aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--common/pom.xml12
-rw-r--r--common/src/main/java/at/gv/egovernment/moa/logging/Logger.java40
-rw-r--r--id/ConfigWebTool/pom.xml3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java26
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java12
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java42
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties4
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties4
-rw-r--r--id/history.txt20
-rw-r--r--id/oa/pom.xml2
-rw-r--r--id/readme_2.2.1.txt451
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml2
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties2
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt36
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt36
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt36
-rw-r--r--id/server/doc/handbook/config/config.html6
-rw-r--r--id/server/doc/handbook/index.html2
-rw-r--r--id/server/doc/handbook/install/install.html6
-rw-r--r--id/server/idserverlib/pom.xml12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java15
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java45
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java43
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java58
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java5
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html20
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java7
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java6
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java7
-rw-r--r--id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java3
-rw-r--r--id/server/moa-id-commons/pom.xml9
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java8
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java12
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java32
-rw-r--r--id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java35
-rw-r--r--id/server/pom.xml4
-rw-r--r--id/server/stork2-commons/pom.xml3
-rw-r--r--id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java2
-rw-r--r--id/server/stork2-saml-engine/pom.xml5
-rw-r--r--pom.xml89
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt34
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt36
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt36
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt34
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt34
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt36
-rw-r--r--spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt41
-rw-r--r--spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt42
-rw-r--r--spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java7
74 files changed, 1535 insertions, 255 deletions
diff --git a/common/pom.xml b/common/pom.xml
index 72cf702bc..8f18a1b92 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -67,28 +67,24 @@
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
- <version>2.7</version>
+ <version>${jodatime.version}</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.7.10</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
- <version>1.7.10</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
- <version>1.7.10</version>
</dependency>
<dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- <version>1.7.10</version>
- </dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ </dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
diff --git a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
index 6999656ab..7cb2e7daf 100644
--- a/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
+++ b/common/src/main/java/at/gv/egovernment/moa/logging/Logger.java
@@ -58,7 +58,14 @@ public class Logger {
* @return the logger
*/
private static synchronized org.slf4j.Logger getLogger() {
- String className = Thread.currentThread().getStackTrace()[3].getClassName();
+ StackTraceElement[] stacktrace = Thread.currentThread().getStackTrace();
+
+ int i;
+ for(i = 2; i < stacktrace.length; i++)
+ if(!stacktrace[i].getClassName().equals(Logger.class.getName()))
+ break;
+
+ String className = stacktrace[i].getClassName();
org.slf4j.Logger logger = instances.get(className);
if (logger != null) {
@@ -72,6 +79,19 @@ public class Logger {
}
/**
+ * Prepare the message for printing it as string.
+ * <p>Mainly introduce because the <code>message</code> might be <code>null</code>.
+ *
+ * @param message the message
+ * @return the string
+ */
+ private static String prepareMessage(Object message) {
+ if(null == message)
+ return "no message given";
+ return message.toString();
+ }
+
+ /**
* Test, if the trace log level is enabled.
*
* @return boolean <code>true</code>, if tracing output is enabled
@@ -101,7 +121,7 @@ public class Logger {
*/
public static void trace(Object message) {
org.slf4j.Logger logger = getLogger();
- logger.trace(message.toString());
+ logger.trace(prepareMessage(message));
}
/**
@@ -134,17 +154,17 @@ public class Logger {
*/
public static void debug(Object message) {
org.slf4j.Logger logger = getLogger();
- logger.debug(message.toString());
+ logger.debug(prepareMessage(message));
}
-
- /**
+
+/**
* Log an info message.
*
* @param message The message to log.
*/
public static void info(Object message) {
org.slf4j.Logger logger = getLogger();
- logger.info(message.toString());
+ logger.info(prepareMessage(message));
}
/**
@@ -154,7 +174,7 @@ public class Logger {
*/
public static void warn(Object message) {
org.slf4j.Logger logger = getLogger();
- logger.warn(message.toString());
+ logger.warn(prepareMessage(message));
}
/**
@@ -165,7 +185,7 @@ public class Logger {
*/
public static void warn(Object message, Throwable t) {
org.slf4j.Logger logger = getLogger();
- logger.warn(message.toString(), t);
+ logger.warn(prepareMessage(message), t);
}
/**
@@ -175,7 +195,7 @@ public class Logger {
*/
public static void error(Object message) {
org.slf4j.Logger logger = getLogger();
- logger.error(message.toString());
+ logger.error(prepareMessage(message));
}
/**
@@ -186,7 +206,7 @@ public class Logger {
*/
public static void error(Object message, Throwable t) {
org.slf4j.Logger logger = getLogger();
- logger.error(message.toString(), t);
+ logger.error(prepareMessage(message), t);
}
/**
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 827254d00..423d442d0 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -83,7 +83,6 @@
<dependency>
<groupId>at.gv.util</groupId>
<artifactId>egovutils</artifactId>
- <version>2.0.0</version>
<exclusions>
<exclusion>
<groupId>org.apache.cxf</groupId>
@@ -159,12 +158,10 @@
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
- <version>2.3.20</version>
</dependency>
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-json-plugin</artifactId>
- <version>2.3.20</version>
</dependency>
<dependency>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index 7bf2cf93f..104ea51f5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -32,6 +32,7 @@ import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
public class MetaDataVerificationFilter implements MetadataFilter {
@@ -43,17 +44,18 @@ public class MetaDataVerificationFilter implements MetadataFilter {
}
- public void doFilter(XMLObject metadata) throws FilterException {
+ public void doFilter(XMLObject metadata) throws SignatureValidationException {
+
if (metadata instanceof EntitiesDescriptor) {
EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
if(entitiesDescriptor.getSignature() == null) {
- throw new FilterException("Root element of metadata file has to be signed", null);
+ throw new SignatureValidationException("Root element of metadata file has to be signed");
}
try {
processEntitiesDescriptor(entitiesDescriptor);
} catch (MOAIDException e) {
- throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ throw new SignatureValidationException("Invalid signature element in EntitiesDescriptor");
}
} if (metadata instanceof EntityDescriptor) {
@@ -63,10 +65,10 @@ public class MetaDataVerificationFilter implements MetadataFilter {
EntityVerifier.verify(entity, this.credential);
else
- throw new FilterException("Root element of metadata file has to be signed", null);
+ throw new SignatureValidationException("Root element of metadata file has to be signed", null);
} catch (MOAIDException e) {
- throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ throw new SignatureValidationException("Invalid signature element in EntityDescriptor", null);
}
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index e6000319e..8ac7b40d4 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -462,6 +462,11 @@ public class ConfigurationProvider {
}
+ public boolean isPVPMetadataSchemaValidationActive() {
+ return Boolean.parseBoolean(props.getProperty("general.pvp.schemavalidation", "true"));
+
+ }
+
private void initalPVP2Login() throws ConfigurationException {
try {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index d13696d51..8ddeb9ebc 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -134,21 +134,20 @@ public class AuthenticationFilter implements Filter{
log.trace("Request URL: " + requestURL);
- AuthenticationManager authManager = AuthenticationManager.getInstance();
- if (!authManager.isActiveUser(authuser)) {
- //user is not active anymore. Invalidate session and reauthenticate user
- String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
- session.invalidate();
- authuser = null;
+ AuthenticationManager authManager = AuthenticationManager.getInstance();
+ if (!authManager.isActiveUser(authuser) && !this.isExcluded(requestURL)) {
+ if (!this.isExcluded(requestURL)) {
+ //user is not active anymore. Invalidate session and reauthenticate user
+ String authID = (String) session.getAttribute(Constants.SESSION_PVP2REQUESTID);
+ session.invalidate();
+ authuser = null;
- //TODO: set infotext
-
- session = httpServletRequest.getSession(true);
- session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID);
- }
-
- if (authuser == null && !this.isExcluded(requestURL)) {
+ //TODO: set infotext
+ session = httpServletRequest.getSession(true);
+ session.setAttribute(Constants.SESSION_PVP2REQUESTID, authID);
+ }
+
if (config.isLoginDeaktivated()) {
//add dummy Daten
log.warn("Authentication is deaktivated. Dummy authentication-information are used!");
@@ -178,6 +177,7 @@ public class AuthenticationFilter implements Filter{
}
} else {
+
if (MiscUtil.isNotEmpty(getAuthenticatedPage())) {
log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\".");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 26d97484b..82390c49c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -291,13 +291,17 @@ public class BasicOAAction extends BasicAction {
} else {
- if (oaid == -1) {
+ if (oaid == -1) {
List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications();
- for (OnlineApplication el : oaList) {
- if (el.getPublicURLPrefix().startsWith(oaidentifier) )
- onlineapplication = el;
+
+ if (oaList != null) {
+ for (OnlineApplication el : oaList) {
+ if (el.getPublicURLPrefix().startsWith(oaidentifier) )
+ onlineapplication = el;
+ }
}
+
if (onlineapplication == null) {
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index 8e1dd6e64..37a170267 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -60,6 +60,8 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -133,7 +135,16 @@ public class OAPVP2ConfigValidation {
List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
filterList.add(new MetaDataVerificationFilter(credential));
- filterList.add(new SchemaValidationFilter());
+
+ try {
+ filterList.add(new SchemaValidationFilter(
+ ConfigurationProvider.getInstance().isPVPMetadataSchemaValidationActive()));
+
+ } catch (ConfigurationException e) {
+ log.warn("Configuration access FAILED!", e);
+
+ }
+
MetadataFilterChain filter = new MetadataFilterChain();
filter.setFilters(filterList);
@@ -172,15 +183,28 @@ public class OAPVP2ConfigValidation {
} catch (MetadataProviderException e) {
-
- //TODO: check exception handling
- if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
- log.info("SSL Server certificate not trusted.", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+ try {
+ if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
+ log.info("SSL Server certificate not trusted.", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.sig", request));
+
+ } else if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.schema", request));
+
+ } else {
+ log.info("MetaDate verification failed", e);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
+ }
+
+ } catch (Exception e1) {
+ log.info("MetaDate verification failed", e1);
+ errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify.general", request));
- } else {
- log.info("MetaDate verification failed", e);
- errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request));
}
} finally {
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index 072f44981..c888a2d77 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -487,7 +487,9 @@ validation.stork.ap.attributes.valid=Ung\u00FCltige Attributconfiguration f\u00F
validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben.
validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf.
validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten keine Informationen abgerufen werden.
-validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden.
+validation.pvp2.metadata.verify.sig=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden.
+validation.pvp2.metadata.verify.schema=Die Schema-Validierung der Metadaten ist fehlgeschlagen.
+validation.pvp2.metadata.verify.general=Bei der Validierung der Metadaten ist ein allgemeiner Fehler aufgetreten.
validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf.
validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt.
validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig.
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index b717377e0..43dcfeac8 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -485,7 +485,9 @@ validation.stork.ap.attributes.valid=Invalid attribute configuration for Attribu
validation.pvp2.metadataurl.empty=There is no metadata URL provided.
validation.pvp2.metadataurl.valid=The metadata URL has invalid URL format .
validation.pvp2.metadataurl.read=No information could be found under provided URL.
-validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate.
+validation.pvp2.metadata.verify.sig=The metadata could not be verified with the provided certificate.
+validation.pvp2.metadata.verify.schema=Metadata schema validation FAILED.
+validation.pvp2.metadata.verify.general=Metadata validation has an generic error.
validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format.
validation.pvp2.certificate.notfound=There is no PVP2 inserted.
validation.pvp2.metadata.ssl=The SSL server certificate is not trusted.
diff --git a/id/history.txt b/id/history.txt
index 837d1a883..1ba311273 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -1,6 +1,26 @@
Dieses Dokument zeigt die Veränderungen und Erweiterungen
von MOA-ID auf.
+Version MOA-ID Release 2.2.1: Änderungen seit Version MOA-ID 2.2.0
+- Änderungen
+ - Anpassung VIDP Code für STORK
+ - Update des TrustStore und des Certstore
+ > A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
+ > a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
+ > a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
+ - Kleinere Bug-Fixes
+ - Libraries aktualisiert:
+ > mysql:mysql-connector-java 5.1.35
+ > org.slf4j:jcl-over-slf4j 1.7.12
+ > org.slf4j:jul-to-slf4j 1.7.12
+ > org.slf4j:slf4j-api 1.7.12
+ > org.slf4j:slf4j-log4j12 1.7.12
+ > apache:cxf 3.0.4
+ > org.springframework 4.1.6.RELEASE
+ > org.apache.commons.lang3 3.4
+
+
+-------------------------------------------------------------------------------
Version MOA-ID Release 2.2.0: Änderungen seit Version MOA-ID 2.1.2
- Neuerungen:
- Überarbeitung der Prozessbeschreibung für Authentifizierungsprozesse
diff --git a/id/oa/pom.xml b/id/oa/pom.xml
index c97db6db2..173019c1b 100644
--- a/id/oa/pom.xml
+++ b/id/oa/pom.xml
@@ -110,12 +110,10 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.7.6</version>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
- <version>1.7.6</version>
</dependency>
<dependency>
diff --git a/id/readme_2.2.1.txt b/id/readme_2.2.1.txt
new file mode 100644
index 000000000..123b51513
--- /dev/null
+++ b/id/readme_2.2.1.txt
@@ -0,0 +1,451 @@
+===============================================================================
+MOA ID Version Release 2.2.1 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 2.2.1 wurden folgende Neuerungen und Änderungen eingeführt,
+die jetzt erstmals in der Veröffentlichung enthalten sind (siehe auch
+history.txt im gleichen Verzeichnis):
+
+- Änderungen
+ - Anpassung VIDP Code für STORK
+ - Update von TrustStore und CertSTore
+ - Kleinere Bug-Fixes
+ - Update von Libraries
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend
+angebebenen Updateschritte.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 2.2.0 auf Version 2.2.1
+...............................................................................
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 2.1.2 auf Version 2.2.0
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.2.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Kopieren der folgenden Dateien:
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei bevor Sie diese durch die neue Version ersetzen.
+ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+ b.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_outgoing.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+
+9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
+ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
+ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
+ verwendeten KeyStore ab.
+
+10. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+11. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+
+12. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 2.1.1 auf Version 2.1.2
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.2.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Dateien moa-id-auth.war und
+ moa-id-configuration.war als auch das komplette Verzeichnis moa-id-auth
+ und das komplette Verzeichnis moa-id-configuration.
+
+4. Erstellen Sie eine Sicherungskopie aller "*.jar"-Dateien im Verzeichnis
+ CATALINA_HOME_ID\endorsed und loeschen Sie diese Dateien danach.
+
+5. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\endorsed in das
+ Verzeichnis CATALINA_HOME_ID\endorsed
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Kopieren der folgenden Dateien
+ a.) MOA_ID_AUTH_INST/conf/moa-id/stork/StorkSamlEngine_VIDP.xml ->
+ CATALINA_HOME/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
+
+9. Dem STORK KeyStores unter MOA_ID_AUTH_INST/conf/moa-id/keys/storkDemoKeys.jks
+ (Passwort=local-demo) wurden neue vertrauenswürdige Zertifikate hinzugefügt.
+ Gleichen Sie bei Bedarf die Zertifikate dieses KeyStores mit Ihrem aktuell
+ verwendeten KeyStore ab.
+
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Erstellen Sie eine Sicherungskopie aller "iaik*.jar"-Dateien im Verzeichnis
+ JAVA_HOME\jre\lib\ext und loeschen Sie diese Dateien danach.
+
+4. Kopieren Sie alle Dateien aus dem Verzeichnis MOA_ID_AUTH_INST\ext in das
+ Verzeichnis JAVA_HOME\jre\lib\ext (Achtung: Java 1.4.x wird nicht mehr
+ unterstuetzt).
+
+5. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+6. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+7. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+8. Hinzufügen der zusätzlichen Konfigurationsparameter in der
+ MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ a.) configuration.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+10. Kopieren der folgenden Dateien
+ a.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+ Sollte die Datei bereits vorhanden sein erstellen Sie ein Backup der
+ Datei slo_template.html bevor Sie diese durch die neue Version ersetzen.
+
+11. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+12. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+13. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.ssl.certstore=certs/certstore
+ b.) general.ssl.truststore=certs/truststore
+
+8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs
+ nach CATALINA_HOME\conf\moa-id-configuration\
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar.
+ a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+ protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+
+10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/
+ nach CATALINA_HOME\conf\moa-id\
+ a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\
+ b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+
+11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen
+ zwei Varianten zur Verfügung.
+ a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth
+ CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile
+ moasession.hibernate.hbm2ddl.auto=update
+ zu
+ moasession.hibernate.hbm2ddl.auto=create
+ Danach werden die Tabellen beim nächsten Startvorgang neu generiert.
+
+ b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson
+ Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert.
+
+12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.5 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+ Für MOA ID Proxy:
+ Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Update der Default html-Templates für die Bürgerkartenauswahl.
+
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+9. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties
+
+ a.) configuration.validation.certificate.QC.ignore=false
+ b.) protocols.pvp2.assertion.encryption.active=false
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.6 Durchführung eines Updates von Version <= 1.5.1
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 54debca81..8f01ca22b 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -74,7 +74,7 @@
<to type="forward">/dispatcher?mod=id_stork2&amp;action=AttributeCollector&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/stork2/CompleteAuthentication$</from>
+ <from>^/stork2/GetConsent$</from>
<to type="forward">/dispatcher?mod=id_stork2&amp;action=ConsentEvaluator&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
index 7c71fadcb..b10913d69 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
@@ -15,6 +15,8 @@ general.ssl.truststore=certs/truststore
general.moaconfig.key=ConfigurationEncryptionKey
+general.pvp.schemavalidation=true
+
##Mail
general.mail.host=smtp.localhost...
#general.mail.host.port=
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
new file mode 100644
index 000000000..9ea6d0c1c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwOTAwWhcNMjQxMjA5MTIwOTAwWjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1FbmMtMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tRW5jLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA2YDEweWMfTpWbHjFwzPl5tri
+jaL4tmhuHQzuSAEO080+m5Dc38Rj5xHf1MNCxvAx18+3A+b0WDDhtdJh+SXVxAQq
+/VhnaOFcdlvun0/4+l4Xynf6xd0r8WfQgnTAER4iFzGoWnOFQZqF3JGsx0mxd5Ss
+6kbs+4Gd/FmdAD09qTb+e3FtQC9aszVb5j57LB14Ka+iVXMEFq6J1uvvdjIcwbeL
+7gOGOLzn9dArFT4bfMIE/gBOJnY3Ulp16jOMGb2sY+9u9rGJ84jSpYKEsL+RBoJr
+23O5rfdrVi/+fWC0QaDqwhI46lLr9Erkk7NjEeElZ+Tj2A5KK4K0FNvzAIqxki1Z
+/MQcBfknbq9jxUZs4zUl9QA7ufCqmFhi4qQxycEfUEXsTFlya2IgWqavA1OFZ7Ww
+tJQOR/EQUvtH/fIE7nompnxzWxi1iAvVkv0OEsAYVRd9ldviLl9wLzpQoOPvwc/B
+kRLvriWH/Bjyc8+SeAfK92ZRHh+a1HBsX7XKuZwKJ/pVKF4EtalbZXlSuQau/Mc0
+ImS49AL/GjfShp/IhGHfBQbTjR3vhZfakG6wvSFnGaRt2ohxMHb0fSK7xNrDpfNV
+Orloh77ry44C4jjQIairRW1l4CLilbitKpHO4VtZ443w25fud2FapvdesoUfHogV
+KTce4dGvW3jrN7/8TRUCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhH2pAliBnO
+GzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBADDqJFkkBD6tUmiu
+L45YlXWKogD5eUfM+xnNVdg60M4HXHksVGT49CiY1vWzuLwUD3CXQ1W7yBKnLB5b
+GcoaHNgZDhNskYJCZu9K0g8oqNEN3Hb2QoKqyCaOlKV0dXILq/3SbdcXvUkUPS9K
+nWkX48tVMcw3OAmRYKwBK6tkUBwVw0VJ49sT+9qgPGCb8HYafSjCTnb3kdKGYK7a
+0E6eVBjYf6WcMfvCIYma5Zi4fx7U0K6RN8xJvhRHAZK3uJphk1QciAIxViFIPnex
+htgywJNHRautIsDbRGwdDVOUB6VdCFF19HnO9C4p2+pggCi9nT/I4CklZGZ5Q0VB
+j9knsSFXYMY9QFGm3feiVIXAy2Pp7IMB21KNZKgqCLQRgANNdvkWwO97lcxpmocS
+/p9LIEYDpa9tIvBrTiK39hUixeQaMhvlrSN3H49NqoxsStv8UEvSbjLJAuOcK1oV
++IWA8RbBwippM45729X7nGdPUbxys+rn7F04WNe+oQN96hKX4VJ6OCANz1bca6LV
+sPtkFej+SLbpALVH3YvP4ct1UQms3UnuN9m1A0ceB4u4KroHBHlSGLB6K3UI3E42
+cYVaGrbflSvwwXxCHUvrCeL+eNKgI2Vyt29aHVJO0OMAS03Eb1PcygeNU4h6t+CS
+UBU+/OTtSQGrLe+kMKP6uBO/cMhv
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index f5292f76a..18be88951 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -228,6 +228,12 @@
<p><strong>Hinweis:</strong> Dieses Passwort muss identisch zu dem im <a href="#basisconfig_moa_id_auth_param_general">Modul MOA-ID-Auth</a> hinterlegten Passwort sein.</p></td>
</tr>
<tr>
+ <td>general.pvp.schemavalidation</td>
+ <td>true / false</td>
+ <td><p>Hiermit kann die Schemavalidierung f&uuml;r konfigurierte PVP Metadaten deaktiviert werden.</p>
+ <strong>Hinweis:</strong> Standardm&auml;&szlig;ig ist die Schemavalidierung aktiv.</td>
+ </tr>
+ <tr>
<td>general.userrequests.cleanup.delay</td>
<td>18</td>
<td>Innerhalb dieses Zeitraums muss ein neuer Benutzer die im Benutzerprofil hinterlegte eMail Adresse validieren. </td>
diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html
index 1f71d56e2..497120fec 100644
--- a/id/server/doc/handbook/index.html
+++ b/id/server/doc/handbook/index.html
@@ -29,7 +29,7 @@
</div>
<div class="container">
- <h2>&Uuml;bersicht zur Dokumentation der Version 2.1.2 </h2>
+ <h2>&Uuml;bersicht zur Dokumentation der Version 2.2.1 </h2>
<dl>
<dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html
index aa508183e..f669af2a6 100644
--- a/id/server/doc/handbook/install/install.html
+++ b/id/server/doc/handbook/install/install.html
@@ -87,13 +87,13 @@
<p> Die Basisinstallation der Module MOA-ID-Auth und MOA-ID-Configuration stellt einerseits die minimalen Anforderungen f&uuml;r den Betrieb von MOA-ID dar, andererseits dient sie als Ausgangspunkt f&uuml;r optionale <a href="#webservice_erweiterungsmoeglichkeiten">Erweiterungsm&ouml;glichkeiten</a>.</p>
<p>Die <strong>Mindestanforderungen</strong> f&uuml;r die Basisinstallation sind: </p>
<ul>
- <li><a href="#referenziertesoftware">Java SE 6 oder h&ouml;her</a></li>
- <li><a href="#referenziertesoftware">Apache Tomcat 6 oder h&ouml;her </a></li>
+ <li><a href="#referenziertesoftware">Java SE 7 oder h&ouml;her</a></li>
+ <li><a href="#referenziertesoftware">Apache Tomcat 7 oder h&ouml;her </a></li>
</ul>
<p>Wir <strong>empfehlen</strong> jedoch jeweils aktuelle Version zu verwenden:</p>
<ul>
<li><a href="#referenziertesoftware">Java SE Update SE 7 (neuestes Update) bzw. Java SE 8 (neuestes Update)</a><a href="#referenziertesoftware"></a></li>
- <li><a href="#referenziertesoftware">Apache Tomcat 7.0.50 bzw. Apache Tomcat 8.0.3</a> </li>
+ <li><a href="#referenziertesoftware">Apache Tomcat 7 (neuestes Update) bzw. Apache Tomcat 8</a><a href="#referenziertesoftware"> (neuestes Update)</a></li>
</ul>
<p>In diesem Betriebs-Szenario wird das MOA-ID-Auth Webservice und das MOA-ID Konfigurationstool in Tomcat zum Einsatz gebracht. Beide Module k&ouml;nnen sowohl in derselben Tomcat-Instanz, als auch in separaten Tomcat-Instanzen betrieben werden. F&uuml;r den Fall des separaten Betriebs muss die Installation auf beiden Tomcat-Instanzen ausgef&uuml;hrt werden. In beiden F&auml;llen fungiert der Tomcat gleichzeitig als HTTP- und HTTPS-Endpunkt f&uuml;r beide Module. Beide Protokolle werden direkt in Tomcat konfiguriert, wobei MOA-ID-Auth und MOA-ID-Configuration Log4j als Logging Toolkit verwenden.</p>
<h4><a name="webservice_basisinstallation_installation" id="webservice_basisinstallation_installation"></a>2.1.2 Installation</h4>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index dbfc19b68..9465b56d1 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -113,8 +113,6 @@
<dependency>
<groupId>at.gv.util</groupId>
<artifactId>egovutils</artifactId>
- <!-- <version>1.0.7</version> -->
- <version>2.0.0</version>
<exclusions>
<exclusion>
<groupId>com.sun</groupId>
@@ -142,6 +140,16 @@
</exclusion>
</exclusions>
</dependency>
+
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-jaxws</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ </dependency>
+
<dependency>
<groupId>javax.xml.bind</groupId>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index c4d6859db..eab7c511e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -31,6 +31,7 @@ import javax.xml.transform.TransformerException;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang3.BooleanUtils;
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
@@ -1731,7 +1732,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
boolean globallyMandatory = false;
for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes())
if (current.getName().equals(currentGlobalAttribute.getName())) {
- globallyMandatory = currentGlobalAttribute.isMandatory();
+ globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.isMandatory());
break;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index db8b4dd80..5223a181d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -149,7 +149,9 @@ public interface MOAIDAuthConstants {
Collections.unmodifiableMap(new HashMap<String, String>() {
private static final long serialVersionUID = 1L;
{
+ put("AT", "Other Countries");//"Workaround for PEPS Simulator"
put("BE", "Belgi&euml;/Belgique");
+ //put("CH", "Schweiz");
put("EE", "Eesti");
put("ES", "Espa&ntilde;a");
put("FI", "Suomi");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
new file mode 100644
index 000000000..3e9f4cf14
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/TaskExecutionException.java
@@ -0,0 +1,57 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules;
+
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class TaskExecutionException extends ProcessExecutionException {
+
+ private static final long serialVersionUID = 1L;
+ Throwable originalException = null;
+
+ /**
+ * @param message
+ * @param cause
+ */
+ public TaskExecutionException(String message, Throwable cause) {
+ super(message, cause);
+ originalException = cause;
+
+ }
+
+ /**
+ * Get the original internal exception from task
+ *
+ * @return the originalException
+ */
+ public Throwable getOriginalException() {
+ return originalException;
+ }
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index bc73a9f2f..ed3089a41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -2,6 +2,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;
+import java.io.IOException;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -16,6 +18,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -47,15 +50,12 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
// TODO[branch]: Foreign citizen or mandate mode; respond with IRR for certificates, dataURL = "/VerifyCertificate"
Logger.info("Send InfoboxReadRequest to BKU to get signer certificate.");
- setNoCachingHeaders(resp);
-
- String pendingRequestID = null;
-
+ setNoCachingHeaders(resp);
try {
String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
@@ -65,8 +65,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
throw new WrongParametersException("CertificateReadRequestTask", PARAM_SESSIONID, "auth.12");
}
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
boolean useMandate = session.getUseMandate();
@@ -91,7 +89,11 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
+
+ } catch (IOException e) {
+ throw new TaskExecutionException(e.getMessage(), e);
+
} finally {
ConfigurationDBUtils.closeSession();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index 4cd1ea94e..ee6f0d5a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -60,9 +61,8 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
- String pendingRequestID = null;
String moasessionid = StringEscapeUtils.escapeHtml(ObjectUtils.defaultIfNull(req.getParameter(PARAM_SESSIONID), (String) executionContext.get(PARAM_SESSIONID)));
AuthenticationSession moasession = null;
try {
@@ -72,9 +72,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
throw new MOAIDException("auth.18", new Object[] {});
}
- try {
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);
+ try {
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
AuthenticationSessionStoreage.changeSessionID(moasession);
executionContext.remove(PARAM_SESSIONID);
@@ -100,14 +98,17 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
}
} catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
+// handleWrongParameters(ex, req, resp);
+ throw new TaskExecutionException(ex.getMessage(), ex);
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+// handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("CreateIdentityLinkFormTask has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index 4771628a3..6bf68e2eb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -24,6 +24,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
@@ -66,7 +67,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
Logger.debug("POST GetForeignIDServlet");
@@ -76,9 +77,10 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
try {
parameters = getParameters(req);
- } catch (FileUploadException e) {
+
+ } catch (FileUploadException | IOException e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
}
String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));
@@ -170,10 +172,11 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
}
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("GetForeignIDServlet has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index f08f96782..4ff5672bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -21,6 +21,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -62,7 +63,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
Logger.debug("POST GetMISSessionIDServlet");
@@ -154,22 +155,23 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
Logger.debug("REDIRECT TO: " + redirectURL);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (PKIException e) {
- handleError(null, e, req, resp, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (SAXException e) {
- handleError(null, e, req, resp, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (ParserConfigurationException e) {
- handleError(null, e, req, resp, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("MISMandateValidation has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index dcea3a1dd..3ae35bc24 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -12,6 +12,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -45,7 +46,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
Logger.debug("Process IdentityLink");
@@ -88,10 +89,11 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
"VerifyIdentityLink");
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("IdentityLinkValidation has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 1e1a4df89..64dcb0f41 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -77,7 +78,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet
@@ -89,12 +90,13 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
try
{
parameters = getParameters(req);
- } catch (FileUploadException e)
+
+ } catch (FileUploadException | IOException e)
{
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
-
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
}
+
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
@@ -219,19 +221,21 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (GeneralSecurityException e) {
- handleError(null, e, req, resp, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (PKIException e) {
- handleError(null, e, req, resp, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (TransformerException e) {
- handleError(null, e, req, resp, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("AuthBlockValidation has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 32ea7fe3a..607641532 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -19,6 +19,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -57,30 +58,26 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet
Logger.debug("POST VerifyCertificateServlet");
-
- String pendingRequestID = null;
-
+
Map<String, String> parameters;
try
{
parameters = getParameters(req);
- } catch (FileUploadException e)
+ } catch (FileUploadException | IOException e)
{
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
+ }
String sessionID = req.getParameter(PARAM_SESSIONID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
+
AuthenticationSession session = null;
try {
// check parameter
@@ -148,10 +145,12 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
}
}
catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("CertificateValidation has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index bf10b3681..44557453a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -16,6 +16,7 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -50,7 +51,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
// note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet
@@ -59,13 +60,12 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
setNoCachingHeaders(resp);
Map<String, String> parameters;
- String pendingRequestID = null;
try {
parameters = getParameters(req);
} catch (Exception e) {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
}
try {
@@ -75,8 +75,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
if (!ParamValidatorUtils.isValidSessionID(sessionID)) {
throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12");
}
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
-
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
boolean identityLinkAvailable = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters) != null;
@@ -85,13 +83,15 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
executionContext.put("identityLinkAvailable", identityLinkAvailable);
} catch (ParseException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("IdentityLinkValidation has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
+
}
finally {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 331a7653a..c4c4b2691 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -77,9 +77,11 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.ProcessExecutionException;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
import at.gv.egovernment.moa.id.storage.IExceptionStore;
import at.gv.egovernment.moa.id.util.ServletUtils;
@@ -185,29 +187,36 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
protected void handleError(String errorMessage, Throwable exceptionThrown,
HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
- if (null != errorMessage) {
- Logger.error(errorMessage);
- req.setAttribute("ErrorMessage", errorMessage);
- }
-
- if (null != exceptionThrown) {
- if (null == errorMessage)
- errorMessage = exceptionThrown.getMessage();
- Logger.error(errorMessage, exceptionThrown);
- req.setAttribute("ExceptionThrown", exceptionThrown);
- }
-
- if (Logger.isDebugEnabled()) {
- req.setAttribute("LogLevel", "debug");
+ Throwable loggedException = null;
+
+ if (exceptionThrown != null
+ && exceptionThrown instanceof ProcessExecutionException) {
+ ProcessExecutionException procExc =
+ (ProcessExecutionException) exceptionThrown;
+ if (procExc.getCause() != null &&
+ procExc.getCause() instanceof TaskExecutionException) {
+ TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
+ loggedException = taskExc.getOriginalException();
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
+ Logger.error(exceptionThrown.getMessage(), exceptionThrown);
+
+ } else
+ Logger.error(exceptionThrown.getMessage());
+
+ }
}
+
+ if (loggedException == null)
+ loggedException = exceptionThrown;
+
- if (!(exceptionThrown instanceof MOAIDException)) {
- Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
+ if (!(loggedException instanceof MOAIDException)) {
+ Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
}
IExceptionStore store = DBExceptionStoreImpl.getStore();
- String id = store.storeException(exceptionThrown);
+ String id = store.storeException(loggedException);
if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
@@ -228,7 +237,7 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
} else {
//Exception can not be stored in database
- handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
+ handleErrorNoRedirect(errorMessage, loggedException, req, resp);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index d670cbe8a..43b6c03d4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -13,6 +13,7 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
/**
@@ -54,7 +55,8 @@ public class ProcessEngineSignalServlet extends AuthServlet {
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));
- setNoCachingHeaders(resp);
+ setNoCachingHeaders(resp);
+ String pendingRequestID = null;
try {
if (sessionID == null) {
@@ -62,6 +64,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
}
// retrieve moa session
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
AuthenticationSession session = AuthenticationServer.getSession(sessionID);
// process instance is mandatory
@@ -73,7 +76,7 @@ public class ProcessEngineSignalServlet extends AuthServlet {
getProcessEngine().signal(session.getProcessInstanceId());
} catch (Exception ex) {
- handleError(null, ex, req, resp, null);
+ handleError(null, ex, req, resp, pendingRequestID);
} finally {
MOASessionDBUtils.closeSession();
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index ea1526ff0..3809ec4bc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -39,6 +39,7 @@ import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.stream.StreamSource;
import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -286,6 +287,12 @@ public class STORKResponseProcessor {
Object attributeValue = attribute.getValue();
if (null == attributeValue)
attributeValue = attribute.getComplexValue();
+
+ // escape attributeValue
+ attributeValue = StringEscapeUtils.escapeXml10(attributeValue.toString());
+ // and remove trailing and tailing brackets. Might break something but we never saw an array with more than one entry!
+ attributeValue = ((String) attributeValue).substring(1, ((String) attributeValue).length() - 1);
+
ExtendedSAMLAttribute extendedSAMLAttribute =
new ExtendedSAMLAttributeImpl(attribute.getName(), attributeValue, Constants.STORK_NS_URI, 0);
moaExtendedSAMLAttributeList.add(extendedSAMLAttribute);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
index 0ffa22ec3..096e5ee9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/ProcessEngineImpl.java
@@ -13,6 +13,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.api.ExpressionEvaluationContext;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
index 6401b1d5d..343b8fe0c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/api/Task.java
@@ -1,5 +1,7 @@
package at.gv.egovernment.moa.id.process.api;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+
/**
* Represents a single task to be performed upon process execution.
@@ -16,6 +18,6 @@ public interface Task {
* Provides execution related information.
* @throws Exception An exception upon task execution.
*/
- void execute(ExecutionContext executionContext) throws Exception;
+ void execute(ExecutionContext executionContext) throws TaskExecutionException;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
index bae6391ec..fb75fc8d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/MoaIdTask.java
@@ -8,6 +8,7 @@ import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.filter.RequestContextFilter;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.api.Task;
@@ -52,10 +53,10 @@ public abstract class MoaIdTask implements Task {
* Thrown in case of error executing the task.
*/
public abstract void execute(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) throws Exception;
+ HttpServletResponse response) throws TaskExecutionException;
@Override
- public void execute(ExecutionContext executionContext) throws Exception {
+ public void execute(ExecutionContext executionContext) throws TaskExecutionException {
RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
if (requestAttributes != null && requestAttributes instanceof ServletRequestAttributes) {
HttpServletRequest request = ((ServletRequestAttributes) requestAttributes).getRequest();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 1f3e86ff6..168f2362a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -237,12 +237,12 @@ public interface PVPConstants {
public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86";
public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID;
- public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATOR-PROF-REP-OID";
+ public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATE-PROF-REP-OID";
public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256;
public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88";
public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID;
- public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATOR-PROF-REP-DESCRIPTION";
+ public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATE-PROF-REP-DESCRIPTION";
public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024;
public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
new file mode 100644
index 000000000..8da5edeed
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SchemaValidationException.java
@@ -0,0 +1,43 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SchemaValidationException extends FilterException {
+
+ /**
+ * @param string
+ */
+ public SchemaValidationException(String string) {
+ super(string);
+
+ }
+
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
new file mode 100644
index 000000000..86a6a777b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/filter/SignatureValidationException.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SignatureValidationException extends FilterException {
+
+ /**
+ * @param string
+ */
+ public SignatureValidationException(String string) {
+ super(string);
+
+ }
+
+ /**
+ * @param e
+ */
+ public SignatureValidationException(Exception e) {
+ super(e);
+ }
+
+ /**
+ * @param string
+ * @param object
+ */
+ public SignatureValidationException(String string, Exception e) {
+ super(string, e);
+ }
+
+ private static final long serialVersionUID = 1L;
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 12afa14bc..d493ef9e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -55,6 +55,8 @@ import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException
import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
@@ -380,10 +382,18 @@ public class MOAMetadataProvider implements MetadataProvider {
return httpProvider;
- } catch (Throwable e) {
+ } catch (Throwable e) {
if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) {
Logger.warn("SSL-Server certificate for metadata "
- + metadataURL + " not trusted.", e);
+ + metadataURL + " not trusted.", e);
+
+ } if (e.getCause() != null && e.getCause().getCause() instanceof SignatureValidationException) {
+ Logger.warn("Signature verification for metadata"
+ + metadataURL + " FAILED.", e);
+
+ } if (e.getCause() != null && e.getCause().getCause() instanceof SchemaValidationException) {
+ Logger.warn("Schema validation for metadata "
+ + metadataURL + " FAILED.", e);
}
Logger.error(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
index 0405fa114..6dac4bba1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java
@@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SignatureValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier;
import at.gv.egovernment.moa.logging.Logger;
@@ -126,7 +127,7 @@ public class MetadataSignatureFilter implements MetadataFilter {
desc.getEntityDescriptors().addAll(verifiedEntIT);
}
- public void doFilter(XMLObject metadata) throws FilterException {
+ public void doFilter(XMLObject metadata) throws SignatureValidationException {
try {
if (metadata instanceof EntitiesDescriptor) {
EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
@@ -155,7 +156,7 @@ public class MetadataSignatureFilter implements MetadataFilter {
Logger.info("Metadata signature policy check done OK");
} catch (MOAIDException e) {
Logger.warn("Metadata signature policy check FAILED.", e);
- throw new FilterException(e);
+ throw new SignatureValidationException(e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
index 382adb108..f73b541bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
@@ -22,8 +22,6 @@
*/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
-import java.io.IOException;
-
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
@@ -38,6 +36,7 @@ import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException;
import at.gv.egovernment.moa.logging.Logger;
/**
@@ -69,7 +68,7 @@ public class SchemaValidationFilter implements MetadataFilter {
* @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
*/
@Override
- public void doFilter(XMLObject arg0) throws FilterException {
+ public void doFilter(XMLObject arg0) throws SchemaValidationException {
String errString = null;
@@ -100,7 +99,7 @@ public class SchemaValidationFilter implements MetadataFilter {
}
- throw new FilterException("Metadata Schema validation FAILED with message: "+ errString);
+ throw new SchemaValidationException("Metadata Schema validation FAILED with message: "+ errString);
} else
Logger.info("Metadata Schema validation check is DEACTIVATED!");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
index 1e6cf6910..371cfb1d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java
@@ -26,12 +26,8 @@ import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
-import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
-import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
@@ -184,9 +180,21 @@ public class AttributeCollector implements IAction {
IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList();
IPersonalAttributeList responseAttributeList = container.getResponse().getPersonalAttributeList();
List<PersonalAttribute> missingAttributes = new ArrayList<PersonalAttribute>();
+ Logger.debug("aquire list of missing attributes");
for (PersonalAttribute current : requestAttributeList)
- if (!responseAttributeList.containsKey(current.getName()))
- missingAttributes.add(current);
+ if (!responseAttributeList.containsKey(current.getName())) {
+ if(null == current.getStatus() || (null != current.getStatus() && !current.getStatus().equals(AttributeStatusType.WITHHELD.value()))) {
+ // add the ones we need
+ missingAttributes.add(current);
+ Logger.debug("add " + current.getName() + " to the list of missing attributes");
+ }
+ } else {
+ // remove the ones we do not want to share from the response list
+ if(null != current.getStatus() && current.getStatus().equals(AttributeStatusType.WITHHELD.value())) {
+ responseAttributeList.remove(current.getName());
+ Logger.debug("remove " + current.getName() + " from the list of resulting attributes because the user does not want to disclose the data");
+ }
+ }
Logger.info("collecting attributes...");
Logger.debug("found " + missingAttributes.size() + " missing attributes");
@@ -253,10 +261,7 @@ public class AttributeCollector implements IAction {
Logger.info("collecting attributes done");
// ask for consent if necessary
- if(oaParam.isRequireConsentForStorkAttributes())
- new ConsentEvaluator().requestConsent(container, response, oaParam);
- else
- new ConsentEvaluator().generateSTORKResponse(response, container);
+ new ConsentEvaluator().generateSTORKResponse(response, container);
return null; // AssertionId
// TODO
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index 859f4900b..01f84125f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -163,7 +163,12 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Data container prepared");
- return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+ if(oaParam.isRequireConsentForStorkAttributes())
+ new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
+ else
+ new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
+ return null;
}
// // check if we are getting request for citizen of some other country
// else if (req instanceof MOASTORKRequest) {
@@ -494,11 +499,11 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
} catch (Exception e) {
- Logger.error("Exception, attributes: " + e.getMessage());
+ Logger.error("Exception, attributes: " + e.getMessage(), e);
}
}
} catch (Exception e) {
- Logger.error("Exception, attributes: " + e.getMessage());
+ Logger.error("Exception, attributes: " + e.getMessage(), e);
}
Logger.trace("AUTHBLOCK " + authData.getAuthBlock());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 2c5728798..3acd1039f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -23,13 +23,17 @@
package at.gv.egovernment.moa.id.protocols.stork2;
import java.io.StringWriter;
+
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+
import java.util.ArrayList;
import java.util.HashMap;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import java.util.Map.Entry;
+
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.data.SLOInformationInterface;
import at.gv.egovernment.moa.id.moduls.IAction;
@@ -39,14 +43,13 @@ import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.peps.auth.commons.PEPSUtil;
import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.STORKAuthnResponse;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.complex.attributes.eu.stork.names.tc.stork._1_0.assertion.AttributeStatusType;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
+
import org.apache.velocity.Template;
import org.apache.velocity.VelocityContext;
import org.apache.velocity.app.VelocityEngine;
-import org.joda.time.DateTime;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import javax.servlet.http.HttpServletRequest;
@@ -72,23 +75,28 @@ public class ConsentEvaluator implements IAction {
DataContainer container;
try {
container = AssertionStorage.getInstance().get(artifactId, DataContainer.class);
+ req = container.getRequest();
} catch (MOADatabaseException e) {
Logger.error("Error fetching incomplete Stork response from temporary storage. Most likely a timeout occured.", e);
throw new MOAIDException("stork.17", null);
}
// evaluate response
- for(PersonalAttribute current : container.getResponse().getPersonalAttributeList()) {
+ for(PersonalAttribute current : container.getRequest().getPersonalAttributeList()) {
if(null == httpReq.getParameter(current.getName())) {
- current.setStatus(AttributeStatusType.NOT_AVAILABLE.value());
+ current.setStatus(AttributeStatusType.WITHHELD.value());
current.setValue(new ArrayList<String>());
current.setComplexValue(new HashMap<String, String>());
}
}
- // build and send response
- generateSTORKResponse(httpResp, container);
-
+ //TODO: CHECK: req.getOAURL() should return the unique OA identifier
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
+ if (oaParam == null)
+ throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
+
+ new AttributeCollector().processRequest(container, httpReq, httpResp, authData, oaParam);
+
return null; // AssertionId
}
@@ -96,12 +104,19 @@ public class ConsentEvaluator implements IAction {
* Fills the given HttpResponse with the required web page.
*
* @param container the container
+ * @param authData
* @param response the response
* @param oaParam the oa param
* @return the string
* @throws MOAIDException the mOAID exception
*/
- public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException {
+ public String requestConsent(DataContainer container, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException {
+ //check if we need to collect consent
+ if(!oaParam.isRequireConsentForStorkAttributes()) {
+ (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
+ return "";
+ }
+
// prepare redirect
String newArtifactId;
try {
@@ -130,19 +145,20 @@ public class ConsentEvaluator implements IAction {
Template template = velocityEngine.getTemplate("/resources/templates/stork2_consent.html");
VelocityContext context = new VelocityContext();
- context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/CompleteAuthentication?" + ARTIFACT_ID + "=" + newArtifactId);
+ context.put("action", AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/stork2/GetConsent?" + ARTIFACT_ID + "=" + newArtifactId);
// assemble table
String table = "";
- for (PersonalAttribute current : container.getResponse().getPersonalAttributeList())
- if ("Available".equals(current.getStatus()))
- table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + "</td></tr>\n";
+ for (PersonalAttribute current : container.getRequest().getPersonalAttributeList())
+ table += "<tr><td><input type=\"checkbox\" checked=\"yes\" name=\"" + current.getName() + "\"></td><td>" + current.getName() + (current.isRequired() ? "" : " (optional)") + "</td></tr>\n";
context.put("tablecontent", table);
+ for(Entry<String, String> current : oaParam.getFormCustomizaten().entrySet())
+ context.put(current.getKey().replace("#", ""), current.getValue());
StringWriter writer = new StringWriter();
template.merge(context, writer);
- response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
index 3ab4ec4a1..9a6206947 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOAAttributeProvider.java
@@ -79,7 +79,17 @@ public class MOAAttributeProvider {
public void populateAttribute(PersonalAttributeList attributeList, PersonalAttribute requestedAttribute ) {
String storkAttribute = requestedAttribute.getName();
- if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
+ if (null != authData && null != authData.getStorkAttributes() && authData.getStorkAttributes().containsKey(requestedAttribute.getName())) {
+ Logger.debug("Trying to get value for attribute directly from STORK2 response [" + storkAttribute + "]");
+ try {
+ PersonalAttribute tmp = authData.getStorkAttributes().get(requestedAttribute.getName());
+ attributeList.add((PersonalAttribute) tmp.clone());
+ } catch(Exception e) {
+ Logger.error("Could not retrieve attribute from STORK2 response: " + storkAttribute);
+ if(Logger.isDebugEnabled())
+ e.printStackTrace();
+ }
+ } else if (storkAttributeSimpleMapping.containsKey(storkAttribute)) {
Logger.debug("Trying to get value for attribute using simple mapping [" + storkAttribute + "]");
try {
Method method = authData.getClass().getDeclaredMethod(storkAttributeSimpleMapping.get(storkAttribute));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index e6fff76ab..59e1dbeca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -211,7 +211,7 @@ public class MandateRetrievalRequest implements IAction {
// ask for consent if necessary
if (oaParam.isRequireConsentForStorkAttributes())
- new ConsentEvaluator().requestConsent(container, httpResp, oaParam);
+ new ConsentEvaluator().requestConsent(container, httpReq, httpResp, authData, oaParam);
else
new ConsentEvaluator().generateSTORKResponse(httpResp, container);
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
index e21a61665..0ab41f146 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_consent.html
@@ -80,6 +80,7 @@
overflow:auto;
min-width: 190px;
height: 260px;
+ padding: 20px;
}
h2#tabheader{
@@ -134,6 +135,7 @@
#bkulogin {
min-height: 150px;
+ padding: 20px;
}
}
@@ -146,6 +148,7 @@
#bkulogin {
height: 180px;
+ padding: 20px;
}
}
@@ -175,7 +178,7 @@
color : #000;
text-align: center;
font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
+ background-color: ${MAIN_BACKGOUNDCOLOR};
}
#page {
@@ -230,6 +233,7 @@
#bkulogin {
min-width: 190px;
height: 155px;
+ padding: 20px;
}
.setAssertionButton_full {
@@ -249,7 +253,7 @@
* {
margin: 0;
padding: 0;
- font-family: #FONTTYPE#;
+ font-family: ${FONTTYPE};
}
#selectArea {
@@ -333,13 +337,13 @@
}
.hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
+ background-color : ${MAIN_BACKGOUNDCOLOR};
+ color: ${MAIN_COLOR};
}
.dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
+ background-color: ${HEADER_BACKGROUNDCOLOR};
+ color: ${HEADER_COLOR};
}
.main_header {
@@ -404,7 +408,7 @@
}
</script>
-<title>#HEADER_TEXT#</title>
+<title>Informationsfreigabe</title>
</head>
<body onload="onChangeChecks();" onresize="onChangeChecks();">
<div id="page">
@@ -417,7 +421,7 @@
<h2 id="tabheader" class="dunkel" role="heading">STORK Informationsfreigabe</h2>
</div>
<div id="bkulogin" class="hell" role="form">
- Alle angehakten Daten werden an das fragende Drittland &uuml;bermittelt.
+ W&auml;hlen Sie jene Daten, die, wenn verf&uuml;gbar, an ein Drittland weitergegeben werden sollen:</br>
<table>
${tablecontent}
</table>
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
index 7e56071bd..ebda3c5c3 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/CreateSAML1AssertionTask.java
@@ -1,5 +1,6 @@
package at.gv.egovernment.moa.id.process.spring.test.task;
+import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.Objects;
@@ -8,6 +9,7 @@ import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.api.Task;
@@ -37,7 +39,7 @@ public class CreateSAML1AssertionTask implements Task {
private Logger log = LoggerFactory.getLogger(getClass());
@Override
- public void execute(ExecutionContext executionContext) throws Exception {
+ public void execute(ExecutionContext executionContext) throws TaskExecutionException {
Objects.requireNonNull(executionContext.get("IdentityLink"));
assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
@@ -47,6 +49,9 @@ public class CreateSAML1AssertionTask implements Task {
try (InputStream in = getClass().getResourceAsStream("SAML1Assertion.xml")) {
executionContext.put("SAML1Assertion", IOUtils.toString(in, Charset.forName("UTF-8")));
+
+ } catch (IOException e) {
+ throw new TaskExecutionException("", e);
}
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
index 412fb0123..bd08ec6a1 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/GetIdentityLinkTask.java
@@ -9,6 +9,7 @@ import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.api.Task;
@@ -37,13 +38,16 @@ public class GetIdentityLinkTask implements Task {
private Logger log = LoggerFactory.getLogger(getClass());
@Override
- public void execute(ExecutionContext executionContext) throws IOException {
+ public void execute(ExecutionContext executionContext) throws TaskExecutionException {
Objects.requireNonNull(executionContext.get("bkuURL"));
log.debug("Using bkuURL in order to retrieve IdentityLink.");
try (InputStream in = getClass().getResourceAsStream("IdentityLink_Max_Mustermann.xml")) {
executionContext.put("IdentityLink", IOUtils.toString(in, Charset.forName("UTF-8")));
+
+ } catch (IOException e) {
+ throw new TaskExecutionException("", e);
}
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
index 8099c0f98..8f9b72cea 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/SignAuthBlockTask.java
@@ -1,5 +1,6 @@
package at.gv.egovernment.moa.id.process.spring.test.task;
+import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.Objects;
@@ -8,6 +9,7 @@ import org.apache.commons.io.IOUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.api.Task;
@@ -38,7 +40,7 @@ public class SignAuthBlockTask implements Task {
private Logger log = LoggerFactory.getLogger(getClass());
@Override
- public void execute(ExecutionContext executionContext) throws Exception {
+ public void execute(ExecutionContext executionContext) throws TaskExecutionException {
Objects.requireNonNull(executionContext.get("IdentityLink"));
assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
Objects.requireNonNull(executionContext.get("bkuURL"));
@@ -46,6 +48,9 @@ public class SignAuthBlockTask implements Task {
log.debug("Using validated IdentityLink and bkuURL in order to sign auth block.");
try (InputStream in = getClass().getResourceAsStream("SignedAuthBlock.xml")) {
executionContext.put("SignedAuthBlock", IOUtils.toString(in, Charset.forName("UTF-8")));
+ } catch (IOException e) {
+ throw new TaskExecutionException("", e);
+
}
}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
index 07b2ea69c..cece373d4 100644
--- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/process/spring/test/task/ValidateSignedAuthBlockTask.java
@@ -5,6 +5,7 @@ import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.process.api.ExecutionContext;
import at.gv.egovernment.moa.id.process.api.Task;
@@ -33,7 +34,7 @@ public class ValidateSignedAuthBlockTask implements Task {
private Logger log = LoggerFactory.getLogger(getClass());
@Override
- public void execute(ExecutionContext executionContext) throws Exception {
+ public void execute(ExecutionContext executionContext) throws TaskExecutionException {
Objects.requireNonNull(executionContext.get("IdentityLink"));
assert (Boolean.TRUE.equals(Objects.requireNonNull(executionContext.get("isIdentityLinkValidated"))));
Objects.requireNonNull(executionContext.get("SignedAuthBlock"));
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index c504a7f0c..27beeaaf3 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -46,23 +46,22 @@
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
- <version>4.3.8.Final</version>
+ <version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
- <version>4.3.8.Final</version>
+ <version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
- <version>4.3.8.Final</version>
+ <version>${hibernate.version}</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>3.3.2</version>
</dependency>
<dependency>
<groupId>commons-httpclient</groupId>
@@ -122,7 +121,7 @@
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
- <version>5.1.34</version>
+ <version>${mysql-connector.java}</version>
</dependency>
</dependencies>
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
index f8cc17b93..021ee62cf 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/CreateStorkAuthRequestFormTask.java
@@ -15,6 +15,7 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
@@ -63,7 +64,7 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
- throws Exception {
+ throws TaskExecutionException {
String pendingRequestID = null;
String sessionID = null;
@@ -97,11 +98,12 @@ public class CreateStorkAuthRequestFormTask extends AbstractAuthServletTask {
AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
} catch (MOAIDException ex) {
- handleError(null, ex, req, resp, pendingRequestID);
+ throw new TaskExecutionException(ex.getMessage(), ex);
} catch (Exception e) {
Logger.error("CreateStorkAuthRequestFormTask has an interal Error.", e);
- throw new MOAIDException("Internal error.", new Object[] { sessionID }, e);
+ throw new TaskExecutionException("CreateStorkAuthRequestFormTask has an interal Error.", e);
+
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
index 077bb2dee..1ae66f24e 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleLocalSignResponseTask.java
@@ -22,6 +22,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
@@ -79,7 +80,7 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
Logger.info("moaSessionID:" + moaSessionID);
@@ -90,13 +91,13 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
handleSignResponse(executionContext, request, response);
} else {
// should not occur
- throw new IOException("should not occur");
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
}
return;
}
private void handleSignResponse(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response) throws TaskExecutionException {
Logger.info("handleSignResponse started");
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
@@ -199,13 +200,14 @@ public class PepsConnectorHandleLocalSignResponseTask extends AbstractPepsConnec
Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
index 3338804b4..aff69aa9c 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorHandleResponseWithoutSignatureTask.java
@@ -25,6 +25,7 @@ import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
@@ -83,7 +84,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String moaSessionID = request.getParameter("moaSessionID");
String signResponse = request.getParameter("signresponse");
Logger.info("moaSessionID:" + moaSessionID);
@@ -95,13 +96,13 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
} else {
// should not occur
- throw new IOException("should not occur");
+ throw new TaskExecutionException("Parsing mulitpart/form-data request parameters failed", null);
}
return;
}
private void handleSAMLResponse(ExecutionContext executionContext, HttpServletRequest request,
- HttpServletResponse response) {
+ HttpServletResponse response) throws TaskExecutionException {
Logger.info("handleSAMLResponse started");
String pendingRequestID = null;
@@ -136,7 +137,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -211,10 +212,16 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
|| STORKResponseProcessor.hasAttribute("representative", attributeList)
@@ -233,7 +240,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -246,7 +253,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// extract signed doc element and citizen signature
String citizenSignature = null;
try {
- PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+ PersonalAttribute signedDoc = attributeList.get("signedDoc");
String signatureInfo = null;
// FIXME: Remove nonsense code (signedDoc attribute... (throw Exception for "should not occur" situations)), adjust error messages in order to reflect the true problem...
if (signedDoc != null) {
@@ -259,7 +266,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// store authnResponse
// moaSession.setAuthnResponse(authnResponse);//not serializable
- moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+ moaSession.setAuthnResponseGetPersonalAttributeList(attributeList);
String authnContextClassRef = null;
try {
@@ -335,7 +342,7 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
// FIXME: Same here; we do not have the citizen's signature, so this code might be regarded as dead code.
try {
- SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions()
+ SZRGInsertion(moaSession, attributeList, authnResponse.getAssertions()
.get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef()
.getAuthnContextClassRef(), citizenSignature);
} catch (STORKException e) {
@@ -393,13 +400,14 @@ public class PepsConnectorHandleResponseWithoutSignatureTask extends AbstractPep
Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
index 6e0bd19ff..6eabc0538 100644
--- a/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
+++ b/id/server/modules/module-stork/src/main/java/at/gv/egovernment/moa/id/auth/modules/stork/tasks/PepsConnectorTask.java
@@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
@@ -128,7 +129,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws Exception {
+ throws TaskExecutionException {
String pendingRequestID = null;
setNoCachingHeaders(response);
@@ -162,7 +163,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
try {
// validate SAML Token
Logger.debug("Starting validation of SAML response");
- authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ authnResponse = engine.validateSTORKAuthnResponseWithQuery(decSamlToken, (String) request.getRemoteHost());
Logger.info("SAML response succesfully verified!");
} catch (STORKSAMLEngineException e) {
Logger.error("Failed to verify STORK SAML Response", e);
@@ -297,9 +298,16 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
- // //////////// incorporate gender from parameters if not in stork response
- IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+ // first, try to fetch the attributes from the list of total attributes. Note that this very list is only filled
+ // with ALL attributes when there is more than one assertion in the SAML2 STORK message.
+ IPersonalAttributeList attributeList = authnResponse.getTotalPersonalAttributeList();
+
+ // if the list is empty, there was just one assertion... probably
+ if(attributeList.isEmpty())
+ attributeList = authnResponse.getPersonalAttributeList();
+
+ // //////////// incorporate gender from parameters if not in stork response
// but first, check if we have a representation case
if (STORKResponseProcessor.hasAttribute("mandateContent", attributeList)
@@ -320,7 +328,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
tmp.add(gendervalue);
gender.setValue(tmp);
- authnResponse.getPersonalAttributeList().add(gender);
+ attributeList.add(gender);
}
}
}
@@ -336,15 +344,15 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
// extract signed doc element and citizen signature
try {
- if (authnResponse.getPersonalAttributeList().get("signedDoc") == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue() == null
- || authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0) == null) {
+ if (attributeList.get("signedDoc") == null
+ || attributeList.get("signedDoc").getValue() == null
+ || attributeList.get("signedDoc").getValue().get(0) == null) {
Logger.info("STORK Response include NO signedDoc attribute!");
throw new STORKException("STORK Response include NO signedDoc attribute.");
}
- String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ String signatureInfo = attributeList.get("signedDoc").getValue().get(0);
Logger.debug("signatureInfo:" + signatureInfo);
@@ -498,7 +506,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.debug("Starting connecting SZR Gateway");
identityLink = STORKResponseProcessor.connectToSZRGateway(
- authnResponse.getPersonalAttributeList(),
+ attributeList,
oaParam.getFriendlyName(),
targetType,
null,
@@ -552,7 +560,7 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
moaSession.setIdentityLink(identityLink);
Logger.debug("Adding addtional STORK attributes to MOA session");
- moaSession.setStorkAttributes(authnResponse.getPersonalAttributeList());
+ moaSession.setStorkAttributes(attributeList);
Logger.debug("Add full STORK AuthnResponse to MOA session");
moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));
@@ -606,13 +614,14 @@ public class PepsConnectorTask extends AbstractAuthServletTask {
Logger.info("REDIRECT TO: " + redirectURL);
} catch (AuthenticationException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (MOAIDException e) {
- handleError(null, e, request, response, pendingRequestID);
+ throw new TaskExecutionException(e.getMessage(), e);
} catch (Exception e) {
Logger.error("PEPSConnector has an interal Error.", e);
+ throw new TaskExecutionException(e.getMessage(), e);
}
finally {
diff --git a/id/server/pom.xml b/id/server/pom.xml
index 9d34cce78..2341552cc 100644
--- a/id/server/pom.xml
+++ b/id/server/pom.xml
@@ -14,10 +14,6 @@
<name>MOA ID Server</name>
<properties>
- <junit.version>4.11</junit.version>
- <org.apache.commons.io.version>2.4</org.apache.commons.io.version>
- <org.apache.commons.lang3.version>3.3.2</org.apache.commons.lang3.version>
- <org.apache.commons.collections4.version>4.0</org.apache.commons.collections4.version>
<repositoryPath>${basedir}/../../repository</repositoryPath>
</properties>
diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml
index 81f2cf4e5..1a8dfd786 100644
--- a/id/server/stork2-commons/pom.xml
+++ b/id/server/stork2-commons/pom.xml
@@ -34,7 +34,7 @@
<dependency>
<groupId>joda-time</groupId>
<artifactId>joda-time</artifactId>
- <version>2.3</version>
+ <version>${jodatime.version}</version>
</dependency>
<!-- Log4J -->
@@ -113,7 +113,6 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
index 5d8281445..15803fb68 100644
--- a/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
+++ b/id/server/stork2-commons/src/main/java/eu/stork/peps/auth/commons/PersonalAttribute.java
@@ -69,7 +69,7 @@ public final class PersonalAttribute implements Serializable, Cloneable {
/**
* Is the personal attribute mandatory?
*/
- private transient boolean required;
+ private boolean required;
/**
* Returned status of the attribute from the IdP.
diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml
index e5d3dc1f4..36df747e4 100644
--- a/id/server/stork2-saml-engine/pom.xml
+++ b/id/server/stork2-saml-engine/pom.xml
@@ -96,7 +96,6 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.7.10</version>
</dependency>
<!-- <dependency>
<groupId>org.slf4j</groupId>
@@ -106,7 +105,6 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
- <version>1.7.10</version>
</dependency>
<!-- <dependency>
<groupId>org.slf4j</groupId>
@@ -116,13 +114,11 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
- <version>1.7.10</version>
</dependency>
<dependency>
<groupId>commons-io</groupId>
<artifactId>commons-io</artifactId>
- <version>2.4</version>
<scope>compile</scope>
</dependency>
<dependency>
@@ -133,7 +129,6 @@
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
- <version>4.11</version>
<scope>test</scope>
</dependency>
</dependencies>
diff --git a/pom.xml b/pom.xml
index 8897201b0..2ecc43a21 100644
--- a/pom.xml
+++ b/pom.xml
@@ -21,16 +21,31 @@
<moa-commons-version>2.0.1</moa-commons-version>
-->
- <moa-commons-version>2.0.3-SNAPSHOT</moa-commons-version>
- <moa-id-version>2.2.1-SNAPSHOT</moa-id-version>
- <moa-id-proxy-version>2.0.1-SNAPSHOT</moa-id-proxy-version>
- <moa-spss-version>2.0.5-SNAPSHOT</moa-spss-version>
- <configtool-version>1.1.6-SNAPSHOT</configtool-version>
- <demo-oa-version>2.0.4-SNAPSHOT</demo-oa-version>
+ <!-- Project Version -->
+ <moa-commons-version>2.0.4-SNAPSHOT</moa-commons-version>
+ <moa-id-version>2.2.2-SNAPSHOT</moa-id-version>
+ <moa-id-proxy-version>2.0.1-SNAPSHOT</moa-id-proxy-version>
+ <moa-spss-version>2.0.5-SNAPSHOT</moa-spss-version>
+ <configtool-version>1.1.7-SNAPSHOT</configtool-version>
+ <demo-oa-version>2.0.5-SNAPSHOT</demo-oa-version>
- <org.springframework.version>4.1.5.RELEASE</org.springframework.version>
- <surefire.version>2.18.1</surefire.version>
-
+ <!-- Library Versions -->
+ <org.springframework.version>4.1.6.RELEASE</org.springframework.version>
+ <surefire.version>2.18.1</surefire.version>
+ <opensaml.version>2.6.5</opensaml.version>
+ <xmltooling.version>1.4.5</xmltooling.version>
+ <cxf.version>3.0.4</cxf.version>
+ <struts.version>2.3.20</struts.version>
+ <egovutils.version>2.0.0</egovutils.version>
+ <slf4j.version>1.7.12</slf4j.version>
+ <hibernate.version>4.3.8.Final</hibernate.version>
+ <mysql-connector.java>5.1.35</mysql-connector.java>
+ <junit.version>4.11</junit.version>
+ <org.apache.commons.io.version>2.4</org.apache.commons.io.version>
+ <org.apache.commons.lang3.version>3.4</org.apache.commons.lang3.version>
+ <org.apache.commons.collections4.version>4.0</org.apache.commons.collections4.version>
+ <jodatime.version>2.7</jodatime.version>
+
</properties>
<profiles>
@@ -232,15 +247,65 @@
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
- <version>2.6.5</version>
+ <version>${opensaml.version}</version>
</dependency>
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>xmltooling</artifactId>
- <version>1.4.5</version>
+ <version>${xmltooling.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-frontend-jaxws</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-transports-http</artifactId>
+ <version>${cxf.version}</version>
+ </dependency>
+
+
+ <dependency>
+ <groupId>org.apache.struts</groupId>
+ <artifactId>struts2-core</artifactId>
+ <version>${struts.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.struts</groupId>
+ <artifactId>struts2-json-plugin</artifactId>
+ <version>${struts.version}</version>
+ </dependency>
+
+ <dependency>
+ <groupId>at.gv.util</groupId>
+ <artifactId>egovutils</artifactId>
+ <version>${egovutils.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>${slf4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jcl-over-slf4j</artifactId>
+ <version>${slf4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>jul-to-slf4j</artifactId>
+ <version>${slf4j.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-log4j12</artifactId>
+ <version>${slf4j.version}</version>
+ </dependency>
+
+
<dependency>
<groupId>axis</groupId>
<artifactId>axis</artifactId>
@@ -307,7 +372,7 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
- <version>4.4</version>
+ <version>4.4.1</version>
</dependency>
<dependency>
<groupId>dav4j</groupId>
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
new file mode 100644
index 000000000..9ea6d0c1c
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-test-premium-Enc-05.20141215-20141209.SerNo165fb7.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+3MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwOTAwWhcNMjQxMjA5MTIwOTAwWjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1FbmMtMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tRW5jLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEA2YDEweWMfTpWbHjFwzPl5tri
+jaL4tmhuHQzuSAEO080+m5Dc38Rj5xHf1MNCxvAx18+3A+b0WDDhtdJh+SXVxAQq
+/VhnaOFcdlvun0/4+l4Xynf6xd0r8WfQgnTAER4iFzGoWnOFQZqF3JGsx0mxd5Ss
+6kbs+4Gd/FmdAD09qTb+e3FtQC9aszVb5j57LB14Ka+iVXMEFq6J1uvvdjIcwbeL
+7gOGOLzn9dArFT4bfMIE/gBOJnY3Ulp16jOMGb2sY+9u9rGJ84jSpYKEsL+RBoJr
+23O5rfdrVi/+fWC0QaDqwhI46lLr9Erkk7NjEeElZ+Tj2A5KK4K0FNvzAIqxki1Z
+/MQcBfknbq9jxUZs4zUl9QA7ufCqmFhi4qQxycEfUEXsTFlya2IgWqavA1OFZ7Ww
+tJQOR/EQUvtH/fIE7nompnxzWxi1iAvVkv0OEsAYVRd9ldviLl9wLzpQoOPvwc/B
+kRLvriWH/Bjyc8+SeAfK92ZRHh+a1HBsX7XKuZwKJ/pVKF4EtalbZXlSuQau/Mc0
+ImS49AL/GjfShp/IhGHfBQbTjR3vhZfakG6wvSFnGaRt2ohxMHb0fSK7xNrDpfNV
+Orloh77ry44C4jjQIairRW1l4CLilbitKpHO4VtZ443w25fud2FapvdesoUfHogV
+KTce4dGvW3jrN7/8TRUCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhH2pAliBnO
+GzAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBADDqJFkkBD6tUmiu
+L45YlXWKogD5eUfM+xnNVdg60M4HXHksVGT49CiY1vWzuLwUD3CXQ1W7yBKnLB5b
+GcoaHNgZDhNskYJCZu9K0g8oqNEN3Hb2QoKqyCaOlKV0dXILq/3SbdcXvUkUPS9K
+nWkX48tVMcw3OAmRYKwBK6tkUBwVw0VJ49sT+9qgPGCb8HYafSjCTnb3kdKGYK7a
+0E6eVBjYf6WcMfvCIYma5Zi4fx7U0K6RN8xJvhRHAZK3uJphk1QciAIxViFIPnex
+htgywJNHRautIsDbRGwdDVOUB6VdCFF19HnO9C4p2+pggCi9nT/I4CklZGZ5Q0VB
+j9knsSFXYMY9QFGm3feiVIXAy2Pp7IMB21KNZKgqCLQRgANNdvkWwO97lcxpmocS
+/p9LIEYDpa9tIvBrTiK39hUixeQaMhvlrSN3H49NqoxsStv8UEvSbjLJAuOcK1oV
++IWA8RbBwippM45729X7nGdPUbxys+rn7F04WNe+oQN96hKX4VJ6OCANz1bca6LV
+sPtkFej+SLbpALVH3YvP4ct1UQms3UnuN9m1A0ceB4u4KroHBHlSGLB6K3UI3E42
+cYVaGrbflSvwwXxCHUvrCeL+eNKgI2Vyt29aHVJO0OMAS03Eb1PcygeNU4h6t+CS
+UBU+/OTtSQGrLe+kMKP6uBO/cMhv
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/certifiedSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Test-Premium-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt
new file mode 100644
index 000000000..5c07bd9b7
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) AGNIESZKA BAJNO_To20181219.crt
@@ -0,0 +1,41 @@
+-----BEGIN CERTIFICATE-----
+MIIHSDCCBTCgAwIBAgIQHaaUHzn5vENUk+T/aHIefTANBgkqhkiG9w0BAQsFADAx
+MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDzANBgNVBAMMBklTQSBD
+QTAeFw0xNDEyMTkwODQyMzlaFw0xODEyMTkwODQyMzlaMEwxCzAJBgNVBAYTAkJF
+MRwwGgYDVQQKDBNFVVJPUEVBTiBDT01NSVNTSU9OMR8wHQYDVQQDDBYoU0lHTikg
+QUdOSUVTWktBIEJBSk5PMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
+og6nQQcoPlHOrwXYDD+wj38lwn1zbalTTJL7yW3N7OgO9/eSCIY5nGgfnslapC36
+vSO9RbSxW3cV4CJCf2nGZdsZHxNJpf4IG4CEsByui30UGFANtBPlFj/r5avf0OrD
+GKTI2H/6sN2swgs43grcRFQ5yt/ZPhOIgjXjzK4s36IFMBG1GGRQUSDJo+uv3cbu
+BcNjdFro3Zmm9TypDv194f1NwXRbFOon1WtaIsJNKzw4+MKCAyD9BBVATQxGLYeC
+T2tZt3DFbSSXZbBfSnfwGe7eMc99S12Hr/MwAPJhUwZZpienadVNlMNWxwutxcDO
+5HrmOdtxv8Vh9MKlAwvN4QIDAQABo4IDPzCCAzswWwYDVR0RBFQwUoEcQUdOSUVT
+WktBLkJBSk5PQEVDLkVVUk9QQS5FVaQyMDAxFDASBgkrBgEEAaxmAQIMBUJBSk5P
+MRgwFgYJKwYBBAGsZgEBDAlBR05JRVNaS0EwCQYDVR0TBAIwADAOBgNVHQ8BAf8E
+BAMCBkAwHQYDVR0OBBYEFIe8EqP5sxbiNrSKwgNC00FsSfkjMB8GA1UdIwQYMBaA
+FEft+GPwma9e/n4OXFjL/uI1N6a9MIHgBgNVHSAEgdgwgdUwgcgGCisGAQQBrGYD
+BAEwgbkwKQYIKwYBBQUHAgEWHWh0dHA6Ly93d3cuY2VydC5mbm10LmVzL2RwY3Mv
+MIGLBggrBgEFBQcCAjB/DH1RdWFsaWZpZWQgY2VydGlmaWNhdGUuIFVuZGVyIHRo
+ZSB1c2FnZSBjb25kaXRpb25zIGFzc2VydGVkIGluIHRoZSBGTk1ULVJDTSBDUFMg
+KDEwNiwgSm9yZ2UgSnVhbiBzdHJlZXQsMjgwMDksIE1hZHJpZCwgU3BhaW4pLjAI
+BgYEAIswAQEwgYYGCCsGAQUFBwEBBHoweDBBBggrBgEFBQcwAYY1aHR0cDovL29j
+c3BJU0FjYS5jZXJ0LmZubXQuZXMvb2NzcElTQWNhL09jc3BSZXNwb25kZXIwMwYI
+KwYBBQUHMAKGJ2h0dHA6Ly93d3cuY2VydC5mbm10LmVzL2NlcnRzL0lTQUNBLmNy
+dDBGBggrBgEFBQcBAwQ6MDgwCAYGBACORgEBMAsGBgQAjkYBAwIBDzAVBgYEAI5G
+AQIwCxMDRVVSAgECAgECMAgGBgQAjkYBBDCBzAYDVR0fBIHEMIHBMIG+oIG7oIG4
+hoGIbGRhcDovL2xkYXBJU0FjYS5jZXJ0LmZubXQuZXMvQ049Q1JMMSxjbj1JU0El
+MjBDQSxvPUZOTVQtUkNNLEM9RVM/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdDti
+aW5hcnk/YmFzZT9vYmplY3RjbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludIYraHR0
+cDovL3d3dy5jZXJ0LmZubXQuZXMvY3Jsc19JU0FjYS9DUkwxLmNybDANBgkqhkiG
+9w0BAQsFAAOCAgEAd2CyyRljkbR+hxMwnjwzNE9q6nw29uLWx4c/kWfWGNxyjO/m
+bE2KhgXfUm7e441Ih87PX1p8jpTeOhtfvL8CxmsqyDg56GBNq5NprbagpmKHiNCP
+77baZiLMFfEvc915ktLlYQEH+wIe5i0gMPmRWjA2urB/M+fXwLgqQdOEe4e0NSLr
+7YJqHeL1sWQsS4r1zK8ZGv1uJ0v+vAmYXwFtaYYht/c9X+QtVxYaflDcBVnPBxj3
+xUG7vQHe7g5/RPX4vvzAZNV9d5IBk+sCX05dRfRqsym4qw1sw4j0W2nxAfQwk3bf
+W6NP5SgOHfC9sh2LrC3F/wlvePY8piTXFUkRzlsEb8zWM2vfz3QRNgGbxCz3DY3k
+FavdEL/gnNHOg5Q4tn2TVV7YfXLEgu7zN+IqBOdlAtbJXEu60FiF9Cs35IGqwWlb
+eOK8QvogFYDxlgIPrs3ijEA1WHyY+GH1mofSA7u30wEvooCzohFf4DBv06I4q9aC
+NBnTo4yki1yFhBm71r60hlAas6aK6TZ+NUoFWwPypMP617SlHdy8QlFx1s3V+rIt
+2hxUUGddid/FXDKtuUCRqKqx6x8J8bI7DecZsCS7ijPCApjJ84HB8UASRzdGtEwc
+97hvnAqXjpCS/tHAVcVvmP3isNDu4WtV2LQfL/TIY8zMxUebv/E5JyB3KAw=
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt
new file mode 100644
index 000000000..0264c9a80
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/tslworking/trust/eu/(SIGN) JOLANDA VAN EIJNDTHOVEN_To20180915.crt
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIHYDCCBUigAwIBAgIQLc4fd1CtIihUFtlELwMLDDANBgkqhkiG9w0BAQsFADAx
+MQswCQYDVQQGEwJFUzERMA8GA1UECgwIRk5NVC1SQ00xDzANBgNVBAMMBklTQSBD
+QTAeFw0xNDA5MTUxMjE5MTVaFw0xODA5MTUxMjE5MTVaMFQxCzAJBgNVBAYTAkJF
+MRwwGgYDVQQKDBNFVVJPUEVBTiBDT01NSVNTSU9OMScwJQYDVQQDDB4oU0lHTikg
+Sk9MQU5EQSBWQU4gRUlKTkRUSE9WRU4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQC0sin8VvNtcuOnUuGDWtXjZlTx5SoZzJiDG4/6bOt3geyPIvqHzci8
+HSlIJB1YqjNimGltI6BlHelR/skf8rEguEYn/Ijgio2/89b82rsFM1R+ehsjkLMv
+uu+Kj7UunhRCdLAHgnOhmPwIDe3dIxY4Jw0rBdjtyEwV7cNDedOC4lE9iuJ71zls
+pHMedtLfLdwIF0ay/r5Bx1vaiapmzxjDIcArsQlHNmNpK3ysHW+poAhzN8Tj9Vow
+jhTDSw/FTBNbQASzuK0L2IWD0PXrsZSO+yW86Dx0kAN1qSmWxdwZ0PAX+n39mL2G
+GuG8StIrpvLMZDGgN6G52msz2grnIAulAgMBAAGjggNPMIIDSzBrBgNVHREEZDBi
+gSRKT0xBTkRBLlZBTi1FSUpORFRIT1ZFTkBFQy5FVVJPUEEuRVWkOjA4MR4wHAYJ
+KwYBBAGsZgECDA9WQU4gRUlKTkRUSE9WRU4xFjAUBgkrBgEEAaxmAQEMB0pPTEFO
+REEwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBkAwHQYDVR0OBBYEFIz+jZkpky2x
+CorjhNpu1m1pDZ76MB8GA1UdIwQYMBaAFEft+GPwma9e/n4OXFjL/uI1N6a9MIHg
+BgNVHSAEgdgwgdUwgcgGCisGAQQBrGYDBAEwgbkwKQYIKwYBBQUHAgEWHWh0dHA6
+Ly93d3cuY2VydC5mbm10LmVzL2RwY3MvMIGLBggrBgEFBQcCAjB/DH1RdWFsaWZp
+ZWQgY2VydGlmaWNhdGUuIFVuZGVyIHRoZSB1c2FnZSBjb25kaXRpb25zIGFzc2Vy
+dGVkIGluIHRoZSBGTk1ULVJDTSBDUFMgKDEwNiwgSm9yZ2UgSnVhbiBzdHJlZXQs
+MjgwMDksIE1hZHJpZCwgU3BhaW4pLjAIBgYEAIswAQEwgYYGCCsGAQUFBwEBBHow
+eDBBBggrBgEFBQcwAYY1aHR0cDovL29jc3BJU0FjYS5jZXJ0LmZubXQuZXMvb2Nz
+cElTQWNhL09jc3BSZXNwb25kZXIwMwYIKwYBBQUHMAKGJ2h0dHA6Ly93d3cuY2Vy
+dC5mbm10LmVzL2NlcnRzL0lTQUNBLmNydDBGBggrBgEFBQcBAwQ6MDgwCAYGBACO
+RgEBMAsGBgQAjkYBAwIBDzAVBgYEAI5GAQIwCxMDRVVSAgECAgECMAgGBgQAjkYB
+BDCBzAYDVR0fBIHEMIHBMIG+oIG7oIG4hoGIbGRhcDovL2xkYXBJU0FjYS5jZXJ0
+LmZubXQuZXMvQ049Q1JMNixjbj1JU0ElMjBDQSxvPUZOTVQtUkNNLEM9RVM/Y2Vy
+dGlmaWNhdGVSZXZvY2F0aW9uTGlzdDtiaW5hcnk/YmFzZT9vYmplY3RjbGFzcz1j
+UkxEaXN0cmlidXRpb25Qb2ludIYraHR0cDovL3d3dy5jZXJ0LmZubXQuZXMvY3Js
+c19JU0FjYS9DUkw2LmNybDANBgkqhkiG9w0BAQsFAAOCAgEAYnVYxWe3b57eq6qG
+lVE9f7tiEPUGqmKm2cXlRLY50Hat4O/dVDv9teyNd/fvcaK4UHdhRaF+EhOoDsm9
+RTKrkc4VzWIUA8xbgJL8NlJd1OdVgdIk0kuI7QvQQ/x4c9PTyk0ucBw5MNWyr97U
+O68rOBNiF+tS2mrOMJqjQS6vX7tf/HOvyPg9dLY/+KiiuijnAFS9+DPJNWQh8Ukv
+SEqgBkydy0pDFLLOREFHiBY7cOflfjoQm+tKxsPt8Mw/z/p5OLeg8cMyVprtVZ2L
+ohgkJP/Do0SB1lgenlVWAY7f/7swSgn4y6yd99hB74MKDgREqpBVIn5syrgpfZFK
+yYeLZ9/q7FHDdr3TVXLSdcJlIa5+5D8iprdw70vstU9p3mMPXCZNvBFSmVeGNDVm
+2jszt7oD254nj5dm/8tXdXqeq4MEi1wHRposKRc6pPtAPFRTcIzRLQ8BRKTEkA6s
+UbeshjyIIA0942/zEFRO/H+cEMTqz1ZuCHoS3mwM6qjh0cEsZ0tmUpHzrNltR5WP
+o0IKiqqaDxdxN/9OuTId+P5zLRdwsVSduvUm+5krW8Pxn2pkyTg16NN2wLQ7p/Xn
+sEPwBVV2lEUJt8n0obHVYZvBZSUchbcpLQaQxMbIG5dpzFXXBYgXSUMhuf3Seoau
+oMhXPm9N2UyFJ5fwcoXHZPNI1Uw=
+-----END CERTIFICATE----- \ No newline at end of file
diff --git a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
index d1281c1f1..6a85415f8 100644
--- a/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
+++ b/spss/server/serverlib/src/main/java/at/gv/egovernment/moa/spss/server/invoke/XMLSignatureCreationProfileFactory.java
@@ -145,7 +145,12 @@ public class XMLSignatureCreationProfileFactory {
// get the key group id
String keyGroupID = request.getKeyIdentifier();
// get digest method on key group level (if configured)
- String configDigestMethodKG = config.getKeyGroup(keyGroupID).getDigestMethodAlgorithm();
+ KeyGroup keygroup = config.getKeyGroup(keyGroupID);
+ if(null == keygroup) {
+ Logger.error("Could not find key group '" + keyGroupID + "'");
+ throw new MOAApplicationException("2231", null);
+ }
+ String configDigestMethodKG = keygroup.getDigestMethodAlgorithm();
// get default digest method (if configured)
String configDigestMethod = config.getDigestMethodAlgorithmName();