced. * @param replace The string that should replace all each <code>search</code> * string within <code>s</code>. - * @return A string whrer all occurrence of <code>search</code> are + * @return A string where all occurrence of <code>search</code> are * replaced with <code>replace</code>. */ public static String replaceAll (String s, String search, String replace) @@ -153,7 +153,7 @@ public class StringUtils { * @return XML expression, XML declaration removed */ public static String removeXMLDeclaration(String xmlString) { - if (xmlString.startsWith("<?xml")) { + if (xmlString!=null && xmlString.startsWith("<?xml")) { int firstElement = xmlString.indexOf("<", 1); return xmlString.substring(firstElement); } else { diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd new file mode 100644 index 000000000..5a87e3fde --- /dev/null +++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.4.2.xsd @@ -0,0 +1,506 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:element name="Binding" minOccurs="0">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="full"/>
+ <xsd:enumeration value="userName"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOABPK"/>
+ <xsd:enumeration value="MOAWBPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAStammzahl"/>
+ <xsd:enumeration value="MOAIdentificationValueType"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MOAKeyBoxSelector">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SecureSignatureKeypair"/>
+ <xsd:enumeration value="CertifiedKeypair"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration fĂĽr Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der
+ Authentisierungs-Komponente</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der
+ Proxy-Komponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+ <xsd:attribute name="type" use="optional" default="publicService">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:NMTOKEN">
+ <xsd:enumeration value="businessService"/>
+ <xsd:enumeration value="publicService"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") fĂĽr die
+ Zertifikatspfadvalidierung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
+ fĂĽr jeden TrustAnchor gesetzt werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="dsig:X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswĂĽrdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+ <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+ <xsd:enumeration value="AuthenticationData.TimeOut"/>
+ <xsd:enumeration value="TrustManager.RevocationChecking"/>
+ <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+ <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelection" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+ </xsd:sequence>
+ <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem
+ Security-Layer</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet mĂĽssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dĂĽrfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP ĂĽber das API
+ aufgerufen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der
+ Personenbindung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des
+ AUTH-Blocks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers des
+ IdentityLinks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest fĂĽr die Signatur des AUTH-Blocks
+ inkludiert</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="TemplatesType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TemplateType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyInfoboxesType">
+ <xsd:annotation>
+ <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="DefaultTrustProfile" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Optionales DefaultTrustprofil fĂĽr die ĂśberprĂĽfung aller weiteren Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Infobox" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Parameter fĂĽr ĂśberprĂĽfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>optionalervName, der fĂĽr Fehlermeldungen verwendet werden soll;
+ z.B.: "Stellvertretungen" fĂĽr "Mandates"; fehlt dieser Parameter, dann wird
+ das Identifier-Attribut verwendet</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>TrustProfil, das fĂĽr die ĂśberprĂĽfung der Infobox
+ verwendet werden soll</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Validatorklasse, die fĂĽr die PrĂĽfung der Infobox
+ verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
+ vom Default Package- und Klassennamen abweichen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+ <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen PrĂĽfapplikation
+ ĂĽbergeben werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="SchemaLocationType">
+ <xsd:annotation>
+ <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="Schema" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <!--xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="pr:AbstractSimpleIdentification"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element-->
+ <xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:choice>
+ <xsd:element ref="pr:Firmenbuchnummer"/>
+ <xsd:element ref="pr:ZMRzahl"/>
+ <xsd:element ref="pr:Vereinsnummer"/>
+ <xsd:element ref="pr:ERJPZahl"/>
+ <xsd:element name="AnyNumber">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="slVersion" use="optional" default="1.1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="1.1"/>
+ <xsd:enumeration value="1.2"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+ <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten SchlĂĽssel, der fĂĽr
+ die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+</xsd:schema>
diff --git a/id/oa/.classpath b/id/oa/.classpath new file mode 100644 index 000000000..5d93de69c --- /dev/null +++ b/id/oa/.classpath @@ -0,0 +1,4 @@ +<classpath> + <classpathentry kind="output" path="target/classes"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> +</classpath>
\ No newline at end of file diff --git a/id/oa/.project b/id/oa/.project new file mode 100644 index 000000000..cf4d83eff --- /dev/null +++ b/id/oa/.project @@ -0,0 +1,14 @@ +<projectDescription> + <name>moa-id-oa</name> + <comment/> + <projects/> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments/> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription> diff --git a/id/pom.xml b/id/pom.xml index ab3b59e7d..1d93d087c 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,14 +3,14 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA</groupId> <artifactId>id</artifactId> <packaging>pom</packaging> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <name>MOA ID</name> <modules> diff --git a/id/server/auth/.classpath b/id/server/auth/.classpath new file mode 100644 index 000000000..46c5c5ab0 --- /dev/null +++ b/id/server/auth/.classpath @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v5.0"/>
+ <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/auth/.project b/id/server/auth/.project new file mode 100644 index 000000000..a8a455ff2 --- /dev/null +++ b/id/server/auth/.project @@ -0,0 +1,44 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-id-auth</name>
+ <comment></comment>
+ <projects>
+ <project>moa-id-lib</project>
+ <project>moa-spss-lib</project>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.common.project.facet.core.builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.validation.validationbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>kr.javanese.devtools.m2wtp.wtpDepBuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+ <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+ <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+ <nature>kr.javanese.devtools.m2wtp.m2wtpNature</nature>
+ </natures>
+</projectDescription>
diff --git a/id/server/auth/.settings/org.eclipse.jdt.core.prefs b/id/server/auth/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..1b042e027 --- /dev/null +++ b/id/server/auth/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,7 @@ +#Fri Sep 14 14:27:19 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component new file mode 100644 index 000000000..f256fdc92 --- /dev/null +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-id-auth">
+<wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+<dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+<dependency-type>uses</dependency-type>
+</dependent-module>
+<dependent-module deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+<dependency-type>uses</dependency-type>
+<wb-resource deploy-path="/WEB-INF/LIB" source-path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+</dependent-module>
+<property name="java-output-path" value="target/classes"/>
+<property name="context-root" value="moa-id-auth"/>
+</wb-module>
+</project-modules>
diff --git a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml new file mode 100644 index 000000000..d0145894a --- /dev/null +++ b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+ <installed facet="jst.web" version="2.4"/>
+ <installed facet="jst.java" version="1.4"/>
+</faceted-project>
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 9870c7ef6..2c123a8ec 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -2,14 +2,14 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id.server</groupId> <artifactId>moa-id-auth</artifactId> <packaging>war</packaging> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <name>MOA ID-Auth WebService</name> <properties> @@ -35,14 +35,18 @@ <!-- extract moa-id classes for debugging --> <!--warSourceExcludes>WEB-INF/lib/moa-id-lib*.jar</warSourceExcludes--> - <!-- <webResources> <resource> + <directory>${basedir}/src/main/wsdl</directory> + <targetPath>WEB-INF/classes/resources/wsdl</targetPath> + </resource> + <!-- + <resource> <directory>${basedir}/../idserverlib/target/classes</directory> <targetPath>WEB-INF/classes</targetPath> </resource> - </webResources> --> + </webResources> </configuration> </plugin> </plugins> diff --git a/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF new file mode 100644 index 000000000..58630c02e --- /dev/null +++ b/id/server/auth/src/main/webapp/META-INF/MANIFEST.MF @@ -0,0 +1,2 @@ +Manifest-Version: 1.0
+
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 603758fb8..5c729ef19 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -22,6 +22,12 @@ <description>Verify identity link coming from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class> </servlet> + <servlet> + <servlet-name>ProcessInput</servlet-name> + <display-name>ProcessInput</display-name> + <description>Process user input needed by infobox validators</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> + </servlet> <servlet> <servlet-name>VerifyAuthBlock</servlet-name> <display-name>VerifyAuthBlock</display-name> @@ -37,9 +43,7 @@ <servlet> <servlet-name>AxisServlet</servlet-name> <display-name>Apache-Axis Servlet</display-name> - <servlet-class> - org.apache.axis.transport.http.AxisServlet - </servlet-class> + <servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class> </servlet> <!-- JSP servlet --> @@ -73,9 +77,13 @@ <url-pattern>/VerifyIdentityLink</url-pattern> </servlet-mapping> <servlet-mapping> - <servlet-name>VerifyAuthBlock</servlet-name> - <url-pattern>/VerifyAuthBlock</url-pattern> + <servlet-name>ProcessInput</servlet-name> + <url-pattern>/ProcessInput</url-pattern> </servlet-mapping> + <servlet-mapping> + <servlet-name>VerifyAuthBlock</servlet-name> + <url-pattern>/VerifyAuthBlock</url-pattern> + </servlet-mapping> <servlet-mapping> <servlet-name>ConfigurationUpdate</servlet-name> <url-pattern>/ConfigurationUpdate</url-pattern> diff --git a/id/server/auth/src/main/webapp/css/mandates.css b/id/server/auth/src/main/webapp/css/mandates.css new file mode 100644 index 000000000..7b6e550f0 --- /dev/null +++ b/id/server/auth/src/main/webapp/css/mandates.css @@ -0,0 +1,57 @@ +/* CSS Document */
+
+.hleft {
+ float: left;
+ width: 50%;
+}
+
+.hright {
+ float: left;
+ width: 49%;
+}
+
+.htitle {
+ padding-top: 15px;
+ clear: both;
+}
+
+.leiste1 {
+ background-color: #FF0000;
+ color: #FFFFFF;
+ font-weight: bold;
+ width: 15%;
+ float: left;
+ clear: left;
+ height: 20px;
+ padding-top: 5px;
+ padding-bottom: 5px;
+ FONT-SIZE: 0.9em;
+}
+
+.leiste2 {
+ background-color: #CCCCCC;
+ color: #000000;
+ float: left;
+ height: 20px;
+ width: 33%;
+ padding-top: 5px;
+ padding-bottom: 5px;
+}
+
+a.info {
+ color: #000000;
+ text-decoration: underline;
+}
+
+
+.leiste3 {
+ background-color: #CCCCCC;
+ color: #000000;
+ height: 20px;
+ float: left;
+ width: 17%;
+ padding-top: 5px;
+ padding-bottom: 5px;
+ FONT-SIZE: 0.8em;
+
+}
diff --git a/id/server/auth/src/main/webapp/css/styles.css b/id/server/auth/src/main/webapp/css/styles.css new file mode 100644 index 000000000..d91b993d1 --- /dev/null +++ b/id/server/auth/src/main/webapp/css/styles.css @@ -0,0 +1,741 @@ +/*
+|| Groesse der Seite auf A4 setzen
+|| Rand auf jeweils 10% der Seite setzen
+*/
+
+@page {
+ size: 21cm 29.7cm;
+ margin: 10%;
+}
+
+/*
+|| Font und Farben, die fuer das gesamte Dokument gueltig sind.
+*/
+
+body {
+ font-family: arial, helvetica, sans-serif;
+ background-color: white;
+ color: black;
+}
+
+/*
+|| Eingabefelder verwenden eine Monospace-Font (s. Laenderstyleguide 5.1)
+*/
+
+input, textarea, select {
+ font-family: monospace;
+}
+
+/*
+|| Schriftgroesse fuer Formulartitel
+*/
+
+h1 {
+ font-size: 1.3em;
+}
+
+/*
+|| Definitionen fuer die Kategorien (faerbiger Balken)
+*/
+
+h2 {
+ width: 98%;
+ background-color: #A02D2D;
+ color: white;
+ font-weight: bold;
+ font-size: 1em;
+ padding: 0.3em;
+ border-width: thin;
+ margin-bottom: 1em;
+}
+
+/*
+|| Subkategorie (zB Adresse innerhalb von Stammgewerbeberechtigung)
+*/
+
+h3 {
+ padding: 5px;
+ margin-bottom: 1px;
+ font-size: 0.8em;
+}
+
+/*
+|| Informationstext zu einer Kategorie
+*/
+
+h4 {
+ margin-bottom: 0.5em;
+ font-size: 0.8em;
+}
+
+fieldset {
+ border: none;
+}
+
+}
+
+legend {
+ display: none;
+}
+
+
+/*
+|| Informationstext im Info-Kaestchen
+*/
+
+.infotext {
+ padding: 0.8em;
+ float: left;
+ background-color: #EEEEEE;
+ color: black;
+ font-size: 0.8em;
+}
+
+/*
+|| Info-Link im Info-Kaestchen
+*/
+
+.infobutton {
+ float: left;
+ width: 2em;
+ background-color: red;
+ text-align: center;
+ font-size: 1.5em;
+ color: white;
+ font-weight: bold;
+ padding: 0.4em;
+ border-width: 0.25em;
+ border-style: outset;
+ border-style: -moz-bg-outset;
+}
+
+/*
+|| Info-Link soll weiss sein
+*/
+
+.infobutton a:link {
+ background-color: red;
+ color: white;
+ text-decoration: none;
+
+}
+
+/*
+|| Info-Link soll weiss sein, auch wenn Link schon einmal angeklickt wurde
+*/
+
+.infobutton a:visited {
+ background-color: red;
+ color: white;
+}
+
+/*
+|| Info-Link-Text soll weiss sein, auch wenn man mit der Maus drueberfaehrt
+*/
+
+.infobutton a:hover {
+ background-color: red;
+ color: white;
+}
+
+/*
+|| Begrenzung fuer das Info-Kaestchen
+*/
+
+.boundinginfobox {
+ width: 99%;
+ background-color: #EEEEEE;
+ color: black;
+ border-width: thin;
+}
+
+/*
+|| Begrenzung fuer Eingabefeldbereiche
+*/
+
+.boundingbox {
+ width: 99%;
+ background-color: #EEEEEE;
+ color: black;
+ border-width: thin;
+ margin-bottom: 1em;
+}
+
+/*
+|| Begrenzung, die Leittexte und Formulardaten im statischen Formular
+|| zusammenhaelt, sodass es bei einem Seitenumbruch beim Ausdruck
+|| nicht zu Verschiebungen kommt
+*/
+.printboundingbox {
+ width: 99%;
+}
+
+/*
+|| Bereich fuer die Leittexte
+*/
+
+.labelarea {
+ text-align: right;
+ width: 17%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+}
+
+/*
+|| Bereich fuer sehr lange Leittexte
+*/
+
+.labelareawidened {
+ text-align: right;
+ width: 50%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+}
+
+/*
+|| Leittextbereich ohne Angabe einer Breite (z.B. bei Stiege und Tuer; sonst generell (.labelarea) 17% der Gesamtbreite)
+*/
+
+.labelareanowidth {
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+}
+
+/*
+|| Legendenbereich (Icons)
+*/
+
+.legendarea {
+ width: 30px;
+ text-align: left;
+ float: left;
+ padding-left: 4px;
+ padding-top: 5px;
+ vertical-align: middle;
+}
+
+/*
+|| Legendenbereich fuer den Stern (in Kombination mit einem Rufzeichen)
+*/
+
+.legendareastar {
+ width: 13px;
+ float: left;
+ padding-left: 4px;
+ padding-top: 5px;
+ vertical-align: middle;
+}
+
+/*
+|| Legendenbereich fuer das Info-Icon
+*/
+
+.legendareainfo {
+ width: 17px;
+ float: left;
+ padding-top: 5px;
+ vertical-align: middle;
+}
+
+/*
+|| Bereich fuer ein einzelnes Eingabefeld
+*/
+
+.inputfieldarea {
+ float: left;
+ padding: 4px;
+}
+
+/*
+|| Bereich fuer das erste Eingabefeld, wenn zwei in einer Zeile
+|| = Eingabefeldbereich, dessen Breite auf 26% begrenzt ist (.inputfieldarea hat keine Begrenzung)
+*/
+
+.inputfieldareafortwo {
+ width: 26%;
+ float: left;
+ padding: 4px;
+}
+
+
+/*
+|| e-Goverment Schriftzug im Logo
+*/
+
+.egovlogo {
+ text-align: center;
+ background-color: white;
+ color: #008B8B;
+ font-weight: bold;
+ font-style: italic;
+ font-size: 1.7em;
+}
+
+/*
+|| help.gv.at-Schriftzug im Logo
+*/
+
+.egovtext {
+ text-align: center;
+ background-color: white;
+ color: black;
+ font-weight: bold;
+ font-size: 1.2em;
+}
+
+/*
+|| Bereich fuer den Titel des Formulars links vom Logo
+*/
+
+.titlebox {
+ float: left;
+ width: 65%;
+ margin-bottom: 1em;
+}
+
+/*
+|| Bereich fuer das Logo
+*/
+
+.logobox {
+ float: right;
+ margin-bottom: 1em;
+}
+
+/*
+|| Allgemeiner Informationstext zu einem Formular (zwischen Formulartitel
+|| und Info-Kaestchen
+*/
+
+.introtext {
+ font-weight: bold;
+ margin-bottom: 1em;
+}
+
+/*
+|| Link "Zum Formularanfang"
+*/
+
+.formtop {
+ float: right;
+}
+
+/*
+|| Bereich fuer die Steuerungs-Buttons (Senden, Abbrechen, etc.)
+*/
+
+.buttonarea {
+ margin-top: 0.5em;
+ text-align: center;
+}
+
+/*
+|| Aussehen der Steuerungs-Buttons
+*/
+
+.button {
+ font-family: arial, helvetica, sans-serif;
+ font-size: 1em;
+}
+
+/*
+|| Formularkennung/Fusszeile des Formulars
+*/
+
+.formid {
+ float: left;
+ font-style: italic;
+ font-size: 0.8em;
+ background-color: #008B8B;
+ color: white;
+ padding: 0.5em;
+}
+
+/*
+|| Behoerdenanschrift
+*/
+
+.organizationaddress {
+ font-style: italic;
+ margin-top: 1em;
+ margin-bottom: 1em;
+}
+
+/*
+|| Behoerdenanschrift mit Logo
+*/
+
+.organizationaddresslogo {
+ font-style: italic;
+ margin-top: 1em;
+ margin-bottom: 1em;
+ float: left;
+}
+
+/*
+|| Beilagen-Tabelle
+*/
+
+.attachmenttable {
+ width: 99%;
+ background-color: #EEEEEE;
+ color: black;
+ border-width: thin;
+ border-collapse: collapse;
+ margin-bottom: 1em;
+}
+
+/*
+|| Spaltenueberschrift "lfd Nr"
+*/
+
+.attachmenttitlenumber {
+ border-bottom: thin solid black;
+ border-right: thin solid black;
+ padding: 0.3em;
+ font-size: 0.8em;
+}
+
+/*
+|| Spaltenueberschrift "Beilage"
+*/
+
+.attachmenttitlename {
+ border-bottom: thin solid black;
+ border-right: thin solid black;
+ padding: 0.5em;
+ text-align: left;
+ font-size: 0.8em;
+}
+
+
+/*
+|| Spaltenueberschriften "nachgereicht" und "angefuegt"
+*/
+
+.attachmenttitleselection {
+ padding: 0.3em;
+ text-align: center;
+ border-left: thin solid black;
+ border-bottom: thin solid black;
+ font-size: 0.8em;
+}
+
+/*
+|| Spaltenueberschrift "Datei"
+*/
+
+.attachmenttitlefile {
+ padding: 0.3em;
+ text-align: left;
+ border-bottom: thin solid black;
+ font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "lfd Nr"
+*/
+
+.attachmentnumber {
+ text-align: center;
+ border-left: thin solid #EEEEEE;
+ border-right: thin solid black;
+ padding: 0.3em;
+ font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "Beilage"
+*/
+
+.attachmentname {
+ text-align: left;
+ border-left: thin solid black;
+ border-right: thin solid black;
+ padding: 0.5em;
+ font-size: 0.8em;
+}
+
+/*
+|| Zellen der Spalte "Datei"
+*/
+
+.attachmentfile {
+ text-align: left;
+ border-right: thin solid #EEEEEE;
+ padding: 0.3em;
+}
+
+/*
+|| Zellen der Spalte "angefuegt"
+*/
+
+.attachmentselectiononline {
+ text-align: center;
+ padding: 0.3em;
+ border-left: solid black thin;
+}
+
+/*
+|| Zellen der Spalte "nachgereicht"
+*/
+
+.attachmentselectionpost {
+ text-align: center;
+ border-left: solid black thin;
+ padding: 0.3em;
+}
+
+/*
+|| unsichtbarer Bereich
+*/
+
+.hide {
+ visibility: hidden;
+ display: none;
+}
+
+/*
+|| sichtbarer Bereich
+*/
+
+.show {
+ visibility: visible;
+ display: block;
+}
+
+/*
+|| readonly-Felder
+*/
+
+.deactive {
+ background-color: #D3D3D3;
+ color: gray;
+}
+
+/*
+|| Fehlertexte (bei fehlerhaften Eingaben)
+*/
+
+.errortext {
+ color: red;
+ background-color: white;
+ font-size: 1em;
+ border: solid red 2px;
+ padding: 0.5em;
+ width: 97%;
+}
+
+.errortext a:visited , .errortext a:link, .errortext a:hover {
+ color: red;
+}
+
+/*
+|| simuliertes Readonly-Eingabefeld, das in Wirklichkeit
+|| Text mit einem Rahmen ist
+*/
+
+.readonlybutton {
+ width: 20em;
+ background-color: #D3D3D3;
+ color: gray;
+ border-color: gray;
+ border-width: thin;
+ border-style: inset;
+ font-family: monospace;
+}
+
+/*
+|| Vertikale Ausrichtung des Info-Icons im Beilagenbereich
+*/
+
+.imagevertalign {
+ vertical-align: middle;
+}
+
+/*
+|| Unterbindet Rahmen bei Bildern mit hinterlegtem Link
+*/
+
+a img {
+ border: none;
+}
+
+/*
+|| MOA-Ergebnis-Tabelle
+*/
+
+.MOA-SP-ergebnis-tabelle {
+ width: 100%;
+ border: thin solid black;
+ border-collapse: collapse;
+ margin-bottom: 1em;
+}
+
+/*
+|| MOA-Ergebnis-Tabellenemelemente
+*/
+
+.MOA-SP-ergebnis-zelle, .MOA-SP-ergebnis-header {
+ border: thin solid black;
+ text-align: left;
+ padding: 0.3em;
+ background-color: #EEEEEE;
+}
+
+/*
+|| MOA-Ergebnis-Tabelle Fehlermeldungen
+*/
+
+.moa-sp-error {
+ color: red;
+ font-weight: bold;
+}
+
+/*
+|| Signaturblock-Tabelle
+*/
+
+.sigblock-tabelle {
+ width: 100%;
+ border: thin solid black;
+ border-collapse: collapse;
+ margin-bottom: 1em;
+}
+
+/*
+|| Signaturblock-Tabellenelemente
+*/
+
+.sigblock-zelle, .sigblock-header {
+ border: thin solid black;
+ text-align: left;
+ padding: 0.3em;
+ background-color: #EEEEEE;
+}
+
+/*
+|| Formular mit mehreren Seiten, Angabe der aktuellen Seite
+*/
+
+.steps {
+ text-align: right;
+ font-weight: bold;
+ padding: 0.3em;
+ margin-right: 0.3em;
+ font-style: italic;
+}
+
+/*
+|| Bereich fuer Formularliste
+*/
+
+.labelareaform {
+ text-align: left;
+ width: 50%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ font-weight: bold;
+ vertical-align: middle;
+}
+
+/*
+|| Bereich fuer Bestellung und Details bei Formularbestellungen
+*/
+
+.labelareaorderdetail {
+ text-align: center;
+ width: 17%;
+ float: left;
+ padding: 5px;
+ font-size: 0.8em;
+ vertical-align: middle;
+ font-weight: bold;
+}
+
+/*
+|| Farbe der Verfahrens-Tabellenzeilen mit geradem Index
+*/
+
+.evenformrow {
+ background-color: #EEEEEE;
+}
+
+/*
+|| Farbe der Verfahrens-Tabellenzeilen mit ungeradem Index
+*/
+
+.oddformrow {
+ background-color: lightgrey;
+}
+
+/*
+|| Sicherheitsabfrage in der Verfahrensverwaltung
+*/
+
+.checktext {
+ color: red;
+ padding: 0.5em;
+ border: solid 2px red;
+ margin: 1em;
+}
+
+/*
+|| Buttons der Eingangsstelle
+*/
+
+.eingang_button {
+ line-height: 2em;
+ border-width: 2px;
+ border-color: grey;
+ padding: 4px;
+ background-color: lightgrey;
+ border-style: outset;
+ border-style: -moz-bg-outset;
+}
+
+/*
+|| Buttonlinks der Eingangsstelle
+*/
+
+.eingang_button_link {
+ color: black;
+ text-decoration: none;
+}
+
+/*
+|| F�r den Farbenwechsel bei den Beilagen-Tabellen
+*/
+
+table.attachmenttable tr.s
+{
+ background-color: lightgrey;
+}
+
+/*
+|| Farbe der Titelzeile bei den Beilagen-Tabellen
+*/
+
+table.attachmenttable thead
+{
+ background-color: #aaaaaa;
+}
+
+/*
+|| Aktuell fokussiertes Eingabefeld visuell hervorheben (Styleguide Anforderung)
+*/
+
+input:focus, input.field:focus, select:focus, textarea:focus {
+ border: 2px solid black;
+}
+
+select:focus {
+ background-color: #FFFFFE;
+}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/styles_opera.css b/id/server/auth/src/main/webapp/css/styles_opera.css new file mode 100644 index 000000000..a2ea527bf --- /dev/null +++ b/id/server/auth/src/main/webapp/css/styles_opera.css @@ -0,0 +1,11 @@ +/*
+|| In Opera funktioniert das Aus- und Einblenden von HTML-Bloecken
+|| mittels JavaScript-Zugriff auf DOM-Objekte nicht, daher muss
+|| die Definition der Klasse .hide in diesem Browser durch eine
+|| "sichtbare" Definition ueberlagert werden
+*/
+
+.hide {
+ visibility: visible;
+ display: block;
+}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/img/egov_schrift.gif b/id/server/auth/src/main/webapp/img/egov_schrift.gif Binary files differnew file mode 100644 index 000000000..aea64ef5e --- /dev/null +++ b/id/server/auth/src/main/webapp/img/egov_schrift.gif diff --git a/id/server/auth/src/main/webapp/img/info.gif b/id/server/auth/src/main/webapp/img/info.gif Binary files differnew file mode 100644 index 000000000..f9e1bb00f --- /dev/null +++ b/id/server/auth/src/main/webapp/img/info.gif diff --git a/id/server/auth/src/main/webapp/img/rufezeichen.gif b/id/server/auth/src/main/webapp/img/rufezeichen.gif Binary files differnew file mode 100644 index 000000000..fbad8d758 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/rufezeichen.gif diff --git a/id/server/auth/src/main/webapp/img/stern.gif b/id/server/auth/src/main/webapp/img/stern.gif Binary files differnew file mode 100644 index 000000000..77c53d1c3 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/stern.gif diff --git a/id/server/auth/src/main/webapp/javascript/fa.js b/id/server/auth/src/main/webapp/javascript/fa.js new file mode 100644 index 000000000..ffa4031b1 --- /dev/null +++ b/id/server/auth/src/main/webapp/javascript/fa.js @@ -0,0 +1,8 @@ +function deactivateApplicant( ) {
+ if ( document.formular.familienname.value != '' )
+ toggleActive( document.formular.familienname, 'deactive' );
+ if ( document.formular.vorname.value != '' )
+ toggleActive( document.formular.vorname, 'deactive' );
+ if ( document.formular.geburtsdatum.value != '' && document.formular.geburtsdatum.value != 'JJJJ-MM-TT' )
+ toggleActive( document.formular.geburtsdatum, 'deactive' );
+}
diff --git a/id/server/auth/src/main/webapp/javascript/formallg.js b/id/server/auth/src/main/webapp/javascript/formallg.js new file mode 100644 index 000000000..65d7bbedf --- /dev/null +++ b/id/server/auth/src/main/webapp/javascript/formallg.js @@ -0,0 +1,315 @@ +/*
+|| Die Funktion displayElement() macht ein verstecktes HTML-Element sichtbar.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des sichtbarzumachenden HTML-Elements
+||
+*/
+
+function displayElement( element_id ) {
+ if ( notNN4( ) )
+ {
+ var elementToDisplay = document.getElementById( element_id );
+ elementToDisplay.className = 'show';
+ }
+}
+
+
+
+/*
+|| Die Funktion hideElement() macht ein HTML-Element unsichtbar.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des zu versteckenden HTML-Elements
+||
+*/
+
+function hideElement( element_id ) {
+ if ( notNN4( ) )
+ {
+ var elementToHide = document.getElementById( element_id );
+ elementToHide.className = 'hide';
+ }
+}
+
+
+
+/*
+|| Die Funktion resetValue() setzt Radiobuttons, Dropdown-Menues und Checkboxes auf ihre
+|| Ausgangswerte (beim Laden des Formulars) zurueck.
+||
+|| IN-Parameter: element ... Radiobutton-, Dropdown- oder Checkbox-Element
+||
+*/
+
+function resetValue( element ) {
+ for ( var i = 0; i < element.length; i++ )
+ {
+ element[i].checked = element[i].defaultChecked;
+ element[i].selected = element[i].defaultSelected;
+ }
+}
+
+
+
+/*
+|| Die Funktion toggleDisplay() invertiert die Sichtbarkeit eines
+|| HTML-Elements.
+|| Das HTML-Element ist in aller Regel ein mit <div> ... </div> umspannter
+|| HTML-Abschnitt.
+||
+|| IN-Parameter: element_id ... ID des zu invertierenden HTML-Elements
+||
+*/
+
+function toggleDisplay( element_id ) {
+ if ( notNN4( ) )
+ {
+ var elementToToggle = document.getElementById( element_id );
+ var elementClass = elementToToggle.className;
+ if ( elementClass == 'hide' )
+ elementToToggle.className = "display";
+ else
+ elementToToggle.className = "hide";
+ }
+}
+
+/*
+|| Die Funktion toggleActive() setzt das Attribut 'readonly' eines
+|| HTML-Eingabeelements.
+||
+|| IN-Parameter: element ... HTML-Eingabeelement
+|| IN-Parameter: status ... entweder 'active' oder 'deactive'
+||
+*/
+
+function toggleActive( element, status ) {
+
+ if ( notNN4( ) )
+ {
+ var elementToToggle = document.getElementById( element.id );
+
+ if ( status == 'active' )
+ {
+ element.readOnly = false;
+ elementToToggle.className = "active";
+ }
+ else
+ {
+ element.readOnly = true;
+ elementToToggle.className = "deactive";
+ }
+ }
+}
+
+
+
+/*
+|| Die Funktion changeActivity() setzt das Attribut 'readonly' eines
+|| HTML-Eingabeelements in Abhaengigkeit des Uebergabeparameters 'value'.
+||
+|| IN-Parameter: value ... Wert eines HTML-Eingabelements
+|| IN-Parameter: element ... HTML-Eingabeelement
+||
+*/
+
+function changeActivity( value, element ) {
+ if ( value == null || value == '' )
+ toggleActive( element, 'active' );
+ else
+ toggleActive( element, 'deactive' );
+}
+
+
+
+/*
+|| Die Funktion pasteValueAndDeactivate() setzt den Wert eines HTML-Eingabeelements
+|| und setzt das Attribut 'readonly', je nachdem ob der uebergebene Wert ungleich
+|| dem Leerstring ist oder nicht.
+||
+|| IN-Parameter: value ... zu setzender Wert
+|| IN-Parameter: element ... HTML-Eingabeelement
+||
+*/
+
+function pasteValueAndDeactivate( value, element ) {
+ if ( notNN4( ) )
+ {
+ var elementToSet = document.getElementById( element.id );
+ elementToSet.value = value;
+ if ( value != null && value != '' )
+ {
+ element.readOnly = true;
+ elementToSet.className = "deactive";
+ }
+ else
+ {
+ element.readOnly = false;
+ elementToSet.className = "active";
+ }
+ }
+}
+
+
+
+/*
+|| Die Funktion popitup() oeffnet im Browser links oben ein Fenster
+|| mit bestimmten Eigenschaften (keine Statuszeile, kein Browsermenue, etc.).
+|| URL und Groesse des Fensters werden als Parameter uebergeben.
+||
+|| IN-Parameter: url ... in dem Fenster zu oeffnende URL
+|| IN-Parameter: win_width ... Breite des zu oeffnenden Fensters
+|| IN-Parameter: win_height ... Hoehe des zu oeffnenden Fensters
+||
+*/
+
+function popitup( url, win_width, win_height ) {
+ var features = "resizable, scrollbars=yes,status=no, menubar=no, toolbar=no, screenX=20, screenY=20, width=" + win_width + ", height=" + win_height;
+ newwindow=window.open( url, 'Info', features );
+ /* die folgende Anweisung verursacht im IE eine Zugriffsverletzung, daher auskommentiert! */
+ // newwindow.moveTo( 20, 20);
+ if ( window.focus )
+ newwindow.focus( );
+}
+
+
+
+/*
+|| Die Funktion initialize() deaktiviert das StyleSheet styles_opera.css (ausser fuer Opera).
+|| Ausserdem werden in Browsern, die JavaScript aktiviert haben, die Icon-Info-Links durch href-Werte ersetzt,
+|| die kein neues Browser-Fenster, sondern ein kleines Fenster oeffnen (s. Funktion javascriptWindows).
+|| Der Parameter url hat entweder den Wert http://www.help.gv.at/formulare/infotexte/ oder
+|| http://e-www.help.gv.at/linkdb/formulare/infotexte/, je nachdem in welcher Umgebung man sich befindet
+*/
+
+function initialize( url ) {
+ if ( notNN4( ) ) {
+ if (document.getElementsByTagName) {
+ if ( document.getElementsByTagName('link').length > 1 )
+ {
+ document.getElementsByTagName('link')[1].disabled = true;
+ javascriptWindows( url );
+ }
+ schattieren( );
+ }
+ }
+}
+
+
+/*
+|| Die Funktion javascriptWindows() ersetzt in den Formularen bei aktiviertem JavaScript
+|| die Links bei den Infobuttons durch window.open-Befehle, so dass diese Infotexte in
+|| einem kleinen Fenster im Browser links oben geoeffnet werden.
+|| Der Parameter url hat entweder den Wert http://www.help.gv.at/formulare/infotexte/ oder
+|| http://e-www.help.gv.at/linkdb/formulare/infotexte/, je nachdem in welcher Umgebung man sich befindet.
+*/
+
+function javascriptWindows( url ) {
+ var aElement,
+ href,
+ newHref,
+ lastIndex;
+ if ( notNN4( ) )
+ {
+ for ( var i = 0; i < document.getElementsByTagName( 'a' ).length; i++ )
+ {
+ aElement = document.getElementsByTagName( 'a' )[i];
+ href = aElement.href;
+ if ( href.indexOf( 'info_' ) != -1 )
+ {
+ lastIndex = href.lastIndexOf( '/' );
+ newHref = href.substring( lastIndex + 1 );
+ newHref = "javascript:popitup('" + url + newHref + "',660,500);";
+ aElement.setAttribute( 'href', newHref );
+ aElement.setAttribute( 'target', '_self' );
+ }
+ }
+ }
+}
+
+/*
+|| Die Funktion submitButton() erzeugt einen Submit-Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt.
+|| Wurde durch die Funktion generateButton() abgeloest.
+*/
+
+function submitButton( ) {
+ document.writeln('<input type="button" name="JavaScriptButton" value="Senden" class="button" ' +
+ 'onclick="document.formular.Senden.value=\'Senden\'; document.formular.submit()" ' +
+ 'onkeypress="document.formular.Senden.value=\'Senden\'; document.formular.submit()" />');
+}
+
+/*
+|| Die Funktion cancelButton() erzeugt einen Abbrechen-Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt.
+|| Wurde durch die Funktion generateButton() abgeloest.
+*/
+
+function cancelButton( ) {
+ document.writeln('<input type="button" name="JavaScriptButton" value="Abbrechen" class="button" ' +
+ 'onclick="document.formular.Senden.value=\'Abbrechen\'; document.formular.submit()" ' +
+ 'onkeypress="document.formular.Senden.value=\'Abbrechen\'; document.formular.submit()" />');
+}
+
+/*
+|| Die Funktion generateButton() erzeugt einen Button, der ein automatisches
+|| Abschicken verhindert, wenn der User in einem Eingabefeld die Return-Taste
+|| betaetigt. Die Art des Buttons wird durch den uebergebenen Wert bestimmt.
+|| Moegliche Werte: Senden, Abbrechen, Signieren, etc.
+*/
+
+function generateButton( kind ) {
+
+ document.write('<input type="button" name="JavaScriptButton" value="' + kind + '" class="button" ' +
+ 'onclick="' );
+ if ( kind == 'Druckversion' )
+ document.write( 'document.formular.target=\'_blank\' ;' );
+ else
+ document.write( 'document.formular.target=\'_self\' ; ' );
+ document.write( 'document.formular.Senden.value=\'' + kind + '\'; document.formular.submit()" ' +
+ 'onkeypress="' );
+ if ( kind == 'Druckversion' )
+ document.write( 'document.formular.target=\'_blank\'; ' );
+ else
+ document.write( 'document.formular.target=\'_self\';' );
+ document.writeln( 'document.formular.Senden.value=\'' + kind + '\'; document.formular.submit()" />');
+
+}
+
+/*
+|| Die Funktion NN4 testet, ob es sich bei dem Browser um einen Netscape
+|| Navigator der Version 4 handelt.
+*/
+
+function notNN4( ) {
+ return ( ! document.layers );
+}
+
+/*
+|| Die Funktion schattieren setzt in den Beilagen-Tabellen abwechselnd Farben
+|| Quelle: Andreas Borutta, http://borumat.de/html/tab-schattieren.php
+*/
+
+
+function schattieren () {
+var tabelle=document.getElementsByTagName("table");
+ for(i=0; i<=tabelle.length-1; i++) {
+ var klasse=tabelle[i].className;
+ var pos1=klasse.indexOf("attachmenttable");
+ if (pos1 > -1) {
+ pos1=klasse.indexOf("ab_");
+ if (pos1 > -1 ) var von=parseInt(klasse.substr(pos1+3,2));
+ else var von=3;
+ var pos2=klasse.indexOf("fuss_");
+ if (pos2 > -1 ) var fuss=parseInt(klasse.substr(pos2+5,2));
+ else var fuss=0;
+ var reihe=tabelle[i].getElementsByTagName("tr");
+ for (j=von -1; j<=reihe.length -fuss -1; j=j+2)
+ reihe[j].className="s";
+ } //endIf
+ } //endFor
+} //endFunc
diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl b/id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl index 5751b3e58..5751b3e58 100644 --- a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.0.wsdl +++ b/id/server/auth/src/main/wsdl/MOA-ID-1.0.wsdl diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl b/id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl index 45152cb38..5466a0b6f 100644 --- a/id/server/auth/src/main/resources/resources/wsdl/MOA-ID-1.x.wsdl +++ b/id/server/auth/src/main/wsdl/MOA-ID-1.x.wsdl @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?>
<definitions name="MOA" targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:moa="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:xsd="http://www.w3.org/1999/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/ http://schemas.xmlsoap.org/wsdl/">
- <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="../resources/schemas/MOA-SPSS-1.2.xsd"/>
+ <import namespace="http://reference.e-government.gv.at/namespace/moa/20020822#" location="MOA-SPSS-1.2.xsd"/>
<message name="GetAuthenticationDataInput">
<part name="body" element="samlp:Request"/>
</message>
diff --git a/id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd b/id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd index d7a06d6e7..d7a06d6e7 100644 --- a/id/server/auth/src/main/resources/resources/wsdl/MOA-SPSS-1.2.xsd +++ b/id/server/auth/src/main/wsdl/MOA-SPSS-1.2.xsd diff --git a/id/server/component-idlibs.xml b/id/server/component-idlibs.xml new file mode 100644 index 000000000..c967690d5 --- /dev/null +++ b/id/server/component-idlibs.xml @@ -0,0 +1,39 @@ +<component> + <dependencySets> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:dll:win32</include> + </includes> + <outputDirectory>/pkcs11/win32</outputDirectory> + <outputFileNameMapping>pkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:so:linux</include> + </includes> + <outputDirectory>/pkcs11/linux</outputDirectory> + <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:so:solaris_sparc</include> + </includes> + <outputDirectory>/pkcs11/solaris_sparc</outputDirectory> + <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:so:solaris_sparcv9</include> + </includes> + <outputDirectory>/pkcs11/solaris_sparcv9</outputDirectory> + <outputFileNameMapping>libpkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + <dependencySet> + <includes> + <include>iaik.prod:iaik_Pkcs11Wrapper:dll:wince30arm</include> + </includes> + <outputDirectory>/pkcs11/wince30arm</outputDirectory> + <outputFileNameMapping>pkcs11wrapper.${extension}</outputFileNameMapping> + </dependencySet> + </dependencySets> +</component>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml index 7e22ee05f..0f3f9dbba 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -1,104 +1,153 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> - </AuthComponent> - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml index 6dab6911a..ab99176dd 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml @@ -1,126 +1,173 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt --> +<!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml index f8dd375d1..25485432d 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml @@ -1,113 +1,162 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID ohne Proxy mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext +--> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> + </AuthComponent> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml index c60101e8d..05db0b923 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml @@ -1,133 +1,182 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-ID mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> + </AuthComponent> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH --> - <AuthComponent> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH --> + <AuthComponent> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml index 9dc42ee2e..0b2fc2189 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration.xml @@ -1,112 +1,158 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt; - Harald Bratko, IAIK --> +<!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> - - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> - - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> - - </AuthComponent> - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml index e92678b27..8643998d5 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfigurationProxy.xml @@ -1,134 +1,179 @@ <?xml version="1.0" encoding="UTF-8"?> -<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt; - Harald Bratko, IAIK --> +<!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer A-Trust und A1-Signatur --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> - <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> - - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> - - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> - - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> - - - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- ConnectionParameter URL="http://moa.gv.at/moa-spss-test/services/SignatureVerification"/ --> + <!-- ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"/ --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <TrustProfileID>MOAIDBuergerkartePersonenbindung</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDaten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> + + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> + + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> - - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml index 7617737dd..1b21fa767 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKs.xml @@ -1,118 +1,166 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID ohne Proxy mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt, - Harald Bratko, IAIK --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> + + </AuthComponent> + + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + </OnlineApplication> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- publicURLPrefix referenziert hier keine richtige Online Applikation; muss angepasst werden --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml index 264f6f6e3..55d1654fe 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml @@ -1,140 +1,187 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Beispielkonfiguration fuer MOA-WID mit Unterstuetzung fuer - A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext - Rudolf Schamberger, Stabsstelle IKT-Strategie des Bundes, Bundeskanzleramt, - Harald Bratko, IAIK --> + A-Trust und A1-Signatur, sowie die Testbuergerkarten a.sign test government und SeLaNext --> <MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> - <!-- Konfiguration fuer MOA-ID-AUTH --> - <AuthComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> - <BKUSelection BKUSelectionAlternative="HTMLSelect"> - <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - </ConnectionParameter> - </BKUSelection> - <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte"<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> - <SecurityLayer> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> - - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </SecurityLayer> - <MOA-SP> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. - Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> - <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - <!-- </ConnectionParameter> --> - - <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyIdentityLink> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> - <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> - </VerifyIdentityLink> - <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> - <VerifyAuthBlock> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- Konfiguration fuer MOA-ID-AUTH --> + <AuthComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des verwendeten BKU-Auswahl Service --> + <BKUSelection BKUSelectionAlternative="HTMLSelect"> + <ConnectionParameter URL="http://auswahl.buergerkarte.at/htmlcode"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + </ConnectionParameter> + </BKUSelection> + <!-->Globale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren <--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Transformationen fuer die Anzeige des AUTH-Block im Secure Viewer --> + <SecurityLayer> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </SecurityLayer> + <MOA-SP> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-SP Web Service, falls MOA-SP ueber Web Service angesprochen wird. + Wenn MOA-SP direkt ueber API aufgerufen werden soll, so wird das Element auskommentiert --> + <!-- <ConnectionParameter URL="http://localhost:8080/moa-spss/services/SignatureVerification"> --> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + <!-- </ConnectionParameter> --> + <!-- TrustProfile fuer den IdentityLink der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyIdentityLink> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuezt) --> + <TrustProfileID>MOAIDBuergerkartePersonenbindungMitTestkarten</TrustProfileID> + </VerifyIdentityLink> + <!-- TrustProfile fuer die Signatur des Benutzers mit der Buergerkarte (muss in MOA-SP konfiguriert sein) --> + <VerifyAuthBlock> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <TrustProfileID>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</TrustProfileID> + <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> + <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> + <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> + <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> + </VerifyAuthBlock> + </MOA-SP> - <!-- VerifyTransformsInfoProfile mit den Transformationen fuer die Anzeige der Anmeldedaten im Secure Viewer (muss in MOA-SP konfiguriert sein) --> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText</VerifyTransformsInfoProfileID> - <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlockText_deprecated</VerifyTransformsInfoProfileID> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID> --> - <!-- <VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock_deprecated</VerifyTransformsInfoProfileID> --> + <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> + <!-- IdentityLinkSigners--> + <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> + <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> + <!--/IdentityLinkSigners--> - <!-->Auskommentieren, falls die in der Beispiel-Onlineapplikation definierte Transformationverwendet wird:<--> - <!--VerifyTransformsInfoProfileID>MOAIDTransformAuthBlock</VerifyTransformsInfoProfileID--> - </VerifyAuthBlock> - </MOA-SP> + <VerifyInfoboxes> + <Infobox Identifier="Mandates" required="false" provideStammzahl="true" provideIdentityLink="true"> + <FriendlyName>Vollmachten</FriendlyName> + <ApplicationSpecificParameters> + <!-- Kompatibilitaetsmodus: der Vertreter darf sich mit Vollmacht als der Vetretene anmelden --> + <CompatibilityMode>true</CompatibilityMode> + <!-- + <ConnectionParameter URL="http://demo.egiz.gv.at/moavv/services/moavvService"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!- - ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore - -> + </ConnectionParameter> + <mdp:MandateCheckProfileReference xmlns:mdp="http://reference.e-government.gv.at/namespace/mandateprofile/20041105#" ProfileName="Postvollmacht" ProfileVersion="1"/> + --> + <!-- In der folgenden Zeile kann der Vollmachten Validator deaktiviert werden (berufliche Parteienvertretung bleibt aktiviert, soferne Vertretungen konfiguriert sind)> --> + <EnableInfoboxValidator>false</EnableInfoboxValidator> + <PartyRepresentation> + <!-- Standardklasse, die Daten vervollstaendigt --> + <!-- InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor--> + <!-- User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) --> + <!--AlwaysShowForm>true</AlwaysShowForm--> + <!-- Standard-Stammzahlenregister-Gateway --> + <ConnectionParameter URL="https://pathToSZRGateway/szr-gateway/services/MandateCreation"> + <!-- AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates--> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + <!-- Notare --> + <PartyRepresentative oid="1.2.40.0.10.3.1" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Notariatseigenschaft"/> + <!-- Rechtsanwaelte --> + <PartyRepresentative oid="1.2.40.0.10.3.2" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft"/> + <!-- Ziviltechniker --> + <!-- + <PartyRepresentative oid="1.2.40.0.10.3.3" representPhysicalParty="true" representCorporateParty="true" representationText="berufliche(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft)" + <!- - Standardklasse, die Daten vervollstaendigt - -> + <!- - InputProcessor template="/resources/templates/ParepTemplate.html">at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl</InputProcessor- -> + <!- - User-Inputformular immer anzeigen (auch wenn die notwendigen Daten bereits vollstaendig vorausgefuellt vorhanden sind) - -> + <!- - AlwaysShowForm>true</AlwaysShowForm- -> + <!- - Standard-Stammzahlenregister-Gateway - -> + <ConnectionParameter URL="https://129.27.142.5:8443/szr-gateway/services/MandateCreation"> + <!- - AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates- -> + <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> + </ConnectionParameter> + </PartyRepresentative> + --> + <!-- Organwalter --> + <PartyRepresentative oid="1.2.40.0.10.3.10" representPhysicalParty="true" representCorporateParty="false" representationText="Organwalter"/> + </PartyRepresentation> + </ApplicationSpecificParameters> + </Infobox> + </VerifyInfoboxes> - <!-- Gueltige Signatoren des IdentityLinks, der von der Buergerkarte gelesen wird --> - <!-- IdentityLinkSigners--> - <!-- Testkarten (a.sign test government sowie Security Kapsel Neu/SeLaNext ab Version 1.0.3 wird unterstuetzt) --> - <!--X509SubjectName>CN=Test Signaturdienst Personenbindung,OU=IKT-Stabsstelle des Bundes,O=Bundeskanzleramt,C=AT</X509SubjectName--> - <!--/IdentityLinkSigners--> - </AuthComponent> - - <!-- Konfiguration fuer MOA-ID-PROXY --> - <ProxyComponent> - <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> - <AuthComponent> - <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </AuthComponent> - </ProxyComponent> + </AuthComponent> + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://localhost:8080/moa-id-auth/services/GetAuthenticationData"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> - <!-- Eintragung fuer jede Online-Applikation --> - <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> - <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> - <!-- fuer MOA-ID-AUTH WID Modus --> - <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> - <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> - <IdentificationNumber> - <!-- Beispiel Firmenbuchnummer --> - <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> - </IdentificationNumber> - <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und - "Anmeldung mit Bürgerkarte" nur für diese Online Applikation<--> - <!--Templates> - <BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/> - <Template URL="sampleTemplates/SampleTemplate.html"/> - </Templates--> - <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> - <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> - <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> - <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> - <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> - <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> - </AuthComponent> - <!-- fuer MOA-ID-PROXY --> - <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> - <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> - <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> - <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> - <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> - <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> - </ConnectionParameter> - </ProxyComponent> - </OnlineApplication> - - <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> - <ChainingModes systemDefaultMode="pkix"> - </ChainingModes> - - <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird - fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation fuer MOA-WID: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication type="businessService" publicURLPrefix="https://localhost:8443/"> + <!-- fuer MOA-ID-AUTH WID Modus --> + <AuthComponent slVersion="1.2" provideStammzahl="true" provideAUTHBlock="true" provideIdentityLink="false" provideCertificate="true"> + <!-- Spezifikation der Stammzahl des Wirtschaftsunternehmens --> + <IdentificationNumber> + <!-- Beispiel Firmenbuchnummer --> + <pr:Firmenbuchnummer xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#">468924i</pr:Firmenbuchnummer> + </IdentificationNumber> + <!-->Lokale Templates zum Anpassen der Seiten "Auswahl der Bürgerkartenumgebung" und + "Anmeldung mit Bürgerkarte" sowie des Signaturformulars nach der Abarbeitung der Infobox-Validatoren + nur für diese Online Applikation<--> + <Templates> + <!--BKUSelectionTemplate URL="sampleTemplates/SampleBKUSelectionTemplate.html"/--> + <!--Template URL="sampleTemplates/SampleTemplate.html"/--> + <!--InputProcessorSignTemplate URL="sampleTemplates/SampleInputProcessorSignTemplate.html"/--> + </Templates> + <!-- Falls aktiviert, werden diese Transformationen anstatt der Default-Transformationen verwendet --> + <!-- TransformInfo in Textform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText.xml"/> --> + <!-- TransformInfo in Textform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlockText_deprecated.xml"/> --> + <!-- TransformInfo in Tabellenform, bevorzugte Variante im xhtml-Format --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock.xml"/> --> + <!-- TransformInfo in Tabellenform, alternative Variante fuer aeltere BKU --> + <!-- <TransformsInfo filename="transforms/TransformsInfoAuthBlock_deprecated.xml"/> --> + </AuthComponent> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"> + <!-- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.DefaultLoginParameterResolver" loginParameterResolverConfiguration="" connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.DefaultConnectionBuilder"> --> + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + <!-- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> --> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefung der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> - <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - <!-- Cache-Verzeichnis fuer-Zertifikate --> - <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> - <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="certs/certstore"/> - <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> - <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> - <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> - - <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> - <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> - <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> - <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> </MOA-IDConfiguration> diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt index 01f724cc4..04029dc80 100644 --- a/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt +++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/LIESMICH_TEMPLATES.txt @@ -2,7 +2,7 @@ TEMPLATES: ========== Zweck: ------ -Mithilfe von Templates kďż˝nnen Sie das Aussehen der Seiten +Mithilfe von Templates kďż˝nnen Sie beispielsweise das Aussehen der Seiten "Auswahl der Bďż˝rgerkartenumgebung" sowie "Anmeldung mit Bďż˝rgerkarte" anpassen. Damit kďż˝nnen Sie zusďż˝tzliche Hintergrundinformationen (Wozu dient die Anmeldung, etc.) zu diesen Seiten hinzufďż˝gen und das Layout an @@ -17,5 +17,10 @@ die Konfigurationsdatei steht erst ab Version 1.3.1 zur Verfďż˝gung). Etwas aufwendigere Templates (mit CSS) finden Sie als eigene Webapplikation im Verzeichnis "/auth/templates" der entpackten Distribution. +Die Datei ParepInputProcessorSignTemplate.html dient als Template fďż˝r die +Formulare der beruflichen Parteienvertretung, welche bereits die Styleguide fďż˝r +das ďż˝sterreichische E-Government erfďż˝llen sollen. + Nďż˝here Informationen zu den Templates finden Sie im MOA-ID-Konfigurationshandbuch. + diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html new file mode 100644 index 000000000..99bc057ad --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/ParepInputProcessorSignTemplate.html @@ -0,0 +1,61 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+<link href="css/styles.css" type="text/css" rel="stylesheet">
+<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
+<link href="css/mandates.css" type="text/css" rel="stylesheet">
+ <script language="javascript" type="text/javascript">
+ //<!--
+ function autoSubmit() {
+ document.VerifyAuthBlockForm.submitButton.disabled=true;
+ document.VerifyAuthBlockForm.submit();
+ } //-->
+ </script>
+<script src="formallg.js" type="text/javascript"></script>
+<script src="fa.js" type="text/javascript"></script>
+</head>
+<body onLoad="autoSubmit()">
+
+
+<div class="hleft">
+<!--Stammzahlenregisterbehörde--><br />
+<!--Ballhausplatz 2--><br />
+<!--1014 Wien-->
+</div>
+<div class="hright" align="right"><!--img src="img/szr-logo.jpg" width="400" height="56" /--></div>
+<div class="htitle" align="left">
+ <h1>Berufliche Parteienvertretung</h1>
+</div>
+<div class="leiste1" align="center">
+Bitte beachten Sie
+</div>
+<div class="leiste2" align="center">
+</div>
+<div class="leiste3">
+<img alt=" Dieses Feld muss ausgefĂĽllt sein!" src="img/stern.gif" width="10" height="16" /> Feld muss ausgefüllt sein
+</div>
+<div class="leiste3">
+<img alt=" Hilfe zum AusfĂĽllen " src="img/info.gif" width="10" height="16" /> Ausfüllhilfe
+</div>
+<div class="leiste3">
+<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" /> Fehlerhinweis</div>
+<div style="clear: both"> </div>
+
+<h2>Berufliche Parteienvertretung einer natürlichen/juristischen Person
+</h2>
+<div class="boundingbox">
+ <br/><br/>
+ <form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+ <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+ <input type="hidden" name="DataURL" value="<DataURL>"/>
+ <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+ <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+ </form>
+ <br/>
+</div>
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html new file mode 100644 index 000000000..9c8e67a20 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/sampleTemplates/SampleInputProcessorSignTemplate.html @@ -0,0 +1,39 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit Bürgerkarte</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+ <script language="javascript" type="text/javascript">
+ //<!--
+ function autoSubmit() {
+ document.VerifyAuthBlockForm.submitButton.disabled=true;
+ document.VerifyAuthBlockForm.submit();
+ } //-->
+ </script>
+</head>
+
+<body onLoad="autoSubmit()">
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit Bürgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt über die Module für Online Applikationen (MOA) unter Verwendung einer Bürgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Sie werden in kuürze zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+<form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+ <div align="center">
+ <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+ <input type="hidden" name="DataURL" value="<DataURL>"/>
+ <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+ <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+ </div>
+</form>
+
+<p align="right"> </p>
+
+</body>
+</html>
diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml index 915a6bf2f..2ee27aae1 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock.xml @@ -16,7 +16,7 @@ </style> </head> <body> -<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td class="boldstyle"> @@ -31,9 +31,22 @@ Geburtsdatum: </td> <td> - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="boldstyle"> + Rolle im Gesundheitsbereich: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td class="boldstyle"> Applikation: @@ -65,7 +78,9 @@ Datum: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> </td> </tr> <tr> @@ -73,9 +88,21 @@ Uhrzeit: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="boldstyle"> + HPI(**): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td class="boldstyle"> @@ -87,10 +114,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td class="boldstyle"> + Name: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td class="boldstyle"> + Geburtsdatum: + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td class="boldstyle"> + wbPK (*): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml index 5089140b4..ecc60a481 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText.xml @@ -16,20 +16,68 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle"> - <xsl:value-of select="//@Issuer"/> - </span>, -geboren am -<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> - <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <h4>Datum und Uhrzeit: + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/>, + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml index 07d926d14..894e82ff8 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlockText_deprecated.xml @@ -12,12 +12,17 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>, - geboren am - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, - den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <b><xsl:value-of select="//@Issuer"/></b>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. @@ -27,14 +32,48 @@ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische - Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens - berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml index 05f91750c..348546f8d 100644 --- a/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml +++ b/id/server/data/deploy/conf/moa-id/transforms/TransformsInfoAuthBlock_deprecated.xml @@ -10,7 +10,7 @@ <title>Signatur der Anmeldedaten</title> </head> <body> - <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td> @@ -30,6 +30,17 @@ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td> + <b>Rolle im Gesundheitsbereich:<b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td> <b>Applikation:</b> @@ -76,6 +87,16 @@ <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td> + <b>HPI(**):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td> @@ -87,12 +108,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td> + <b>Geburtsdatum:</b> + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td> + <b>wbPK (*):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen - Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige - Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml index 6ed91ddc3..b84093ed1 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock.xml @@ -17,7 +17,7 @@ </style> </head> <body> -<p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td class="boldstyle"> @@ -32,9 +32,22 @@ Geburtsdatum: </td> <td> - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="boldstyle"> + Rolle im Gesundheitsbereich: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td class="boldstyle"> Applikation: @@ -66,7 +79,9 @@ Datum: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> </td> </tr> <tr> @@ -74,9 +89,21 @@ Uhrzeit: </td> <td> - <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="boldstyle"> + HPI(**): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td class="boldstyle"> @@ -88,10 +115,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td class="boldstyle"> + Name: + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td class="boldstyle"> + Geburtsdatum: + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td class="boldstyle"> + wbPK (*): + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + <div class="annotationstyle">(*): Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**): Der <span class="italicstyle">eHealth Professional Identifier (HPI)</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***): <span class="italicstyle">Object Identifier (OID)</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml index b116152c8..cd207e04c 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText.xml @@ -17,20 +17,68 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <span class="boldstyle"> - <xsl:value-of select="//@Issuer"/> - </span>, -geboren am -<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>.<xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <span class="boldstyle"><xsl:value-of select="//@Issuer"/></span>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> - <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>.<xsl:value-of select="substring(//@IssueInstant,6,2)"/>.<xsl:value-of select="substring(//@IssueInstant,1,4)"/>, <xsl:value-of select="substring(//@IssueInstant,12,2)"/>:<xsl:value-of select="substring(//@IssueInstant,15,2)"/>:<xsl:value-of select="substring(//@IssueInstant,18,2)"/> + <h4>Datum und Uhrzeit: + <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,6,2)"/>. + <xsl:value-of select="substring(//@IssueInstant,1,4)"/>, + <xsl:value-of select="substring(//@IssueInstant,12,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <div class="annotationstyle">(*) wbPK: Das <span class="italicstyle">wirtschaftsbereichsspezifische Personenkennzeichen</span> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <div class="annotationstyle">(**) HPI: Der <span class="italicstyle">eHealth Professional Identifier</span> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</div> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <div class="annotationstyle">(***) OID: <span class="italicstyle">Object Identifier</span> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</div> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml index 10854242e..31e00ec9f 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlockText_deprecated.xml @@ -13,12 +13,17 @@ <body> <h1>Signatur der Anmeldedaten</h1> <p/> - <h4>Mit meiner elektronischen Signatur beantrage ich, <b><xsl:value-of select="//@Issuer"/></b>, - geboren am - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. - <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, - den Zugang zur gesicherten Anwendung.</h4> + <h4>Mit meiner elektronischen Signatur beantrage ich, + <b><xsl:value-of select="//@Issuer"/></b>, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>, + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + in der Rolle als <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </xsl:if> + den Zugang zur gesicherten Anwendung. + </h4> <p/> <h4>Datum und Uhrzeit: <xsl:value-of select="substring(//@IssueInstant,9,2)"/>. @@ -28,14 +33,48 @@ <xsl:value-of select="substring(//@IssueInstant,15,2)"/>: <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </h4> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h4>HPI(**): <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></h4> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <h4>wbPK(*): <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></h4> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <hr/> + <h4>Ich bin weiters ermächtigt als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> + von <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']">, geboren am + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']">, + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </xsl:if>, in dessen Auftrag zu handeln. + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <h4>wbPK(*) des Vollmachtgebers: <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/></h4> + </xsl:if> </h4> <p/> - <hr/> - <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische - Personenkennzeichen</i> wird aus den jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens - berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> + <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> + <h6>(*) wbPK: Das <i>wirtschaftsbereichsspezifische Personenkennzeichen</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**) HPI: Der <i>eHealth Professional Identifier</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***) OID: <i>Object Identifier</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml index 0c079da71..bcf0cd7ce 100644 --- a/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml +++ b/id/server/data/deploy/conf/moa-spss/profiles/MOAIDTransformAuthBlock_deprecated.xml @@ -11,7 +11,7 @@ <title>Signatur der Anmeldedaten</title> </head> <body> - <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> + <p>Bitte bestätigen Sie mit Ihrer Unterschrift folgende Angaben:</p> <table> <tr> <td> @@ -31,6 +31,17 @@ <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td> + <b>Rolle im Gesundheitsbereich:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + (OID***= <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>), + </td> + </tr> + </xsl:if> <tr> <td> <b>Applikation:</b> @@ -77,6 +88,16 @@ <xsl:value-of select="substring(//@IssueInstant,18,2)"/> </td> </tr> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td> + <b>HPI(**):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> <tr> <td> @@ -88,12 +109,67 @@ </tr> </xsl:if> </table> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberName']"> + <p>Sie bestätigen weiters, dass sie als <xsl:value-of select="//saml:Attribute[@AttributeName='VertretungsArt']/saml:AttributeValue/text()"/> ermächtigt sind im Auftrag von</p> + <table> + <tr> + <td> + <b>Name:</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberName']/saml:AttributeValue/text()"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']"> + <tr> + <td> + <b>Geburtsdatum:</b> + </td> + <td> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,9,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,6,2)"/>. + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='MachtgeberGeburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']"> + <tr> + <td colspan="2"> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberRegisternummer']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='MachtgeberWbpk']"> + <tr> + <td> + <b>wbPK (*):</b> + </td> + <td> + <xsl:value-of select="//saml:Attribute[@AttributeName='MachtgeberWbpk']/saml:AttributeValue/text()"/> + </td> + </tr> + </xsl:if> + </table> + <p>zu handeln.</p> + </xsl:if> + <xsl:choose> + <xsl:when test="//saml:Attribute[@AttributeName='OID']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='HPI']"><p/><hr/></xsl:when> + <xsl:when test="//saml:Attribute[@AttributeName='wbPK']"><p/><hr/></xsl:when> + </xsl:choose> <xsl:if test="//saml:Attribute[@AttributeName='wbPK']"> - <p/> - <hr/> - <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den jeweiligen - Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige - Zuordnung des Bürgers zum Wirtschaftsunternehmen.</h6> + <h6>(*): Das <i>wirtschaftsbereichsspezifische Personenkennzeichen (wbPK)</i> wird aus den + jeweiligen Stammzahlen des Bürgers und des Wirtschaftsunternehmens berechnet und ermöglicht eine eindeutige Zuordnung des Bürgers zum + Wirtschaftsunternehmen.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <h6>(**): Der <i>eHealth Professional Identifier (HPI)</i> wird aus den jeweiligen + Stammzahlen der Gesundheitsdiensteanbieterinnen / Gesundheitsdiensteanbieter berechnet und ermöglicht eine eindeutige Zuordnung der + Gesundheitsdiensteanbieterin / des Gesundheitsdiensteanbieters im Gesundheitsbereich.</h6> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OID']"> + <h6>(***): <i>Object Identifier (OID)</i> sind standardisierte Objekt-Bezeichner und + beschreiben eindeutig die Rollen des GDA-Token Inhabers.</h6> </xsl:if> </body> </html> diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer diff --git a/id/server/data/deploy/tomcat/server.mod_jk.xml b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml index b32cf7844..30770b5bf 100644 --- a/id/server/data/deploy/tomcat/server.mod_jk.xml +++ b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.mod_jk.xml @@ -1,162 +1,162 @@ -<!-- Alternate Example-less Configuration File --> -<!-- Note that component elements are nested corresponding to their - parent-child relationships with each other --> -<!-- A "Server" is a singleton element that represents the entire JVM, - which may contain one or more "Service" instances. The Server - listens for a shutdown command on the indicated port. - - Note: A "Server" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> -<Server port="8005" shutdown="SHUTDOWN" debug="0"> - <!-- Uncomment this entry to enable JMX MBeans support --> - <!-- - <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" - debug="0" port="-1" login="admin" password="admin"/> ---> - <!-- A "Service" is a collection of one or more "Connectors" that share - a single "Container" (and therefore the web applications visible - within that Container). Normally, that Container is an "Engine", - but this is not required. - - Note: A "Service" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> - <!-- Define the Tomcat Stand-Alone Service --> - <Service name="Tomcat-Standalone"> - <!-- A "Connector" represents an endpoint by which requests are received - and responses are returned. Each Connector passes requests on to the - associated "Container" (normally an Engine) for processing. - - By default, a non-SSL HTTP/1.1 Connector is established on port 8080. - You can also enable an SSL HTTP/1.1 Connector on port 8443 by - following the instructions below and uncommenting the second Connector - entry. SSL support requires the following steps (see the SSL Config - HOWTO in the Tomcat 4.0 documentation bundle for more detailed - instructions): - * Download and install JSSE 1.0.2 or later, and put the JAR files - into "$JAVA_HOME/jre/lib/ext". - * Execute: - %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) - $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) - with a password value of "changeit" for both the certificate and - the keystore itself. - - By default, DNS lookups are enabled when a web application calls - request.getRemoteHost(). This can have an adverse impact on - performance, so you can disable it by setting the - "enableLookups" attribute to "false". When DNS lookups are disabled, - request.getRemoteHost() will return the String version of the - IP address of the remote client. - --> - <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 --> - <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" - port="8009" minProcessors="5" maxProcessors="75" - enableLookups="true" redirectPort="8443" acceptCount="10" debug="0" - connectionTimeout="0" useURIValidationHack="false" - protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/> - <!-- An Engine represents the entry point (within Catalina) that processes - every request. The Engine implementation for Tomcat stand alone - analyzes the HTTP headers included with the request, and passes them - on to the appropriate Host (virtual host). --> - <!-- Define the top level container in our container hierarchy --> - <Engine name="Standalone" defaultHost="localhost" debug="0"> - <!-- The request dumper valve dumps useful debugging information about - the request headers and cookies that were received, and the response - headers and cookies that were sent, for all requests received by - this instance of Tomcat. If you care only about requests to a - particular virtual host, or a particular application, nest this - element inside the corresponding <Host> or <Context> entry instead. - - For a similar mechanism that is portable to all Servlet 2.3 - containers, check out the "RequestDumperFilter" Filter in the - example application (the source for this filter may be found in - "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). - - Request dumping is disabled by default. Uncomment the following - element to enable it. --> - <!-- - <Valve className="org.apache.catalina.valves.RequestDumperValve"/> - --> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="catalina_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm" /> - <!-- Replace the above Realm with one of the following to get a Realm - stored in a database and accessed via JDBC --> - <!-- Define the default virtual host --> - <Host name="localhost" debug="0" appBase="webapps" - unpackWARs="true" autoDeploy="true"> - <!-- Normally, users must authenticate themselves to each web app - individually. Uncomment the following entry if you would like - a user to be authenticated the first time they encounter a - resource protected by a security constraint, and then have that - user identity maintained across *all* web applications contained - in this virtual host. --> - <!-- - <Valve className="org.apache.catalina.authenticator.SingleSignOn" - debug="0"/> - --> - <!-- Access log processes all requests for this virtual host. By - default, log files are created in the "logs" directory relative to - $CATALINA_HOME. If you wish, you can specify a different - directory with the "directory" attribute. Specify either a relative - (to $CATALINA_HOME) or absolute path to the desired directory. - --> - <Valve className="org.apache.catalina.valves.AccessLogValve" - directory="logs" prefix="localhost_access_log." - suffix=".txt" pattern="common"/> - <!-- Logger shared by all Contexts related to this virtual host. By - default (when using FileLogger), log files are created in the "logs" - directory relative to $CATALINA_HOME. If you wish, you can specify - a different directory with the "directory" attribute. Specify either a - relative (to $CATALINA_HOME) or absolute path to the desired - directory.--> - <Logger className="org.apache.catalina.logger.FileLogger" - directory="logs" prefix="localhost_log." suffix=".txt" - timestamp="true"/> - <!-- Define properties for each web application. This is only needed - if you want to set non-default properties, or have web application - document roots in places other than the virtual host's appBase - directory. --> - <!-- Tomcat Root Context --> - <!-- - <Context path="" docBase="ROOT" debug="0"/> - --> - </Host> - </Engine> - </Service> - <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 - as its servlet container. Please read the README.txt file coming with - the WebApp Module distribution on how to build it. - (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) - - To configure the Apache side, you must ensure that you have the - "ServerName" and "Port" directives defined in "httpd.conf". Then, - lines like these to the bottom of your "httpd.conf" file: - - LoadModule webapp_module libexec/mod_webapp.so - WebAppConnection warpConnection warp localhost:8008 - WebAppDeploy examples warpConnection /examples/ - - The next time you restart Apache (after restarting Tomcat, if needed) - the connection will be established, and all applications you make - visible via "WebAppDeploy" directives can be accessed through Apache. - --> - <!-- Define an Apache-Connector Service --> - <Service name="Tomcat-Apache"> - <Connector className="org.apache.catalina.connector.warp.WarpConnector" - port="8008" minProcessors="5" maxProcessors="75" - enableLookups="true" acceptCount="10" debug="0"/> - <!-- Replace "localhost" with what your Apache "ServerName" is set to --> - <Engine className="org.apache.catalina.connector.warp.WarpEngine" - name="Apache" debug="0" appBase="webapps"> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="apache_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm" /> - </Engine> - </Service> +<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8009" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443" acceptCount="10" debug="0"
+ connectionTimeout="0" useURIValidationHack="false"
+ protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler"/>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log."
+ suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="ROOT" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ </Engine>
+ </Service>
</Server>
\ No newline at end of file diff --git a/id/server/data/deploy/tomcat/server.xml b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml index 2fd7b6439..b259d2dec 100644 --- a/id/server/data/deploy/tomcat/server.xml +++ b/id/server/data/deploy/tomcat/tomcat-4.1.x/server.xml @@ -1,171 +1,171 @@ -<!-- Alternate Example-less Configuration File --> -<!-- Note that component elements are nested corresponding to their - parent-child relationships with each other --> -<!-- A "Server" is a singleton element that represents the entire JVM, - which may contain one or more "Service" instances. The Server - listens for a shutdown command on the indicated port. - - Note: A "Server" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> -<Server port="8005" shutdown="SHUTDOWN" debug="0"> - <!-- Uncomment this entry to enable JMX MBeans support --> - <!-- - <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" - debug="0" port="-1" login="admin" password="admin"/> ---> - <!-- A "Service" is a collection of one or more "Connectors" that share - a single "Container" (and therefore the web applications visible - within that Container). Normally, that Container is an "Engine", - but this is not required. - - Note: A "Service" is not itself a "Container", so you may not - define subcomponents such as "Valves" or "Loggers" at this level. - --> - <!-- Define the Tomcat Stand-Alone Service --> - <Service name="Tomcat-Standalone"> - <!-- A "Connector" represents an endpoint by which requests are received - and responses are returned. Each Connector passes requests on to the - associated "Container" (normally an Engine) for processing. - - By default, a non-SSL HTTP/1.1 Connector is established on port 8080. - You can also enable an SSL HTTP/1.1 Connector on port 8443 by - following the instructions below and uncommenting the second Connector - entry. SSL support requires the following steps (see the SSL Config - HOWTO in the Tomcat 4.0 documentation bundle for more detailed - instructions): - * Download and install JSSE 1.0.2 or later, and put the JAR files - into "$JAVA_HOME/jre/lib/ext". - * Execute: - %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows) - $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix) - with a password value of "changeit" for both the certificate and - the keystore itself. - - By default, DNS lookups are enabled when a web application calls - request.getRemoteHost(). This can have an adverse impact on - performance, so you can disable it by setting the - "enableLookups" attribute to "false". When DNS lookups are disabled, - request.getRemoteHost() will return the String version of the - IP address of the remote client. - --> - <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> - <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" - port="8080" minProcessors="5" maxProcessors="75" - enableLookups="true" redirectPort="8443" acceptCount="100" - debug="0" connectionTimeout="20000" useURIValidationHack="false" - disableUploadTimeout="true"/> - <!-- Note : To disable connection timeouts, set connectionTimeout value to -1 --> - <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> - <Connector className="org.apache.coyote.tomcat4.CoyoteConnector" - port="8443" minProcessors="5" maxProcessors="75" - enableLookups="uri" acceptCount="100" debug="0" scheme="https" - secure="true" useURIValidationHack="false" - disableUploadTimeout="true"> - <Factory - className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" - clientAuth="false" protocol="TLS"/> - </Connector> - <!-- An Engine represents the entry point (within Catalina) that processes - every request. The Engine implementation for Tomcat stand alone - analyzes the HTTP headers included with the request, and passes them - on to the appropriate Host (virtual host). --> - <!-- Define the top level container in our container hierarchy --> - <Engine name="Standalone" defaultHost="localhost" debug="0"> - <!-- The request dumper valve dumps useful debugging information about - the request headers and cookies that were received, and the response - headers and cookies that were sent, for all requests received by - this instance of Tomcat. If you care only about requests to a - particular virtual host, or a particular application, nest this - element inside the corresponding <Host> or <Context> entry instead. - - For a similar mechanism that is portable to all Servlet 2.3 - containers, check out the "RequestDumperFilter" Filter in the - example application (the source for this filter may be found in - "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters"). - - Request dumping is disabled by default. Uncomment the following - element to enable it. --> - <!-- - <Valve className="org.apache.catalina.valves.RequestDumperValve"/> - --> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="catalina_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm"/> - <!-- Define the default virtual host --> - <Host name="localhost" debug="0" appBase="webapps" - unpackWARs="true" autoDeploy="true"> - <!-- Normally, users must authenticate themselves to each web app - individually. Uncomment the following entry if you would like - a user to be authenticated the first time they encounter a - resource protected by a security constraint, and then have that - user identity maintained across *all* web applications contained - in this virtual host. --> - <!-- - <Valve className="org.apache.catalina.authenticator.SingleSignOn" - debug="0"/> - --> - <!-- Access log processes all requests for this virtual host. By - default, log files are created in the "logs" directory relative to - $CATALINA_HOME. If you wish, you can specify a different - directory with the "directory" attribute. Specify either a relative - (to $CATALINA_HOME) or absolute path to the desired directory. - --> - <Valve className="org.apache.catalina.valves.AccessLogValve" - directory="logs" prefix="localhost_access_log." - suffix=".txt" pattern="common"/> - <!-- Logger shared by all Contexts related to this virtual host. By - default (when using FileLogger), log files are created in the "logs" - directory relative to $CATALINA_HOME. If you wish, you can specify - a different directory with the "directory" attribute. Specify either a - relative (to $CATALINA_HOME) or absolute path to the desired - directory.--> - <Logger className="org.apache.catalina.logger.FileLogger" - directory="logs" prefix="localhost_log." suffix=".txt" - timestamp="true"/> - <!-- Define properties for each web application. This is only needed - if you want to set non-default properties, or have web application - document roots in places other than the virtual host's appBase - directory. --> - <!-- Tomcat Root Context --> - <!-- - <Context path="" docBase="../moa-id-proxy.war" debug="0"/> - --> - </Host> - </Engine> - </Service> - <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0 - as its servlet container. Please read the README.txt file coming with - the WebApp Module distribution on how to build it. - (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository) - - To configure the Apache side, you must ensure that you have the - "ServerName" and "Port" directives defined in "httpd.conf". Then, - lines like these to the bottom of your "httpd.conf" file: - - LoadModule webapp_module libexec/mod_webapp.so - WebAppConnection warpConnection warp localhost:8008 - WebAppDeploy examples warpConnection /examples/ - - The next time you restart Apache (after restarting Tomcat, if needed) - the connection will be established, and all applications you make - visible via "WebAppDeploy" directives can be accessed through Apache. - --> - <!-- Define an Apache-Connector Service --> - <Service name="Tomcat-Apache"> - <Connector className="org.apache.catalina.connector.warp.WarpConnector" - port="8008" minProcessors="5" maxProcessors="75" - enableLookups="true" acceptCount="10" debug="0"/> - <!-- Replace "localhost" with what your Apache "ServerName" is set to --> - <Engine className="org.apache.catalina.connector.warp.WarpEngine" - name="Apache" debug="0" appBase="webapps"> - <!-- Global logger unless overridden at lower levels --> - <Logger className="org.apache.catalina.logger.FileLogger" - prefix="apache_log." suffix=".txt" timestamp="true"/> - <!-- Because this Realm is here, an instance will be shared globally --> - <Realm className="org.apache.catalina.realm.MemoryRealm"/> - </Engine> - </Service> +<!-- Alternate Example-less Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+ <!-- Uncomment this entry to enable JMX MBeans support -->
+ <!--
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0" port="-1" login="admin" password="admin"/>
+-->
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Tomcat-Standalone">
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 4.0 documentation bundle for more detailed
+ instructions):
+ * Download and install JSSE 1.0.2 or later, and put the JAR files
+ into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8080" minProcessors="5" maxProcessors="75"
+ enableLookups="true" redirectPort="8443" acceptCount="100"
+ debug="0" connectionTimeout="20000" useURIValidationHack="false"
+ disableUploadTimeout="true"/>
+ <!-- Note : To disable connection timeouts, set connectionTimeout value to -1 -->
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector className="org.apache.coyote.tomcat4.CoyoteConnector"
+ port="8443" minProcessors="5" maxProcessors="75"
+ enableLookups="uri" acceptCount="100" debug="0" scheme="https"
+ secure="true" useURIValidationHack="false"
+ disableUploadTimeout="true">
+ <Factory
+ className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory"
+ clientAuth="false" protocol="TLS"/>
+ </Connector>
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Standalone" defaultHost="localhost" debug="0">
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.3
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ <!-- Define the default virtual host -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true">
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log."
+ suffix=".txt" pattern="common"/>
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+ <!-- Define properties for each web application. This is only needed
+ if you want to set non-default properties, or have web application
+ document roots in places other than the virtual host's appBase
+ directory. -->
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
+ -->
+ </Host>
+ </Engine>
+ </Service>
+ <!-- The MOD_WEBAPP connector is used to connect Apache 1.3 with Tomcat 4.0
+ as its servlet container. Please read the README.txt file coming with
+ the WebApp Module distribution on how to build it.
+ (Or check out the "jakarta-tomcat-connectors/webapp" CVS repository)
+
+ To configure the Apache side, you must ensure that you have the
+ "ServerName" and "Port" directives defined in "httpd.conf". Then,
+ lines like these to the bottom of your "httpd.conf" file:
+
+ LoadModule webapp_module libexec/mod_webapp.so
+ WebAppConnection warpConnection warp localhost:8008
+ WebAppDeploy examples warpConnection /examples/
+
+ The next time you restart Apache (after restarting Tomcat, if needed)
+ the connection will be established, and all applications you make
+ visible via "WebAppDeploy" directives can be accessed through Apache.
+ -->
+ <!-- Define an Apache-Connector Service -->
+ <Service name="Tomcat-Apache">
+ <Connector className="org.apache.catalina.connector.warp.WarpConnector"
+ port="8008" minProcessors="5" maxProcessors="75"
+ enableLookups="true" acceptCount="10" debug="0"/>
+ <!-- Replace "localhost" with what your Apache "ServerName" is set to -->
+ <Engine className="org.apache.catalina.connector.warp.WarpEngine"
+ name="Apache" debug="0" appBase="webapps">
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="apache_log." suffix=".txt" timestamp="true"/>
+ <!-- Because this Realm is here, an instance will be shared globally -->
+ <Realm className="org.apache.catalina.realm.MemoryRealm"/>
+ </Engine>
+ </Service>
</Server>
\ No newline at end of file diff --git a/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml new file mode 100644 index 000000000..bbc375984 --- /dev/null +++ b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.mod_jk.xml @@ -0,0 +1,386 @@ +<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Comment these entries out to disable JMX MBeans support -->
+ <!-- You may also configure custom components (e.g. Valves/Realms) by
+ including your own mbean-descriptor file(s), and setting the
+ "descriptors" attribute to point to a ';' seperated list of paths
+ (in the ClassLoader sense) of files to add to the default list.
+ e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+ -->
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0"/>
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+ debug="0"/>
+
+ <!-- Global JNDI resources -->
+ <GlobalNamingResources>
+
+ <!-- Test entry for demonstration purposes -->
+ <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved">
+ </Resource>
+ <ResourceParams name="UserDatabase">
+ <parameter>
+ <name>factory</name>
+ <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+ </parameter>
+ <parameter>
+ <name>pathname</name>
+ <value>conf/tomcat-users.xml</value>
+ </parameter>
+ </ResourceParams>
+
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Catalina">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 5 documentation bundle for more detailed
+ instructions):
+ * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+ later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" redirectPort="8443" acceptCount="100"
+ debug="0" connectionTimeout="20000"
+ disableUploadTimeout="true" />
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to 0 -->
+
+ <!-- Note : To use gzip compression you could set the following properties :
+
+ compression="on"
+ compressionMinSize="2048"
+ noCompressionUserAgents="gozilla, traviata"
+ compressableMimeType="text/html,text/xml"
+ -->
+
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector port="8443"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" disableUploadTimeout="true"
+ acceptCount="100" debug="0" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <Connector port="8009"
+ enableLookups="false" redirectPort="8443" debug="0"
+ protocol="AJP/1.3" />
+
+ <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+ <!-- See proxy documentation for more information about using this. -->
+ <!--
+ <Connector port="8082"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ proxyPort="80" disableUploadTimeout="true" />
+ -->
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+ <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
+ -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.4
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ debug="0" resourceName="UserDatabase"/>
+
+ <!-- Comment out the old realm but leave here for now in case we
+ need to go back quickly -->
+ <!--
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ -->
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="org.gjt.mm.mysql.Driver"
+ connectionURL="jdbc:mysql://localhost/authority"
+ connectionName="test" connectionPassword="test"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="oracle.jdbc.driver.OracleDriver"
+ connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+ connectionName="scott" connectionPassword="tiger"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+ connectionURL="jdbc:odbc:CATALINA"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!-- Define the default virtual host
+ Note: XML Schema validation will not work with Xerces 2.2.
+ -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true"
+ xmlValidation="false" xmlNamespaceAware="false">
+
+ <!-- Defines a cluster for this node,
+ By defining this element, means that every manager will be changed.
+ So when running a cluster, only make sure that you have webapps in there
+ that need to be clustered and remove the other ones.
+ A cluster has the following parameters:
+
+ className = the fully qualified name of the cluster class
+
+ name = a descriptive name for your cluster, can be anything
+
+ debug = the debug level, higher means more output
+
+ mcastAddr = the multicast address, has to be the same for all the nodes
+
+ mcastPort = the multicast port, has to be the same for all the nodes
+
+ mcastBindAddr = bind the multicast socket to a specific address
+
+ mcastTTL = the multicast TTL if you want to limit your broadcast
+
+ mcastSoTimeout = the multicast readtimeout
+
+ mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+
+ mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
+
+ tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
+
+ tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
+ in case of multiple ethernet cards.
+ auto means that address becomes
+ InetAddress.getLocalHost().getHostAddress()
+
+ tcpListenPort = the tcp listen port
+
+ tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
+ has a wakup bug in java.nio. Set to 0 for no timeout
+
+ printToScreen = true means that managers will also print to std.out
+
+ expireSessionsOnShutdown = true means that
+
+ useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
+ false means to replicate the session after each request.
+ false means that replication would work for the following piece of code:
+ <%
+ HashMap map = (HashMap)session.getAttribute("map");
+ map.put("key","value");
+ %>
+ replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
+ * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
+ * Synchronous means that the thread that executes the request, is also the
+ thread the replicates the data to the other nodes, and will not return until all
+ nodes have received the information.
+ * Asynchronous means that there is a specific 'sender' thread for each cluster node,
+ so the request thread will queue the replication request into a "smart" queue,
+ and then return to the client.
+ The "smart" queue is a queue where when a session is added to the queue, and the same session
+ already exists in the queue from a previous request, that session will be replaced
+ in the queue instead of replicating two requests. This almost never happens, unless there is a
+ large network delay.
+ -->
+ <!--
+ When configuring for clustering, you also add in a valve to catch all the requests
+ coming in, at the end of the request, the session may or may not be replicated.
+ A session is replicated if and only if all the conditions are met:
+ 1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
+ 2. a session exists (has been created)
+ 3. the request is not trapped by the "filter" attribute
+
+ The filter attribute is to filter out requests that could not modify the session,
+ hence we don't replicate the session after the end of this request.
+ The filter is negative, ie, anything you put in the filter, you mean to filter out,
+ ie, no replication will be done on requests that match one of the filters.
+ The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
+
+ filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
+ ending with .gif and .js are intercepted.
+
+ The deployer element can be used to deploy apps cluster wide.
+ Currently the deployment only deploys/undeploys to working members in the cluster
+ so no WARs are copied upons startup of a broken node.
+ The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
+ When a new war file is added the war gets deployed to the local instance,
+ and then deployed to the other instances in the cluster.
+ When a war file is deleted from the watchDir the war is undeployed locally
+ and cluster wide
+ -->
+
+ <!--
+ <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
+ managerClassName="org.apache.catalina.cluster.session.DeltaManager"
+ expireSessionsOnShutdown="false"
+ useDirtyFlag="true">
+
+ <Membership
+ className="org.apache.catalina.cluster.mcast.McastService"
+ mcastAddr="228.0.0.4"
+ mcastPort="45564"
+ mcastFrequency="500"
+ mcastDropTime="3000"/>
+
+ <Receiver
+ className="org.apache.catalina.cluster.tcp.ReplicationListener"
+ tcpListenAddress="auto"
+ tcpListenPort="4001"
+ tcpSelectorTimeout="100"
+ tcpThreadCount="6"/>
+
+ <Sender
+ className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
+ replicationMode="pooled"/>
+
+ <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
+ filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
+
+ <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
+ tempDir="/tmp/war-temp/"
+ deployDir="/tmp/war-deploy/"
+ watchDir="/tmp/war-listen/"
+ watchEnabled="false"/>
+ </Cluster>
+ -->
+
+
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common" resolveHosts="false"/>
+ -->
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../webappsProxy" debug="0"/>
+ -->
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+</Server>
diff --git a/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml new file mode 100644 index 000000000..9b86b38ca --- /dev/null +++ b/id/server/data/deploy/tomcat/tomcat-5.0.x/server.xml @@ -0,0 +1,388 @@ +<!-- Example Server Configuration File -->
+<!-- Note that component elements are nested corresponding to their
+ parent-child relationships with each other -->
+
+<!-- A "Server" is a singleton element that represents the entire JVM,
+ which may contain one or more "Service" instances. The Server
+ listens for a shutdown command on the indicated port.
+
+ Note: A "Server" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+<Server port="8005" shutdown="SHUTDOWN" debug="0">
+
+
+ <!-- Comment these entries out to disable JMX MBeans support -->
+ <!-- You may also configure custom components (e.g. Valves/Realms) by
+ including your own mbean-descriptor file(s), and setting the
+ "descriptors" attribute to point to a ';' seperated list of paths
+ (in the ClassLoader sense) of files to add to the default list.
+ e.g. descriptors="/com/myfirm/mypackage/mbean-descriptor.xml"
+ -->
+ <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener"
+ debug="0"/>
+ <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"
+ debug="0"/>
+
+ <!-- Global JNDI resources -->
+ <GlobalNamingResources>
+
+ <!-- Test entry for demonstration purposes -->
+ <Environment name="simpleValue" type="java.lang.Integer" value="30"/>
+
+ <!-- Editable user database that can also be used by
+ UserDatabaseRealm to authenticate users -->
+ <Resource name="UserDatabase" auth="Container"
+ type="org.apache.catalina.UserDatabase"
+ description="User database that can be updated and saved">
+ </Resource>
+ <ResourceParams name="UserDatabase">
+ <parameter>
+ <name>factory</name>
+ <value>org.apache.catalina.users.MemoryUserDatabaseFactory</value>
+ </parameter>
+ <parameter>
+ <name>pathname</name>
+ <value>conf/tomcat-users.xml</value>
+ </parameter>
+ </ResourceParams>
+
+ </GlobalNamingResources>
+
+ <!-- A "Service" is a collection of one or more "Connectors" that share
+ a single "Container" (and therefore the web applications visible
+ within that Container). Normally, that Container is an "Engine",
+ but this is not required.
+
+ Note: A "Service" is not itself a "Container", so you may not
+ define subcomponents such as "Valves" or "Loggers" at this level.
+ -->
+
+ <!-- Define the Tomcat Stand-Alone Service -->
+ <Service name="Catalina">
+
+ <!-- A "Connector" represents an endpoint by which requests are received
+ and responses are returned. Each Connector passes requests on to the
+ associated "Container" (normally an Engine) for processing.
+
+ By default, a non-SSL HTTP/1.1 Connector is established on port 8080.
+ You can also enable an SSL HTTP/1.1 Connector on port 8443 by
+ following the instructions below and uncommenting the second Connector
+ entry. SSL support requires the following steps (see the SSL Config
+ HOWTO in the Tomcat 5 documentation bundle for more detailed
+ instructions):
+ * If your JDK version 1.3 or prior, download and install JSSE 1.0.2 or
+ later, and put the JAR files into "$JAVA_HOME/jre/lib/ext".
+ * Execute:
+ %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA (Windows)
+ $JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA (Unix)
+ with a password value of "changeit" for both the certificate and
+ the keystore itself.
+
+ By default, DNS lookups are enabled when a web application calls
+ request.getRemoteHost(). This can have an adverse impact on
+ performance, so you can disable it by setting the
+ "enableLookups" attribute to "false". When DNS lookups are disabled,
+ request.getRemoteHost() will return the String version of the
+ IP address of the remote client.
+ -->
+
+ <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 -->
+ <Connector port="8080"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" redirectPort="8443" acceptCount="100"
+ debug="0" connectionTimeout="20000"
+ disableUploadTimeout="true" />
+ <!-- Note : To disable connection timeouts, set connectionTimeout value
+ to 0 -->
+
+ <!-- Note : To use gzip compression you could set the following properties :
+
+ compression="on"
+ compressionMinSize="2048"
+ noCompressionUserAgents="gozilla, traviata"
+ compressableMimeType="text/html,text/xml"
+ -->
+
+ <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -->
+ <Connector port="8443"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false" disableUploadTimeout="true"
+ acceptCount="100" debug="0" scheme="https" secure="true"
+ clientAuth="false" sslProtocol="TLS" />
+
+ <!-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -->
+ <!--
+ <Connector port="8009"
+ enableLookups="false" redirectPort="8443" debug="0"
+ protocol="AJP/1.3" />
+ -->
+
+ <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
+ <!-- See proxy documentation for more information about using this. -->
+ <!--
+ <Connector port="8082"
+ maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
+ enableLookups="false"
+ acceptCount="100" debug="0" connectionTimeout="20000"
+ proxyPort="80" disableUploadTimeout="true" />
+ -->
+
+ <!-- An Engine represents the entry point (within Catalina) that processes
+ every request. The Engine implementation for Tomcat stand alone
+ analyzes the HTTP headers included with the request, and passes them
+ on to the appropriate Host (virtual host). -->
+
+ <!-- You should set jvmRoute to support load-balancing via JK/JK2 ie :
+ <Engine name="Standalone" defaultHost="localhost" debug="0" jvmRoute="jvm1">
+ -->
+
+ <!-- Define the top level container in our container hierarchy -->
+ <Engine name="Catalina" defaultHost="localhost" debug="0">
+
+ <!-- The request dumper valve dumps useful debugging information about
+ the request headers and cookies that were received, and the response
+ headers and cookies that were sent, for all requests received by
+ this instance of Tomcat. If you care only about requests to a
+ particular virtual host, or a particular application, nest this
+ element inside the corresponding <Host> or <Context> entry instead.
+
+ For a similar mechanism that is portable to all Servlet 2.4
+ containers, check out the "RequestDumperFilter" Filter in the
+ example application (the source for this filter may be found in
+ "$CATALINA_HOME/webapps/examples/WEB-INF/classes/filters").
+
+ Request dumping is disabled by default. Uncomment the following
+ element to enable it. -->
+ <!--
+ <Valve className="org.apache.catalina.valves.RequestDumperValve"/>
+ -->
+
+ <!-- Global logger unless overridden at lower levels -->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ prefix="catalina_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Because this Realm is here, an instance will be shared globally -->
+
+ <!-- This Realm uses the UserDatabase configured in the global JNDI
+ resources under the key "UserDatabase". Any edits
+ that are performed against this UserDatabase are immediately
+ available for use by the Realm. -->
+ <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+ debug="0" resourceName="UserDatabase"/>
+
+ <!-- Comment out the old realm but leave here for now in case we
+ need to go back quickly -->
+ <!--
+ <Realm className="org.apache.catalina.realm.MemoryRealm" />
+ -->
+
+ <!-- Replace the above Realm with one of the following to get a Realm
+ stored in a database and accessed via JDBC -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="org.gjt.mm.mysql.Driver"
+ connectionURL="jdbc:mysql://localhost/authority"
+ connectionName="test" connectionPassword="test"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="oracle.jdbc.driver.OracleDriver"
+ connectionURL="jdbc:oracle:thin:@ntserver:1521:ORCL"
+ connectionName="scott" connectionPassword="tiger"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!--
+ <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99"
+ driverName="sun.jdbc.odbc.JdbcOdbcDriver"
+ connectionURL="jdbc:odbc:CATALINA"
+ userTable="users" userNameCol="user_name" userCredCol="user_pass"
+ userRoleTable="user_roles" roleNameCol="role_name" />
+ -->
+
+ <!-- Define the default virtual host
+ Note: XML Schema validation will not work with Xerces 2.2.
+ -->
+ <Host name="localhost" debug="0" appBase="webapps"
+ unpackWARs="true" autoDeploy="true"
+ xmlValidation="false" xmlNamespaceAware="false">
+
+ <!-- Defines a cluster for this node,
+ By defining this element, means that every manager will be changed.
+ So when running a cluster, only make sure that you have webapps in there
+ that need to be clustered and remove the other ones.
+ A cluster has the following parameters:
+
+ className = the fully qualified name of the cluster class
+
+ name = a descriptive name for your cluster, can be anything
+
+ debug = the debug level, higher means more output
+
+ mcastAddr = the multicast address, has to be the same for all the nodes
+
+ mcastPort = the multicast port, has to be the same for all the nodes
+
+ mcastBindAddr = bind the multicast socket to a specific address
+
+ mcastTTL = the multicast TTL if you want to limit your broadcast
+
+ mcastSoTimeout = the multicast readtimeout
+
+ mcastFrequency = the number of milliseconds in between sending a "I'm alive" heartbeat
+
+ mcastDropTime = the number a milliseconds before a node is considered "dead" if no heartbeat is received
+
+ tcpThreadCount = the number of threads to handle incoming replication requests, optimal would be the same amount of threads as nodes
+
+ tcpListenAddress = the listen address (bind address) for TCP cluster request on this host,
+ in case of multiple ethernet cards.
+ auto means that address becomes
+ InetAddress.getLocalHost().getHostAddress()
+
+ tcpListenPort = the tcp listen port
+
+ tcpSelectorTimeout = the timeout (ms) for the Selector.select() method in case the OS
+ has a wakup bug in java.nio. Set to 0 for no timeout
+
+ printToScreen = true means that managers will also print to std.out
+
+ expireSessionsOnShutdown = true means that
+
+ useDirtyFlag = true means that we only replicate a session after setAttribute,removeAttribute has been called.
+ false means to replicate the session after each request.
+ false means that replication would work for the following piece of code:
+ <%
+ HashMap map = (HashMap)session.getAttribute("map");
+ map.put("key","value");
+ %>
+ replicationMode = can be either 'pooled', 'synchronous' or 'asynchronous'.
+ * Pooled means that the replication happens using several sockets in a synchronous way. Ie, the data gets replicated, then the request return. This is the same as the 'synchronous' setting except it uses a pool of sockets, hence it is multithreaded. This is the fastest and safest configuration. To use this, also increase the nr of tcp threads that you have dealing with replication.
+ * Synchronous means that the thread that executes the request, is also the
+ thread the replicates the data to the other nodes, and will not return until all
+ nodes have received the information.
+ * Asynchronous means that there is a specific 'sender' thread for each cluster node,
+ so the request thread will queue the replication request into a "smart" queue,
+ and then return to the client.
+ The "smart" queue is a queue where when a session is added to the queue, and the same session
+ already exists in the queue from a previous request, that session will be replaced
+ in the queue instead of replicating two requests. This almost never happens, unless there is a
+ large network delay.
+ -->
+ <!--
+ When configuring for clustering, you also add in a valve to catch all the requests
+ coming in, at the end of the request, the session may or may not be replicated.
+ A session is replicated if and only if all the conditions are met:
+ 1. useDirtyFlag is true or setAttribute or removeAttribute has been called AND
+ 2. a session exists (has been created)
+ 3. the request is not trapped by the "filter" attribute
+
+ The filter attribute is to filter out requests that could not modify the session,
+ hence we don't replicate the session after the end of this request.
+ The filter is negative, ie, anything you put in the filter, you mean to filter out,
+ ie, no replication will be done on requests that match one of the filters.
+ The filter attribute is delimited by ;, so you can't escape out ; even if you wanted to.
+
+ filter=".*\.gif;.*\.js;" means that we will not replicate the session after requests with the URI
+ ending with .gif and .js are intercepted.
+
+ The deployer element can be used to deploy apps cluster wide.
+ Currently the deployment only deploys/undeploys to working members in the cluster
+ so no WARs are copied upons startup of a broken node.
+ The deployer watches a directory (watchDir) for WAR files when watchEnabled="true"
+ When a new war file is added the war gets deployed to the local instance,
+ and then deployed to the other instances in the cluster.
+ When a war file is deleted from the watchDir the war is undeployed locally
+ and cluster wide
+ -->
+
+ <!--
+ <Cluster className="org.apache.catalina.cluster.tcp.SimpleTcpCluster"
+ managerClassName="org.apache.catalina.cluster.session.DeltaManager"
+ expireSessionsOnShutdown="false"
+ useDirtyFlag="true">
+
+ <Membership
+ className="org.apache.catalina.cluster.mcast.McastService"
+ mcastAddr="228.0.0.4"
+ mcastPort="45564"
+ mcastFrequency="500"
+ mcastDropTime="3000"/>
+
+ <Receiver
+ className="org.apache.catalina.cluster.tcp.ReplicationListener"
+ tcpListenAddress="auto"
+ tcpListenPort="4001"
+ tcpSelectorTimeout="100"
+ tcpThreadCount="6"/>
+
+ <Sender
+ className="org.apache.catalina.cluster.tcp.ReplicationTransmitter"
+ replicationMode="pooled"/>
+
+ <Valve className="org.apache.catalina.cluster.tcp.ReplicationValve"
+ filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>
+
+ <Deployer className="org.apache.catalina.cluster.deploy.FarmWarDeployer"
+ tempDir="/tmp/war-temp/"
+ deployDir="/tmp/war-deploy/"
+ watchDir="/tmp/war-listen/"
+ watchEnabled="false"/>
+ </Cluster>
+ -->
+
+
+
+ <!-- Normally, users must authenticate themselves to each web app
+ individually. Uncomment the following entry if you would like
+ a user to be authenticated the first time they encounter a
+ resource protected by a security constraint, and then have that
+ user identity maintained across *all* web applications contained
+ in this virtual host. -->
+ <!--
+ <Valve className="org.apache.catalina.authenticator.SingleSignOn"
+ debug="0"/>
+ -->
+
+ <!-- Access log processes all requests for this virtual host. By
+ default, log files are created in the "logs" directory relative to
+ $CATALINA_HOME. If you wish, you can specify a different
+ directory with the "directory" attribute. Specify either a relative
+ (to $CATALINA_HOME) or absolute path to the desired directory.
+ -->
+ <!--
+ <Valve className="org.apache.catalina.valves.AccessLogValve"
+ directory="logs" prefix="localhost_access_log." suffix=".txt"
+ pattern="common" resolveHosts="false"/>
+ -->
+
+ <!-- Logger shared by all Contexts related to this virtual host. By
+ default (when using FileLogger), log files are created in the "logs"
+ directory relative to $CATALINA_HOME. If you wish, you can specify
+ a different directory with the "directory" attribute. Specify either a
+ relative (to $CATALINA_HOME) or absolute path to the desired
+ directory.-->
+ <Logger className="org.apache.catalina.logger.FileLogger"
+ directory="logs" prefix="localhost_log." suffix=".txt"
+ timestamp="true"/>
+
+ <!-- Tomcat Root Context -->
+ <!--
+ <Context path="" docBase="../webappsProxy" debug="0"/>
+ -->
+
+ </Host>
+
+ </Engine>
+
+ </Service>
+
+</Server>
diff --git a/id/server/doc/MOA-ID-Configuration-1.4.2.xsd b/id/server/doc/MOA-ID-Configuration-1.4.2.xsd new file mode 100644 index 000000000..5a87e3fde --- /dev/null +++ b/id/server/doc/MOA-ID-Configuration-1.4.2.xsd @@ -0,0 +1,506 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
+<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="1.1.1">
+ <xsd:import namespace="http://www.w3.org/2000/09/xmldsig#" schemaLocation="http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd"/>
+ <xsd:import namespace="http://reference.e-government.gv.at/namespace/persondata/20020228#" schemaLocation="PersonData_20_en_moaWID.xsd"/>
+ <xsd:element name="Configuration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="LoginType" type="LoginType" default="stateful"/>
+ <xsd:element name="Binding" minOccurs="0">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="full"/>
+ <xsd:enumeration value="userName"/>
+ <xsd:enumeration value="none"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:element>
+ <xsd:choice>
+ <xsd:element ref="ParamAuth"/>
+ <xsd:element ref="BasicAuth"/>
+ <xsd:element ref="HeaderAuth"/>
+ </xsd:choice>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="LoginType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="stateless"/>
+ <xsd:enumeration value="stateful"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:element name="ParamAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Parameter" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Parameter">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="BasicAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="UserID" type="MOAAuthDataType"/>
+ <xsd:element name="Password" type="MOAAuthDataType"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="HeaderAuth">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="Header" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Header">
+ <xsd:complexType>
+ <xsd:attribute name="Name" type="xsd:token" use="required"/>
+ <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:simpleType name="MOAAuthDataType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="MOAGivenName"/>
+ <xsd:enumeration value="MOAFamilyName"/>
+ <xsd:enumeration value="MOADateOfBirth"/>
+ <xsd:enumeration value="MOABPK"/>
+ <xsd:enumeration value="MOAWBPK"/>
+ <xsd:enumeration value="MOAPublicAuthority"/>
+ <xsd:enumeration value="MOABKZ"/>
+ <xsd:enumeration value="MOAQualifiedCertificate"/>
+ <xsd:enumeration value="MOAStammzahl"/>
+ <xsd:enumeration value="MOAIdentificationValueType"/>
+ <xsd:enumeration value="MOAIPAddress"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="MOAKeyBoxSelector">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="SecureSignatureKeypair"/>
+ <xsd:enumeration value="CertifiedKeypair"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <!--Konfiguration fĂĽr Authentisierungs- und Proxy-Komponente und Online-Applikation-->
+ <xsd:element name="MOA-IDConfiguration">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter der
+ Authentisierungs-Komponente</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfigurationsparameter der
+ Proxy-Komponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="AuthComponent">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation zw.
+ Proxykomponente und Authenttisierungskomponente</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ Proxy-Komponente zur Auth-Komponente (vgl.
+ AuthComponent/MOA-SP/ConnectionParameter)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="OnlineApplication" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die OA</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="OnlineApplicationType">
+ <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/>
+ <xsd:attribute name="type" use="optional" default="publicService">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:NMTOKEN">
+ <xsd:enumeration value="businessService"/>
+ <xsd:enumeration value="publicService"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ChainingModes" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder "chaining") fĂĽr die
+ Zertifikatspfadvalidierung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence minOccurs="0" maxOccurs="unbounded">
+ <xsd:element name="TrustAnchor">
+ <xsd:annotation>
+ <xsd:documentation>ein vom SystemDefaultMode abweichender ChiningMode kann
+ fĂĽr jeden TrustAnchor gesetzt werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:complexContent>
+ <xsd:extension base="dsig:X509IssuerSerialType">
+ <xsd:attribute name="mode" type="ChainingModeType" use="required"/>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>verweist auf ein Verzeichnis, das vertrauenswĂĽrdige CA
+ (Zwischen-CA, Wurzel-CA) Zertifikate enthält.</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="name" use="required">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/>
+ <xsd:enumeration value="AuthenticationSession.TimeOut"/>
+ <xsd:enumeration value="AuthenticationData.TimeOut"/>
+ <xsd:enumeration value="TrustManager.RevocationChecking"/>
+ <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/>
+ <xsd:enumeration value="FrontendServlets.DataURLPrefix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="value" type="xsd:string" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:complexType name="AuthComponentType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelection" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterServerAuthType"/>
+ </xsd:sequence>
+ <xsd:attribute name="BKUSelectionAlternative" type="BKUSelectionType" use="optional" default="HTMLComplete"/>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="SecurityLayer">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Kommunikation mit dem
+ Security-Layer</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="MOA-SP">
+ <xsd:annotation>
+ <xsd:documentation>enthält Konfiguratiosnparameter für die Kommunikation mit dem MOA
+ SP Modul</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die SOAP-Verbindung von der
+ AUTH-Komponente zu MOA-SP; das Attribut URL enthält den Endpunkt des Server;
+ wird das Schema "https" verwendet mĂĽssen die Kind-Elemente angegeben werden;
+ wird das Schema "http" verwendet dĂĽrfen keine Kind-Elemente angegeben
+ werden; wird das Element nicht verwendet dann wird MOA-SP ĂĽber das API
+ aufgerufen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="VerifyIdentityLink">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung der
+ Personenbindung</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyAuthBlock">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter für die Überprüfung des
+ AUTH-Blocks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="IdentityLinkSigners" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Informationen über akzeptierte Signers des
+ IdentityLinks</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>akzeptierte Signer des IdentityLinks werden per
+ X509SubjectName (Kodierung nach RFC 2253) identifiziert</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Defaultparameter für die Überprüfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TransformsInfoType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut filename verweist auf eine Datei mit globalem
+ Element TransformsInfo vom Typ sl10:TransformsInfo; diese TransformsInfo
+ werden in den CreateXMLSignatureRequest fĂĽr die Signatur des AUTH-Blocks
+ inkludiert</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="filename" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="TemplatesType">
+ <xsd:sequence>
+ <xsd:element name="BKUSelectionTemplate" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="Template" type="TemplateType" minOccurs="0"/>
+ <xsd:element name="InputProcessorSignTemplate" type="TemplateType" minOccurs="0"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="TemplateType">
+ <xsd:annotation>
+ <xsd:documentation>das Attribut URL spezifiziert die Lage des Templates</xsd:documentation>
+ </xsd:annotation>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="VerifyInfoboxesType">
+ <xsd:annotation>
+ <xsd:documentation>Verifikation zusätzlicher Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="DefaultTrustProfile" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Optionales DefaultTrustprofil fĂĽr die ĂśberprĂĽfung aller weiteren Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="TrustProfileID"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Infobox" maxOccurs="unbounded">
+ <xsd:annotation>
+ <xsd:documentation>Parameter fĂĽr ĂśberprĂĽfung weiterer Infoboxen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="FriendlyName" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>optionalervName, der fĂĽr Fehlermeldungen verwendet werden soll;
+ z.B.: "Stellvertretungen" fĂĽr "Mandates"; fehlt dieser Parameter, dann wird
+ das Identifier-Attribut verwendet</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="TrustProfileID" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>TrustProfil, das fĂĽr die ĂśberprĂĽfung der Infobox
+ verwendet werden soll</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="ValidatorClass" type="xsd:string" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Validatorklasse, die fĂĽr die PrĂĽfung der Infobox
+ verwendet werden soll; muss gesetzt werden, wenn Package- und Klassenname
+ vom Default Package- und Klassennamen abweichen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ <xsd:element name="SchemaLocations" type="SchemaLocationType" minOccurs="0"/>
+ <xsd:element name="ApplicationSpecificParameters" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>Infobox spezifische Parameter, die der jeweiligen PrĂĽfapplikation
+ ĂĽbergeben werden</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:any namespace="##any" processContents="skip" maxOccurs="unbounded"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ <xsd:attribute name="required" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="SchemaLocationType">
+ <xsd:annotation>
+ <xsd:documentation>Spezifiziert die Lage von XML Schemas</xsd:documentation>
+ </xsd:annotation>
+ <xsd:sequence>
+ <xsd:element name="Schema" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ProxyComponentType"/>
+ <xsd:complexType name="OnlineApplicationType">
+ <xsd:sequence>
+ <xsd:element name="AuthComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die
+ Authentisierungs-Komponente betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <!--xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element ref="pr:AbstractSimpleIdentification"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element-->
+ <xsd:element name="IdentificationNumber" minOccurs="0">
+ <xsd:complexType>
+ <xsd:choice>
+ <xsd:element ref="pr:Firmenbuchnummer"/>
+ <xsd:element ref="pr:ZMRzahl"/>
+ <xsd:element ref="pr:Vereinsnummer"/>
+ <xsd:element ref="pr:ERJPZahl"/>
+ <xsd:element name="AnyNumber">
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:string">
+ <xsd:attribute name="Identifier" type="xsd:string" use="required"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:choice>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/>
+ <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element name="VerifyInfoboxes" type="VerifyInfoboxesType" minOccurs="0"/>
+ </xsd:sequence>
+ <xsd:attribute name="slVersion" use="optional" default="1.1">
+ <xsd:simpleType>
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="1.1"/>
+ <xsd:enumeration value="1.2"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ </xsd:attribute>
+ <xsd:attribute name="provideStammzahl" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideAUTHBlock" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
+ <xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
+ <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="ProxyComponent" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType">
+ <xsd:annotation>
+ <xsd:documentation>enthält Parameter über die OA, die die Proxy-Komponente
+ betreffen</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/>
+ <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/>
+ <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/>
+ <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/>
+ <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/>
+ </xsd:complexType>
+ </xsd:element>
+ <!--xsd:element ref="pr:CorporateBody" minOccurs="0" maxOccurs="1"/-->
+ </xsd:sequence>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte Server-Zertifikate der
+ TLS-Verbindung enthält (keine CA-Zertifikate)</xsd:documentation>
+ </xsd:annotation>
+ </xsd:element>
+ </xsd:sequence>
+ <xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ </xsd:complexType>
+ <xsd:complexType name="ConnectionParameterClientAuthType">
+ <xsd:complexContent>
+ <xsd:extension base="ConnectionParameterServerAuthType">
+ <xsd:sequence>
+ <xsd:element name="ClientKeyStore" minOccurs="0">
+ <xsd:annotation>
+ <xsd:documentation>URL zu einem KeyStore, der den privaten SchlĂĽssel, der fĂĽr
+ die TLS-Client-Authentisierung verwendetwird, enthält</xsd:documentation>
+ </xsd:annotation>
+ <xsd:complexType>
+ <xsd:simpleContent>
+ <xsd:extension base="xsd:anyURI">
+ <xsd:attribute name="password" type="xsd:string" use="optional"/>
+ </xsd:extension>
+ </xsd:simpleContent>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:extension>
+ </xsd:complexContent>
+ </xsd:complexType>
+ <xsd:element name="TrustProfileID" type="xsd:string"/>
+ <xsd:simpleType name="ChainingModeType">
+ <xsd:restriction base="xsd:string">
+ <xsd:enumeration value="chaining"/>
+ <xsd:enumeration value="pkix"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+ <xsd:simpleType name="BKUSelectionType">
+ <xsd:restriction base="xsd:token">
+ <xsd:enumeration value="HTMLComplete"/>
+ <xsd:enumeration value="HTMLSelect"/>
+ </xsd:restriction>
+ </xsd:simpleType>
+</xsd:schema>
diff --git a/id/server/doc/MOA-Testzertifikate.vsd b/id/server/doc/MOA-Testzertifikate.vsd Binary files differnew file mode 100644 index 000000000..c36051c04 --- /dev/null +++ b/id/server/doc/MOA-Testzertifikate.vsd diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm index d289f7929..173e3012a 100644 --- a/id/server/doc/moa_id/id-admin_1.htm +++ b/id/server/doc/moa_id/id-admin_1.htm @@ -140,8 +140,8 @@ Unterschiede sind in der Installationsanweisung angeführt. <b>Minimale Konfiguration</b> <br /> Die zentrale Konfigurations-Datei von Tomcat ist $CATALINA_HOME/conf/server.xml. Tomcat wird grundsätzlich mit einer funktionierenden Default-Konfiguration ausgeliefert, die jedoch einiges an Ballast enthält und viele Ports -offen lässt. Die Datei $MOA_ID_INST_AUTH/tomcat/server.xml (bzw. $MOA_ID_INST_PROXY/tomcat/server.xml) enthält eine minimale -Tomcat-Konfiguration, die je einen Connector für HTTP und für HTTPS freischaltet.<br /><br /> +offen lässt. Die Datei server.xml im Verzeichnis mit der Versionsnummer des verwendeten Tomcats unter $MOA_ID_INST_AUTH/tomcat (bzw. $MOA_ID_INST_PROXY/tomcat) enthält eine minimale +Tomcat-Konfiguration, die je einen Connector für HTTP und für HTTPS freischaltet. Die jeweilige Datei server.mod_jk.xml schaltet zusätzlich den AJP Connector Port für den Apache Webserver frei (falls diese Datei verwendet werden soll ist sie zuvor noch auf server.xml umzubenennen).<br /><br /> <b>SSL</b><br /> Für den sicheren Betrieb von MOA-ID-AUTH ist die Verwendung von SSL Voraussetzung, sofern nicht ein vorgelagerter WebServer (Apache oder IIS) das SSL-Handling übernimmt. Ebenso kann SSL auch für MOA-ID-PROXY verwendet werden. diff --git a/id/server/idserverlib/.classpath b/id/server/idserverlib/.classpath new file mode 100644 index 000000000..01edb156d --- /dev/null +++ b/id/server/idserverlib/.classpath @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="src" path="src/test/java"/>
+ <classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/id/server/idserverlib/.project b/id/server/idserverlib/.project new file mode 100644 index 000000000..b2e34e738 --- /dev/null +++ b/id/server/idserverlib/.project @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-id-lib</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.wst.common.project.facet.core.builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.validation.validationbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+ <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+ <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+ </natures>
+</projectDescription>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index d313e1eb0..93d61588c 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -1,175 +1,189 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> - <parent> - <groupId>MOA.id</groupId> - <artifactId>moa-id</artifactId> - <version>1.4.2beta1</version> - </parent> - - <modelVersion>4.0.0</modelVersion> - <groupId>MOA.id.server</groupId> - <artifactId>moa-id-lib</artifactId> - <packaging>jar</packaging> - <version>1.4.2beta1</version> - <name>MOA ID API</name> - - <properties> - <repositoryPath>${basedir}/../../../repository</repositoryPath> - </properties> - - <dependencies> - <dependency> - <groupId>MOA</groupId> - <artifactId>moa-common</artifactId> - <type>jar</type> - </dependency> - <dependency> - <groupId>MOA</groupId> - <artifactId>moa-common</artifactId> - <type>test-jar</type> - <scope>test</scope> - </dependency> - <dependency> - <groupId>MOA.spss.server</groupId> - <artifactId>moa-spss-lib</artifactId> - <!--version>${project.version}</version--> - </dependency> - <dependency> - <groupId>axis</groupId> - <artifactId>axis</artifactId> - <version>1.4</version> - </dependency> - <dependency> - <groupId>javax.mail</groupId> - <artifactId>mail</artifactId> - </dependency> - <dependency> - <groupId>javax.servlet</groupId> - <artifactId>servlet-api</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>xerces</groupId> - <artifactId>xercesImpl</artifactId> - </dependency> - <dependency> - <groupId>xalan-bin-dist</groupId> - <artifactId>xml-apis</artifactId> - </dependency> - <dependency> - <groupId>xalan-bin-dist</groupId> - <artifactId>xalan</artifactId> - </dependency> - <dependency> - <groupId>xalan-bin-dist</groupId> - <artifactId>serializer</artifactId> - </dependency> - <dependency> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - <scope>test</scope> - </dependency> - <dependency> - <groupId>commons-logging</groupId> - <artifactId>commons-logging</artifactId> - </dependency> - <dependency> - <groupId>commons-discovery</groupId> - <artifactId>commons-discovery</artifactId> - </dependency> - <dependency> - <groupId>commons-fileupload</groupId> - <artifactId>commons-fileupload</artifactId> - </dependency> - <dependency> - <groupId>dav4j</groupId> - <artifactId>dav4j</artifactId> - </dependency> - <dependency> - <groupId>httpsclient</groupId> - <artifactId>httpsclient</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_moa</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_ecc</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_jce_full</artifactId> - <scope>provided</scope> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_ixsil</artifactId> - </dependency> - <dependency> - <groupId>iaik.prod</groupId> - <artifactId>iaik_X509TrustManager</artifactId> - </dependency> - <dependency> - <groupId>regexp</groupId> - <artifactId>regexp</artifactId> - </dependency> - </dependencies> - - <build> - <plugins> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-jar-plugin</artifactId> - <configuration> - <archive> - <addMavenDescriptor>false</addMavenDescriptor> - </archive> - </configuration> - <executions> - <execution> - <goals> - <goal>test-jar</goal> - </goals> - </execution> - </executions> - </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-javadoc-plugin</artifactId> - <version>2.2</version> - <configuration> - <quiet>true</quiet> - <author>false</author> - <version>false</version> - <use>true</use> - <excludePackageNames> - at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.* - </excludePackageNames> - <tags> - <tag> - <name>pre</name> - <placement>a</placement> - <head>Preconditions:</head> - </tag> - <tag> - <name>post</name> - <placement>a</placement> - <head>Postconditions:</head> - </tag> - </tags> - <link>http://java.sun.com/j2se/1.4/docs/api/</link> - </configuration> - <executions> - <execution> - <id>generate-javadoc</id> - <phase>package</phase> - <goals> - <goal>jar</goal> - </goals> - </execution> - </executions> - </plugin> - </plugins> - </build> - -</project> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <parent>
+ <groupId>MOA.id</groupId>
+ <artifactId>moa-id</artifactId>
+ <version>1.4.2beta2</version>
+ </parent>
+
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-lib</artifactId>
+ <packaging>jar</packaging>
+ <version>1.4.2beta2</version>
+ <name>MOA ID API</name>
+
+ <properties>
+ <repositoryPath>${basedir}/../../../repository</repositoryPath>
+ </properties>
+
+ <dependencies>
+ <dependency>
+ <groupId>MOA</groupId>
+ <artifactId>moa-common</artifactId>
+ <type>jar</type>
+ </dependency>
+ <dependency>
+ <groupId>MOA</groupId>
+ <artifactId>moa-common</artifactId>
+ <type>test-jar</type>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>MOA.spss.server</groupId>
+ <artifactId>moa-spss-lib</artifactId>
+ <!--version>${project.version}</version-->
+ </dependency>
+ <dependency>
+ <groupId>axis</groupId>
+ <artifactId>axis</artifactId>
+ <version>1.4</version>
+ </dependency>
+ <dependency>
+ <groupId>javax.mail</groupId>
+ <artifactId>mail</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>xerces</groupId>
+ <artifactId>xercesImpl</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>xml-apis</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>xalan</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>xalan-bin-dist</groupId>
+ <artifactId>serializer</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>commons-logging</groupId>
+ <artifactId>commons-logging</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-discovery</groupId>
+ <artifactId>commons-discovery</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-fileupload</groupId>
+ <artifactId>commons-fileupload</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>dav4j</groupId>
+ <artifactId>dav4j</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>httpsclient</groupId>
+ <artifactId>httpsclient</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_moa</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ecc</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_jce_full</artifactId>
+ <scope>provided</scope>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_ixsil</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>iaik.prod</groupId>
+ <artifactId>iaik_X509TrustManager</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>regexp</groupId>
+ <artifactId>regexp</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>2.0.2</version>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egovernment.moa.id</groupId>
+ <artifactId>mandate-validate</artifactId>
+ <version>1.0</version>
+ </dependency>
+ </dependencies>
+
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <archive>
+ <addMavenDescriptor>false</addMavenDescriptor>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>2.2</version>
+ <configuration>
+ <quiet>true</quiet>
+ <author>false</author>
+ <version>false</version>
+ <use>true</use>
+ <excludePackageNames>
+ at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*
+ </excludePackageNames>
+ <tags>
+ <tag>
+ <name>pre</name>
+ <placement>a</placement>
+ <head>Preconditions:</head>
+ </tag>
+ <tag>
+ <name>post</name>
+ <placement>a</placement>
+ <head>Postconditions:</head>
+ </tag>
+ </tags>
+ <link>http://java.sun.com/j2se/1.4/docs/api/</link>
+ </configuration>
+ <executions>
+ <execution>
+ <id>generate-javadoc</id>
+ <phase>package</phase>
+ <goals>
+ <goal>jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
+</project>
diff --git a/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 000000000..5e9495128 --- /dev/null +++ b/id/server/idserverlib/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0
+Class-Path:
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 5f4ec2d29..75197943f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth; import iaik.pki.PKIException; import iaik.x509.X509Certificate; +import java.io.File; +import java.io.FileOutputStream; import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Calendar; @@ -55,6 +57,9 @@ import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -312,7 +317,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setOAURLRequested(oaURL); session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); session.setAuthURL(authURL); - session.setTemplateURL(templateURL); + session.setTemplateURL(templateURL); session.setBusinessService(oaParam.getBusinessService()); } // BKU URL has not been set yet, even if session already exists @@ -320,6 +325,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { bkuURL = DEFAULT_BKU; } session.setBkuURL(bkuURL); + session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); String infoboxReadRequest = new InfoboxReadRequestBuilder().build(oaParam.getSlVersion12(), oaParam.getBusinessService(), @@ -350,6 +356,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { pushInfobox = verifyInfoboxParameters.getPushInfobox(); + session.setPushInfobox(pushInfobox); } String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(oaParam.getSlVersion12()); String certInfoDataURL = @@ -448,6 +455,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam.getProvideStammzahl()); + + return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, authConf, oaParam); + } + + public String getCreateXMLSignatureRequestAuthBlockOrRedirect(AuthenticationSession session, AuthConfigurationProvider authConf, OAAuthParameter oaParam) + throws + ConfigurationException, + BuildException, + ValidateException { + + // check for intermediate processing of the infoboxes + if (session.isValidatorInputPending()) return "Redirect to Input Processor"; + + if (authConf==null) authConf = AuthConfigurationProvider.getInstance(); + if (oaParam==null) oaParam = AuthConfigurationProvider.getInstance(). + getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + // builds the AUTH-block String authBlock = buildAuthenticationBlock(session); // session.setAuthBlock(authBlock); @@ -456,7 +480,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if ((transformsInfos == null) || (transformsInfos.length == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); - } + } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder().build(authBlock, oaParam.getKeyBoxIdentifier(), @@ -464,6 +488,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { oaParam.getSlVersion12()); return createXMLSignatureRequest; } + /** * Builds an authentication block <code><saml:Assertion></code> from given session data. * @param session authentication session @@ -534,8 +559,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { authConfigurationProvider.getOnlineApplicationParameter(session.getPublicOAURLPrefix()); VerifyInfoboxParameters verifyInfoboxParameters = oaParam.getVerifyInfoboxParameters(); if (verifyInfoboxParameters != null) { - Vector authAttributes = new Vector(); - Vector oaAttributes = new Vector(); + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML Attributes + session.setExtendedSAMLAttributesOA(new Vector()); infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); // get the list of infobox identifiers List identifiers = verifyInfoboxParameters.getIdentifiers(); @@ -563,10 +588,46 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new ValidateException("validator.41", new Object[] {identifier}); } else { String friendlyName = verifyInfoboxParameter.getFriendlyName(); + boolean isParepRequest = false; + + // parse the infobox read reponse + List infoboxTokenList = null; + try { + infoboxTokenList = + ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); + } catch (ParseException e) { + Logger.error("InfoboxReadResponse for \"" + identifier + + "\"-infobox could not be parsed successfully: " + e.getMessage()); + throw new ValidateException("validator.43", new Object[] {friendlyName}); + } + // check for party representation in mandates infobox + if (Constants.INFOBOXIDENTIFIER_MANDATES.equalsIgnoreCase(identifier) && !((infoboxTokenList == null || infoboxTokenList.size() == 0))){ + session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); + Element mandate = ParepValidator.extractPrimaryToken(infoboxTokenList); + //ParepUtils.serializeElement(mandate, System.out); + String mandateID = ParepUtils.extractRepresentativeID(mandate); + if (!isEmpty(mandateID) && + ("*".equals(mandateID) || mandateID.startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { + isParepRequest = true; + } + if (!isParepRequest) { + //if mandates validator is disabled we must throw an error in this case + if (!ParepUtils.isValidatorEnabled(verifyInfoboxParameter.getApplicationSpecificParams())) { + throw new ValidateException("validator.60", new Object[] {friendlyName}); + } + } + } + // get the class for validating the infobox InfoboxValidator infoboxValidator = null; try { - Class validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + Class validatorClass = null; + if (isParepRequest) { + // Mandates infobox in party representation mode + validatorClass = Class.forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); + } else { + validatorClass = Class.forName(verifyInfoboxParameter.getValidatorClassName()); + } infoboxValidator = (InfoboxValidator) validatorClass.newInstance(); } catch (Exception e) { Logger.error("Could not load validator class \"" + verifyInfoboxParameter.getValidatorClassName() + @@ -575,20 +636,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.debug("Successfully loaded validator class \"" + verifyInfoboxParameter.getValidatorClassName() + "\" for \"" + identifier + "\"-infobox."); - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = - ExtendedInfoboxReadResponseParser.parseInfoboxReadResponse(infoboxReadResponse, friendlyName); - } catch (ParseException e) { - Logger.error("InfoboxReadResponse for \"" + identifier + - "\"-infobox could not be parsed successfully: " + e.getMessage()); - throw new ValidateException("validator.43", new Object[] {friendlyName}); - } // build the parameters for validating the infobox InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder.buildInfoboxValidatorParams( - session, verifyInfoboxParameter, infoboxTokenList, hideStammzahl); + session, verifyInfoboxParameter, infoboxTokenList, oaParam); + // now validate the infobox InfoboxValidationResult infoboxValidationResult = null; try { @@ -605,89 +657,138 @@ public class AuthenticationServer implements MOAIDAuthConstants { } Logger.info(identifier + " infobox successfully validated."); + // store the validator for post processing + session.addInfoboxValidator(identifier, friendlyName, infoboxValidator); // get the SAML attributes to be appended to the AUTHBlock or to the final // SAML Assertion - ExtendedSAMLAttribute[] extendedSAMLAttributes = infoboxValidationResult.getExtendedSamlAttributes(); - if (extendedSAMLAttributes != null) { - int length = extendedSAMLAttributes.length; - for (int i=0; i<length; i++) { - ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; - String name = samlAttribute.getName(); - if (name == null) { - Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); - } - if (name == "") { - Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is empty."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); - } - if (samlAttribute.getNameSpace() == null) { - Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); - } - Object value = samlAttribute.getValue(); - if (value == null) { - Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is null."); - throw new ValidateException( - "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); - } - if ((value instanceof String) || (value instanceof Element)) { - - switch (samlAttribute.getAddToAUTHBlock()) { - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: - authAttributes.add(samlAttribute); - oaAttributes.add(samlAttribute); - break; - case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: - authAttributes.add(samlAttribute); - break; - case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: - oaAttributes.add(samlAttribute); - break; - default: - Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" - + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " - + (i+1) + " for infobox " + identifier); - throw new ValidateException( - "validator.47", new Object[] {friendlyName, String.valueOf((i+1))}); - } - } else { - Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + - identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + - " or \"org.w3c.dom.Element\""); - throw new ValidateException( - "validator.46", new Object[] {identifier, String.valueOf((i+1))}); - - } - } - - } + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); } } else { if ((verifyInfoboxParameter !=null) && (verifyInfoboxParameter.isRequired())) { Logger.info("Infobox \"" + identifier + "\" is required, but not returned from the BKU"); throw new ValidateException( "validator.48", new Object[] {verifyInfoboxParameter.getFriendlyName()}); - } Logger.debug("Infobox \"" + identifier + "\" not returned from BKU."); - } + } } - session.setExtendedSAMLAttributesAUTH(authAttributes); - session.setExtendedSAMLAttributesOA(oaAttributes); } - } + } } /** + * Intermediate processing of the infoboxes. The first pending infobox + * validator may validate the provided input + * + * @param session The current authentication session + * @param parameters The parameters got returned by the user input fields + */ + public static void processInput(AuthenticationSession session, Map parameters) throws ValidateException + { + + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(parameters); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } + } + } + } + + /** + * Adds given SAML Attributes to the current session. They will be appended + * to the final SAML Assertion or the AUTH block. If the attributes are + * already in the list, they will be replaced. + * + * @param session The current session + * @param extendedSAMLAttributes The SAML attributes to add + * @param identifier The infobox identifier for debug purposes + * @param friendlyNam The friendly name of the infobox for debug purposes + */ + private static void AddAdditionalSAMLAttributes(AuthenticationSession session, ExtendedSAMLAttribute[] extendedSAMLAttributes, + String identifier, String friendlyName) throws ValidateException + { + if (extendedSAMLAttributes == null) return; + List oaAttributes = session.getExtendedSAMLAttributesOA(); + if (oaAttributes==null) oaAttributes = new Vector(); + List authAttributes = session.getExtendedSAMLAttributesAUTH(); + if (authAttributes==null) authAttributes = new Vector(); + int length = extendedSAMLAttributes.length; + for (int i=0; i<length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, identifier, friendlyName); + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(authAttributes, samlAttribute); + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger.info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + ") in SAML attribute number " + + (i+1) + " for infobox " + identifier); + throw new ValidateException( + "validator.47", new Object[] {friendlyName, String.valueOf((i+1))}); + } + } else { + Logger.info("The type of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException( + "validator.46", new Object[] {identifier, String.valueOf((i+1))}); + } + } + session.setExtendedSAMLAttributesAUTH(authAttributes); + session.setExtendedSAMLAttributesOA(oaAttributes); + } + + private static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { + if (null==attributes) { + attributes = new Vector(); + } else { + String id = samlAttribute.getName(); + int length = attributes.size(); + for (int i=0; i<length; i++) { + ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes.get(i); + if (id.equals(att.getName())) { + // replace attribute + attributes.set(i, samlAttribute); + return; + } + } + attributes.add(samlAttribute); + } + } + + + + /** * Processes a <code><CreateXMLSignatureResponse></code> sent by the * security layer implementation.<br> * <ul> @@ -728,7 +829,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses <CreateXMLSignatureResponse> CreateXMLSignatureResponse csresp = - new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); + new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); try { String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion()); session.setAuthBlock(serializedAssertion); @@ -768,11 +869,103 @@ public class AuthenticationServer implements MOAIDAuthConstants { vsresp, session.getIdentityLink()); + // post processing of the infoboxes + Iterator iter = session.getInfoboxValidatorIterator(); + boolean formpending = false; + if (iter != null) { + while (!formpending && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + String identifier = (String) infoboxValidatorVector.get(0); + String friendlyName = (String) infoboxValidatorVector.get(1); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + InfoboxValidationResult infoboxValidationResult = null; + try { + infoboxValidationResult = infoboxvalidator.validate(csresp.getSamlAssertion()); + } catch (ValidateException e) { + Logger.error("Error validating " + identifier + " infobox:" + e.getMessage()); + throw new ValidateException( + "validator.44", new Object[] {friendlyName}); + } + if (!infoboxValidationResult.isValid()) { + Logger.info("Validation of " + identifier + " infobox failed."); + throw new ValidateException( + "validator.40", new Object[] {friendlyName, infoboxValidationResult.getErrorMessage()}); + } + String form = infoboxvalidator.getForm(); + if (ParepUtils.isEmpty(form)) { + AddAdditionalSAMLAttributes(session, infoboxValidationResult.getExtendedSamlAttributes(), identifier, friendlyName); + } else { + return "Redirect to Input Processor"; + } + } + } + + // Exchange person data information by a mandate if needed + List oaAttributes = session.getExtendedSAMLAttributesOA(); + IdentityLink replacementIdentityLink = null; + if (session.isMandateCompatibilityMode() && oaAttributes != null && oaAttributes.size()>0) { + // look if we have a mandate + boolean foundMandate = false; + Iterator it = oaAttributes.iterator(); + while (!foundMandate && it.hasNext()) { + ExtendedSAMLAttribute samlAttribute = (ExtendedSAMLAttribute)it.next(); + if (ParepValidator.EXT_SAML_MANDATE_RAW.equals(samlAttribute.getName())) { + Object value = samlAttribute.getValue(); + if (value instanceof Element) { + Element mandate = (Element) value; + replacementIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical && session.getBusinessService() && identificationType!=null && Constants.URN_PREFIX_BASEID.equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the BKU + identificationType = Constants.URN_PREFIX_WBPK + "+" + session.getDomainIdentifier(); + identificationValue = new BPKBuilder().buildWBPK(identificationValue, session.getDomainIdentifier()); + ParepUtils.HideStammZahlen(prPerson, true, null, null, true); + } + + } + replacementIdentityLink.setDateOfBirth(dateOfBirth); + replacementIdentityLink.setFamilyName(familyName); + replacementIdentityLink.setGivenName(givenName); + replacementIdentityLink.setIdentificationType(identificationType); + replacementIdentityLink.setIdentificationValue(identificationValue); + replacementIdentityLink.setPrPerson(prPerson); + try { + replacementIdentityLink.setSamlAssertion(session.getIdentityLink().getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + } else { + Logger.info("The type of Mandate SAML-Attribute is not \"org.w3c.dom.Element\""); + throw new ValidateException("validator.64", null); + } + } + } + } + // builds authentication data and stores it together with a SAML artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp); + AuthenticationData authData = buildAuthenticationData(session, vsresp, replacementIdentityLink); String samlArtifact = new SAMLArtifactBuilder().build(session.getAuthURL(), session.getSessionID()); storeAuthenticationData(samlArtifact, authData); + // invalidates the authentication session sessionStore.remove(sessionID); Logger.info( @@ -790,10 +983,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private AuthenticationData buildAuthenticationData( AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp) + VerifyXMLSignatureResponse verifyXMLSigResp, + IdentityLink replacementIdentityLink) throws ConfigurationException, BuildException { - IdentityLink identityLink = session.getIdentityLink(); + IdentityLink identityLink; + if (replacementIdentityLink == null) { + identityLink = session.getIdentityLink(); + } else { + // We have got data form a mandate we need now to use to stay compatible with applications + identityLink = replacementIdentityLink; + } + AuthenticationData authData = new AuthenticationData(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( @@ -804,7 +1005,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); - authData.setIdentificationType(identityLink.getIdentificationType()); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); @@ -817,7 +1017,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (provideStammzahl) { authData.setIdentificationValue(identityLink.getIdentificationValue()); } - String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); + String prPerson = new PersonDataBuilder().build(identityLink, provideStammzahl); try { String signerCertificateBase64 = ""; if (oaParam.getProvideCertifcate()) { @@ -832,12 +1032,14 @@ public class AuthenticationServer implements MOAIDAuthConstants { if (businessService) { authData.setWBPK(identityLink.getIdentificationValue()); } else { - // only compute bPK if online applcation is a public service - String bpkBase64 = - new BPKBuilder().buildBPK( - identityLink.getIdentificationValue(), - session.getTarget()); - authData.setBPK(bpkBase64); + authData.setBPK(identityLink.getIdentificationValue()); + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online applcation is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK( + identityLink.getIdentificationValue(), + session.getTarget()); + authData.setBPK(bpkBase64); + } } String ilAssertion = oaParam.getProvideIdentityLink() @@ -858,6 +1060,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { businessService, session.getExtendedSAMLAttributesOA()); authData.setSamlAssertion(samlAssertion); + + + //ParepUtils.saveStringToFile(samlAssertion, new File("c:/saml_assertion.xml")); + return authData; } catch (Throwable ex) { throw new BuildException( @@ -1015,5 +1221,42 @@ public class AuthenticationServer implements MOAIDAuthConstants { return param == null || param.length() == 0; } - + /** + * Checks the correctness of SAML attributes and returns its value. + * @param param samlAttribute + * @param i the number of the verified attribute for messages + * @param identifier the infobox identifier for messages + * @param friendlyname the friendly name of the infobox for messages + * @return the SAML attribute value (Element or String) + */ + private static Object verifySAMLAttribute(ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) + throws ValidateException{ + String name = samlAttribute.getName(); + if (name == null) { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "null"}); + } + if (name == "") { + Logger.info("The name of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is empty."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Name", String.valueOf((i+1)), "leer"}); + } + if (samlAttribute.getNameSpace() == null) { + Logger.info("The namespace of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName, "Namespace", String.valueOf((i+1)), "null"}); + } + Object value = samlAttribute.getValue(); + if (value == null) { + Logger.info("The value of SAML-Attribute number " + (i+1) + " returned from " + + identifier + "-infobox validator is null."); + throw new ValidateException( + "validator.45", new Object[] {friendlyName ,"Wert", String.valueOf((i+1)), "null"}); + } + return value; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 43e88e7b5..4f9235949 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -19,6 +19,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_BKU = "bkuURI"; /** servlet parameter "BKUSelectionTemplate" */ public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate"; + /** servlet parameter "BKUSelectionTemplate" */ + public static final String PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE = "InputProcessorSignTemplate"; /** default BKU URL */ public static final String DEFAULT_BKU = "http://localhost:3495/http-security-layer-request"; /** servlet parameter "returnURI" */ @@ -35,6 +37,8 @@ public interface MOAIDAuthConstants { public static final String REQ_START_AUTHENTICATION = "StartAuthentication"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet} is mapped to */ public static final String REQ_VERIFY_IDENTITY_LINK = "VerifyIdentityLink"; + /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet} is mapped to */ + public static final String REQ_PROCESS_VALIDATOR_INPUT = "ProcessInput"; /** Request name {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet} is mapped to */ public static final String REQ_VERIFY_AUTH_BLOCK = "VerifyAuthBlock"; /** Logging hierarchy used for controlling debug output of XML structures to files */ @@ -62,14 +66,16 @@ public interface MOAIDAuthConstants { public static final String[] IDENTITY_LINK_SIGNERS_WITHOUT_OID = new String[] {"T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitgieds der Datenschutzkommission", "T=Dr.,CN=Nikolaus Schwab,O=BM f. Inneres i.A. des gf. Mitglieds der Datenschutzkommission"}; - /** - * the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" - */ + /** the number of the certifcate extension "Eigenschaft zur Ausstellung von Personenbindungen" */ public static final String IDENTITY_LINK_SIGNER_OID_NUMBER = "1.2.40.0.10.1.7.1"; /** * the OID of the identity link signer certificate (Eigenschaft zur Ausstellung von Personenbindungen); * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ + public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; + /** the number of the certifcate extension for party organ representatives */ + public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 53520c846..11628517e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -126,6 +126,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB pkValue = authData.getWBPK(); } else { + // <saml:NameIdentifier NameQualifier> always has the bPK as type/value pkType = URN_PREFIX_BPK; pkValue = authData.getBPK(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 6cc8c1be8..cc228298b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -42,7 +42,37 @@ public class BPKBuilder { String hashBase64 = Base64Utils.encode(hash); return hashBase64; } catch (Exception ex) { - throw new BuildException("builder.00", new Object[] {"BPK", ex.toString()}, ex); + throw new BuildException("builder.00", new Object[] {"bPK", ex.toString()}, ex); + } + } + + /** + * Builds the wbPK from the given parameters. + * @param identificationValue Base64 encoded "Stammzahl" + * @param registerAndOrdNr type of register + "+" + number in register. + * @return wbPK in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + public String buildWBPK(String identificationValue, String registerAndOrdNr) + throws BuildException { + + if ((identificationValue == null || + identificationValue.length() == 0 || + registerAndOrdNr == null || + registerAndOrdNr.length() == 0)) + { + throw new BuildException("builder.00", + new Object[] {"wbPK", "Unvollst�ndige Parameterangaben: identificationValue=" + + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); + } + String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { + MessageDigest md = MessageDigest.getInstance("SHA-1"); + byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); + String hashBase64 = Base64Utils.encode(hash); + return hashBase64; + } catch (Exception ex) { + throw new BuildException("builder.00", new Object[] {"wbPK", ex.toString()}, ex); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java new file mode 100644 index 000000000..c053ee896 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java @@ -0,0 +1,86 @@ +package at.gv.egovernment.moa.id.auth.builder;
+
+import java.io.IOException;
+import java.io.StringReader;
+import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.BuildException;
+
+/**
+ * Builder for HTML form requesting a security layer request
+ *
+ * @author Peter Danner
+ * @version $Id: GetIdentityLinkFormBuilder.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class GetVerifyAuthBlockFormBuilder extends Builder {
+ /** private static String NL contains the NewLine representation in Java*/
+ private static final String nl = "\n";
+ /** special tag in the HTML template to be substituted for the BKU URL */
+ private static final String BKU_TAG = "<BKU>";
+ /** special tag in the HTML template to be substituted for the XML request */
+ private static final String XMLREQUEST_TAG = "<XMLRequest>";
+ /** special tag in the HTML template to be substituted for the data URL */
+ private static final String DATAURL_TAG = "<DataURL>";
+ /** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
+ private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
+ /** private static int all contains the representation to replace all tags*/
+ private static final int ALL = -1;
+
+ /** default HTML template */
+ private static final String DEFAULT_HTML_TEMPLATE =
+ "<html>" + nl +
+ " <head>" + nl +
+ " <meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"/>" + nl +
+ " <title>Signatur der Anmeldedaten</title>" + nl +
+ " </head>" + nl +
+ " <body onLoad=\"autoSubmit()\">" + nl +
+ " <script type=\"text/javascript\">" + nl +
+ " //<!-- " + nl +
+ " function autoSubmit() { " + nl +
+ " document.VerifyAuthBlockForm.submitButton.disabled=true;" + nl +
+ " document.VerifyAuthBlockForm.submit(); " + nl +
+ " } //-->" + nl +
+ " </script>" + nl +
+ " <form name=\"VerifyAuthBlockForm\" action=\"" + BKU_TAG + "\" method=\"post\" enctype=\"application/x-www-form-urlencoded\">" + nl +
+ " <input type=\"hidden\" name=\"XMLRequest\" value=\"" + XMLREQUEST_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" name=\"DataURL\" value=\"" + DATAURL_TAG + "\"/>" + nl +
+ " <input type=\"hidden\" name=\"PushInfobox\" value=\"" + PUSHINFOBOX_TAG + "\"/>" + nl +
+ " <input type=\"submit\" value=\"Signieren der Anmeldedaten\" id=\"submitButton\"/>" + nl +
+ " </form>" + nl +
+ " </body>" + nl +
+ "</html>";
+
+ /**
+ * Constructor for GetVerifyAuthBlockFormBuilder.
+ */
+ public GetVerifyAuthBlockFormBuilder() {
+ super();
+ }
+ /**
+ * Builds the HTML form, including XML Request and data URL as parameters.
+ *
+ * @param htmlTemplate template to be used for the HTML form;
+ * may be <code>null</code>, in this case a default layout will be produced
+ * @param xmlRequest XML Request to be sent as a parameter in the form
+ * @param bkuURL URL of the "Bürgerkartenumgebung" the form will be submitted to;
+ * may be <code>null</code>, in this case the default URL will be used
+ * @param dataURL DataURL to be sent as a parameter in the form
+ */
+ public String build(
+ String htmlTemplate,
+ String bkuURL,
+ String xmlRequest,
+ String dataURL,
+ String pushInfobox)
+ throws BuildException
+ {
+ String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
+ htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL, true, ALL);
+ htmlForm = replaceTag(htmlForm, XMLREQUEST_TAG, GetIdentityLinkFormBuilder.encodeParameter(xmlRequest), true, ALL);
+ htmlForm = replaceTag(htmlForm, DATAURL_TAG, dataURL, true, ALL);
+ if (null==pushInfobox) pushInfobox="";
+ htmlForm = replaceTag(htmlForm, PUSHINFOBOX_TAG, pushInfobox, false, ALL);
+ return htmlForm;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index 038e549be..e70b64a6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -9,6 +9,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; import at.gv.egovernment.moa.util.XPathUtils; @@ -30,9 +31,7 @@ public class InfoboxValidatorParamsBuilder { * @param session The actual Authentication session. * @param verifyInfoboxParameter The configuration parameters for the infobox. * @param infoboxTokenList Contains the infobox token to be validated. - * @param hideStammzahl Indicates whether source pins (<code>Stammzahl</code>en) - * should be hidden in any SAML attributes returned by - * an infobox validator. + * @param oaParam The configuration parameters of the online application * * @return Parameters for validating an infobox token. */ @@ -40,7 +39,7 @@ public class InfoboxValidatorParamsBuilder { AuthenticationSession session, VerifyInfoboxParameter verifyInfoboxParameter, List infoboxTokenList, - boolean hideStammzahl) + OAAuthParameter oaParam) { InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); IdentityLink identityLink = session.getIdentityLink(); @@ -54,6 +53,7 @@ public class InfoboxValidatorParamsBuilder { // authentication session parameters infoboxValidatorParams.setBkuURL(session.getBkuURL()); infoboxValidatorParams.setTarget(session.getTarget()); + infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); // parameters from the identity link infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); @@ -75,7 +75,7 @@ public class InfoboxValidatorParamsBuilder { } infoboxValidatorParams.setIdentityLink(identityLinkElem); } - infoboxValidatorParams.setHideStammzahl(hideStammzahl); + infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); return infoboxValidatorParams; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 90d79a46d..946f0a9c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -1,8 +1,13 @@ package at.gv.egovernment.moa.id.auth.data; +import java.util.ArrayList; import java.util.Date; +import java.util.Iterator; import java.util.List; +import java.util.Vector; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -15,6 +20,7 @@ import at.gv.egovernment.moa.util.Constants; public class AuthenticationSession { private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; /** * session ID @@ -37,14 +43,14 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - /** - * URL of the BKU - */ - private String bkuURL; + /** + * HTML template URL + */ + private String templateURL; + /** + * URL of the BKU + */ + private String bkuURL; /** * identity link read from smartcard */ @@ -61,11 +67,11 @@ public class AuthenticationSession { * timestamp logging when identity link has been received */ private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; /** * SAML attributes from an extended infobox validation to be appended @@ -91,6 +97,33 @@ public class AuthenticationSession { private String issueInstant; /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * AppSpecificConfiguration entry of then mandates infobox-validator. Tells + * whether person data from the representative have to be exchanged by data + * from the mandate + */ + private boolean mandateCompatibilityMode = false; + + + + /** * Constructor for AuthenticationSession. * * @param id Session ID @@ -98,6 +131,7 @@ public class AuthenticationSession { public AuthenticationSession(String id) { sessionID = id; setTimestampStart(); + infoboxValidators = new ArrayList(); } /** @@ -380,4 +414,143 @@ public class AuthenticationSession { this.issueInstant = issueInstant; } + /** + * Returns the iterator to the stored infobox validators. + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators==null) return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * @param infoboxIdentifier the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName the friendly name of the infobox + * @param infoboxValidator the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators==null) infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input processor. + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) return form; + } + } + return null; + } + + /** + * @return the mandateCompatibilityMode + */ + public boolean isMandateCompatibilityMode() { + return mandateCompatibilityMode; + } + + /** + * @param mandateCompatibilityMode the mandateCompatibilityMode to set + */ + public void setMandateCompatibilityMode(boolean mandateCompatibilityMode) { + this.mandateCompatibilityMode = mandateCompatibilityMode; + } + + /** + * Returns domain identifier (the register and number in the register parameter). + * <code>null</code> in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. + * If the domain identifier includes the registerAndOrdNr prefix, the prefix + * will be stripped off. + * + * @param domainIdentifier the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) + { + // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); + } + else + { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox==null) return ""; + return pushInfobox; + } + + /** + * @param pushInfobox the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java index c7a557290..01b9d9359 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java @@ -63,6 +63,14 @@ public interface InfoboxValidatorParams { public String getTarget(); /** + * Returns the register and number in the register parameter. + * <code>null</code> in the case of not a business service. + * + * @return The register and number in the register parameter. + */ + public String getDomainIdentifier(); + + /** * Returns <code>true</code> if the application is a business * service, otherwise <code>false</code>. This may be useful * for the validating application. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java index 80ba5995f..3747fa93b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java @@ -49,6 +49,11 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { protected String target_; /** + * The domain identifier (register and number in the register parameter). + */ + protected String domainIdentifier_; + + /** * The family name from the identity link. */ protected String familyName_; @@ -135,6 +140,13 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { } /** + * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getDomainIdentifier() + */ + public String getDomainIdentifier() { + return domainIdentifier_; + } + + /** * @see at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams#getBusinessApplication() */ public boolean getBusinessApplication() { @@ -324,6 +336,15 @@ public class InfoboxValidatorParamsImpl implements InfoboxValidatorParams { public void setTarget(String target) { target_ = target; } + + /** + * Sets the domain identifier (register and number in the register parameter) + * + * @param domainIdentifier the domainIdentifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + this.domainIdentifier_ = domainIdentifier; + } /** * Sets the ID of the trust profile used for validating certificates. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java new file mode 100644 index 000000000..df480b624 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.auth.servlet;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.util.Map;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.fileupload.FileUploadException;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.FileUtils;
+
+/**
+ * Servlet requested for processing user input forms of infobox validators
+ *
+ * Utilizes the {@link AuthenticationServer}.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $
+ */
+public class ProcessValidatorInputServlet extends AuthServlet {
+
+ public static final long serialVersionUID = 1;
+
+ /**
+ * Constructor for VerifyIdentityLinkServlet.
+ */
+ public ProcessValidatorInputServlet() {
+ super();
+ }
+
+ /**
+ * Shows the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("GET ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
+ String outputStream;
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+ if (infoboxvalidator!=null) {
+ outputStream = infoboxvalidator.getForm();
+ // replace strings the validators can not know
+ outputStream = ParepUtils.replaceAll(outputStream, "<BASE_href>", session.getAuthURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<MOASessionID>", sessionID);
+ outputStream = ParepUtils.replaceAll(outputStream, "<BKU>", session.getBkuURL());
+ outputStream = ParepUtils.replaceAll(outputStream, "<DataURL>", dataURL);
+ outputStream = ParepUtils.replaceAll(outputStream, "<PushInfobox>", session.getPushInfobox());
+ } else {
+ throw new ValidateException("validator.65", null);
+ }
+ //resp.setStatus(200);
+ resp.setContentType("text/html;charset=UTF-8");
+ OutputStream out = resp.getOutputStream();
+ out.write(outputStream.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished GET ProcessInput");
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+ /**
+ * Verifies the user input forms of infobox validators
+ *
+ * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
+ */
+ protected void doPost(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+
+ Logger.debug("POST ProcessInput");
+ Map parameters;
+ try {
+ parameters = getParameters(req);
+ } catch (FileUploadException e) {
+ Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+ throw new IOException(e.getMessage());
+ }
+ String sessionID = req.getParameter(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+ if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+
+ try {
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ AuthenticationServer.processInput(session, parameters);
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+ // Now sign the AUTH Block
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+
+ // Test if we have a user input form sign template
+ String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
+ String inputProcessorSignTemplate = null;
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+ // override template url by url from configuration file
+ if (oaParam.getInputProcessorSignTemplateURL() != null) {
+ inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+ }
+ if (inputProcessorSignTemplateURL != null) {
+ try {
+ inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+ } catch (IOException ex) {
+ throw new AuthenticationException(
+ "auth.03",
+ new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+ ex);
+ }
+ }
+
+
+
+ String htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+ inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+ htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+
+ resp.setContentType("text/html;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(htmlForm.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST ProcessInput");
+ } else {
+ String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+ }
+ }
+ catch (MOAIDException ex) {
+ handleError(null, ex, req, resp);
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index 4dc69c70b..6e2a932d8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -54,11 +54,11 @@ public class SelectBKUServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET SelectBKU"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index 6098f5138..9f0cf6606 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -41,11 +41,11 @@ public class StartAuthenticationServlet extends AuthServlet { throws ServletException, IOException { Logger.debug("GET StartAuthentication"); - String authURL = - req.getScheme() + "://" + - req.getServerName() + ":" + - req.getServerPort() + - req.getContextPath() + "/"; + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); String target = req.getParameter(PARAM_TARGET); String oaURL = req.getParameter(PARAM_OA); String bkuURL = req.getParameter(PARAM_BKU); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 6ec4a247d..b81107ff2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -1,8 +1,9 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import at.gv.egovernment.moa.util.URLEncoder; //java.net.URLEncoder; +import java.util.Iterator; import java.util.Map; +import java.util.Vector; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; @@ -12,8 +13,13 @@ import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; +import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; /** * Servlet requested for verifying the signed authentication block @@ -80,17 +86,21 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - + String redirectURL = null; try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); - String redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { + redirectURL = session.getOAURLRequested(); + if (!session.getBusinessService()) { + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 2134c1444..b9d8f8c75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -1,22 +1,18 @@ package at.gv.egovernment.moa.id.auth.servlet; import java.io.IOException; -import java.io.OutputStream; -import java.util.Enumeration; import java.util.Map; -import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import org.apache.commons.fileupload.FileUploadException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -79,25 +75,10 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } String sessionID = req.getParameter(PARAM_SESSIONID); - try { AuthenticationSession session = AuthenticationServer.getSession(sessionID); - - String createXMLSignatureRequest = - AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); - resp.setStatus(307); - String dataURL = new DataURLBuilder().buildDataURL( - session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID); - resp.addHeader("Location", dataURL); - - //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) - resp.setContentType("text/xml;charset=UTF-8"); - - OutputStream out = resp.getOutputStream(); - out.write(createXMLSignatureRequest.getBytes("UTF-8")); - out.flush(); - out.close(); - Logger.debug("Finished POST VerifyIdentityLink"); + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } catch (MOAIDException ex) { handleError(null, ex, req, resp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index e6c9f4bee..e0fd67d64 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -66,7 +66,7 @@ public class CreateXMLSignatureResponseValidator { IdentityLink identityLink = session.getIdentityLink(); Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - String issuer = samlAssertion.getAttribute("Issuer"); + String issuer = samlAssertion.getAttribute("Issuer"); if (issuer == null) { // should not happen, because parser would dedect this throw new ValidateException("validator.32", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java index 95cd65608..74e61e076 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java @@ -1,5 +1,9 @@ package at.gv.egovernment.moa.id.auth.validator; +import java.util.Map; + +import org.w3c.dom.Element; + import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult; import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams; @@ -18,7 +22,7 @@ public interface InfoboxValidator { * application. * * @param params {@link at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams - * Parameters} needed by the validator. + * Parameters} needed by the validator. * * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} * @@ -28,4 +32,50 @@ public interface InfoboxValidator { public InfoboxValidationResult validate (InfoboxValidatorParams params) throws ValidateException; + /** + * This method is used to do intermediate processing before signing the auth block. + * If a infobox validator threw a form to gather user input, this method is used + * to validate this input. In no further input is needed the form must be empty to + * proceed, and also a valid <code>InfoboxValidationResult</code> is necessary. + * If more input is needed, the validator can build a new form and it is then shown + * to the citizen. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param parameters the parameters got returned by the input fields + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Map parameters) + throws ValidateException; + + /** + * This method is used to do post processing after signing the auth block. + * The method validates the content of the <code>infoboxReadResponse</code + * against the passed <code>samlAssertion</code> if needed. + * The implementation of <code>InfoboxValidator</code> must hold its necessary + * data and configuration internally, if this method is called - the class is + * reused at this call + * + * @param samlAssertion the SAML assertion needed by the validator + * + * @return InfoboxValidationResult structure (@link at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult} + * + * @throws ValidateException If an error occurs on validating the + * InfoboxReadResponse. + */ + public InfoboxValidationResult validate (Element samlAssertion) + throws ValidateException; + + /** + * form for user interaction for intermediate processing of infobox validation + * + * @return answer form of the servlet request. + */ + public String getForm(); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java new file mode 100644 index 000000000..58c28161f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.util.Map;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+
+/**
+ * Input processor for infobox validators.
+ */
+public interface ParepInputProcessor {
+
+ /**
+ * Initialize user input processing. This function must initialize the
+ * processor to remember its state. Fixed values for the current authentication
+ * session are set here.
+ *
+ * @param representationID The id of the provided standardized mandate
+ * @param parepConfiguration The configuration of the party representation validator
+ * @param rpFamilyName The family name of the representative
+ * @param rpGivenName
+ * @param rpDateOfBirth
+ * @param request CreateMandateRequest containing the representative and the mandator
+ */
+
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request);
+
+ /**
+ * Starting point of user input processing. This function must initialize the
+ * processor and remember its state.
+ *
+ * @param physical Is person a physical person selected
+ * @param familyName The family name of the mandator
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName The address of the physical person
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @return The initial user input form
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue);
+
+ /**
+ * Validation after the user submitted form
+ *
+ * @param parameters Returned input field values
+ * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data
+ * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error.
+ */
+ public String validate(Map parameters, String extErrortext);
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java new file mode 100644 index 000000000..aff5d8a7a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -0,0 +1,298 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.ByteArrayOutputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.text.ParseException;
+import java.text.SimpleDateFormat;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * Implements the standard party representation infobox validator input processor
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ParepInputProcessorImpl implements ParepInputProcessor{
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID;
+
+ /** contains the configuration of the owning validator */
+ private ParepConfiguration parepConfiguration;
+
+ /** Family name of the representative */
+ private String rpFamilyName;
+
+ /** Given name of the representative */
+ private String rpGivenName;
+
+ /** The representatives date of birth */
+ private String rpDateOfBirth;
+
+ /** The current CreateMandateRequest to the SZR-gateway */
+ private CreateMandateRequest request;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest)
+ */
+ public void initialize(
+ String representationID, ParepConfiguration parepConfiguration,
+ String rpFamilyName, String rpGivenName, String rpDateOfBirth,
+ CreateMandateRequest request)
+ {
+ // Initialization
+ this.representationID = representationID;
+ this.parepConfiguration = parepConfiguration;
+ this.rpFamilyName = rpFamilyName;
+ this.rpGivenName = rpGivenName;
+ this.rpDateOfBirth = rpDateOfBirth;
+ this.request = request;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+ */
+ public String start(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+ {
+ // Load the form
+ String form = loadForm(
+ physical, familyName, givenName, dateOfBirth,
+ streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue, "");
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ } catch (SZRGWClientException e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+ */
+ public String validate(Map parameters, String extErrortext)
+ {
+
+ // Process the gotten parameters
+ String form = null;
+ boolean formNecessary = false;
+ if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+ String locErrortext = "Folgende Parameter fehlen: ";
+
+ String familyName = (String) parameters.get("familyname");
+ if (null == familyName) familyName ="";
+ String givenName = (String) parameters.get("givenname");
+ if (null == givenName) givenName ="";
+ boolean physical = "true".equals(parameters.get("physical"));
+ String dobday = (String) parameters.get("dobday");
+ if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+ String dobmonth = (String) parameters.get("dobmonth");
+ if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+ String dobyear = (String) parameters.get("dobyear");
+ if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+ String dateOfBirth = "";
+ dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+ dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+ dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+ dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+ String cbFullName = (String) parameters.get("fullname");
+ if (null == cbFullName) cbFullName ="";
+ String cbIdentificationType = (String) parameters.get("cbidentificationtype");
+ if (null == cbIdentificationType) cbIdentificationType ="";
+ String cbIdentificationValue = (String) parameters.get("cbidentificationvalue");
+ if (null == cbIdentificationValue) cbIdentificationValue ="";
+ String postalCode = (String) parameters.get("postalcode");
+ if (null == postalCode) postalCode ="";
+ String municipality = (String) parameters.get("municipality");
+ if (null == municipality) municipality ="";
+ String streetName = (String) parameters.get("streetname");
+ if (null == streetName) streetName ="";
+ String buildingNumber = (String) parameters.get("buildingnumber");
+ if (null == buildingNumber) buildingNumber ="";
+ String unit = (String) parameters.get("unit");
+ if (null == unit) unit ="";
+
+ if (physical) {
+ if (ParepUtils.isEmpty(familyName)) {
+ formNecessary = true;
+ locErrortext = locErrortext + "Familienname";
+ }
+ if (ParepUtils.isEmpty(givenName)) {
+ formNecessary = true;
+ if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Vorname";
+ }
+ // Auf existierendes Datum pr�fen
+ SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+ format.setLenient(false); // Wir wollen keine k�nstliche Pareserintelligenz, nur Datum pr�fen
+ try {
+ format.parse(dateOfBirth);
+ }
+ catch(ParseException pe)
+ {
+ formNecessary = true;
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "korrektes Geburtsdatum";
+ }
+ } else {
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ if (ParepUtils.isEmpty(cbFullName)) {
+ locErrortext = locErrortext + "Name der Organisation";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationType)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Auswahl des Registers";
+ }
+ if (ParepUtils.isEmpty(cbIdentificationValue)) {
+ if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+ locErrortext = locErrortext + "Ordnungsnummer im ausgew�hlten Register";
+ }
+ }
+ }
+ try {
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ if (formNecessary) {
+ // Daten noch nicht vollst�ndig oder anderer Fehler
+ if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+ String error = "";
+ if (!ParepUtils.isEmpty(extErrortext)) {
+ error = extErrortext;
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+ }
+ if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+ if (!ParepUtils.isEmpty(error)) {
+ error = "<div class=\"errortext\"> <img alt=\" Angabe bitte erg�nzen oder richtig stellen! \" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
+ }
+ form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+ if (form == null) {
+ return null;
+ }
+ } else {
+ return ""; // everything is ok
+ }
+ } catch (Exception e) {
+ //e.printStackTrace();
+ Logger.info(e);
+ return null;
+ }
+ return form;
+ }
+
+ /**
+ * Loads the empty user input form and replaces tag occurences with given variables
+ *
+ * @param physical
+ * @param familyName
+ * @param givenName
+ * @param dateOfBirth
+ * @param streetName
+ * @param buildingNumber
+ * @param unit
+ * @param postalCode
+ * @param municipality
+ * @param cbFullName
+ * @param cbIdentificationType
+ * @param cbIdentificationValue
+ * @param errorText
+ * @return
+ */
+ private String loadForm(
+ boolean physical, String familyName, String givenName, String dateOfBirth,
+ String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+ String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+ {
+ String form = "";
+ try {
+ String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+ InputStream instream = null;
+ File file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ fileName = parepConfiguration.getFullDirectoryName(fileName);
+ file = new File(fileName);
+ if (file.exists()) {
+ //if this resolves to a file, load it
+ instream = new FileInputStream(fileName);
+ } else {
+ //else load a named resource in our classloader.
+ instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+ if (instream == null) {
+ Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+ return null;
+ }
+ }
+ }
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.dumpInputOutputStream(instream, bos);
+ form = bos.toString("UTF-8");
+ } catch(Exception e) {
+ Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+ }
+
+ if (!ParepUtils.isEmpty(form)) {
+ boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+ boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+ boolean reducedSelection = (!physEnabled || !cbEnabled);
+ if (reducedSelection) {
+ physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+ }
+ if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+ form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+ form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+ form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+ form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+ form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+ //darf zw. phys. und jur. Person gew�hlt werden:
+ //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+ form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+ form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+ form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+ form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+ form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+ form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+ form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+ form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+ form = ParepUtils.replaceAll(form, "<unit>", unit);
+ form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+ form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+ form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+ form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+ form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+ form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+ form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+ form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+ form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+ }
+ return form;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java new file mode 100644 index 000000000..aed635502 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -0,0 +1,708 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.StringUtils;
+
+/**
+ * This class implements a set of utility methods.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepUtils {
+
+ /**
+ * Determines whether a string is null or empty
+ *
+ * @param str the string to check.
+ * @return <code>true</code> if the string is null or empty,
+ * <code>false</code> otherwise.
+ */
+ public static boolean isEmpty(String str) {
+ return str == null || "".equals(str);
+ }
+
+ /**
+ * Reads a XML document from an input stream (namespace-aware).
+ *
+ * @param is
+ * the input stream to read from.
+ * @return the read XML document.
+ * @throws SZRGWClientException
+ * if an error occurs reading the document from the input stream.
+ */
+ public static Document readDocFromIs(InputStream is) throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory f = DocumentBuilderFactory.newInstance();
+ f.setNamespaceAware(true);
+ return f.newDocumentBuilder().parse(is);
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /*
+ *
+ */
+ public static String extractRepresentativeID(Element mandate) throws ValidateException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+ if (resultNode != null) {
+ return resultNode.getTextContent();
+ }
+ return null;
+ } catch (Exception e) {
+ throw new ValidateException("validator.62", null);
+ }
+ }
+
+ // TODO: remove unreferenced
+
+ /**
+ * Dumps all bytes from an input stream to the given output stream.
+ *
+ * @param is
+ * the input stream to dump from.
+ * @param os
+ * the output stream to dump to.
+ * @throws IOException
+ * if an error occurs while dumping.
+ */
+ public static void dumpInputOutputStream(InputStream is, OutputStream os) throws IOException {
+ if (is == null) {
+ return;
+ }
+ int ch;
+ while ((ch = is.read()) != -1) {
+ os.write(ch);
+ }
+ }
+
+ /**
+ * Gets a string that represents the date a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing date from.
+ * @return the issuing date of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing date of the
+ * mandate.
+ */
+ public static String getMandateIssuedDate(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node dateNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Date/text()", nameSpaceNode);
+
+ if (dateNode == null) {
+ throw new Exception("Date in Mandate-Issued not found.");
+ }
+ return dateNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Gets a string that represents the place a mandate was issued.
+ *
+ * @param mandate
+ * the mandate to extract the issuing place from.
+ * @return the issuing place of the given mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the issuing place of the
+ * mandate.
+ */
+ public static String getMandateIssuedPlace(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node placeNode = XPathAPI.selectSingleNode(mandate, "//md:Issued/md:Place/text()", nameSpaceNode);
+
+ if (placeNode == null) {
+ throw new Exception("Place in Mandate-Issued not found.");
+ }
+ return placeNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the textual description of the mandate.
+ *
+ * @param mandate
+ * the mandate to extract the textual description from.
+ * @return the textual description of the mandate.
+ * @throws SZRGWClientException
+ * if an exception occurs extracting the textual description.
+ */
+ public static String getMandateContent(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+
+ Node contentNode = XPathAPI.selectSingleNode(mandate, "//md:SimpleMandateContent/md:TextualDescription/text()", nameSpaceNode);
+
+ if (contentNode == null) {
+ throw new Exception("Content in Mandate not found.");
+ }
+ return contentNode.getNodeValue();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Extracts the md:Mandator element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the md:Mandator from.
+ * @return the md:Mandator element.
+ * @throws SZRGWClientException
+ * if an error occurs extracting the md:Mandator element.
+ */
+ public static Element extractMandator(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR, nameSpaceNode);
+ if (mandator == null) {
+ // if we got the Mandator itself
+ if (mandate.getLocalName().equals(SZRGWConstants.MANDATOR)) return mandate;
+ }
+ if (mandator == null)
+ return null;
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Tells wether a mandator is a physical person or not.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return <code>true<code> if the mandator is a physical person, <code>false</code> otherwise.
+ */
+ public static boolean isPhysicalPerson(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ // check if physical person
+ Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+ // Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
+ // "descendant-or-self::pr:CorporateBody", nameSpaceNode);
+ return physicalPerson != null;
+ } catch (Exception e) {
+ e.printStackTrace();
+ return false;
+ }
+ }
+
+ /**
+ * Extracts the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element from a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPersonOfMandate(Element mandate) throws ParseException {
+ try {
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:PhysicalPerson", nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/pr:CorporateBody", nameSpaceNode);
+ }
+ if (person == null) return null;
+ String nsPrefix = person.getPrefix();
+ String nsUri = person.getNamespaceURI();
+ Element personClone = (Element) person.cloneNode(true);
+ personClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+ return personClone;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Benerates the </code>pr:Person</code> element form a
+ * <code>pr:PhysicalPerson</code> or <code>pr:CorporateBody</code>
+ * element of a XML mandate element.
+ *
+ * @param mandate
+ * the md:Mandate element to extract the person from.
+ * @return the <code>pr:Person</code> element.
+ * @throws ParseException
+ * if an error occurs extracting the element.
+ */
+ public static Element extractPrPersonOfMandate(Element mandate) throws ParseException {
+
+ try {
+ Document document = ParepUtils.createEmptyDocument();
+ Element root = document.createElement(SZRGWConstants.PD_PREFIX + SZRGWConstants.PERSON);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ root.setAttribute("xmlns:" + Constants.XSI_PREFIX, Constants.XSI_NS_URI);
+
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ Element person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON, nameSpaceNode);
+ if (person == null) {
+ person = (Element) XPathAPI.selectSingleNode(mandate, "//"
+ + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATOR + "/" + SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY, nameSpaceNode);
+ }
+ if (person != null) {
+ root.setAttribute(Constants.XSI_PREFIX + ":type", SZRGWConstants.PD_PREFIX + person.getLocalName());
+ if (person != null) {
+ NodeList nl = person.getChildNodes();
+ for (int i = 0; i < nl.getLength(); i++) {
+ Node testNode = nl.item(i);
+ if (Node.ELEMENT_NODE == testNode.getNodeType()) {
+ root.appendChild(document.importNode(testNode, true));
+ }
+ }
+ }
+ }
+
+ return root;
+ } catch (Exception e) {
+ //e.printStackTrace();
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /**
+ * Extracts the name of the mandator as a string representation.
+ *
+ * @param mandator
+ * the XML md:Mandator element to extract from.
+ * @return the mandator name as a string.
+ */
+ public static String extractMandatorName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ // first check if physical person
+ Element name = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
+ if (name != null) {
+ String givenName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()", nameSpaceNode).getNodeValue();
+ String familyName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()", nameSpaceNode).getNodeValue();
+
+ return givenName + " " + familyName;
+ }
+
+ // check if corporate body
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:FullName/text()", nameSpaceNode);
+ if (fullName != null) {
+ return fullName.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ //e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts specific text of an element of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the resulting text of the mandator element.
+ */
+ public static String extractText(Element mandator, String xpath) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node textNode = XPathAPI.selectSingleNode(mandator, xpath, nameSpaceNode);
+ if (textNode == null)
+ return null;
+ return textNode.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the date of birth of the mandator of a given md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the dob of the mandator.
+ */
+ public static String extractMandatorDateOfBirth(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node dobName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:DateOfBirth/text()", nameSpaceNode);
+ if (dobName == null)
+ return null;
+ return dobName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the full name of the mandators corporate body of a given
+ * md:Mandator element.
+ *
+ * @param mandator
+ * the XML md:Mandator to extract from.
+ * @return the full name of the mandator.
+ */
+ public static String extractMandatorFullName(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node fullName = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:CorporateBody/pr:FullName/text()", nameSpaceNode);
+ if (fullName == null)
+ return null;
+ return fullName.getNodeValue();
+ } catch (Exception e) {
+ e.printStackTrace();
+ return null;
+ }
+ }
+
+ /**
+ * Extracts the identification value of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification value.
+ */
+ public static String extractMandatorWbpk(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idValue = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValue != null) {
+ return idValue.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /**
+ * Extracts the identification type of the mandator of a given mandate.
+ *
+ * @param mandator
+ * the XML md:Mandator element.
+ * @return the identification type.
+ */
+ public static String extractMandatorIdentificationType(Element mandator) {
+ try {
+ Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ Node idType = XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idType != null) {
+ return idType.getNodeValue();
+ }
+ return "";
+ } catch (Exception e) {
+ e.printStackTrace();
+ return "";
+ }
+ }
+
+ /*
+ *
+ */
+ public static String getIdentification(Element personElement, String element) throws ParseException {
+ try {
+
+ Element nameSpaceNode = personElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+
+ return XPathAPI.selectSingleNode(personElement, "descendant-or-self::pr:Identification/pr:" + element + "/text()", nameSpaceNode)
+ .getNodeValue();
+ } catch (Exception e) {
+ throw new ParseException(e.toString(), null);
+ }
+ }
+
+ /*
+ *
+ */
+ private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
+ try {
+ Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+ Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
+ String nsPrefix = mandator.getPrefix();
+ String nsUri = mandator.getNamespaceURI();
+
+ Element mandatorClone = (Element) mandator.cloneNode(true);
+ mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+
+ return mandatorClone;
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /**
+ * Serializes a XML element to a given output stream.
+ *
+ * @param element
+ * the XML element to serialize.
+ * @param out
+ * the output streamt o serialize to.
+ * @throws IOException
+ * if an I/O error occurs during serialization.
+ */
+ public static void serializeElement(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementAsDocument(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(false);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out, "UTF-8"), format);
+ serializer.serialize(element);
+ }
+
+ public static void serializeElementWithoutEncoding(Element element, OutputStream out) throws IOException {
+ OutputFormat format = new OutputFormat();
+ format.setOmitXMLDeclaration(true);
+ format.setEncoding("UTF-8");
+ format.setPreserveSpace(true);
+ XMLSerializer serializer = new XMLSerializer(new OutputStreamWriter(out), format);
+ serializer.serialize(element);
+ }
+
+ public static void saveStringToFile(String str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str.getBytes());
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveBytesToFile(byte[] str, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ fos.write(str);
+ fos.flush();
+ fos.close();
+ }
+
+ public static void saveElementToFile(Element elem, File file) throws IOException {
+ FileOutputStream fos = new FileOutputStream(file);
+ serializeElementWithoutEncoding(elem, fos);
+ fos.flush();
+ fos.close();
+ }
+
+ /**
+ * Creates an empty XML document.
+ *
+ * @return a newly created empty XML document.
+ * @throws SZRGWClientException
+ * if an error occurs creating the empty document.
+ */
+ public static Document createEmptyDocument() throws SZRGWClientException {
+ try {
+ DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ return factory.newDocumentBuilder().newDocument();
+ } catch (Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+
+
+ /**
+ * Tells if the Validator of an Infobox is enabled. If the corresponding application
+ * specific configuration element <code>EnableInfoboxValidator</code> is missing, a default value <code>true</code> is assumed
+ *
+ * @param applicationSpecificParams
+ * the XML element of the infobox configuration.
+ * @return the boolean value of the determination.
+ * @throws ConfigurationException
+ * if an error occurs reading the configuration.
+ */
+ public static boolean isValidatorEnabled(Element applicationSpecificParams) throws ConfigurationException {
+ try {
+ Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+
+ //ParepUtils.serializeElement(applicationSpecificParams, System.out);
+ Node validatorEnabledNode = XPathAPI.selectSingleNode(applicationSpecificParams, Constants.MOA_ID_CONFIG_PREFIX
+ + ":EnableInfoboxValidator/text()", nameSpaceNode);
+ if (validatorEnabledNode != null) {
+ return BoolUtils.valueOf(validatorEnabledNode.getNodeValue());
+ }
+ return true;
+ } catch (Exception e) {
+ // e.printStackTrace();
+ throw new ConfigurationException("config.02", null);
+ }
+ }
+
+ /**
+ * Delivers a String with the description of the register which is described
+ * through the identification Type of a corporate body of the persondata schema
+ *
+ * @param identificationType
+ * the identification type.
+ * @return the register description.
+ */
+ public static String getRegisterString(String identificationType) {
+ String corporateBase = Constants.URN_PREFIX_BASEID + "+";
+ if (ParepUtils.isEmpty(identificationType) || !identificationType.startsWith(corporateBase)) return null;
+ String register = identificationType.substring(corporateBase.length());
+ if (ParepUtils.isEmpty(register)) return null;
+ if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
+ if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Erg�nzungsregister f�r sonstige Betroffene";
+ return null;
+ }
+
+ /**
+ * Hides Stammzahlen in the given element
+ *
+ * @param hideElement The element where Stammzahlen should be replaced.
+ * @param businessApplication For decision whether to calc a bPK or wbPK.
+ * @param target Target for calculating a bPK.
+ * @param registerID Necessary string for calculating a wbPK (example <code>FN+4096i</code>).
+ * @param blank Switch for behaviour.
+ * <code>true</code> if Stammzahlen are blinded. All occurences will be replaced by empty strings.
+ * <code>false</code> calculates (w)bPKs and changes also the <code>pr:Identifivation/pr:Type</code> elements.
+ * @return The element where Stammzahlen are hidden.
+ */
+ public static Element HideStammZahlen(Element hideElement, boolean businessApplication, String target, String registerID, boolean blank)
+ throws BuildException {
+ try {
+ if (hideElement != null) {
+ Element nameSpaceNode = hideElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ NodeList identifications = XPathAPI.selectNodeList(hideElement, "descendant-or-self::pr:Identification", nameSpaceNode);
+ for (int i = 0; i < identifications.getLength(); i++) {
+ Element identificationElement = (Element) identifications.item(i);
+ Node idTypeNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Type/text()", nameSpaceNode);
+ if (idTypeNode != null && Constants.URN_PREFIX_BASEID.equals(idTypeNode.getNodeValue())) {
+ Node idValueNode = XPathAPI.selectSingleNode(identificationElement, "descendant-or-self::pr:Identification/pr:Value/text()", nameSpaceNode);
+ if (idValueNode == null || ParepUtils.isEmpty(idValueNode.getNodeValue())) {
+ Logger.error("HideStammZahlen: Problem beim Parsen des erhaltenen Elements - Value Element(-Inhalt) von pr:Identification nicht vorhanden.");
+ throw new BuildException("builder.02", null);
+ }
+ if (blank) {
+ idValueNode.setNodeValue("");
+ } else {
+ String idValue = idValueNode.getNodeValue();
+ if (businessApplication) {
+ // wbPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_WBPK + "+" + registerID);
+ String bpkBase64 = new BPKBuilder().buildWBPK(idValueNode.getNodeValue(), registerID);
+ idValueNode.setNodeValue(bpkBase64);
+
+ } else {
+ // bPK berechnen
+ idTypeNode.setNodeValue(Constants.URN_PREFIX_BPK);
+ String bpkBase64 = new BPKBuilder().buildBPK(idValueNode.getNodeValue(), target);
+ idValueNode.setNodeValue(bpkBase64);
+ }
+ }
+ }
+ }
+ }
+ } catch (Exception e) {
+ throw new BuildException("builder.02", null);
+ }
+ return hideElement;
+ }
+
+ /**
+ * Replaces each substring of string <code>s</code> that matches the given
+ * <code>search</code> string by the given <code>replace</code> string.
+ *
+ * @param s The string where the replacement should take place.
+ * @param search The pattern that should be replaced.
+ * @param replace The string that should replace all each <code>search</code>
+ * string within <code>s</code>.
+ * @return A string where all occurrence of <code>search</code> are
+ * replaced with <code>replace</code>.
+ */
+ public static String replaceAll (String s, String search, String replace) {
+ if (replace==null) replace = "";
+ return StringUtils.replaceAll(s, search, replace);
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// Document mandate = readDocFromIs(new FileInputStream("c:/Doku/work/Organwalter/schemas/Vertretung_OW_Max_Mustermann.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/mandator.xml"));
+// Document mandate = readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1.xml"));
+// Element mandatorElement = extractMandator(mandate.getDocumentElement());
+// System.out.println(extractMandatorName(mandatorElement));
+// System.out.println(extractMandatorDateOfBirth(mandatorElement));
+// System.out.println(extractMandatorWbpk(mandatorElement));
+// //serializeElement(mandatorElement, System.out);
+// serializeElement((extractPrPersonOfMandate(mandate.getDocumentElement())), System.out);
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java new file mode 100644 index 000000000..acd193a68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -0,0 +1,576 @@ +package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import java.io.File;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Vector;
+
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl;
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a MOA-ID Infobox Validator for validating
+ * a standardized XML mandate using the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
+ */
+public class ParepValidator implements InfoboxValidator {
+
+ /** activates debug settings */
+ private boolean PAREP_DEBUG = false;
+
+ /** contains the parameters the validator initially was called with */
+ private InfoboxValidatorParams params = null;
+
+ /** contains the configuration of the validator */
+ private ParepConfiguration parepConfiguration = null;
+
+ /** the requested representation ID (currently * or OID) */
+ private String representationID = null;
+
+ /** holds the information of the SZR-request */
+ private CreateMandateRequest request = null;
+
+ /** List of extended SAML attributes. */
+ private Vector extendedSamlAttributes = new Vector();
+
+ /** the class which processes the user input */
+ private ParepInputProcessor inputProcessor = null;
+
+ /** The form if user input is necessary */
+ private String form = null;
+
+ /** unspecified error of parep-validator (must not know more about)*/
+ private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufliche Parteienvetretung aufgetreten";
+
+ /** Default class to gather remaining mandator data. */
+ public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+
+ /** Default template to gather remaining mandator data. */
+ public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+
+ /** kind of representation text in AUTH block*/
+ public final static String STANDARD_REPRESENTATION_TEXT = "beruflicher Parteienvertreter";
+
+ /** Names of the produced SAML-attributes. */
+ public final static String EXT_SAML_MANDATE_RAW = "Vollmacht";
+ public final static String EXT_SAML_MANDATE_NAME = "MachtgeberName";
+ public final static String EXT_SAML_MANDATE_DOB = "MachtgeberGeburtsdatum";
+ public final static String EXT_SAML_MANDATE_WBPK = "MachtgeberWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "VertretungsArt";
+
+ /** register and register number for non physical persons - the domain identifier for business applications*/
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MachtgeberRegisternummer";
+
+ /**
+ * Parses the XML configuration element and creates the validators configuration
+ * Use this function if you want to preconfigure the validator.
+ *
+ * @param configElem
+ * the XML configuration element to parse.
+ * @throws ConfigurationException
+ * if an error occurs during the configuration process
+ */
+ public void Configure(Element configElem) throws ConfigurationException {
+ if (this.parepConfiguration == null) {
+ Logger.debug("Lade Konfiguration.");
+ parepConfiguration = new ParepConfiguration(configElem);
+ Logger.debug("Konfiguration erfolgreich geladen.");
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+ */
+ public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+
+ try {
+ Logger.debug("Starte Organwalter-/berufliche Parteienvertreterpr�fung.");
+ this.params = params;
+
+ Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+ // ParepUtils.serializeElement(mandate, System.out);
+ this.representationID = ParepUtils.extractRepresentativeID(mandate);
+ if (ParepUtils.isEmpty(representationID)) {
+ validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+ return validationResult;
+ }
+
+ // �berpr�fen der Identifikation (Type/Value).
+ String identificationType = this.params.getIdentificationType();
+ String identificationValue = this.params.getIdentificationValue();
+ if (this.params.getBusinessApplication()) {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+ return validationResult;
+
+ } else {
+ Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+ }
+ } else {
+ if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+ //F�r Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK ben�tigt
+ if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ Logger.error("F�r eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ } else {
+ Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+ }
+ } else {
+ if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+ // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+ identificationType = Constants.URN_PREFIX_CDID;
+ String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+ identificationValue = bpkBase64;
+ Logger.debug("bPK f�r Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+ } else {
+ Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+ }
+ }
+ }
+
+ Configure(this.params.getApplicationSpecificParams());
+ // check if we have a configured party representative for that
+ if (!parepConfiguration.isPartyRepresentative(representationID)) {
+ Logger.info("Kein beruflicher Parteienvertreter f�r MandateID \"" + representationID + "\" konfiguriert.");
+ validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+ return validationResult;
+ }
+
+ // Vertreter
+ this.request = new CreateMandateRequest();
+ request.setRepresentative(this.params, identificationType, identificationValue);
+ // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+ //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+
+ Logger.debug("Pr�fe vorausgef�llte Daten...");
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ boolean formNecessary = false;
+ // Vertretener (erstes Vorkommen)
+ Element mandator = ParepUtils.extractMandator(mandate);
+ if (mandator != null) {
+ // ParepUtils.serializeElement(mandator, System.out);
+ // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+
+ }
+ if (physical) {
+ if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von nat�rlichen Personen f�r diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+ formNecessary = true;
+ }
+ } else {
+ if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+ validationResult.setErrorMessage("Vertretung von juristischen Personen f�r diese standardisierte Vollmacht nicht erlaubt.");
+ return validationResult;
+ }
+ if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+ formNecessary = true;
+ }
+ }
+
+ //Zeigen wir, dass die Daten �bernommen wurden:
+ if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+
+ // Input processor
+ this.form = "";
+ if (formNecessary) {
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.start(
+ physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+ cbFullName, cbIdentificationType, cbIdentificationValue);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ } else {
+ // Request vorbereiten mit vorgegebenen Daten
+ request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+ cbIdentificationType, cbIdentificationValue);
+ }
+
+
+ // ParepUtils.serializeElement(request.getMandator(), System.out);
+ // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
+ validationResult.setValid(true);
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+ */
+ public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterpr�fung");
+ Logger.debug("Pr�fe im Formular ausgef�llte Daten...");
+ if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+
+ // Input processor
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ this.form = inputProcessor.validate(parameters, null);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ extendedSamlAttributes.clear();
+ addAuthBlockExtendedSamlAttributes();
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Intermediate processing von Organwalter-/beruflicher Parteienvertreterpr�fung erfolgreich beendet");
+ return validationResult;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+ */
+ public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+
+ InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+ Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterpr�fung");
+ this.form = "";
+ try {
+
+ // TODO: Frage ob OID im Zertifikat zu pr�fen ist (macht derzeit das SZR-gateway). Dies w�rde aber zu eine Performanceeinbu�e f�hren.
+
+ request.setSignature(samlAssertion);
+
+//DPO debug
+// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+// String id = representationID;
+// CreateMandateResponse response;
+// if (true) {
+// if (this.params.getHideStammzahl()) {
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
+// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// }
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+
+ //ParepUtils.serializeElement(request.toElement(), System.out);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+
+ // configure szrgw client
+ Logger.debug("Lade SZR-GW Client.");
+ SZRGWClient client = new SZRGWClient();
+ // System.out.println("Parameters: " + cfg.getConnectionParameters());
+ Logger.debug("Initialisiere Verbindung...");
+ ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+ // Logger.debug("Connection Parameters: " + connectionParameters);
+ Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+ client.setAddress(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+ Logger.debug("Initialisiere SSL Verbindung");
+ client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ }
+
+ Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
+ CreateMandateResponse response;
+ Element requ = request.toElement();
+ try {
+ response = client.createMandateResponse(requ);
+ } catch (SZRGWClientException e) {
+ // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+ Logger.debug("2. Versuch - Kommunikation mit dem Stammzahlenregister Gateway...");
+ client = new SZRGWClient(connectionParameters.getUrl());
+ if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+ response = client.createMandateResponse(requ);
+ }
+ if (response.getResultCode()==2000) {
+ if(response.getMandate()==null) {
+ Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+
+
+ //DPO debug output (2lines)
+ String id = representationID;
+ if (id.equals("*")) id="standardisiert";
+
+ Element mandate = response.getMandate();
+ // Replace Stammzahlen
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+ if (this.params.getHideStammzahl()) {
+ ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+ if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
+ }
+
+ extendedSamlAttributes.clear();
+ // Vollmacht
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+ validationResult.setValid(true);
+ Logger.debug("Post processing von Organwalter-/beruflicher Parteienvertreterpr�fung erfolgreich beendet");
+ } else {
+ String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+ String responseInfo = response.getInfo();
+ if (response.getResultCode()>4000 && response.getResultCode()<4999) {
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ validationResult.setErrorMessage(errorMsg);
+ } else if (response.getResultCode()>=3000 && response.getResultCode()<=3000) {
+ // Person not found
+ ParepInputProcessor inputProcessor= getInputProcessor();
+ if (response.getResultCode()==3000) { //TODO: verify code
+ errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Bitte erg�nzen/�ndern Sie ihre Angaben.";
+ } else {
+ if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+ }
+
+ this.form = inputProcessor.validate(generateParameters(), errorMsg);
+ if (this.form == null) {
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ validationResult.setValid(true);
+ } else {
+ // Do not inform the user too much
+ Logger.error(errorMsg);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ }
+
+ }
+ return validationResult;
+ } catch (Exception e) {
+ e.printStackTrace();
+ Logger.info(e);
+ validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+ return validationResult;
+ }
+ }
+
+ /**
+ * provides the primary infobox token of the given list.
+ *
+ * @param infoBoxTokens
+ * the list of infobox tokens.
+ * @return
+ * the XML element of the primary token.
+ * @throws ValidateException
+ * if an error occurs or list is not suitable.
+ */
+ public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+ if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+ throw new ValidateException("validator.62", null);
+ }
+ for (int i = 0; i < infoBoxTokens.size(); i++) {
+ InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+ if (token.isPrimary()) {
+ return token.getXMLToken();
+ }
+ }
+ throw new ValidateException("validator.62", null);
+ }
+
+ /*
+ * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+ */
+ public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+ ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+ extendedSamlAttributes.copyInto(ret);
+ Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+ return ret;
+ }
+
+
+ /**
+ * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+ */
+ public String getForm() {
+ return this.form;
+ }
+
+ /**
+ * Gets the user form input processor (class) assigned to the current party representative
+ * If the method is called for the first time it initializes the input processor.
+ *
+ * @return The user form input processor
+ */
+ private ParepInputProcessor getInputProcessor() {
+
+ if (this.inputProcessor!=null) return inputProcessor;
+ String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+ ParepInputProcessor inputProcessor = null;
+ try {
+ Class inputProcessorClass = Class.forName(inputProcessorName);
+ inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+ inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+ } catch (Exception e) {
+ Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+ }
+ this.inputProcessor = inputProcessor;
+ return inputProcessor;
+ }
+
+ /**
+ * Generates the parameter list, which is needed to simulate a return from
+ * an user form.
+ *
+ * @return the form parameters
+ */
+ private Map generateParameters() {
+ Map parameters = new HashMap();
+ boolean physical = true;
+ String familyName = "";
+ String givenName = "";
+ String dateOfBirth = "";
+ String cbFullName = "";
+ String cbIdentificationType = "";
+ String cbIdentificationValue = "";
+ String postalCode = "";
+ String municipality = "";
+ String streetName = "";
+ String buildingNumber = "";
+ String unit = "";
+
+ try {
+ // Vertretener (erstes Vorkommen)
+ Element mandator = request.getMandator();
+ ParepUtils.saveElementToFile(mandator, new File("c:/mandator_test.xml"));
+ if (mandator != null) {
+ if (ParepUtils.isPhysicalPerson(mandator)) {
+ familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+ givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+ dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+ } else {
+ physical = false;
+ cbFullName = ParepUtils.extractMandatorFullName(mandator);
+ cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+ cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+ }
+ postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+ municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+ streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+ buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+ unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+ }
+ } catch (Exception e) {
+ Logger.error("Could not extract Mandator form SZR-gateway request");
+ }
+ parameters.put("familyname", familyName);
+ parameters.put("givenname", givenName);
+ parameters.put("dateofbirth", dateOfBirth);
+ parameters.put("dobyear", dateOfBirth.substring(0,4));
+ parameters.put("dobmonth", dateOfBirth.substring(5,7));
+ parameters.put("dobday", dateOfBirth.substring(8,10));
+ parameters.put("physical", physical ? "true" : "false");
+ parameters.put("fullname", cbFullName);
+ parameters.put("cbidentificationtype", cbIdentificationType);
+ parameters.put("cbidentificationvalue", cbIdentificationValue);
+ parameters.put("postalcode", postalCode);
+ parameters.put("municipality", municipality);
+ parameters.put("streetname", streetName);
+ parameters.put("buildingnumber", buildingNumber);
+ parameters.put("unit", unit);
+ return parameters;
+ }
+
+ /**
+ * Adds the AUTH block related SAML attributes to the validation result.
+ * This is needed always before the AUTH block is to be signed, because the
+ * name of the mandator has to be set
+ */
+ private void addAuthBlockExtendedSamlAttributes() {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ Element mandator = request.getMandator();
+ extendedSamlAttributes.clear();
+ // Name
+ String name = ParepUtils.extractMandatorName(mandator);
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ // Geburtsdatum
+ String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+ if (dob != null && !"".equals(dob)) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ // (w)bpk
+ String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+ if (!ParepUtils.isEmpty(wbpk)) {
+ if (!ParepUtils.isPhysicalPerson(mandator)){
+ String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+ if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ } else if (this.params.getBusinessApplication()) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ }
+ }
+
+// public static void main(String[] args) throws Exception {
+// }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java new file mode 100644 index 000000000..d6b71ad83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java @@ -0,0 +1,159 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.auth.validator.parep;
+
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class PartyRepresentative {
+
+ /** Object Identifier **/
+ private String oid;
+
+ private boolean representPhysicalParty;
+
+ private boolean representCorporateParty;
+
+ /**
+ * Text for representation description in SAML Assertion (Auth-Block)
+ * */
+ private String representationText;
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter connectionParameters = null;
+
+ private String inputProcessorClass = null;
+ private String inputProcessorTemplate = null;
+
+ /**
+ * Constructor
+ */
+public PartyRepresentative() {
+ this.oid = null;
+ this.representPhysicalParty = false;
+ this.representCorporateParty = false;
+ this.connectionParameters = null;
+ this.representationText = null;
+}
+
+/**
+ * Constructor
+ */
+ public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) {
+ this.oid = null;
+ this.representPhysicalParty = representPhysicalParty;
+ this.representCorporateParty = representCorporateParty;
+ this.connectionParameters = null;
+ this.representationText = null;
+ this.inputProcessorClass = null;
+ this.inputProcessorTemplate = null;
+ }
+
+ /**
+ * @return the oid
+ */
+ public String getOid() {
+ return oid;
+ }
+
+ /**
+ * @param oid the oid to set
+ */
+ public void setOid(String oid) {
+ this.oid = oid;
+ }
+
+ /**
+ * @return the representPhysicalParty
+ */
+ public boolean isRepresentingPhysicalParty() {
+ return representPhysicalParty;
+ }
+
+ /**
+ * @param representPhysicalParty the representPhysicalParty to set
+ */
+ public void setRepresentingPhysicalParty(boolean representPhysicalParty) {
+ this.representPhysicalParty = representPhysicalParty;
+ }
+
+ /**
+ * @return the representCorporateParty
+ */
+ public boolean isRepresentingCorporateParty() {
+ return representCorporateParty;
+ }
+
+ /**
+ * @param representCorporateParty the representCorporateParty to set
+ */
+ public void setRepresentingCorporateParty(boolean representCorporateParty) {
+ this.representCorporateParty = representCorporateParty;
+ }
+
+ /**
+ * @return the connectionParameters
+ */
+ public ConnectionParameter getConnectionParameters() {
+ return connectionParameters;
+ }
+
+ /**
+ * @param connectionParameters the connectionParameters to set
+ */
+ public void setConnectionParameters(ConnectionParameter connectionParameters) {
+ this.connectionParameters = connectionParameters;
+ }
+
+
+ /**
+ * @return the representationText
+ */
+ public String getRepresentationText() {
+ return representationText;
+ }
+
+
+ /**
+ * @param representationText the representationText to set
+ */
+ public void setRepresentationText(String representationText) {
+ this.representationText = representationText;
+ }
+
+ /**
+ * @return the inputProcessorClass
+ */
+ public String getInputProcessorClass() {
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param inputProcessorClass the inputProcessorClass to set
+ */
+ public void setInputProcessorClass(String inputProcessorClass) {
+ this.inputProcessorClass = inputProcessorClass;
+ }
+
+ /**
+ * @return the inputProcessorTemplate
+ */
+ public String getInputProcessorTemplate() {
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param inputProcessorTemplate the inputProcessorTemplate to set
+ */
+ public void setInputProcessorTemplate(String inputProcessorTemplate) {
+ this.inputProcessorTemplate = inputProcessorTemplate;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java new file mode 100644 index 000000000..fe8e263ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java @@ -0,0 +1,235 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements a detailed CreateMandateRequest that
+ * will be sent to SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateRequest {
+
+ /**
+ * The Request.
+ */
+ private Document document;
+
+ /**
+ * List of mandate representatives as XML element.
+ */
+ private List representatives;
+
+ /**
+ * The mandator.
+ */
+ private Element mandator;
+
+ /**
+ * The representative.
+ */
+ private Element representative;
+
+ /**
+ * The signature to verify by the SZR-gateway
+ */
+ private Element signature;
+
+
+
+ /**
+ * Creates the CreateMandateRequest element that will
+ * be sent to SZR-gateway
+ *
+ * @return the CreateMandateRequest element.
+ */
+ public Element toElement() throws SZRGWClientException{
+
+ this.document = ParepUtils.createEmptyDocument();
+ Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST);
+ root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+ if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true));
+ if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true));
+ if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true));
+
+ return root;
+ }
+
+ /**
+ * Adds a representative.
+ *
+ * @param representative an XML representative to add.
+ */
+ public void addRepresentative(Element representative) {
+ if (representatives == null) {
+ representatives = new ArrayList();
+ }
+ representatives.add(representative);
+ }
+
+ /**
+ * Gets the representative.
+ *
+ * @return the representative.
+ */
+ public Element getRepresentative() {
+ return representative;
+ }
+
+ /**
+ * Gets the mandator.
+ *
+ * @return the mandator.
+ */
+ public Element getMandator() {
+ return mandator;
+ }
+
+ /**
+ * Sets the mandator.
+ *
+ * @param mandator the mandator.
+ */
+ public void setMandator(Element mandator) {
+ this.mandator = mandator;
+ }
+
+ /**
+ * Sets the Mandator.
+ *
+ * @param familyName the family name of the mandator.
+ */
+ public void setMandator(String familyName, String givenName, String dateOfBirth,
+ String postalCode, String municipality, String streetName, String buildingNumber, String unit,
+ boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException {
+
+ Document mandatorDocument = ParepUtils.createEmptyDocument();
+
+ Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR);
+// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ if (physical) {
+ Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON);
+ physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName));
+ physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth));
+ mandatorElem.appendChild(physicalPersonElem);
+ Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit);
+ if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement);
+ } else {
+ Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY);
+ corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue));
+ corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName));
+ mandatorElem.appendChild(corporateBodyElem);
+ }
+
+
+ this.mandator = mandatorElem;
+ }
+
+ private Element createPersonDataElem(Document document, String elementName, String elementValue) {
+ Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName);
+ Node value = document.createTextNode(elementValue);
+ elem.appendChild(value);
+ return elem;
+ }
+
+ private Element createIdentificationElem(Document document, String identificationType, String identificationValue) {
+ Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION);
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue));
+ identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType));
+ return identificationElem;
+ }
+ private Element createNameElem(Document document, String givenName, String familyName) {
+ Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME);
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName));
+ nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName));
+ return nameElem;
+ }
+ private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) {
+
+ if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName)
+ && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null;
+ Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS);
+
+ if (!ParepUtils.isEmpty(postalCode)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode));
+ }
+ if (!ParepUtils.isEmpty(municipality)) {
+ postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality));
+ }
+ if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) {
+ Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS);
+
+ if (!ParepUtils.isEmpty(streetName)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName));
+ }
+ if (!ParepUtils.isEmpty(buildingNumber)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber));
+ }
+ if (!ParepUtils.isEmpty(unit)) {
+ deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit));
+ }
+ postalAddressElem.appendChild(deliveryAddressElem);
+ }
+ return postalAddressElem;
+ }
+
+
+
+ /**
+ * Sets the Representative.
+ *
+ * @param params InfoboxValidatorParams contain the data of the representative.
+ * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid).
+ * @param identificationValue the identification value (bPK).
+ */
+ public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException {
+
+ Document representativeDocument = ParepUtils.createEmptyDocument();
+
+ Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
+// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+
+ representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
+ representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
+ representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
+
+ this.representative = representativeElem;
+ }
+
+ /**
+ * @return the signature
+ */
+ public Element getSignature() {
+ return signature;
+ }
+
+ /**
+ * @param signature the signature to set
+ */
+ public void setSignature(Element signature) throws SZRGWClientException{
+ Document signatureDocument = ParepUtils.createEmptyDocument();
+ Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature");
+ //SZR-gateway takes the first Signature
+ //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature");
+ signatureElem.appendChild(signatureDocument.importNode(signature, true));
+ this.signature = signatureElem;
+ }
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java new file mode 100644 index 000000000..0f6ed8abf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java @@ -0,0 +1,130 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.FileInputStream;
+import java.util.Hashtable;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+
+/**
+ * This class implements a SZR-gateway CreateMandate Response.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class CreateMandateResponse {
+
+ /**
+ * Result code of the request.
+ */
+ private int resultCode;
+
+ /**
+ * Description of the result.
+ */
+ private String resultInfo;
+
+ /**
+ * The returned mandate.
+ */
+ private Element mandate;
+
+ /**
+ * @return the resultCode
+ */
+ public int getResultCode() {
+ return resultCode;
+ }
+
+ /**
+ * @param resultCode the resultCode to set
+ */
+ public void setResultCode(String resultCode) {
+ if (resultCode!=null) {
+ this.resultCode = Integer.parseInt(resultCode);
+ } else {
+ this.resultCode = 0;
+ }
+ }
+
+ /**
+ * @return the resultInfo
+ */
+ public String getInfo() {
+ return resultInfo;
+ }
+
+ /**
+ * @param resultInfo the resultInfo to set
+ */
+ public void setInfo(String resultInfo) {
+ this.resultInfo = resultInfo;
+ }
+
+ /**
+ * @return the mandate
+ */
+ public Element getMandate() {
+ return mandate;
+ }
+
+ /**
+ * @param mandate the mandate to set
+ */
+ public void setMandate(Element mandate) {
+ this.mandate = mandate;
+ }
+
+
+ /**
+ * Parses the SZR-gateway response.
+ *
+ * @param response the SZR-gateway response.
+ * @throws SZRGWClientException if an error occurs.
+ */
+ public void parse(Element response) throws SZRGWClientException {
+ try {
+
+ // first check if response is a soap error
+ NodeList list = response.getElementsByTagName("faultstring");
+ if (list.getLength() > 0) {
+ throw new SZRGWClientException("Fehler bei SZR-Gateway: "+list.item(0).getChildNodes().item(0).getNodeValue());
+ }
+
+ this.mandate = null;
+ this.resultCode = 2000;
+ this.resultInfo = null;
+ // parse single SZR-gateway results
+ Element nameSpaceNode = response.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX, SZRGWConstants.MANDATE_NS);
+
+ Node mandateNode = XPathAPI.selectSingleNode(response, "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.MANDATE_PREFIX + SZRGWConstants.MANDATE, nameSpaceNode);
+ if (mandateNode!=null) {
+ this.mandate = (Element) mandateNode;
+ } else {
+ String errorResponse = "//" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_RESPONSE + "/" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.ERROR_RESPONSE + "/";
+ Node errorCode = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "ErrorCode/text()", nameSpaceNode);
+ if (errorCode!=null) setResultCode(errorCode.getNodeValue());
+ Node errorInfo = XPathAPI.selectSingleNode(response, errorResponse + SZRGWConstants.SZRGW_PREFIX + "Info/text()", nameSpaceNode);
+ this.setInfo(errorInfo.getNodeValue());
+ }
+ } catch(Exception e) {
+ e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+// CreateMandateResponse resp = new CreateMandateResponse();
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream("c:/response2.xml"));
+// Element response = doc.getDocumentElement();
+// resp.parse(response);
+// System.out.println(resp.getResultCode());
+// System.out.println(resp.getInfo());
+// if (resp.getMandate()!=null) ParepUtils.serializeElement(resp.getMandate(), System.out);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java new file mode 100644 index 000000000..d9d248c81 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * SOAP Envelope Constants.
+ *
+ * @author <a href="mailto:arne.tauber@egiz.gv.at">Arne Tauber</a>
+ * @version $ $
+ **/
+public interface SOAPConstants {
+
+ /*
+ * Namespaces and namespace prefixes for SOAP message handling
+ */
+ String SOAP_ENV_NS = "http://schemas.xmlsoap.org/soap/envelope/";
+ String SOAP_ENV_ENCODING_STYLE = "http://schemas.xmlsoap.org/soap/encoding/";
+ String SOAP_ENV_PREFIX = "soapenv:";
+ String SOAP_ENV_POSTFIX = ":soapenv";
+
+ String ENVELOPE = "Envelope";
+ String BODY = "Body";
+ String ENCODING_STYLE = "encodingStyle";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java new file mode 100644 index 000000000..1e6dc1039 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java @@ -0,0 +1,144 @@ +
+package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.security.Security;
+
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+
+
+/**
+ * This class implements a client for communication with the SZR-gateway
+ * <p>
+ * Two types of requests are supported
+ * <ol>
+ * <li>Basic Request</li>
+ * <li>Detailed Request</li>
+ * </ol>
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClient {
+ /**
+ * The URL of the SZR-gateway webservice.
+ */
+ private String address;
+
+ /**
+ * The SSL socket factory when using a secure connection.
+ */
+ private SSLSocketFactory sSLSocketFactory;
+
+ /**
+ * Constructor
+ */
+ public SZRGWClient() {
+ }
+
+ /**
+ * Constructor
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public SZRGWClient(String address) {
+ this.address = address;
+ }
+ /**
+ * Sets the SSL socket factory.
+ *
+ * @param factory the SSL socket factory.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory) {
+ this.sSLSocketFactory = factory;
+ }
+
+ /**
+ * Sets the SZR webservice URL
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public void setAddress(String address) {
+ this.address = address;
+ }
+
+ /**
+ * Creates a mandate.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
+ Logger.info("Connecting to SZR-gateway.");
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+
+
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+
+ client.executeMethod(method);
+ CreateMandateResponse response = new CreateMandateResponse();
+
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+
+ response.parse(doc.getDocumentElement());
+
+
+ return response;
+ } catch(Exception e) {
+ //e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+
+ /*
+ * builds an XML soap envelope
+ */
+ private Element getSOAPBody() throws SZRGWClientException {
+ Document doc_ = ParepUtils.createEmptyDocument();
+ Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
+ doc_.appendChild(root);
+
+ root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+ //root.setAttribute(SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENCODING_STYLE, SOAPConstants.SOAP_ENV_ENCODING_STYLE);
+ root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
+ root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+
+ Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
+ root.appendChild(body);
+
+ return body;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java new file mode 100644 index 000000000..11aaf289b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This class implements the basic exception type for the SZR-gateway client
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException() {
+ super();
+ }
+
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException(String arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super construction.
+ */
+ public SZRGWClientException(Throwable arg0) {
+ super(arg0);
+ }
+
+ /*
+ * see super constructor
+ */
+ public SZRGWClientException(String arg0, Throwable arg1) {
+ super(arg0, arg1);
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java new file mode 100644 index 000000000..4f815f1e7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+/**
+ * This interface specifies all the constants needed for the communication with the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public interface SZRGWConstants {
+
+ //PersonData
+ String PD_PREFIX = "pr:";
+ String PD_POSTFIX = ":pr";
+ String PERSON = "Person";
+ String PHYSICALPERSON = "PhysicalPerson";
+ String CORPORATEBODY = "CorporateBody";
+ String IDENTIFICATION = "Identification";
+ String VALUE = "Value";
+ String TYPE = "Type";
+ String NAME = "Name";
+ String GIVENNAME = "GivenName";
+ String FAMILYNAME = "FamilyName";
+ String DATEOFBIRTH = "DateOfBirth";
+ String FULLNAME = "FullName";
+ String ORGANIZATION = "Organization";
+
+ String POSTALADDRESS = "PostalAddress";
+ String DELIVERYADDRESS = "DeliveryAddress";
+ String MUNICIPALITY = "Municipality";
+ String POSTALCODE = "PostalCode";
+ String STREETNAME = "StreetName";
+ String BUILDINGNUMBER = "BuildingNumber";
+ String UNIT = "Unit";
+ //String ADDRESS = "Address";
+ //String COUNTRYCODE = "CountryCode";
+ //String DOORNUMBER = "DoorNumber";
+
+ // SZR-gateway constants
+ String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+ String SZRGW_PREFIX = "sgw:";
+ String SZRGW_POSTFIX = ":sgw";
+ String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
+ String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
+ String ERROR_RESPONSE = "ErrorResponse";
+ String MANDATOR = "Mandator";
+ String REPRESENTATIVE = "Representative";
+ String MANDATE = "Mandate";
+ String MANDATE_PREFIX = "md:";
+ String MANDATE_POSTFIX = ":md";
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java new file mode 100644 index 000000000..41a07d146 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java @@ -0,0 +1,94 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
+
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+
+
+/**
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+
+ /**
+ * The SSL socket factory.
+ */
+ private SSLSocketFactory factory;
+
+ /**
+ * Creates a new Secure socket factory for the
+ * Apache HTTP client.
+ *
+ * @param factory the SSL socket factory to use.
+ */
+ public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+ this.factory = factory;
+ }
+
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort)
+ throws IOException, UnknownHostException {
+
+ return this.factory.createSocket(
+ host,
+ port,
+ clientHost,
+ clientPort
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+ */
+ public Socket createSocket(String host, int port)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ host,
+ port
+ );
+ }
+
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+ */
+ public Socket createSocket(
+ Socket socket,
+ String host,
+ int port,
+ boolean autoClose)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ socket,
+ host,
+ port,
+ autoClose
+ );
+ }
+
+ /**
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object obj) {
+ return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+ }
+
+ /**
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ return SZRGWSecureSocketFactory.class.hashCode();
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java new file mode 100644 index 000000000..c56555b2e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -0,0 +1,411 @@ +package at.gv.egovernment.moa.id.auth.validator.parep.config;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.util.HashMap;
+
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
+import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+
+/**
+ * This class implements the Configuration.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class ParepConfiguration {
+
+ /**
+ * System property for config file.
+ */
+ public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+
+ /**
+ * SZR-GW connection parameters.
+ */
+ private ConnectionParameter standardConnectionParameters;
+
+ /**
+ * Input field processor.
+ */
+ private String standardInputProcessorClass;
+
+ /**
+ * Input field processor template.
+ */
+ private String standardInputProcessorTemplate;
+
+ /**
+ * Configured party representatives.
+ */
+ private HashMap partyRepresentatives;
+
+ /**
+ * The configuration element.
+ */
+ private Element configElement = null;
+
+ /**
+ * Defines whether the user input form must be shown on each
+ * request or not (also predefined mandates)
+ */
+ private boolean alwaysShowForm = false;
+
+ /**
+ * The configuration base directory.
+ */
+ private String baseDir_;
+
+ /**
+ * Gets the SZR-GW connection parameters.
+ *
+ * @return the connection parameters.
+ */
+ public ConnectionParameter getConnectionParameters(String representationID) {
+ if (partyRepresentatives == null || "*".equals(representationID))
+ return standardConnectionParameters;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ ConnectionParameter connectionParameters = pr.getConnectionParameters();
+ if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+ return connectionParameters;
+ }
+
+ /**
+ * Sets the SZR-GW connection parameters for standard connection.
+ *
+ * @param connectionParameters
+ * the connection parameters.
+ */
+ public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+ this.standardConnectionParameters = connectionParameters;
+ }
+
+ /*
+ *
+ */
+ public String getFullDirectoryName(String fileString) {
+ return makeAbsoluteURL(fileString, baseDir_);
+ }
+
+ /*
+ *
+ */
+ private static String makeAbsoluteURL(String url, String root) {
+ // if url is relative to rootConfigFileDirName make it absolute
+
+ File keyFile;
+ String newURL = url;
+
+ if (null == url)
+ return null;
+
+ if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+ return url;
+ } else {
+ // check if absolute - if not make it absolute
+ keyFile = new File(url);
+ if (!keyFile.isAbsolute()) {
+ keyFile = new File(root, url);
+ newURL = keyFile.getPath();
+ }
+ return newURL;
+ }
+ }
+
+ /**
+ * Initializes the configuration with a given XML configuration element found
+ * in the MOA-ID configuration.
+ *
+ * @param configElem
+ * the configuration element.
+ * @throws ConfigurationException
+ * if an error occurs initializing the configuration.
+ */
+ public ParepConfiguration(Element configElem) throws ConfigurationException {
+
+ partyRepresentatives = new HashMap();
+ partyRepresentatives.put("*", new PartyRepresentative(true, true));
+
+ String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+
+ try {
+
+ baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+ Logger.trace("Config base directory: " + baseDir_);
+ // check for configuration in system properties
+ if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+ Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+ this.configElement = doc.getDocumentElement();
+ } else {
+ this.configElement = configElem;
+ }
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+ }
+ load();
+ }
+
+ /*
+ *
+ */
+ private void load() throws ConfigurationException {
+ Logger.debug("Parse ParepValidator Konfiguration");
+ try {
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ // nameSpaceNode.setAttribute("xmlns:sgw",
+ // SZRGWConstants.SZRGW_PROFILE_NS);
+
+ Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorNode != null) {
+ this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+ Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassNode != null) {
+ this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+ }
+ }
+ Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+ if (alwaysShowFormNode != null) {
+ this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+ }
+
+ // load connection parameters
+ Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+ Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamElement != null) {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamElement, System.out);
+ this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+ }
+
+ Logger.debug("Lade Konfiguration der Parteienvertreter");
+ NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+ + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+ for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+
+ PartyRepresentative partyRepresentative = new PartyRepresentative();
+
+ Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+ boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+ boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+ partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+ partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+ partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+ partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+
+ Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+ if (inputProcessorSubNode != null) {
+ partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+ Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":InputProcessor/text()", nameSpaceNode);
+ if (inputProcessorClassSubNode != null) {
+ partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+ }
+ }
+
+ Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+ + ":ConnectionParameter", nameSpaceNode);
+ if (connectionParamSubElement == null) {
+ if (this.standardConnectionParameters == null) {
+ throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+ + partyRepresentative.getOid() + " fehlen.", null, null);
+ }
+ } else {
+ // parse connection parameters
+ // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+ partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+ }
+ partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+ Logger.info("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+ + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+ + ", representationText=" + partyRepresentative.getRepresentationText()
+ + ")");
+ }
+
+ Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+ }
+ }
+
+ /*
+ *
+ */
+ private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+ try {
+ ConnectionParameter connectionParameter = new ConnectionParameter();
+
+ // parse connection url
+ String URL = connParamElement.getAttribute("URL");
+ connectionParameter.setUrl(URL);
+
+ // accepted server certificates
+ Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+ nameSpaceNode);
+ if (accServerCertsNode != null) {
+
+ String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+ Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+ connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+ }
+
+ // client key store
+ Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+ if (clientKeyStoreNode != null) {
+ String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+ connectionParameter.setClientKeyStore(clientKeystore);
+ }
+
+ // client key store password
+ Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+ nameSpaceNode);
+ if (clientKeyStorePasswordNode != null) {
+ connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+ }
+
+ return connectionParameter;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+ }
+ }
+
+ public boolean isPartyRepresentative(String representationID) {
+ if (partyRepresentatives == null)
+ return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ return pr != null;
+ }
+
+ public boolean isRepresentingCorporateParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingCorporateParty();
+ }
+
+ public boolean isRepresentingPhysicalParty(String representationID) {
+ if (partyRepresentatives == null) return false;
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr == null) return false;
+ return pr.isRepresentingPhysicalParty();
+ }
+
+ public String getRepresentationText(String representationID) {
+ String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+ if (partyRepresentatives != null) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr != null) {
+ if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+ }
+ }
+ return result;
+ }
+
+ /**
+ * @return the input processor classname corresponding to <code>representationID</code>
+ * @param representationID
+ * the representation ID.
+ */
+ public String getInputProcessorClass(String representationID) {
+ String inputProcessorClass = standardInputProcessorClass;
+ if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorClass = pr.getInputProcessorClass();
+ if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+ }
+ }
+ return inputProcessorClass;
+ }
+
+ /**
+ * @param standardInputProcessorClass the standardInputProcessorClass to set
+ */
+ public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+ this.standardInputProcessorClass = standardInputProcessorClass;
+ }
+
+ /**
+ * @return the InputProcessorTemplate
+ */
+ public String getInputProcessorTemplate(String representationID) {
+ String inputProcessorTemplate = standardInputProcessorTemplate;
+ if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+ if (!(partyRepresentatives == null || "*".equals(representationID))) {
+ PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+ if (pr!=null) {
+ String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+ if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+ }
+ }
+ return inputProcessorTemplate;
+ }
+
+ /**
+ * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+ */
+ public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+ this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+ }
+
+ /**
+ * @return the alwaysShowForm
+ */
+ public boolean isAlwaysShowForm() {
+ return alwaysShowForm;
+ }
+
+ /**
+ * @param alwaysShowForm the alwaysShowForm to set
+ */
+ public void setAlwaysShowForm(String alwaysShowForm) {
+ if (ParepUtils.isEmpty(alwaysShowForm)) {
+ this.alwaysShowForm = false;
+ } else {
+ this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+ }
+ }
+
+ public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+ try {
+ Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+ Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+ if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+ return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+ }
+ return false;
+ } catch (Exception e) {
+ throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+ }
+
+ }
+
+
+// public static void main(String[] args) throws Exception {
+// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+// Configuration cfg = new Configuration(null);
+// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+//}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 90b780526..27955602f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -80,6 +80,9 @@ public class ConfigurationBuilder { protected static final String AUTH_TEMPLATE_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "Template/@URL"; /** an XPATH-Expression */ + protected static final String INPUT_PROCESSOR_TEMPLATE_XPATH = + ROOT + CONF + "AuthComponent/" + CONF + "Templates/" + CONF + "InputProcessorSignTemplate/@URL"; + /** an XPATH-Expression */ public static final String AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH = ROOT + CONF + "AuthComponent/" + CONF + "SecurityLayer/" + CONF + "TransformsInfo/@filename"; /** an XPATH-Expression */ @@ -392,6 +395,8 @@ public class ConfigurationBuilder { XPathUtils.getAttributeValue(configElem_, AUTH_BKUSELECT_TEMPLATE_XPATH, null); String templateURL = XPathUtils.getAttributeValue(configElem_, AUTH_TEMPLATE_XPATH, null); + String inputProcessorSignTemplateURL = + XPathUtils.getAttributeValue(configElem_, INPUT_PROCESSOR_TEMPLATE_XPATH, null); List OA_set = new ArrayList(); NodeList OAIter = XPathUtils.selectNodeList(configElem_, OA_XPATH); @@ -457,6 +462,7 @@ public class ConfigurationBuilder { oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate"))); oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL)); oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL)); + oap.setInputProcessorSignTemplateURL(buildTemplateURL(authComponent, INPUT_PROCESSOR_TEMPLATE_XPATH, inputProcessorSignTemplateURL)); // load OA specific transforms if present String[] transformsInfoFileNames = buildTransformsInfoFileNames(authComponent, OA_AUTH_COMPONENT_TRANSFORMS_INFO_FILENAME_XPATH); try { @@ -669,7 +675,7 @@ public class ConfigurationBuilder { String identifier = number.getAttribute("Identifier"); // remove all blanks identificationNumber = StringUtils.removeBlanks(identificationNumber); - if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn")) { + if (number.getLocalName().equals("Firmenbuchnummer") || identifier.equalsIgnoreCase("fn") || identifier.equalsIgnoreCase("xfn")) { // delete zeros from the beginning of the number identificationNumber = StringUtils.deleteLeadingZeros(identificationNumber); // remove hyphens diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index ba3b61f9d..132bebce3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -65,6 +65,10 @@ public class OAAuthParameter extends OAParameter { */ private String templateURL; /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; + /** * Parameters for verifying infoboxes. */ private VerifyInfoboxParameters verifyInfoboxParameters; @@ -164,6 +168,15 @@ public class OAAuthParameter extends OAParameter { } /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + + /** * Returns the parameters for verifying additional infoboxes. * * @return The parameters for verifying additional infoboxes. @@ -258,6 +271,16 @@ public class OAAuthParameter extends OAParameter { } /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + + /** * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. * * @param verifyInfoboxParameters The verifyInfoboxParameters to set. @@ -265,4 +288,5 @@ public class OAAuthParameter extends OAParameter { public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { this.verifyInfoboxParameters = verifyInfoboxParameters; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java new file mode 100644 index 000000000..a4a89e183 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -0,0 +1,63 @@ +/**
+ *
+ */
+package at.gv.egovernment.moa.id.util;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+import javax.servlet.http.HttpServletResponse;
+
+import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ *
+ */
+public class ServletUtils {
+
+ /**
+ * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
+ * depending on the requests starting text.
+ *
+ * @param resp The httpServletResponse
+ * @param session The current AuthenticationSession
+ * @param createXMLSignatureRequestOrRedirect The request
+ * @param servletGoal The servlet to which the redirect should happen
+ * @param servletName The servlet name for debug purposes
+ * @throws MOAIDException
+ * @throws IOException
+ */
+ public static void writeCreateXMLSignatureRequestOrRedirect(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName)
+ throws MOAIDException,
+ IOException
+ {
+ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+ resp.setStatus(307);
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, session.getSessionID());
+ resp.addHeader("Location", dataURL);
+
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
+
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST " + servletName);
+ } else {
+ String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
+
+ }
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 4cfa6f765..8e8f9583b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -64,6 +64,7 @@ parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enth�lt builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
+builder.02=Fehler beim Ausblenden von Stammzahlen
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -156,5 +157,11 @@ validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein.
+validator.60=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
+validator.61=�berpr�fung der {0}-Infobox fehlgeschlagen: Vollmachtenpr�fung ist f�r diesen Typ von Vollmachten f�r berufliche Parteienvertreter nicht aktiviert. Die �bermittelte Vollmacht kann nicht f�r eine Anmeldung verwendet werden.
+validator.62=Fehler in der �bermittlung: keine prim�re Vollmacht �bergeben.
+validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten.
+validator.64=Fehler beim Austausch von Vollmachtsdaten
+validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html new file mode 100644 index 000000000..a7608b9b4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepMinTemplate.html @@ -0,0 +1,134 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+</head>
+<body>
+Berufliche Parteienvertretung einer natürlichen/juristischen Person
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded" action="<BASE_href>ProcessInput">
+ <table width="80%" border="0">
+ <tr/>
+ <tr/>
+ <tr>
+ <td colspan="3">
+ <em>Vertreter:</em></td>
+ </tr>
+ <tr>
+ <td align="right" width="20%">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td ><input name="rpgivenname" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpfamilyname" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpdobyear" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
+ - <input name="rpdobmonth" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
+ - <input name="rpdobday" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="2"><br/>
+ <em>Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.</em></td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><br/>
+ <em>Vetretene Person:</em></td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" physdisabled="" value="true" physselected="" /> natürliche Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="givenname" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="familyname" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="dobyear" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
+ - <input name="dobmonth" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
+ - <input name="dobday" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" /> <img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <!--td align="right"><em>otional:</em> </td-->
+ <td align="center"><em>otional:</em></td>
+ <td colspan="2"/>
+ </tr>
+ <tr>
+ <td align="right">Straße </td>
+ <td><input name="streetname" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Straüe laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Hausnmummer </td>
+ <td><input name="buildingnumber" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Einh. Nr. </td>
+ <td><input name="unit" type="text" id="unit" value="<unit>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Postleitzahl </td>
+ <td><input name="postalcode" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Gemeinde </td>
+ <td><input name="municipality" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="3"> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" cbdisabled="" value="false" cbselected=""/ > juristische Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="fullname" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" /> <img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right"><select name="cbidentificationtype" size="1" cbseldisabled="">
+ <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Ergänzungsreg.</option>
+ </select> <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="cbidentificationvalue" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" /> <img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+ </td>
+ <td></td>
+ </tr>
+ </table>
+ <br/><errortext>
+ <p><em>Bitte halten Sie Ihre Bürgerkartenumgebung bereit.</em></p> <p>
+ <input name="MOASessionID" type="hidden" id="MOASessionID" value="<MOASessionID>"/>
+ <input type="submit" name="Submit" value=" Weiter "/>
+ <input name="Clear" type="reset" id="Clear" value="Formular zurücksetzen"/> </p></form>
+</body>
+</html>
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html new file mode 100644 index 000000000..acfd9ead6 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/ParepTemplate.html @@ -0,0 +1,171 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
+
+<html>
+<head>
+<BASE href="<BASE_href>">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Berufliche Parteieinvertretung</title>
+<link href="css/styles.css" type="text/css" rel="stylesheet">
+<link href="css/styles_opera.css" type="text/css" rel="stylesheet">
+<link href="css/mandates.css" type="text/css" rel="stylesheet">
+
+<script src="formallg.js" type="text/javascript"></script>
+<script src="fa.js" type="text/javascript"></script>
+</head>
+<body>
+
+
+<div class="hleft">
+<!--Stammzahlenregisterbehörde<br/>-->
+<!--Ballhausplatz 2<br/>-->
+<!--1014 Wien-->
+</div>
+<div class="hright" align="right"><img src="img/egov_schrift.gif" alt="E-Gov Logo"/></div>
+<div class="htitle" align="left">
+ <h1>Berufliche Parteienvertretung</h1>
+</div>
+<div class="leiste1" align="center">
+Bitte beachten Sie
+</div>
+<div class="leiste2" align="center">
+</div>
+<div class="leiste3">
+<img alt=" Dieses Feld muss ausgefĂĽllt sein!" src="img/stern.gif" width="10" height="16" /> Feld muss ausgefüllt sein
+</div>
+<div class="leiste3">
+<img alt=" Hilfe zum AusfĂĽllen " src="img/info.gif" width="10" height="16" /> Ausfüllhilfe
+</div>
+<div class="leiste3">
+<img alt=" Angabe bitte ergänzen oder richtig stellen! " src="img/rufezeichen.gif" width="10" height="16" /> Fehlerhinweis</div>
+<div style="clear: both"> </div>
+
+<h2>Berufliche Parteienvertretung einer natürlichen/juristischen Person
+</h2>
+<div class="boundingbox">
+<form name="ProcessInputForm" method="post" accept-charset="UTF-8" enctype="application/x-www-form-urlencoded" action="<BASE_href>ProcessInput">
+ <table width="80%" border="0">
+ <tr/>
+ <tr/>
+ <tr>
+ <td colspan="3">
+ <em>Vertreter:</em></td>
+ </tr>
+ <tr>
+ <td align="right" width="20%">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td ><input name="rpgivenname" type="text" disabled="true" id="rpgivenname" value="<rpgivenname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpfamilyname" type="text" disabled="true" id="rpfamilyname" value="<rpfamilyname>" size="50" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="rpdobyear" type="text" disabled="true" id="rpdobyear" value="<rpdobyear>" size="4" maxlength="4" readonly="true" />
+ - <input name="rpdobmonth" type="text" disabled="true" id="rpdobmonth" value="<rpdobmonth>" size="2" maxlength="2" readonly="true" />
+ - <input name="rpdobday" type="text" disabled="true" id="rpdobday" value="<rpdobday>" size="2" maxlength="2" readonly="true" />
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="2"><br/>
+ <em>Ich bin berufsmäßig berechtigt für die nachfolgend genannte Person in dessen Namen mit der Bürgerkarte einzuschreiten.</em></td>
+ <td> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><br/>
+ <em>Vetretene Person:</em></td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" physdisabled="" value="true" physselected="" /> natürliche Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Vorname <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="givenname" type="text" id="givenname" value="<givenname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Vorname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="familyname" type="text" id="familyname" value="<familyname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Familienname laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Geburtsdatum <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="dobyear" type="text" id="dobyear" size="4" maxlength="4" value="<dobyear>" physdisabled="" />
+ - <input name="dobmonth" type="text" id="dobmonth" size="2" maxlength="2" value="<dobmonth>" physdisabled="" />
+ - <input name="dobday" type="text" id="dobday" size="2" maxlength="2" value="<dobday>" physdisabled="" /> <img src="img/info.gif" alt="Format: JJJJ-MM-TT" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <!--td align="right"><em>otional:</em> </td-->
+ <td align="center"><em>otional:</em></td>
+ <td colspan="2"/>
+ </tr>
+ <tr>
+ <td align="right">Straße </td>
+ <td><input name="streetname" type="text" id="streetname" value="<streetname>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Straüe laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Hausnmummer </td>
+ <td><input name="buildingnumber" type="text" id="buildingnumber" value="<buildingnumber>" physdisabled="" size="50" /> <img src="img/info.gif" alt="Hausnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Einh. Nr. </td>
+ <td><input name="unit" type="text" id="unit" value="<unit>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Nutzungseinheitsnummer laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Postleitzahl </td>
+ <td><input name="postalcode" type="text" id="postalcode" value="<postalcode>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Postleitzahl laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right">Gemeinde </td>
+ <td><input name="municipality" type="text" id="municipality" value="<municipality>" size="50" physdisabled="" /> <img src="img/info.gif" alt="Gemeinde laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td colspan="3"> </td>
+ </tr>
+ <tr>
+ <td colspan="3"><input name="physical" type="radio" cbdisabled="" value="false" cbselected=""/ > juristische Person: </td>
+ </tr>
+ <tr>
+ <td align="right">Name <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="fullname" type="text" cbdisabled="" id="fullname" value="<fullname>" size="50" /> <img src="img/info.gif" alt="Name der Organisation laut ZMR Schreibweise" border="0"/>
+ </td>
+ <td></td>
+ </tr>
+ <tr>
+ <td align="right"><select name="cbidentificationtype" size="1" cbseldisabled="">
+ <option value="urn:publicid:gv.at:baseid+XFN" fnselected="">Firmenbuchnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XZVR" vrselected="">Vereinsnummer</option>
+ <option value="urn:publicid:gv.at:baseid+XERSB" ersbselected="">Ord.Nr.im Ergänzungsreg.</option>
+ </select> <img alt=" Dieses Feld muss ausgefüllt sein!" src="img/stern.gif" width="10" height="16" /></td>
+ <td><input name="cbidentificationvalue" type="text" cbdisabled="" id="cbidentificationvalue" value="<cbidentificationvalue>" size="50" /> <img src="img/info.gif" alt="Ordnungsbegriff laut ZMR Schreibweise" border="0" />
+ </td>
+ <td></td>
+ </tr>
+ </table>
+ <br/><errortext>
+ <p><em>Bitte halten Sie Ihre Bürgerkartenumgebung bereit.</em></p> <p>
+ <input name="MOASessionID" type="hidden" id="MOASessionID" value="<MOASessionID>"/>
+ <input type="submit" name="Submit" value=" Weiter "/>
+ <input name="Clear" type="reset" id="Clear" value="Formular zurücksetzen"/> </p></form>
+
+</div>
+</body>
+</html>
diff --git a/id/server/pom.xml b/id/server/pom.xml index 246aec38d..c7c938666 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,14 +4,14 @@ <parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
<packaging>pom</packaging>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<name>MOA ID Server</name>
<modules>
diff --git a/id/server/proxy/.classpath b/id/server/proxy/.classpath new file mode 100644 index 000000000..5d93de69c --- /dev/null +++ b/id/server/proxy/.classpath @@ -0,0 +1,4 @@ +<classpath> + <classpathentry kind="output" path="target/classes"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> +</classpath>
\ No newline at end of file diff --git a/id/server/proxy/.project b/id/server/proxy/.project new file mode 100644 index 000000000..4e175804c --- /dev/null +++ b/id/server/proxy/.project @@ -0,0 +1,14 @@ +<projectDescription> + <name>moa-id-proxy</name> + <comment/> + <projects/> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments/> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription>
\ No newline at end of file diff --git a/id/server/proxy/.settings/org.eclipse.jdt.core.prefs b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..5ffa1b7e5 --- /dev/null +++ b/id/server/proxy/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Wed Aug 22 09:50:03 CEST 2007
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index 218ee02f9..172bb99b5 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -2,7 +2,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
</parent>
<properties>
@@ -13,7 +13,7 @@ <groupId>MOA.id.server</groupId>
<artifactId>moa-id-proxy</artifactId>
<packaging>war</packaging>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<name>MOA ID-Proxy WebService</name>
<build>
diff --git a/id/templates/.classpath b/id/templates/.classpath new file mode 100644 index 000000000..5d93de69c --- /dev/null +++ b/id/templates/.classpath @@ -0,0 +1,4 @@ +<classpath> + <classpathentry kind="output" path="target/classes"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> +</classpath>
\ No newline at end of file diff --git a/id/templates/.project b/id/templates/.project new file mode 100644 index 000000000..f0a8631ce --- /dev/null +++ b/id/templates/.project @@ -0,0 +1,14 @@ +<projectDescription> + <name>moa-id-templates</name> + <comment/> + <projects/> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments/> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription>
\ No newline at end of file diff --git a/id/templates/.settings/org.eclipse.jdt.core.prefs b/id/templates/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..c959c9def --- /dev/null +++ b/id/templates/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Wed Aug 22 09:50:02 CEST 2007
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.source=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
diff --git a/id/templates/pom.xml b/id/templates/pom.xml index bbcd53262..ea6ac7c4f 100644 --- a/id/templates/pom.xml +++ b/id/templates/pom.xml @@ -4,14 +4,14 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id</groupId> <artifactId>moa-id-templates</artifactId> <packaging>war</packaging> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <name>MOA ID Sample Templates</name> <properties> diff --git a/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html b/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html new file mode 100644 index 000000000..c9b0a37b3 --- /dev/null +++ b/id/templates/src/main/webapp/SampleInputProcessorSignTemplate.html @@ -0,0 +1,45 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<title>MOA ID - Identifizierter Zugang mit Bürgerkarte</title>
+ <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+ <meta name="Author" content="Max Mustermann">
+ <meta name="keywords" content="MOA-ID">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css">
+ <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld">
+ <script language="javascript" type="text/javascript">
+ //<!--
+ function autoSubmit() {
+ document.VerifyAuthBlockForm.submitButton.disabled=true;
+ document.VerifyAuthBlockForm.submit();
+ } //-->
+ </script>
+</head>
+
+<body onLoad="autoSubmit()">
+<img src="/moaid-templates/SampleLogo.gif" alt='Organisation XY'>
+<h1 align="center">Sicherer Zugang zur Online-Anwendung mit Bürgerkarte</h1>
+<p></p>
+
+Der identifizierte Zugang erfolgt über die Module für Online Applikationen (MOA) unter Verwendung einer Bürgerkarte und deren Signaturfunktion.
+
+<p></p>
+<p>Sie werden in kuürze zur Signatur der Anmeldedaten aufgefordert. Wenn sie diese
+signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p>
+
+<form name="VerifyAuthBlockForm" action="<BKU>" method="post" enctype="application/x-www-form-urlencoded">
+ <div align="center">
+ <input type="hidden" name="XMLRequest" value="<XMLRequest>"/>
+ <input type="hidden" name="DataURL" value="<DataURL>"/>
+ <input type="hidden" name="PushInfobox" value="<PushInfobox>"/>
+ <input type="submit" value="Signieren der Anmeldedaten" id="submitButton"/>
+ </div>
+</form>
+
+<div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleTemplate.html"><img border="0"
+ src="/moaid-templates/valid-html401.gif"
+ alt="Valid HTML 4.01!" height="31" width="88"></a> </div>
+<p align="right"> </p>
+
+</body>
+</html>
diff --git a/id/templates/src/main/webapp/SampleTemplate.html b/id/templates/src/main/webapp/SampleTemplate.html index e9756a036..824c7153c 100644 --- a/id/templates/src/main/webapp/SampleTemplate.html +++ b/id/templates/src/main/webapp/SampleTemplate.html @@ -2,11 +2,11 @@ <html> <head> <title>MOA ID - Identifizierter Zugang mit Bürgerkarte</title> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> - <meta name="Author" content="Max Mustermann"> - <meta name="keywords" content="MOA-ID"> - <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css"> - <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld"> + <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> + <meta name="Author" content="Max Mustermann"> + <meta name="keywords" content="MOA-ID"> + <link rel="stylesheet" type="text/css" href="/moaid-templates/css/main.css"> + <link rel="stylesheet" type="text/css" href="/moaid-templates/css/display.css" media="screen,projection,tv,handheld"> </head> <body> @@ -24,33 +24,18 @@ signieren, so werden sie zur Online-Anwendung weitergeleitet und angemeldet.</p> <form name="CustomizedForm" action="<BKU>" method="post"> <div align="center"> - <input type="hidden" - name="XMLRequest" - value="<XMLRequest>"/> - <input type="hidden" - name="DataURL" - value="<DataURL>"/> - <input type="hidden" - name="PushInfobox" - value="<PushInfobox>"/> + <input type="hidden" name="XMLRequest" value="<XMLRequest>"/> + <input type="hidden" name="DataURL" value="<DataURL>"/> + <input type="hidden" name="PushInfobox" value="<PushInfobox>"/> <input type="submit" value="Anmeldung mit Bürgerkarte" name="submit"/> </div> </form> -<form name="CustomizedInfoForm" - action="<BKU>" - method="post"> - <input type="hidden" - name="XMLRequest" - value="<CertInfoXMLRequest>"/> - <input type="hidden" - name="DataURL" - value="<CertInfoDataURL>"/> - - +<form name="CustomizedInfoForm" action="<BKU>" method="post"> + <input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>"/> + <input type="hidden" name="DataURL" value="<CertInfoDataURL>"/> <br/> <p></p> - - <input type="hidden" value="Weitere Info"/> + <input type="hidden" value="Weitere Info"/> </form> <div align="right"><a href="http://validator.w3.org/check?uri=http://localhost:8080/moaid-templates/SampleTemplate.html"><img border="0" @@ -4,7 +4,7 @@ <groupId>MOA</groupId>
<artifactId>MOA</artifactId>
<packaging>pom</packaging>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<name>MOA</name>
<properties>
@@ -155,6 +155,11 @@ <version>1.1.1</version>
</dependency>
<dependency>
+ <groupId>commons-httpclient</groupId>
+ <artifactId>commons-httpclient</artifactId>
+ <version>2.0.2</version>
+ </dependency>
+ <dependency>
<groupId>dav4j</groupId>
<artifactId>dav4j</artifactId>
<version>0.1</version>
@@ -176,25 +181,25 @@ <dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar Binary files differnew file mode 100644 index 000000000..cd45919a0 --- /dev/null +++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5 new file mode 100644 index 000000000..b509a4bd0 --- /dev/null +++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.md5 @@ -0,0 +1 @@ +bab560c68f9b32974db19ac6b819ab05
\ No newline at end of file diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1 new file mode 100644 index 000000000..49cea445c --- /dev/null +++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.jar.sha1 @@ -0,0 +1 @@ +020581160238796f10fe534e335f0f7cbe29159c
\ No newline at end of file diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom new file mode 100644 index 000000000..4e3a79da1 --- /dev/null +++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?><project> + <modelVersion>4.0.0</modelVersion> + <groupId>at.gv.egovernment.moa.id</groupId> + <artifactId>mandate-validate</artifactId> + <version>1.0</version> + <description>Mandate Infobox Validator for MOA-ID</description> +</project> diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5 new file mode 100644 index 000000000..489105d20 --- /dev/null +++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.md5 @@ -0,0 +1 @@ +aede47770bdc200272ab25dc592ba9a2
\ No newline at end of file diff --git a/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1 b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1 new file mode 100644 index 000000000..9a8d887f5 --- /dev/null +++ b/repository/at/gv/egovernment/moa/id/mandate-validate/1.0/mandate-validate-1.0.pom.sha1 @@ -0,0 +1 @@ +6ab04e68a562187282f0ec40209a07353f12c325
\ No newline at end of file diff --git a/spss/handbook/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..93a06227e --- /dev/null +++ b/spss/handbook/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Fri Aug 31 11:22:24 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.3
+org.eclipse.jdt.core.compiler.compliance=1.3
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/spss/handbook/clients/api/.classpath b/spss/handbook/clients/api/.classpath new file mode 100644 index 000000000..d8f291998 --- /dev/null +++ b/spss/handbook/clients/api/.classpath @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/handbook/clients/api/.project b/spss/handbook/clients/api/.project new file mode 100644 index 000000000..e46cff8c4 --- /dev/null +++ b/spss/handbook/clients/api/.project @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-spss-handbook-apiClient</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ </natures>
+</projectDescription>
diff --git a/spss/handbook/clients/referencedData/.classpath b/spss/handbook/clients/referencedData/.classpath new file mode 100644 index 000000000..d8f291998 --- /dev/null +++ b/spss/handbook/clients/referencedData/.classpath @@ -0,0 +1,6 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/handbook/clients/referencedData/.project b/spss/handbook/clients/referencedData/.project new file mode 100644 index 000000000..dc5cac687 --- /dev/null +++ b/spss/handbook/clients/referencedData/.project @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-spss-handbook-referencedData</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ </natures>
+</projectDescription>
diff --git a/spss/handbook/clients/webservice/.classpath b/spss/handbook/clients/webservice/.classpath new file mode 100644 index 000000000..0e7468e05 --- /dev/null +++ b/spss/handbook/clients/webservice/.classpath @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/handbook/clients/webservice/.project b/spss/handbook/clients/webservice/.project new file mode 100644 index 000000000..4ba485b19 --- /dev/null +++ b/spss/handbook/clients/webservice/.project @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-spss-handbook-webserviceClient</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ </natures>
+</projectDescription>
diff --git a/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..1e3e5d4c9 --- /dev/null +++ b/spss/handbook/clients/webservice/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Tue Sep 04 14:06:58 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Simple.response.xml b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Simple.response.xml new file mode 100644 index 000000000..cb966151b --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Simple.response.xml @@ -0,0 +1,24 @@ +<?xml version="1.0" encoding="UTF-8"?> +<CreateXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><SignatureEnvironment><dsig:Signature Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"/><dsig:Reference Id="reference-1-1" URI="#xpointer(id('signed-data-1-1-1')/node())"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>tLODyeiWFbAkQKwhrR23jtcgu4k=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>2tI1Wv/LsUKr0hcsWSYXSHne7kbCBXGFrIiI/1WfAH2ba8vT5kVfJn4NOBOBatLA</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIELjCCAxagAwIBAgIBEzANBgkqhkiG9w0BAQUFADBEMQswCQYDVQQGEwJBVDEQ +MA4GA1UEChMHVFUgR3JhejENMAsGA1UECxMERUdJWjEUMBIGA1UEAxMLTU9BIFRl +c3QgQ0EwHhcNMDcwODIzMTM1ODU0WhcNMTIwODIzMTM1ODU0WjBpMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgR1JBWjENMAsGA1UECxMERUdJWjE5MDcGA1UEAxMw +VGVzdCBTaWduYXR1cmRpZW5zdCBhbGxlciBLdW5kZW46IEVDRFNBIChQMTkydjEp +MIHzMIG8BgcqhkjOPQIBMIGwAgEBMCQGByqGSM49AQECGQD///////////////// +///+//////////8wNAQY/////////////////////v/////////8BBhkIQUZ5ZyA +5w+n6atyJDBJ/rje7MFGubEEMQQYjagOsDCQ9ny/IOtDoYgA9P8K/YL/EBIHGSuV +/8jaeGMQEe1rJM3Vc/l3oR55SBECGQD///////////////+Z3vg2FGvJsbTSKDEC +AQEDMgAExf78b6N6BUhK+FHmunDUCQefSxpQmC6m4yq/+pqdDMJalTWATFhQwZqE +qSMXJ2Tqo4IBNDCCATAwDgYDVR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYD +VR0OBBYEFBrwapQSMwabwPPOijtgOu3iNlt3MHAGA1UdIARpMGcwZQYMKwYBBAGV +EgECewEBMFUwUwYIKwYBBQUHAgIwRxpFVGhpcyBjZXJ0aWZpY2F0ZSBvbmx5IG1h +eSBiZSB1c2VkIGZvciBkZW1vbnN0cmF0aW9uIGFuZCB0ZXN0IHB1cnBvc2VzMEYG +A1UdHwQ/MD0wO6A5oDeGNWh0dHA6Ly9tb2EtaWRzcHNzLmVnb3ZsYWJzLmd2LmF0 +L2NybHMvbW9hLXRlc3QtY2EuY3JsMBYGByooAAoBAQEECxMJRUdJWi1UZXN0MB8G +A1UdIwQYMBaAFFKXvB3Ugd6H51ClcBGdjhYJNiRSMA0GCSqGSIb3DQEBBQUAA4IB +AQB60RLi9zIwF/Rmy/Wo0yf1/ZktElIt91vfBsXlpgLJ4Q6ol/4hTjMJ4FIa8GOl +0b9dIkEe+WGq77JFJVgltsRoJfQBSvnK9jdLfB5YJD0ETDnMdckBV+RsxkEtl5Lr +IrT6vExyJUAWz15XJiHgkYZncJCBTy1oh8f3V8cR1VZYwO4QBRDwRdVdZsaL5PME +vvLrcAMJhF5fS4AiqMex2Eh2kav5t6/I5bmB4CKEe+0+dPO8DGl7areEfzQEPd8p +jkkX5PnxriQvZfgVzwrdXGDqMTnBNaRtCGMiQU/0kp21a6BVtT4am27yr9p3ddhl +z7sJ4Z6ys1bwB0on/O65tdn7</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object Id="signed-data-1-1-1">Diese Daten werden signiert.</dsig:Object></dsig:Signature></SignatureEnvironment></CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Supplements.response.xml b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Supplements.response.xml new file mode 100644 index 000000000..ac5d0a52f --- /dev/null +++ b/spss/handbook/clients/webservice/resources/requests/CreateXMLSignatureRequest.Supplements.response.xml @@ -0,0 +1,2 @@ +<?xml version="1.0" encoding="UTF-8"?> +<CreateXMLSignatureResponse xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><ErrorResponse><ErrorCode>2237</ErrorCode><Info>Fehler beim Auflösen der internen Referenz (URI=Para2)</Info></ErrorResponse></CreateXMLSignatureResponse>
\ No newline at end of file diff --git a/spss/handbook/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/spss/handbook/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 diff --git a/spss/handbook/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/spss/handbook/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 diff --git a/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20 b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20 Binary files differnew file mode 100644 index 000000000..8b501d747 --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20 diff --git a/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D Binary files differnew file mode 100644 index 000000000..b4b128903 --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D diff --git a/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22 b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22 Binary files differnew file mode 100644 index 000000000..7c6adedf5 --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22 diff --git a/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169 Binary files differnew file mode 100644 index 000000000..70f5b7c91 --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169 diff --git a/spss/handbook/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/spss/handbook/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/spss/handbook/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer diff --git a/spss/pom.xml b/spss/pom.xml index ca95ac9d0..97ccf975e 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> </parent> <modelVersion>4.0.0</modelVersion> diff --git a/spss/server/history.txt b/spss/server/history.txt index 8e81af838..55e595d9d 100644 --- a/spss/server/history.txt +++ b/spss/server/history.txt @@ -1,5 +1,5 @@ ############## -1.4.2 beta 1 +1.4.2 beta1 ############## - Performance-Verbesserungen bei der Verwendnung von externen Referenzen. Diese diff --git a/spss/server/serverlib/.classpath b/spss/server/serverlib/.classpath new file mode 100644 index 000000000..01edb156d --- /dev/null +++ b/spss/server/serverlib/.classpath @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry kind="src" path="src/test/java"/>
+ <classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/serverlib/.project b/spss/server/serverlib/.project new file mode 100644 index 000000000..8038e29f2 --- /dev/null +++ b/spss/server/serverlib/.project @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-spss-lib</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.wst.common.project.facet.core.builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.validation.validationbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+ <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+ <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+ </natures>
+</projectDescription>
diff --git a/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..c7b8a7c31 --- /dev/null +++ b/spss/server/serverlib/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,7 @@ +#Wed Oct 10 21:50:15 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component new file mode 100644 index 000000000..ebc030867 --- /dev/null +++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-spss-lib">
+<wb-resource deploy-path="/" source-path="/src/main/java"/>
+<wb-resource deploy-path="/" source-path="/src/test/java"/>
+<wb-resource deploy-path="/" source-path="/src/main/resources"/>
+</wb-module>
+</project-modules>
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml new file mode 100644 index 000000000..30c02fe23 --- /dev/null +++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+ <fixed facet="jst.java"/>
+ <fixed facet="jst.utility"/>
+ <installed facet="jst.java" version="1.4"/>
+ <installed facet="jst.utility" version="1.0"/>
+</faceted-project>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 514b43b82..b5c9c1ec2 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -9,7 +9,7 @@ <groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<packaging>jar</packaging>
- <version>1.4.2beta1</version>
+ <version>1.4.2beta2</version>
<name>MOA SP/SS API</name>
<properties>
diff --git a/spss/server/serverlib/src/main/java/META-INF/MANIFEST.MF b/spss/server/serverlib/src/main/java/META-INF/MANIFEST.MF new file mode 100644 index 000000000..5e9495128 --- /dev/null +++ b/spss/server/serverlib/src/main/java/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0
+Class-Path:
+
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath new file mode 100644 index 000000000..8cd9e4eb8 --- /dev/null +++ b/spss/server/serverws/.classpath @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v5.0"/>
+ <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/serverws/.project b/spss/server/serverws/.project new file mode 100644 index 000000000..692cf0e90 --- /dev/null +++ b/spss/server/serverws/.project @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-spss-ws</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.common.project.facet.core.builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.eclipse.wst.validation.validationbuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+ <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+ <nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+ </natures>
+</projectDescription>
diff --git a/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..920508ded --- /dev/null +++ b/spss/server/serverws/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,7 @@ +#Mon Sep 03 15:53:43 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.source=1.4
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component new file mode 100644 index 000000000..06aa22f01 --- /dev/null +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+<wb-module deploy-name="moa-spss">
+<wb-resource deploy-path="/" source-path="/src/main/webapp"/>
+<property name="context-root" value="moa-spss"/>
+<property name="java-output-path" value="target/classes"/>
+</wb-module>
+</project-modules>
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml new file mode 100644 index 000000000..94d50aad1 --- /dev/null +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -0,0 +1,5 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+ <installed facet="jst.java" version="1.4"/>
+ <installed facet="jst.web" version="2.4"/>
+</faceted-project>
diff --git a/spss/server/serverws/WebContent/META-INF/MANIFEST.MF b/spss/server/serverws/WebContent/META-INF/MANIFEST.MF new file mode 100644 index 000000000..5e9495128 --- /dev/null +++ b/spss/server/serverws/WebContent/META-INF/MANIFEST.MF @@ -0,0 +1,3 @@ +Manifest-Version: 1.0
+Class-Path:
+
diff --git a/spss/server/serverws/WebContent/WEB-INF/web.xml b/spss/server/serverws/WebContent/WEB-INF/web.xml new file mode 100644 index 000000000..b3b3ad52d --- /dev/null +++ b/spss/server/serverws/WebContent/WEB-INF/web.xml @@ -0,0 +1,13 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
+ <display-name>
+ moa-spss-ws</display-name>
+ <welcome-file-list>
+ <welcome-file>index.html</welcome-file>
+ <welcome-file>index.htm</welcome-file>
+ <welcome-file>index.jsp</welcome-file>
+ <welcome-file>default.html</welcome-file>
+ <welcome-file>default.htm</welcome-file>
+ <welcome-file>default.jsp</welcome-file>
+ </welcome-file-list>
+</web-app>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index 82293df82..b96ddf39f 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -10,7 +10,7 @@ <groupId>MOA.spss.server</groupId> <artifactId>moa-spss-ws</artifactId> <packaging>war</packaging> - <version>1.4.2beta1</version> + <version>1.4.2beta2</version> <name>MOA SP/SS WebService</name> <properties> diff --git a/spss/server/tools/.classpath b/spss/server/tools/.classpath new file mode 100644 index 000000000..82972d400 --- /dev/null +++ b/spss/server/tools/.classpath @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+ <classpathentry kind="src" path="src/main/java"/>
+ <classpathentry excluding="**" kind="src" output="src/main/resources" path="src/main/resources"/>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
+ <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="output" path="target/classes"/>
+</classpath>
diff --git a/spss/server/tools/.project b/spss/server/tools/.project new file mode 100644 index 000000000..4b3ffd512 --- /dev/null +++ b/spss/server/tools/.project @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+ <name>moa-spss-tools</name>
+ <comment></comment>
+ <projects>
+ </projects>
+ <buildSpec>
+ <buildCommand>
+ <name>org.eclipse.jdt.core.javabuilder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
+ </buildSpec>
+ <natures>
+ <nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ </natures>
+</projectDescription>
diff --git a/spss/server/tools/.settings/org.eclipse.jdt.core.prefs b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..cc6503a3c --- /dev/null +++ b/spss/server/tools/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,5 @@ +#Wed Sep 12 09:45:48 CEST 2007
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.4
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.source=1.4
|
