diff options
399 files changed, 52059 insertions, 5458 deletions
diff --git a/.classpath b/.classpath index d8f291998..df0ed1ad2 100644 --- a/.classpath +++ b/.classpath @@ -2,5 +2,6 @@ <classpath>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/>
+ <classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
<classpathentry kind="output" path="target/classes"/>
</classpath>
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs new file mode 100644 index 000000000..638b39a15 --- /dev/null +++ b/.settings/org.eclipse.jdt.core.prefs @@ -0,0 +1,7 @@ +#Thu Jan 03 11:06:02 CET 2013
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.2
+org.eclipse.jdt.core.compiler.compliance=1.4
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=warning
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=warning
+org.eclipse.jdt.core.compiler.source=1.3
diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java index 120c222cf..3b6e8c57d 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -265,6 +265,8 @@ public interface Constants { /** URI of the XAdES v1.1.1 namespace */ public static final String XADES_1_1_1_NS_URI = "http://uri.etsi.org/01903/v1.1.1#"; + public static final String XADES_1_1_1_NS_PREFIX = "xades"; + /** Local location of the XAdES v1.2.2 schema definition */ public static final String XADES_1_2_2_SCHEMA_LOCATION = SCHEMA_ROOT + "XAdES-1.2.2.xsd"; diff --git a/common/src/main/java/at/gv/egovernment/moa/util/Empty.java b/common/src/main/java/at/gv/egovernment/moa/util/Empty.java new file mode 100644 index 000000000..533b39b6b --- /dev/null +++ b/common/src/main/java/at/gv/egovernment/moa/util/Empty.java @@ -0,0 +1,31 @@ +/* + * Copyright 2011 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egovernment.moa.util; + +/** + * @author <a href="mailto:thomas.knall@iaik.tugraz.at">Thomas Knall</a> + */ +public interface Empty { + + /** + * Returns {@code true} if underlying object is empty. + * + * @return {@code true} if empty, {@code false} if not empty. + */ + boolean isEmpty(); + +} diff --git a/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java b/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java new file mode 100644 index 000000000..043baea0e --- /dev/null +++ b/common/src/main/java/at/gv/egovernment/moa/util/MiscUtil.java @@ -0,0 +1,316 @@ +/* + * Copyright 2011 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egovernment.moa.util; + +import iaik.logging.Log; +import iaik.logging.LogFactory; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.lang.reflect.InvocationTargetException; +import java.nio.channels.Channels; +import java.nio.channels.ReadableByteChannel; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Collection; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.Iterator; +import java.util.Properties; + +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.OutputKeys; +import javax.xml.transform.Source; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; + +import org.w3c.dom.Document; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.util.ex.EgovUtilException; + + + +/** + * Class providing several utility methods. + * + * @author <a href="mailto:Arne.Tauber@egiz.gv.at">Arne Tauber</a> + * + */ +public class MiscUtil { + + public static final String DEFAULT_SLASH = "/"; + + public static Log log = LogFactory.getLog(MiscUtil.class); + + private static final int IO_BUFFER_SIZE = 4 * 1024; + + public static void copyStream(InputStream is, OutputStream os) throws IOException { + byte[] b = new byte[IO_BUFFER_SIZE]; + int read; + while ((read = is.read(b)) != -1) { + os.write(b, 0, read); + } + } + + public static void assertNotNull(Object param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + } + + public static boolean areAllNull(Object... objects) { + for (Object o : objects) { + if (o != null) { + return false; + } + } + return true; + } + + public static String extractContentType(String contentTypeString) { + if (contentTypeString == null) { + return ""; + } + if (contentTypeString.indexOf(";") != -1) { + return contentTypeString.substring(0, contentTypeString.indexOf(";")); + } + return contentTypeString; + } + + public static XMLGregorianCalendar getXMLGregorianCalendar(Date date) + throws DatatypeConfigurationException { + GregorianCalendar cal = (GregorianCalendar) GregorianCalendar.getInstance(); + cal.setTime(date); + return DatatypeFactory.newInstance().newXMLGregorianCalendar(cal); + } + + public static XMLGregorianCalendar getXMLGregorianCalendar(String str) + throws DatatypeConfigurationException { + return DatatypeFactory.newInstance().newXMLGregorianCalendar(str); + } + + public static X509Certificate readCertificate(InputStream certStream) + throws CertificateException { + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + return (X509Certificate) cf.generateCertificate(certStream); + } + + public static boolean isEmpty(String str) { + return str == null || "".equals(str); + } + + public static boolean isNotEmpty(String str) { + return str != null && !"".equals(str); + } + + public static byte[] sourceToByteArray(Source result) + throws TransformerException { + TransformerFactory factory = TransformerFactory.newInstance(); + Transformer transformer = factory.newTransformer(); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.setOutputProperty(OutputKeys.METHOD, "xml"); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + StreamResult streamResult = new StreamResult(); + streamResult.setOutputStream(out); + transformer.transform(result, streamResult); + return out.toByteArray(); + } + + public static Document parseDocument(InputStream inputStream) + throws IOException { + try { + DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory + .newInstance(); + docBuilderFactory.setNamespaceAware(true); + DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); + return docBuilder.parse(inputStream); + } catch (ParserConfigurationException e) { + throw new IOException(e); + } catch (SAXException e) { + throw new IOException(e); + } + } + + public static String removePrecedingSlash(String path, String slash) { + assertNotEmpty(slash, "Shash"); + if (!isEmpty(path)) { + while (path.startsWith(slash)) { + path = path.substring(slash.length(), path.length()); + } + } + return path; + } + + public static String removePrecedingSlash(String path) { + return removePrecedingSlash(path, DEFAULT_SLASH); + } + + public static void assertNotEmpty(String param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + if (param.length() == 0) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + @SuppressWarnings("rawtypes") + public static boolean isEmpty(Properties props) { + if (props == null || props.isEmpty()) { + return true; + } + Iterator it = props.values().iterator(); + while (it.hasNext()) { + if (MiscUtil.isNotEmpty((String) it.next())) { + return false; + } + } + return true; + } + + public static boolean isEmpty(Empty empty) { + return empty == null || empty.isEmpty(); + } + + public static boolean isNotEmpty(Empty empty) { + return !isEmpty(empty); + } + + public static boolean isEmpty(byte[] data) { + return data == null || data.length == 0; + } + + public static boolean isNotEmpty(byte[] data) { + return !isEmpty(data); + } + + public static <T> boolean isEmpty(Collection<T> c) { + return c == null || c.isEmpty(); + } + + public static <T> boolean isNotEmpty(Collection<T> c) { + return !isEmpty(c); + } + + public static boolean areAllEmpty(String... strings) { + for (String s : strings) { + if (s != null && s.trim().length() != 0) { + return false; + } + } + return true; + } + + public static boolean areAllEmpty(Empty... empties) { + if (empties != null) { + for (Empty e : empties) { + if (e != null && !e.isEmpty()) { + return false; + } + } + } + return true; + } + + public static <T> void assertNotEmpty(T[] param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + if (param.length == 0) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + public static void assertNotEmpty(Empty empty, String name) { + if (empty == null) { + throw new NullPointerException(name + " must not be null."); + } + if (empty.isEmpty()) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + public static void assertNotEmpty(byte[] param, String name) { + if (param == null) { + throw new NullPointerException(name + " must not be null."); + } + if (param.length == 0) { + throw new IllegalArgumentException(name + " must not be empty."); + } + } + + public static Date parseXMLDate(String xmlDate) throws EgovUtilException { + if (xmlDate == null) { + return null; + } + SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd"); + try { + return sdf.parse(xmlDate); + } catch (ParseException e) { + throw new EgovUtilException(e); + } + } + + public static <T> boolean isEmpty(T[] array) { + return array == null || array.length == 0; + } + + public static <T> boolean isNotEmpty(T[] array) { + return !isEmpty(array); + } + + public static String convertDateFromStandardToXML(String dateString) { + MiscUtil.assertNotNull(dateString, "dateString"); + Date date = parseDate(dateString); + return formatDate(date, "yyyy-MM-dd"); + } + + public static Date parseDate(String dateString) { + return parseDate(dateString, "dd.MM.yyyy"); + } + + public static Date parseDate(String dateString, String pattern) { + MiscUtil.assertNotNull(dateString, "dateString"); + MiscUtil.assertNotNull(pattern, "pattern"); + SimpleDateFormat sdf = new SimpleDateFormat(pattern); + try { + return sdf.parse(dateString); + } catch (ParseException e) { + log.warn(null, "Error parsing date.", e); + return null; + } + } + + public static String formatDate(Date date, String format) { + SimpleDateFormat sdf = new SimpleDateFormat(format); + return sdf.format(date); + } + +} diff --git a/common/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java b/common/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java index 3255b3157..e6df1fd33 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/URLEncoder.java @@ -44,6 +44,8 @@ public class URLEncoder { * @throws UnsupportedEncodingException when the desired encoding is not supported */ public static String encode(String s, String encoding) throws UnsupportedEncodingException { +// if (MiscUtil.isEmpty(s)) +// return null; byte[] barr = s.getBytes(encoding); ByteArrayInputStream bin = new ByteArrayInputStream(barr); StringWriter out = new StringWriter(); diff --git a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java index faa009b0e..21c41257a 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/XPathUtils.java @@ -87,6 +87,7 @@ public class XPathUtils { ctx.addNamespace(Constants.SAML2_PREFIX, Constants.SAML2_NS_URI); ctx.addNamespace(Constants.SAML2P_PREFIX, Constants.SAML2P_NS_URI); ctx.addNamespace(Constants.XENC_PREFIX, Constants.XENC_NS_URI); + ctx.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); NS_CONTEXT = ctx; } @@ -480,7 +481,7 @@ public class XPathUtils { else { MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { "Ungültiger Security Layer Namespace: \"" + sLNamespace + "\"."}); + String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger Security Layer Namespace: \"" + sLNamespace + "\"."}); throw new XPathException(message, null); } @@ -546,7 +547,7 @@ public class XPathUtils { return slPrefix; } else { MessageProvider msg = MessageProvider.getInstance(); - String message = msg.getMessage("xpath.00", new Object[] { "Ungültiger SecurityLayer Namespace: \"" + nameSpace + "\"."}); + String message = msg.getMessage("xpath.00", new Object[] { "Ung�ltiger SecurityLayer Namespace: \"" + nameSpace + "\"."}); throw new XPathException(message, null); } } diff --git a/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java b/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java new file mode 100644 index 000000000..733a2a845 --- /dev/null +++ b/common/src/main/java/at/gv/egovernment/moa/util/ex/EgovUtilException.java @@ -0,0 +1,41 @@ +/* + * Copyright 2011 Federal Chancellery Austria and + * Graz University of Technology + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package at.gv.egovernment.moa.util.ex; + +public class EgovUtilException extends Exception { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public EgovUtilException() { + } + + public EgovUtilException(String message) { + super(message); + } + + public EgovUtilException(Throwable cause) { + super(cause); + } + + public EgovUtilException(String message, Throwable cause) { + super(message, cause); + } + +} diff --git a/id/ConfigWebTool/.classpath b/id/ConfigWebTool/.classpath new file mode 100644 index 000000000..28bcc0ce1 --- /dev/null +++ b/id/ConfigWebTool/.classpath @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="src" output="target/classes" path="src/main/java"> + <attributes> + <attribute name="optional" value="true"/> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="src" output="target/test-classes" path="src/test/java"> + <attributes> + <attribute name="optional" value="true"/> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/> + </attributes> + </classpathentry> + <classpathentry kind="con" path="org.eclipse.jst.server.core.container/org.eclipse.jst.server.tomcat.runtimeTarget/Apache Tomcat v7.0"/> + <classpathentry kind="output" path="target/classes"/> +</classpath> diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml new file mode 100644 index 000000000..411ef55e6 --- /dev/null +++ b/id/ConfigWebTool/pom.xml @@ -0,0 +1,72 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <groupId>MOA.id</groupId> + <artifactId>ConfigurationInterface</artifactId> + <version>0.9</version> + <packaging>war</packaging> + <name>MOA-ID 2.0 Configuration Tool</name> + <description>Web based Configuration Tool for MOA-ID 2.x</description> + + <dependencies> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>jstl</artifactId> + <version>1.2</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>javax.servlet</groupId> + <artifactId>servlet-api</artifactId> + <version>2.5</version> + <scope>provided</scope> + </dependency> + + + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-commons</artifactId> + <version>1.5.2</version> + </dependency> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + <version>1.9.90-SNAPSHOT</version> + </dependency> + + <dependency> + <groupId>at.gv.util</groupId> + <artifactId>egovutils</artifactId> + <version>1.0.2</version> + </dependency> + + <dependency> + <groupId>org.apache.struts</groupId> + <artifactId>struts2-core</artifactId> + <version>2.3.14.3</version> + </dependency> + <dependency> + <groupId>org.apache.struts</groupId> + <artifactId>struts2-json-plugin</artifactId> + <version>2.3.14.3</version> + </dependency> + + <dependency> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + <version>1.2.14</version> + </dependency> + <dependency> + <groupId>commons-lang</groupId> + <artifactId>commons-lang</artifactId> + <version>2.6</version> + <type>jar</type> + <scope>compile</scope> + </dependency> + <dependency> + <groupId>iaik</groupId> + <artifactId>commons-iaik</artifactId> + <version>0.7.1</version> + </dependency> + </dependencies> + +</project>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java new file mode 100644 index 000000000..d088edf34 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -0,0 +1,29 @@ +package at.gv.egovernment.moa.id.configuration; + +public class Constants { + public static final String STRUTS_SUCCESS = "success"; + public static final String STRUTS_ERROR = "error"; + public static final String STRUTS_ERROR_VALIDATION = "error_validation"; + public static final String STRUTS_OA_EDIT = "editOA"; + public static final String STRUTS_REAUTHENTICATE = "reauthentication"; + public static final String STRUTS_NOTALLOWED = "notallowed"; + + public static final String SESSION_AUTH = "authsession"; + public static final String SESSION_AUTH_ERROR = "authsessionerror"; + public static final String SESSION_OAID = "oadbidentifier"; + + public static final String REQUEST_OAID = "oaid"; + + public static final String BKU_ONLINE = "bkuonline"; + public static final String BKU_LOCAL = "bkulocal"; + public static final String BKU_HANDY = "bkuhandy"; + + + public static final String MOA_CONFIG_BUSINESSSERVICE = "businessService"; + + public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1"; + public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x"; + + public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request"; + public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java new file mode 100644 index 000000000..8f75a357c --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java @@ -0,0 +1,133 @@ +package at.gv.egovernment.moa.id.configuration.auth; + +import java.util.Date; + +public class AuthenticatedUser { + + private boolean isAuthenticated = false; + private boolean isAdmin = false; + + private long userID; + private String givenName; + private String familyName; + private String userName; + private Date lastLogin; + + public AuthenticatedUser() { + + } + + public AuthenticatedUser(long userID, String givenName, String familyName, String userName, + boolean isAuthenticated, boolean isAdmin) { + + this.familyName = familyName; + this.givenName = givenName; + this.userName = userName; + this.userID = userID; + this.isAdmin = isAdmin; + this.isAuthenticated = isAuthenticated; + this.lastLogin = new Date(); + } + + /** + * @return the isAuthenticated + */ + public boolean isAuthenticated() { + return isAuthenticated; + } + + /** + * @param isAuthenticated the isAuthenticated to set + */ + public void setAuthenticated(boolean isAuthenticated) { + this.isAuthenticated = isAuthenticated; + } + + /** + * @return the isAdmin + */ + public boolean isAdmin() { + return isAdmin; + } + + /** + * @param isAdmin the isAdmin to set + */ + public void setAdmin(boolean isAdmin) { + this.isAdmin = isAdmin; + } + + /** + * @return the userID + */ + public long getUserID() { + return userID; + } + + /** + * @param userID the userID to set + */ + public void setUserID(long userID) { + this.userID = userID; + } + + /** + * @return the givenName + */ + public String getGivenName() { + return givenName; + } + + /** + * @param givenName the givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * @return the familyName + */ + public String getFamilyName() { + return familyName; + } + + /** + * @param familyName the familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * @return the lastLogin + */ + public Date getLastLogin() { + return lastLogin; + } + + /** + * @param lastLogin the lastLogin to set + */ + public void setLastLogin(Date lastLogin) { + this.lastLogin = lastLogin; + } + + /** + * @return the userName + */ + public String getUserName() { + return userName; + } + + /** + * @param userName the userName to set + */ + public void setUserName(String userName) { + this.userName = userName; + } + + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java new file mode 100644 index 000000000..aeadbd0bb --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -0,0 +1,85 @@ +package at.gv.egovernment.moa.id.configuration.config; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; + + +public class ConfigurationProvider { + + private static final String SYSTEM_PROP_CONFIG = "moa.id.webconfig"; + + private static ConfigurationProvider instance; + private Properties props; + private String configFileName; + + public static ConfigurationProvider getInstance() throws ConfigurationException { + if (instance == null) { + instance = new ConfigurationProvider(); + } + + return instance; + } + + private ConfigurationProvider() throws ConfigurationException { + inizialize(); + } + + private void inizialize() throws ConfigurationException { + + configFileName = System.getProperty(SYSTEM_PROP_CONFIG); + + if (configFileName == null) { + throw new ConfigurationException("config.01"); + } + Logger.info("Loading MOA-ID-AUTH configuration " + configFileName); + + //Initial Hibernate Framework + Logger.trace("Initializing Hibernate framework."); + + //Load MOAID-2.0 properties file + File propertiesFile = new File(configFileName); + FileInputStream fis; + props = new Properties(); + + + try { + fis = new FileInputStream(propertiesFile); + props.load(fis); + + // initialize hibernate + synchronized (ConfigurationProvider.class) { + + //Initial config Database + ConfigurationDBUtils.initHibernate(props); + } + Logger.trace("Hibernate initialization finished."); + + + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.01", e); + } catch (IOException e) { + throw new ConfigurationException("config.02", e); + } catch (MOADatabaseException e) { + throw new ConfigurationException("config.03", e); + } + + } + + public boolean isLoginDeaktivated() { + String result = props.getProperty("general.login.deaktivate", "false"); + return Boolean.parseBoolean(result); + } + + public String getConfigFile() { + return configFileName; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java new file mode 100644 index 000000000..59954df7f --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralMOAIDConfig.java @@ -0,0 +1,835 @@ +package at.gv.egovernment.moa.id.configuration.data; + +import java.io.File; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSignersX509SubjectNameItem; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; + +public class GeneralMOAIDConfig { + + public static final long DEFAULTTIMEOUTASSERTION = 120; //sec + public static final long DEFAULTTIMEOUTMOASESSIONCREATED = 1200; //sec + public static final long DEFAULTTIMEOUTMOASESSIONUPDATED = 2700; //sec + + public static final String LINE_DELIMITER = ";"; + + private String szrgwURL = null; + private String alternativeSourceID = null; + private String certStoreDirectory = null; + private boolean trustmanagerrevocationcheck = false; + + private String timeoutAssertion = String.valueOf(DEFAULTTIMEOUTASSERTION); + private String timeoutMOASessionCreated = String.valueOf(DEFAULTTIMEOUTMOASESSIONCREATED); + private String timeoutMOASessionUpdated = String.valueOf(DEFAULTTIMEOUTMOASESSIONUPDATED); + + private String moaspssURL = null; + private String moaspssAuthTrustProfile = null; + private String moaspssAuthTransformations = ""; + private List<String> authTransformList = null; + private String moaspssIdlTrustProfile = null; + + private String mandateURL = null; + + private boolean legacy_saml1 = false; + private boolean legacy_pvp2 = false; + + private String pvp2PublicUrlPrefix = null; + private String pvp2IssuerName = null; + private String pvp2OrgName = null; + private String pvp2OrgDisplayName = null; + private String pvp2OrgURL = null; + private ContactForm pvp2Contact = null; + + private List<File> fileUpload = null; + private List<String> fileUploadContentType; + private List<String> fileUploadFileName; + private Map<String, byte[]> secLayerTransformation = null; + + private String ssoTarget = null; + private String ssoFriendlyName = null; + private String ssoPublicUrl = null; + private String ssoSpecialText = null; + private String ssoIdentificationNumber = null; + + private String defaultchainigmode = null; + private static Map<String, String> chainigmodelist; + + private String trustedCACerts = null; + + private String defaultBKUOnline = ""; + private String defaultBKULocal = "https://127.0.0.1:3496/https-security-layer-request"; + private String defaultBKUHandy = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; + + private String SLRequestTemplateOnline = ""; + private String SLRequestTemplateLocal = ""; + private String SLRequestTemplateHandy = ""; + + public GeneralMOAIDConfig() { + chainigmodelist = new HashMap<String, String>(); + ChainingModeType[] values = ChainingModeType.values(); + for (int i=0; i<values.length; i++) { + chainigmodelist.put(values[i].value(), values[i].value()); + } + } + + public void parse(MOAIDConfiguration config) { + + if (config != null) { + AuthComponentGeneral auth = config.getAuthComponentGeneral(); + + if (auth != null) { + ForeignIdentities foreign = auth.getForeignIdentities(); + + if (foreign != null) { + ConnectionParameterClientAuthType connect_foreign = foreign.getConnectionParameter(); + if (connect_foreign != null) { + szrgwURL = connect_foreign.getURL(); + } + + STORK stork = foreign.getSTORK(); + if (stork != null) { + //TODO: add Stork config + + } + } + + GeneralConfiguration authgen = auth.getGeneralConfiguration(); + if (authgen != null) { + alternativeSourceID = authgen.getAlternativeSourceID(); + certStoreDirectory = authgen.getCertStoreDirectory(); + trustmanagerrevocationcheck = authgen.isTrustManagerRevocationChecking(); + + TimeOuts timeouts = authgen.getTimeOuts(); + if (timeouts != null) { + + if(timeouts.getAssertion() != null) + timeoutAssertion = String.valueOf(timeouts.getAssertion().longValue()); + if(timeouts.getMOASessionCreated() != null) + timeoutMOASessionCreated = String.valueOf(timeouts.getMOASessionCreated().longValue()); + if(timeouts.getMOASessionUpdated() != null) + timeoutMOASessionUpdated = String.valueOf(timeouts.getMOASessionUpdated().longValue()); + + } + } + + MOASP moaspss = auth.getMOASP(); + if (moaspss != null) { + ConnectionParameterClientAuthType con = moaspss.getConnectionParameter(); + if (con != null) + moaspssURL = con.getURL(); + + VerifyAuthBlock authblock = moaspss.getVerifyAuthBlock(); + if (authblock != null) { + moaspssAuthTrustProfile = authblock.getTrustProfileID(); + + List<String> list = authblock.getVerifyTransformsInfoProfileID(); + for (String el : list) + moaspssAuthTransformations += el + LINE_DELIMITER + "\n"; + } + + VerifyIdentityLink idl = moaspss.getVerifyIdentityLink(); + if (idl != null) { + moaspssIdlTrustProfile = idl.getTrustProfileID(); + } + } + + OnlineMandates mandates = auth.getOnlineMandates(); + if (mandates != null) { + ConnectionParameterClientAuthType con = mandates.getConnectionParameter(); + if (con != null) { + mandateURL = con.getURL(); + } + } + + Protocols protocols = auth.getProtocols(); + if (protocols != null) { + LegacyAllowed legacy = protocols.getLegacyAllowed(); + + if (legacy != null) { + List<String> list = legacy.getProtocolName(); + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) + legacy_saml1 = true; + + if (list.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) + legacy_pvp2 = true; + } + + PVP2 pvp2 = protocols.getPVP2(); + if (pvp2 != null) { + pvp2PublicUrlPrefix = pvp2.getPublicURLPrefix(); + pvp2IssuerName = pvp2.getIssuerName(); + + List<Contact> con = pvp2.getContact(); + + //TODO: change to support more contacts + if (con != null && con.size() > 0) { + pvp2Contact = new ContactForm(con.get(0)); + + } + + Organization org = pvp2.getOrganization(); + if (org != null) { + pvp2OrgDisplayName = org.getDisplayName(); + pvp2OrgName = org.getName(); + pvp2OrgURL = org.getURL(); + } + } + } + + SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer != null) { + List<TransformsInfoType> list = seclayer.getTransformsInfo(); + + fileUploadFileName = new ArrayList<String>(); + + for (TransformsInfoType el : list) { + fileUploadFileName.add(el.getFilename()); + } + } + + SSO sso = auth.getSSO(); + if (sso != null) { + ssoFriendlyName = sso.getFriendlyName(); + + IdentificationNumber idl = sso.getIdentificationNumber(); + if (idl != null) + ssoIdentificationNumber = idl.getValue(); + + ssoPublicUrl = sso.getPublicURL(); + ssoSpecialText = sso.getSpecialText(); + ssoTarget = sso.getTarget(); + } + } + + ChainingModes modes = config.getChainingModes(); + if (modes != null) { + ChainingModeType defaultmode = modes.getSystemDefaultMode(); + if (defaultmode != null) { + defaultchainigmode = defaultmode.value(); + + } + + List<TrustAnchor> trustanchor = modes.getTrustAnchor(); + if (trustanchor != null) { + //TODO: set addional trust anchors!!!! + } + } + + trustedCACerts = config.getTrustedCACertificates(); + + DefaultBKUs defaultbkus = config.getDefaultBKUs(); + if (defaultbkus != null) { + defaultBKUHandy = defaultbkus.getHandyBKU(); + defaultBKULocal = defaultbkus.getLocalBKU(); + defaultBKUOnline = defaultbkus.getOnlineBKU(); + } + + SLRequestTemplates slreq = config.getSLRequestTemplates(); + if (slreq != null) { + SLRequestTemplateHandy = slreq.getHandyBKU(); + SLRequestTemplateLocal = slreq.getLocalBKU(); + SLRequestTemplateOnline = slreq.getOnlineBKU(); + } + } + } + + /** + * @return the szrgwURL + */ + public String getSzrgwURL() { + return szrgwURL; + } + + /** + * @param szrgwURL the szrgwURL to set + */ + public void setSzrgwURL(String szrgwURL) { + this.szrgwURL = szrgwURL; + } + + /** + * @return the alternativeSourceID + */ + public String getAlternativeSourceID() { + return alternativeSourceID; + } + + /** + * @param alternativeSourceID the alternativeSourceID to set + */ + public void setAlternativeSourceID(String alternativeSourceID) { + this.alternativeSourceID = alternativeSourceID; + } + + /** + * @return the certStoreDirectory + */ + public String getCertStoreDirectory() { + return certStoreDirectory; + } + + /** + * @param certStoreDirectory the certStoreDirectory to set + */ + public void setCertStoreDirectory(String certStoreDirectory) { + this.certStoreDirectory = certStoreDirectory; + } + + /** + * @return the timeoutAssertion + */ + public String getTimeoutAssertion() { + return timeoutAssertion; + } + + /** + * @param timeoutAssertion the timeoutAssertion to set + */ + public void setTimeoutAssertion(String timeoutAssertion) { + this.timeoutAssertion = timeoutAssertion; + } + + /** + * @return the timeoutMOASessionCreated + */ + public String getTimeoutMOASessionCreated() { + return timeoutMOASessionCreated; + } + + /** + * @param timeoutMOASessionCreated the timeoutMOASessionCreated to set + */ + public void setTimeoutMOASessionCreated(String timeoutMOASessionCreated) { + this.timeoutMOASessionCreated = timeoutMOASessionCreated; + } + + /** + * @return the timeoutMOASessionUpdated + */ + public String getTimeoutMOASessionUpdated() { + return timeoutMOASessionUpdated; + } + + /** + * @param timeoutMOASessionUpdated the timeoutMOASessionUpdated to set + */ + public void setTimeoutMOASessionUpdated(String timeoutMOASessionUpdated) { + this.timeoutMOASessionUpdated = timeoutMOASessionUpdated; + } + + /** + * @return the moaspssURL + */ + public String getMoaspssURL() { + return moaspssURL; + } + + /** + * @param moaspssURL the moaspssURL to set + */ + public void setMoaspssURL(String moaspssURL) { + this.moaspssURL = moaspssURL; + } + + /** + * @return the moaspssAuthTrustProfile + */ + public String getMoaspssAuthTrustProfile() { + return moaspssAuthTrustProfile; + } + + /** + * @param moaspssAuthTrustProfile the moaspssAuthTrustProfile to set + */ + public void setMoaspssAuthTrustProfile(String moaspssAuthTrustProfile) { + this.moaspssAuthTrustProfile = moaspssAuthTrustProfile; + } + + /** + * @return the moaspssAuthTransformations + */ + public String getMoaspssAuthTransformations() { + return moaspssAuthTransformations; + } + + /** + * @param moaspssAuthTransformations the moaspssAuthTransformations to set + */ + public void setMoaspssAuthTransformations(String moaspssAuthTransformations) { + this.moaspssAuthTransformations = moaspssAuthTransformations; + } + + /** + * @return the moaspssIdlTrustProfile + */ + public String getMoaspssIdlTrustProfile() { + return moaspssIdlTrustProfile; + } + + /** + * @param moaspssIdlTrustProfile the moaspssIdlTrustProfile to set + */ + public void setMoaspssIdlTrustProfile(String moaspssIdlTrustProfile) { + this.moaspssIdlTrustProfile = moaspssIdlTrustProfile; + } + + /** + * @return the mandateURL + */ + public String getMandateURL() { + return mandateURL; + } + + /** + * @param mandateURL the mandateURL to set + */ + public void setMandateURL(String mandateURL) { + this.mandateURL = mandateURL; + } + + /** + * @return the legacy_saml1 + */ + public boolean isLegacy_saml1() { + return legacy_saml1; + } + + /** + * @param legacy_saml1 the legacy_saml1 to set + */ + public void setLegacy_saml1(boolean legacy_saml1) { + this.legacy_saml1 = legacy_saml1; + } + + /** + * @return the legacy_pvp2 + */ + public boolean isLegacy_pvp2() { + return legacy_pvp2; + } + + /** + * @param legacy_pvp2 the legacy_pvp2 to set + */ + public void setLegacy_pvp2(boolean legacy_pvp2) { + this.legacy_pvp2 = legacy_pvp2; + } + + /** + * @return the pvp2PublicUrlPrefix + */ + public String getPvp2PublicUrlPrefix() { + return pvp2PublicUrlPrefix; + } + + /** + * @param pvp2PublicUrlPrefix the pvp2PublicUrlPrefix to set + */ + public void setPvp2PublicUrlPrefix(String pvp2PublicUrlPrefix) { + this.pvp2PublicUrlPrefix = pvp2PublicUrlPrefix; + } + + /** + * @return the pvp2IssuerName + */ + public String getPvp2IssuerName() { + return pvp2IssuerName; + } + + /** + * @param pvp2IssuerName the pvp2IssuerName to set + */ + public void setPvp2IssuerName(String pvp2IssuerName) { + this.pvp2IssuerName = pvp2IssuerName; + } + + /** + * @return the pvp2OrgName + */ + public String getPvp2OrgName() { + return pvp2OrgName; + } + + /** + * @param pvp2OrgName the pvp2OrgName to set + */ + public void setPvp2OrgName(String pvp2OrgName) { + this.pvp2OrgName = pvp2OrgName; + } + + /** + * @return the pvp2OrgDisplayName + */ + public String getPvp2OrgDisplayName() { + return pvp2OrgDisplayName; + } + + /** + * @param pvp2OrgDisplayName the pvp2OrgDisplayName to set + */ + public void setPvp2OrgDisplayName(String pvp2OrgDisplayName) { + this.pvp2OrgDisplayName = pvp2OrgDisplayName; + } + + /** + * @return the pvp2OrgURL + */ + public String getPvp2OrgURL() { + return pvp2OrgURL; + } + + /** + * @param pvp2OrgURL the pvp2OrgURL to set + */ + public void setPvp2OrgURL(String pvp2OrgURL) { + this.pvp2OrgURL = pvp2OrgURL; + } + + /** + * @return the pvp2Contact + */ + public ContactForm getPvp2Contact() { + return pvp2Contact; + } + + /** + * @param pvp2Contact the pvp2Contact to set + */ + public void setPvp2Contact(ContactForm pvp2Contact) { + this.pvp2Contact = pvp2Contact; + } + + /** + * @return the fileUpload + */ + public List<File> getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(List<File> fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public List<String> getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(List<String> fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public List<String> getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(List<String> fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the ssoTarget + */ + public String getSsoTarget() { + return ssoTarget; + } + + /** + * @param ssoTarget the ssoTarget to set + */ + public void setSsoTarget(String ssoTarget) { + this.ssoTarget = ssoTarget; + } + + /** + * @return the ssoFriendlyName + */ + public String getSsoFriendlyName() { + return ssoFriendlyName; + } + + /** + * @param ssoFriendlyName the ssoFriendlyName to set + */ + public void setSsoFriendlyName(String ssoFriendlyName) { + this.ssoFriendlyName = ssoFriendlyName; + } + + /** + * @return the ssoPublicUrl + */ + public String getSsoPublicUrl() { + return ssoPublicUrl; + } + + /** + * @param ssoPublicUrl the ssoPublicUrl to set + */ + public void setSsoPublicUrl(String ssoPublicUrl) { + this.ssoPublicUrl = ssoPublicUrl; + } + + /** + * @return the ssoSpecialText + */ + public String getSsoSpecialText() { + return ssoSpecialText; + } + + /** + * @param ssoSpecialText the ssoSpecialText to set + */ + public void setSsoSpecialText(String ssoSpecialText) { + this.ssoSpecialText = ssoSpecialText; + } + + /** + * @return the ssoIdentificationNumber + */ + public String getSsoIdentificationNumber() { + return ssoIdentificationNumber; + } + + /** + * @param ssoIdentificationNumber the ssoIdentificationNumber to set + */ + public void setSsoIdentificationNumber(String ssoIdentificationNumber) { + this.ssoIdentificationNumber = ssoIdentificationNumber; + } + + /** + * @return the defaultchainigmode + */ + public String getDefaultchainigmode() { + return defaultchainigmode; + } + + /** + * @param defaultchainigmode the defaultchainigmode to set + */ + public void setDefaultchainigmode(String defaultchainigmode) { + this.defaultchainigmode = defaultchainigmode; + } + + /** + * @return the defaultBKUOnline + */ + public String getDefaultBKUOnline() { + return defaultBKUOnline; + } + + /** + * @param defaultBKUOnline the defaultBKUOnline to set + */ + public void setDefaultBKUOnline(String defaultBKUOnline) { + this.defaultBKUOnline = defaultBKUOnline; + } + + /** + * @return the defaultBKULocal + */ + public String getDefaultBKULocal() { + return defaultBKULocal; + } + + /** + * @param defaultBKULocal the defaultBKULocal to set + */ + public void setDefaultBKULocal(String defaultBKULocal) { + this.defaultBKULocal = defaultBKULocal; + } + + /** + * @return the defaultBKUHandy + */ + public String getDefaultBKUHandy() { + return defaultBKUHandy; + } + + /** + * @param defaultBKUHandy the defaultBKUHandy to set + */ + public void setDefaultBKUHandy(String defaultBKUHandy) { + this.defaultBKUHandy = defaultBKUHandy; + } + + /** + * @return the sLRequestTemplateOnline + */ + public String getSLRequestTemplateOnline() { + return SLRequestTemplateOnline; + } + + /** + * @param sLRequestTemplateOnline the sLRequestTemplateOnline to set + */ + public void setSLRequestTemplateOnline(String sLRequestTemplateOnline) { + SLRequestTemplateOnline = sLRequestTemplateOnline; + } + + /** + * @return the sLRequestTemplateLocal + */ + public String getSLRequestTemplateLocal() { + return SLRequestTemplateLocal; + } + + /** + * @param sLRequestTemplateLocal the sLRequestTemplateLocal to set + */ + public void setSLRequestTemplateLocal(String sLRequestTemplateLocal) { + SLRequestTemplateLocal = sLRequestTemplateLocal; + } + + /** + * @return the sLRequestTemplateHandy + */ + public String getSLRequestTemplateHandy() { + return SLRequestTemplateHandy; + } + + /** + * @param sLRequestTemplateHandy the sLRequestTemplateHandy to set + */ + public void setSLRequestTemplateHandy(String sLRequestTemplateHandy) { + SLRequestTemplateHandy = sLRequestTemplateHandy; + } + + /** + * @return the trustmanagerrevocationcheck + */ + public boolean isTrustmanagerrevocationcheck() { + return trustmanagerrevocationcheck; + } + + /** + * @param trustmanagerrevocationcheck the trustmanagerrevocationcheck to set + */ + public void setTrustmanagerrevocationcheck(boolean trustmanagerrevocationcheck) { + this.trustmanagerrevocationcheck = trustmanagerrevocationcheck; + } + + /** + * @return the trustedCACerts + */ + public String getTrustedCACerts() { + return trustedCACerts; + } + + /** + * @param trustedCACerts the trustedCACerts to set + */ + public void setTrustedCACerts(String trustedCACerts) { + this.trustedCACerts = trustedCACerts; + } + + /** + * @return the chainigmodelist + */ + public Map<String, String> getChainigmodelist() { + return chainigmodelist; + } + + /** + * @param chainigmodelist the chainigmodelist to set + */ + public void setChainigmodelist(Map<String, String> chainigmodelist) { + GeneralMOAIDConfig.chainigmodelist = chainigmodelist; + } + + /** + * @return the secLayerTransformation + */ + public Map<String, byte[]> getSecLayerTransformation() { + return secLayerTransformation; + } + + /** + * @param secLayerTransformation the secLayerTransformation to set + */ + public void setSecLayerTransformation(Map<String, byte[]> secLayerTransformation) { + this.secLayerTransformation = secLayerTransformation; + } + + /** + * @return the authTransformList + */ + public List<String> getAuthTransformList() { + return authTransformList; + } + + /** + * @param authTransformList the authTransformList to set + */ + public void setAuthTransformList(List<String> authTransformList) { + this.authTransformList = authTransformList; + } + + + + + public void setFileUpload(File fileUpload) { + if (this.fileUpload == null) + this.fileUpload = new ArrayList<File>(); + this.fileUpload.add(fileUpload); + } + + public void setFileUploadContentType(String fileUploadContentType) { + if (this.fileUploadContentType == null) + this.fileUploadContentType = new ArrayList<String>(); + this.fileUploadContentType.add(fileUploadContentType); + } + + public void setFileUploadFileName(String fileUploadFileName) { + if (this.fileUploadFileName == null) + this.fileUploadFileName = new ArrayList<String>(); + this.fileUploadFileName.add(fileUploadFileName); + } + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java new file mode 100644 index 000000000..0ea21617e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java @@ -0,0 +1,77 @@ +package at.gv.egovernment.moa.id.configuration.data; + +public class OAListElement { + + private long dataBaseID; + private String oaIdentifier; + private String oaFriendlyName; + private String oaType; + private boolean isActive; + + + /** + * @return the dataBaseID + */ + public long getDataBaseID() { + return dataBaseID; + } + /** + * @param dataBaseID the dataBaseID to set + */ + public void setDataBaseID(long dataBaseID) { + this.dataBaseID = dataBaseID; + } + /** + * @return the oaIdentifier + */ + public String getOaIdentifier() { + return oaIdentifier; + } + /** + * @param oaIdentifier the oaIdentifier to set + */ + public void setOaIdentifier(String oaIdentifier) { + this.oaIdentifier = oaIdentifier; + } + /** + * @return the oaFriendlyName + */ + public String getOaFriendlyName() { + return oaFriendlyName; + } + /** + * @param oaFriendlyName the oaFriendlyName to set + */ + public void setOaFriendlyName(String oaFriendlyName) { + this.oaFriendlyName = oaFriendlyName; + } + /** + * @return the oaType + */ + public String getOaType() { + return oaType; + } + /** + * @param oaType the oaType to set + */ + public void setOaType(String oaType) { + this.oaType = oaType; + } + /** + * @return the isActive + */ + public boolean isActive() { + return isActive; + } + /** + * @param isActive the isActive to set + */ + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + public String getIsActive(){ + return String.valueOf(isActive); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java new file mode 100644 index 000000000..881cdf277 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java @@ -0,0 +1,253 @@ +package at.gv.egovernment.moa.id.configuration.data; + +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.util.data.BPK; + +public class UserDatabaseFrom { + + private String bpk; + private String familyName; + private String givenName; + private String institut; + private String mail; + private String phone; + private String username; + private String password; + private String password_second; + private boolean active = false; + private boolean admin = false; + private boolean passwordActive; + private String userID = null; + + public UserDatabaseFrom() { + + } + + public UserDatabaseFrom(UserDatabase db) { + bpk = db.getBpk(); + familyName = db.getFamilyname(); + givenName = db.getGivenname(); + institut = db.getInstitut(); + mail = db.getMail(); + phone = db.getPhone(); + username = db.getUsername(); + + if (MiscUtil.isNotEmpty(db.getPassword())) + passwordActive = true; + else + passwordActive = false; + + active = db.isIsActive(); + admin = db.isIsAdmin(); + + userID = String.valueOf(db.getHjid()); + } + + + /** + * @return the bpk + */ + public String getBpk() { + return bpk; + } + + + /** + * @param bpk the bpk to set + */ + public void setBpk(String bpk) { + this.bpk = bpk; + } + + + /** + * @return the familyName + */ + public String getFamilyName() { + return familyName; + } + + + /** + * @param familyName the familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + + /** + * @return the givenName + */ + public String getGivenName() { + return givenName; + } + + + /** + * @param givenName the givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + + /** + * @return the institut + */ + public String getInstitut() { + return institut; + } + + + /** + * @param institut the institut to set + */ + public void setInstitut(String institut) { + this.institut = institut; + } + + + /** + * @return the mail + */ + public String getMail() { + return mail; + } + + + /** + * @param mail the mail to set + */ + public void setMail(String mail) { + this.mail = mail; + } + + + /** + * @return the phone + */ + public String getPhone() { + return phone; + } + + + /** + * @param phone the phone to set + */ + public void setPhone(String phone) { + this.phone = phone; + } + + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + + /** + * @return the active + */ + public boolean isActive() { + return active; + } + + + /** + * @param active the active to set + */ + public void setActive(boolean active) { + this.active = active; + } + + + /** + * @return the admin + */ + public boolean isAdmin() { + return admin; + } + + + /** + * @param admin the admin to set + */ + public void setAdmin(boolean admin) { + this.admin = admin; + } + + + /** + * @return the passwordActive + */ + public boolean isPasswordActive() { + return passwordActive; + } + + + /** + * @param passwordActive the passwordActive to set + */ + public void setPasswordActive(boolean passwordActive) { + this.passwordActive = passwordActive; + } + + /** + * @return the userID + */ + public String getUserID() { + return userID; + } + + /** + * @param userID the userID to set + */ + public void setUserID(String userID) { + this.userID = userID; + } + + /** + * @return the password_second + */ + public String getPassword_second() { + return password_second; + } + + /** + * @param password_second the password_second to set + */ + public void setPassword_second(String password_second) { + this.password_second = password_second; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java new file mode 100644 index 000000000..57ae4863a --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -0,0 +1,466 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.util.MiscUtil; + + +public class OAGeneralConfig { + + private String dbID = null; + + private String bkuOnlineURL = null; + private String bkuHandyURL = null; + private String bkuLocalURL = null; + + private String identifier = null; + private String friendlyName = null; + + private boolean businessService = false; + + private String target = null; + private String targetFriendlyName = null; + + private String identificationNumber = null; + private String identificationType = null; + + private String aditionalAuthBlockText = null; + + private String mandateProfiles = null; + + private boolean isActive = false; + private String slVersion = null; + private boolean useIFrame = false; + private boolean useUTC = false; + private boolean calculateHPI = false; + + private String keyBoxIdentifier = null; + private static Map<String, String> keyBoxIdentifierList; + + private boolean legacy = false; + List<String> SLTemplates = null; + + private Map<String, byte[]> transformations; + + + + public OAGeneralConfig() { + keyBoxIdentifierList = new HashMap<String, String>(); + MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); + for (int i=0; i<values.length; i++) { + keyBoxIdentifierList.put(values[i].value(), values[i].value()); + } + + bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; + bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; + } + + + public void parse(OnlineApplication dbOAConfig) { + + isActive = dbOAConfig.isIsActive(); + + friendlyName = dbOAConfig.getFriendlyName(); + + keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value(); + + identifier = dbOAConfig.getPublicURLPrefix(); + target = dbOAConfig.getTarget(); + targetFriendlyName = dbOAConfig.getTargetFriendlyName(); + + if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) + businessService = true; + else + businessService = false; + + AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA(); + if (oaauth != null) { + BKUURLS bkuurls = oaauth.getBKUURLS(); + + String defaulthandy = ""; + String defaultlocal = ""; + String defaultonline = ""; + + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (dbconfig != null) { + DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); + if (defaultbkus != null) { + defaulthandy = defaultbkus.getHandyBKU(); + defaultlocal = defaultbkus.getLocalBKU(); + defaultonline = defaultbkus.getOnlineBKU(); + } + } + + if (bkuurls != null) { + + if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) + bkuHandyURL = defaulthandy; + else + bkuHandyURL = bkuurls.getHandyBKU(); + + if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) + bkuLocalURL = defaultlocal; + else + bkuLocalURL = bkuurls.getLocalBKU(); + + if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) + bkuOnlineURL = defaultonline; + else + bkuOnlineURL = bkuurls.getOnlineBKU(); + } + + IdentificationNumber idnumber = oaauth.getIdentificationNumber(); + if (idnumber != null) { + identificationNumber = idnumber.getValue(); + } + + Mandates mandates = oaauth.getMandates(); + if (mandates != null) { + mandateProfiles = mandates.getProfiles(); + } + + slVersion = oaauth.getSlVersion(); + + TemplatesType templates = oaauth.getTemplates(); + if (templates != null) { + aditionalAuthBlockText = templates.getAditionalAuthBlockText(); + List<TemplateType> templatetype = templates.getTemplate(); + + if (templatetype != null) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<String>(); + } + + for (TemplateType el : templatetype) { + SLTemplates.add(el.getURL()); + } + } + } + + if (SLTemplates != null && SLTemplates.size() > 0) + legacy = true; + + List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo(); + transformations = new HashMap<String, byte[]>(); + for (TransformsInfoType el : transforminfos) { + transformations.put(el.getFilename(), el.getTransformation()); + } + + useIFrame = oaauth.isUseIFrame(); + useUTC = oaauth.isUseUTC(); + } + + + + + } + + public String getIdentifier() { + return identifier; + } + + public void setIdentifier(String identifier) { + this.identifier = identifier; + } + + public String getFriendlyName() { + return friendlyName; + } + + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + public String getIdentificationNumber() { + return identificationNumber; + } + + public void setIdentificationNumber(String identificationNumber) { + this.identificationNumber = identificationNumber; + } + + public String getIdentificationType() { + return identificationType; + } + + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + public String getAditionalAuthBlockText() { + return aditionalAuthBlockText; + } + + public void setAditionalAuthBlockText(String aditionalAuthBlockText) { + this.aditionalAuthBlockText = aditionalAuthBlockText; + } + + public String getMandateProfiles() { + return mandateProfiles; + } + + public void setMandateProfiles(String mandateProfiles) { + this.mandateProfiles = mandateProfiles; + } + + public boolean isActive() { + return isActive; + } + + public void setActive(boolean isActive) { + this.isActive = isActive; + } + + public String getSlVersion() { + return slVersion; + } + + public void setSlVersion(String slVersion) { + this.slVersion = slVersion; + } + + public boolean isUseIFrame() { + return useIFrame; + } + + public void setUseIFrame(boolean useIFrame) { + this.useIFrame = useIFrame; + } + + public boolean isUseUTC() { + return useUTC; + } + + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + + public boolean isBusinessService() { + return businessService; + } + + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + + public String getBkuOnlineURL() { + return bkuOnlineURL; + } + + public void setBkuOnlineURL(String bkuOnlineURL) { + this.bkuOnlineURL = bkuOnlineURL; + } + + public String getBkuHandyURL() { + return bkuHandyURL; + } + + public void setBkuHandyURL(String bkuHandyURL) { + this.bkuHandyURL = bkuHandyURL; + } + + public String getBkuLocalURL() { + return bkuLocalURL; + } + + public void setBkuLocalURL(String bkuLocalURL) { + this.bkuLocalURL = bkuLocalURL; + } + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * @param keyBoxIdentifier the keyBoxIdentifier to set + */ + public void setKeyBoxIdentifier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * @return the transformations + */ + public Map<String, byte[]> getTransformations() { + return transformations; + } + + /** + * @param transformations the transformations to set + */ + public void setTransformations(Map<String, byte[]> transformations) { + this.transformations = transformations; + } + + + /** + * @return the dbID + */ + public String getDbID() { + return dbID; + } + + + /** + * @param dbID the dbID to set + */ + public void setDbID(long dbID) { + this.dbID = String.valueOf(dbID); + } + + /** + * @param dbID the dbID to set + */ + public void setDbID(String dbID) { + this.dbID = dbID; + } + + + /** + * @return the calculateHPI + */ + public boolean isCalculateHPI() { + return calculateHPI; + } + + + /** + * @param calculateHPI the calculateHPI to set + */ + public void setCalculateHPI(boolean calculateHPI) { + this.calculateHPI = calculateHPI; + } + + + /** + * @return the keyBoxIdentifierList + */ + public Map<String, String> getKeyBoxIdentifierList() { + return keyBoxIdentifierList; + } + + + /** + * @param keyBoxIdentifierList the keyBoxIdentifierList to set + */ + public void setKeyBoxIdentifierList(Map<String, String> list) { + keyBoxIdentifierList = list; + } + + + /** + * @return the legacy + */ + public boolean isLegacy() { + return legacy; + } + + + /** + * @param legacy the legacy to set + */ + public void setLegacy(boolean legacy) { + this.legacy = legacy; + } + + + /** + * @return the sLTemplateURL1 + */ + public String getSLTemplateURL1() { + if (SLTemplates != null && SLTemplates.size() > 0) + return SLTemplates.get(0); + else + return null; + } + + + /** + * @param sLTemplateURL1 the sLTemplateURL1 to set + */ + public void setSLTemplateURL1(String sLTemplateURL1) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL1); + } + + + /** + * @return the sLTemplateURL2 + */ + public String getSLTemplateURL2() { + if (SLTemplates != null && SLTemplates.size() > 1) + return SLTemplates.get(1); + else + return null; + } + + + /** + * @param sLTemplateURL2 the sLTemplateURL2 to set + */ + public void setSLTemplateURL2(String sLTemplateURL2) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL2); + } + + + /** + * @return the sLTemplateURL3 + */ + public String getSLTemplateURL3() { + if (SLTemplates != null && SLTemplates.size() > 2) + return SLTemplates.get(2); + else + return null; + } + + + /** + * @param sLTemplateURL3 the sLTemplateURL3 to set + */ + public void setSLTemplateURL3(String sLTemplateURL3) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL3); + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java new file mode 100644 index 000000000..fdce518a7 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -0,0 +1,126 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.List; + +import org.apache.log4j.Logger; + +import iaik.x509.X509Certificate; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OAPVP2Config { + + private final Logger log = Logger.getLogger(OAPVP2Config.class); + + private String metaDataURL = null; + private String certificateDN = null; + + private File fileUpload = null; + private String fileUploadContentType; + private String fileUploadFileName; + + public OAPVP2Config() { + } + + public List<String> parse(OnlineApplication dbOAConfig) { + List<String> errors = new ArrayList<String>(); + + AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + OAPVP2 pvp2 = authdata.getOAPVP2(); + if (pvp2 != null) { + metaDataURL = pvp2.getMetadataURL(); + + try { + byte[] cert = pvp2.getCertificate(); + + if (MiscUtil.isNotEmpty(cert)) { + X509Certificate x509 = new X509Certificate(cert); + certificateDN = x509.getSubjectDN().getName(); + } + } catch (CertificateException e) { + log.warn("PVP2 certificate can not be loaded from Online-Applikation with ID " + dbOAConfig.getPublicURLPrefix()); + errors.add(LanguageHelper.getErrorString("error.oa.pvp2.certificate")); + } + } + } + return errors; + } + + public byte[] getCertificate() throws CertificateException, IOException { + + FileInputStream filestream = new FileInputStream(fileUpload); + X509Certificate x509 = new X509Certificate(filestream); + return x509.getEncoded(); + } + + public String getMetaDataURL() { + return metaDataURL; + } + public void setMetaDataURL(String metaDataURL) { + this.metaDataURL = metaDataURL; + } + + /** + * @return the certificateDN + */ + public String getCertificateDN() { + return certificateDN; + } + + /** + * @return the fileUpLoad + */ + public File getFileUpload() { + return fileUpload; + } + + /** + * @param fileUpLoad the fileUpLoad to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + +} + + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java new file mode 100644 index 000000000..687a06b9e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -0,0 +1,81 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + +public class OASAML1Config { + + private boolean provideStammZahl = false; + private boolean provideAuthBlock = false; + private boolean provideIdentityLink = false; + private boolean provideCertificate = false; + private boolean provideFullMandateData = false; + private boolean useCondition = false; + private int conditionLength = -1; + + + public OASAML1Config() { + } + + public void parse(OnlineApplication dbOAConfig) { + AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + OASAML1 saml1 = authdata.getOASAML1(); + if (saml1 != null) { + provideAuthBlock = saml1.isProvideAUTHBlock(); + provideCertificate = saml1.isProvideCertificate(); + provideFullMandateData = saml1.isProvideFullMandatorData(); + provideIdentityLink = saml1.isProvideIdentityLink(); + provideStammZahl = saml1.isProvideStammzahl(); + useCondition = saml1.isUseCondition(); + conditionLength = saml1.getConditionLength().intValue(); + } + } + } + + public boolean isProvideStammZahl() { + return provideStammZahl; + } + public void setProvideStammZahl(boolean provideStammZahl) { + this.provideStammZahl = provideStammZahl; + } + public boolean isProvideAuthBlock() { + return provideAuthBlock; + } + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + public boolean isProvideIdentityLink() { + return provideIdentityLink; + } + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + public boolean isProvideCertificate() { + return provideCertificate; + } + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + public boolean isProvideFullMandateData() { + return provideFullMandateData; + } + public void setProvideFullMandateData(boolean provideFullMandateData) { + this.provideFullMandateData = provideFullMandateData; + } + public boolean isUseCondition() { + return useCondition; + } + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + public int getConditionLength() { + return conditionLength; + } + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java new file mode 100644 index 000000000..0241b6a04 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + +public class OASSOConfig { + + private boolean useSSO = false; + private boolean showAuthDataFrame = true; + private String singleLogOutURL = null; + + public OASSOConfig() { + + } + + public void parse(OnlineApplication dbOAConfig) { + AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + if (authdata != null) { + OASSO ssoconfig = authdata.getOASSO(); + if(ssoconfig != null) { + useSSO = ssoconfig.isUseSSO(); + showAuthDataFrame = ssoconfig.isAuthDataFrame(); + singleLogOutURL = ssoconfig.getSingleLogOutURL(); + } + } + } + + public boolean isUseSSO() { + return useSSO; + } + public void setUseSSO(boolean useSSO) { + this.useSSO = useSSO; + } + public boolean isShowAuthDataFrame() { + return showAuthDataFrame; + } + public void setShowAuthDataFrame(boolean showAuthDataFrame) { + this.showAuthDataFrame = showAuthDataFrame; + } + public String getSingleLogOutURL() { + return singleLogOutURL; + } + public void setSingleLogOutURL(String singleLogOutURL) { + this.singleLogOutURL = singleLogOutURL; + } + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java new file mode 100644 index 000000000..74edde653 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.configuration.data.oa; + +public class OASTORKConfig { + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/pvp2/ContactForm.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/pvp2/ContactForm.java new file mode 100644 index 000000000..fe685e6d0 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/pvp2/ContactForm.java @@ -0,0 +1,114 @@ +package at.gv.egovernment.moa.id.configuration.data.pvp2; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; + +public class ContactForm { + + private String surname; + private String givenname; + private List<String> mail; + private String type; + private String company; + private List<String> phone; + + public ContactForm() { + + } + + public ContactForm(Contact dbcont) { + this.surname = dbcont.getSurName(); + this.givenname = dbcont.getGivenName(); + this.mail =dbcont.getMail(); + this.phone = dbcont.getPhone(); + this.company = dbcont.getCompany(); + this.type = dbcont.getType(); + } + + /** + * @return the surname + */ + public String getSurname() { + return surname; + } + /** + * @param surname the surname to set + */ + public void setSurname(String surname) { + this.surname = surname; + } + /** + * @return the givenname + */ + public String getGivenname() { + return givenname; + } + /** + * @param givenname the givenname to set + */ + public void setGivenname(String givenname) { + this.givenname = givenname; + } + /** + * @return the mail + */ + public String getMail() { + if (mail.size() > 0) + return mail.get(0); + else + return null; + } + /** + * @param mail the mail to set + */ + public void setMail(String mail) { + if (this.mail == null) + this.mail = new ArrayList<String>(); + this.mail.add(mail); + } + /** + * @return the type + */ + public String getType() { + return type; + } + /** + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + /** + * @return the company + */ + public String getCompany() { + return company; + } + /** + * @param company the company to set + */ + public void setCompany(String company) { + this.company = company; + } + /** + * @return the phone + */ + public String getPhone() { + if (phone.size() > 0) + return phone.get(0); + else + return null; + } + /** + * @param phone the phone to set + */ + public void setPhone(String phone) { + if (this.phone == null) + this.phone = new ArrayList<String>(); + this.phone.add(phone); + } + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java new file mode 100644 index 000000000..e83bf6997 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/ConfigurationException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.configuration.exception; + +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; + +public class ConfigurationException extends Exception { + + private static final long serialVersionUID = 1L; + + public ConfigurationException(String errorname) { + super(LanguageHelper.getErrorString(errorname)); + } + + public ConfigurationException(String errorname, Throwable e) { + super(LanguageHelper.getErrorString(errorname), e); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java new file mode 100644 index 000000000..7dac458ca --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -0,0 +1,257 @@ +package at.gv.egovernment.moa.id.configuration.filter; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.StringTokenizer; +import java.util.regex.Pattern; + +import org.apache.commons.lang.StringUtils; +import org.apache.log4j.Logger; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.RequestDispatcher; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.util.ToStringUtil; +import at.gv.util.WebAppUtil; + +public class AuthenticationFilter implements Filter{ + + private final Logger log = Logger.getLogger(AuthenticationFilter.class); + + private static ConfigurationProvider config; + + public static final String STORED_REQUEST_URL_ID = String.class.getName() + ":" + "storedRequestURL"; + public static final String WEB_XML_INIT_PARAM_LOGIN_PAGE = "loginPage"; + public static final String WEB_XML_INIT_PARAM_ERROR_PAGE = "errorPage"; + public static final String WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE = "authenticatedPage"; // optional + public static final String WEB_XML_INIT_PARAM_SESSION_LOST_PAGE = "sessionLostPage"; // optional + public static final String WEB_XML_INIT_PARAM_ALLOWED_LIST = "allowedList"; + public static final String WEB_XML_INIT_PARAM_ALLOWED_REGEX = "allowed"; + + private static final String WEB_XML_INIT_PARAM_EXCLUDED_PAGES_DELIMITER = ","; + + private static String loginPage = null; + private boolean loginPageForward = true; + private static String errorPage = null; + private static String authenticatedPage = null; + private static String sessionLostPage = null; + + private static String[] excludedPages = null; + private static Pattern excludedRegEx = null; + + + + public AuthenticationFilter() throws ServletException { + try { + config = ConfigurationProvider.getInstance(); + + } catch (ConfigurationException e) { + throw new ServletException(AuthenticationFilter.class + ": Configuration can not be loaded!", e); + } + } + + public static String getErrorPage() { + return errorPage; + } + + public static String getAuthenticatedPage() { + return authenticatedPage; + } + + public static String getLoginPage() { + return loginPage; + } + + public static String getSessionLostPage() { + return sessionLostPage; + } + + private boolean isExcluded(String url) { + boolean excluded = false; + if (MiscUtil.isNotEmpty(excludedPages)) { + for (String candidate : excludedPages) { + if (StringUtils.upperCase(url).endsWith(StringUtils.upperCase(candidate))) { + excluded = true; + break; + } + } + } + if (excludedRegEx != null && !excluded) { + // log.debug("Trying to match regex \"{}\" with \"{}\".", + // excludedRegEx.toString(), url); + if (excludedRegEx.matcher(url).matches()) { + excluded = true; + } + } + log.debug("URL \"" + url + "\" is " + (excluded ? "" : "NOT ") + "excluded from filter."); + return excluded; + } + + + public void destroy() { + log.trace("Shutting down" + this.getClass().getName() + "..."); + + } + + public void doFilter(ServletRequest req, ServletResponse resp, + FilterChain filterchain) throws IOException, ServletException { + + HttpServletRequest httpServletRequest = (HttpServletRequest) req; + HttpServletResponse httpServletResponse = (HttpServletResponse) resp; + + HttpSession session = httpServletRequest.getSession(); + + Object authuser = session.getAttribute(Constants.SESSION_AUTH); + + String requestURL = WebAppUtil.getRequestURLWithParameters(httpServletRequest, true); + + log.trace("Request URL: " + requestURL); + + if (authuser == null && !this.isExcluded(requestURL)) { + + if (config.isLoginDeaktivated()) { + //add dummy Daten + log.warn("Authentication is deaktivated. Dummy authentication-information are used!"); + + if (authuser == null) { + + authuser = new AuthenticatedUser(0, "Max", "TestUser", "maxtestuser", true, true); + //authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false); + httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser); + } + + if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { + if (loginPageForward) { + log.debug("Authenticated page is set. Forwarding to \"" + getAuthenticatedPage() + "\"."); + RequestDispatcher dispatcher = req.getRequestDispatcher(getAuthenticatedPage()); + dispatcher.forward(httpServletRequest, httpServletResponse); + } else { + log.debug("Authenticated page is set. Redirecting to \"" + getAuthenticatedPage() + "\"."); + httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(getAuthenticatedPage())); + } + return; + } + + } else { + //check login Daten + + //loginPageForward = true; + + + if (MiscUtil.isNotEmpty(getAuthenticatedPage())) { + log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\"."); + + + + } + else { + log.debug("Unable to find authentication data. Storing request url and " + (loginPageForward ? "forwarding" : "redirecting") + " to login page \"" + loginPage + "\"."); + // TODO: save HttpServletRequest + // log.debug("new CustomHttpServletRequest(request).toString() = + // {}", new + // CustomHttpServletRequest(httpServletRequest).toString()); + session.setAttribute(STORED_REQUEST_URL_ID, requestURL); + } + + if (loginPageForward) { + RequestDispatcher dispatcher = req.getRequestDispatcher(loginPage); + dispatcher.forward(httpServletRequest, httpServletResponse); + return; + + } else { + httpServletResponse.sendRedirect(httpServletResponse.encodeRedirectURL(loginPage)); + return; + + } + + } + } + try { + filterchain.doFilter(req, resp); + + } catch (Exception e) { + +// String redirectURL = "./index.action"; +// HttpServletResponse httpResp = (HttpServletResponse) resp; +// redirectURL = httpResp.encodeRedirectURL(redirectURL); +// resp.setContentType("text/html"); +// ((HttpServletResponse) resp).setStatus(302); +// httpResp.addHeader("Location", redirectURL); +// log.warn("A Filter Error occurs -> Redirect to Login-Form"); + } + + } + + public void init(FilterConfig filterConfig) throws ServletException { + log.debug("Starting init of " + this.getClass().getName() + "."); + + // login page + loginPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_LOGIN_PAGE)); + if (MiscUtil.isEmpty(loginPage)) { + throw new ServletException("ServletInitParameter \"" + WEB_XML_INIT_PARAM_LOGIN_PAGE + "\" must not be empty."); + } + loginPageForward = false; //!WebAppUtil.isFullQualifiedURL(loginPage); + + // error page + errorPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ERROR_PAGE)); + if (MiscUtil.isEmpty(errorPage)) { + throw new ServletException("ServletInitParameter \"" + WEB_XML_INIT_PARAM_ERROR_PAGE + "\" must not be empty."); + } + + // session lost page + sessionLostPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_SESSION_LOST_PAGE)); + if (MiscUtil.isEmpty(sessionLostPage)) { + log.warn("ServletInitParameter \"" + WEB_XML_INIT_PARAM_SESSION_LOST_PAGE + + "\" is empty. This parameter defines a failsafe url the browser is redirected to if the original url has been lost due to session timeout."); + } + + // authenticated page + authenticatedPage = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE)); + if (MiscUtil.isEmpty(authenticatedPage)) { + log.debug("ServletInitParameter \"" + WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE + + "\" is empty. This parameter defines the url the user is redirected to (instead of the original url) on successful authentication."); + } + String excluded = filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ALLOWED_LIST); + ArrayList<String> excludedList = new ArrayList<String>(); + if (MiscUtil.isNotEmpty(excluded)) { + StringTokenizer tokenizer = new StringTokenizer(excluded, WEB_XML_INIT_PARAM_EXCLUDED_PAGES_DELIMITER); + while (tokenizer.hasMoreTokens()) { + String ex = StringUtils.trim(tokenizer.nextToken()); + if (MiscUtil.isNotEmpty(ex)) { + excludedList.add(ex); + } + } + } + excludedList.add(loginPage); + excludedList.add(errorPage); + excludedPages = new String[excludedList.size()]; + excludedPages = excludedList.toArray(excludedPages); + + String excludedRegExString = StringUtils.trim(filterConfig.getInitParameter(WEB_XML_INIT_PARAM_ALLOWED_REGEX)); + if (MiscUtil.isNotEmpty(excludedRegExString)) { + excludedRegEx = Pattern.compile(excludedRegExString); + } + + log.debug(WEB_XML_INIT_PARAM_LOGIN_PAGE + " [" + (loginPageForward ? "forward" : "redirect") + "] = \"" + loginPage + "\""); + log.debug(WEB_XML_INIT_PARAM_AUTHENTICATED_PAGE + " = \"" + (MiscUtil.isNotEmpty(authenticatedPage) ? authenticatedPage : "<n/a>") + "\""); + log.debug(WEB_XML_INIT_PARAM_ERROR_PAGE + " = \"" + errorPage + "\""); + log.debug(WEB_XML_INIT_PARAM_SESSION_LOST_PAGE + " = \"" + (MiscUtil.isNotEmpty(sessionLostPage) ? sessionLostPage : "<n/a>") + "\""); + log.debug(WEB_XML_INIT_PARAM_ALLOWED_LIST + " = " + ToStringUtil.toString(excludedPages, ", ", "\"")); + log.debug(WEB_XML_INIT_PARAM_ALLOWED_REGEX + " = \"" + (excludedRegEx != null ? excludedRegEx.pattern() : "<n/a>") + "\""); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java new file mode 100644 index 000000000..b2f1b106f --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java @@ -0,0 +1,35 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +import java.security.spec.KeySpec; + +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.util.Base64Utils; + +public class AuthenticationHelper { + + private static final Logger log = Logger.getLogger(AuthenticationHelper.class); + + public static String generateKeyFormPassword(String password) { + SecretKeyFactory factory; + + try { + factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128); + SecretKey tmp = factory.generateSecret(spec); + SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES"); + return Base64Utils.encode(secret.getEncoded()); + + } catch (Exception e) { + log.info("Key generation form password failed."); + return null; + } + + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java new file mode 100644 index 000000000..08f200c50 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/LanguageHelper.java @@ -0,0 +1,47 @@ +package at.gv.egovernment.moa.id.configuration.helper; + + +import java.text.MessageFormat; +import java.util.Locale; +import java.util.ResourceBundle; + +import javax.servlet.http.HttpServletRequest; + + +public class LanguageHelper { + + private static ResourceBundle errorRes_DE = ResourceBundle.getBundle("applicationResources", Locale.GERMAN); + private static ResourceBundle guiRes_DE = ResourceBundle.getBundle("applicationResources", Locale.GERMAN); + + public static String getGUIString(String code, HttpServletRequest request) { + return guiRes_DE.getString(code); + } + + public static String getGUIString(String code) { + return guiRes_DE.getString(code); + } + + public static String getErrorString(String code, HttpServletRequest request) { + return errorRes_DE.getString(code); + } + + public static String getErrorString(String code) { + return errorRes_DE.getString(code); + } + + public static String getGUIString(String code, String parameter, HttpServletRequest request) { + + return MessageFormat.format(getGUIString(code, request), parameter); + } + + public static String getErrorString(String code, Object[] parameter, HttpServletRequest request) { + + return MessageFormat.format(getGUIString(code, request), parameter); + } + + public static String getErrorString(String code, Object[] parameter) { + + return MessageFormat.format(getGUIString(code), parameter); + } +} + diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java new file mode 100644 index 000000000..8abb0be86 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/StringHelper.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.configuration.helper; + +public class StringHelper { + + public static String formatText(String strGivenText) + { + StringBuffer sbFormattedText = new StringBuffer(strGivenText); + + for(int i=0; i<sbFormattedText.length(); i++) + { + if(sbFormattedText.charAt(i) == '\n') { + sbFormattedText.deleteCharAt(i); + i--; + } + + if(sbFormattedText.charAt(i) == '\r') { + sbFormattedText.deleteCharAt(i); + i--; + } + + if(sbFormattedText.charAt(i) == '\t') { + sbFormattedText.deleteCharAt(i); + i--; + } + } + return sbFormattedText.toString(); + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java new file mode 100644 index 000000000..da87a197f --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -0,0 +1,509 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSignersX509SubjectNameItem; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowedProtocolNameItem; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlockVerifyTransformsInfoProfileIDItem; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; +import at.gv.egovernment.moa.id.configuration.validation.moaconfig.PVP2ContactValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +import com.opensymphony.xwork2.ActionSupport; + +public class EditGeneralConfigAction extends ActionSupport + implements ServletRequestAware, ServletResponseAware { + + private static final Logger log = Logger.getLogger(EditGeneralConfigAction.class); + + private static final long serialVersionUID = 1L; + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser; + + private GeneralMOAIDConfig moaconfig; + + public String loadConfig() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + moaconfig = new GeneralMOAIDConfig(); + moaconfig.parse(dbconfig); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String saveConfig() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + MOAConfigValidator validator = new MOAConfigValidator(); + + List<String> errors = validator.validate(moaconfig); + + if (errors.size() > 0) { + log.info("General MOA-ID configuration has some erros."); + for (String el : errors) + addActionError(el); + + return Constants.STRUTS_ERROR_VALIDATION; + } + + String error = saveFormToDatabase(); + + if (error != null) { + log.warn("General MOA-ID config can not be stored in Database"); + addActionError(error); + return Constants.STRUTS_SUCCESS; + } + + } else { + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + + addActionMessage(LanguageHelper.getGUIString("webpages.moaconfig.save.success")); + return Constants.STRUTS_SUCCESS; + } + + public String back() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + return Constants.STRUTS_SUCCESS; + } + + private String saveFormToDatabase() { + + MOAIDConfiguration oldconfig = ConfigurationDBRead.getMOAIDConfiguration(); + AuthComponentGeneral oldauth = null; + if (oldconfig != null) { + oldauth = oldconfig.getAuthComponentGeneral(); + } + +// MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); +// if (dbconfig == null) { +// dbconfig = new MOAIDConfiguration(); +// isnewconfig = true; +// } + + MOAIDConfiguration dbconfig = new MOAIDConfiguration(); + + AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral(); + if (dbauth == null) { + dbauth = new AuthComponentGeneral(); + dbconfig.setAuthComponentGeneral(dbauth); + } + + GeneralConfiguration dbauthgeneral = dbauth.getGeneralConfiguration(); + if (dbauthgeneral == null) { + dbauthgeneral = new GeneralConfiguration(); + dbauth.setGeneralConfiguration(dbauthgeneral); + } + + GeneralConfiguration oldauthgeneral = null; + if (oldauth != null) + oldauthgeneral = oldauth.getGeneralConfiguration(); + + if (MiscUtil.isNotEmpty(moaconfig.getAlternativeSourceID())) + dbauthgeneral.setAlternativeSourceID(moaconfig.getAlternativeSourceID()); + else { + if (oldauthgeneral != null) + dbauthgeneral.setAlternativeSourceID(oldauthgeneral.getAlternativeSourceID()); + } + + if (MiscUtil.isNotEmpty(moaconfig.getCertStoreDirectory())) + dbauthgeneral.setCertStoreDirectory(moaconfig.getCertStoreDirectory()); + + TimeOuts dbtimeouts = dbauthgeneral.getTimeOuts(); + if (dbtimeouts == null) { + dbtimeouts = new TimeOuts(); + dbauthgeneral.setTimeOuts(dbtimeouts); + } + if (MiscUtil.isEmpty(moaconfig.getTimeoutAssertion())) + dbtimeouts.setAssertion(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTASSERTION)); + else + dbtimeouts.setAssertion(new BigInteger(moaconfig.getTimeoutAssertion())); + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionCreated())) + dbtimeouts.setMOASessionCreated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONCREATED)); + else + dbtimeouts.setMOASessionCreated(new BigInteger(moaconfig.getTimeoutMOASessionCreated())); + + if (MiscUtil.isEmpty(moaconfig.getTimeoutMOASessionUpdated())) + dbtimeouts.setMOASessionUpdated(BigInteger.valueOf(GeneralMOAIDConfig.DEFAULTTIMEOUTMOASESSIONUPDATED)); + else + dbtimeouts.setMOASessionUpdated(new BigInteger(moaconfig.getTimeoutMOASessionUpdated())); + + dbauthgeneral.setTrustManagerRevocationChecking(moaconfig.isTrustmanagerrevocationcheck()); + + + Protocols dbprotocols = dbauth.getProtocols(); + if (dbprotocols == null) { + dbprotocols = new Protocols(); + dbauth.setProtocols(dbprotocols); + } + LegacyAllowed legprot = dbprotocols.getLegacyAllowed(); + if (legprot == null) { + legprot = new LegacyAllowed(); + dbprotocols.setLegacyAllowed(legprot); + } + + List<String> el = new ArrayList<String>(); + if (moaconfig.isLegacy_pvp2()) + el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2); + if (moaconfig.isLegacy_saml1()) + el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1); + legprot.setProtocolName(el); + + PVP2 pvp2 = dbprotocols.getPVP2(); + if (pvp2 == null) { + pvp2 = new PVP2(); + dbprotocols.setPVP2(pvp2); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2IssuerName())) + pvp2.setIssuerName(moaconfig.getPvp2IssuerName()); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2PublicUrlPrefix())) + pvp2.setPublicURLPrefix(moaconfig.getPvp2PublicUrlPrefix()); + + Organization pvp2org = pvp2.getOrganization(); + if (pvp2org == null) { + pvp2org = new Organization(); + pvp2.setOrganization(pvp2org); + } + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgDisplayName())) + pvp2org.setDisplayName(moaconfig.getPvp2OrgDisplayName()); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgName())) + pvp2org.setName(moaconfig.getPvp2OrgName()); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2OrgURL())) + pvp2org.setURL(moaconfig.getPvp2OrgURL()); + + List<Contact> pvp2cont = pvp2.getContact(); + if (pvp2cont == null) { + pvp2cont = new ArrayList<Contact>(); + pvp2.setContact(pvp2cont); + } + Contact cont = new Contact(); + pvp2cont.add(cont); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getCompany())) + cont.setCompany(moaconfig.getPvp2Contact().getCompany()); + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getGivenname())) + cont.setGivenName(moaconfig.getPvp2Contact().getGivenname()); + + //TODO: change to list if required + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getMail())) + cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail())); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getPhone())) + cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone())); + + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getSurname())) + cont.setSurName(moaconfig.getPvp2Contact().getSurname()); + if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType())) + cont.setType(moaconfig.getPvp2Contact().getType()); + + SSO dbsso = dbauth.getSSO(); + if (dbsso == null) { + dbsso = new SSO(); + dbauth.setSSO(dbsso); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSsoFriendlyName())) + dbsso.setFriendlyName(moaconfig.getSsoFriendlyName()); + if (MiscUtil.isNotEmpty(moaconfig.getSsoSpecialText())) + dbsso.setSpecialText(moaconfig.getSsoSpecialText()); + if (MiscUtil.isNotEmpty(moaconfig.getSsoPublicUrl())) + dbsso.setPublicURL(moaconfig.getSsoPublicUrl()); + + if (MiscUtil.isNotEmpty(moaconfig.getSsoTarget())) + dbsso.setTarget(moaconfig.getSsoTarget()); + + if (MiscUtil.isNotEmpty(moaconfig.getSsoIdentificationNumber())) { + IdentificationNumber ssoid = dbsso.getIdentificationNumber(); + if (ssoid == null) { + ssoid = new IdentificationNumber(); + dbsso.setIdentificationNumber(ssoid); + } + ssoid.setValue(moaconfig.getSsoIdentificationNumber()); + } + + DefaultBKUs dbbkus = dbconfig.getDefaultBKUs(); + if (dbbkus == null) { + dbbkus = new DefaultBKUs(); + dbconfig.setDefaultBKUs(dbbkus); + } + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUHandy())) + dbbkus.setHandyBKU(moaconfig.getDefaultBKUHandy()); + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKUOnline())) + dbbkus.setOnlineBKU(moaconfig.getDefaultBKUOnline()); + + if (MiscUtil.isNotEmpty(moaconfig.getDefaultBKULocal())) + dbbkus.setLocalBKU(moaconfig.getDefaultBKULocal()); + + ChainingModes dbchainingmodes = dbconfig.getChainingModes(); + if (dbchainingmodes == null) { + dbchainingmodes = new ChainingModes(); + dbconfig.setChainingModes(dbchainingmodes); + } + + dbchainingmodes.setSystemDefaultMode( + ChainingModeType.fromValue(moaconfig.getDefaultchainigmode())); + if (oldconfig != null) { + ChainingModes oldchainigmodes = oldconfig.getChainingModes(); + if (oldchainigmodes != null) { + List<TrustAnchor> oldtrustanchor = oldchainigmodes.getTrustAnchor(); + if (oldtrustanchor != null) { + List<TrustAnchor> trustanchor = new ArrayList<TrustAnchor>(); + for (TrustAnchor oldel : oldtrustanchor) { + TrustAnchor TAel = new TrustAnchor(); + TAel.setX509IssuerName(oldel.getX509IssuerName()); + TAel.setX509SerialNumber(oldel.getX509SerialNumber()); + TAel.setMode(oldel.getMode()); + trustanchor.add(TAel); + } + dbchainingmodes.setTrustAnchor(trustanchor); + } + } + } + + IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners(); + if (idlsigners == null) { + idlsigners = new IdentityLinkSigners(); + dbauth.setIdentityLinkSigners(idlsigners); + } + + ForeignIdentities dbforeign = dbauth.getForeignIdentities(); + if (dbforeign == null) { + dbforeign = new ForeignIdentities(); + dbauth.setForeignIdentities(dbforeign); + } + + if (MiscUtil.isNotEmpty(moaconfig.getSzrgwURL())) { + ConnectionParameterClientAuthType forcon = dbforeign.getConnectionParameter(); + if (forcon == null) { + forcon = new ConnectionParameterClientAuthType(); + dbforeign.setConnectionParameter(forcon); + } + forcon.setURL(moaconfig.getSzrgwURL()); + } + + //TODO: Set STORK Config!!! + if (oldauth != null) { + ForeignIdentities oldforeign = oldauth.getForeignIdentities(); + if (oldforeign != null) { + STORK oldstork = oldforeign.getSTORK(); + if (oldstork != null) + dbforeign.setSTORK(oldstork); + } + } + + if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) { + OnlineMandates dbmandate = dbauth.getOnlineMandates(); + if (dbmandate == null) { + dbmandate = new OnlineMandates(); + dbauth.setOnlineMandates(dbmandate); + } + ConnectionParameterClientAuthType dbmandateconnection = dbmandate.getConnectionParameter(); + + if (dbmandateconnection == null) { + dbmandateconnection = new ConnectionParameterClientAuthType(); + dbmandate.setConnectionParameter(dbmandateconnection); + } + dbmandateconnection.setURL(moaconfig.getMandateURL()); + } + + MOASP dbmoasp = dbauth.getMOASP(); + if (dbmoasp == null) { + dbmoasp = new MOASP(); + dbauth.setMOASP(dbmoasp); + } + if (MiscUtil.isNotEmpty(moaconfig.getMoaspssURL())) { + ConnectionParameterClientAuthType moaspcon = dbmoasp.getConnectionParameter(); + if (moaspcon == null) { + moaspcon = new ConnectionParameterClientAuthType(); + dbmoasp.setConnectionParameter(moaspcon); + } + moaspcon.setURL(moaconfig.getMoaspssURL()); + } + VerifyIdentityLink moaidl = dbmoasp.getVerifyIdentityLink(); + if (moaidl == null) { + moaidl = new VerifyIdentityLink(); + dbmoasp.setVerifyIdentityLink(moaidl); + } + moaidl.setTrustProfileID(moaconfig.getMoaspssIdlTrustProfile()); + VerifyAuthBlock moaauth = dbmoasp.getVerifyAuthBlock(); + if (moaauth == null) { + moaauth = new VerifyAuthBlock(); + dbmoasp.setVerifyAuthBlock(moaauth); + } + moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile()); + + moaauth.setVerifyTransformsInfoProfileID(moaconfig.getAuthTransformList()); + + SecurityLayer seclayertrans = dbauth.getSecurityLayer(); + if (seclayertrans == null) { + seclayertrans = new SecurityLayer(); + dbauth.setSecurityLayer(seclayertrans); + } + List<TransformsInfoType> trans = new ArrayList<TransformsInfoType>(); + Map<String, byte[]> moatrans = moaconfig.getSecLayerTransformation(); + if (moatrans != null) { + Set<String> keys = moatrans.keySet(); + for (String key : keys) { + TransformsInfoType elem = new TransformsInfoType(); + elem.setFilename(key); + elem.setTransformation(moatrans.get(key)); + trans.add(elem); + } + } else { + if (oldauth != null) { + SecurityLayer oldsectrans = oldauth.getSecurityLayer(); + if (oldsectrans != null) { + List<TransformsInfoType> oldtranslist = oldsectrans.getTransformsInfo(); + for (TransformsInfoType oldel : oldtranslist) { + TransformsInfoType elem = new TransformsInfoType(); + elem.setFilename(oldel.getFilename()); + elem.setTransformation(oldel.getTransformation()); + trans.add(elem); + } + } + } + } + if (trans.size() > 0) + seclayertrans.setTransformsInfo(trans); + + + SLRequestTemplates slrequesttempl = dbconfig.getSLRequestTemplates(); + if (slrequesttempl == null) { + slrequesttempl = new SLRequestTemplates(); + dbconfig.setSLRequestTemplates(slrequesttempl); + } + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateHandy())) + slrequesttempl.setHandyBKU(moaconfig.getSLRequestTemplateHandy()); + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateLocal())) + slrequesttempl.setLocalBKU(moaconfig.getSLRequestTemplateLocal()); + if (MiscUtil.isNotEmpty(moaconfig.getSLRequestTemplateOnline())) + slrequesttempl.setOnlineBKU(moaconfig.getSLRequestTemplateOnline()); + + if (MiscUtil.isNotEmpty(moaconfig.getTrustedCACerts())) + dbconfig.setTrustedCACertificates(moaconfig.getTrustedCACerts()); + + //save config + try { + ConfigurationDBUtils.save(dbconfig); + + if (oldconfig != null) + ConfigurationDBUtils.delete(oldconfig); + + } catch (MOADatabaseException e) { + log.warn("MOAID Configuration can not be stored in Database", e); + return LanguageHelper.getErrorString("error.db.oa.store"); + } + + ConfigurationDBUtils.closeSession(); + + return null; + } + + public void setServletResponse(HttpServletResponse response) { + this.response = response; + + } + + public void setServletRequest(HttpServletRequest request) { + this.request = request; + + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the moaconfig + */ + public GeneralMOAIDConfig getMoaconfig() { + return moaconfig; + } + + /** + * @param moaconfig the moaconfig to set + */ + public void setMoaconfig(GeneralMOAIDConfig moaconfig) { + this.moaconfig = moaconfig; + } + + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java new file mode 100644 index 000000000..297d80726 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -0,0 +1,612 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.io.IOException; +import java.math.BigInteger; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAGeneralConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; +import at.gv.egovernment.moa.util.MiscUtil; + +import com.opensymphony.xwork2.ActionSupport; + +public class EditOAAction extends ActionSupport implements ServletRequestAware, +ServletResponseAware { + + private final Logger log = Logger.getLogger(EditOAAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser; + + private String oaidobj; + private boolean newOA; + + private OAGeneralConfig generalOA = new OAGeneralConfig(); + private OAPVP2Config pvp2OA = new OAPVP2Config(); + private OASAML1Config saml1OA = new OASAML1Config(); + private OASSOConfig ssoOA = new OASSOConfig(); + private OASTORKConfig storkOA; + + //STRUTS actions + public String inital() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + long oaid = -1; + + if (!ValidationHelper.validateOAID(oaidobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + oaid = Long.valueOf(oaidobj); + + OnlineApplication onlineapplication = null;; + if (authUser.isAdmin()) + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + else { + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + List<OnlineApplication> oas = userdb.getOnlineApplication(); + for (OnlineApplication oa : oas) { + if (oa.getHjid() == oaid) { + onlineapplication = oa; + break; + } + } + if (onlineapplication == null) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + } + + generalOA.parse(onlineapplication); + ssoOA.parse(onlineapplication); + saml1OA.parse(onlineapplication); + List<String> errors = pvp2OA.parse(onlineapplication); + + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + ConfigurationDBUtils.closeSession(); + + request.getSession().setAttribute(Constants.SESSION_OAID, oaid); + + newOA = false; + + return Constants.STRUTS_OA_EDIT; + } + + public String newOA() { + log.debug("insert new Online-Application"); + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + newOA = true; + + return Constants.STRUTS_OA_EDIT; + } + + public String saveOA() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + OnlineApplication onlineapplication = null; + List<String> errors = new ArrayList<String>(); + + Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null ) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + + } catch (Throwable t) { + addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); + return Constants.STRUTS_ERROR; + } + } + + //valid DBID and check entry + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + + } else { + + //TODO: oaidentifier has to be a URL according to PVP2.1 specification + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } else { + + if (oaid == -1) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + + } else { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + log.info("The OAIdentifier is not unique"); + errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique")); + } + } + } + } + } + + //check form + OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); + OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); + OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); + OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); + OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); + + errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin())); + errors.addAll(validatior_pvp2.validate(pvp2OA)); + errors.addAll(validatior_saml1.validate(saml1OA, generalOA)); + errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin())); + errors.addAll(validator_stork.validate(storkOA)); + + if (errors.size() > 0) { + log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); + for (String el : errors) + addActionError(el); + + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + + String error = saveOAConfigToDatabase(onlineapplication); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + return Constants.STRUTS_ERROR_VALIDATION; + } + } + + + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String cancleAndBackOA() { + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String deleteOA() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + String oaidentifier = generalOA.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty")); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + return Constants.STRUTS_ERROR_VALIDATION; + } + } + + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + request.getSession().setAttribute(Constants.SESSION_OAID, null); + if (ConfigurationDBUtils.delete(onlineapplication)) { + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + List<OnlineApplication> useroas = user.getOnlineApplication(); + + for (OnlineApplicationType oa : useroas) { + if (oa.getHjid().equals(onlineapplication.getHjid())) { + useroas.remove(oa); + } + } + + try { + ConfigurationDBUtils.saveOrUpdate(user); + + } catch (MOADatabaseException e) { + log.warn("User information can not be updated in database", e); + addActionError(LanguageHelper.getGUIString("error.db.oa.store", request)); + return Constants.STRUTS_ERROR; + } + } + + ConfigurationDBUtils.closeSession(); + + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); + + return Constants.STRUTS_SUCCESS; + + } else { + ConfigurationDBUtils.closeSession(); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); + return Constants.STRUTS_SUCCESS; + } + + + + } + + private String saveOAConfigToDatabase(OnlineApplication dboa) { + + boolean newentry = false; + + if (dboa == null) { + dboa = new OnlineApplication(); + newentry = true; + dboa.setIsActive(false); + } + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) + dboa.setIsActive(generalOA.isActive()); + + dboa.setFriendlyName(generalOA.getFriendlyName()); + dboa.setCalculateHPI(generalOA.isCalculateHPI()); + dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); + dboa.setPublicURLPrefix(generalOA.getIdentifier()); + + if (generalOA.isBusinessService()) { + dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(generalOA.getIdentificationNumber()); + authoa.setIdentificationNumber(idnumber); + + } + else { + dboa.setType(null); + dboa.setTarget(generalOA.getTarget()); + dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); + + } + + BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); + bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); + bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); + + Mandates mandates = new Mandates(); + mandates.setProfiles(generalOA.getMandateProfiles()); + authoa.setMandates(mandates); + + authoa.setSlVersion(generalOA.getSlVersion()); + authoa.setUseIFrame(generalOA.isUseIFrame()); + authoa.setUseUTC(generalOA.isUseUTC()); + + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); + + List<TemplateType> template = templates.getTemplate(); + if (generalOA.isLegacy()) { + + if (template == null) + template = new ArrayList<TemplateType>(); + else + template.clear(); + + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL1()); + template.add(el); + } + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL2()); + template.add(el); + } + if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { + TemplateType el = new TemplateType(); + el.setURL(generalOA.getSLTemplateURL3()); + template.add(el); + } + + } else { + if (template != null && template.size() > 0) + template.clear(); + } + + //set default transformation if it is empty + List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + //TODO: set OA specific transformation if it is required + + } + + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); + try { + + if (pvp2OA.getFileUpload() != null) + pvp2.setCertificate(pvp2OA.getCertificate()); + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound"); + } catch (IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format"); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + } + saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); + saml1.setProvideCertificate(saml1OA.isProvideCertificate()); + saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); + saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); + saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); + saml1.setUseCondition(saml1OA.isUseCondition()); + saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); + //TODO: set sourceID + //saml1.setSourceID(""); + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(ssoOA.isUseSSO()); + + if (authUser.isAdmin()) + sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); + + sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); + + + STORK stork = authoa.getSTORK(); + if (stork == null) { + //TODO: make stork configurable + + } + + try { + if (newentry) { + ConfigurationDBUtils.save(dboa); + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + List<OnlineApplication> useroas = user.getOnlineApplication(); + if (useroas == null) + useroas = new ArrayList<OnlineApplication>(); + + useroas.add(dboa); + ConfigurationDBUtils.saveOrUpdate(user); + } + } + + else + ConfigurationDBUtils.saveOrUpdate(dboa); + + } catch (MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store"); + } + + return null; + } + + public String setGeneralOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSAML1OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setPVP2OAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSSOOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + public String setSTORKOAConfig() { + + return Constants.STRUTS_SUCCESS; + } + + + //Getter and Setter + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + + } + + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + + } + + public HttpServletRequest getRequest() { + return request; + } + + public void setRequest(HttpServletRequest request) { + this.request = request; + } + + public HttpServletResponse getResponse() { + return response; + } + + public void setResponse(HttpServletResponse response) { + this.response = response; + } + + public OAGeneralConfig getGeneralOA() { + return generalOA; + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + this.generalOA = generalOA; + } + + public OAPVP2Config getPvp2OA() { + return pvp2OA; + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + pvp2OA = pvp2oa; + } + + public OASAML1Config getSaml1OA() { + return saml1OA; + } + + public void setSaml1OA(OASAML1Config saml1oa) { + saml1OA = saml1oa; + } + + public OASSOConfig getSsoOA() { + return ssoOA; + } + + public void setSsoOA(OASSOConfig ssoOA) { + this.ssoOA = ssoOA; + } + + public OASTORKConfig getStorkOA() { + return storkOA; + } + + public void setStorkOA(OASTORKConfig storkOA) { + this.storkOA = storkOA; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java new file mode 100644 index 000000000..1cb4fa802 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java @@ -0,0 +1,363 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.io.File; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.StringReader; +import java.io.StringWriter; +import java.net.MalformedURLException; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.transform.Result; + +import org.apache.commons.io.IOUtils; +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; +import org.hibernate.lob.ReaderInputStream; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.iaik.commons.util.IOUtil; + +import com.opensymphony.xwork2.ActionSupport; + +import eu.stork.vidp.messages.common.STORKBootstrap; + +public class ImportExportAction extends ActionSupport +implements ServletRequestAware, ServletResponseAware { + + private static final Logger log = Logger.getLogger(ImportExportAction.class); + + private static final long serialVersionUID = 1L; + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser; + + private File fileUpload = null; + private String fileUploadContentType = null; + private String fileUploadFileName = null; + + private InputStream fileInputStream; + + public String init() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String importLegacyConfig() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + //load legacy config if it is configured + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + return Constants.STRUTS_ERROR_VALIDATION; + } + + //Initialize OpenSAML for STORK + log.info("Starting initialization of OpenSAML..."); + try { + STORKBootstrap.bootstrap(); + + } catch (org.opensaml.xml.ConfigurationException e1) { + log.info("Legacy configuration has an Import Error", e1); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; + } + log.debug("OpenSAML successfully initialized"); + try { + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + MOAIDConfiguration moaconfig; + try { + log.warn("WARNING! The legacy import deletes the hole old config"); + + String rootConfigFileDir = new File(ConfigurationProvider.getInstance().getConfigFile()).getParent(); + + try { + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + + } catch (MalformedURLException t) { + log.warn("RootConfiguration Directory is not found"); + rootConfigFileDir = ""; + } + + moaconfig = BuildFromLegacyConfig.build(fileUpload, rootConfigFileDir, moaidconfig); + + } catch (ConfigurationException e) { + log.info("Legacy configuration has an Import Error", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()})); + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_ERROR_VALIDATION; + + } catch (at.gv.egovernment.moa.id.configuration.exception.ConfigurationException e) { + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_ERROR_VALIDATION; + } + + //check if XML config should be use + log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + + + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + + List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); + } + + + oas = moaconfig.getOnlineApplication(); + for (OnlineApplication oa : oas) + ConfigurationDBUtils.save(oa); + + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.save(moaconfig); + + } catch (MOADatabaseException e) { + log.warn("General MOA-ID config can not be stored in Database"); + addActionError(e.getMessage()); + return Constants.STRUTS_ERROR_VALIDATION; + } + + finally { + ConfigurationDBUtils.closeSession(); + } + + log.info("Legacy Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String downloadXMLConfig() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + log.info("Write MOA-ID 2.x xml config"); + JAXBContext jc; + try { + jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + + Marshaller m = jc.createMarshaller(); + m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); +// File test = new File(xmlconfigout); +// m.marshal(moaidconfig, test); + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + + if (moaidconfig == null) { + log.info("No MOA-ID 2.x configruation available"); + addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig")); + return Constants.STRUTS_ERROR_VALIDATION; + } + + List<OnlineApplication> oaconfigs = ConfigurationDBRead.getAllOnlineApplications(); + moaidconfig.setOnlineApplication(oaconfigs); + + StringWriter writer = new StringWriter(); + m.marshal(moaidconfig, writer); + fileInputStream = IOUtils.toInputStream(writer.toString(), "UTF-8"); + + } catch (JAXBException e) { + log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.export", + new Object[]{e.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; + } catch (IOException e) { + log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.export", + new Object[]{e.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; + } + + finally { + ConfigurationDBUtils.closeSession(); + } + + return Constants.STRUTS_SUCCESS; + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; + } + } + + + public String importXMLConfig() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + if (fileUpload == null) { + addActionError(LanguageHelper.getErrorString("errors.importexport.nofile")); + return Constants.STRUTS_ERROR_VALIDATION; + } + + log.info("Load configuration from MOA-ID 2.x XML configuration"); + + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Unmarshaller m = jc.createUnmarshaller(); + MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(fileUpload); + + + log.warn("WARNING! The XML import deletes the hole old config"); + List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); + } + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + + List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); + for (OnlineApplication importoa : importoas) { + ConfigurationDBUtils.saveOrUpdate(importoa); + } + + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } catch (Exception e) { + log.warn("MOA-ID XML configuration can not be loaded from File.", e); + addActionError(LanguageHelper.getErrorString("errors.importexport.import", + new Object[]{e.getMessage()})); + return Constants.STRUTS_ERROR_VALIDATION; + + } + + finally { + ConfigurationDBUtils.closeSession(); + } + + log.info("XML Configuration load is completed."); + addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success")); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("No access to Import/Export for User with ID" + authUser.getUserID()); + addActionError(LanguageHelper.getErrorString("errors.notallowed")); + return Constants.STRUTS_NOTALLOWED; + } + + } + + /** + * @return the fileUpload + */ + public File getFileUpload() { + return fileUpload; + } + + + + /** + * @param fileUpload the fileUpload to set + */ + public void setFileUpload(File fileUpload) { + this.fileUpload = fileUpload; + } + + + + /** + * @return the fileUploadContentType + */ + public String getFileUploadContentType() { + return fileUploadContentType; + } + + + + /** + * @param fileUploadContentType the fileUploadContentType to set + */ + public void setFileUploadContentType(String fileUploadContentType) { + this.fileUploadContentType = fileUploadContentType; + } + + + + /** + * @return the fileUploadFileName + */ + public String getFileUploadFileName() { + return fileUploadFileName; + } + + + + /** + * @param fileUploadFileName the fileUploadFileName to set + */ + public void setFileUploadFileName(String fileUploadFileName) { + this.fileUploadFileName = fileUploadFileName; + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + public void setServletResponse(HttpServletResponse response) { + this.response = response; + } + public void setServletRequest(HttpServletRequest request) { + this.request = request; + } + + public InputStream getFileInputStream() { + return fileInputStream; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java new file mode 100644 index 000000000..6078caa87 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -0,0 +1,170 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.Date; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import com.opensymphony.xwork2.ActionSupport; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class IndexAction extends ActionSupport implements ServletRequestAware, + ServletResponseAware { + + private static final Logger log = Logger.getLogger(IndexAction.class); + + private HttpServletRequest request; + private HttpServletResponse response; + + private String password; + private String username; + + public String start() { + + return Constants.STRUTS_SUCCESS; + } + + public String authenticate() { + + String key = null; + + if (MiscUtil.isNotEmpty(username)) { + if (ValidationHelper.containsPotentialCSSCharacter(username, false)) { + log.warn("Username contains potentail XSS characters: " + username); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + return Constants.STRUTS_ERROR; + } + } else { + log.warn("Username is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty")); + return Constants.STRUTS_ERROR; + } + + if (MiscUtil.isEmpty(password)) { + log.warn("Password is empty"); + addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty")); + return Constants.STRUTS_ERROR; + + } else { + key = AuthenticationHelper.generateKeyFormPassword(password); + if (key == null) { + addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid")); + return Constants.STRUTS_ERROR; + } + } + + + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(username); + if (dbuser == null) { + log.warn("Unknown Username"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); + return Constants.STRUTS_ERROR; + + } else { + if (!dbuser.isIsActive()) { + log.warn("Username " + dbuser.getUsername() + " is not active"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); + return Constants.STRUTS_ERROR; + } + + if (!dbuser.getPassword().equals(key)) { + log.warn("Username " + dbuser.getUsername() + " use a false password"); + addActionError(LanguageHelper.getErrorString("webpages.index.login.notallowed")); + return Constants.STRUTS_ERROR; + } + + AuthenticatedUser authuser = new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getUsername(), + true, + dbuser.isIsAdmin()); + + authuser.setLastLogin(dbuser.getLastLoginItem()); + + dbuser.setLastLoginItem(new Date()); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + + } catch (MOADatabaseException e) { + log.warn("UserDatabase communicaton error", e); + addActionError(LanguageHelper.getErrorString("error.login")); + return Constants.STRUTS_ERROR; + } + finally { + ConfigurationDBUtils.closeSession(); + } + request.getSession().setAttribute(Constants.SESSION_AUTH, authuser); + return Constants.STRUTS_SUCCESS; + } + } + + public String logout() { + + HttpSession session = request.getSession(); + + if (session != null) + session.invalidate(); + + return Constants.STRUTS_SUCCESS; + } + + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + } + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the username + */ + public String getUsername() { + return username; + } + + /** + * @param username the username to set + */ + public void setUsername(String username) { + this.username = username; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java new file mode 100644 index 000000000..f5f265ea6 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -0,0 +1,195 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import com.opensymphony.xwork2.ActionSupport; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplicationType; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ListOAsAction extends ActionSupport implements ServletRequestAware, + ServletResponseAware { + + private final Logger log = Logger.getLogger(ListOAsAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; + private HttpServletResponse response; + + private ConfigurationProvider configuration; + + private List<OAListElement> formOAs; + private AuthenticatedUser authUser; + private String friendlyname; + + public ListOAsAction() throws ConfigurationException { + configuration = ConfigurationProvider.getInstance(); + } + + + public String listAllOnlineAppliactions() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + List<OnlineApplication> dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = ConfigurationDBRead.getAllOnlineApplications(); + + } else { + UserDatabase authUserDB = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (authUserDB != null) + dbOAs = authUserDB.getOnlineApplication(); + } + + addFormOAs(dbOAs); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String searchOAInit() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + formOAs = null; + friendlyname = ""; + + return Constants.STRUTS_SUCCESS; + + } + + public String searchOA() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (MiscUtil.isEmpty(friendlyname)) { + log.info("SearchOA textfield is empty"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); + return Constants.STRUTS_SUCCESS; + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) { + log.warn("SearchOA textfield contains potential XSS characters"); + addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request)); + return Constants.STRUTS_SUCCESS; + } + } + + List<OnlineApplication> dbOAs = null; + + if (authUser.isAdmin()) { + dbOAs = ConfigurationDBRead.searchOnlineApplications(friendlyname); + + } else { + UserDatabase authUserDB = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (authUserDB != null) { + List<OnlineApplication> alldbOAs = authUserDB.getOnlineApplication(); + + dbOAs = new ArrayList<OnlineApplication>(); + + for (OnlineApplication el : alldbOAs) { + if (el.getPublicURLPrefix() + .toLowerCase().indexOf(friendlyname.toLowerCase()) > -1) + dbOAs.add(el); + } + } + } + + addFormOAs(dbOAs); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + private void addFormOAs(List<OnlineApplication> dbOAs) { + + formOAs = new ArrayList<OAListElement>(); + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + for (OnlineApplication dboa : dbOAs) { + OAListElement listoa = new OAListElement(); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + formOAs.add(listoa); + } + } + } + + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + } + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + } + + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + + /** + * @return the friendlyname + */ + public String getFriendlyname() { + return friendlyname; + } + + + /** + * @param friendlyname the friendlyname to set + */ + public void setFriendlyname(String friendlyname) { + this.friendlyname = friendlyname; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java new file mode 100644 index 000000000..aeafe9548 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MainAction.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; + +public class MainAction implements ServletRequestAware, + ServletResponseAware { + + private HttpServletRequest request; + private HttpServletResponse response; + + private ConfigurationProvider configuration; + + + private AuthenticatedUser authUser; + + + public MainAction() throws ConfigurationException { + configuration = ConfigurationProvider.getInstance(); + } + + + public String generateMainFrame() { + + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + authUser = (AuthenticatedUser) authUserObj; + return Constants.STRUTS_SUCCESS; + } + + + public void setServletResponse(HttpServletResponse arg0) { + this.response = arg0; + } + public void setServletRequest(HttpServletRequest arg0) { + this.request = arg0; + } + + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java new file mode 100644 index 000000000..2a9ec038f --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -0,0 +1,376 @@ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.log4j.Logger; +import org.apache.struts2.interceptor.ServletRequestAware; +import org.apache.struts2.interceptor.ServletResponseAware; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +import com.opensymphony.xwork2.ActionSupport; + +public class UserManagementAction extends ActionSupport + implements ServletRequestAware, ServletResponseAware { + + private static final Logger log = Logger.getLogger(UserManagementAction.class); + + private static final long serialVersionUID = 1L; + + private HttpServletRequest request; + private HttpServletResponse response; + + private AuthenticatedUser authUser = null; + + private List<AuthenticatedUser> userlist = null; + private UserDatabaseFrom user = null; + + private String useridobj = null; + private static boolean newUser = false; + + public String init() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + log.info("Show UserList"); + + List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers(); + if (dbuserlist != null) { + userlist = new ArrayList<AuthenticatedUser>(); + + for (UserDatabase dbuser : dbuserlist) { + userlist.add(new AuthenticatedUser( + dbuser.getHjid(), + dbuser.getGivenname(), + dbuser.getFamilyname(), + dbuser.getUsername(), + dbuser.isIsActive(), + dbuser.isIsAdmin())); + } + } + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame"); + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (dbuser == null) { + return Constants.STRUTS_REAUTHENTICATE; + } + user = new UserDatabaseFrom(dbuser); + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_NOTALLOWED; + } + } + + public String createuser() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + + user = new UserDatabaseFrom(); + + newUser = true; + return Constants.STRUTS_SUCCESS; + + } else { + return Constants.STRUTS_NOTALLOWED; + } + } + + public String edituser() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + if (authUser.isAdmin()) { + long userid = -1; + + if (!ValidationHelper.validateOAID(useridobj)) { + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + userid = Long.valueOf(useridobj); + + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userid); + if (dbuser == null) { + log.info("No User with ID " + userid + " in Database");; + addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request)); + return Constants.STRUTS_ERROR; + } + user = new UserDatabaseFrom(dbuser); + + newUser = false; + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame"); + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + user = new UserDatabaseFrom(dbuser); + return Constants.STRUTS_SUCCESS; + } + } + + public String saveuser() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)){ + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + List<String> errors; + UserDatabaseFormValidator validator = new UserDatabaseFormValidator(); + errors = validator.validate(user, userID); + + if (errors.size() > 0) { + log.info("UserDataForm has some erros."); + for (String el : errors) + addActionError(el); + user.setPassword(""); + + if (MiscUtil.isEmpty(user.getUsername())) + newUser = true; + + return Constants.STRUTS_ERROR_VALIDATION; + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + + } + + String error = saveFormToDB(); + if (error != null) { + log.warn("UserData can not be stored in Database"); + addActionError(error); + return Constants.STRUTS_SUCCESS; + } + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + } + + public String deleteuser() { + Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH); + + authUser = (AuthenticatedUser) authUserObj; + + String useridobj = user.getUserID(); + long userID = -1; + if (MiscUtil.isEmpty(useridobj)) { + userID = -1; + + } else { + if (!ValidationHelper.validateOAID(useridobj)){ + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase ID " + useridobj); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + userID = Long.valueOf(useridobj); + } + + if (!authUser.isAdmin()) { + if (authUser.getUserID() != userID) { + log.warn("User with ID " + authUser.getUserID() + + " would access UserDatabase Entry " + user.getUsername()); + addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request)); + return Constants.STRUTS_ERROR; + } + } + + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser != null) { + dbuser.setOnlineApplication(null); + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + ConfigurationDBUtils.delete(dbuser); + + } catch (MOADatabaseException e) { + log.warn("UserData can not be deleted from Database"); + addActionError(e.getMessage()); + return Constants.STRUTS_SUCCESS; + } + + finally { + ConfigurationDBUtils.closeSession(); + } + } + + ConfigurationDBUtils.closeSession(); + return Constants.STRUTS_SUCCESS; + } + + private String saveFormToDB() { + + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername()); + + if( dbuser == null) { + dbuser = new UserDatabase(); + } + + dbuser.setBpk(user.getBpk()); + dbuser.setFamilyname(user.getFamilyName()); + dbuser.setGivenname(user.getGivenName()); + dbuser.setInstitut(user.getInstitut()); + dbuser.setMail(user.getMail()); + dbuser.setPhone(user.getPhone()); + dbuser.setUsername(user.getUsername()); + + if (authUser.isAdmin()) { + dbuser.setIsActive(user.isActive()); + dbuser.setIsAdmin(user.isAdmin()); + } + + if (MiscUtil.isNotEmpty(user.getPassword())) { + String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword()); + if (key == null) { + return LanguageHelper.getErrorString("errors.edit.user.save"); + } + dbuser.setPassword(key); + } + + + try { + ConfigurationDBUtils.saveOrUpdate(dbuser); + } catch (MOADatabaseException e) { + log.warn("User information can not be stored in Database.", e); + return LanguageHelper.getErrorString("errors.edit.user.save"); + } + + return null; + } + +// public String createTestUser() throws MOADatabaseException { +// +// UserDatabase user = new UserDatabase(); +// user.setBpk(""); +// user.setFamilyname("Max"); +// user.setGivenname("Mustermann"); +// user.setIsActive(true); +// user.setIsAdmin(false); +// user.setInstitut("EGIZ"); +// user.setLastLoginItem(new Date()); +// user.setMail("masdf@amfasdf.com"); +// user.setPhone("00660011542"); +// user.setUsername("testuser"); +// +// ConfigurationDBUtils.save(user); +// +// return Constants.STRUTS_SUCCESS; +// } + + + public void setServletResponse(HttpServletResponse response) { + this.response = response; + + } + + public void setServletRequest(HttpServletRequest request) { + this.request = request; + + } + + /** + * @return the userlist + */ + public List<AuthenticatedUser> getUserlist() { + return userlist; + } + + /** + * @param userlist the userlist to set + */ + public void setUserlist(List<AuthenticatedUser> userlist) { + this.userlist = userlist; + } + + /** + * @return the user + */ + public UserDatabaseFrom getUser() { + return user; + } + + /** + * @param user the user to set + */ + public void setUser(UserDatabaseFrom user) { + this.user = user; + } + + /** + * @return the useridobj + */ + public String getUseridobj() { + return useridobj; + } + + /** + * @param useridobj the useridobj to set + */ + public void setUseridobj(String useridobj) { + this.useridobj = useridobj; + } + + /** + * @return the authUser + */ + public AuthenticatedUser getAuthUser() { + return authUser; + } + + /** + * @return the newUser + */ + public boolean isNewUser() { + return newUser; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java new file mode 100644 index 000000000..820aa7c57 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/CompanyNumberValidator.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.configuration.validation; + +import org.apache.commons.lang.StringUtils; + +public class CompanyNumberValidator implements IdentificationNumberValidator { + + public boolean validate(String commercialRegisterNumber) { + + String normalizedNumber = commercialRegisterNumber.replaceAll(" ", ""); + if(normalizedNumber.startsWith("FN")) { + normalizedNumber = normalizedNumber.substring(2); + return checkCommercialRegisterNumber(normalizedNumber); + + } else + return true; + } + + private boolean checkCommercialRegisterNumber(String commercialRegisterNumber) { + if (commercialRegisterNumber == null) { + return false; + } + commercialRegisterNumber = StringUtils.leftPad(commercialRegisterNumber, 7, + '0'); + if (!commercialRegisterNumber.matches("\\d{6}[abdfghikmpstvwxzy]")) { + return false; + } + String digits = commercialRegisterNumber.substring(0, + commercialRegisterNumber.length() - 1); + char checkDigit = commercialRegisterNumber.charAt(commercialRegisterNumber + .length() - 1); + boolean result = calcCheckDigitFromCommercialRegisterNumber(digits) == checkDigit; + return result; + } + + public static char calcCheckDigitFromCommercialRegisterNumber( + String commercialRegisterDigits) { + final int[] WEIGHT = { 6, 4, 14, 15, 10, 1 }; + final char[] CHECKDIGIT = { 'a', 'b', 'd', 'f', 'g', 'h', 'i', 'k', 'm', + 'p', 's', 't', 'v', 'w', 'x', 'y', 'z' }; + if (commercialRegisterDigits == null) { + throw new NullPointerException("Commercial register number missing."); + } + commercialRegisterDigits = StringUtils.leftPad(commercialRegisterDigits, 6, + '0'); + if (!commercialRegisterDigits.matches("\\d{6}")) { + throw new IllegalArgumentException( + "Invalid commercial register number provided."); + } + int sum = 0; + for (int i = 0; i < commercialRegisterDigits.length(); i++) { + int value = commercialRegisterDigits.charAt(i) - '0'; + sum += WEIGHT[i] * value; + } + return CHECKDIGIT[sum % 17]; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java new file mode 100644 index 000000000..19a5bb805 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/IdentificationNumberValidator.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.id.configuration.validation; + +public interface IdentificationNumberValidator { + + boolean validate(String idNumber); + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java new file mode 100644 index 000000000..276b0b4c8 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.configuration.validation; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; +import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class UserDatabaseFormValidator { + + private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class); + + public List<String> validate(UserDatabaseFrom form, long userID) { + List<String> errors = new ArrayList<String>(); + + String check = form.getGivenName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("GivenName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("GivenName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty")); + } + + + check = form.getFamilyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("FamilyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("FamilyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty")); + } + + check = form.getInstitut(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Organisation contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Organisation is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty")); + } + + check = form.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + log.warn("Mailaddress is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Mailaddress is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty")); + } + + check = form.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Phonenumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } else { + log.warn("Phonenumber is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty")); + } + + check = form.getUsername(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("Username contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check); + if (dbuser != null && userID != dbuser.getHjid()) { + log.warn("Username " + check + " exists in UserDatabase"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate")); + form.setUsername(""); + } + } + } else { + if (userID == -1) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null) { + log.warn("Username is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty")); + } else { + form.setUsername(dbuser.getUsername()); + } + } + } + + check = form.getPassword(); + + if (MiscUtil.isEmpty(check)) { + if (userID == -1) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); + } else { + UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID); + if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) { + log.warn("Password is empty"); + errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty")); + } + } + + } else { + + if (check.equals(form.getPassword_second())) { + + String key = AuthenticationHelper.generateKeyFormPassword(check); + if (key == null) { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid")); + } + + } + else { + errors.add(LanguageHelper.getErrorString("validation.edituser.password.equal")); + } + } + + + + check = form.getBpk(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("BPK contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + return errors; + + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java new file mode 100644 index 000000000..aeac75e44 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java @@ -0,0 +1,185 @@ +package at.gv.egovernment.moa.id.configuration.validation; + +import java.net.MalformedURLException; +import java.net.URL; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import org.apache.log4j.Logger; + +public class ValidationHelper { + + private static final Logger log = Logger.getLogger(ValidationHelper.class); + + public static boolean validateOAID(String oaIDObj) { + if (oaIDObj != null) { + try { + + long oaID = Long.valueOf(oaIDObj); + + if (oaID > 0 && oaID < Long.MAX_VALUE) + return true; + + } catch (Throwable t) { + log.warn("No valid DataBase OAID received! " + oaIDObj); + } + } + return false; + } + + public static boolean validateNumber(String value) { + + log.debug("Validate Number " + value); + + try { + float num = Float.valueOf(value); + + return true; + + } catch (NumberFormatException e) { + return false; + } + + + } + + + public static boolean validateURL(String urlString) { + + log.debug("Validate URL " + urlString); + + if (urlString.startsWith("http") || urlString.startsWith("https")) { + try { + URL url =new URL(urlString); + return true; + + } catch (MalformedURLException e) { + } + } + + return false; + } + + public static boolean isValidTarget(String target) { + + log.debug("Ueberpruefe Parameter Target"); + + Pattern pattern = Pattern.compile("[a-zA-Z-]{1,5}"); + Matcher matcher = pattern.matcher(target); + boolean b = matcher.matches(); + if (b) { + log.debug("Parameter Target erfolgreich ueberprueft"); + return true; + } + else { + log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + return false; + } + + } + + public static boolean isValidSourceID(String sourceID) { + + log.debug("Ueberpruefe Parameter sourceID"); + + Pattern pattern = Pattern.compile("[\\w-_]{1,20}"); + Matcher matcher = pattern.matcher(sourceID); + boolean b = matcher.matches(); + if (b) { + log.debug("Parameter sourceID erfolgreich ueberprueft"); + return true; + } + else { + log.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)"); + return false; + } + } + + public static boolean isDateFormat(String dateString) { + SimpleDateFormat sdf = new SimpleDateFormat("dd.MM.yyyy"); + try { + sdf.parse(dateString); + return true; + + } catch (ParseException e) { + return false; + } + } + + public static boolean isEmailAddressFormat(String address) { + if (address == null) { + return false; + } + return Pattern.compile("^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\\.[a-zA-Z]{2,6}$").matcher(address).matches(); + } + + public static boolean isValidOAIdentifier(String param) { + if (param == null) { + return false; + } + return param.indexOf(";") != -1 || + param.indexOf("%") != -1 || + param.indexOf("\"") != -1 || + param.indexOf("'") != -1 || + param.indexOf("?") != -1 || + param.indexOf("`") != -1 || + param.indexOf(",") != -1 || + param.indexOf("<") != -1 || + param.indexOf(">") != -1 || + param.indexOf("\\") != -1; + + } + + public static String getNotValidOAIdentifierCharacters() { + + return "; % \" ' ` , < > \\"; + } + + public static boolean containsPotentialCSSCharacter(String param, boolean commaallowed) { + + if (param == null) { + return false; + } + return param.indexOf(";") != -1 || + param.indexOf("%") != -1 || + param.indexOf("\"") != -1 || + param.indexOf("'") != -1 || + param.indexOf("?") != -1 || + param.indexOf("`") != -1 || + ( param.indexOf(",") != -1 && !commaallowed ) || + param.indexOf("<") != -1 || + param.indexOf(">") != -1 || + param.indexOf("\\") != -1 || + param.indexOf("/") != -1; + } + + public static String getPotentialCSSCharacter(boolean commaallowed) { + + if (commaallowed) + return "; % \" ' ` < > \\ /"; + else + return "; % \" ' ` , < > \\ /"; + } + + public static boolean isNotValidIdentityLinkSigner(String param) { + if (param == null) { + return false; + } + return param.indexOf(";") != -1 || + param.indexOf("%") != -1 || + param.indexOf("\"") != -1 || + param.indexOf("'") != -1 || + param.indexOf("?") != -1 || + param.indexOf("`") != -1 || + param.indexOf("<") != -1 || + param.indexOf(">") != -1; + + } + + public static String getNotValidIdentityLinkSignerCharacters() { + + return "; % \" ' ` < >"; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java new file mode 100644 index 000000000..f51095cac --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -0,0 +1,361 @@ +package at.gv.egovernment.moa.id.configuration.validation.moaconfig; + +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; +import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.StringHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +public class MOAConfigValidator { + + private static final Logger log = Logger.getLogger(MOAConfigValidator.class); + + public List<String> validate(GeneralMOAIDConfig form) { + + List<String> errors = new ArrayList<String>(); + + log.debug("Validate general MOA configuration"); + + + String check = form.getAlternativeSourceID(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AlternativeSourceID contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.AlternativeSourceID", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getTimeoutAssertion(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("Assertion Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.assertion.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + check = form.getTimeoutMOASessionCreated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionCreated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessioncreated.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + check = form.getTimeoutMOASessionUpdated(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateNumber(check)) { + log.warn("MOASessionUpdated Timeout is no number " + check); + errors.add(LanguageHelper.getErrorString("validation.general.timeouts.moasessionupdated.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + + check = form.getCertStoreDirectory(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.isValidOAIdentifier(check)) { + log.warn("CertStoreDirectory contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } else { + log.info("CertStoreDirectory is empty."); + errors.add(LanguageHelper.getErrorString("validation.general.certStoreDirectory.empty")); + } + + check = form.getDefaultBKUHandy(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + } + } + + check = form.getDefaultBKULocal(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + } + } + + check = form.getDefaultBKUOnline(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + } + } + + check = form.getDefaultchainigmode(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Defaultchainigmode"); + errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.empty")); + } else { + Map<String, String> list = form.getChainigmodelist(); + if (!list.containsKey(check)) { + log.info("Not valid Defaultchainigmode " + check); + errors.add(LanguageHelper.getErrorString("validation.general.Defaultchainigmode.valid")); + } + } + + check = form.getMandateURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-Mandate Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.mandateservice.valid")); + } + } + + check = form.getMoaspssAuthTransformations(); + List<String> authtranslist = new ArrayList<String>(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MoaspssAuthTransformation"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.empty")); + } else { + check = StringHelper.formatText(check); + String[] list = check.split(GeneralMOAIDConfig.LINE_DELIMITER); + int i=1; + for(String el : list) { + if (ValidationHelper.containsPotentialCSSCharacter(el, false)) { + log.info("IdentityLinkSigners is not valid: " + el); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.transformation.valid", + new Object[] {i, ValidationHelper.getPotentialCSSCharacter(false)} )); + + } else { + if (MiscUtil.isNotEmpty(el.trim())) + authtranslist.add(el.trim()); + } + i++; + } + } + form.setAuthTransformList(authtranslist); + + check = form.getMoaspssAuthTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS Authblock TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.empty")); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("Authblock TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.auth.trustprofile.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getMoaspssIdlTrustProfile(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty MOA-SP/SS IdentityLink TrustProfile"); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.empty")); + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("IdentityLink TrustProfile is not valid: " +check); + errors.add(LanguageHelper.getErrorString("validation.general.moasp.idl.trustprofile.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getMoaspssURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid MOA-SP/SS Service URL"); + errors.add(LanguageHelper.getErrorString("validation.general.moaspss.url.valid")); + } + } + + check = form.getPvp2IssuerName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 IssuerName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.issuername.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getPvp2OrgDisplayName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 organisation display name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.displayname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getPvp2OrgName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 organisation name is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.name.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getPvp2OrgURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 organisation URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.org.url.valid")); + } + } + + check = form.getPvp2PublicUrlPrefix(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("PVP2 Service URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.serviceurl.valid")); + } + } + + check = form.getSLRequestTemplateHandy(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Handy-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.empty")); + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("SLRequestTemplate Handy-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.handy.valid")); + } + } + + check = form.getSLRequestTemplateLocal(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate local BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.empty")); + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("SLRequestTemplate local BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.local.valid")); + } + } + + check = form.getSLRequestTemplateOnline(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLRequestTemplate Online-BKU"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.empty")); + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("SLRequestTemplate Online-BKU is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.online.valid")); + } + } + + check = form.getSsoFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("SSO friendlyname is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.friendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getSsoIdentificationNumber(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("SSO IdentificationNumber is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = form.getSsoPublicUrl(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("SSO Public URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.publicurl.valid")); + } + } + + check = form.getSsoSpecialText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.info("SSO SpecialText is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.sso.specialauthtext.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + } + + check = form.getSsoTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.empty")); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid SSO Target"); + errors.add(LanguageHelper.getErrorString("validation.general.sso.target.valid")); + } + } + + check = form.getSzrgwURL(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { + log.info("SZRGW URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.szrgw.url.valid")); + } + } + + check = form.getTrustedCACerts(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.empty")); + + } else { + if (ValidationHelper.isNotValidIdentityLinkSigner(check)) { + log.info("Not valid TrustCACerts Directory"); + errors.add(LanguageHelper.getErrorString("validation.general.trustedcacerts.valid", + new Object[] {ValidationHelper.getNotValidOAIdentifierCharacters()} )); + } + } + + + + if (form.getFileUploadFileName() != null) { + HashMap<String, byte[]> map = new HashMap<String, byte[]>(); + for (int i=0; i<form.getFileUploadFileName().size(); i++) { + String filename = form.getFileUploadFileName().get(i); + + if (MiscUtil.isNotEmpty(filename)) { + if (ValidationHelper.containsPotentialCSSCharacter(filename, false)) { + log.info("SL Transformation Filename is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.filename.valid")); + + } else { + try { + File file = form.getFileUpload().get(i); + FileInputStream stream = new FileInputStream(file); + map.put(filename, Base64Utils.encode(stream).getBytes("UTF-8")); + + } catch (IOException e) { + log.info("SecurtiyLayerTransformation with FileName " + + filename +" can not be loaded." , e); + errors.add(LanguageHelper.getErrorString("validation.general.slrequest.file.valid", + new Object[] {filename} )); + } + } + } + } + form.setSecLayerTransformation(map); + } + + + ContactForm contact = form.getPvp2Contact(); + if (contact != null) { + PVP2ContactValidator pvp2validator = new PVP2ContactValidator(); + errors.addAll(pvp2validator.validate(contact)); + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java new file mode 100644 index 000000000..6ab4f5292 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -0,0 +1,80 @@ +package at.gv.egovernment.moa.id.configuration.validation.moaconfig; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + + +public class PVP2ContactValidator { + + public static final List<String> AllowedTypes= Arrays.asList( + "technical", + "support", + "administrative", + "billing", + "other"); + + private static final Logger log = Logger.getLogger(PVP2ContactValidator.class); + + public List<String >validate(ContactForm contact) { + List<String> errors = new ArrayList<String>(); + + String check = contact.getCompany(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 Contact: Company is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.company.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = contact.getGivenname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 Contact: GivenName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.givenname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = contact.getSurname(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.info("PVP2 Contact: SureName is not valid: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.surename.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + check = contact.getType(); + if (MiscUtil.isNotEmpty(check)) { + if (!AllowedTypes.contains(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.type.valid")); + } + } + + check = contact.getMail(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isEmailAddressFormat(check)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.mail.valid")); + } + } + + check = contact.getPhone(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.containsPotentialCSSCharacter(check, false)) { + errors.add(LanguageHelper.getErrorString("validation.general.protocol.pvp2.contact.phone.valid")); + } + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java new file mode 100644 index 000000000..fa992674e --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java @@ -0,0 +1,210 @@ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OAGeneralConfigValidation { + + private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); + + public List<String> validate(OAGeneralConfig form, boolean isAdmin) { + + List<String> errors = new ArrayList<String>(); + + //validate aditionalAuthBlockText + String check = form.getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + //Check BKU URLs + check =form.getBkuHandyURL(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.empty")); + + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Handy-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.handy.valid")); + } + } + + check =form.getBkuLocalURL(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Local-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.empty")); + + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.local.valid")); + } + } + + check =form.getBkuOnlineURL(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.empty")); + + } else { + if (!ValidationHelper.validateURL(check)) { + log.info("Not valid Online-BKU URL"); + errors.add(LanguageHelper.getErrorString("validation.general.bku.online.valid")); + } + } + + //check OA FriendlyName + check = form.getFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + //check KeyBoxIdentifier + check = form.getKeyBoxIdentifier(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty KeyBoxIdentifier"); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.empty")); + } else { + Map<String, String> list = form.getKeyBoxIdentifierList(); + if (!list.containsKey(check)) { + log.info("Not valid KeyBoxIdentifier " + check); + errors.add(LanguageHelper.getErrorString("validation.general.keyboxidentifier.valid")); + } + } + + //check LegacyMode SLTemplates + if (form.isLegacy()) { + if (MiscUtil.isEmpty(form.getSLTemplateURL1()) && + MiscUtil.isEmpty(form.getSLTemplateURL2()) && + MiscUtil.isEmpty(form.getSLTemplateURL3()) ) { + log.info("Empty OA-specific SecurityLayer Templates"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplates.empty")); + + } else { + check = form.getSLTemplateURL1(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("First OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate1.valid")); + } + check = form.getSLTemplateURL2(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("Second OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate2.valid")); + } + check = form.getSLTemplateURL3(); + if (MiscUtil.isNotEmpty(check) && + !ValidationHelper.validateURL(check) ) { + log.info("Third OA-specific SecurityLayer Templates is not valid"); + errors.add(LanguageHelper.getErrorString("validation.general.sltemplate3.valid")); + } + } + } + + //check Mandate Profiles + check = form.getMandateProfiles(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, true)) { + log.warn("MandateProfiles contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.mandate.profiles", + new Object[] {ValidationHelper.getPotentialCSSCharacter(true)} )); + } + } + + //check SL Version + check = form.getSlVersion(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty SLVersion. Set SLVersion to 1.2"); + form.setSlVersion("1.2"); + + } else { + if (!ValidationHelper.validateNumber(check)) { + log.info("Not valid SLVersion"); + errors.add(LanguageHelper.getErrorString("validation.general.slversion")); + } + } + + boolean businessservice = form.isBusinessService(); + + if (businessservice) { + //check identification number + check = form.getIdentificationNumber(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty")); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + + if (check.startsWith("FN")) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid")); + } + } + } + + try { + float slversion = Float.valueOf(form.getSlVersion()); + if (slversion < 1.2) { + log.info("BusinessService Applications requires SLVersion >= 1.2"); + errors.add(LanguageHelper.getErrorString("validation.general.slversion.business")); + form.setSlVersion("1.2"); + } + + } catch (NumberFormatException e) { + } + + } else { + //check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} )); + } + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty")); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid")); + } + } + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java new file mode 100644 index 000000000..4a1ef9261 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -0,0 +1,44 @@ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.io.IOException; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OAPVP2ConfigValidation { + + private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); + + public List<String> validate(OAPVP2Config form) { + + List<String> errors = new ArrayList<String>(); + + String url = form.getMetaDataURL(); + if (MiscUtil.isNotEmpty(url) && !ValidationHelper.validateURL(url)) { + log.info("MetaDataURL has no valid form."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid")); + } + + try { + if (form.getFileUpload() != null) + form.getCertificate(); + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); + + } catch (IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.format")); + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java new file mode 100644 index 000000000..147ea45e9 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASAML1ConfigValidation.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OASAML1Config; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; + +public class OASAML1ConfigValidation { + + private static final Logger log = Logger.getLogger(OASAML1ConfigValidation.class); + + public List<String> validate(OASAML1Config form, OAGeneralConfig general) { + + List<String> errors = new ArrayList<String>(); + + if (general.isBusinessService() && form.isProvideStammZahl()) { + log.info("ProvideStammZahl can not be used with BusinessService applications"); + errors.add(LanguageHelper.getErrorString("validation.saml1.providestammzahl")); + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java new file mode 100644 index 000000000..22e2406f2 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -0,0 +1,35 @@ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OASSOConfigValidation { + + private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); + + public List<String> validate(OASSOConfig form, boolean isAdmin) { + + List<String> errors = new ArrayList<String>(); + + String urlString = form.getSingleLogOutURL(); + if (MiscUtil.isEmpty(urlString)) { + log.info("No Single Log-Out URL"); + //TODO: set error if it is implemented + //errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.empty")); + } else { + if (!ValidationHelper.validateURL(urlString) && form.isUseSSO()) { + log.info("Single Log-Out url validation error"); + errors.add(LanguageHelper.getErrorString("validation.sso.logouturl.valid")); + } + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java new file mode 100644 index 000000000..76183caad --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; + +public class OASTORKConfigValidation { + public List<String> validate(OASTORKConfig oageneral) { + + List<String> errors = new ArrayList<String>(); + + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/resources/applicationResources.properties b/id/ConfigWebTool/src/main/resources/applicationResources.properties new file mode 100644 index 000000000..0effc6961 --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/applicationResources.properties @@ -0,0 +1,309 @@ +title=MOA-ID 2.x Configuration Tool + + +config.01=Configfile is not found. +config.02=Configfile is not readable. +config.03=Hibernate Database connector can not be initialized + +error.title=Fehler: +errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden. +errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben. +errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen. +error.oa.pvp2.certificate=Das hinterlegte PVP2 Zertifikat konnte nicht gelesen werden. +error.db.oa.store=Die Konfiguration konnte nicht in der Datenbank gespeichert werden. +errors.notallowed=Sie besitzen nicht die n\u00F6tigen Rechte um diese Funktion zu benutzen. +errors.importexport.nofile=Es wurde keine Datei angegeben. +errors.importexport.legacyimport=Der Importvorgang der Legacy-Konfiguration wurde mit einem Fehler abgebrochen (Fehler={0}). +errors.importexport.export=Die MOA-ID 2.x Konfiguration konnte nicht in ein XML File exportiert werden. (Fehler={0}) +errors.importexport.import=Der Importvorgang der XML Konfiguration wurde mit einem Fehler abgebrochen (Fehler={0}). +errors.importexport.export.noconfig=Die Konfiguration kann nicht exportiert werden da keine MOA-ID Konfiguration vorhanden ist. +errors.edit.user.userid=Es wurde keine g\u00FCtige User ID \u00FCbergeben. +errors.edit.user.save=Der Benutzer konnte nicht in die Datenbank eingetragen werden. +errors.edit.user.notallowed=Das Bearbeiten fremder Benutzereinstellungen ist nur dem Admin erlaubt. +error.login=Der Anmeldevorgang durch einen internen Fehler unterbrochen. Bitte Versuchen sie es noch einmal. + + +webpages.error.header=Es ist ein Fehler aufgetreten +webpages.index.header=Willkommen bei der MOA-ID 2.x Konfigurationsapplikation +webpages.index.desciption.head=Um dieses Service nutzen zu k\u00F6nnen m\u00FCssen sie sich einloggen. +webpages.index.login=Anmelden +webpages.index.logout=Abmelden +webpages.index.login.notallowed=Entweder sind Benutzername oder Passwort sind nicht korrekt oder der Account wurde noch nicht aktiviert. +webpages.index.username.unkown=Der Benutzer ist nicht bekannt. +webpages.index.username.notactive=Der Benutzer wurde durch den Administrator noch nicht freigeschalten. +webpages.index.password.false=Das Passwort stimmt nicht. + +webpages.inportexport.header=Konfiguration Importieren/Exportieren +webpages.inportexport.success=Die Konfiguration konnte erfolgreich importiert werden. +webpages.inportexport.legacyimport.header=Legacy Konfiguration importieren (MOA-ID < 2.0) +webpages.inportexport.legacyimport.upload=Legacy Konfiguration +webpages.edit.import=Importieren +webpages.edit.export=Exportieren +webpages.inportexport.import.header=MOA-ID 2.x Konfiguration +webpages.inportexport.import.upload=Konfiguration importieren +webpages.inportexport.import.download=Konfiguration exportieren +webpages.inportexport.descripten=ACHTUNG\: Die importierte Konfiguration ersetzt eine aktuell vorhandene Konfiguration vollst\u00E4ndig\! + +webpages.usermanagement.newuser=Neuen Benutzer erstellen +webpages.usermanagement.header=Benutzerverwaltung +webpages.listUsers.list.header=Liste aller vorhandenen Benutzer +webpages.listUsers.list.first=Vorname +webpages.listUsers.list.second=Familienname +webpages.listUsers.list.third=Benutzername +webpages.edituser.header=Benutzerdaten +webpages.edituser.givenname=Vorname +webpages.edituser.familyName=Familienname +webpages.edituser.institut=Organisation +webpages.edituser.phone=Telefonnummer +webpages.edituser.mail=EMail Adresse +webpages.edituser.access.header=Zugangsdaten +webpages.edituser.username=Benutzername +webpages.edituser.password=Kennwort +webpages.edituser.password_second=Kennwort wiederholen +webpages.edituser.bpk=BPK +webpages.edituser.role.header=Rechte und Role +webpages.edituser.active=Benutzer ist aktiviert +webpages.edituser.admin=Benutzer ist Admin +webpages.edit.delete.user=Benutzer l\u00F6schen + +webpages.mainpage.menu.oa.insert=Neue Applikation anlegen +webpages.mainpage.menu.oa.display=Meine Applikationen +webpages.mainpage.menu.oa.search=Applikation suchen +webpages.mainpage.menu.general.user=Meine Daten +webpages.mainpage.menu.general.importexport=Importieren/Exportieren +webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration +webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung + +webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. +webpages.moaconfig.header=Allgemeine Konfiguration +webpages.moaconfig.defaultbkus.header=Default BKUs +webpages.moaconfig.slrequesttemplates.header=SecurtiyLayer Request Templates +webpages.moaconfig.slrequesttemplates.local=Locale BKU +webpages.moaconfig.slrequesttemplates.handy=Handy BKU +webpages.moaconfig.slrequesttemplates.online=Online BKU +webpages.moaconfig.certificates.header=Zertifikatspr\u00FCfung +webpages.moaconfig.certificates.certstore=CertStoreDirecorty +webpages.moaconfig.certificates.trustmanagerrev=TrustManagerRevocationChecking +webpages.moaconfig.certificates.trustCACerts=TrustedCACertificates +webpages.moaconfig.certificates.chainingmode=ChainingMode +webpages.moaconfig.timeout.header=Session TimeOuts +webpages.moaconfig.timeout.assertion=Assertion [sec] +webpages.moaconfig.timeout.MOASessionCreated=SSO Session authentifiziert [sec] +webpages.moaconfig.timeout.MOASessionUpdated=SSO Session letzter Zugriff [sec] +webpages.moaconfig.moasp.header=MOA-SP Konfiguration +webpages.moaconfig.moasp.idltrustprofile=Personenbindung Trustprofil +webpages.moaconfig.moasp.authtrustprofile=Authentfizierungsblock Trustprofil +webpages.moaconfig.moasp.authblocktransform=Authentfizierungsblock Transformationen +webpages.moaconfig.moasp.url=URL zum MOA-SP Service +webpages.moaconfig.identitylinksigners=IdentityLinkSigners +webpages.moaconfig.services.header=Externe Services +webpages.moaconfig.services.mandates=Online-Vollmachten Service URL +webpages.moaconfig.services.szrgw=SZR Gateway Service URL +webpages.moaconfig.sso.header=Single Sign-On +webpages.moaconfig.sso.PublicUrl=SSO Service URL-Prefix +webpages.moaconfig.sso.FriendlyName=SSO Service Name +webpages.moaconfig.services.sso.Target=SSO Service Target +webpages.moaconfig.services.sso.SpecialText=SSO AuthBlockText +webpages.moaconfig.protocols.header=Protokolle +webpages.moaconfig.protocols.legacy.header=Legacy Modus aktivieren +webpages.moaconfig.protocols.legacy.saml1=SAML1 +webpages.moaconfig.protocols.legacy.pvp2=PVP2.1 +webpages.moaconfig.protocols.pvp2.header=PVP2 Konfiguration +webpages.moaconfig.protocols.pvp2.PublicUrlPrefix=PVP2 Service URL-Prefix +webpages.moaconfig.protocols.pvp2.IssuerName=PVP Service Name +webpages.moaconfig.protocols.pvp2.org.header=Organisation +webpages.moaconfig.protocols.pvp2.org.name=Kurzbezeichnung +webpages.moaconfig.protocols.pvp2.org.displayname=Vollst\u00E4ndiger Name +webpages.moaconfig.protocols.pvp2.org.url=URL der Organisation +webpages.moaconfig.protocols.pvp2.contact.header=Kontaktdaten +webpages.moaconfig.protocols.pvp2.contact.surename=Familienname +webpages.moaconfig.protocols.pvp2.contact.givenname=Vorname +webpages.moaconfig.protocols.pvp2.contact.email=Mailadresse +webpages.moaconfig.protocols.pvp2.contact.company=Unternehmen +webpages.moaconfig.protocols.pvp2.contact.phone=Telefonnummer +webpages.moaconfig.protocols.pvp2.contact.type=Type des Kontakts +webpages.moaconfig.sl.transormations.header=SecurityLayer Transformationen +webpages.moaconfig.sl.transormations.filename=Dateiname +webpages.moaconfig.sl.transormations.upload=Neue Transformation hochladen + +webpages.listOAs.list.first=Eindeutige Kennung +webpages.listOAs.list.second=Name der Online-Applikation + +webpages.searchoa.header=Online-Applikation suchen +webpages.searchoa.search.friendlyname=Name der Online-Applikation +webpages.searchoa.butten.search=Suchen + +webpages.oaconfig.header=Konfiguration der Onlineapplikation +webpages.oaconfig.general.isActive=Online-Applikation ist aktiviert +webpages.oaconfig.general.bku.header=BKU Konfiguration +webpages.oaconfig.general.bku.local=Locale BKU +webpages.oaconfig.general.bku.online=Online BKU +webpages.oaconfig.general.bku.handy=Handy BKU +webpages.oaconfig.general.bku.slversion=SecurityLayer Version +webpages.oaconfig.general.bku.keyboxidentifier=KeyBoxIdentifier +webpages.oaconfig.general.bku.legacy=Legacy Modus +webpages.oaconfig.general.bku.sltemplate.first=1. SecurityLayer Template +webpages.oaconfig.general.bku.sltemplate.second=2. SecurityLayer Template +webpages.oaconfig.general.bku.sltemplate.third=3. SecurityLayer Template +webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix) +webpages.oaconfig.general.mandate.header=Vollmachten +webpages.oaconfig.general.mandate.profiles=Profile +webpages.oaconfig.general.friendlyname=Name der Online-Applikation +webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation +webpages.oaconfig.general.public.header=Öffentlicher Bereich +webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs +webpages.oaconfig.general.target=Bereich (Target) +webpages.oaconfig.general.business.header=Privatwirtschaftlicher Bereich +webpages.oaconfig.general.business.value=Identificationsnummer +webpages.oaconfig.general.aditional.header=Zusätzliche allgemeine Einstellungen +webpages.oaconfig.general.aditional.authblocktext=AuthblockText +webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame +webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden +webpages.oaconfig.general.aditional.calculateHPI="TODO!" + +webpages.oaconfig.menu.saml1.show=SAML1 Konfiguration einblenden +webpages.oaconfig.menu.saml1.hidden=SAML1 Konfiguration ausblenden +webpages.oaconfig.menu.pvp2.show=PVP2 Konfiguration einblenden +webpages.oaconfig.menu.pvp2.hidden=PVP2 Konfiguration ausblenden + +webpages.oaconfig.menu.stork=STORK Konfiguration + +webpages.oaconfig.protocols.header=Authentifizierungsprotokolle + +webpages.oaconfig.sso.header=Single Sign-On +webpages.oaconfig.sso.singlelogouturl=Single Log-Out URL +webpages.oaconfig.sso.useauthdataframe=Zus\u00E4tzliche Userabfrage +webpages.oaconfig.sso.usesso=Single Sign-On verwenden + +webpages.oaconfig.protocols.saml1.header=SAML1 Konfiguration +webpages.oaconfig.saml1.provideStammZahl=Stammzahl \u00FCbertragen +webpages.oaconfig.saml1.provideAuthBlock=Authentifizierungsblock \u00FCbertragen +webpages.oaconfig.saml1.provideIdentityLink=Personenbindung \u00FCbertragen +webpages.oaconfig.saml1.provideCertificate=Zertifikat \u00FCbertragen +webpages.oaconfig.saml1.provideFullMandateData=Vollst\u00E4ndige Vollmacht \u00FCbertragen +webpages.oaconfig.saml1.useCondition=Usecondition +webpages.oaconfig.saml1.conditionLength=ConditionLength + +webpages.oaconfig.protocols.pvp2.header=PVP2.x Konfiguration +webpages.oaconfig.pvp2.metaDataURL=URL zu den Metadaten +webpages.oaconfig.pvp2.certifcate=Zertifikat hochladen +webpages.oaconfig.pvp2.certifcate.info=Infos zum Zertifikat + +message.title=Meldung: +webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. +webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen. + +webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht. +webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00F6scht werden. + +webpages.edit.save=\u00C4nderungen Speichern +webpages.edit.back=Zur\u00FCck und \u00C4nderungen verwerfen +webpages.edit.delete=Online-Applikation l\u00F6schen + +webpages.header.info=Sie sind angemeldet als: +webpages.header.lastlogin=Letzte Anmeldung am: + +validation.edituser.familyname.empty=Der Familienname ist leer. +validation.edituser.familyname.valid=Der Familienname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.givenname.empty=Der Vorname ist leer. +validation.edituser.givenname.valid=Der Vorname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.institut.empty=Die Organisation ist leer. +validation.edituser.institut.valid=Die Organisation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.mail.empty=Die EMail Adresse ist leer. +validation.edituser.mail.valid=Die EMail Adresse hat kein g\u00FCltiges Format. +validation.edituser.phone.empty=Die Telefonnummer ist leer. +validation.edituser.phone.valid=Die Telefonnummer hat kein g\u00FCltiges Form +validation.edituser.username.empty=Der Benutzername ist leer. +validation.edituser.username.valid=Der Benutzername enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.edituser.username.duplicate=Der Benutzername ist bereits vergeben +validation.edituser.password.empty=Das Passwort ist leer. +validation.edituser.password.valid=Das Passwort konnte nicht in einen g\u00FCltigen Schl\u00FCssel transferiert werden. +validation.edituser.password.equal=Die Passw\u00F6rter sind nicht identisch. +validation.edituser.bpk.valid=Die BPK enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} + +validation.general.AlternativeSourceID=Die AlternaticeSourceID enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.certStoreDirectory.empty=CertStoreDirectory Feld ist leer. +validation.general.certStoreDirectory.valid=Das CertStoreDirectory Feld enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.Defaultchainigmode.empty=Es wurde kein DefaultChainingMode gew\u00E4hlt. +validation.general.Defaultchainigmode.valid=Der DefaultChainingMode enth\u00E4lt einen ung\u00F6ltigen Wert. +validation.general.IdentityLinkSigners.empty=Es wurde kein IdentityLinkSigner angegeben +validation.general.IdentityLinkSigners.valid=Der IdentityLinkSigner in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} +validation.general.mandateservice.valid=Die URL zum Online-Vollmachten Service hat kein g\u00F6ltiges Format. +validation.general.moasp.auth.transformation.empty=Die Transformation f\u00F6r den Authentfizierungsblock ist leer. +validation.general.moasp.auth.transformation.valid=Die Transformation f\u00F6r den Authentfizierungsblock in der Zeile {0} enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {1} +validation.general.moasp.auth.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock ist leer. +validation.general.moasp.auth.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung des Authentfizierungsblock enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.moasp.idl.trustprofile.empty=Das TrustProfile zur Pr\u00F6fung der Personenbindung ist leer. +validation.general.moasp.idl.trustprofile.valid=Das TrustProfile zur Pr\u00F6fung der Personenbindung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.moaspss.url.valid=Die URL zum MOA-SP/SS Service hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.issuername.valid=PVP2\: Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.displayname.valid=PVP2 Organisation\: Vollst\u00E4ndiger Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.name.valid=PVP2 Organisation\: Kurzbezeichnung enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.org.url.valid=PVP2 Organisation\: URL hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.serviceurl.valid=PVP2\: Service URL-Prefix hat kein g\u00F6ltiges Format. +validation.general.protocol.pvp2.contact.company.valid=PVP2 Kontaktdaten\: Der Firmenname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.givenname.valid=PVP2 Kontaktdaten\: Der Familienname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.surename.valid=PVP2 Kontaktdaten\: Der Vorname enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.protocol.pvp2.contact.type.valid=PVP2 Kontaktdaten: Der angegebene Kontakttyp existiert nicht. +validation.general.protocol.pvp2.contact.mail.valid=PVP2 Kontaktdaten\: Die EMail Adresse ist nicht g\u00FCltig. +validation.general.protocol.pvp2.contact.phone.valid=PVP2 Kontaktdaten\: Die Telefonnummer ist nicht g\u00FCltig. +validation.general.timeouts.assertion.valid=Das Feld Assertion TimeOut hat keinen g\u00F6ltigen Wert. +validation.general.timeouts.moasessioncreated.valid=Das Feld MOASessionCreated TimeOut hat keinen g\u00FCltigen Wert. +validation.general.timeouts.moasessionupdated.valid=Das Feld MOASessionUpdated TimeOut hat keinen g\u00FCltigen Wert. + +validation.general.slrequest.handy.empty=Die URL zum SecurityLayer Template f\u00F6r die Handy-BKU ist leer. +validation.general.slrequest.handy.valid=Die URL zum SecurityLayer Template f\u00F6r die Handy-BKU hat kein g\u00F6ltiges Format. +validation.general.slrequest.local.empty=Die URL zum SecurityLayer Template f\u00F6r die locale BKU ist leer. +validation.general.slrequest.local.valid=Die URL zum SecurityLayer Template f\u00F6r die locale BKU hat kein g\u00F6ltiges Format. +validation.general.slrequest.online.empty=Die URL zum SecurityLayer Template f\u00F6r die Online-BKU ist leer. +validation.general.slrequest.online.valid=Die URL zum SecurityLayer Template f\u00F6r die Online-BKU hat kein g\u00F6ltiges Format. +validation.general.sso.friendlyname.valid=Der SSO Service Name enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.identificationnumber.valid=Die SSO IdentificationNumber enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.publicurl.valid=Der SSO Service URL-Prefix hat kein g\u00F6ltiges Format. +validation.general.sso.specialauthtext.valid=Der SSO AuthBlockText enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.sso.target.empty=Das SSO Target Feld ist leer. +validation.general.sso.target.valid=Das SSO Target Feld enth\u00E4lt ein ung\u00FCltiges Target. +validation.general.szrgw.url.valid=Die URL des SZR Gateways hat kein g\u00F6ltiges Format. +validation.general.trustedcacerts.empty=Das Feld TrustedCACertificates ist leer. +validation.general.trustedcacerts.valid=Das Feld TrustedCACertificates enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.slrequest.filename.valid=Der Dateiname der angegebenen SecurtityLayer Transformation enth\u00E4lt ein ung\u00FCltiges Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.slrequest.file.valid=Die angegebenen SecurtityLayer Transformation konnte nicht geladen werden. + +validation.general.aditionalauthblocktext=Der Zusatztext f\u00FCr den AuthBlock enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.bku.handy.empty=Die URL f\u00FCr die Handy-BKU ist leer. +validation.general.bku.handy.valid=Die URL f\u00FCr die Handy-BKU hat kein g\u00FCltiges Format. +validation.general.bku.local.empty=Die URL f\u00FCr die lokale BKU ist leer. +validation.general.bku.local.valid=Die URL f\u00FCr die locale BKU hat kein g\u00FCltiges Format. +validation.general.bku.online.empty=Die URL f\u00FCr die Online-BKU ist leer. +validation.general.bku.online.valid=Die URL f\u00FCr die Online-BKU hat kein g\u00FCltiges Format. +validation.general.oafriendlyname.empty=Es wurde keine Online-Applikation angegeben. +validation.general.oafriendlyname=Der Name der Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.keyboxidentifier.empty=Es wurde kein KeyBoxIdentifier ausgew\u00E4hlt. +validation.general.keyboxidentifier.valid=Der KeyBoxIdentifier hat ein ung\u00FCltiges Format. +validation.general.sltemplates.empty=Wenn der Legacymodus verwendet werden soll muss zumindest ein SecurityLayer Template angegeben werden. +validation.general.sltemplate1.valid=Die erste SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.sltemplate2.valid=Die zweite SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.sltemplate3.valid=Die dritte SecurityLayer Template URL hat kein g\u00FCltiges Format. +validation.general.mandate.profiles=Die Liste von Vollmachtsprofilen enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.target.empty=Der Target f\u00FCr die Online-Applikation ist leer. +validation.general.target.valid=Der Target f\u00FCr die Online-Applikation hat kein g\u00FCltiges Format. +validation.general.slversion=Die SecurtiyLayer Version ist kein Zahlenformat. +validation.general.slversion.business=Im privatwirtschaftlichen Bereich muss die SecurityLayerversion mindestes 1.2 betragen. Die SLVersion wurde auf 1.2 ge\u00E4ndert. +validation.general.targetfriendlyname=Der Name des Bereichs (Target) enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.identificationnumber.empty=Im privatwirtschaftlichen Bereich ist eine Identifikationsnummer erforderlich. +validation.general.identificationnumber.valid=Die Identifikationsnummer f\u00FCr den privatwirtschaftlichen Bereich enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.identificationnumber.fa.valid=Die Firmenbuchnummer hat kein g\u00FCltiges Format. +validation.general.oaidentifier.empty=Es wurde kein eindeutiger Identifier f\u00FCr die Online-Applikation angegeben. +validation.general.oaidentifier.valid=Der eindeutige Identifier f\u00FCr die Online-Applikation enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} +validation.general.oaidentifier.notunique=Der gew\u00E4hlte eindeutige Identifier ist bereits vorhanden. Eine Eintragung der Online-Applikation ist nicht m\u00F6glich. + +validation.pvp2.metadataurl.empty=Keine Metadaten URL angegeben. +validation.pvp2.metadataurl.valid=Die Metadaten URL wei\u00DFt kein g\u00FCltiges URL Format auf. +validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. +validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. + +validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich. +validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf. + +validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden. + diff --git a/id/ConfigWebTool/src/main/resources/log4j.properties b/id/ConfigWebTool/src/main/resources/log4j.properties new file mode 100644 index 000000000..a264eaa85 --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/log4j.properties @@ -0,0 +1,20 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootCategory=INFO, CONSOLE +#log4j.rootCategory=INFO, CONSOLE, LOGFILE + +# Set the enterprise logger category to FATAL and its only appender to CONSOLE. +log4j.logger.at.gv.egovernment.moa.id.configuration=DEBUG, CONSOLE + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=INFO +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n + +# LOGFILE is set to be a File appender using a PatternLayout. +log4j.appender.LOGFILE=org.apache.log4j.FileAppender +log4j.appender.LOGFILE.File=axis.log +log4j.appender.LOGFILE.Append=true +log4j.appender.LOGFILE.Threshold=INFO +log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout +log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n diff --git a/id/ConfigWebTool/src/main/resources/struts.properties b/id/ConfigWebTool/src/main/resources/struts.properties new file mode 100644 index 000000000..5b219754a --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/struts.properties @@ -0,0 +1,18 @@ + + +# struts.configuration=org.apache.struts2.config.DefaultConfiguration + +# struts.multipart.parser=cos +# struts.multipart.parser=pell +struts.multipart.parser=jakarta +# uses javax.servlet.context.tempdir by default +struts.multipart.saveDir= +struts.multipart.maxSize=-1 + +struts.ui.theme=css_xhtml + +struts.devMode=false +struts.action.extension=action,, + +struts.custom.i18n.resources=applicationResources +struts.i18n.encoding=UTF-8
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml new file mode 100644 index 000000000..3b33bffcb --- /dev/null +++ b/id/ConfigWebTool/src/main/resources/struts.xml @@ -0,0 +1,280 @@ +<?xml version="1.0" encoding="UTF-8" ?> +<!DOCTYPE struts PUBLIC + "-//Apache Software Foundation//DTD Struts Configuration 2.0//EN" + "http://struts.apache.org/dtds/struts-2.0.dtd"> + +<struts> + + <constant name="struts.custom.i18n.resources" value="webpages" /> + + <package name="default" namespace="/" extends="struts-default"> + + <default-interceptor-ref name="defaultStack"/> + + <action name="index" method="start" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> + <result name="success">/index.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="authenticate" method="authenticate" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> + <result name="success" type="redirectAction"> + <param name="actionName">main</param> + <param name="namespace">/secure</param> + </result> + <result name="error">/index.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="logout" method="logout" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> + <result name="success" type="redirectAction"> + <param name="actionName">index</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="error" method="error" class="at.gv.egovernment.moa.id.configuration.struts.action.IndexAction"> + <result name="error">/error.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + </package> + + <package name="secure" namespace="/secure" extends="struts-default"> + + <default-interceptor-ref name="defaultStack"/> + + <action name="index"> + <result type="redirectAction"> + <param name="actionName">index</param> + <param name="namespace">/</param> + </result> + </action> + + <action name="main" method="generateMainFrame" class="at.gv.egovernment.moa.id.configuration.struts.action.MainAction"> + <result name="success">/jsp/mainpage.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="listallapplications" method="listAllOnlineAppliactions" class="at.gv.egovernment.moa.id.configuration.struts.action.ListOAsAction"> + <result name="success">/jsp/listOAs.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="searchOAInit" method="searchOAInit" class="at.gv.egovernment.moa.id.configuration.struts.action.ListOAsAction"> + <result name="success">/jsp/searchOAs.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="searchOA" method="searchOA" class="at.gv.egovernment.moa.id.configuration.struts.action.ListOAsAction"> + <result name="success">/jsp/searchOAs.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="newOA" method="newOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> + <result name="editOA">/jsp/editOAGeneral.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="loadOA" method="inital" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> + <result name="editOA">/jsp/editOAGeneral.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="saveOA" method="saveOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/editOAGeneral.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="cancleandbackOA" method="cancleAndBackOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> + <result type="chain">main</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="deleteOA" method="deleteOA" class="at.gv.egovernment.moa.id.configuration.struts.action.EditOAAction"> + <result type="chain">main</result> + <result name="error_validation">/jsp/editOAGeneral.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="loadGeneralConfig" method="loadConfig" class="at.gv.egovernment.moa.id.configuration.struts.action.EditGeneralConfigAction"> + <result name="success">/jsp/editMOAConfig.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <result name="notallowed" type="chain">main</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="saveGeneralConfig" method="saveConfig" class="at.gv.egovernment.moa.id.configuration.struts.action.EditGeneralConfigAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/editMOAConfig.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <result name="notallowed" type="chain">main</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="backGeneralConfig" method="back" class="at.gv.egovernment.moa.id.configuration.struts.action.EditGeneralConfigAction"> + <result name="success" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="importexport" method="init" class="at.gv.egovernment.moa.id.configuration.struts.action.ImportExportAction"> + <result name="success">/jsp/importexport.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <result name="notallowed" type="chain">main</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="importlegacy" method="importLegacyConfig" class="at.gv.egovernment.moa.id.configuration.struts.action.ImportExportAction"> + <result name="success">/jsp/mainpage.jsp</result> + <result name="error_validation">/jsp/importexport.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <result name="notallowed">/jsp/mainpage.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="importConfig" method="importXMLConfig" class="at.gv.egovernment.moa.id.configuration.struts.action.ImportExportAction"> + <result name="success">/jsp/mainpage.jsp</result> + <result name="error_validation">/jsp/importexport.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <result name="notallowed">/jsp/mainpage.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="exportConfig" method="downloadXMLConfig" class="at.gv.egovernment.moa.id.configuration.struts.action.ImportExportAction"> + <result name="success" type="stream"> + <param name="contentType">application/octet-stream</param> + <param name="inputName">fileInputStream</param> + <param name="contentDisposition">attachment;filename="MOAID-2.0_config.xml"</param> + <param name="bufferSize">1024</param> + </result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <result name="error_validation">/jsp/importexport.jsp</result> + <result name="notallowed">/jsp/mainpage.jsp</result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="usermanagementInit" method="init" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> + <result name="success">/jsp/usermanagement.jsp</result> + <result name="notallowed">/jsp/edituser.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="createUser" method="createuser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> + <result name="success">/jsp/edituser.jsp</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="editUser" method="edituser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> + <result name="success">/jsp/edituser.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="deleteUser" method="deleteuser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> + <result name="success" type="chain">usermanagementInit</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + <action name="saveUser" method="saveuser" class="at.gv.egovernment.moa.id.configuration.struts.action.UserManagementAction"> + <result name="success" type="chain">usermanagementInit</result> + <result name="error_validation">/jsp/edituser.jsp</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="defaultStack"/> + </action> + + </package> + +</struts>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/log4j.properties b/id/ConfigWebTool/src/main/webapp/WEB-INF/log4j.properties new file mode 100644 index 000000000..3ca86f404 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/log4j.properties @@ -0,0 +1,20 @@ +# Set root category priority to INFO and its only appender to CONSOLE. +log4j.rootCategory=INFO, CONSOLE +#log4j.rootCategory=INFO, CONSOLE, LOGFILE + +# Set the enterprise logger category to FATAL and its only appender to CONSOLE. +log4j.logger.org.apache.axis.enterprise=FATAL, CONSOLE + +# CONSOLE is set to be a ConsoleAppender using a PatternLayout. +log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender +log4j.appender.CONSOLE.Threshold=INFO +log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout +log4j.appender.CONSOLE.layout.ConversionPattern=- %m%n + +# LOGFILE is set to be a File appender using a PatternLayout. +log4j.appender.LOGFILE=org.apache.log4j.FileAppender +log4j.appender.LOGFILE.File=axis.log +log4j.appender.LOGFILE.Append=true +log4j.appender.LOGFILE.Threshold=INFO +log4j.appender.LOGFILE.layout=org.apache.log4j.PatternLayout +log4j.appender.LOGFILE.layout.ConversionPattern=%-4r [%t] %-5p %c %x - %m%n diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml new file mode 100644 index 000000000..7b27b0c4d --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml @@ -0,0 +1,83 @@ +<?xml version="1.0" encoding="UTF-8"?> +<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> + <display-name>DemoAppMandates</display-name> + + + <filter> + <filter-name>AuthenicationFiler</filter-name> + <filter-class>at.gv.egovernment.moa.id.configuration.filter.AuthenticationFilter</filter-class> + <init-param> + <param-name>loginPage</param-name> + <param-value>./index.action</param-value> + </init-param> + <init-param> + <param-name>errorPage</param-name> + <param-value>./error.action</param-value> + </init-param> + <init-param> + <param-name>sessionLostPage</param-name> + <param-value>./authenticate.action</param-value> + </init-param> + <init-param> + <param-name>authenticatedPage</param-name> + <param-value>./secure/main.action</param-value> + </init-param> + <init-param> + <param-name>allowed</param-name> + <param-value>^.*((/index.action)|(/error.action)|(/authenticate.action)|(/logout.action)|(/jsp/.*)|(/css/.*)|(/images/.*)|(/js/.*))$</param-value> + </init-param> + </filter> + <filter-mapping> + <filter-name>AuthenicationFiler</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + +<!-- + <filter> + <filter-name>sitemash</filter-name> + <filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class> + </filter> --> + + <filter> + <filter-name>struts2</filter-name> + <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> + </filter> + + <filter> + <filter-name>EncodingFilter</filter-name> + <filter-class>at.iaik.commons.webapp.filter.encoding.EncodingFilter</filter-class> + <init-param> + <param-name>encoding</param-name> + <param-value>UTF-8</param-value> + </init-param> + <init-param> + <param-name>setResponseEncoding</param-name> + <param-value>true</param-value> + </init-param> + <init-param> + <param-name>forceResponseEncoding</param-name> + <param-value>true</param-value> + </init-param> + </filter> + +<!-- <filter-mapping> + <filter-name>sitemash</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> --> + + <filter-mapping> + <filter-name>struts2</filter-name> + <url-pattern>*.action</url-pattern> + </filter-mapping> + + <filter-mapping> + <filter-name>EncodingFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + + <welcome-file-list> + <welcome-file>/index.action</welcome-file> + </welcome-file-list> +</web-app> diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css new file mode 100644 index 000000000..6eeb6a4ee --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -0,0 +1,297 @@ +@CHARSET "UTF-8"; + +#header_area { + padding-bottom: 10px; + background-color: #6FA5D4; + display: block; + font-size: 20px; + /* margin-left: 25px; */ + padding-top: 10px; + padding-left: 25px; + border-radius: 3px; +} + +#header_area>div { + font-size: 20px; + margin-left: 25px; + padding-top: 8px; +} + +#header_area #logoutbutton { + float: right; + padding-right: 25px; +} + +#menu_area { + margin-top: 25px; + border-color: black; + border-style: solid; + border-width: 2px; + width: 250px; + margin-left: 15px; + position: relative; + padding-left: 15px; + padding-top: 10px; + float: left; + /* background-color: gray; */ + background-color: #CACACA; + border-radius: 5px; +} + +.menu_element { + margin-top: 15px; + margin-bottom: 15px; + font-size: 20px; + display: block; +/* background-color: red; */ + background-color: #6FA5D4; + margin-right: 18px; + margin-top: 5px; + height: 30px; + border-radius: 10px; + padding-top: 5px; +} + +.menu_element>a { + padding: 5px; + margin-left: 5px; +} + +#information_area { + float: left; + padding-left: 25px; + padding-top: 25px; +} + +#message_area { + color: green; +} + +#message_area label { + font-size: 18px; + font-weight: bold; +} + +#error_area { + color: red; +} + +#error_area label{ + font-size: 18px; + font-weight: bold; +} + +#search_area { + +} + +#button_area { + margin-top: 25px; + margin-bottom: 50px; + clear: both; + padding-left: 70px; +} + +#button_area input { + float: left; + margin-left: 40px; + width: 225px; +} + +#button_saml1_hidden { + display: none; +} + +#button_pvp2_hidden { + display: none; +} + +.oa_protocol_area { + clear: both; + margin-left: 25px; + padding-top: 20px; + display: none; +} + +.oa_protocol_area >h4 { + margin-left: 10px; +} + + +.oa_config_block { + padding-left: 15px; + clear: both; +} + +/* .oa_config_block label{ + float: left; + padding-right: 10px; + padding-top: 3px; + text-align: right; + width: 250px; +} */ + +.oa_config_block label.radio{ + text-align: left; + width: 170px; +} + +/* .oa_config_block input{ + float: left; + padding-bottom: 5px; + padding-top: 5px; + text-align: left; +} */ + +.oa_config_block input.radio{ + margin-top: 6px; +} + +.oa_config_block h3 { + padding-top: 25px; +} + +#loadOA_webpages_oaconfig_pvp2_certifcate_info{ + width: 100%; +} + +.moageneral_protocol_area { + clear: both; + margin-left: 25px; +} + +.moageneral_protocol_area>h4 { + margin-left: 10px; +} + +#moageneral_legacy_protocol>.wwgrp { + clear: none; +} + +.wwlbl { + float: left; + padding-right: 10px; + padding-top: 3px; + text-align: right; + width: 300px; +} + +.wwctrl { + float: left; + padding-bottom: 5px; + padding-top: 1px; + text-align: left; +} + +.wwgrp { + clear:both; +} + +#oa_saml1_area .wwgrp { + float: left; + clear: none; + margin-right: 50px; +} + +div .wwgrp br { + display: none; +} + +.textfield_short { + width: 30px; + +} + +.textfield_long { + width: 600px; + +} + +.textfield_large{ + width: 600px; + height: 200px; + text-align: left; +} + +.checkbox{ + margin-top: 7px; +} + +.oa_buttons{ + float: left; + margin-left: 100px; +} + +#list_area { + width: 100%; +} + +.listElement { + cursor: pointer; + margin-bottom: 5px; + margin-top: 5px; + padding-top: 5px; + padding-right: 10px; + border-bottom: 1px; + border-color: red; + border-bottom-style: solid; + clear: both; +} + +#listHeader { + cursor: default; + border-bottom-style: none; + display: table-header-group; + font-weight: bold; + font-size: 18px; +} + +.listFirst { + position: relative; + width: 450px; + float: left; + +} + +.listSecond { + position: relative; + float: left; +} + +.userListFirst { + position: relative; + width: 200px; + float: left; + +} + +.userListSecond { + position: relative; + float: left; + width: 200px; +} + +.userListThird { + position: relative; + float: left; +} + +.disabled { + +} + +#footer_area { + background-color: #6FA5D4; + clear: both; + display: block; +/* height: 40px; */ + padding-bottom: 10px; + margin-top: 15px; + padding-left: 30px; + position: relative; + top: 15px; + font-size: 20px; + text-align: center; + padding-top: 10px; + border-radius: 3px; +} diff --git a/id/ConfigWebTool/src/main/webapp/error.jsp b/id/ConfigWebTool/src/main/webapp/error.jsp new file mode 100644 index 000000000..97dc218e7 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/error.jsp @@ -0,0 +1,27 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> + <link rel="stylesheet" type="text/css" href="css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + </head> + + <body> + <h1><%=LanguageHelper.getGUIString("webpages.error.header", request) %></h1> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + </div> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/index.action b/id/ConfigWebTool/src/main/webapp/index.action new file mode 100644 index 000000000..e69de29bb --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/index.action diff --git a/id/ConfigWebTool/src/main/webapp/index.jsp b/id/ConfigWebTool/src/main/webapp/index.jsp new file mode 100644 index 000000000..4e49eac75 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/index.jsp @@ -0,0 +1,55 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + </head> + + <body> + <h1><%=LanguageHelper.getGUIString("webpages.index.header", request) %></h1> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <div id="information_area"> + <p><%=LanguageHelper.getGUIString("webpages.index.desciption.head", request) %></p> + + <div class="oa_config_block"> + + <s:form namespace="/" method="POST" enctype="multipart/form-data"> + + <s:textfield name="username" + value="%{username}" + labelposition="left" + key="webpages.edituser.username" + cssClass="textfield_long" + maxlength="16"> + </s:textfield> + + <s:password name="password" + labelposition="left" + key="webpages.edituser.password" + cssClass="textfield_long" + maxlength="16"> + </s:password> + + <s:submit key="webpages.index.login" action="authenticate"/> + + </s:form> + </div> + + </div> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js new file mode 100644 index 000000000..249cb37fa --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -0,0 +1,71 @@ +function oaBusinessService() { + if ($('#OAisbusinessservice').attr('checked') == 'checked') { + + $('#oa_config_businessservice').css('display', "block"); + $('#oa_config_publicservice').css('display', "none"); + + } else { + + $('#oa_config_businessservice').css('display', "none"); + $('#oa_config_publicservice').css('display', "block"); + + } +} +function oaSSOService() { + if ($('#OAuseSSO').attr('checked') == 'checked') { + + $('#sso_bock').css('display', "block"); + + } else { + + $('#sso_bock').css('display', "none"); + + } +} +function oaSAML1() { + if ($('#oa_saml1_area').css('display') == "block") { + $('#oa_saml1_area').css('display', "none"); + $('#button_smal1_show').css('display', "block"); + $('#button_saml1_hidden').css('display', "none"); + } else { + $('#oa_saml1_area').css('display', "block"); + $('#button_smal1_show').css('display', "none"); + $('#button_saml1_hidden').css('display', "block"); + } +} +function oaPVP2(){ + if ($('#oa_pvp2_area').css('display') == "block") { + $('#oa_pvp2_area').css('display', "none"); + $('#button_pvp2_show').css('display', "block"); + $('#button_pvp2_hidden').css('display', "none"); + } else { + $('#oa_pvp2_area').css('display', "block"); + $('#button_pvp2_show').css('display', "none"); + $('#button_pvp2_hidden').css('display', "block"); + } +} +function editOA(oaid){ + $('#selectOAForm_OAID').val(oaid); + $('#selectOAForm').submit(); +} +function userOA(userid){ + $('#selectUserForm_OAID').val(userid); + $('#selectUserForm').submit(); +} +function oaLegacyService() { + if ($('#OAislegacy').attr('checked') == 'checked') { + + $('#oa_config_sltemplates').css('display', "block"); + + } else { + + $('#oa_config_sltemplates').css('display', "none"); + + } +} +function oaOnLoad() { + oaBusinessService(); + oaSSOService(); + oaLegacyService(); + return true; +}
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/js/jquery.js b/id/ConfigWebTool/src/main/webapp/js/jquery.js new file mode 100644 index 000000000..3774ff986 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/js/jquery.js @@ -0,0 +1,9404 @@ +/*! + * jQuery JavaScript Library v1.7.2 + * http://jquery.com/ + * + * Copyright 2011, John Resig + * Dual licensed under the MIT or GPL Version 2 licenses. + * http://jquery.org/license + * + * Includes Sizzle.js + * http://sizzlejs.com/ + * Copyright 2011, The Dojo Foundation + * Released under the MIT, BSD, and GPL Licenses. + * + * Date: Wed Mar 21 12:46:34 2012 -0700 + */ +(function( window, undefined ) { + +// Use the correct document accordingly with window argument (sandbox) +var document = window.document, + navigator = window.navigator, + location = window.location; +var jQuery = (function() { + +// Define a local copy of jQuery +var jQuery = function( selector, context ) { + // The jQuery object is actually just the init constructor 'enhanced' + return new jQuery.fn.init( selector, context, rootjQuery ); + }, + + // Map over jQuery in case of overwrite + _jQuery = window.jQuery, + + // Map over the $ in case of overwrite + _$ = window.$, + + // A central reference to the root jQuery(document) + rootjQuery, + + // A simple way to check for HTML strings or ID strings + // Prioritize #id over <tag> to avoid XSS via location.hash (#9521) + quickExpr = /^(?:[^#<]*(<[\w\W]+>)[^>]*$|#([\w\-]*)$)/, + + // Check if a string has a non-whitespace character in it + rnotwhite = /\S/, + + // Used for trimming whitespace + trimLeft = /^\s+/, + trimRight = /\s+$/, + + // Match a standalone tag + rsingleTag = /^<(\w+)\s*\/?>(?:<\/\1>)?$/, + + // JSON RegExp + rvalidchars = /^[\],:{}\s]*$/, + rvalidescape = /\\(?:["\\\/bfnrt]|u[0-9a-fA-F]{4})/g, + rvalidtokens = /"[^"\\\n\r]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, + rvalidbraces = /(?:^|:|,)(?:\s*\[)+/g, + + // Useragent RegExp + rwebkit = /(webkit)[ \/]([\w.]+)/, + ropera = /(opera)(?:.*version)?[ \/]([\w.]+)/, + rmsie = /(msie) ([\w.]+)/, + rmozilla = /(mozilla)(?:.*? rv:([\w.]+))?/, + + // Matches dashed string for camelizing + rdashAlpha = /-([a-z]|[0-9])/ig, + rmsPrefix = /^-ms-/, + + // Used by jQuery.camelCase as callback to replace() + fcamelCase = function( all, letter ) { + return ( letter + "" ).toUpperCase(); + }, + + // Keep a UserAgent string for use with jQuery.browser + userAgent = navigator.userAgent, + + // For matching the engine and version of the browser + browserMatch, + + // The deferred used on DOM ready + readyList, + + // The ready event handler + DOMContentLoaded, + + // Save a reference to some core methods + toString = Object.prototype.toString, + hasOwn = Object.prototype.hasOwnProperty, + push = Array.prototype.push, + slice = Array.prototype.slice, + trim = String.prototype.trim, + indexOf = Array.prototype.indexOf, + + // [[Class]] -> type pairs + class2type = {}; + +jQuery.fn = jQuery.prototype = { + constructor: jQuery, + init: function( selector, context, rootjQuery ) { + var match, elem, ret, doc; + + // Handle $(""), $(null), or $(undefined) + if ( !selector ) { + return this; + } + + // Handle $(DOMElement) + if ( selector.nodeType ) { + this.context = this[0] = selector; + this.length = 1; + return this; + } + + // The body element only exists once, optimize finding it + if ( selector === "body" && !context && document.body ) { + this.context = document; + this[0] = document.body; + this.selector = selector; + this.length = 1; + return this; + } + + // Handle HTML strings + if ( typeof selector === "string" ) { + // Are we dealing with HTML string or an ID? + if ( selector.charAt(0) === "<" && selector.charAt( selector.length - 1 ) === ">" && selector.length >= 3 ) { + // Assume that strings that start and end with <> are HTML and skip the regex check + match = [ null, selector, null ]; + + } else { + match = quickExpr.exec( selector ); + } + + // Verify a match, and that no context was specified for #id + if ( match && (match[1] || !context) ) { + + // HANDLE: $(html) -> $(array) + if ( match[1] ) { + context = context instanceof jQuery ? context[0] : context; + doc = ( context ? context.ownerDocument || context : document ); + + // If a single string is passed in and it's a single tag + // just do a createElement and skip the rest + ret = rsingleTag.exec( selector ); + + if ( ret ) { + if ( jQuery.isPlainObject( context ) ) { + selector = [ document.createElement( ret[1] ) ]; + jQuery.fn.attr.call( selector, context, true ); + + } else { + selector = [ doc.createElement( ret[1] ) ]; + } + + } else { + ret = jQuery.buildFragment( [ match[1] ], [ doc ] ); + selector = ( ret.cacheable ? jQuery.clone(ret.fragment) : ret.fragment ).childNodes; + } + + return jQuery.merge( this, selector ); + + // HANDLE: $("#id") + } else { + elem = document.getElementById( match[2] ); + + // Check parentNode to catch when Blackberry 4.6 returns + // nodes that are no longer in the document #6963 + if ( elem && elem.parentNode ) { + // Handle the case where IE and Opera return items + // by name instead of ID + if ( elem.id !== match[2] ) { + return rootjQuery.find( selector ); + } + + // Otherwise, we inject the element directly into the jQuery object + this.length = 1; + this[0] = elem; + } + + this.context = document; + this.selector = selector; + return this; + } + + // HANDLE: $(expr, $(...)) + } else if ( !context || context.jquery ) { + return ( context || rootjQuery ).find( selector ); + + // HANDLE: $(expr, context) + // (which is just equivalent to: $(context).find(expr) + } else { + return this.constructor( context ).find( selector ); + } + + // HANDLE: $(function) + // Shortcut for document ready + } else if ( jQuery.isFunction( selector ) ) { + return rootjQuery.ready( selector ); + } + + if ( selector.selector !== undefined ) { + this.selector = selector.selector; + this.context = selector.context; + } + + return jQuery.makeArray( selector, this ); + }, + + // Start with an empty selector + selector: "", + + // The current version of jQuery being used + jquery: "1.7.2", + + // The default length of a jQuery object is 0 + length: 0, + + // The number of elements contained in the matched element set + size: function() { + return this.length; + }, + + toArray: function() { + return slice.call( this, 0 ); + }, + + // Get the Nth element in the matched element set OR + // Get the whole matched element set as a clean array + get: function( num ) { + return num == null ? + + // Return a 'clean' array + this.toArray() : + + // Return just the object + ( num < 0 ? this[ this.length + num ] : this[ num ] ); + }, + + // Take an array of elements and push it onto the stack + // (returning the new matched element set) + pushStack: function( elems, name, selector ) { + // Build a new jQuery matched element set + var ret = this.constructor(); + + if ( jQuery.isArray( elems ) ) { + push.apply( ret, elems ); + + } else { + jQuery.merge( ret, elems ); + } + + // Add the old object onto the stack (as a reference) + ret.prevObject = this; + + ret.context = this.context; + + if ( name === "find" ) { + ret.selector = this.selector + ( this.selector ? " " : "" ) + selector; + } else if ( name ) { + ret.selector = this.selector + "." + name + "(" + selector + ")"; + } + + // Return the newly-formed element set + return ret; + }, + + // Execute a callback for every element in the matched set. + // (You can seed the arguments with an array of args, but this is + // only used internally.) + each: function( callback, args ) { + return jQuery.each( this, callback, args ); + }, + + ready: function( fn ) { + // Attach the listeners + jQuery.bindReady(); + + // Add the callback + readyList.add( fn ); + + return this; + }, + + eq: function( i ) { + i = +i; + return i === -1 ? + this.slice( i ) : + this.slice( i, i + 1 ); + }, + + first: function() { + return this.eq( 0 ); + }, + + last: function() { + return this.eq( -1 ); + }, + + slice: function() { + return this.pushStack( slice.apply( this, arguments ), + "slice", slice.call(arguments).join(",") ); + }, + + map: function( callback ) { + return this.pushStack( jQuery.map(this, function( elem, i ) { + return callback.call( elem, i, elem ); + })); + }, + + end: function() { + return this.prevObject || this.constructor(null); + }, + + // For internal use only. + // Behaves like an Array's method, not like a jQuery method. + push: push, + sort: [].sort, + splice: [].splice +}; + +// Give the init function the jQuery prototype for later instantiation +jQuery.fn.init.prototype = jQuery.fn; + +jQuery.extend = jQuery.fn.extend = function() { + var options, name, src, copy, copyIsArray, clone, + target = arguments[0] || {}, + i = 1, + length = arguments.length, + deep = false; + + // Handle a deep copy situation + if ( typeof target === "boolean" ) { + deep = target; + target = arguments[1] || {}; + // skip the boolean and the target + i = 2; + } + + // Handle case when target is a string or something (possible in deep copy) + if ( typeof target !== "object" && !jQuery.isFunction(target) ) { + target = {}; + } + + // extend jQuery itself if only one argument is passed + if ( length === i ) { + target = this; + --i; + } + + for ( ; i < length; i++ ) { + // Only deal with non-null/undefined values + if ( (options = arguments[ i ]) != null ) { + // Extend the base object + for ( name in options ) { + src = target[ name ]; + copy = options[ name ]; + + // Prevent never-ending loop + if ( target === copy ) { + continue; + } + + // Recurse if we're merging plain objects or arrays + if ( deep && copy && ( jQuery.isPlainObject(copy) || (copyIsArray = jQuery.isArray(copy)) ) ) { + if ( copyIsArray ) { + copyIsArray = false; + clone = src && jQuery.isArray(src) ? src : []; + + } else { + clone = src && jQuery.isPlainObject(src) ? src : {}; + } + + // Never move original objects, clone them + target[ name ] = jQuery.extend( deep, clone, copy ); + + // Don't bring in undefined values + } else if ( copy !== undefined ) { + target[ name ] = copy; + } + } + } + } + + // Return the modified object + return target; +}; + +jQuery.extend({ + noConflict: function( deep ) { + if ( window.$ === jQuery ) { + window.$ = _$; + } + + if ( deep && window.jQuery === jQuery ) { + window.jQuery = _jQuery; + } + + return jQuery; + }, + + // Is the DOM ready to be used? Set to true once it occurs. + isReady: false, + + // A counter to track how many items to wait for before + // the ready event fires. See #6781 + readyWait: 1, + + // Hold (or release) the ready event + holdReady: function( hold ) { + if ( hold ) { + jQuery.readyWait++; + } else { + jQuery.ready( true ); + } + }, + + // Handle when the DOM is ready + ready: function( wait ) { + // Either a released hold or an DOMready/load event and not yet ready + if ( (wait === true && !--jQuery.readyWait) || (wait !== true && !jQuery.isReady) ) { + // Make sure body exists, at least, in case IE gets a little overzealous (ticket #5443). + if ( !document.body ) { + return setTimeout( jQuery.ready, 1 ); + } + + // Remember that the DOM is ready + jQuery.isReady = true; + + // If a normal DOM Ready event fired, decrement, and wait if need be + if ( wait !== true && --jQuery.readyWait > 0 ) { + return; + } + + // If there are functions bound, to execute + readyList.fireWith( document, [ jQuery ] ); + + // Trigger any bound ready events + if ( jQuery.fn.trigger ) { + jQuery( document ).trigger( "ready" ).off( "ready" ); + } + } + }, + + bindReady: function() { + if ( readyList ) { + return; + } + + readyList = jQuery.Callbacks( "once memory" ); + + // Catch cases where $(document).ready() is called after the + // browser event has already occurred. + if ( document.readyState === "complete" ) { + // Handle it asynchronously to allow scripts the opportunity to delay ready + return setTimeout( jQuery.ready, 1 ); + } + + // Mozilla, Opera and webkit nightlies currently support this event + if ( document.addEventListener ) { + // Use the handy event callback + document.addEventListener( "DOMContentLoaded", DOMContentLoaded, false ); + + // A fallback to window.onload, that will always work + window.addEventListener( "load", jQuery.ready, false ); + + // If IE event model is used + } else if ( document.attachEvent ) { + // ensure firing before onload, + // maybe late but safe also for iframes + document.attachEvent( "onreadystatechange", DOMContentLoaded ); + + // A fallback to window.onload, that will always work + window.attachEvent( "onload", jQuery.ready ); + + // If IE and not a frame + // continually check to see if the document is ready + var toplevel = false; + + try { + toplevel = window.frameElement == null; + } catch(e) {} + + if ( document.documentElement.doScroll && toplevel ) { + doScrollCheck(); + } + } + }, + + // See test/unit/core.js for details concerning isFunction. + // Since version 1.3, DOM methods and functions like alert + // aren't supported. They return false on IE (#2968). + isFunction: function( obj ) { + return jQuery.type(obj) === "function"; + }, + + isArray: Array.isArray || function( obj ) { + return jQuery.type(obj) === "array"; + }, + + isWindow: function( obj ) { + return obj != null && obj == obj.window; + }, + + isNumeric: function( obj ) { + return !isNaN( parseFloat(obj) ) && isFinite( obj ); + }, + + type: function( obj ) { + return obj == null ? + String( obj ) : + class2type[ toString.call(obj) ] || "object"; + }, + + isPlainObject: function( obj ) { + // Must be an Object. + // Because of IE, we also have to check the presence of the constructor property. + // Make sure that DOM nodes and window objects don't pass through, as well + if ( !obj || jQuery.type(obj) !== "object" || obj.nodeType || jQuery.isWindow( obj ) ) { + return false; + } + + try { + // Not own constructor property must be Object + if ( obj.constructor && + !hasOwn.call(obj, "constructor") && + !hasOwn.call(obj.constructor.prototype, "isPrototypeOf") ) { + return false; + } + } catch ( e ) { + // IE8,9 Will throw exceptions on certain host objects #9897 + return false; + } + + // Own properties are enumerated firstly, so to speed up, + // if last one is own, then all properties are own. + + var key; + for ( key in obj ) {} + + return key === undefined || hasOwn.call( obj, key ); + }, + + isEmptyObject: function( obj ) { + for ( var name in obj ) { + return false; + } + return true; + }, + + error: function( msg ) { + throw new Error( msg ); + }, + + parseJSON: function( data ) { + if ( typeof data !== "string" || !data ) { + return null; + } + + // Make sure leading/trailing whitespace is removed (IE can't handle it) + data = jQuery.trim( data ); + + // Attempt to parse using the native JSON parser first + if ( window.JSON && window.JSON.parse ) { + return window.JSON.parse( data ); + } + + // Make sure the incoming data is actual JSON + // Logic borrowed from http://json.org/json2.js + if ( rvalidchars.test( data.replace( rvalidescape, "@" ) + .replace( rvalidtokens, "]" ) + .replace( rvalidbraces, "")) ) { + + return ( new Function( "return " + data ) )(); + + } + jQuery.error( "Invalid JSON: " + data ); + }, + + // Cross-browser xml parsing + parseXML: function( data ) { + if ( typeof data !== "string" || !data ) { + return null; + } + var xml, tmp; + try { + if ( window.DOMParser ) { // Standard + tmp = new DOMParser(); + xml = tmp.parseFromString( data , "text/xml" ); + } else { // IE + xml = new ActiveXObject( "Microsoft.XMLDOM" ); + xml.async = "false"; + xml.loadXML( data ); + } + } catch( e ) { + xml = undefined; + } + if ( !xml || !xml.documentElement || xml.getElementsByTagName( "parsererror" ).length ) { + jQuery.error( "Invalid XML: " + data ); + } + return xml; + }, + + noop: function() {}, + + // Evaluates a script in a global context + // Workarounds based on findings by Jim Driscoll + // http://weblogs.java.net/blog/driscoll/archive/2009/09/08/eval-javascript-global-context + globalEval: function( data ) { + if ( data && rnotwhite.test( data ) ) { + // We use execScript on Internet Explorer + // We use an anonymous function so that context is window + // rather than jQuery in Firefox + ( window.execScript || function( data ) { + window[ "eval" ].call( window, data ); + } )( data ); + } + }, + + // Convert dashed to camelCase; used by the css and data modules + // Microsoft forgot to hump their vendor prefix (#9572) + camelCase: function( string ) { + return string.replace( rmsPrefix, "ms-" ).replace( rdashAlpha, fcamelCase ); + }, + + nodeName: function( elem, name ) { + return elem.nodeName && elem.nodeName.toUpperCase() === name.toUpperCase(); + }, + + // args is for internal usage only + each: function( object, callback, args ) { + var name, i = 0, + length = object.length, + isObj = length === undefined || jQuery.isFunction( object ); + + if ( args ) { + if ( isObj ) { + for ( name in object ) { + if ( callback.apply( object[ name ], args ) === false ) { + break; + } + } + } else { + for ( ; i < length; ) { + if ( callback.apply( object[ i++ ], args ) === false ) { + break; + } + } + } + + // A special, fast, case for the most common use of each + } else { + if ( isObj ) { + for ( name in object ) { + if ( callback.call( object[ name ], name, object[ name ] ) === false ) { + break; + } + } + } else { + for ( ; i < length; ) { + if ( callback.call( object[ i ], i, object[ i++ ] ) === false ) { + break; + } + } + } + } + + return object; + }, + + // Use native String.trim function wherever possible + trim: trim ? + function( text ) { + return text == null ? + "" : + trim.call( text ); + } : + + // Otherwise use our own trimming functionality + function( text ) { + return text == null ? + "" : + text.toString().replace( trimLeft, "" ).replace( trimRight, "" ); + }, + + // results is for internal usage only + makeArray: function( array, results ) { + var ret = results || []; + + if ( array != null ) { + // The window, strings (and functions) also have 'length' + // Tweaked logic slightly to handle Blackberry 4.7 RegExp issues #6930 + var type = jQuery.type( array ); + + if ( array.length == null || type === "string" || type === "function" || type === "regexp" || jQuery.isWindow( array ) ) { + push.call( ret, array ); + } else { + jQuery.merge( ret, array ); + } + } + + return ret; + }, + + inArray: function( elem, array, i ) { + var len; + + if ( array ) { + if ( indexOf ) { + return indexOf.call( array, elem, i ); + } + + len = array.length; + i = i ? i < 0 ? Math.max( 0, len + i ) : i : 0; + + for ( ; i < len; i++ ) { + // Skip accessing in sparse arrays + if ( i in array && array[ i ] === elem ) { + return i; + } + } + } + + return -1; + }, + + merge: function( first, second ) { + var i = first.length, + j = 0; + + if ( typeof second.length === "number" ) { + for ( var l = second.length; j < l; j++ ) { + first[ i++ ] = second[ j ]; + } + + } else { + while ( second[j] !== undefined ) { + first[ i++ ] = second[ j++ ]; + } + } + + first.length = i; + + return first; + }, + + grep: function( elems, callback, inv ) { + var ret = [], retVal; + inv = !!inv; + + // Go through the array, only saving the items + // that pass the validator function + for ( var i = 0, length = elems.length; i < length; i++ ) { + retVal = !!callback( elems[ i ], i ); + if ( inv !== retVal ) { + ret.push( elems[ i ] ); + } + } + + return ret; + }, + + // arg is for internal usage only + map: function( elems, callback, arg ) { + var value, key, ret = [], + i = 0, + length = elems.length, + // jquery objects are treated as arrays + isArray = elems instanceof jQuery || length !== undefined && typeof length === "number" && ( ( length > 0 && elems[ 0 ] && elems[ length -1 ] ) || length === 0 || jQuery.isArray( elems ) ) ; + + // Go through the array, translating each of the items to their + if ( isArray ) { + for ( ; i < length; i++ ) { + value = callback( elems[ i ], i, arg ); + + if ( value != null ) { + ret[ ret.length ] = value; + } + } + + // Go through every key on the object, + } else { + for ( key in elems ) { + value = callback( elems[ key ], key, arg ); + + if ( value != null ) { + ret[ ret.length ] = value; + } + } + } + + // Flatten any nested arrays + return ret.concat.apply( [], ret ); + }, + + // A global GUID counter for objects + guid: 1, + + // Bind a function to a context, optionally partially applying any + // arguments. + proxy: function( fn, context ) { + if ( typeof context === "string" ) { + var tmp = fn[ context ]; + context = fn; + fn = tmp; + } + + // Quick check to determine if target is callable, in the spec + // this throws a TypeError, but we will just return undefined. + if ( !jQuery.isFunction( fn ) ) { + return undefined; + } + + // Simulated bind + var args = slice.call( arguments, 2 ), + proxy = function() { + return fn.apply( context, args.concat( slice.call( arguments ) ) ); + }; + + // Set the guid of unique handler to the same of original handler, so it can be removed + proxy.guid = fn.guid = fn.guid || proxy.guid || jQuery.guid++; + + return proxy; + }, + + // Mutifunctional method to get and set values to a collection + // The value/s can optionally be executed if it's a function + access: function( elems, fn, key, value, chainable, emptyGet, pass ) { + var exec, + bulk = key == null, + i = 0, + length = elems.length; + + // Sets many values + if ( key && typeof key === "object" ) { + for ( i in key ) { + jQuery.access( elems, fn, i, key[i], 1, emptyGet, value ); + } + chainable = 1; + + // Sets one value + } else if ( value !== undefined ) { + // Optionally, function values get executed if exec is true + exec = pass === undefined && jQuery.isFunction( value ); + + if ( bulk ) { + // Bulk operations only iterate when executing function values + if ( exec ) { + exec = fn; + fn = function( elem, key, value ) { + return exec.call( jQuery( elem ), value ); + }; + + // Otherwise they run against the entire set + } else { + fn.call( elems, value ); + fn = null; + } + } + + if ( fn ) { + for (; i < length; i++ ) { + fn( elems[i], key, exec ? value.call( elems[i], i, fn( elems[i], key ) ) : value, pass ); + } + } + + chainable = 1; + } + + return chainable ? + elems : + + // Gets + bulk ? + fn.call( elems ) : + length ? fn( elems[0], key ) : emptyGet; + }, + + now: function() { + return ( new Date() ).getTime(); + }, + + // Use of jQuery.browser is frowned upon. + // More details: http://docs.jquery.com/Utilities/jQuery.browser + uaMatch: function( ua ) { + ua = ua.toLowerCase(); + + var match = rwebkit.exec( ua ) || + ropera.exec( ua ) || + rmsie.exec( ua ) || + ua.indexOf("compatible") < 0 && rmozilla.exec( ua ) || + []; + + return { browser: match[1] || "", version: match[2] || "0" }; + }, + + sub: function() { + function jQuerySub( selector, context ) { + return new jQuerySub.fn.init( selector, context ); + } + jQuery.extend( true, jQuerySub, this ); + jQuerySub.superclass = this; + jQuerySub.fn = jQuerySub.prototype = this(); + jQuerySub.fn.constructor = jQuerySub; + jQuerySub.sub = this.sub; + jQuerySub.fn.init = function init( selector, context ) { + if ( context && context instanceof jQuery && !(context instanceof jQuerySub) ) { + context = jQuerySub( context ); + } + + return jQuery.fn.init.call( this, selector, context, rootjQuerySub ); + }; + jQuerySub.fn.init.prototype = jQuerySub.fn; + var rootjQuerySub = jQuerySub(document); + return jQuerySub; + }, + + browser: {} +}); + +// Populate the class2type map +jQuery.each("Boolean Number String Function Array Date RegExp Object".split(" "), function(i, name) { + class2type[ "[object " + name + "]" ] = name.toLowerCase(); +}); + +browserMatch = jQuery.uaMatch( userAgent ); +if ( browserMatch.browser ) { + jQuery.browser[ browserMatch.browser ] = true; + jQuery.browser.version = browserMatch.version; +} + +// Deprecated, use jQuery.browser.webkit instead +if ( jQuery.browser.webkit ) { + jQuery.browser.safari = true; +} + +// IE doesn't match non-breaking spaces with \s +if ( rnotwhite.test( "\xA0" ) ) { + trimLeft = /^[\s\xA0]+/; + trimRight = /[\s\xA0]+$/; +} + +// All jQuery objects should point back to these +rootjQuery = jQuery(document); + +// Cleanup functions for the document ready method +if ( document.addEventListener ) { + DOMContentLoaded = function() { + document.removeEventListener( "DOMContentLoaded", DOMContentLoaded, false ); + jQuery.ready(); + }; + +} else if ( document.attachEvent ) { + DOMContentLoaded = function() { + // Make sure body exists, at least, in case IE gets a little overzealous (ticket #5443). + if ( document.readyState === "complete" ) { + document.detachEvent( "onreadystatechange", DOMContentLoaded ); + jQuery.ready(); + } + }; +} + +// The DOM ready check for Internet Explorer +function doScrollCheck() { + if ( jQuery.isReady ) { + return; + } + + try { + // If IE is used, use the trick by Diego Perini + // http://javascript.nwbox.com/IEContentLoaded/ + document.documentElement.doScroll("left"); + } catch(e) { + setTimeout( doScrollCheck, 1 ); + return; + } + + // and execute any waiting functions + jQuery.ready(); +} + +return jQuery; + +})(); + + +// String to Object flags format cache +var flagsCache = {}; + +// Convert String-formatted flags into Object-formatted ones and store in cache +function createFlags( flags ) { + var object = flagsCache[ flags ] = {}, + i, length; + flags = flags.split( /\s+/ ); + for ( i = 0, length = flags.length; i < length; i++ ) { + object[ flags[i] ] = true; + } + return object; +} + +/* + * Create a callback list using the following parameters: + * + * flags: an optional list of space-separated flags that will change how + * the callback list behaves + * + * By default a callback list will act like an event callback list and can be + * "fired" multiple times. + * + * Possible flags: + * + * once: will ensure the callback list can only be fired once (like a Deferred) + * + * memory: will keep track of previous values and will call any callback added + * after the list has been fired right away with the latest "memorized" + * values (like a Deferred) + * + * unique: will ensure a callback can only be added once (no duplicate in the list) + * + * stopOnFalse: interrupt callings when a callback returns false + * + */ +jQuery.Callbacks = function( flags ) { + + // Convert flags from String-formatted to Object-formatted + // (we check in cache first) + flags = flags ? ( flagsCache[ flags ] || createFlags( flags ) ) : {}; + + var // Actual callback list + list = [], + // Stack of fire calls for repeatable lists + stack = [], + // Last fire value (for non-forgettable lists) + memory, + // Flag to know if list was already fired + fired, + // Flag to know if list is currently firing + firing, + // First callback to fire (used internally by add and fireWith) + firingStart, + // End of the loop when firing + firingLength, + // Index of currently firing callback (modified by remove if needed) + firingIndex, + // Add one or several callbacks to the list + add = function( args ) { + var i, + length, + elem, + type, + actual; + for ( i = 0, length = args.length; i < length; i++ ) { + elem = args[ i ]; + type = jQuery.type( elem ); + if ( type === "array" ) { + // Inspect recursively + add( elem ); + } else if ( type === "function" ) { + // Add if not in unique mode and callback is not in + if ( !flags.unique || !self.has( elem ) ) { + list.push( elem ); + } + } + } + }, + // Fire callbacks + fire = function( context, args ) { + args = args || []; + memory = !flags.memory || [ context, args ]; + fired = true; + firing = true; + firingIndex = firingStart || 0; + firingStart = 0; + firingLength = list.length; + for ( ; list && firingIndex < firingLength; firingIndex++ ) { + if ( list[ firingIndex ].apply( context, args ) === false && flags.stopOnFalse ) { + memory = true; // Mark as halted + break; + } + } + firing = false; + if ( list ) { + if ( !flags.once ) { + if ( stack && stack.length ) { + memory = stack.shift(); + self.fireWith( memory[ 0 ], memory[ 1 ] ); + } + } else if ( memory === true ) { + self.disable(); + } else { + list = []; + } + } + }, + // Actual Callbacks object + self = { + // Add a callback or a collection of callbacks to the list + add: function() { + if ( list ) { + var length = list.length; + add( arguments ); + // Do we need to add the callbacks to the + // current firing batch? + if ( firing ) { + firingLength = list.length; + // With memory, if we're not firing then + // we should call right away, unless previous + // firing was halted (stopOnFalse) + } else if ( memory && memory !== true ) { + firingStart = length; + fire( memory[ 0 ], memory[ 1 ] ); + } + } + return this; + }, + // Remove a callback from the list + remove: function() { + if ( list ) { + var args = arguments, + argIndex = 0, + argLength = args.length; + for ( ; argIndex < argLength ; argIndex++ ) { + for ( var i = 0; i < list.length; i++ ) { + if ( args[ argIndex ] === list[ i ] ) { + // Handle firingIndex and firingLength + if ( firing ) { + if ( i <= firingLength ) { + firingLength--; + if ( i <= firingIndex ) { + firingIndex--; + } + } + } + // Remove the element + list.splice( i--, 1 ); + // If we have some unicity property then + // we only need to do this once + if ( flags.unique ) { + break; + } + } + } + } + } + return this; + }, + // Control if a given callback is in the list + has: function( fn ) { + if ( list ) { + var i = 0, + length = list.length; + for ( ; i < length; i++ ) { + if ( fn === list[ i ] ) { + return true; + } + } + } + return false; + }, + // Remove all callbacks from the list + empty: function() { + list = []; + return this; + }, + // Have the list do nothing anymore + disable: function() { + list = stack = memory = undefined; + return this; + }, + // Is it disabled? + disabled: function() { + return !list; + }, + // Lock the list in its current state + lock: function() { + stack = undefined; + if ( !memory || memory === true ) { + self.disable(); + } + return this; + }, + // Is it locked? + locked: function() { + return !stack; + }, + // Call all callbacks with the given context and arguments + fireWith: function( context, args ) { + if ( stack ) { + if ( firing ) { + if ( !flags.once ) { + stack.push( [ context, args ] ); + } + } else if ( !( flags.once && memory ) ) { + fire( context, args ); + } + } + return this; + }, + // Call all the callbacks with the given arguments + fire: function() { + self.fireWith( this, arguments ); + return this; + }, + // To know if the callbacks have already been called at least once + fired: function() { + return !!fired; + } + }; + + return self; +}; + + + + +var // Static reference to slice + sliceDeferred = [].slice; + +jQuery.extend({ + + Deferred: function( func ) { + var doneList = jQuery.Callbacks( "once memory" ), + failList = jQuery.Callbacks( "once memory" ), + progressList = jQuery.Callbacks( "memory" ), + state = "pending", + lists = { + resolve: doneList, + reject: failList, + notify: progressList + }, + promise = { + done: doneList.add, + fail: failList.add, + progress: progressList.add, + + state: function() { + return state; + }, + + // Deprecated + isResolved: doneList.fired, + isRejected: failList.fired, + + then: function( doneCallbacks, failCallbacks, progressCallbacks ) { + deferred.done( doneCallbacks ).fail( failCallbacks ).progress( progressCallbacks ); + return this; + }, + always: function() { + deferred.done.apply( deferred, arguments ).fail.apply( deferred, arguments ); + return this; + }, + pipe: function( fnDone, fnFail, fnProgress ) { + return jQuery.Deferred(function( newDefer ) { + jQuery.each( { + done: [ fnDone, "resolve" ], + fail: [ fnFail, "reject" ], + progress: [ fnProgress, "notify" ] + }, function( handler, data ) { + var fn = data[ 0 ], + action = data[ 1 ], + returned; + if ( jQuery.isFunction( fn ) ) { + deferred[ handler ](function() { + returned = fn.apply( this, arguments ); + if ( returned && jQuery.isFunction( returned.promise ) ) { + returned.promise().then( newDefer.resolve, newDefer.reject, newDefer.notify ); + } else { + newDefer[ action + "With" ]( this === deferred ? newDefer : this, [ returned ] ); + } + }); + } else { + deferred[ handler ]( newDefer[ action ] ); + } + }); + }).promise(); + }, + // Get a promise for this deferred + // If obj is provided, the promise aspect is added to the object + promise: function( obj ) { + if ( obj == null ) { + obj = promise; + } else { + for ( var key in promise ) { + obj[ key ] = promise[ key ]; + } + } + return obj; + } + }, + deferred = promise.promise({}), + key; + + for ( key in lists ) { + deferred[ key ] = lists[ key ].fire; + deferred[ key + "With" ] = lists[ key ].fireWith; + } + + // Handle state + deferred.done( function() { + state = "resolved"; + }, failList.disable, progressList.lock ).fail( function() { + state = "rejected"; + }, doneList.disable, progressList.lock ); + + // Call given func if any + if ( func ) { + func.call( deferred, deferred ); + } + + // All done! + return deferred; + }, + + // Deferred helper + when: function( firstParam ) { + var args = sliceDeferred.call( arguments, 0 ), + i = 0, + length = args.length, + pValues = new Array( length ), + count = length, + pCount = length, + deferred = length <= 1 && firstParam && jQuery.isFunction( firstParam.promise ) ? + firstParam : + jQuery.Deferred(), + promise = deferred.promise(); + function resolveFunc( i ) { + return function( value ) { + args[ i ] = arguments.length > 1 ? sliceDeferred.call( arguments, 0 ) : value; + if ( !( --count ) ) { + deferred.resolveWith( deferred, args ); + } + }; + } + function progressFunc( i ) { + return function( value ) { + pValues[ i ] = arguments.length > 1 ? sliceDeferred.call( arguments, 0 ) : value; + deferred.notifyWith( promise, pValues ); + }; + } + if ( length > 1 ) { + for ( ; i < length; i++ ) { + if ( args[ i ] && args[ i ].promise && jQuery.isFunction( args[ i ].promise ) ) { + args[ i ].promise().then( resolveFunc(i), deferred.reject, progressFunc(i) ); + } else { + --count; + } + } + if ( !count ) { + deferred.resolveWith( deferred, args ); + } + } else if ( deferred !== firstParam ) { + deferred.resolveWith( deferred, length ? [ firstParam ] : [] ); + } + return promise; + } +}); + + + + +jQuery.support = (function() { + + var support, + all, + a, + select, + opt, + input, + fragment, + tds, + events, + eventName, + i, + isSupported, + div = document.createElement( "div" ), + documentElement = document.documentElement; + + // Preliminary tests + div.setAttribute("className", "t"); + div.innerHTML = " <link/><table></table><a href='/a' style='top:1px;float:left;opacity:.55;'>a</a><input type='checkbox'/>"; + + all = div.getElementsByTagName( "*" ); + a = div.getElementsByTagName( "a" )[ 0 ]; + + // Can't get basic test support + if ( !all || !all.length || !a ) { + return {}; + } + + // First batch of supports tests + select = document.createElement( "select" ); + opt = select.appendChild( document.createElement("option") ); + input = div.getElementsByTagName( "input" )[ 0 ]; + + support = { + // IE strips leading whitespace when .innerHTML is used + leadingWhitespace: ( div.firstChild.nodeType === 3 ), + + // Make sure that tbody elements aren't automatically inserted + // IE will insert them into empty tables + tbody: !div.getElementsByTagName("tbody").length, + + // Make sure that link elements get serialized correctly by innerHTML + // This requires a wrapper element in IE + htmlSerialize: !!div.getElementsByTagName("link").length, + + // Get the style information from getAttribute + // (IE uses .cssText instead) + style: /top/.test( a.getAttribute("style") ), + + // Make sure that URLs aren't manipulated + // (IE normalizes it by default) + hrefNormalized: ( a.getAttribute("href") === "/a" ), + + // Make sure that element opacity exists + // (IE uses filter instead) + // Use a regex to work around a WebKit issue. See #5145 + opacity: /^0.55/.test( a.style.opacity ), + + // Verify style float existence + // (IE uses styleFloat instead of cssFloat) + cssFloat: !!a.style.cssFloat, + + // Make sure that if no value is specified for a checkbox + // that it defaults to "on". + // (WebKit defaults to "" instead) + checkOn: ( input.value === "on" ), + + // Make sure that a selected-by-default option has a working selected property. + // (WebKit defaults to false instead of true, IE too, if it's in an optgroup) + optSelected: opt.selected, + + // Test setAttribute on camelCase class. If it works, we need attrFixes when doing get/setAttribute (ie6/7) + getSetAttribute: div.className !== "t", + + // Tests for enctype support on a form(#6743) + enctype: !!document.createElement("form").enctype, + + // Makes sure cloning an html5 element does not cause problems + // Where outerHTML is undefined, this still works + html5Clone: document.createElement("nav").cloneNode( true ).outerHTML !== "<:nav></:nav>", + + // Will be defined later + submitBubbles: true, + changeBubbles: true, + focusinBubbles: false, + deleteExpando: true, + noCloneEvent: true, + inlineBlockNeedsLayout: false, + shrinkWrapBlocks: false, + reliableMarginRight: true, + pixelMargin: true + }; + + // jQuery.boxModel DEPRECATED in 1.3, use jQuery.support.boxModel instead + jQuery.boxModel = support.boxModel = (document.compatMode === "CSS1Compat"); + + // Make sure checked status is properly cloned + input.checked = true; + support.noCloneChecked = input.cloneNode( true ).checked; + + // Make sure that the options inside disabled selects aren't marked as disabled + // (WebKit marks them as disabled) + select.disabled = true; + support.optDisabled = !opt.disabled; + + // Test to see if it's possible to delete an expando from an element + // Fails in Internet Explorer + try { + delete div.test; + } catch( e ) { + support.deleteExpando = false; + } + + if ( !div.addEventListener && div.attachEvent && div.fireEvent ) { + div.attachEvent( "onclick", function() { + // Cloning a node shouldn't copy over any + // bound event handlers (IE does this) + support.noCloneEvent = false; + }); + div.cloneNode( true ).fireEvent( "onclick" ); + } + + // Check if a radio maintains its value + // after being appended to the DOM + input = document.createElement("input"); + input.value = "t"; + input.setAttribute("type", "radio"); + support.radioValue = input.value === "t"; + + input.setAttribute("checked", "checked"); + + // #11217 - WebKit loses check when the name is after the checked attribute + input.setAttribute( "name", "t" ); + + div.appendChild( input ); + fragment = document.createDocumentFragment(); + fragment.appendChild( div.lastChild ); + + // WebKit doesn't clone checked state correctly in fragments + support.checkClone = fragment.cloneNode( true ).cloneNode( true ).lastChild.checked; + + // Check if a disconnected checkbox will retain its checked + // value of true after appended to the DOM (IE6/7) + support.appendChecked = input.checked; + + fragment.removeChild( input ); + fragment.appendChild( div ); + + // Technique from Juriy Zaytsev + // http://perfectionkills.com/detecting-event-support-without-browser-sniffing/ + // We only care about the case where non-standard event systems + // are used, namely in IE. Short-circuiting here helps us to + // avoid an eval call (in setAttribute) which can cause CSP + // to go haywire. See: https://developer.mozilla.org/en/Security/CSP + if ( div.attachEvent ) { + for ( i in { + submit: 1, + change: 1, + focusin: 1 + }) { + eventName = "on" + i; + isSupported = ( eventName in div ); + if ( !isSupported ) { + div.setAttribute( eventName, "return;" ); + isSupported = ( typeof div[ eventName ] === "function" ); + } + support[ i + "Bubbles" ] = isSupported; + } + } + + fragment.removeChild( div ); + + // Null elements to avoid leaks in IE + fragment = select = opt = div = input = null; + + // Run tests that need a body at doc ready + jQuery(function() { + var container, outer, inner, table, td, offsetSupport, + marginDiv, conMarginTop, style, html, positionTopLeftWidthHeight, + paddingMarginBorderVisibility, paddingMarginBorder, + body = document.getElementsByTagName("body")[0]; + + if ( !body ) { + // Return for frameset docs that don't have a body + return; + } + + conMarginTop = 1; + paddingMarginBorder = "padding:0;margin:0;border:"; + positionTopLeftWidthHeight = "position:absolute;top:0;left:0;width:1px;height:1px;"; + paddingMarginBorderVisibility = paddingMarginBorder + "0;visibility:hidden;"; + style = "style='" + positionTopLeftWidthHeight + paddingMarginBorder + "5px solid #000;"; + html = "<div " + style + "display:block;'><div style='" + paddingMarginBorder + "0;display:block;overflow:hidden;'></div></div>" + + "<table " + style + "' cellpadding='0' cellspacing='0'>" + + "<tr><td></td></tr></table>"; + + container = document.createElement("div"); + container.style.cssText = paddingMarginBorderVisibility + "width:0;height:0;position:static;top:0;margin-top:" + conMarginTop + "px"; + body.insertBefore( container, body.firstChild ); + + // Construct the test element + div = document.createElement("div"); + container.appendChild( div ); + + // Check if table cells still have offsetWidth/Height when they are set + // to display:none and there are still other visible table cells in a + // table row; if so, offsetWidth/Height are not reliable for use when + // determining if an element has been hidden directly using + // display:none (it is still safe to use offsets if a parent element is + // hidden; don safety goggles and see bug #4512 for more information). + // (only IE 8 fails this test) + div.innerHTML = "<table><tr><td style='" + paddingMarginBorder + "0;display:none'></td><td>t</td></tr></table>"; + tds = div.getElementsByTagName( "td" ); + isSupported = ( tds[ 0 ].offsetHeight === 0 ); + + tds[ 0 ].style.display = ""; + tds[ 1 ].style.display = "none"; + + // Check if empty table cells still have offsetWidth/Height + // (IE <= 8 fail this test) + support.reliableHiddenOffsets = isSupported && ( tds[ 0 ].offsetHeight === 0 ); + + // Check if div with explicit width and no margin-right incorrectly + // gets computed margin-right based on width of container. For more + // info see bug #3333 + // Fails in WebKit before Feb 2011 nightlies + // WebKit Bug 13343 - getComputedStyle returns wrong value for margin-right + if ( window.getComputedStyle ) { + div.innerHTML = ""; + marginDiv = document.createElement( "div" ); + marginDiv.style.width = "0"; + marginDiv.style.marginRight = "0"; + div.style.width = "2px"; + div.appendChild( marginDiv ); + support.reliableMarginRight = + ( parseInt( ( window.getComputedStyle( marginDiv, null ) || { marginRight: 0 } ).marginRight, 10 ) || 0 ) === 0; + } + + if ( typeof div.style.zoom !== "undefined" ) { + // Check if natively block-level elements act like inline-block + // elements when setting their display to 'inline' and giving + // them layout + // (IE < 8 does this) + div.innerHTML = ""; + div.style.width = div.style.padding = "1px"; + div.style.border = 0; + div.style.overflow = "hidden"; + div.style.display = "inline"; + div.style.zoom = 1; + support.inlineBlockNeedsLayout = ( div.offsetWidth === 3 ); + + // Check if elements with layout shrink-wrap their children + // (IE 6 does this) + div.style.display = "block"; + div.style.overflow = "visible"; + div.innerHTML = "<div style='width:5px;'></div>"; + support.shrinkWrapBlocks = ( div.offsetWidth !== 3 ); + } + + div.style.cssText = positionTopLeftWidthHeight + paddingMarginBorderVisibility; + div.innerHTML = html; + + outer = div.firstChild; + inner = outer.firstChild; + td = outer.nextSibling.firstChild.firstChild; + + offsetSupport = { + doesNotAddBorder: ( inner.offsetTop !== 5 ), + doesAddBorderForTableAndCells: ( td.offsetTop === 5 ) + }; + + inner.style.position = "fixed"; + inner.style.top = "20px"; + + // safari subtracts parent border width here which is 5px + offsetSupport.fixedPosition = ( inner.offsetTop === 20 || inner.offsetTop === 15 ); + inner.style.position = inner.style.top = ""; + + outer.style.overflow = "hidden"; + outer.style.position = "relative"; + + offsetSupport.subtractsBorderForOverflowNotVisible = ( inner.offsetTop === -5 ); + offsetSupport.doesNotIncludeMarginInBodyOffset = ( body.offsetTop !== conMarginTop ); + + if ( window.getComputedStyle ) { + div.style.marginTop = "1%"; + support.pixelMargin = ( window.getComputedStyle( div, null ) || { marginTop: 0 } ).marginTop !== "1%"; + } + + if ( typeof container.style.zoom !== "undefined" ) { + container.style.zoom = 1; + } + + body.removeChild( container ); + marginDiv = div = container = null; + + jQuery.extend( support, offsetSupport ); + }); + + return support; +})(); + + + + +var rbrace = /^(?:\{.*\}|\[.*\])$/, + rmultiDash = /([A-Z])/g; + +jQuery.extend({ + cache: {}, + + // Please use with caution + uuid: 0, + + // Unique for each copy of jQuery on the page + // Non-digits removed to match rinlinejQuery + expando: "jQuery" + ( jQuery.fn.jquery + Math.random() ).replace( /\D/g, "" ), + + // The following elements throw uncatchable exceptions if you + // attempt to add expando properties to them. + noData: { + "embed": true, + // Ban all objects except for Flash (which handle expandos) + "object": "clsid:D27CDB6E-AE6D-11cf-96B8-444553540000", + "applet": true + }, + + hasData: function( elem ) { + elem = elem.nodeType ? jQuery.cache[ elem[jQuery.expando] ] : elem[ jQuery.expando ]; + return !!elem && !isEmptyDataObject( elem ); + }, + + data: function( elem, name, data, pvt /* Internal Use Only */ ) { + if ( !jQuery.acceptData( elem ) ) { + return; + } + + var privateCache, thisCache, ret, + internalKey = jQuery.expando, + getByName = typeof name === "string", + + // We have to handle DOM nodes and JS objects differently because IE6-7 + // can't GC object references properly across the DOM-JS boundary + isNode = elem.nodeType, + + // Only DOM nodes need the global jQuery cache; JS object data is + // attached directly to the object so GC can occur automatically + cache = isNode ? jQuery.cache : elem, + + // Only defining an ID for JS objects if its cache already exists allows + // the code to shortcut on the same path as a DOM node with no cache + id = isNode ? elem[ internalKey ] : elem[ internalKey ] && internalKey, + isEvents = name === "events"; + + // Avoid doing any more work than we need to when trying to get data on an + // object that has no data at all + if ( (!id || !cache[id] || (!isEvents && !pvt && !cache[id].data)) && getByName && data === undefined ) { + return; + } + + if ( !id ) { + // Only DOM nodes need a new unique ID for each element since their data + // ends up in the global cache + if ( isNode ) { + elem[ internalKey ] = id = ++jQuery.uuid; + } else { + id = internalKey; + } + } + + if ( !cache[ id ] ) { + cache[ id ] = {}; + + // Avoids exposing jQuery metadata on plain JS objects when the object + // is serialized using JSON.stringify + if ( !isNode ) { + cache[ id ].toJSON = jQuery.noop; + } + } + + // An object can be passed to jQuery.data instead of a key/value pair; this gets + // shallow copied over onto the existing cache + if ( typeof name === "object" || typeof name === "function" ) { + if ( pvt ) { + cache[ id ] = jQuery.extend( cache[ id ], name ); + } else { + cache[ id ].data = jQuery.extend( cache[ id ].data, name ); + } + } + + privateCache = thisCache = cache[ id ]; + + // jQuery data() is stored in a separate object inside the object's internal data + // cache in order to avoid key collisions between internal data and user-defined + // data. + if ( !pvt ) { + if ( !thisCache.data ) { + thisCache.data = {}; + } + + thisCache = thisCache.data; + } + + if ( data !== undefined ) { + thisCache[ jQuery.camelCase( name ) ] = data; + } + + // Users should not attempt to inspect the internal events object using jQuery.data, + // it is undocumented and subject to change. But does anyone listen? No. + if ( isEvents && !thisCache[ name ] ) { + return privateCache.events; + } + + // Check for both converted-to-camel and non-converted data property names + // If a data property was specified + if ( getByName ) { + + // First Try to find as-is property data + ret = thisCache[ name ]; + + // Test for null|undefined property data + if ( ret == null ) { + + // Try to find the camelCased property + ret = thisCache[ jQuery.camelCase( name ) ]; + } + } else { + ret = thisCache; + } + + return ret; + }, + + removeData: function( elem, name, pvt /* Internal Use Only */ ) { + if ( !jQuery.acceptData( elem ) ) { + return; + } + + var thisCache, i, l, + + // Reference to internal data cache key + internalKey = jQuery.expando, + + isNode = elem.nodeType, + + // See jQuery.data for more information + cache = isNode ? jQuery.cache : elem, + + // See jQuery.data for more information + id = isNode ? elem[ internalKey ] : internalKey; + + // If there is already no cache entry for this object, there is no + // purpose in continuing + if ( !cache[ id ] ) { + return; + } + + if ( name ) { + + thisCache = pvt ? cache[ id ] : cache[ id ].data; + + if ( thisCache ) { + + // Support array or space separated string names for data keys + if ( !jQuery.isArray( name ) ) { + + // try the string as a key before any manipulation + if ( name in thisCache ) { + name = [ name ]; + } else { + + // split the camel cased version by spaces unless a key with the spaces exists + name = jQuery.camelCase( name ); + if ( name in thisCache ) { + name = [ name ]; + } else { + name = name.split( " " ); + } + } + } + + for ( i = 0, l = name.length; i < l; i++ ) { + delete thisCache[ name[i] ]; + } + + // If there is no data left in the cache, we want to continue + // and let the cache object itself get destroyed + if ( !( pvt ? isEmptyDataObject : jQuery.isEmptyObject )( thisCache ) ) { + return; + } + } + } + + // See jQuery.data for more information + if ( !pvt ) { + delete cache[ id ].data; + + // Don't destroy the parent cache unless the internal data object + // had been the only thing left in it + if ( !isEmptyDataObject(cache[ id ]) ) { + return; + } + } + + // Browsers that fail expando deletion also refuse to delete expandos on + // the window, but it will allow it on all other JS objects; other browsers + // don't care + // Ensure that `cache` is not a window object #10080 + if ( jQuery.support.deleteExpando || !cache.setInterval ) { + delete cache[ id ]; + } else { + cache[ id ] = null; + } + + // We destroyed the cache and need to eliminate the expando on the node to avoid + // false lookups in the cache for entries that no longer exist + if ( isNode ) { + // IE does not allow us to delete expando properties from nodes, + // nor does it have a removeAttribute function on Document nodes; + // we must handle all of these cases + if ( jQuery.support.deleteExpando ) { + delete elem[ internalKey ]; + } else if ( elem.removeAttribute ) { + elem.removeAttribute( internalKey ); + } else { + elem[ internalKey ] = null; + } + } + }, + + // For internal use only. + _data: function( elem, name, data ) { + return jQuery.data( elem, name, data, true ); + }, + + // A method for determining if a DOM node can handle the data expando + acceptData: function( elem ) { + if ( elem.nodeName ) { + var match = jQuery.noData[ elem.nodeName.toLowerCase() ]; + + if ( match ) { + return !(match === true || elem.getAttribute("classid") !== match); + } + } + + return true; + } +}); + +jQuery.fn.extend({ + data: function( key, value ) { + var parts, part, attr, name, l, + elem = this[0], + i = 0, + data = null; + + // Gets all values + if ( key === undefined ) { + if ( this.length ) { + data = jQuery.data( elem ); + + if ( elem.nodeType === 1 && !jQuery._data( elem, "parsedAttrs" ) ) { + attr = elem.attributes; + for ( l = attr.length; i < l; i++ ) { + name = attr[i].name; + + if ( name.indexOf( "data-" ) === 0 ) { + name = jQuery.camelCase( name.substring(5) ); + + dataAttr( elem, name, data[ name ] ); + } + } + jQuery._data( elem, "parsedAttrs", true ); + } + } + + return data; + } + + // Sets multiple values + if ( typeof key === "object" ) { + return this.each(function() { + jQuery.data( this, key ); + }); + } + + parts = key.split( ".", 2 ); + parts[1] = parts[1] ? "." + parts[1] : ""; + part = parts[1] + "!"; + + return jQuery.access( this, function( value ) { + + if ( value === undefined ) { + data = this.triggerHandler( "getData" + part, [ parts[0] ] ); + + // Try to fetch any internally stored data first + if ( data === undefined && elem ) { + data = jQuery.data( elem, key ); + data = dataAttr( elem, key, data ); + } + + return data === undefined && parts[1] ? + this.data( parts[0] ) : + data; + } + + parts[1] = value; + this.each(function() { + var self = jQuery( this ); + + self.triggerHandler( "setData" + part, parts ); + jQuery.data( this, key, value ); + self.triggerHandler( "changeData" + part, parts ); + }); + }, null, value, arguments.length > 1, null, false ); + }, + + removeData: function( key ) { + return this.each(function() { + jQuery.removeData( this, key ); + }); + } +}); + +function dataAttr( elem, key, data ) { + // If nothing was found internally, try to fetch any + // data from the HTML5 data-* attribute + if ( data === undefined && elem.nodeType === 1 ) { + + var name = "data-" + key.replace( rmultiDash, "-$1" ).toLowerCase(); + + data = elem.getAttribute( name ); + + if ( typeof data === "string" ) { + try { + data = data === "true" ? true : + data === "false" ? false : + data === "null" ? null : + jQuery.isNumeric( data ) ? +data : + rbrace.test( data ) ? jQuery.parseJSON( data ) : + data; + } catch( e ) {} + + // Make sure we set the data so it isn't changed later + jQuery.data( elem, key, data ); + + } else { + data = undefined; + } + } + + return data; +} + +// checks a cache object for emptiness +function isEmptyDataObject( obj ) { + for ( var name in obj ) { + + // if the public data object is empty, the private is still empty + if ( name === "data" && jQuery.isEmptyObject( obj[name] ) ) { + continue; + } + if ( name !== "toJSON" ) { + return false; + } + } + + return true; +} + + + + +function handleQueueMarkDefer( elem, type, src ) { + var deferDataKey = type + "defer", + queueDataKey = type + "queue", + markDataKey = type + "mark", + defer = jQuery._data( elem, deferDataKey ); + if ( defer && + ( src === "queue" || !jQuery._data(elem, queueDataKey) ) && + ( src === "mark" || !jQuery._data(elem, markDataKey) ) ) { + // Give room for hard-coded callbacks to fire first + // and eventually mark/queue something else on the element + setTimeout( function() { + if ( !jQuery._data( elem, queueDataKey ) && + !jQuery._data( elem, markDataKey ) ) { + jQuery.removeData( elem, deferDataKey, true ); + defer.fire(); + } + }, 0 ); + } +} + +jQuery.extend({ + + _mark: function( elem, type ) { + if ( elem ) { + type = ( type || "fx" ) + "mark"; + jQuery._data( elem, type, (jQuery._data( elem, type ) || 0) + 1 ); + } + }, + + _unmark: function( force, elem, type ) { + if ( force !== true ) { + type = elem; + elem = force; + force = false; + } + if ( elem ) { + type = type || "fx"; + var key = type + "mark", + count = force ? 0 : ( (jQuery._data( elem, key ) || 1) - 1 ); + if ( count ) { + jQuery._data( elem, key, count ); + } else { + jQuery.removeData( elem, key, true ); + handleQueueMarkDefer( elem, type, "mark" ); + } + } + }, + + queue: function( elem, type, data ) { + var q; + if ( elem ) { + type = ( type || "fx" ) + "queue"; + q = jQuery._data( elem, type ); + + // Speed up dequeue by getting out quickly if this is just a lookup + if ( data ) { + if ( !q || jQuery.isArray(data) ) { + q = jQuery._data( elem, type, jQuery.makeArray(data) ); + } else { + q.push( data ); + } + } + return q || []; + } + }, + + dequeue: function( elem, type ) { + type = type || "fx"; + + var queue = jQuery.queue( elem, type ), + fn = queue.shift(), + hooks = {}; + + // If the fx queue is dequeued, always remove the progress sentinel + if ( fn === "inprogress" ) { + fn = queue.shift(); + } + + if ( fn ) { + // Add a progress sentinel to prevent the fx queue from being + // automatically dequeued + if ( type === "fx" ) { + queue.unshift( "inprogress" ); + } + + jQuery._data( elem, type + ".run", hooks ); + fn.call( elem, function() { + jQuery.dequeue( elem, type ); + }, hooks ); + } + + if ( !queue.length ) { + jQuery.removeData( elem, type + "queue " + type + ".run", true ); + handleQueueMarkDefer( elem, type, "queue" ); + } + } +}); + +jQuery.fn.extend({ + queue: function( type, data ) { + var setter = 2; + + if ( typeof type !== "string" ) { + data = type; + type = "fx"; + setter--; + } + + if ( arguments.length < setter ) { + return jQuery.queue( this[0], type ); + } + + return data === undefined ? + this : + this.each(function() { + var queue = jQuery.queue( this, type, data ); + + if ( type === "fx" && queue[0] !== "inprogress" ) { + jQuery.dequeue( this, type ); + } + }); + }, + dequeue: function( type ) { + return this.each(function() { + jQuery.dequeue( this, type ); + }); + }, + // Based off of the plugin by Clint Helfers, with permission. + // http://blindsignals.com/index.php/2009/07/jquery-delay/ + delay: function( time, type ) { + time = jQuery.fx ? jQuery.fx.speeds[ time ] || time : time; + type = type || "fx"; + + return this.queue( type, function( next, hooks ) { + var timeout = setTimeout( next, time ); + hooks.stop = function() { + clearTimeout( timeout ); + }; + }); + }, + clearQueue: function( type ) { + return this.queue( type || "fx", [] ); + }, + // Get a promise resolved when queues of a certain type + // are emptied (fx is the type by default) + promise: function( type, object ) { + if ( typeof type !== "string" ) { + object = type; + type = undefined; + } + type = type || "fx"; + var defer = jQuery.Deferred(), + elements = this, + i = elements.length, + count = 1, + deferDataKey = type + "defer", + queueDataKey = type + "queue", + markDataKey = type + "mark", + tmp; + function resolve() { + if ( !( --count ) ) { + defer.resolveWith( elements, [ elements ] ); + } + } + while( i-- ) { + if (( tmp = jQuery.data( elements[ i ], deferDataKey, undefined, true ) || + ( jQuery.data( elements[ i ], queueDataKey, undefined, true ) || + jQuery.data( elements[ i ], markDataKey, undefined, true ) ) && + jQuery.data( elements[ i ], deferDataKey, jQuery.Callbacks( "once memory" ), true ) )) { + count++; + tmp.add( resolve ); + } + } + resolve(); + return defer.promise( object ); + } +}); + + + + +var rclass = /[\n\t\r]/g, + rspace = /\s+/, + rreturn = /\r/g, + rtype = /^(?:button|input)$/i, + rfocusable = /^(?:button|input|object|select|textarea)$/i, + rclickable = /^a(?:rea)?$/i, + rboolean = /^(?:autofocus|autoplay|async|checked|controls|defer|disabled|hidden|loop|multiple|open|readonly|required|scoped|selected)$/i, + getSetAttribute = jQuery.support.getSetAttribute, + nodeHook, boolHook, fixSpecified; + +jQuery.fn.extend({ + attr: function( name, value ) { + return jQuery.access( this, jQuery.attr, name, value, arguments.length > 1 ); + }, + + removeAttr: function( name ) { + return this.each(function() { + jQuery.removeAttr( this, name ); + }); + }, + + prop: function( name, value ) { + return jQuery.access( this, jQuery.prop, name, value, arguments.length > 1 ); + }, + + removeProp: function( name ) { + name = jQuery.propFix[ name ] || name; + return this.each(function() { + // try/catch handles cases where IE balks (such as removing a property on window) + try { + this[ name ] = undefined; + delete this[ name ]; + } catch( e ) {} + }); + }, + + addClass: function( value ) { + var classNames, i, l, elem, + setClass, c, cl; + + if ( jQuery.isFunction( value ) ) { + return this.each(function( j ) { + jQuery( this ).addClass( value.call(this, j, this.className) ); + }); + } + + if ( value && typeof value === "string" ) { + classNames = value.split( rspace ); + + for ( i = 0, l = this.length; i < l; i++ ) { + elem = this[ i ]; + + if ( elem.nodeType === 1 ) { + if ( !elem.className && classNames.length === 1 ) { + elem.className = value; + + } else { + setClass = " " + elem.className + " "; + + for ( c = 0, cl = classNames.length; c < cl; c++ ) { + if ( !~setClass.indexOf( " " + classNames[ c ] + " " ) ) { + setClass += classNames[ c ] + " "; + } + } + elem.className = jQuery.trim( setClass ); + } + } + } + } + + return this; + }, + + removeClass: function( value ) { + var classNames, i, l, elem, className, c, cl; + + if ( jQuery.isFunction( value ) ) { + return this.each(function( j ) { + jQuery( this ).removeClass( value.call(this, j, this.className) ); + }); + } + + if ( (value && typeof value === "string") || value === undefined ) { + classNames = ( value || "" ).split( rspace ); + + for ( i = 0, l = this.length; i < l; i++ ) { + elem = this[ i ]; + + if ( elem.nodeType === 1 && elem.className ) { + if ( value ) { + className = (" " + elem.className + " ").replace( rclass, " " ); + for ( c = 0, cl = classNames.length; c < cl; c++ ) { + className = className.replace(" " + classNames[ c ] + " ", " "); + } + elem.className = jQuery.trim( className ); + + } else { + elem.className = ""; + } + } + } + } + + return this; + }, + + toggleClass: function( value, stateVal ) { + var type = typeof value, + isBool = typeof stateVal === "boolean"; + + if ( jQuery.isFunction( value ) ) { + return this.each(function( i ) { + jQuery( this ).toggleClass( value.call(this, i, this.className, stateVal), stateVal ); + }); + } + + return this.each(function() { + if ( type === "string" ) { + // toggle individual class names + var className, + i = 0, + self = jQuery( this ), + state = stateVal, + classNames = value.split( rspace ); + + while ( (className = classNames[ i++ ]) ) { + // check each className given, space seperated list + state = isBool ? state : !self.hasClass( className ); + self[ state ? "addClass" : "removeClass" ]( className ); + } + + } else if ( type === "undefined" || type === "boolean" ) { + if ( this.className ) { + // store className if set + jQuery._data( this, "__className__", this.className ); + } + + // toggle whole className + this.className = this.className || value === false ? "" : jQuery._data( this, "__className__" ) || ""; + } + }); + }, + + hasClass: function( selector ) { + var className = " " + selector + " ", + i = 0, + l = this.length; + for ( ; i < l; i++ ) { + if ( this[i].nodeType === 1 && (" " + this[i].className + " ").replace(rclass, " ").indexOf( className ) > -1 ) { + return true; + } + } + + return false; + }, + + val: function( value ) { + var hooks, ret, isFunction, + elem = this[0]; + + if ( !arguments.length ) { + if ( elem ) { + hooks = jQuery.valHooks[ elem.type ] || jQuery.valHooks[ elem.nodeName.toLowerCase() ]; + + if ( hooks && "get" in hooks && (ret = hooks.get( elem, "value" )) !== undefined ) { + return ret; + } + + ret = elem.value; + + return typeof ret === "string" ? + // handle most common string cases + ret.replace(rreturn, "") : + // handle cases where value is null/undef or number + ret == null ? "" : ret; + } + + return; + } + + isFunction = jQuery.isFunction( value ); + + return this.each(function( i ) { + var self = jQuery(this), val; + + if ( this.nodeType !== 1 ) { + return; + } + + if ( isFunction ) { + val = value.call( this, i, self.val() ); + } else { + val = value; + } + + // Treat null/undefined as ""; convert numbers to string + if ( val == null ) { + val = ""; + } else if ( typeof val === "number" ) { + val += ""; + } else if ( jQuery.isArray( val ) ) { + val = jQuery.map(val, function ( value ) { + return value == null ? "" : value + ""; + }); + } + + hooks = jQuery.valHooks[ this.type ] || jQuery.valHooks[ this.nodeName.toLowerCase() ]; + + // If set returns undefined, fall back to normal setting + if ( !hooks || !("set" in hooks) || hooks.set( this, val, "value" ) === undefined ) { + this.value = val; + } + }); + } +}); + +jQuery.extend({ + valHooks: { + option: { + get: function( elem ) { + // attributes.value is undefined in Blackberry 4.7 but + // uses .value. See #6932 + var val = elem.attributes.value; + return !val || val.specified ? elem.value : elem.text; + } + }, + select: { + get: function( elem ) { + var value, i, max, option, + index = elem.selectedIndex, + values = [], + options = elem.options, + one = elem.type === "select-one"; + + // Nothing was selected + if ( index < 0 ) { + return null; + } + + // Loop through all the selected options + i = one ? index : 0; + max = one ? index + 1 : options.length; + for ( ; i < max; i++ ) { + option = options[ i ]; + + // Don't return options that are disabled or in a disabled optgroup + if ( option.selected && (jQuery.support.optDisabled ? !option.disabled : option.getAttribute("disabled") === null) && + (!option.parentNode.disabled || !jQuery.nodeName( option.parentNode, "optgroup" )) ) { + + // Get the specific value for the option + value = jQuery( option ).val(); + + // We don't need an array for one selects + if ( one ) { + return value; + } + + // Multi-Selects return an array + values.push( value ); + } + } + + // Fixes Bug #2551 -- select.val() broken in IE after form.reset() + if ( one && !values.length && options.length ) { + return jQuery( options[ index ] ).val(); + } + + return values; + }, + + set: function( elem, value ) { + var values = jQuery.makeArray( value ); + + jQuery(elem).find("option").each(function() { + this.selected = jQuery.inArray( jQuery(this).val(), values ) >= 0; + }); + + if ( !values.length ) { + elem.selectedIndex = -1; + } + return values; + } + } + }, + + attrFn: { + val: true, + css: true, + html: true, + text: true, + data: true, + width: true, + height: true, + offset: true + }, + + attr: function( elem, name, value, pass ) { + var ret, hooks, notxml, + nType = elem.nodeType; + + // don't get/set attributes on text, comment and attribute nodes + if ( !elem || nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + if ( pass && name in jQuery.attrFn ) { + return jQuery( elem )[ name ]( value ); + } + + // Fallback to prop when attributes are not supported + if ( typeof elem.getAttribute === "undefined" ) { + return jQuery.prop( elem, name, value ); + } + + notxml = nType !== 1 || !jQuery.isXMLDoc( elem ); + + // All attributes are lowercase + // Grab necessary hook if one is defined + if ( notxml ) { + name = name.toLowerCase(); + hooks = jQuery.attrHooks[ name ] || ( rboolean.test( name ) ? boolHook : nodeHook ); + } + + if ( value !== undefined ) { + + if ( value === null ) { + jQuery.removeAttr( elem, name ); + return; + + } else if ( hooks && "set" in hooks && notxml && (ret = hooks.set( elem, value, name )) !== undefined ) { + return ret; + + } else { + elem.setAttribute( name, "" + value ); + return value; + } + + } else if ( hooks && "get" in hooks && notxml && (ret = hooks.get( elem, name )) !== null ) { + return ret; + + } else { + + ret = elem.getAttribute( name ); + + // Non-existent attributes return null, we normalize to undefined + return ret === null ? + undefined : + ret; + } + }, + + removeAttr: function( elem, value ) { + var propName, attrNames, name, l, isBool, + i = 0; + + if ( value && elem.nodeType === 1 ) { + attrNames = value.toLowerCase().split( rspace ); + l = attrNames.length; + + for ( ; i < l; i++ ) { + name = attrNames[ i ]; + + if ( name ) { + propName = jQuery.propFix[ name ] || name; + isBool = rboolean.test( name ); + + // See #9699 for explanation of this approach (setting first, then removal) + // Do not do this for boolean attributes (see #10870) + if ( !isBool ) { + jQuery.attr( elem, name, "" ); + } + elem.removeAttribute( getSetAttribute ? name : propName ); + + // Set corresponding property to false for boolean attributes + if ( isBool && propName in elem ) { + elem[ propName ] = false; + } + } + } + } + }, + + attrHooks: { + type: { + set: function( elem, value ) { + // We can't allow the type property to be changed (since it causes problems in IE) + if ( rtype.test( elem.nodeName ) && elem.parentNode ) { + jQuery.error( "type property can't be changed" ); + } else if ( !jQuery.support.radioValue && value === "radio" && jQuery.nodeName(elem, "input") ) { + // Setting the type on a radio button after the value resets the value in IE6-9 + // Reset value to it's default in case type is set after value + // This is for element creation + var val = elem.value; + elem.setAttribute( "type", value ); + if ( val ) { + elem.value = val; + } + return value; + } + } + }, + // Use the value property for back compat + // Use the nodeHook for button elements in IE6/7 (#1954) + value: { + get: function( elem, name ) { + if ( nodeHook && jQuery.nodeName( elem, "button" ) ) { + return nodeHook.get( elem, name ); + } + return name in elem ? + elem.value : + null; + }, + set: function( elem, value, name ) { + if ( nodeHook && jQuery.nodeName( elem, "button" ) ) { + return nodeHook.set( elem, value, name ); + } + // Does not return so that setAttribute is also used + elem.value = value; + } + } + }, + + propFix: { + tabindex: "tabIndex", + readonly: "readOnly", + "for": "htmlFor", + "class": "className", + maxlength: "maxLength", + cellspacing: "cellSpacing", + cellpadding: "cellPadding", + rowspan: "rowSpan", + colspan: "colSpan", + usemap: "useMap", + frameborder: "frameBorder", + contenteditable: "contentEditable" + }, + + prop: function( elem, name, value ) { + var ret, hooks, notxml, + nType = elem.nodeType; + + // don't get/set properties on text, comment and attribute nodes + if ( !elem || nType === 3 || nType === 8 || nType === 2 ) { + return; + } + + notxml = nType !== 1 || !jQuery.isXMLDoc( elem ); + + if ( notxml ) { + // Fix name and attach hooks + name = jQuery.propFix[ name ] || name; + hooks = jQuery.propHooks[ name ]; + } + + if ( value !== undefined ) { + if ( hooks && "set" in hooks && (ret = hooks.set( elem, value, name )) !== undefined ) { + return ret; + + } else { + return ( elem[ name ] = value ); + } + + } else { + if ( hooks && "get" in hooks && (ret = hooks.get( elem, name )) !== null ) { + return ret; + + } else { + return elem[ name ]; + } + } + }, + + propHooks: { + tabIndex: { + get: function( elem ) { + // elem.tabIndex doesn't always return the correct value when it hasn't been explicitly set + // http://fluidproject.org/blog/2008/01/09/getting-setting-and-removing-tabindex-values-with-javascript/ + var attributeNode = elem.getAttributeNode("tabindex"); + + return attributeNode && attributeNode.specified ? + parseInt( attributeNode.value, 10 ) : + rfocusable.test( elem.nodeName ) || rclickable.test( elem.nodeName ) && elem.href ? + 0 : + undefined; + } + } + } +}); + +// Add the tabIndex propHook to attrHooks for back-compat (different case is intentional) +jQuery.attrHooks.tabindex = jQuery.propHooks.tabIndex; + +// Hook for boolean attributes +boolHook = { + get: function( elem, name ) { + // Align boolean attributes with corresponding properties + // Fall back to attribute presence where some booleans are not supported + var attrNode, + property = jQuery.prop( elem, name ); + return property === true || typeof property !== "boolean" && ( attrNode = elem.getAttributeNode(name) ) && attrNode.nodeValue !== false ? + name.toLowerCase() : + undefined; + }, + set: function( elem, value, name ) { + var propName; + if ( value === false ) { + // Remove boolean attributes when set to false + jQuery.removeAttr( elem, name ); + } else { + // value is true since we know at this point it's type boolean and not false + // Set boolean attributes to the same name and set the DOM property + propName = jQuery.propFix[ name ] || name; + if ( propName in elem ) { + // Only set the IDL specifically if it already exists on the element + elem[ propName ] = true; + } + + elem.setAttribute( name, name.toLowerCase() ); + } + return name; + } +}; + +// IE6/7 do not support getting/setting some attributes with get/setAttribute +if ( !getSetAttribute ) { + + fixSpecified = { + name: true, + id: true, + coords: true + }; + + // Use this for any attribute in IE6/7 + // This fixes almost every IE6/7 issue + nodeHook = jQuery.valHooks.button = { + get: function( elem, name ) { + var ret; + ret = elem.getAttributeNode( name ); + return ret && ( fixSpecified[ name ] ? ret.nodeValue !== "" : ret.specified ) ? + ret.nodeValue : + undefined; + }, + set: function( elem, value, name ) { + // Set the existing or create a new attribute node + var ret = elem.getAttributeNode( name ); + if ( !ret ) { + ret = document.createAttribute( name ); + elem.setAttributeNode( ret ); + } + return ( ret.nodeValue = value + "" ); + } + }; + + // Apply the nodeHook to tabindex + jQuery.attrHooks.tabindex.set = nodeHook.set; + + // Set width and height to auto instead of 0 on empty string( Bug #8150 ) + // This is for removals + jQuery.each([ "width", "height" ], function( i, name ) { + jQuery.attrHooks[ name ] = jQuery.extend( jQuery.attrHooks[ name ], { + set: function( elem, value ) { + if ( value === "" ) { + elem.setAttribute( name, "auto" ); + return value; + } + } + }); + }); + + // Set contenteditable to false on removals(#10429) + // Setting to empty string throws an error as an invalid value + jQuery.attrHooks.contenteditable = { + get: nodeHook.get, + set: function( elem, value, name ) { + if ( value === "" ) { + value = "false"; + } + nodeHook.set( elem, value, name ); + } + }; +} + + +// Some attributes require a special call on IE +if ( !jQuery.support.hrefNormalized ) { + jQuery.each([ "href", "src", "width", "height" ], function( i, name ) { + jQuery.attrHooks[ name ] = jQuery.extend( jQuery.attrHooks[ name ], { + get: function( elem ) { + var ret = elem.getAttribute( name, 2 ); + return ret === null ? undefined : ret; + } + }); + }); +} + +if ( !jQuery.support.style ) { + jQuery.attrHooks.style = { + get: function( elem ) { + // Return undefined in the case of empty string + // Normalize to lowercase since IE uppercases css property names + return elem.style.cssText.toLowerCase() || undefined; + }, + set: function( elem, value ) { + return ( elem.style.cssText = "" + value ); + } + }; +} + +// Safari mis-reports the default selected property of an option +// Accessing the parent's selectedIndex property fixes it +if ( !jQuery.support.optSelected ) { + jQuery.propHooks.selected = jQuery.extend( jQuery.propHooks.selected, { + get: function( elem ) { + var parent = elem.parentNode; + + if ( parent ) { + parent.selectedIndex; + + // Make sure that it also works with optgroups, see #5701 + if ( parent.parentNode ) { + parent.parentNode.selectedIndex; + } + } + return null; + } + }); +} + +// IE6/7 call enctype encoding +if ( !jQuery.support.enctype ) { + jQuery.propFix.enctype = "encoding"; +} + +// Radios and checkboxes getter/setter +if ( !jQuery.support.checkOn ) { + jQuery.each([ "radio", "checkbox" ], function() { + jQuery.valHooks[ this ] = { + get: function( elem ) { + // Handle the case where in Webkit "" is returned instead of "on" if a value isn't specified + return elem.getAttribute("value") === null ? "on" : elem.value; + } + }; + }); +} +jQuery.each([ "radio", "checkbox" ], function() { + jQuery.valHooks[ this ] = jQuery.extend( jQuery.valHooks[ this ], { + set: function( elem, value ) { + if ( jQuery.isArray( value ) ) { + return ( elem.checked = jQuery.inArray( jQuery(elem).val(), value ) >= 0 ); + } + } + }); +}); + + + + +var rformElems = /^(?:textarea|input|select)$/i, + rtypenamespace = /^([^\.]*)?(?:\.(.+))?$/, + rhoverHack = /(?:^|\s)hover(\.\S+)?\b/, + rkeyEvent = /^key/, + rmouseEvent = /^(?:mouse|contextmenu)|click/, + rfocusMorph = /^(?:focusinfocus|focusoutblur)$/, + rquickIs = /^(\w*)(?:#([\w\-]+))?(?:\.([\w\-]+))?$/, + quickParse = function( selector ) { + var quick = rquickIs.exec( selector ); + if ( quick ) { + // 0 1 2 3 + // [ _, tag, id, class ] + quick[1] = ( quick[1] || "" ).toLowerCase(); + quick[3] = quick[3] && new RegExp( "(?:^|\\s)" + quick[3] + "(?:\\s|$)" ); + } + return quick; + }, + quickIs = function( elem, m ) { + var attrs = elem.attributes || {}; + return ( + (!m[1] || elem.nodeName.toLowerCase() === m[1]) && + (!m[2] || (attrs.id || {}).value === m[2]) && + (!m[3] || m[3].test( (attrs[ "class" ] || {}).value )) + ); + }, + hoverHack = function( events ) { + return jQuery.event.special.hover ? events : events.replace( rhoverHack, "mouseenter$1 mouseleave$1" ); + }; + +/* + * Helper functions for managing events -- not part of the public interface. + * Props to Dean Edwards' addEvent library for many of the ideas. + */ +jQuery.event = { + + add: function( elem, types, handler, data, selector ) { + + var elemData, eventHandle, events, + t, tns, type, namespaces, handleObj, + handleObjIn, quick, handlers, special; + + // Don't attach events to noData or text/comment nodes (allow plain objects tho) + if ( elem.nodeType === 3 || elem.nodeType === 8 || !types || !handler || !(elemData = jQuery._data( elem )) ) { + return; + } + + // Caller can pass in an object of custom data in lieu of the handler + if ( handler.handler ) { + handleObjIn = handler; + handler = handleObjIn.handler; + selector = handleObjIn.selector; + } + + // Make sure that the handler has a unique ID, used to find/remove it later + if ( !handler.guid ) { + handler.guid = jQuery.guid++; + } + + // Init the element's event structure and main handler, if this is the first + events = elemData.events; + if ( !events ) { + elemData.events = events = {}; + } + eventHandle = elemData.handle; + if ( !eventHandle ) { + elemData.handle = eventHandle = function( e ) { + // Discard the second event of a jQuery.event.trigger() and + // when an event is called after a page has unloaded + return typeof jQuery !== "undefined" && (!e || jQuery.event.triggered !== e.type) ? + jQuery.event.dispatch.apply( eventHandle.elem, arguments ) : + undefined; + }; + // Add elem as a property of the handle fn to prevent a memory leak with IE non-native events + eventHandle.elem = elem; + } + + // Handle multiple events separated by a space + // jQuery(...).bind("mouseover mouseout", fn); + types = jQuery.trim( hoverHack(types) ).split( " " ); + for ( t = 0; t < types.length; t++ ) { + + tns = rtypenamespace.exec( types[t] ) || []; + type = tns[1]; + namespaces = ( tns[2] || "" ).split( "." ).sort(); + + // If event changes its type, use the special event handlers for the changed type + special = jQuery.event.special[ type ] || {}; + + // If selector defined, determine special event api type, otherwise given type + type = ( selector ? special.delegateType : special.bindType ) || type; + + // Update special based on newly reset type + special = jQuery.event.special[ type ] || {}; + + // handleObj is passed to all event handlers + handleObj = jQuery.extend({ + type: type, + origType: tns[1], + data: data, + handler: handler, + guid: handler.guid, + selector: selector, + quick: selector && quickParse( selector ), + namespace: namespaces.join(".") + }, handleObjIn ); + + // Init the event handler queue if we're the first + handlers = events[ type ]; + if ( !handlers ) { + handlers = events[ type ] = []; + handlers.delegateCount = 0; + + // Only use addEventListener/attachEvent if the special events handler returns false + if ( !special.setup || special.setup.call( elem, data, namespaces, eventHandle ) === false ) { + // Bind the global event handler to the element + if ( elem.addEventListener ) { + elem.addEventListener( type, eventHandle, false ); + + } else if ( elem.attachEvent ) { + elem.attachEvent( "on" + type, eventHandle ); + } + } + } + + if ( special.add ) { + special.add.call( elem, handleObj ); + + if ( !handleObj.handler.guid ) { + handleObj.handler.guid = handler.guid; + } + } + + // Add to the element's handler list, delegates in front + if ( selector ) { + handlers.splice( handlers.delegateCount++, 0, handleObj ); + } else { + handlers.push( handleObj ); + } + + // Keep track of which events have ever been used, for event optimization + jQuery.event.global[ type ] = true; + } + + // Nullify elem to prevent memory leaks in IE + elem = null; + }, + + global: {}, + + // Detach an event or set of events from an element + remove: function( elem, types, handler, selector, mappedTypes ) { + + var elemData = jQuery.hasData( elem ) && jQuery._data( elem ), + t, tns, type, origType, namespaces, origCount, + j, events, special, handle, eventType, handleObj; + + if ( !elemData || !(events = elemData.events) ) { + return; + } + + // Once for each type.namespace in types; type may be omitted + types = jQuery.trim( hoverHack( types || "" ) ).split(" "); + for ( t = 0; t < types.length; t++ ) { + tns = rtypenamespace.exec( types[t] ) || []; + type = origType = tns[1]; + namespaces = tns[2]; + + // Unbind all events (on this namespace, if provided) for the element + if ( !type ) { + for ( type in events ) { + jQuery.event.remove( elem, type + types[ t ], handler, selector, true ); + } + continue; + } + + special = jQuery.event.special[ type ] || {}; + type = ( selector? special.delegateType : special.bindType ) || type; + eventType = events[ type ] || []; + origCount = eventType.length; + namespaces = namespaces ? new RegExp("(^|\\.)" + namespaces.split(".").sort().join("\\.(?:.*\\.)?") + "(\\.|$)") : null; + + // Remove matching events + for ( j = 0; j < eventType.length; j++ ) { + handleObj = eventType[ j ]; + + if ( ( mappedTypes || origType === handleObj.origType ) && + ( !handler || handler.guid === handleObj.guid ) && + ( !namespaces || namespaces.test( handleObj.namespace ) ) && + ( !selector || selector === handleObj.selector || selector === "**" && handleObj.selector ) ) { + eventType.splice( j--, 1 ); + + if ( handleObj.selector ) { + eventType.delegateCount--; + } + if ( special.remove ) { + special.remove.call( elem, handleObj ); + } + } + } + + // Remove generic event handler if we removed something and no more handlers exist + // (avoids potential for endless recursion during removal of special event handlers) + if ( eventType.length === 0 && origCount !== eventType.length ) { + if ( !special.teardown || special.teardown.call( elem, namespaces ) === false ) { + jQuery.removeEvent( elem, type, elemData.handle ); + } + + delete events[ type ]; + } + } + + // Remove the expando if it's no longer used + if ( jQuery.isEmptyObject( events ) ) { + handle = elemData.handle; + if ( handle ) { + handle.elem = null; + } + + // removeData also checks for emptiness and clears the expando if empty + // so use it instead of delete + jQuery.removeData( elem, [ "events", "handle" ], true ); + } + }, + + // Events that are safe to short-circuit if no handlers are attached. + // Native DOM events should not be added, they may have inline handlers. + customEvent: { + "getData": true, + "setData": true, + "changeData": true + }, + + trigger: function( event, data, elem, onlyHandlers ) { + // Don't do events on text and comment nodes + if ( elem && (elem.nodeType === 3 || elem.nodeType === 8) ) { + return; + } + + // Event object or event type + var type = event.type || event, + namespaces = [], + cache, exclusive, i, cur, old, ontype, special, handle, eventPath, bubbleType; + + // focus/blur morphs to focusin/out; ensure we're not firing them right now + if ( rfocusMorph.test( type + jQuery.event.triggered ) ) { + return; + } + + if ( type.indexOf( "!" ) >= 0 ) { + // Exclusive events trigger only for the exact event (no namespaces) + type = type.slice(0, -1); + exclusive = true; + } + + if ( type.indexOf( "." ) >= 0 ) { + // Namespaced trigger; create a regexp to match event type in handle() + namespaces = type.split("."); + type = namespaces.shift(); + namespaces.sort(); + } + + if ( (!elem || jQuery.event.customEvent[ type ]) && !jQuery.event.global[ type ] ) { + // No jQuery handlers for this event type, and it can't have inline handlers + return; + } + + // Caller can pass in an Event, Object, or just an event type string + event = typeof event === "object" ? + // jQuery.Event object + event[ jQuery.expando ] ? event : + // Object literal + new jQuery.Event( type, event ) : + // Just the event type (string) + new jQuery.Event( type ); + + event.type = type; + event.isTrigger = true; + event.exclusive = exclusive; + event.namespace = namespaces.join( "." ); + event.namespace_re = event.namespace? new RegExp("(^|\\.)" + namespaces.join("\\.(?:.*\\.)?") + "(\\.|$)") : null; + ontype = type.indexOf( ":" ) < 0 ? "on" + type : ""; + + // Handle a global trigger + if ( !elem ) { + + // TODO: Stop taunting the data cache; remove global events and always attach to document + cache = jQuery.cache; + for ( i in cache ) { + if ( cache[ i ].events && cache[ i ].events[ type ] ) { + jQuery.event.trigger( event, data, cache[ i ].handle.elem, true ); + } + } + return; + } + + // Clean up the event in case it is being reused + event.result = undefined; + if ( !event.target ) { + event.target = elem; + } + + // Clone any incoming data and prepend the event, creating the handler arg list + data = data != null ? jQuery.makeArray( data ) : []; + data.unshift( event ); + + // Allow special events to draw outside the lines + special = jQuery.event.special[ type ] || {}; + if ( special.trigger && special.trigger.apply( elem, data ) === false ) { + return; + } + + // Determine event propagation path in advance, per W3C events spec (#9951) + // Bubble up to document, then to window; watch for a global ownerDocument var (#9724) + eventPath = [[ elem, special.bindType || type ]]; + if ( !onlyHandlers && !special.noBubble && !jQuery.isWindow( elem ) ) { + + bubbleType = special.delegateType || type; + cur = rfocusMorph.test( bubbleType + type ) ? elem : elem.parentNode; + old = null; + for ( ; cur; cur = cur.parentNode ) { + eventPath.push([ cur, bubbleType ]); + old = cur; + } + + // Only add window if we got to document (e.g., not plain obj or detached DOM) + if ( old && old === elem.ownerDocument ) { + eventPath.push([ old.defaultView || old.parentWindow || window, bubbleType ]); + } + } + + // Fire handlers on the event path + for ( i = 0; i < eventPath.length && !event.isPropagationStopped(); i++ ) { + + cur = eventPath[i][0]; + event.type = eventPath[i][1]; + + handle = ( jQuery._data( cur, "events" ) || {} )[ event.type ] && jQuery._data( cur, "handle" ); + if ( handle ) { + handle.apply( cur, data ); + } + // Note that this is a bare JS function and not a jQuery handler + handle = ontype && cur[ ontype ]; + if ( handle && jQuery.acceptData( cur ) && handle.apply( cur, data ) === false ) { + event.preventDefault(); + } + } + event.type = type; + + // If nobody prevented the default action, do it now + if ( !onlyHandlers && !event.isDefaultPrevented() ) { + + if ( (!special._default || special._default.apply( elem.ownerDocument, data ) === false) && + !(type === "click" && jQuery.nodeName( elem, "a" )) && jQuery.acceptData( elem ) ) { + + // Call a native DOM method on the target with the same name name as the event. + // Can't use an .isFunction() check here because IE6/7 fails that test. + // Don't do default actions on window, that's where global variables be (#6170) + // IE<9 dies on focus/blur to hidden element (#1486) + if ( ontype && elem[ type ] && ((type !== "focus" && type !== "blur") || event.target.offsetWidth !== 0) && !jQuery.isWindow( elem ) ) { + + // Don't re-trigger an onFOO event when we call its FOO() method + old = elem[ ontype ]; + + if ( old ) { + elem[ ontype ] = null; + } + + // Prevent re-triggering of the same event, since we already bubbled it above + jQuery.event.triggered = type; + elem[ type ](); + jQuery.event.triggered = undefined; + + if ( old ) { + elem[ ontype ] = old; + } + } + } + } + + return event.result; + }, + + dispatch: function( event ) { + + // Make a writable jQuery.Event from the native event object + event = jQuery.event.fix( event || window.event ); + + var handlers = ( (jQuery._data( this, "events" ) || {} )[ event.type ] || []), + delegateCount = handlers.delegateCount, + args = [].slice.call( arguments, 0 ), + run_all = !event.exclusive && !event.namespace, + special = jQuery.event.special[ event.type ] || {}, + handlerQueue = [], + i, j, cur, jqcur, ret, selMatch, matched, matches, handleObj, sel, related; + + // Use the fix-ed jQuery.Event rather than the (read-only) native event + args[0] = event; + event.delegateTarget = this; + + // Call the preDispatch hook for the mapped type, and let it bail if desired + if ( special.preDispatch && special.preDispatch.call( this, event ) === false ) { + return; + } + + // Determine handlers that should run if there are delegated events + // Avoid non-left-click bubbling in Firefox (#3861) + if ( delegateCount && !(event.button && event.type === "click") ) { + + // Pregenerate a single jQuery object for reuse with .is() + jqcur = jQuery(this); + jqcur.context = this.ownerDocument || this; + + for ( cur = event.target; cur != this; cur = cur.parentNode || this ) { + + // Don't process events on disabled elements (#6911, #8165) + if ( cur.disabled !== true ) { + selMatch = {}; + matches = []; + jqcur[0] = cur; + for ( i = 0; i < delegateCount; i++ ) { + handleObj = handlers[ i ]; + sel = handleObj.selector; + + if ( selMatch[ sel ] === undefined ) { + selMatch[ sel ] = ( + handleObj.quick ? quickIs( cur, handleObj.quick ) : jqcur.is( sel ) + ); + } + if ( selMatch[ sel ] ) { + matches.push( handleObj ); + } + } + if ( matches.length ) { + handlerQueue.push({ elem: cur, matches: matches }); + } + } + } + } + + // Add the remaining (directly-bound) handlers + if ( handlers.length > delegateCount ) { + handlerQueue.push({ elem: this, matches: handlers.slice( delegateCount ) }); + } + + // Run delegates first; they may want to stop propagation beneath us + for ( i = 0; i < handlerQueue.length && !event.isPropagationStopped(); i++ ) { + matched = handlerQueue[ i ]; + event.currentTarget = matched.elem; + + for ( j = 0; j < matched.matches.length && !event.isImmediatePropagationStopped(); j++ ) { + handleObj = matched.matches[ j ]; + + // Triggered event must either 1) be non-exclusive and have no namespace, or + // 2) have namespace(s) a subset or equal to those in the bound event (both can have no namespace). + if ( run_all || (!event.namespace && !handleObj.namespace) || event.namespace_re && event.namespace_re.test( handleObj.namespace ) ) { + + event.data = handleObj.data; + event.handleObj = handleObj; + + ret = ( (jQuery.event.special[ handleObj.origType ] || {}).handle || handleObj.handler ) + .apply( matched.elem, args ); + + if ( ret !== undefined ) { + event.result = ret; + if ( ret === false ) { + event.preventDefault(); + event.stopPropagation(); + } + } + } + } + } + + // Call the postDispatch hook for the mapped type + if ( special.postDispatch ) { + special.postDispatch.call( this, event ); + } + + return event.result; + }, + + // Includes some event props shared by KeyEvent and MouseEvent + // *** attrChange attrName relatedNode srcElement are not normalized, non-W3C, deprecated, will be removed in 1.8 *** + props: "attrChange attrName relatedNode srcElement altKey bubbles cancelable ctrlKey currentTarget eventPhase metaKey relatedTarget shiftKey target timeStamp view which".split(" "), + + fixHooks: {}, + + keyHooks: { + props: "char charCode key keyCode".split(" "), + filter: function( event, original ) { + + // Add which for key events + if ( event.which == null ) { + event.which = original.charCode != null ? original.charCode : original.keyCode; + } + + return event; + } + }, + + mouseHooks: { + props: "button buttons clientX clientY fromElement offsetX offsetY pageX pageY screenX screenY toElement".split(" "), + filter: function( event, original ) { + var eventDoc, doc, body, + button = original.button, + fromElement = original.fromElement; + + // Calculate pageX/Y if missing and clientX/Y available + if ( event.pageX == null && original.clientX != null ) { + eventDoc = event.target.ownerDocument || document; + doc = eventDoc.documentElement; + body = eventDoc.body; + + event.pageX = original.clientX + ( doc && doc.scrollLeft || body && body.scrollLeft || 0 ) - ( doc && doc.clientLeft || body && body.clientLeft || 0 ); + event.pageY = original.clientY + ( doc && doc.scrollTop || body && body.scrollTop || 0 ) - ( doc && doc.clientTop || body && body.clientTop || 0 ); + } + + // Add relatedTarget, if necessary + if ( !event.relatedTarget && fromElement ) { + event.relatedTarget = fromElement === event.target ? original.toElement : fromElement; + } + + // Add which for click: 1 === left; 2 === middle; 3 === right + // Note: button is not normalized, so don't use it + if ( !event.which && button !== undefined ) { + event.which = ( button & 1 ? 1 : ( button & 2 ? 3 : ( button & 4 ? 2 : 0 ) ) ); + } + + return event; + } + }, + + fix: function( event ) { + if ( event[ jQuery.expando ] ) { + return event; + } + + // Create a writable copy of the event object and normalize some properties + var i, prop, + originalEvent = event, + fixHook = jQuery.event.fixHooks[ event.type ] || {}, + copy = fixHook.props ? this.props.concat( fixHook.props ) : this.props; + + event = jQuery.Event( originalEvent ); + + for ( i = copy.length; i; ) { + prop = copy[ --i ]; + event[ prop ] = originalEvent[ prop ]; + } + + // Fix target property, if necessary (#1925, IE 6/7/8 & Safari2) + if ( !event.target ) { + event.target = originalEvent.srcElement || document; + } + + // Target should not be a text node (#504, Safari) + if ( event.target.nodeType === 3 ) { + event.target = event.target.parentNode; + } + + // For mouse/key events; add metaKey if it's not there (#3368, IE6/7/8) + if ( event.metaKey === undefined ) { + event.metaKey = event.ctrlKey; + } + + return fixHook.filter? fixHook.filter( event, originalEvent ) : event; + }, + + special: { + ready: { + // Make sure the ready event is setup + setup: jQuery.bindReady + }, + + load: { + // Prevent triggered image.load events from bubbling to window.load + noBubble: true + }, + + focus: { + delegateType: "focusin" + }, + blur: { + delegateType: "focusout" + }, + + beforeunload: { + setup: function( data, namespaces, eventHandle ) { + // We only want to do this special case on windows + if ( jQuery.isWindow( this ) ) { + this.onbeforeunload = eventHandle; + } + }, + + teardown: function( namespaces, eventHandle ) { + if ( this.onbeforeunload === eventHandle ) { + this.onbeforeunload = null; + } + } + } + }, + + simulate: function( type, elem, event, bubble ) { + // Piggyback on a donor event to simulate a different one. + // Fake originalEvent to avoid donor's stopPropagation, but if the + // simulated event prevents default then we do the same on the donor. + var e = jQuery.extend( + new jQuery.Event(), + event, + { type: type, + isSimulated: true, + originalEvent: {} + } + ); + if ( bubble ) { + jQuery.event.trigger( e, null, elem ); + } else { + jQuery.event.dispatch.call( elem, e ); + } + if ( e.isDefaultPrevented() ) { + event.preventDefault(); + } + } +}; + +// Some plugins are using, but it's undocumented/deprecated and will be removed. +// The 1.7 special event interface should provide all the hooks needed now. +jQuery.event.handle = jQuery.event.dispatch; + +jQuery.removeEvent = document.removeEventListener ? + function( elem, type, handle ) { + if ( elem.removeEventListener ) { + elem.removeEventListener( type, handle, false ); + } + } : + function( elem, type, handle ) { + if ( elem.detachEvent ) { + elem.detachEvent( "on" + type, handle ); + } + }; + +jQuery.Event = function( src, props ) { + // Allow instantiation without the 'new' keyword + if ( !(this instanceof jQuery.Event) ) { + return new jQuery.Event( src, props ); + } + + // Event object + if ( src && src.type ) { + this.originalEvent = src; + this.type = src.type; + + // Events bubbling up the document may have been marked as prevented + // by a handler lower down the tree; reflect the correct value. + this.isDefaultPrevented = ( src.defaultPrevented || src.returnValue === false || + src.getPreventDefault && src.getPreventDefault() ) ? returnTrue : returnFalse; + + // Event type + } else { + this.type = src; + } + + // Put explicitly provided properties onto the event object + if ( props ) { + jQuery.extend( this, props ); + } + + // Create a timestamp if incoming event doesn't have one + this.timeStamp = src && src.timeStamp || jQuery.now(); + + // Mark it as fixed + this[ jQuery.expando ] = true; +}; + +function returnFalse() { + return false; +} +function returnTrue() { + return true; +} + +// jQuery.Event is based on DOM3 Events as specified by the ECMAScript Language Binding +// http://www.w3.org/TR/2003/WD-DOM-Level-3-Events-20030331/ecma-script-binding.html +jQuery.Event.prototype = { + preventDefault: function() { + this.isDefaultPrevented = returnTrue; + + var e = this.originalEvent; + if ( !e ) { + return; + } + + // if preventDefault exists run it on the original event + if ( e.preventDefault ) { + e.preventDefault(); + + // otherwise set the returnValue property of the original event to false (IE) + } else { + e.returnValue = false; + } + }, + stopPropagation: function() { + this.isPropagationStopped = returnTrue; + + var e = this.originalEvent; + if ( !e ) { + return; + } + // if stopPropagation exists run it on the original event + if ( e.stopPropagation ) { + e.stopPropagation(); + } + // otherwise set the cancelBubble property of the original event to true (IE) + e.cancelBubble = true; + }, + stopImmediatePropagation: function() { + this.isImmediatePropagationStopped = returnTrue; + this.stopPropagation(); + }, + isDefaultPrevented: returnFalse, + isPropagationStopped: returnFalse, + isImmediatePropagationStopped: returnFalse +}; + +// Create mouseenter/leave events using mouseover/out and event-time checks +jQuery.each({ + mouseenter: "mouseover", + mouseleave: "mouseout" +}, function( orig, fix ) { + jQuery.event.special[ orig ] = { + delegateType: fix, + bindType: fix, + + handle: function( event ) { + var target = this, + related = event.relatedTarget, + handleObj = event.handleObj, + selector = handleObj.selector, + ret; + + // For mousenter/leave call the handler if related is outside the target. + // NB: No relatedTarget if the mouse left/entered the browser window + if ( !related || (related !== target && !jQuery.contains( target, related )) ) { + event.type = handleObj.origType; + ret = handleObj.handler.apply( this, arguments ); + event.type = fix; + } + return ret; + } + }; +}); + +// IE submit delegation +if ( !jQuery.support.submitBubbles ) { + + jQuery.event.special.submit = { + setup: function() { + // Only need this for delegated form submit events + if ( jQuery.nodeName( this, "form" ) ) { + return false; + } + + // Lazy-add a submit handler when a descendant form may potentially be submitted + jQuery.event.add( this, "click._submit keypress._submit", function( e ) { + // Node name check avoids a VML-related crash in IE (#9807) + var elem = e.target, + form = jQuery.nodeName( elem, "input" ) || jQuery.nodeName( elem, "button" ) ? elem.form : undefined; + if ( form && !form._submit_attached ) { + jQuery.event.add( form, "submit._submit", function( event ) { + event._submit_bubble = true; + }); + form._submit_attached = true; + } + }); + // return undefined since we don't need an event listener + }, + + postDispatch: function( event ) { + // If form was submitted by the user, bubble the event up the tree + if ( event._submit_bubble ) { + delete event._submit_bubble; + if ( this.parentNode && !event.isTrigger ) { + jQuery.event.simulate( "submit", this.parentNode, event, true ); + } + } + }, + + teardown: function() { + // Only need this for delegated form submit events + if ( jQuery.nodeName( this, "form" ) ) { + return false; + } + + // Remove delegated handlers; cleanData eventually reaps submit handlers attached above + jQuery.event.remove( this, "._submit" ); + } + }; +} + +// IE change delegation and checkbox/radio fix +if ( !jQuery.support.changeBubbles ) { + + jQuery.event.special.change = { + + setup: function() { + + if ( rformElems.test( this.nodeName ) ) { + // IE doesn't fire change on a check/radio until blur; trigger it on click + // after a propertychange. Eat the blur-change in special.change.handle. + // This still fires onchange a second time for check/radio after blur. + if ( this.type === "checkbox" || this.type === "radio" ) { + jQuery.event.add( this, "propertychange._change", function( event ) { + if ( event.originalEvent.propertyName === "checked" ) { + this._just_changed = true; + } + }); + jQuery.event.add( this, "click._change", function( event ) { + if ( this._just_changed && !event.isTrigger ) { + this._just_changed = false; + jQuery.event.simulate( "change", this, event, true ); + } + }); + } + return false; + } + // Delegated event; lazy-add a change handler on descendant inputs + jQuery.event.add( this, "beforeactivate._change", function( e ) { + var elem = e.target; + + if ( rformElems.test( elem.nodeName ) && !elem._change_attached ) { + jQuery.event.add( elem, "change._change", function( event ) { + if ( this.parentNode && !event.isSimulated && !event.isTrigger ) { + jQuery.event.simulate( "change", this.parentNode, event, true ); + } + }); + elem._change_attached = true; + } + }); + }, + + handle: function( event ) { + var elem = event.target; + + // Swallow native change events from checkbox/radio, we already triggered them above + if ( this !== elem || event.isSimulated || event.isTrigger || (elem.type !== "radio" && elem.type !== "checkbox") ) { + return event.handleObj.handler.apply( this, arguments ); + } + }, + + teardown: function() { + jQuery.event.remove( this, "._change" ); + + return rformElems.test( this.nodeName ); + } + }; +} + +// Create "bubbling" focus and blur events +if ( !jQuery.support.focusinBubbles ) { + jQuery.each({ focus: "focusin", blur: "focusout" }, function( orig, fix ) { + + // Attach a single capturing handler while someone wants focusin/focusout + var attaches = 0, + handler = function( event ) { + jQuery.event.simulate( fix, event.target, jQuery.event.fix( event ), true ); + }; + + jQuery.event.special[ fix ] = { + setup: function() { + if ( attaches++ === 0 ) { + document.addEventListener( orig, handler, true ); + } + }, + teardown: function() { + if ( --attaches === 0 ) { + document.removeEventListener( orig, handler, true ); + } + } + }; + }); +} + +jQuery.fn.extend({ + + on: function( types, selector, data, fn, /*INTERNAL*/ one ) { + var origFn, type; + + // Types can be a map of types/handlers + if ( typeof types === "object" ) { + // ( types-Object, selector, data ) + if ( typeof selector !== "string" ) { // && selector != null + // ( types-Object, data ) + data = data || selector; + selector = undefined; + } + for ( type in types ) { + this.on( type, selector, data, types[ type ], one ); + } + return this; + } + + if ( data == null && fn == null ) { + // ( types, fn ) + fn = selector; + data = selector = undefined; + } else if ( fn == null ) { + if ( typeof selector === "string" ) { + // ( types, selector, fn ) + fn = data; + data = undefined; + } else { + // ( types, data, fn ) + fn = data; + data = selector; + selector = undefined; + } + } + if ( fn === false ) { + fn = returnFalse; + } else if ( !fn ) { + return this; + } + + if ( one === 1 ) { + origFn = fn; + fn = function( event ) { + // Can use an empty set, since event contains the info + jQuery().off( event ); + return origFn.apply( this, arguments ); + }; + // Use same guid so caller can remove using origFn + fn.guid = origFn.guid || ( origFn.guid = jQuery.guid++ ); + } + return this.each( function() { + jQuery.event.add( this, types, fn, data, selector ); + }); + }, + one: function( types, selector, data, fn ) { + return this.on( types, selector, data, fn, 1 ); + }, + off: function( types, selector, fn ) { + if ( types && types.preventDefault && types.handleObj ) { + // ( event ) dispatched jQuery.Event + var handleObj = types.handleObj; + jQuery( types.delegateTarget ).off( + handleObj.namespace ? handleObj.origType + "." + handleObj.namespace : handleObj.origType, + handleObj.selector, + handleObj.handler + ); + return this; + } + if ( typeof types === "object" ) { + // ( types-object [, selector] ) + for ( var type in types ) { + this.off( type, selector, types[ type ] ); + } + return this; + } + if ( selector === false || typeof selector === "function" ) { + // ( types [, fn] ) + fn = selector; + selector = undefined; + } + if ( fn === false ) { + fn = returnFalse; + } + return this.each(function() { + jQuery.event.remove( this, types, fn, selector ); + }); + }, + + bind: function( types, data, fn ) { + return this.on( types, null, data, fn ); + }, + unbind: function( types, fn ) { + return this.off( types, null, fn ); + }, + + live: function( types, data, fn ) { + jQuery( this.context ).on( types, this.selector, data, fn ); + return this; + }, + die: function( types, fn ) { + jQuery( this.context ).off( types, this.selector || "**", fn ); + return this; + }, + + delegate: function( selector, types, data, fn ) { + return this.on( types, selector, data, fn ); + }, + undelegate: function( selector, types, fn ) { + // ( namespace ) or ( selector, types [, fn] ) + return arguments.length == 1? this.off( selector, "**" ) : this.off( types, selector, fn ); + }, + + trigger: function( type, data ) { + return this.each(function() { + jQuery.event.trigger( type, data, this ); + }); + }, + triggerHandler: function( type, data ) { + if ( this[0] ) { + return jQuery.event.trigger( type, data, this[0], true ); + } + }, + + toggle: function( fn ) { + // Save reference to arguments for access in closure + var args = arguments, + guid = fn.guid || jQuery.guid++, + i = 0, + toggler = function( event ) { + // Figure out which function to execute + var lastToggle = ( jQuery._data( this, "lastToggle" + fn.guid ) || 0 ) % i; + jQuery._data( this, "lastToggle" + fn.guid, lastToggle + 1 ); + + // Make sure that clicks stop + event.preventDefault(); + + // and execute the function + return args[ lastToggle ].apply( this, arguments ) || false; + }; + + // link all the functions, so any of them can unbind this click handler + toggler.guid = guid; + while ( i < args.length ) { + args[ i++ ].guid = guid; + } + + return this.click( toggler ); + }, + + hover: function( fnOver, fnOut ) { + return this.mouseenter( fnOver ).mouseleave( fnOut || fnOver ); + } +}); + +jQuery.each( ("blur focus focusin focusout load resize scroll unload click dblclick " + + "mousedown mouseup mousemove mouseover mouseout mouseenter mouseleave " + + "change select submit keydown keypress keyup error contextmenu").split(" "), function( i, name ) { + + // Handle event binding + jQuery.fn[ name ] = function( data, fn ) { + if ( fn == null ) { + fn = data; + data = null; + } + + return arguments.length > 0 ? + this.on( name, null, data, fn ) : + this.trigger( name ); + }; + + if ( jQuery.attrFn ) { + jQuery.attrFn[ name ] = true; + } + + if ( rkeyEvent.test( name ) ) { + jQuery.event.fixHooks[ name ] = jQuery.event.keyHooks; + } + + if ( rmouseEvent.test( name ) ) { + jQuery.event.fixHooks[ name ] = jQuery.event.mouseHooks; + } +}); + + + +/*! + * Sizzle CSS Selector Engine + * Copyright 2011, The Dojo Foundation + * Released under the MIT, BSD, and GPL Licenses. + * More information: http://sizzlejs.com/ + */ +(function(){ + +var chunker = /((?:\((?:\([^()]+\)|[^()]+)+\)|\[(?:\[[^\[\]]*\]|['"][^'"]*['"]|[^\[\]'"]+)+\]|\\.|[^ >+~,(\[\\]+)+|[>+~])(\s*,\s*)?((?:.|\r|\n)*)/g, + expando = "sizcache" + (Math.random() + '').replace('.', ''), + done = 0, + toString = Object.prototype.toString, + hasDuplicate = false, + baseHasDuplicate = true, + rBackslash = /\\/g, + rReturn = /\r\n/g, + rNonWord = /\W/; + +// Here we check if the JavaScript engine is using some sort of +// optimization where it does not always call our comparision +// function. If that is the case, discard the hasDuplicate value. +// Thus far that includes Google Chrome. +[0, 0].sort(function() { + baseHasDuplicate = false; + return 0; +}); + +var Sizzle = function( selector, context, results, seed ) { + results = results || []; + context = context || document; + + var origContext = context; + + if ( context.nodeType !== 1 && context.nodeType !== 9 ) { + return []; + } + + if ( !selector || typeof selector !== "string" ) { + return results; + } + + var m, set, checkSet, extra, ret, cur, pop, i, + prune = true, + contextXML = Sizzle.isXML( context ), + parts = [], + soFar = selector; + + // Reset the position of the chunker regexp (start from head) + do { + chunker.exec( "" ); + m = chunker.exec( soFar ); + + if ( m ) { + soFar = m[3]; + + parts.push( m[1] ); + + if ( m[2] ) { + extra = m[3]; + break; + } + } + } while ( m ); + + if ( parts.length > 1 && origPOS.exec( selector ) ) { + + if ( parts.length === 2 && Expr.relative[ parts[0] ] ) { + set = posProcess( parts[0] + parts[1], context, seed ); + + } else { + set = Expr.relative[ parts[0] ] ? + [ context ] : + Sizzle( parts.shift(), context ); + + while ( parts.length ) { + selector = parts.shift(); + + if ( Expr.relative[ selector ] ) { + selector += parts.shift(); + } + + set = posProcess( selector, set, seed ); + } + } + + } else { + // Take a shortcut and set the context if the root selector is an ID + // (but not if it'll be faster if the inner selector is an ID) + if ( !seed && parts.length > 1 && context.nodeType === 9 && !contextXML && + Expr.match.ID.test(parts[0]) && !Expr.match.ID.test(parts[parts.length - 1]) ) { + + ret = Sizzle.find( parts.shift(), context, contextXML ); + context = ret.expr ? + Sizzle.filter( ret.expr, ret.set )[0] : + ret.set[0]; + } + + if ( context ) { + ret = seed ? + { expr: parts.pop(), set: makeArray(seed) } : + Sizzle.find( parts.pop(), parts.length === 1 && (parts[0] === "~" || parts[0] === "+") && context.parentNode ? context.parentNode : context, contextXML ); + + set = ret.expr ? + Sizzle.filter( ret.expr, ret.set ) : + ret.set; + + if ( parts.length > 0 ) { + checkSet = makeArray( set ); + + } else { + prune = false; + } + + while ( parts.length ) { + cur = parts.pop(); + pop = cur; + + if ( !Expr.relative[ cur ] ) { + cur = ""; + } else { + pop = parts.pop(); + } + + if ( pop == null ) { + pop = context; + } + + Expr.relative[ cur ]( checkSet, pop, contextXML ); + } + + } else { + checkSet = parts = []; + } + } + + if ( !checkSet ) { + checkSet = set; + } + + if ( !checkSet ) { + Sizzle.error( cur || selector ); + } + + if ( toString.call(checkSet) === "[object Array]" ) { + if ( !prune ) { + results.push.apply( results, checkSet ); + + } else if ( context && context.nodeType === 1 ) { + for ( i = 0; checkSet[i] != null; i++ ) { + if ( checkSet[i] && (checkSet[i] === true || checkSet[i].nodeType === 1 && Sizzle.contains(context, checkSet[i])) ) { + results.push( set[i] ); + } + } + + } else { + for ( i = 0; checkSet[i] != null; i++ ) { + if ( checkSet[i] && checkSet[i].nodeType === 1 ) { + results.push( set[i] ); + } + } + } + + } else { + makeArray( checkSet, results ); + } + + if ( extra ) { + Sizzle( extra, origContext, results, seed ); + Sizzle.uniqueSort( results ); + } + + return results; +}; + +Sizzle.uniqueSort = function( results ) { + if ( sortOrder ) { + hasDuplicate = baseHasDuplicate; + results.sort( sortOrder ); + + if ( hasDuplicate ) { + for ( var i = 1; i < results.length; i++ ) { + if ( results[i] === results[ i - 1 ] ) { + results.splice( i--, 1 ); + } + } + } + } + + return results; +}; + +Sizzle.matches = function( expr, set ) { + return Sizzle( expr, null, null, set ); +}; + +Sizzle.matchesSelector = function( node, expr ) { + return Sizzle( expr, null, null, [node] ).length > 0; +}; + +Sizzle.find = function( expr, context, isXML ) { + var set, i, len, match, type, left; + + if ( !expr ) { + return []; + } + + for ( i = 0, len = Expr.order.length; i < len; i++ ) { + type = Expr.order[i]; + + if ( (match = Expr.leftMatch[ type ].exec( expr )) ) { + left = match[1]; + match.splice( 1, 1 ); + + if ( left.substr( left.length - 1 ) !== "\\" ) { + match[1] = (match[1] || "").replace( rBackslash, "" ); + set = Expr.find[ type ]( match, context, isXML ); + + if ( set != null ) { + expr = expr.replace( Expr.match[ type ], "" ); + break; + } + } + } + } + + if ( !set ) { + set = typeof context.getElementsByTagName !== "undefined" ? + context.getElementsByTagName( "*" ) : + []; + } + + return { set: set, expr: expr }; +}; + +Sizzle.filter = function( expr, set, inplace, not ) { + var match, anyFound, + type, found, item, filter, left, + i, pass, + old = expr, + result = [], + curLoop = set, + isXMLFilter = set && set[0] && Sizzle.isXML( set[0] ); + + while ( expr && set.length ) { + for ( type in Expr.filter ) { + if ( (match = Expr.leftMatch[ type ].exec( expr )) != null && match[2] ) { + filter = Expr.filter[ type ]; + left = match[1]; + + anyFound = false; + + match.splice(1,1); + + if ( left.substr( left.length - 1 ) === "\\" ) { + continue; + } + + if ( curLoop === result ) { + result = []; + } + + if ( Expr.preFilter[ type ] ) { + match = Expr.preFilter[ type ]( match, curLoop, inplace, result, not, isXMLFilter ); + + if ( !match ) { + anyFound = found = true; + + } else if ( match === true ) { + continue; + } + } + + if ( match ) { + for ( i = 0; (item = curLoop[i]) != null; i++ ) { + if ( item ) { + found = filter( item, match, i, curLoop ); + pass = not ^ found; + + if ( inplace && found != null ) { + if ( pass ) { + anyFound = true; + + } else { + curLoop[i] = false; + } + + } else if ( pass ) { + result.push( item ); + anyFound = true; + } + } + } + } + + if ( found !== undefined ) { + if ( !inplace ) { + curLoop = result; + } + + expr = expr.replace( Expr.match[ type ], "" ); + + if ( !anyFound ) { + return []; + } + + break; + } + } + } + + // Improper expression + if ( expr === old ) { + if ( anyFound == null ) { + Sizzle.error( expr ); + + } else { + break; + } + } + + old = expr; + } + + return curLoop; +}; + +Sizzle.error = function( msg ) { + throw new Error( "Syntax error, unrecognized expression: " + msg ); +}; + +/** + * Utility function for retreiving the text value of an array of DOM nodes + * @param {Array|Element} elem + */ +var getText = Sizzle.getText = function( elem ) { + var i, node, + nodeType = elem.nodeType, + ret = ""; + + if ( nodeType ) { + if ( nodeType === 1 || nodeType === 9 || nodeType === 11 ) { + // Use textContent || innerText for elements + if ( typeof elem.textContent === 'string' ) { + return elem.textContent; + } else if ( typeof elem.innerText === 'string' ) { + // Replace IE's carriage returns + return elem.innerText.replace( rReturn, '' ); + } else { + // Traverse it's children + for ( elem = elem.firstChild; elem; elem = elem.nextSibling) { + ret += getText( elem ); + } + } + } else if ( nodeType === 3 || nodeType === 4 ) { + return elem.nodeValue; + } + } else { + + // If no nodeType, this is expected to be an array + for ( i = 0; (node = elem[i]); i++ ) { + // Do not traverse comment nodes + if ( node.nodeType !== 8 ) { + ret += getText( node ); + } + } + } + return ret; +}; + +var Expr = Sizzle.selectors = { + order: [ "ID", "NAME", "TAG" ], + + match: { + ID: /#((?:[\w\u00c0-\uFFFF\-]|\\.)+)/, + CLASS: /\.((?:[\w\u00c0-\uFFFF\-]|\\.)+)/, + NAME: /\[name=['"]*((?:[\w\u00c0-\uFFFF\-]|\\.)+)['"]*\]/, + ATTR: /\[\s*((?:[\w\u00c0-\uFFFF\-]|\\.)+)\s*(?:(\S?=)\s*(?:(['"])(.*?)\3|(#?(?:[\w\u00c0-\uFFFF\-]|\\.)*)|)|)\s*\]/, + TAG: /^((?:[\w\u00c0-\uFFFF\*\-]|\\.)+)/, + CHILD: /:(only|nth|last|first)-child(?:\(\s*(even|odd|(?:[+\-]?\d+|(?:[+\-]?\d*)?n\s*(?:[+\-]\s*\d+)?))\s*\))?/, + POS: /:(nth|eq|gt|lt|first|last|even|odd)(?:\((\d*)\))?(?=[^\-]|$)/, + PSEUDO: /:((?:[\w\u00c0-\uFFFF\-]|\\.)+)(?:\((['"]?)((?:\([^\)]+\)|[^\(\)]*)+)\2\))?/ + }, + + leftMatch: {}, + + attrMap: { + "class": "className", + "for": "htmlFor" + }, + + attrHandle: { + href: function( elem ) { + return elem.getAttribute( "href" ); + }, + type: function( elem ) { + return elem.getAttribute( "type" ); + } + }, + + relative: { + "+": function(checkSet, part){ + var isPartStr = typeof part === "string", + isTag = isPartStr && !rNonWord.test( part ), + isPartStrNotTag = isPartStr && !isTag; + + if ( isTag ) { + part = part.toLowerCase(); + } + + for ( var i = 0, l = checkSet.length, elem; i < l; i++ ) { + if ( (elem = checkSet[i]) ) { + while ( (elem = elem.previousSibling) && elem.nodeType !== 1 ) {} + + checkSet[i] = isPartStrNotTag || elem && elem.nodeName.toLowerCase() === part ? + elem || false : + elem === part; + } + } + + if ( isPartStrNotTag ) { + Sizzle.filter( part, checkSet, true ); + } + }, + + ">": function( checkSet, part ) { + var elem, + isPartStr = typeof part === "string", + i = 0, + l = checkSet.length; + + if ( isPartStr && !rNonWord.test( part ) ) { + part = part.toLowerCase(); + + for ( ; i < l; i++ ) { + elem = checkSet[i]; + + if ( elem ) { + var parent = elem.parentNode; + checkSet[i] = parent.nodeName.toLowerCase() === part ? parent : false; + } + } + + } else { + for ( ; i < l; i++ ) { + elem = checkSet[i]; + + if ( elem ) { + checkSet[i] = isPartStr ? + elem.parentNode : + elem.parentNode === part; + } + } + + if ( isPartStr ) { + Sizzle.filter( part, checkSet, true ); + } + } + }, + + "": function(checkSet, part, isXML){ + var nodeCheck, + doneName = done++, + checkFn = dirCheck; + + if ( typeof part === "string" && !rNonWord.test( part ) ) { + part = part.toLowerCase(); + nodeCheck = part; + checkFn = dirNodeCheck; + } + + checkFn( "parentNode", part, doneName, checkSet, nodeCheck, isXML ); + }, + + "~": function( checkSet, part, isXML ) { + var nodeCheck, + doneName = done++, + checkFn = dirCheck; + + if ( typeof part === "string" && !rNonWord.test( part ) ) { + part = part.toLowerCase(); + nodeCheck = part; + checkFn = dirNodeCheck; + } + + checkFn( "previousSibling", part, doneName, checkSet, nodeCheck, isXML ); + } + }, + + find: { + ID: function( match, context, isXML ) { + if ( typeof context.getElementById !== "undefined" && !isXML ) { + var m = context.getElementById(match[1]); + // Check parentNode to catch when Blackberry 4.6 returns + // nodes that are no longer in the document #6963 + return m && m.parentNode ? [m] : []; + } + }, + + NAME: function( match, context ) { + if ( typeof context.getElementsByName !== "undefined" ) { + var ret = [], + results = context.getElementsByName( match[1] ); + + for ( var i = 0, l = results.length; i < l; i++ ) { + if ( results[i].getAttribute("name") === match[1] ) { + ret.push( results[i] ); + } + } + + return ret.length === 0 ? null : ret; + } + }, + + TAG: function( match, context ) { + if ( typeof context.getElementsByTagName !== "undefined" ) { + return context.getElementsByTagName( match[1] ); + } + } + }, + preFilter: { + CLASS: function( match, curLoop, inplace, result, not, isXML ) { + match = " " + match[1].replace( rBackslash, "" ) + " "; + + if ( isXML ) { + return match; + } + + for ( var i = 0, elem; (elem = curLoop[i]) != null; i++ ) { + if ( elem ) { + if ( not ^ (elem.className && (" " + elem.className + " ").replace(/[\t\n\r]/g, " ").indexOf(match) >= 0) ) { + if ( !inplace ) { + result.push( elem ); + } + + } else if ( inplace ) { + curLoop[i] = false; + } + } + } + + return false; + }, + + ID: function( match ) { + return match[1].replace( rBackslash, "" ); + }, + + TAG: function( match, curLoop ) { + return match[1].replace( rBackslash, "" ).toLowerCase(); + }, + + CHILD: function( match ) { + if ( match[1] === "nth" ) { + if ( !match[2] ) { + Sizzle.error( match[0] ); + } + + match[2] = match[2].replace(/^\+|\s*/g, ''); + + // parse equations like 'even', 'odd', '5', '2n', '3n+2', '4n-1', '-n+6' + var test = /(-?)(\d*)(?:n([+\-]?\d*))?/.exec( + match[2] === "even" && "2n" || match[2] === "odd" && "2n+1" || + !/\D/.test( match[2] ) && "0n+" + match[2] || match[2]); + + // calculate the numbers (first)n+(last) including if they are negative + match[2] = (test[1] + (test[2] || 1)) - 0; + match[3] = test[3] - 0; + } + else if ( match[2] ) { + Sizzle.error( match[0] ); + } + + // TODO: Move to normal caching system + match[0] = done++; + + return match; + }, + + ATTR: function( match, curLoop, inplace, result, not, isXML ) { + var name = match[1] = match[1].replace( rBackslash, "" ); + + if ( !isXML && Expr.attrMap[name] ) { + match[1] = Expr.attrMap[name]; + } + + // Handle if an un-quoted value was used + match[4] = ( match[4] || match[5] || "" ).replace( rBackslash, "" ); + + if ( match[2] === "~=" ) { + match[4] = " " + match[4] + " "; + } + + return match; + }, + + PSEUDO: function( match, curLoop, inplace, result, not ) { + if ( match[1] === "not" ) { + // If we're dealing with a complex expression, or a simple one + if ( ( chunker.exec(match[3]) || "" ).length > 1 || /^\w/.test(match[3]) ) { + match[3] = Sizzle(match[3], null, null, curLoop); + + } else { + var ret = Sizzle.filter(match[3], curLoop, inplace, true ^ not); + + if ( !inplace ) { + result.push.apply( result, ret ); + } + + return false; + } + + } else if ( Expr.match.POS.test( match[0] ) || Expr.match.CHILD.test( match[0] ) ) { + return true; + } + + return match; + }, + + POS: function( match ) { + match.unshift( true ); + + return match; + } + }, + + filters: { + enabled: function( elem ) { + return elem.disabled === false && elem.type !== "hidden"; + }, + + disabled: function( elem ) { + return elem.disabled === true; + }, + + checked: function( elem ) { + return elem.checked === true; + }, + + selected: function( elem ) { + // Accessing this property makes selected-by-default + // options in Safari work properly + if ( elem.parentNode ) { + elem.parentNode.selectedIndex; + } + + return elem.selected === true; + }, + + parent: function( elem ) { + return !!elem.firstChild; + }, + + empty: function( elem ) { + return !elem.firstChild; + }, + + has: function( elem, i, match ) { + return !!Sizzle( match[3], elem ).length; + }, + + header: function( elem ) { + return (/h\d/i).test( elem.nodeName ); + }, + + text: function( elem ) { + var attr = elem.getAttribute( "type" ), type = elem.type; + // IE6 and 7 will map elem.type to 'text' for new HTML5 types (search, etc) + // use getAttribute instead to test this case + return elem.nodeName.toLowerCase() === "input" && "text" === type && ( attr === type || attr === null ); + }, + + radio: function( elem ) { + return elem.nodeName.toLowerCase() === "input" && "radio" === elem.type; + }, + + checkbox: function( elem ) { + return elem.nodeName.toLowerCase() === "input" && "checkbox" === elem.type; + }, + + file: function( elem ) { + return elem.nodeName.toLowerCase() === "input" && "file" === elem.type; + }, + + password: function( elem ) { + return elem.nodeName.toLowerCase() === "input" && "password" === elem.type; + }, + + submit: function( elem ) { + var name = elem.nodeName.toLowerCase(); + return (name === "input" || name === "button") && "submit" === elem.type; + }, + + image: function( elem ) { + return elem.nodeName.toLowerCase() === "input" && "image" === elem.type; + }, + + reset: function( elem ) { + var name = elem.nodeName.toLowerCase(); + return (name === "input" || name === "button") && "reset" === elem.type; + }, + + button: function( elem ) { + var name = elem.nodeName.toLowerCase(); + return name === "input" && "button" === elem.type || name === "button"; + }, + + input: function( elem ) { + return (/input|select|textarea|button/i).test( elem.nodeName ); + }, + + focus: function( elem ) { + return elem === elem.ownerDocument.activeElement; + } + }, + setFilters: { + first: function( elem, i ) { + return i === 0; + }, + + last: function( elem, i, match, array ) { + return i === array.length - 1; + }, + + even: function( elem, i ) { + return i % 2 === 0; + }, + + odd: function( elem, i ) { + return i % 2 === 1; + }, + + lt: function( elem, i, match ) { + return i < match[3] - 0; + }, + + gt: function( elem, i, match ) { + return i > match[3] - 0; + }, + + nth: function( elem, i, match ) { + return match[3] - 0 === i; + }, + + eq: function( elem, i, match ) { + return match[3] - 0 === i; + } + }, + filter: { + PSEUDO: function( elem, match, i, array ) { + var name = match[1], + filter = Expr.filters[ name ]; + + if ( filter ) { + return filter( elem, i, match, array ); + + } else if ( name === "contains" ) { + return (elem.textContent || elem.innerText || getText([ elem ]) || "").indexOf(match[3]) >= 0; + + } else if ( name === "not" ) { + var not = match[3]; + + for ( var j = 0, l = not.length; j < l; j++ ) { + if ( not[j] === elem ) { + return false; + } + } + + return true; + + } else { + Sizzle.error( name ); + } + }, + + CHILD: function( elem, match ) { + var first, last, + doneName, parent, cache, + count, diff, + type = match[1], + node = elem; + + switch ( type ) { + case "only": + case "first": + while ( (node = node.previousSibling) ) { + if ( node.nodeType === 1 ) { + return false; + } + } + + if ( type === "first" ) { + return true; + } + + node = elem; + + /* falls through */ + case "last": + while ( (node = node.nextSibling) ) { + if ( node.nodeType === 1 ) { + return false; + } + } + + return true; + + case "nth": + first = match[2]; + last = match[3]; + + if ( first === 1 && last === 0 ) { + return true; + } + + doneName = match[0]; + parent = elem.parentNode; + + if ( parent && (parent[ expando ] !== doneName || !elem.nodeIndex) ) { + count = 0; + + for ( node = parent.firstChild; node; node = node.nextSibling ) { + if ( node.nodeType === 1 ) { + node.nodeIndex = ++count; + } + } + + parent[ expando ] = doneName; + } + + diff = elem.nodeIndex - last; + + if ( first === 0 ) { + return diff === 0; + + } else { + return ( diff % first === 0 && diff / first >= 0 ); + } + } + }, + + ID: function( elem, match ) { + return elem.nodeType === 1 && elem.getAttribute("id") === match; + }, + + TAG: function( elem, match ) { + return (match === "*" && elem.nodeType === 1) || !!elem.nodeName && elem.nodeName.toLowerCase() === match; + }, + + CLASS: function( elem, match ) { + return (" " + (elem.className || elem.getAttribute("class")) + " ") + .indexOf( match ) > -1; + }, + + ATTR: function( elem, match ) { + var name = match[1], + result = Sizzle.attr ? + Sizzle.attr( elem, name ) : + Expr.attrHandle[ name ] ? + Expr.attrHandle[ name ]( elem ) : + elem[ name ] != null ? + elem[ name ] : + elem.getAttribute( name ), + value = result + "", + type = match[2], + check = match[4]; + + return result == null ? + type === "!=" : + !type && Sizzle.attr ? + result != null : + type === "=" ? + value === check : + type === "*=" ? + value.indexOf(check) >= 0 : + type === "~=" ? + (" " + value + " ").indexOf(check) >= 0 : + !check ? + value && result !== false : + type === "!=" ? + value !== check : + type === "^=" ? + value.indexOf(check) === 0 : + type === "$=" ? + value.substr(value.length - check.length) === check : + type === "|=" ? + value === check || value.substr(0, check.length + 1) === check + "-" : + false; + }, + + POS: function( elem, match, i, array ) { + var name = match[2], + filter = Expr.setFilters[ name ]; + + if ( filter ) { + return filter( elem, i, match, array ); + } + } + } +}; + +var origPOS = Expr.match.POS, + fescape = function(all, num){ + return "\\" + (num - 0 + 1); + }; + +for ( var type in Expr.match ) { + Expr.match[ type ] = new RegExp( Expr.match[ type ].source + (/(?![^\[]*\])(?![^\(]*\))/.source) ); + Expr.leftMatch[ type ] = new RegExp( /(^(?:.|\r|\n)*?)/.source + Expr.match[ type ].source.replace(/\\(\d+)/g, fescape) ); +} +// Expose origPOS +// "global" as in regardless of relation to brackets/parens +Expr.match.globalPOS = origPOS; + +var makeArray = function( array, results ) { + array = Array.prototype.slice.call( array, 0 ); + + if ( results ) { + results.push.apply( results, array ); + return results; + } + + return array; +}; + +// Perform a simple check to determine if the browser is capable of +// converting a NodeList to an array using builtin methods. +// Also verifies that the returned array holds DOM nodes +// (which is not the case in the Blackberry browser) +try { + Array.prototype.slice.call( document.documentElement.childNodes, 0 )[0].nodeType; + +// Provide a fallback method if it does not work +} catch( e ) { + makeArray = function( array, results ) { + var i = 0, + ret = results || []; + + if ( toString.call(array) === "[object Array]" ) { + Array.prototype.push.apply( ret, array ); + + } else { + if ( typeof array.length === "number" ) { + for ( var l = array.length; i < l; i++ ) { + ret.push( array[i] ); + } + + } else { + for ( ; array[i]; i++ ) { + ret.push( array[i] ); + } + } + } + + return ret; + }; +} + +var sortOrder, siblingCheck; + +if ( document.documentElement.compareDocumentPosition ) { + sortOrder = function( a, b ) { + if ( a === b ) { + hasDuplicate = true; + return 0; + } + + if ( !a.compareDocumentPosition || !b.compareDocumentPosition ) { + return a.compareDocumentPosition ? -1 : 1; + } + + return a.compareDocumentPosition(b) & 4 ? -1 : 1; + }; + +} else { + sortOrder = function( a, b ) { + // The nodes are identical, we can exit early + if ( a === b ) { + hasDuplicate = true; + return 0; + + // Fallback to using sourceIndex (in IE) if it's available on both nodes + } else if ( a.sourceIndex && b.sourceIndex ) { + return a.sourceIndex - b.sourceIndex; + } + + var al, bl, + ap = [], + bp = [], + aup = a.parentNode, + bup = b.parentNode, + cur = aup; + + // If the nodes are siblings (or identical) we can do a quick check + if ( aup === bup ) { + return siblingCheck( a, b ); + + // If no parents were found then the nodes are disconnected + } else if ( !aup ) { + return -1; + + } else if ( !bup ) { + return 1; + } + + // Otherwise they're somewhere else in the tree so we need + // to build up a full list of the parentNodes for comparison + while ( cur ) { + ap.unshift( cur ); + cur = cur.parentNode; + } + + cur = bup; + + while ( cur ) { + bp.unshift( cur ); + cur = cur.parentNode; + } + + al = ap.length; + bl = bp.length; + + // Start walking down the tree looking for a discrepancy + for ( var i = 0; i < al && i < bl; i++ ) { + if ( ap[i] !== bp[i] ) { + return siblingCheck( ap[i], bp[i] ); + } + } + + // We ended someplace up the tree so do a sibling check + return i === al ? + siblingCheck( a, bp[i], -1 ) : + siblingCheck( ap[i], b, 1 ); + }; + + siblingCheck = function( a, b, ret ) { + if ( a === b ) { + return ret; + } + + var cur = a.nextSibling; + + while ( cur ) { + if ( cur === b ) { + return -1; + } + + cur = cur.nextSibling; + } + + return 1; + }; +} + +// Check to see if the browser returns elements by name when +// querying by getElementById (and provide a workaround) +(function(){ + // We're going to inject a fake input element with a specified name + var form = document.createElement("div"), + id = "script" + (new Date()).getTime(), + root = document.documentElement; + + form.innerHTML = "<a name='" + id + "'/>"; + + // Inject it into the root element, check its status, and remove it quickly + root.insertBefore( form, root.firstChild ); + + // The workaround has to do additional checks after a getElementById + // Which slows things down for other browsers (hence the branching) + if ( document.getElementById( id ) ) { + Expr.find.ID = function( match, context, isXML ) { + if ( typeof context.getElementById !== "undefined" && !isXML ) { + var m = context.getElementById(match[1]); + + return m ? + m.id === match[1] || typeof m.getAttributeNode !== "undefined" && m.getAttributeNode("id").nodeValue === match[1] ? + [m] : + undefined : + []; + } + }; + + Expr.filter.ID = function( elem, match ) { + var node = typeof elem.getAttributeNode !== "undefined" && elem.getAttributeNode("id"); + + return elem.nodeType === 1 && node && node.nodeValue === match; + }; + } + + root.removeChild( form ); + + // release memory in IE + root = form = null; +})(); + +(function(){ + // Check to see if the browser returns only elements + // when doing getElementsByTagName("*") + + // Create a fake element + var div = document.createElement("div"); + div.appendChild( document.createComment("") ); + + // Make sure no comments are found + if ( div.getElementsByTagName("*").length > 0 ) { + Expr.find.TAG = function( match, context ) { + var results = context.getElementsByTagName( match[1] ); + + // Filter out possible comments + if ( match[1] === "*" ) { + var tmp = []; + + for ( var i = 0; results[i]; i++ ) { + if ( results[i].nodeType === 1 ) { + tmp.push( results[i] ); + } + } + + results = tmp; + } + + return results; + }; + } + + // Check to see if an attribute returns normalized href attributes + div.innerHTML = "<a href='#'></a>"; + + if ( div.firstChild && typeof div.firstChild.getAttribute !== "undefined" && + div.firstChild.getAttribute("href") !== "#" ) { + + Expr.attrHandle.href = function( elem ) { + return elem.getAttribute( "href", 2 ); + }; + } + + // release memory in IE + div = null; +})(); + +if ( document.querySelectorAll ) { + (function(){ + var oldSizzle = Sizzle, + div = document.createElement("div"), + id = "__sizzle__"; + + div.innerHTML = "<p class='TEST'></p>"; + + // Safari can't handle uppercase or unicode characters when + // in quirks mode. + if ( div.querySelectorAll && div.querySelectorAll(".TEST").length === 0 ) { + return; + } + + Sizzle = function( query, context, extra, seed ) { + context = context || document; + + // Only use querySelectorAll on non-XML documents + // (ID selectors don't work in non-HTML documents) + if ( !seed && !Sizzle.isXML(context) ) { + // See if we find a selector to speed up + var match = /^(\w+$)|^\.([\w\-]+$)|^#([\w\-]+$)/.exec( query ); + + if ( match && (context.nodeType === 1 || context.nodeType === 9) ) { + // Speed-up: Sizzle("TAG") + if ( match[1] ) { + return makeArray( context.getElementsByTagName( query ), extra ); + + // Speed-up: Sizzle(".CLASS") + } else if ( match[2] && Expr.find.CLASS && context.getElementsByClassName ) { + return makeArray( context.getElementsByClassName( match[2] ), extra ); + } + } + + if ( context.nodeType === 9 ) { + // Speed-up: Sizzle("body") + // The body element only exists once, optimize finding it + if ( query === "body" && context.body ) { + return makeArray( [ context.body ], extra ); + + // Speed-up: Sizzle("#ID") + } else if ( match && match[3] ) { + var elem = context.getElementById( match[3] ); + + // Check parentNode to catch when Blackberry 4.6 returns + // nodes that are no longer in the document #6963 + if ( elem && elem.parentNode ) { + // Handle the case where IE and Opera return items + // by name instead of ID + if ( elem.id === match[3] ) { + return makeArray( [ elem ], extra ); + } + + } else { + return makeArray( [], extra ); + } + } + + try { + return makeArray( context.querySelectorAll(query), extra ); + } catch(qsaError) {} + + // qSA works strangely on Element-rooted queries + // We can work around this by specifying an extra ID on the root + // and working up from there (Thanks to Andrew Dupont for the technique) + // IE 8 doesn't work on object elements + } else if ( context.nodeType === 1 && context.nodeName.toLowerCase() !== "object" ) { + var oldContext = context, + old = context.getAttribute( "id" ), + nid = old || id, + hasParent = context.parentNode, + relativeHierarchySelector = /^\s*[+~]/.test( query ); + + if ( !old ) { + context.setAttribute( "id", nid ); + } else { + nid = nid.replace( /'/g, "\\$&" ); + } + if ( relativeHierarchySelector && hasParent ) { + context = context.parentNode; + } + + try { + if ( !relativeHierarchySelector || hasParent ) { + return makeArray( context.querySelectorAll( "[id='" + nid + "'] " + query ), extra ); + } + + } catch(pseudoError) { + } finally { + if ( !old ) { + oldContext.removeAttribute( "id" ); + } + } + } + } + + return oldSizzle(query, context, extra, seed); + }; + + for ( var prop in oldSizzle ) { + Sizzle[ prop ] = oldSizzle[ prop ]; + } + + // release memory in IE + div = null; + })(); +} + +(function(){ + var html = document.documentElement, + matches = html.matchesSelector || html.mozMatchesSelector || html.webkitMatchesSelector || html.msMatchesSelector; + + if ( matches ) { + // Check to see if it's possible to do matchesSelector + // on a disconnected node (IE 9 fails this) + var disconnectedMatch = !matches.call( document.createElement( "div" ), "div" ), + pseudoWorks = false; + + try { + // This should fail with an exception + // Gecko does not error, returns false instead + matches.call( document.documentElement, "[test!='']:sizzle" ); + + } catch( pseudoError ) { + pseudoWorks = true; + } + + Sizzle.matchesSelector = function( node, expr ) { + // Make sure that attribute selectors are quoted + expr = expr.replace(/\=\s*([^'"\]]*)\s*\]/g, "='$1']"); + + if ( !Sizzle.isXML( node ) ) { + try { + if ( pseudoWorks || !Expr.match.PSEUDO.test( expr ) && !/!=/.test( expr ) ) { + var ret = matches.call( node, expr ); + + // IE 9's matchesSelector returns false on disconnected nodes + if ( ret || !disconnectedMatch || + // As well, disconnected nodes are said to be in a document + // fragment in IE 9, so check for that + node.document && node.document.nodeType !== 11 ) { + return ret; + } + } + } catch(e) {} + } + + return Sizzle(expr, null, null, [node]).length > 0; + }; + } +})(); + +(function(){ + var div = document.createElement("div"); + + div.innerHTML = "<div class='test e'></div><div class='test'></div>"; + + // Opera can't find a second classname (in 9.6) + // Also, make sure that getElementsByClassName actually exists + if ( !div.getElementsByClassName || div.getElementsByClassName("e").length === 0 ) { + return; + } + + // Safari caches class attributes, doesn't catch changes (in 3.2) + div.lastChild.className = "e"; + + if ( div.getElementsByClassName("e").length === 1 ) { + return; + } + + Expr.order.splice(1, 0, "CLASS"); + Expr.find.CLASS = function( match, context, isXML ) { + if ( typeof context.getElementsByClassName !== "undefined" && !isXML ) { + return context.getElementsByClassName(match[1]); + } + }; + + // release memory in IE + div = null; +})(); + +function dirNodeCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { + for ( var i = 0, l = checkSet.length; i < l; i++ ) { + var elem = checkSet[i]; + + if ( elem ) { + var match = false; + + elem = elem[dir]; + + while ( elem ) { + if ( elem[ expando ] === doneName ) { + match = checkSet[elem.sizset]; + break; + } + + if ( elem.nodeType === 1 && !isXML ){ + elem[ expando ] = doneName; + elem.sizset = i; + } + + if ( elem.nodeName.toLowerCase() === cur ) { + match = elem; + break; + } + + elem = elem[dir]; + } + + checkSet[i] = match; + } + } +} + +function dirCheck( dir, cur, doneName, checkSet, nodeCheck, isXML ) { + for ( var i = 0, l = checkSet.length; i < l; i++ ) { + var elem = checkSet[i]; + + if ( elem ) { + var match = false; + + elem = elem[dir]; + + while ( elem ) { + if ( elem[ expando ] === doneName ) { + match = checkSet[elem.sizset]; + break; + } + + if ( elem.nodeType === 1 ) { + if ( !isXML ) { + elem[ expando ] = doneName; + elem.sizset = i; + } + + if ( typeof cur !== "string" ) { + if ( elem === cur ) { + match = true; + break; + } + + } else if ( Sizzle.filter( cur, [elem] ).length > 0 ) { + match = elem; + break; + } + } + + elem = elem[dir]; + } + + checkSet[i] = match; + } + } +} + +if ( document.documentElement.contains ) { + Sizzle.contains = function( a, b ) { + return a !== b && (a.contains ? a.contains(b) : true); + }; + +} else if ( document.documentElement.compareDocumentPosition ) { + Sizzle.contains = function( a, b ) { + return !!(a.compareDocumentPosition(b) & 16); + }; + +} else { + Sizzle.contains = function() { + return false; + }; +} + +Sizzle.isXML = function( elem ) { + // documentElement is verified for cases where it doesn't yet exist + // (such as loading iframes in IE - #4833) + var documentElement = (elem ? elem.ownerDocument || elem : 0).documentElement; + + return documentElement ? documentElement.nodeName !== "HTML" : false; +}; + +var posProcess = function( selector, context, seed ) { + var match, + tmpSet = [], + later = "", + root = context.nodeType ? [context] : context; + + // Position selectors must be done after the filter + // And so must :not(positional) so we move all PSEUDOs to the end + while ( (match = Expr.match.PSEUDO.exec( selector )) ) { + later += match[0]; + selector = selector.replace( Expr.match.PSEUDO, "" ); + } + + selector = Expr.relative[selector] ? selector + "*" : selector; + + for ( var i = 0, l = root.length; i < l; i++ ) { + Sizzle( selector, root[i], tmpSet, seed ); + } + + return Sizzle.filter( later, tmpSet ); +}; + +// EXPOSE +// Override sizzle attribute retrieval +Sizzle.attr = jQuery.attr; +Sizzle.selectors.attrMap = {}; +jQuery.find = Sizzle; +jQuery.expr = Sizzle.selectors; +jQuery.expr[":"] = jQuery.expr.filters; +jQuery.unique = Sizzle.uniqueSort; +jQuery.text = Sizzle.getText; +jQuery.isXMLDoc = Sizzle.isXML; +jQuery.contains = Sizzle.contains; + + +})(); + + +var runtil = /Until$/, + rparentsprev = /^(?:parents|prevUntil|prevAll)/, + // Note: This RegExp should be improved, or likely pulled from Sizzle + rmultiselector = /,/, + isSimple = /^.[^:#\[\.,]*$/, + slice = Array.prototype.slice, + POS = jQuery.expr.match.globalPOS, + // methods guaranteed to produce a unique set when starting from a unique set + guaranteedUnique = { + children: true, + contents: true, + next: true, + prev: true + }; + +jQuery.fn.extend({ + find: function( selector ) { + var self = this, + i, l; + + if ( typeof selector !== "string" ) { + return jQuery( selector ).filter(function() { + for ( i = 0, l = self.length; i < l; i++ ) { + if ( jQuery.contains( self[ i ], this ) ) { + return true; + } + } + }); + } + + var ret = this.pushStack( "", "find", selector ), + length, n, r; + + for ( i = 0, l = this.length; i < l; i++ ) { + length = ret.length; + jQuery.find( selector, this[i], ret ); + + if ( i > 0 ) { + // Make sure that the results are unique + for ( n = length; n < ret.length; n++ ) { + for ( r = 0; r < length; r++ ) { + if ( ret[r] === ret[n] ) { + ret.splice(n--, 1); + break; + } + } + } + } + } + + return ret; + }, + + has: function( target ) { + var targets = jQuery( target ); + return this.filter(function() { + for ( var i = 0, l = targets.length; i < l; i++ ) { + if ( jQuery.contains( this, targets[i] ) ) { + return true; + } + } + }); + }, + + not: function( selector ) { + return this.pushStack( winnow(this, selector, false), "not", selector); + }, + + filter: function( selector ) { + return this.pushStack( winnow(this, selector, true), "filter", selector ); + }, + + is: function( selector ) { + return !!selector && ( + typeof selector === "string" ? + // If this is a positional selector, check membership in the returned set + // so $("p:first").is("p:last") won't return true for a doc with two "p". + POS.test( selector ) ? + jQuery( selector, this.context ).index( this[0] ) >= 0 : + jQuery.filter( selector, this ).length > 0 : + this.filter( selector ).length > 0 ); + }, + + closest: function( selectors, context ) { + var ret = [], i, l, cur = this[0]; + + // Array (deprecated as of jQuery 1.7) + if ( jQuery.isArray( selectors ) ) { + var level = 1; + + while ( cur && cur.ownerDocument && cur !== context ) { + for ( i = 0; i < selectors.length; i++ ) { + + if ( jQuery( cur ).is( selectors[ i ] ) ) { + ret.push({ selector: selectors[ i ], elem: cur, level: level }); + } + } + + cur = cur.parentNode; + level++; + } + + return ret; + } + + // String + var pos = POS.test( selectors ) || typeof selectors !== "string" ? + jQuery( selectors, context || this.context ) : + 0; + + for ( i = 0, l = this.length; i < l; i++ ) { + cur = this[i]; + + while ( cur ) { + if ( pos ? pos.index(cur) > -1 : jQuery.find.matchesSelector(cur, selectors) ) { + ret.push( cur ); + break; + + } else { + cur = cur.parentNode; + if ( !cur || !cur.ownerDocument || cur === context || cur.nodeType === 11 ) { + break; + } + } + } + } + + ret = ret.length > 1 ? jQuery.unique( ret ) : ret; + + return this.pushStack( ret, "closest", selectors ); + }, + + // Determine the position of an element within + // the matched set of elements + index: function( elem ) { + + // No argument, return index in parent + if ( !elem ) { + return ( this[0] && this[0].parentNode ) ? this.prevAll().length : -1; + } + + // index in selector + if ( typeof elem === "string" ) { + return jQuery.inArray( this[0], jQuery( elem ) ); + } + + // Locate the position of the desired element + return jQuery.inArray( + // If it receives a jQuery object, the first element is used + elem.jquery ? elem[0] : elem, this ); + }, + + add: function( selector, context ) { + var set = typeof selector === "string" ? + jQuery( selector, context ) : + jQuery.makeArray( selector && selector.nodeType ? [ selector ] : selector ), + all = jQuery.merge( this.get(), set ); + + return this.pushStack( isDisconnected( set[0] ) || isDisconnected( all[0] ) ? + all : + jQuery.unique( all ) ); + }, + + andSelf: function() { + return this.add( this.prevObject ); + } +}); + +// A painfully simple check to see if an element is disconnected +// from a document (should be improved, where feasible). +function isDisconnected( node ) { + return !node || !node.parentNode || node.parentNode.nodeType === 11; +} + +jQuery.each({ + parent: function( elem ) { + var parent = elem.parentNode; + return parent && parent.nodeType !== 11 ? parent : null; + }, + parents: function( elem ) { + return jQuery.dir( elem, "parentNode" ); + }, + parentsUntil: function( elem, i, until ) { + return jQuery.dir( elem, "parentNode", until ); + }, + next: function( elem ) { + return jQuery.nth( elem, 2, "nextSibling" ); + }, + prev: function( elem ) { + return jQuery.nth( elem, 2, "previousSibling" ); + }, + nextAll: function( elem ) { + return jQuery.dir( elem, "nextSibling" ); + }, + prevAll: function( elem ) { + return jQuery.dir( elem, "previousSibling" ); + }, + nextUntil: function( elem, i, until ) { + return jQuery.dir( elem, "nextSibling", until ); + }, + prevUntil: function( elem, i, until ) { + return jQuery.dir( elem, "previousSibling", until ); + }, + siblings: function( elem ) { + return jQuery.sibling( ( elem.parentNode || {} ).firstChild, elem ); + }, + children: function( elem ) { + return jQuery.sibling( elem.firstChild ); + }, + contents: function( elem ) { + return jQuery.nodeName( elem, "iframe" ) ? + elem.contentDocument || elem.contentWindow.document : + jQuery.makeArray( elem.childNodes ); + } +}, function( name, fn ) { + jQuery.fn[ name ] = function( until, selector ) { + var ret = jQuery.map( this, fn, until ); + + if ( !runtil.test( name ) ) { + selector = until; + } + + if ( selector && typeof selector === "string" ) { + ret = jQuery.filter( selector, ret ); + } + + ret = this.length > 1 && !guaranteedUnique[ name ] ? jQuery.unique( ret ) : ret; + + if ( (this.length > 1 || rmultiselector.test( selector )) && rparentsprev.test( name ) ) { + ret = ret.reverse(); + } + + return this.pushStack( ret, name, slice.call( arguments ).join(",") ); + }; +}); + +jQuery.extend({ + filter: function( expr, elems, not ) { + if ( not ) { + expr = ":not(" + expr + ")"; + } + + return elems.length === 1 ? + jQuery.find.matchesSelector(elems[0], expr) ? [ elems[0] ] : [] : + jQuery.find.matches(expr, elems); + }, + + dir: function( elem, dir, until ) { + var matched = [], + cur = elem[ dir ]; + + while ( cur && cur.nodeType !== 9 && (until === undefined || cur.nodeType !== 1 || !jQuery( cur ).is( until )) ) { + if ( cur.nodeType === 1 ) { + matched.push( cur ); + } + cur = cur[dir]; + } + return matched; + }, + + nth: function( cur, result, dir, elem ) { + result = result || 1; + var num = 0; + + for ( ; cur; cur = cur[dir] ) { + if ( cur.nodeType === 1 && ++num === result ) { + break; + } + } + + return cur; + }, + + sibling: function( n, elem ) { + var r = []; + + for ( ; n; n = n.nextSibling ) { + if ( n.nodeType === 1 && n !== elem ) { + r.push( n ); + } + } + + return r; + } +}); + +// Implement the identical functionality for filter and not +function winnow( elements, qualifier, keep ) { + + // Can't pass null or undefined to indexOf in Firefox 4 + // Set to 0 to skip string check + qualifier = qualifier || 0; + + if ( jQuery.isFunction( qualifier ) ) { + return jQuery.grep(elements, function( elem, i ) { + var retVal = !!qualifier.call( elem, i, elem ); + return retVal === keep; + }); + + } else if ( qualifier.nodeType ) { + return jQuery.grep(elements, function( elem, i ) { + return ( elem === qualifier ) === keep; + }); + + } else if ( typeof qualifier === "string" ) { + var filtered = jQuery.grep(elements, function( elem ) { + return elem.nodeType === 1; + }); + + if ( isSimple.test( qualifier ) ) { + return jQuery.filter(qualifier, filtered, !keep); + } else { + qualifier = jQuery.filter( qualifier, filtered ); + } + } + + return jQuery.grep(elements, function( elem, i ) { + return ( jQuery.inArray( elem, qualifier ) >= 0 ) === keep; + }); +} + + + + +function createSafeFragment( document ) { + var list = nodeNames.split( "|" ), + safeFrag = document.createDocumentFragment(); + + if ( safeFrag.createElement ) { + while ( list.length ) { + safeFrag.createElement( + list.pop() + ); + } + } + return safeFrag; +} + +var nodeNames = "abbr|article|aside|audio|bdi|canvas|data|datalist|details|figcaption|figure|footer|" + + "header|hgroup|mark|meter|nav|output|progress|section|summary|time|video", + rinlinejQuery = / jQuery\d+="(?:\d+|null)"/g, + rleadingWhitespace = /^\s+/, + rxhtmlTag = /<(?!area|br|col|embed|hr|img|input|link|meta|param)(([\w:]+)[^>]*)\/>/ig, + rtagName = /<([\w:]+)/, + rtbody = /<tbody/i, + rhtml = /<|&#?\w+;/, + rnoInnerhtml = /<(?:script|style)/i, + rnocache = /<(?:script|object|embed|option|style)/i, + rnoshimcache = new RegExp("<(?:" + nodeNames + ")[\\s/>]", "i"), + // checked="checked" or checked + rchecked = /checked\s*(?:[^=]|=\s*.checked.)/i, + rscriptType = /\/(java|ecma)script/i, + rcleanScript = /^\s*<!(?:\[CDATA\[|\-\-)/, + wrapMap = { + option: [ 1, "<select multiple='multiple'>", "</select>" ], + legend: [ 1, "<fieldset>", "</fieldset>" ], + thead: [ 1, "<table>", "</table>" ], + tr: [ 2, "<table><tbody>", "</tbody></table>" ], + td: [ 3, "<table><tbody><tr>", "</tr></tbody></table>" ], + col: [ 2, "<table><tbody></tbody><colgroup>", "</colgroup></table>" ], + area: [ 1, "<map>", "</map>" ], + _default: [ 0, "", "" ] + }, + safeFragment = createSafeFragment( document ); + +wrapMap.optgroup = wrapMap.option; +wrapMap.tbody = wrapMap.tfoot = wrapMap.colgroup = wrapMap.caption = wrapMap.thead; +wrapMap.th = wrapMap.td; + +// IE can't serialize <link> and <script> tags normally +if ( !jQuery.support.htmlSerialize ) { + wrapMap._default = [ 1, "div<div>", "</div>" ]; +} + +jQuery.fn.extend({ + text: function( value ) { + return jQuery.access( this, function( value ) { + return value === undefined ? + jQuery.text( this ) : + this.empty().append( ( this[0] && this[0].ownerDocument || document ).createTextNode( value ) ); + }, null, value, arguments.length ); + }, + + wrapAll: function( html ) { + if ( jQuery.isFunction( html ) ) { + return this.each(function(i) { + jQuery(this).wrapAll( html.call(this, i) ); + }); + } + + if ( this[0] ) { + // The elements to wrap the target around + var wrap = jQuery( html, this[0].ownerDocument ).eq(0).clone(true); + + if ( this[0].parentNode ) { + wrap.insertBefore( this[0] ); + } + + wrap.map(function() { + var elem = this; + + while ( elem.firstChild && elem.firstChild.nodeType === 1 ) { + elem = elem.firstChild; + } + + return elem; + }).append( this ); + } + + return this; + }, + + wrapInner: function( html ) { + if ( jQuery.isFunction( html ) ) { + return this.each(function(i) { + jQuery(this).wrapInner( html.call(this, i) ); + }); + } + + return this.each(function() { + var self = jQuery( this ), + contents = self.contents(); + + if ( contents.length ) { + contents.wrapAll( html ); + + } else { + self.append( html ); + } + }); + }, + + wrap: function( html ) { + var isFunction = jQuery.isFunction( html ); + + return this.each(function(i) { + jQuery( this ).wrapAll( isFunction ? html.call(this, i) : html ); + }); + }, + + unwrap: function() { + return this.parent().each(function() { + if ( !jQuery.nodeName( this, "body" ) ) { + jQuery( this ).replaceWith( this.childNodes ); + } + }).end(); + }, + + append: function() { + return this.domManip(arguments, true, function( elem ) { + if ( this.nodeType === 1 ) { + this.appendChild( elem ); + } + }); + }, + + prepend: function() { + return this.domManip(arguments, true, function( elem ) { + if ( this.nodeType === 1 ) { + this.insertBefore( elem, this.firstChild ); + } + }); + }, + + before: function() { + if ( this[0] && this[0].parentNode ) { + return this.domManip(arguments, false, function( elem ) { + this.parentNode.insertBefore( elem, this ); + }); + } else if ( arguments.length ) { + var set = jQuery.clean( arguments ); + set.push.apply( set, this.toArray() ); + return this.pushStack( set, "before", arguments ); + } + }, + + after: function() { + if ( this[0] && this[0].parentNode ) { + return this.domManip(arguments, false, function( elem ) { + this.parentNode.insertBefore( elem, this.nextSibling ); + }); + } else if ( arguments.length ) { + var set = this.pushStack( this, "after", arguments ); + set.push.apply( set, jQuery.clean(arguments) ); + return set; + } + }, + + // keepData is for internal use only--do not document + remove: function( selector, keepData ) { + for ( var i = 0, elem; (elem = this[i]) != null; i++ ) { + if ( !selector || jQuery.filter( selector, [ elem ] ).length ) { + if ( !keepData && elem.nodeType === 1 ) { + jQuery.cleanData( elem.getElementsByTagName("*") ); + jQuery.cleanData( [ elem ] ); + } + + if ( elem.parentNode ) { + elem.parentNode.removeChild( elem ); + } + } + } + + return this; + }, + + empty: function() { + for ( var i = 0, elem; (elem = this[i]) != null; i++ ) { + // Remove element nodes and prevent memory leaks + if ( elem.nodeType === 1 ) { + jQuery.cleanData( elem.getElementsByTagName("*") ); + } + + // Remove any remaining nodes + while ( elem.firstChild ) { + elem.removeChild( elem.firstChild ); + } + } + + return this; + }, + + clone: function( dataAndEvents, deepDataAndEvents ) { + dataAndEvents = dataAndEvents == null ? false : dataAndEvents; + deepDataAndEvents = deepDataAndEvents == null ? dataAndEvents : deepDataAndEvents; + + return this.map( function () { + return jQuery.clone( this, dataAndEvents, deepDataAndEvents ); + }); + }, + + html: function( value ) { + return jQuery.access( this, function( value ) { + var elem = this[0] || {}, + i = 0, + l = this.length; + + if ( value === undefined ) { + return elem.nodeType === 1 ? + elem.innerHTML.replace( rinlinejQuery, "" ) : + null; + } + + + if ( typeof value === "string" && !rnoInnerhtml.test( value ) && + ( jQuery.support.leadingWhitespace || !rleadingWhitespace.test( value ) ) && + !wrapMap[ ( rtagName.exec( value ) || ["", ""] )[1].toLowerCase() ] ) { + + value = value.replace( rxhtmlTag, "<$1></$2>" ); + + try { + for (; i < l; i++ ) { + // Remove element nodes and prevent memory leaks + elem = this[i] || {}; + if ( elem.nodeType === 1 ) { + jQuery.cleanData( elem.getElementsByTagName( "*" ) ); + elem.innerHTML = value; + } + } + + elem = 0; + + // If using innerHTML throws an exception, use the fallback method + } catch(e) {} + } + + if ( elem ) { + this.empty().append( value ); + } + }, null, value, arguments.length ); + }, + + replaceWith: function( value ) { + if ( this[0] && this[0].parentNode ) { + // Make sure that the elements are removed from the DOM before they are inserted + // this can help fix replacing a parent with child elements + if ( jQuery.isFunction( value ) ) { + return this.each(function(i) { + var self = jQuery(this), old = self.html(); + self.replaceWith( value.call( this, i, old ) ); + }); + } + + if ( typeof value !== "string" ) { + value = jQuery( value ).detach(); + } + + return this.each(function() { + var next = this.nextSibling, + parent = this.parentNode; + + jQuery( this ).remove(); + + if ( next ) { + jQuery(next).before( value ); + } else { + jQuery(parent).append( value ); + } + }); + } else { + return this.length ? + this.pushStack( jQuery(jQuery.isFunction(value) ? value() : value), "replaceWith", value ) : + this; + } + }, + + detach: function( selector ) { + return this.remove( selector, true ); + }, + + domManip: function( args, table, callback ) { + var results, first, fragment, parent, + value = args[0], + scripts = []; + + // We can't cloneNode fragments that contain checked, in WebKit + if ( !jQuery.support.checkClone && arguments.length === 3 && typeof value === "string" && rchecked.test( value ) ) { + return this.each(function() { + jQuery(this).domManip( args, table, callback, true ); + }); + } + + if ( jQuery.isFunction(value) ) { + return this.each(function(i) { + var self = jQuery(this); + args[0] = value.call(this, i, table ? self.html() : undefined); + self.domManip( args, table, callback ); + }); + } + + if ( this[0] ) { + parent = value && value.parentNode; + + // If we're in a fragment, just use that instead of building a new one + if ( jQuery.support.parentNode && parent && parent.nodeType === 11 && parent.childNodes.length === this.length ) { + results = { fragment: parent }; + + } else { + results = jQuery.buildFragment( args, this, scripts ); + } + + fragment = results.fragment; + + if ( fragment.childNodes.length === 1 ) { + first = fragment = fragment.firstChild; + } else { + first = fragment.firstChild; + } + + if ( first ) { + table = table && jQuery.nodeName( first, "tr" ); + + for ( var i = 0, l = this.length, lastIndex = l - 1; i < l; i++ ) { + callback.call( + table ? + root(this[i], first) : + this[i], + // Make sure that we do not leak memory by inadvertently discarding + // the original fragment (which might have attached data) instead of + // using it; in addition, use the original fragment object for the last + // item instead of first because it can end up being emptied incorrectly + // in certain situations (Bug #8070). + // Fragments from the fragment cache must always be cloned and never used + // in place. + results.cacheable || ( l > 1 && i < lastIndex ) ? + jQuery.clone( fragment, true, true ) : + fragment + ); + } + } + + if ( scripts.length ) { + jQuery.each( scripts, function( i, elem ) { + if ( elem.src ) { + jQuery.ajax({ + type: "GET", + global: false, + url: elem.src, + async: false, + dataType: "script" + }); + } else { + jQuery.globalEval( ( elem.text || elem.textContent || elem.innerHTML || "" ).replace( rcleanScript, "/*$0*/" ) ); + } + + if ( elem.parentNode ) { + elem.parentNode.removeChild( elem ); + } + }); + } + } + + return this; + } +}); + +function root( elem, cur ) { + return jQuery.nodeName(elem, "table") ? + (elem.getElementsByTagName("tbody")[0] || + elem.appendChild(elem.ownerDocument.createElement("tbody"))) : + elem; +} + +function cloneCopyEvent( src, dest ) { + + if ( dest.nodeType !== 1 || !jQuery.hasData( src ) ) { + return; + } + + var type, i, l, + oldData = jQuery._data( src ), + curData = jQuery._data( dest, oldData ), + events = oldData.events; + + if ( events ) { + delete curData.handle; + curData.events = {}; + + for ( type in events ) { + for ( i = 0, l = events[ type ].length; i < l; i++ ) { + jQuery.event.add( dest, type, events[ type ][ i ] ); + } + } + } + + // make the cloned public data object a copy from the original + if ( curData.data ) { + curData.data = jQuery.extend( {}, curData.data ); + } +} + +function cloneFixAttributes( src, dest ) { + var nodeName; + + // We do not need to do anything for non-Elements + if ( dest.nodeType !== 1 ) { + return; + } + + // clearAttributes removes the attributes, which we don't want, + // but also removes the attachEvent events, which we *do* want + if ( dest.clearAttributes ) { + dest.clearAttributes(); + } + + // mergeAttributes, in contrast, only merges back on the + // original attributes, not the events + if ( dest.mergeAttributes ) { + dest.mergeAttributes( src ); + } + + nodeName = dest.nodeName.toLowerCase(); + + // IE6-8 fail to clone children inside object elements that use + // the proprietary classid attribute value (rather than the type + // attribute) to identify the type of content to display + if ( nodeName === "object" ) { + dest.outerHTML = src.outerHTML; + + } else if ( nodeName === "input" && (src.type === "checkbox" || src.type === "radio") ) { + // IE6-8 fails to persist the checked state of a cloned checkbox + // or radio button. Worse, IE6-7 fail to give the cloned element + // a checked appearance if the defaultChecked value isn't also set + if ( src.checked ) { + dest.defaultChecked = dest.checked = src.checked; + } + + // IE6-7 get confused and end up setting the value of a cloned + // checkbox/radio button to an empty string instead of "on" + if ( dest.value !== src.value ) { + dest.value = src.value; + } + + // IE6-8 fails to return the selected option to the default selected + // state when cloning options + } else if ( nodeName === "option" ) { + dest.selected = src.defaultSelected; + + // IE6-8 fails to set the defaultValue to the correct value when + // cloning other types of input fields + } else if ( nodeName === "input" || nodeName === "textarea" ) { + dest.defaultValue = src.defaultValue; + + // IE blanks contents when cloning scripts + } else if ( nodeName === "script" && dest.text !== src.text ) { + dest.text = src.text; + } + + // Event data gets referenced instead of copied if the expando + // gets copied too + dest.removeAttribute( jQuery.expando ); + + // Clear flags for bubbling special change/submit events, they must + // be reattached when the newly cloned events are first activated + dest.removeAttribute( "_submit_attached" ); + dest.removeAttribute( "_change_attached" ); +} + +jQuery.buildFragment = function( args, nodes, scripts ) { + var fragment, cacheable, cacheresults, doc, + first = args[ 0 ]; + + // nodes may contain either an explicit document object, + // a jQuery collection or context object. + // If nodes[0] contains a valid object to assign to doc + if ( nodes && nodes[0] ) { + doc = nodes[0].ownerDocument || nodes[0]; + } + + // Ensure that an attr object doesn't incorrectly stand in as a document object + // Chrome and Firefox seem to allow this to occur and will throw exception + // Fixes #8950 + if ( !doc.createDocumentFragment ) { + doc = document; + } + + // Only cache "small" (1/2 KB) HTML strings that are associated with the main document + // Cloning options loses the selected state, so don't cache them + // IE 6 doesn't like it when you put <object> or <embed> elements in a fragment + // Also, WebKit does not clone 'checked' attributes on cloneNode, so don't cache + // Lastly, IE6,7,8 will not correctly reuse cached fragments that were created from unknown elems #10501 + if ( args.length === 1 && typeof first === "string" && first.length < 512 && doc === document && + first.charAt(0) === "<" && !rnocache.test( first ) && + (jQuery.support.checkClone || !rchecked.test( first )) && + (jQuery.support.html5Clone || !rnoshimcache.test( first )) ) { + + cacheable = true; + + cacheresults = jQuery.fragments[ first ]; + if ( cacheresults && cacheresults !== 1 ) { + fragment = cacheresults; + } + } + + if ( !fragment ) { + fragment = doc.createDocumentFragment(); + jQuery.clean( args, doc, fragment, scripts ); + } + + if ( cacheable ) { + jQuery.fragments[ first ] = cacheresults ? fragment : 1; + } + + return { fragment: fragment, cacheable: cacheable }; +}; + +jQuery.fragments = {}; + +jQuery.each({ + appendTo: "append", + prependTo: "prepend", + insertBefore: "before", + insertAfter: "after", + replaceAll: "replaceWith" +}, function( name, original ) { + jQuery.fn[ name ] = function( selector ) { + var ret = [], + insert = jQuery( selector ), + parent = this.length === 1 && this[0].parentNode; + + if ( parent && parent.nodeType === 11 && parent.childNodes.length === 1 && insert.length === 1 ) { + insert[ original ]( this[0] ); + return this; + + } else { + for ( var i = 0, l = insert.length; i < l; i++ ) { + var elems = ( i > 0 ? this.clone(true) : this ).get(); + jQuery( insert[i] )[ original ]( elems ); + ret = ret.concat( elems ); + } + + return this.pushStack( ret, name, insert.selector ); + } + }; +}); + +function getAll( elem ) { + if ( typeof elem.getElementsByTagName !== "undefined" ) { + return elem.getElementsByTagName( "*" ); + + } else if ( typeof elem.querySelectorAll !== "undefined" ) { + return elem.querySelectorAll( "*" ); + + } else { + return []; + } +} + +// Used in clean, fixes the defaultChecked property +function fixDefaultChecked( elem ) { + if ( elem.type === "checkbox" || elem.type === "radio" ) { + elem.defaultChecked = elem.checked; + } +} +// Finds all inputs and passes them to fixDefaultChecked +function findInputs( elem ) { + var nodeName = ( elem.nodeName || "" ).toLowerCase(); + if ( nodeName === "input" ) { + fixDefaultChecked( elem ); + // Skip scripts, get other children + } else if ( nodeName !== "script" && typeof elem.getElementsByTagName !== "undefined" ) { + jQuery.grep( elem.getElementsByTagName("input"), fixDefaultChecked ); + } +} + +// Derived From: http://www.iecss.com/shimprove/javascript/shimprove.1-0-1.js +function shimCloneNode( elem ) { + var div = document.createElement( "div" ); + safeFragment.appendChild( div ); + + div.innerHTML = elem.outerHTML; + return div.firstChild; +} + +jQuery.extend({ + clone: function( elem, dataAndEvents, deepDataAndEvents ) { + var srcElements, + destElements, + i, + // IE<=8 does not properly clone detached, unknown element nodes + clone = jQuery.support.html5Clone || jQuery.isXMLDoc(elem) || !rnoshimcache.test( "<" + elem.nodeName + ">" ) ? + elem.cloneNode( true ) : + shimCloneNode( elem ); + + if ( (!jQuery.support.noCloneEvent || !jQuery.support.noCloneChecked) && + (elem.nodeType === 1 || elem.nodeType === 11) && !jQuery.isXMLDoc(elem) ) { + // IE copies events bound via attachEvent when using cloneNode. + // Calling detachEvent on the clone will also remove the events + // from the original. In order to get around this, we use some + // proprietary methods to clear the events. Thanks to MooTools + // guys for this hotness. + + cloneFixAttributes( elem, clone ); + + // Using Sizzle here is crazy slow, so we use getElementsByTagName instead + srcElements = getAll( elem ); + destElements = getAll( clone ); + + // Weird iteration because IE will replace the length property + // with an element if you are cloning the body and one of the + // elements on the page has a name or id of "length" + for ( i = 0; srcElements[i]; ++i ) { + // Ensure that the destination node is not null; Fixes #9587 + if ( destElements[i] ) { + cloneFixAttributes( srcElements[i], destElements[i] ); + } + } + } + + // Copy the events from the original to the clone + if ( dataAndEvents ) { + cloneCopyEvent( elem, clone ); + + if ( deepDataAndEvents ) { + srcElements = getAll( elem ); + destElements = getAll( clone ); + + for ( i = 0; srcElements[i]; ++i ) { + cloneCopyEvent( srcElements[i], destElements[i] ); + } + } + } + + srcElements = destElements = null; + + // Return the cloned set + return clone; + }, + + clean: function( elems, context, fragment, scripts ) { + var checkScriptType, script, j, + ret = []; + + context = context || document; + + // !context.createElement fails in IE with an error but returns typeof 'object' + if ( typeof context.createElement === "undefined" ) { + context = context.ownerDocument || context[0] && context[0].ownerDocument || document; + } + + for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) { + if ( typeof elem === "number" ) { + elem += ""; + } + + if ( !elem ) { + continue; + } + + // Convert html string into DOM nodes + if ( typeof elem === "string" ) { + if ( !rhtml.test( elem ) ) { + elem = context.createTextNode( elem ); + } else { + // Fix "XHTML"-style tags in all browsers + elem = elem.replace(rxhtmlTag, "<$1></$2>"); + + // Trim whitespace, otherwise indexOf won't work as expected + var tag = ( rtagName.exec( elem ) || ["", ""] )[1].toLowerCase(), + wrap = wrapMap[ tag ] || wrapMap._default, + depth = wrap[0], + div = context.createElement("div"), + safeChildNodes = safeFragment.childNodes, + remove; + + // Append wrapper element to unknown element safe doc fragment + if ( context === document ) { + // Use the fragment we've already created for this document + safeFragment.appendChild( div ); + } else { + // Use a fragment created with the owner document + createSafeFragment( context ).appendChild( div ); + } + + // Go to html and back, then peel off extra wrappers + div.innerHTML = wrap[1] + elem + wrap[2]; + + // Move to the right depth + while ( depth-- ) { + div = div.lastChild; + } + + // Remove IE's autoinserted <tbody> from table fragments + if ( !jQuery.support.tbody ) { + + // String was a <table>, *may* have spurious <tbody> + var hasBody = rtbody.test(elem), + tbody = tag === "table" && !hasBody ? + div.firstChild && div.firstChild.childNodes : + + // String was a bare <thead> or <tfoot> + wrap[1] === "<table>" && !hasBody ? + div.childNodes : + []; + + for ( j = tbody.length - 1; j >= 0 ; --j ) { + if ( jQuery.nodeName( tbody[ j ], "tbody" ) && !tbody[ j ].childNodes.length ) { + tbody[ j ].parentNode.removeChild( tbody[ j ] ); + } + } + } + + // IE completely kills leading whitespace when innerHTML is used + if ( !jQuery.support.leadingWhitespace && rleadingWhitespace.test( elem ) ) { + div.insertBefore( context.createTextNode( rleadingWhitespace.exec(elem)[0] ), div.firstChild ); + } + + elem = div.childNodes; + + // Clear elements from DocumentFragment (safeFragment or otherwise) + // to avoid hoarding elements. Fixes #11356 + if ( div ) { + div.parentNode.removeChild( div ); + + // Guard against -1 index exceptions in FF3.6 + if ( safeChildNodes.length > 0 ) { + remove = safeChildNodes[ safeChildNodes.length - 1 ]; + + if ( remove && remove.parentNode ) { + remove.parentNode.removeChild( remove ); + } + } + } + } + } + + // Resets defaultChecked for any radios and checkboxes + // about to be appended to the DOM in IE 6/7 (#8060) + var len; + if ( !jQuery.support.appendChecked ) { + if ( elem[0] && typeof (len = elem.length) === "number" ) { + for ( j = 0; j < len; j++ ) { + findInputs( elem[j] ); + } + } else { + findInputs( elem ); + } + } + + if ( elem.nodeType ) { + ret.push( elem ); + } else { + ret = jQuery.merge( ret, elem ); + } + } + + if ( fragment ) { + checkScriptType = function( elem ) { + return !elem.type || rscriptType.test( elem.type ); + }; + for ( i = 0; ret[i]; i++ ) { + script = ret[i]; + if ( scripts && jQuery.nodeName( script, "script" ) && (!script.type || rscriptType.test( script.type )) ) { + scripts.push( script.parentNode ? script.parentNode.removeChild( script ) : script ); + + } else { + if ( script.nodeType === 1 ) { + var jsTags = jQuery.grep( script.getElementsByTagName( "script" ), checkScriptType ); + + ret.splice.apply( ret, [i + 1, 0].concat( jsTags ) ); + } + fragment.appendChild( script ); + } + } + } + + return ret; + }, + + cleanData: function( elems ) { + var data, id, + cache = jQuery.cache, + special = jQuery.event.special, + deleteExpando = jQuery.support.deleteExpando; + + for ( var i = 0, elem; (elem = elems[i]) != null; i++ ) { + if ( elem.nodeName && jQuery.noData[elem.nodeName.toLowerCase()] ) { + continue; + } + + id = elem[ jQuery.expando ]; + + if ( id ) { + data = cache[ id ]; + + if ( data && data.events ) { + for ( var type in data.events ) { + if ( special[ type ] ) { + jQuery.event.remove( elem, type ); + + // This is a shortcut to avoid jQuery.event.remove's overhead + } else { + jQuery.removeEvent( elem, type, data.handle ); + } + } + + // Null the DOM reference to avoid IE6/7/8 leak (#7054) + if ( data.handle ) { + data.handle.elem = null; + } + } + + if ( deleteExpando ) { + delete elem[ jQuery.expando ]; + + } else if ( elem.removeAttribute ) { + elem.removeAttribute( jQuery.expando ); + } + + delete cache[ id ]; + } + } + } +}); + + + + +var ralpha = /alpha\([^)]*\)/i, + ropacity = /opacity=([^)]*)/, + // fixed for IE9, see #8346 + rupper = /([A-Z]|^ms)/g, + rnum = /^[\-+]?(?:\d*\.)?\d+$/i, + rnumnonpx = /^-?(?:\d*\.)?\d+(?!px)[^\d\s]+$/i, + rrelNum = /^([\-+])=([\-+.\de]+)/, + rmargin = /^margin/, + + cssShow = { position: "absolute", visibility: "hidden", display: "block" }, + + // order is important! + cssExpand = [ "Top", "Right", "Bottom", "Left" ], + + curCSS, + + getComputedStyle, + currentStyle; + +jQuery.fn.css = function( name, value ) { + return jQuery.access( this, function( elem, name, value ) { + return value !== undefined ? + jQuery.style( elem, name, value ) : + jQuery.css( elem, name ); + }, name, value, arguments.length > 1 ); +}; + +jQuery.extend({ + // Add in style property hooks for overriding the default + // behavior of getting and setting a style property + cssHooks: { + opacity: { + get: function( elem, computed ) { + if ( computed ) { + // We should always get a number back from opacity + var ret = curCSS( elem, "opacity" ); + return ret === "" ? "1" : ret; + + } else { + return elem.style.opacity; + } + } + } + }, + + // Exclude the following css properties to add px + cssNumber: { + "fillOpacity": true, + "fontWeight": true, + "lineHeight": true, + "opacity": true, + "orphans": true, + "widows": true, + "zIndex": true, + "zoom": true + }, + + // Add in properties whose names you wish to fix before + // setting or getting the value + cssProps: { + // normalize float css property + "float": jQuery.support.cssFloat ? "cssFloat" : "styleFloat" + }, + + // Get and set the style property on a DOM Node + style: function( elem, name, value, extra ) { + // Don't set styles on text and comment nodes + if ( !elem || elem.nodeType === 3 || elem.nodeType === 8 || !elem.style ) { + return; + } + + // Make sure that we're working with the right name + var ret, type, origName = jQuery.camelCase( name ), + style = elem.style, hooks = jQuery.cssHooks[ origName ]; + + name = jQuery.cssProps[ origName ] || origName; + + // Check if we're setting a value + if ( value !== undefined ) { + type = typeof value; + + // convert relative number strings (+= or -=) to relative numbers. #7345 + if ( type === "string" && (ret = rrelNum.exec( value )) ) { + value = ( +( ret[1] + 1) * +ret[2] ) + parseFloat( jQuery.css( elem, name ) ); + // Fixes bug #9237 + type = "number"; + } + + // Make sure that NaN and null values aren't set. See: #7116 + if ( value == null || type === "number" && isNaN( value ) ) { + return; + } + + // If a number was passed in, add 'px' to the (except for certain CSS properties) + if ( type === "number" && !jQuery.cssNumber[ origName ] ) { + value += "px"; + } + + // If a hook was provided, use that value, otherwise just set the specified value + if ( !hooks || !("set" in hooks) || (value = hooks.set( elem, value )) !== undefined ) { + // Wrapped to prevent IE from throwing errors when 'invalid' values are provided + // Fixes bug #5509 + try { + style[ name ] = value; + } catch(e) {} + } + + } else { + // If a hook was provided get the non-computed value from there + if ( hooks && "get" in hooks && (ret = hooks.get( elem, false, extra )) !== undefined ) { + return ret; + } + + // Otherwise just get the value from the style object + return style[ name ]; + } + }, + + css: function( elem, name, extra ) { + var ret, hooks; + + // Make sure that we're working with the right name + name = jQuery.camelCase( name ); + hooks = jQuery.cssHooks[ name ]; + name = jQuery.cssProps[ name ] || name; + + // cssFloat needs a special treatment + if ( name === "cssFloat" ) { + name = "float"; + } + + // If a hook was provided get the computed value from there + if ( hooks && "get" in hooks && (ret = hooks.get( elem, true, extra )) !== undefined ) { + return ret; + + // Otherwise, if a way to get the computed value exists, use that + } else if ( curCSS ) { + return curCSS( elem, name ); + } + }, + + // A method for quickly swapping in/out CSS properties to get correct calculations + swap: function( elem, options, callback ) { + var old = {}, + ret, name; + + // Remember the old values, and insert the new ones + for ( name in options ) { + old[ name ] = elem.style[ name ]; + elem.style[ name ] = options[ name ]; + } + + ret = callback.call( elem ); + + // Revert the old values + for ( name in options ) { + elem.style[ name ] = old[ name ]; + } + + return ret; + } +}); + +// DEPRECATED in 1.3, Use jQuery.css() instead +jQuery.curCSS = jQuery.css; + +if ( document.defaultView && document.defaultView.getComputedStyle ) { + getComputedStyle = function( elem, name ) { + var ret, defaultView, computedStyle, width, + style = elem.style; + + name = name.replace( rupper, "-$1" ).toLowerCase(); + + if ( (defaultView = elem.ownerDocument.defaultView) && + (computedStyle = defaultView.getComputedStyle( elem, null )) ) { + + ret = computedStyle.getPropertyValue( name ); + if ( ret === "" && !jQuery.contains( elem.ownerDocument.documentElement, elem ) ) { + ret = jQuery.style( elem, name ); + } + } + + // A tribute to the "awesome hack by Dean Edwards" + // WebKit uses "computed value (percentage if specified)" instead of "used value" for margins + // which is against the CSSOM draft spec: http://dev.w3.org/csswg/cssom/#resolved-values + if ( !jQuery.support.pixelMargin && computedStyle && rmargin.test( name ) && rnumnonpx.test( ret ) ) { + width = style.width; + style.width = ret; + ret = computedStyle.width; + style.width = width; + } + + return ret; + }; +} + +if ( document.documentElement.currentStyle ) { + currentStyle = function( elem, name ) { + var left, rsLeft, uncomputed, + ret = elem.currentStyle && elem.currentStyle[ name ], + style = elem.style; + + // Avoid setting ret to empty string here + // so we don't default to auto + if ( ret == null && style && (uncomputed = style[ name ]) ) { + ret = uncomputed; + } + + // From the awesome hack by Dean Edwards + // http://erik.eae.net/archives/2007/07/27/18.54.15/#comment-102291 + + // If we're not dealing with a regular pixel number + // but a number that has a weird ending, we need to convert it to pixels + if ( rnumnonpx.test( ret ) ) { + + // Remember the original values + left = style.left; + rsLeft = elem.runtimeStyle && elem.runtimeStyle.left; + + // Put in the new values to get a computed value out + if ( rsLeft ) { + elem.runtimeStyle.left = elem.currentStyle.left; + } + style.left = name === "fontSize" ? "1em" : ret; + ret = style.pixelLeft + "px"; + + // Revert the changed values + style.left = left; + if ( rsLeft ) { + elem.runtimeStyle.left = rsLeft; + } + } + + return ret === "" ? "auto" : ret; + }; +} + +curCSS = getComputedStyle || currentStyle; + +function getWidthOrHeight( elem, name, extra ) { + + // Start with offset property + var val = name === "width" ? elem.offsetWidth : elem.offsetHeight, + i = name === "width" ? 1 : 0, + len = 4; + + if ( val > 0 ) { + if ( extra !== "border" ) { + for ( ; i < len; i += 2 ) { + if ( !extra ) { + val -= parseFloat( jQuery.css( elem, "padding" + cssExpand[ i ] ) ) || 0; + } + if ( extra === "margin" ) { + val += parseFloat( jQuery.css( elem, extra + cssExpand[ i ] ) ) || 0; + } else { + val -= parseFloat( jQuery.css( elem, "border" + cssExpand[ i ] + "Width" ) ) || 0; + } + } + } + + return val + "px"; + } + + // Fall back to computed then uncomputed css if necessary + val = curCSS( elem, name ); + if ( val < 0 || val == null ) { + val = elem.style[ name ]; + } + + // Computed unit is not pixels. Stop here and return. + if ( rnumnonpx.test(val) ) { + return val; + } + + // Normalize "", auto, and prepare for extra + val = parseFloat( val ) || 0; + + // Add padding, border, margin + if ( extra ) { + for ( ; i < len; i += 2 ) { + val += parseFloat( jQuery.css( elem, "padding" + cssExpand[ i ] ) ) || 0; + if ( extra !== "padding" ) { + val += parseFloat( jQuery.css( elem, "border" + cssExpand[ i ] + "Width" ) ) || 0; + } + if ( extra === "margin" ) { + val += parseFloat( jQuery.css( elem, extra + cssExpand[ i ]) ) || 0; + } + } + } + + return val + "px"; +} + +jQuery.each([ "height", "width" ], function( i, name ) { + jQuery.cssHooks[ name ] = { + get: function( elem, computed, extra ) { + if ( computed ) { + if ( elem.offsetWidth !== 0 ) { + return getWidthOrHeight( elem, name, extra ); + } else { + return jQuery.swap( elem, cssShow, function() { + return getWidthOrHeight( elem, name, extra ); + }); + } + } + }, + + set: function( elem, value ) { + return rnum.test( value ) ? + value + "px" : + value; + } + }; +}); + +if ( !jQuery.support.opacity ) { + jQuery.cssHooks.opacity = { + get: function( elem, computed ) { + // IE uses filters for opacity + return ropacity.test( (computed && elem.currentStyle ? elem.currentStyle.filter : elem.style.filter) || "" ) ? + ( parseFloat( RegExp.$1 ) / 100 ) + "" : + computed ? "1" : ""; + }, + + set: function( elem, value ) { + var style = elem.style, + currentStyle = elem.currentStyle, + opacity = jQuery.isNumeric( value ) ? "alpha(opacity=" + value * 100 + ")" : "", + filter = currentStyle && currentStyle.filter || style.filter || ""; + + // IE has trouble with opacity if it does not have layout + // Force it by setting the zoom level + style.zoom = 1; + + // if setting opacity to 1, and no other filters exist - attempt to remove filter attribute #6652 + if ( value >= 1 && jQuery.trim( filter.replace( ralpha, "" ) ) === "" ) { + + // Setting style.filter to null, "" & " " still leave "filter:" in the cssText + // if "filter:" is present at all, clearType is disabled, we want to avoid this + // style.removeAttribute is IE Only, but so apparently is this code path... + style.removeAttribute( "filter" ); + + // if there there is no filter style applied in a css rule, we are done + if ( currentStyle && !currentStyle.filter ) { + return; + } + } + + // otherwise, set new filter values + style.filter = ralpha.test( filter ) ? + filter.replace( ralpha, opacity ) : + filter + " " + opacity; + } + }; +} + +jQuery(function() { + // This hook cannot be added until DOM ready because the support test + // for it is not run until after DOM ready + if ( !jQuery.support.reliableMarginRight ) { + jQuery.cssHooks.marginRight = { + get: function( elem, computed ) { + // WebKit Bug 13343 - getComputedStyle returns wrong value for margin-right + // Work around by temporarily setting element display to inline-block + return jQuery.swap( elem, { "display": "inline-block" }, function() { + if ( computed ) { + return curCSS( elem, "margin-right" ); + } else { + return elem.style.marginRight; + } + }); + } + }; + } +}); + +if ( jQuery.expr && jQuery.expr.filters ) { + jQuery.expr.filters.hidden = function( elem ) { + var width = elem.offsetWidth, + height = elem.offsetHeight; + + return ( width === 0 && height === 0 ) || (!jQuery.support.reliableHiddenOffsets && ((elem.style && elem.style.display) || jQuery.css( elem, "display" )) === "none"); + }; + + jQuery.expr.filters.visible = function( elem ) { + return !jQuery.expr.filters.hidden( elem ); + }; +} + +// These hooks are used by animate to expand properties +jQuery.each({ + margin: "", + padding: "", + border: "Width" +}, function( prefix, suffix ) { + + jQuery.cssHooks[ prefix + suffix ] = { + expand: function( value ) { + var i, + + // assumes a single number if not a string + parts = typeof value === "string" ? value.split(" ") : [ value ], + expanded = {}; + + for ( i = 0; i < 4; i++ ) { + expanded[ prefix + cssExpand[ i ] + suffix ] = + parts[ i ] || parts[ i - 2 ] || parts[ 0 ]; + } + + return expanded; + } + }; +}); + + + + +var r20 = /%20/g, + rbracket = /\[\]$/, + rCRLF = /\r?\n/g, + rhash = /#.*$/, + rheaders = /^(.*?):[ \t]*([^\r\n]*)\r?$/mg, // IE leaves an \r character at EOL + rinput = /^(?:color|date|datetime|datetime-local|email|hidden|month|number|password|range|search|tel|text|time|url|week)$/i, + // #7653, #8125, #8152: local protocol detection + rlocalProtocol = /^(?:about|app|app\-storage|.+\-extension|file|res|widget):$/, + rnoContent = /^(?:GET|HEAD)$/, + rprotocol = /^\/\//, + rquery = /\?/, + rscript = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, + rselectTextarea = /^(?:select|textarea)/i, + rspacesAjax = /\s+/, + rts = /([?&])_=[^&]*/, + rurl = /^([\w\+\.\-]+:)(?:\/\/([^\/?#:]*)(?::(\d+))?)?/, + + // Keep a copy of the old load method + _load = jQuery.fn.load, + + /* Prefilters + * 1) They are useful to introduce custom dataTypes (see ajax/jsonp.js for an example) + * 2) These are called: + * - BEFORE asking for a transport + * - AFTER param serialization (s.data is a string if s.processData is true) + * 3) key is the dataType + * 4) the catchall symbol "*" can be used + * 5) execution will start with transport dataType and THEN continue down to "*" if needed + */ + prefilters = {}, + + /* Transports bindings + * 1) key is the dataType + * 2) the catchall symbol "*" can be used + * 3) selection will start with transport dataType and THEN go to "*" if needed + */ + transports = {}, + + // Document location + ajaxLocation, + + // Document location segments + ajaxLocParts, + + // Avoid comment-prolog char sequence (#10098); must appease lint and evade compression + allTypes = ["*/"] + ["*"]; + +// #8138, IE may throw an exception when accessing +// a field from window.location if document.domain has been set +try { + ajaxLocation = location.href; +} catch( e ) { + // Use the href attribute of an A element + // since IE will modify it given document.location + ajaxLocation = document.createElement( "a" ); + ajaxLocation.href = ""; + ajaxLocation = ajaxLocation.href; +} + +// Segment location into parts +ajaxLocParts = rurl.exec( ajaxLocation.toLowerCase() ) || []; + +// Base "constructor" for jQuery.ajaxPrefilter and jQuery.ajaxTransport +function addToPrefiltersOrTransports( structure ) { + + // dataTypeExpression is optional and defaults to "*" + return function( dataTypeExpression, func ) { + + if ( typeof dataTypeExpression !== "string" ) { + func = dataTypeExpression; + dataTypeExpression = "*"; + } + + if ( jQuery.isFunction( func ) ) { + var dataTypes = dataTypeExpression.toLowerCase().split( rspacesAjax ), + i = 0, + length = dataTypes.length, + dataType, + list, + placeBefore; + + // For each dataType in the dataTypeExpression + for ( ; i < length; i++ ) { + dataType = dataTypes[ i ]; + // We control if we're asked to add before + // any existing element + placeBefore = /^\+/.test( dataType ); + if ( placeBefore ) { + dataType = dataType.substr( 1 ) || "*"; + } + list = structure[ dataType ] = structure[ dataType ] || []; + // then we add to the structure accordingly + list[ placeBefore ? "unshift" : "push" ]( func ); + } + } + }; +} + +// Base inspection function for prefilters and transports +function inspectPrefiltersOrTransports( structure, options, originalOptions, jqXHR, + dataType /* internal */, inspected /* internal */ ) { + + dataType = dataType || options.dataTypes[ 0 ]; + inspected = inspected || {}; + + inspected[ dataType ] = true; + + var list = structure[ dataType ], + i = 0, + length = list ? list.length : 0, + executeOnly = ( structure === prefilters ), + selection; + + for ( ; i < length && ( executeOnly || !selection ); i++ ) { + selection = list[ i ]( options, originalOptions, jqXHR ); + // If we got redirected to another dataType + // we try there if executing only and not done already + if ( typeof selection === "string" ) { + if ( !executeOnly || inspected[ selection ] ) { + selection = undefined; + } else { + options.dataTypes.unshift( selection ); + selection = inspectPrefiltersOrTransports( + structure, options, originalOptions, jqXHR, selection, inspected ); + } + } + } + // If we're only executing or nothing was selected + // we try the catchall dataType if not done already + if ( ( executeOnly || !selection ) && !inspected[ "*" ] ) { + selection = inspectPrefiltersOrTransports( + structure, options, originalOptions, jqXHR, "*", inspected ); + } + // unnecessary when only executing (prefilters) + // but it'll be ignored by the caller in that case + return selection; +} + +// A special extend for ajax options +// that takes "flat" options (not to be deep extended) +// Fixes #9887 +function ajaxExtend( target, src ) { + var key, deep, + flatOptions = jQuery.ajaxSettings.flatOptions || {}; + for ( key in src ) { + if ( src[ key ] !== undefined ) { + ( flatOptions[ key ] ? target : ( deep || ( deep = {} ) ) )[ key ] = src[ key ]; + } + } + if ( deep ) { + jQuery.extend( true, target, deep ); + } +} + +jQuery.fn.extend({ + load: function( url, params, callback ) { + if ( typeof url !== "string" && _load ) { + return _load.apply( this, arguments ); + + // Don't do a request if no elements are being requested + } else if ( !this.length ) { + return this; + } + + var off = url.indexOf( " " ); + if ( off >= 0 ) { + var selector = url.slice( off, url.length ); + url = url.slice( 0, off ); + } + + // Default to a GET request + var type = "GET"; + + // If the second parameter was provided + if ( params ) { + // If it's a function + if ( jQuery.isFunction( params ) ) { + // We assume that it's the callback + callback = params; + params = undefined; + + // Otherwise, build a param string + } else if ( typeof params === "object" ) { + params = jQuery.param( params, jQuery.ajaxSettings.traditional ); + type = "POST"; + } + } + + var self = this; + + // Request the remote document + jQuery.ajax({ + url: url, + type: type, + dataType: "html", + data: params, + // Complete callback (responseText is used internally) + complete: function( jqXHR, status, responseText ) { + // Store the response as specified by the jqXHR object + responseText = jqXHR.responseText; + // If successful, inject the HTML into all the matched elements + if ( jqXHR.isResolved() ) { + // #4825: Get the actual response in case + // a dataFilter is present in ajaxSettings + jqXHR.done(function( r ) { + responseText = r; + }); + // See if a selector was specified + self.html( selector ? + // Create a dummy div to hold the results + jQuery("<div>") + // inject the contents of the document in, removing the scripts + // to avoid any 'Permission Denied' errors in IE + .append(responseText.replace(rscript, "")) + + // Locate the specified elements + .find(selector) : + + // If not, just inject the full result + responseText ); + } + + if ( callback ) { + self.each( callback, [ responseText, status, jqXHR ] ); + } + } + }); + + return this; + }, + + serialize: function() { + return jQuery.param( this.serializeArray() ); + }, + + serializeArray: function() { + return this.map(function(){ + return this.elements ? jQuery.makeArray( this.elements ) : this; + }) + .filter(function(){ + return this.name && !this.disabled && + ( this.checked || rselectTextarea.test( this.nodeName ) || + rinput.test( this.type ) ); + }) + .map(function( i, elem ){ + var val = jQuery( this ).val(); + + return val == null ? + null : + jQuery.isArray( val ) ? + jQuery.map( val, function( val, i ){ + return { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + }) : + { name: elem.name, value: val.replace( rCRLF, "\r\n" ) }; + }).get(); + } +}); + +// Attach a bunch of functions for handling common AJAX events +jQuery.each( "ajaxStart ajaxStop ajaxComplete ajaxError ajaxSuccess ajaxSend".split( " " ), function( i, o ){ + jQuery.fn[ o ] = function( f ){ + return this.on( o, f ); + }; +}); + +jQuery.each( [ "get", "post" ], function( i, method ) { + jQuery[ method ] = function( url, data, callback, type ) { + // shift arguments if data argument was omitted + if ( jQuery.isFunction( data ) ) { + type = type || callback; + callback = data; + data = undefined; + } + + return jQuery.ajax({ + type: method, + url: url, + data: data, + success: callback, + dataType: type + }); + }; +}); + +jQuery.extend({ + + getScript: function( url, callback ) { + return jQuery.get( url, undefined, callback, "script" ); + }, + + getJSON: function( url, data, callback ) { + return jQuery.get( url, data, callback, "json" ); + }, + + // Creates a full fledged settings object into target + // with both ajaxSettings and settings fields. + // If target is omitted, writes into ajaxSettings. + ajaxSetup: function( target, settings ) { + if ( settings ) { + // Building a settings object + ajaxExtend( target, jQuery.ajaxSettings ); + } else { + // Extending ajaxSettings + settings = target; + target = jQuery.ajaxSettings; + } + ajaxExtend( target, settings ); + return target; + }, + + ajaxSettings: { + url: ajaxLocation, + isLocal: rlocalProtocol.test( ajaxLocParts[ 1 ] ), + global: true, + type: "GET", + contentType: "application/x-www-form-urlencoded; charset=UTF-8", + processData: true, + async: true, + /* + timeout: 0, + data: null, + dataType: null, + username: null, + password: null, + cache: null, + traditional: false, + headers: {}, + */ + + accepts: { + xml: "application/xml, text/xml", + html: "text/html", + text: "text/plain", + json: "application/json, text/javascript", + "*": allTypes + }, + + contents: { + xml: /xml/, + html: /html/, + json: /json/ + }, + + responseFields: { + xml: "responseXML", + text: "responseText" + }, + + // List of data converters + // 1) key format is "source_type destination_type" (a single space in-between) + // 2) the catchall symbol "*" can be used for source_type + converters: { + + // Convert anything to text + "* text": window.String, + + // Text to html (true = no transformation) + "text html": true, + + // Evaluate text as a json expression + "text json": jQuery.parseJSON, + + // Parse text as xml + "text xml": jQuery.parseXML + }, + + // For options that shouldn't be deep extended: + // you can add your own custom options here if + // and when you create one that shouldn't be + // deep extended (see ajaxExtend) + flatOptions: { + context: true, + url: true + } + }, + + ajaxPrefilter: addToPrefiltersOrTransports( prefilters ), + ajaxTransport: addToPrefiltersOrTransports( transports ), + + // Main method + ajax: function( url, options ) { + + // If url is an object, simulate pre-1.5 signature + if ( typeof url === "object" ) { + options = url; + url = undefined; + } + + // Force options to be an object + options = options || {}; + + var // Create the final options object + s = jQuery.ajaxSetup( {}, options ), + // Callbacks context + callbackContext = s.context || s, + // Context for global events + // It's the callbackContext if one was provided in the options + // and if it's a DOM node or a jQuery collection + globalEventContext = callbackContext !== s && + ( callbackContext.nodeType || callbackContext instanceof jQuery ) ? + jQuery( callbackContext ) : jQuery.event, + // Deferreds + deferred = jQuery.Deferred(), + completeDeferred = jQuery.Callbacks( "once memory" ), + // Status-dependent callbacks + statusCode = s.statusCode || {}, + // ifModified key + ifModifiedKey, + // Headers (they are sent all at once) + requestHeaders = {}, + requestHeadersNames = {}, + // Response headers + responseHeadersString, + responseHeaders, + // transport + transport, + // timeout handle + timeoutTimer, + // Cross-domain detection vars + parts, + // The jqXHR state + state = 0, + // To know if global events are to be dispatched + fireGlobals, + // Loop variable + i, + // Fake xhr + jqXHR = { + + readyState: 0, + + // Caches the header + setRequestHeader: function( name, value ) { + if ( !state ) { + var lname = name.toLowerCase(); + name = requestHeadersNames[ lname ] = requestHeadersNames[ lname ] || name; + requestHeaders[ name ] = value; + } + return this; + }, + + // Raw string + getAllResponseHeaders: function() { + return state === 2 ? responseHeadersString : null; + }, + + // Builds headers hashtable if needed + getResponseHeader: function( key ) { + var match; + if ( state === 2 ) { + if ( !responseHeaders ) { + responseHeaders = {}; + while( ( match = rheaders.exec( responseHeadersString ) ) ) { + responseHeaders[ match[1].toLowerCase() ] = match[ 2 ]; + } + } + match = responseHeaders[ key.toLowerCase() ]; + } + return match === undefined ? null : match; + }, + + // Overrides response content-type header + overrideMimeType: function( type ) { + if ( !state ) { + s.mimeType = type; + } + return this; + }, + + // Cancel the request + abort: function( statusText ) { + statusText = statusText || "abort"; + if ( transport ) { + transport.abort( statusText ); + } + done( 0, statusText ); + return this; + } + }; + + // Callback for when everything is done + // It is defined here because jslint complains if it is declared + // at the end of the function (which would be more logical and readable) + function done( status, nativeStatusText, responses, headers ) { + + // Called once + if ( state === 2 ) { + return; + } + + // State is "done" now + state = 2; + + // Clear timeout if it exists + if ( timeoutTimer ) { + clearTimeout( timeoutTimer ); + } + + // Dereference transport for early garbage collection + // (no matter how long the jqXHR object will be used) + transport = undefined; + + // Cache response headers + responseHeadersString = headers || ""; + + // Set readyState + jqXHR.readyState = status > 0 ? 4 : 0; + + var isSuccess, + success, + error, + statusText = nativeStatusText, + response = responses ? ajaxHandleResponses( s, jqXHR, responses ) : undefined, + lastModified, + etag; + + // If successful, handle type chaining + if ( status >= 200 && status < 300 || status === 304 ) { + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + + if ( ( lastModified = jqXHR.getResponseHeader( "Last-Modified" ) ) ) { + jQuery.lastModified[ ifModifiedKey ] = lastModified; + } + if ( ( etag = jqXHR.getResponseHeader( "Etag" ) ) ) { + jQuery.etag[ ifModifiedKey ] = etag; + } + } + + // If not modified + if ( status === 304 ) { + + statusText = "notmodified"; + isSuccess = true; + + // If we have data + } else { + + try { + success = ajaxConvert( s, response ); + statusText = "success"; + isSuccess = true; + } catch(e) { + // We have a parsererror + statusText = "parsererror"; + error = e; + } + } + } else { + // We extract error from statusText + // then normalize statusText and status for non-aborts + error = statusText; + if ( !statusText || status ) { + statusText = "error"; + if ( status < 0 ) { + status = 0; + } + } + } + + // Set data for the fake xhr object + jqXHR.status = status; + jqXHR.statusText = "" + ( nativeStatusText || statusText ); + + // Success/Error + if ( isSuccess ) { + deferred.resolveWith( callbackContext, [ success, statusText, jqXHR ] ); + } else { + deferred.rejectWith( callbackContext, [ jqXHR, statusText, error ] ); + } + + // Status-dependent callbacks + jqXHR.statusCode( statusCode ); + statusCode = undefined; + + if ( fireGlobals ) { + globalEventContext.trigger( "ajax" + ( isSuccess ? "Success" : "Error" ), + [ jqXHR, s, isSuccess ? success : error ] ); + } + + // Complete + completeDeferred.fireWith( callbackContext, [ jqXHR, statusText ] ); + + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxComplete", [ jqXHR, s ] ); + // Handle the global AJAX counter + if ( !( --jQuery.active ) ) { + jQuery.event.trigger( "ajaxStop" ); + } + } + } + + // Attach deferreds + deferred.promise( jqXHR ); + jqXHR.success = jqXHR.done; + jqXHR.error = jqXHR.fail; + jqXHR.complete = completeDeferred.add; + + // Status-dependent callbacks + jqXHR.statusCode = function( map ) { + if ( map ) { + var tmp; + if ( state < 2 ) { + for ( tmp in map ) { + statusCode[ tmp ] = [ statusCode[tmp], map[tmp] ]; + } + } else { + tmp = map[ jqXHR.status ]; + jqXHR.then( tmp, tmp ); + } + } + return this; + }; + + // Remove hash character (#7531: and string promotion) + // Add protocol if not provided (#5866: IE7 issue with protocol-less urls) + // We also use the url parameter if available + s.url = ( ( url || s.url ) + "" ).replace( rhash, "" ).replace( rprotocol, ajaxLocParts[ 1 ] + "//" ); + + // Extract dataTypes list + s.dataTypes = jQuery.trim( s.dataType || "*" ).toLowerCase().split( rspacesAjax ); + + // Determine if a cross-domain request is in order + if ( s.crossDomain == null ) { + parts = rurl.exec( s.url.toLowerCase() ); + s.crossDomain = !!( parts && + ( parts[ 1 ] != ajaxLocParts[ 1 ] || parts[ 2 ] != ajaxLocParts[ 2 ] || + ( parts[ 3 ] || ( parts[ 1 ] === "http:" ? 80 : 443 ) ) != + ( ajaxLocParts[ 3 ] || ( ajaxLocParts[ 1 ] === "http:" ? 80 : 443 ) ) ) + ); + } + + // Convert data if not already a string + if ( s.data && s.processData && typeof s.data !== "string" ) { + s.data = jQuery.param( s.data, s.traditional ); + } + + // Apply prefilters + inspectPrefiltersOrTransports( prefilters, s, options, jqXHR ); + + // If request was aborted inside a prefilter, stop there + if ( state === 2 ) { + return false; + } + + // We can fire global events as of now if asked to + fireGlobals = s.global; + + // Uppercase the type + s.type = s.type.toUpperCase(); + + // Determine if request has content + s.hasContent = !rnoContent.test( s.type ); + + // Watch for a new set of requests + if ( fireGlobals && jQuery.active++ === 0 ) { + jQuery.event.trigger( "ajaxStart" ); + } + + // More options handling for requests with no content + if ( !s.hasContent ) { + + // If data is available, append data to url + if ( s.data ) { + s.url += ( rquery.test( s.url ) ? "&" : "?" ) + s.data; + // #9682: remove data so that it's not used in an eventual retry + delete s.data; + } + + // Get ifModifiedKey before adding the anti-cache parameter + ifModifiedKey = s.url; + + // Add anti-cache in url if needed + if ( s.cache === false ) { + + var ts = jQuery.now(), + // try replacing _= if it is there + ret = s.url.replace( rts, "$1_=" + ts ); + + // if nothing was replaced, add timestamp to the end + s.url = ret + ( ( ret === s.url ) ? ( rquery.test( s.url ) ? "&" : "?" ) + "_=" + ts : "" ); + } + } + + // Set the correct header, if data is being sent + if ( s.data && s.hasContent && s.contentType !== false || options.contentType ) { + jqXHR.setRequestHeader( "Content-Type", s.contentType ); + } + + // Set the If-Modified-Since and/or If-None-Match header, if in ifModified mode. + if ( s.ifModified ) { + ifModifiedKey = ifModifiedKey || s.url; + if ( jQuery.lastModified[ ifModifiedKey ] ) { + jqXHR.setRequestHeader( "If-Modified-Since", jQuery.lastModified[ ifModifiedKey ] ); + } + if ( jQuery.etag[ ifModifiedKey ] ) { + jqXHR.setRequestHeader( "If-None-Match", jQuery.etag[ ifModifiedKey ] ); + } + } + + // Set the Accepts header for the server, depending on the dataType + jqXHR.setRequestHeader( + "Accept", + s.dataTypes[ 0 ] && s.accepts[ s.dataTypes[0] ] ? + s.accepts[ s.dataTypes[0] ] + ( s.dataTypes[ 0 ] !== "*" ? ", " + allTypes + "; q=0.01" : "" ) : + s.accepts[ "*" ] + ); + + // Check for headers option + for ( i in s.headers ) { + jqXHR.setRequestHeader( i, s.headers[ i ] ); + } + + // Allow custom headers/mimetypes and early abort + if ( s.beforeSend && ( s.beforeSend.call( callbackContext, jqXHR, s ) === false || state === 2 ) ) { + // Abort if not done already + jqXHR.abort(); + return false; + + } + + // Install callbacks on deferreds + for ( i in { success: 1, error: 1, complete: 1 } ) { + jqXHR[ i ]( s[ i ] ); + } + + // Get transport + transport = inspectPrefiltersOrTransports( transports, s, options, jqXHR ); + + // If no transport, we auto-abort + if ( !transport ) { + done( -1, "No Transport" ); + } else { + jqXHR.readyState = 1; + // Send global event + if ( fireGlobals ) { + globalEventContext.trigger( "ajaxSend", [ jqXHR, s ] ); + } + // Timeout + if ( s.async && s.timeout > 0 ) { + timeoutTimer = setTimeout( function(){ + jqXHR.abort( "timeout" ); + }, s.timeout ); + } + + try { + state = 1; + transport.send( requestHeaders, done ); + } catch (e) { + // Propagate exception as error if not done + if ( state < 2 ) { + done( -1, e ); + // Simply rethrow otherwise + } else { + throw e; + } + } + } + + return jqXHR; + }, + + // Serialize an array of form elements or a set of + // key/values into a query string + param: function( a, traditional ) { + var s = [], + add = function( key, value ) { + // If value is a function, invoke it and return its value + value = jQuery.isFunction( value ) ? value() : value; + s[ s.length ] = encodeURIComponent( key ) + "=" + encodeURIComponent( value ); + }; + + // Set traditional to true for jQuery <= 1.3.2 behavior. + if ( traditional === undefined ) { + traditional = jQuery.ajaxSettings.traditional; + } + + // If an array was passed in, assume that it is an array of form elements. + if ( jQuery.isArray( a ) || ( a.jquery && !jQuery.isPlainObject( a ) ) ) { + // Serialize the form elements + jQuery.each( a, function() { + add( this.name, this.value ); + }); + + } else { + // If traditional, encode the "old" way (the way 1.3.2 or older + // did it), otherwise encode params recursively. + for ( var prefix in a ) { + buildParams( prefix, a[ prefix ], traditional, add ); + } + } + + // Return the resulting serialization + return s.join( "&" ).replace( r20, "+" ); + } +}); + +function buildParams( prefix, obj, traditional, add ) { + if ( jQuery.isArray( obj ) ) { + // Serialize array item. + jQuery.each( obj, function( i, v ) { + if ( traditional || rbracket.test( prefix ) ) { + // Treat each array item as a scalar. + add( prefix, v ); + + } else { + // If array item is non-scalar (array or object), encode its + // numeric index to resolve deserialization ambiguity issues. + // Note that rack (as of 1.0.0) can't currently deserialize + // nested arrays properly, and attempting to do so may cause + // a server error. Possible fixes are to modify rack's + // deserialization algorithm or to provide an option or flag + // to force array serialization to be shallow. + buildParams( prefix + "[" + ( typeof v === "object" ? i : "" ) + "]", v, traditional, add ); + } + }); + + } else if ( !traditional && jQuery.type( obj ) === "object" ) { + // Serialize object item. + for ( var name in obj ) { + buildParams( prefix + "[" + name + "]", obj[ name ], traditional, add ); + } + + } else { + // Serialize scalar item. + add( prefix, obj ); + } +} + +// This is still on the jQuery object... for now +// Want to move this to jQuery.ajax some day +jQuery.extend({ + + // Counter for holding the number of active queries + active: 0, + + // Last-Modified header cache for next request + lastModified: {}, + etag: {} + +}); + +/* Handles responses to an ajax request: + * - sets all responseXXX fields accordingly + * - finds the right dataType (mediates between content-type and expected dataType) + * - returns the corresponding response + */ +function ajaxHandleResponses( s, jqXHR, responses ) { + + var contents = s.contents, + dataTypes = s.dataTypes, + responseFields = s.responseFields, + ct, + type, + finalDataType, + firstDataType; + + // Fill responseXXX fields + for ( type in responseFields ) { + if ( type in responses ) { + jqXHR[ responseFields[type] ] = responses[ type ]; + } + } + + // Remove auto dataType and get content-type in the process + while( dataTypes[ 0 ] === "*" ) { + dataTypes.shift(); + if ( ct === undefined ) { + ct = s.mimeType || jqXHR.getResponseHeader( "content-type" ); + } + } + + // Check if we're dealing with a known content-type + if ( ct ) { + for ( type in contents ) { + if ( contents[ type ] && contents[ type ].test( ct ) ) { + dataTypes.unshift( type ); + break; + } + } + } + + // Check to see if we have a response for the expected dataType + if ( dataTypes[ 0 ] in responses ) { + finalDataType = dataTypes[ 0 ]; + } else { + // Try convertible dataTypes + for ( type in responses ) { + if ( !dataTypes[ 0 ] || s.converters[ type + " " + dataTypes[0] ] ) { + finalDataType = type; + break; + } + if ( !firstDataType ) { + firstDataType = type; + } + } + // Or just use first one + finalDataType = finalDataType || firstDataType; + } + + // If we found a dataType + // We add the dataType to the list if needed + // and return the corresponding response + if ( finalDataType ) { + if ( finalDataType !== dataTypes[ 0 ] ) { + dataTypes.unshift( finalDataType ); + } + return responses[ finalDataType ]; + } +} + +// Chain conversions given the request and the original response +function ajaxConvert( s, response ) { + + // Apply the dataFilter if provided + if ( s.dataFilter ) { + response = s.dataFilter( response, s.dataType ); + } + + var dataTypes = s.dataTypes, + converters = {}, + i, + key, + length = dataTypes.length, + tmp, + // Current and previous dataTypes + current = dataTypes[ 0 ], + prev, + // Conversion expression + conversion, + // Conversion function + conv, + // Conversion functions (transitive conversion) + conv1, + conv2; + + // For each dataType in the chain + for ( i = 1; i < length; i++ ) { + + // Create converters map + // with lowercased keys + if ( i === 1 ) { + for ( key in s.converters ) { + if ( typeof key === "string" ) { + converters[ key.toLowerCase() ] = s.converters[ key ]; + } + } + } + + // Get the dataTypes + prev = current; + current = dataTypes[ i ]; + + // If current is auto dataType, update it to prev + if ( current === "*" ) { + current = prev; + // If no auto and dataTypes are actually different + } else if ( prev !== "*" && prev !== current ) { + + // Get the converter + conversion = prev + " " + current; + conv = converters[ conversion ] || converters[ "* " + current ]; + + // If there is no direct converter, search transitively + if ( !conv ) { + conv2 = undefined; + for ( conv1 in converters ) { + tmp = conv1.split( " " ); + if ( tmp[ 0 ] === prev || tmp[ 0 ] === "*" ) { + conv2 = converters[ tmp[1] + " " + current ]; + if ( conv2 ) { + conv1 = converters[ conv1 ]; + if ( conv1 === true ) { + conv = conv2; + } else if ( conv2 === true ) { + conv = conv1; + } + break; + } + } + } + } + // If we found no converter, dispatch an error + if ( !( conv || conv2 ) ) { + jQuery.error( "No conversion from " + conversion.replace(" "," to ") ); + } + // If found converter is not an equivalence + if ( conv !== true ) { + // Convert with 1 or 2 converters accordingly + response = conv ? conv( response ) : conv2( conv1(response) ); + } + } + } + return response; +} + + + + +var jsc = jQuery.now(), + jsre = /(\=)\?(&|$)|\?\?/i; + +// Default jsonp settings +jQuery.ajaxSetup({ + jsonp: "callback", + jsonpCallback: function() { + return jQuery.expando + "_" + ( jsc++ ); + } +}); + +// Detect, normalize options and install callbacks for jsonp requests +jQuery.ajaxPrefilter( "json jsonp", function( s, originalSettings, jqXHR ) { + + var inspectData = ( typeof s.data === "string" ) && /^application\/x\-www\-form\-urlencoded/.test( s.contentType ); + + if ( s.dataTypes[ 0 ] === "jsonp" || + s.jsonp !== false && ( jsre.test( s.url ) || + inspectData && jsre.test( s.data ) ) ) { + + var responseContainer, + jsonpCallback = s.jsonpCallback = + jQuery.isFunction( s.jsonpCallback ) ? s.jsonpCallback() : s.jsonpCallback, + previous = window[ jsonpCallback ], + url = s.url, + data = s.data, + replace = "$1" + jsonpCallback + "$2"; + + if ( s.jsonp !== false ) { + url = url.replace( jsre, replace ); + if ( s.url === url ) { + if ( inspectData ) { + data = data.replace( jsre, replace ); + } + if ( s.data === data ) { + // Add callback manually + url += (/\?/.test( url ) ? "&" : "?") + s.jsonp + "=" + jsonpCallback; + } + } + } + + s.url = url; + s.data = data; + + // Install callback + window[ jsonpCallback ] = function( response ) { + responseContainer = [ response ]; + }; + + // Clean-up function + jqXHR.always(function() { + // Set callback back to previous value + window[ jsonpCallback ] = previous; + // Call if it was a function and we have a response + if ( responseContainer && jQuery.isFunction( previous ) ) { + window[ jsonpCallback ]( responseContainer[ 0 ] ); + } + }); + + // Use data converter to retrieve json after script execution + s.converters["script json"] = function() { + if ( !responseContainer ) { + jQuery.error( jsonpCallback + " was not called" ); + } + return responseContainer[ 0 ]; + }; + + // force json dataType + s.dataTypes[ 0 ] = "json"; + + // Delegate to script + return "script"; + } +}); + + + + +// Install script dataType +jQuery.ajaxSetup({ + accepts: { + script: "text/javascript, application/javascript, application/ecmascript, application/x-ecmascript" + }, + contents: { + script: /javascript|ecmascript/ + }, + converters: { + "text script": function( text ) { + jQuery.globalEval( text ); + return text; + } + } +}); + +// Handle cache's special case and global +jQuery.ajaxPrefilter( "script", function( s ) { + if ( s.cache === undefined ) { + s.cache = false; + } + if ( s.crossDomain ) { + s.type = "GET"; + s.global = false; + } +}); + +// Bind script tag hack transport +jQuery.ajaxTransport( "script", function(s) { + + // This transport only deals with cross domain requests + if ( s.crossDomain ) { + + var script, + head = document.head || document.getElementsByTagName( "head" )[0] || document.documentElement; + + return { + + send: function( _, callback ) { + + script = document.createElement( "script" ); + + script.async = "async"; + + if ( s.scriptCharset ) { + script.charset = s.scriptCharset; + } + + script.src = s.url; + + // Attach handlers for all browsers + script.onload = script.onreadystatechange = function( _, isAbort ) { + + if ( isAbort || !script.readyState || /loaded|complete/.test( script.readyState ) ) { + + // Handle memory leak in IE + script.onload = script.onreadystatechange = null; + + // Remove the script + if ( head && script.parentNode ) { + head.removeChild( script ); + } + + // Dereference the script + script = undefined; + + // Callback if not abort + if ( !isAbort ) { + callback( 200, "success" ); + } + } + }; + // Use insertBefore instead of appendChild to circumvent an IE6 bug. + // This arises when a base node is used (#2709 and #4378). + head.insertBefore( script, head.firstChild ); + }, + + abort: function() { + if ( script ) { + script.onload( 0, 1 ); + } + } + }; + } +}); + + + + +var // #5280: Internet Explorer will keep connections alive if we don't abort on unload + xhrOnUnloadAbort = window.ActiveXObject ? function() { + // Abort all pending requests + for ( var key in xhrCallbacks ) { + xhrCallbacks[ key ]( 0, 1 ); + } + } : false, + xhrId = 0, + xhrCallbacks; + +// Functions to create xhrs +function createStandardXHR() { + try { + return new window.XMLHttpRequest(); + } catch( e ) {} +} + +function createActiveXHR() { + try { + return new window.ActiveXObject( "Microsoft.XMLHTTP" ); + } catch( e ) {} +} + +// Create the request object +// (This is still attached to ajaxSettings for backward compatibility) +jQuery.ajaxSettings.xhr = window.ActiveXObject ? + /* Microsoft failed to properly + * implement the XMLHttpRequest in IE7 (can't request local files), + * so we use the ActiveXObject when it is available + * Additionally XMLHttpRequest can be disabled in IE7/IE8 so + * we need a fallback. + */ + function() { + return !this.isLocal && createStandardXHR() || createActiveXHR(); + } : + // For all other browsers, use the standard XMLHttpRequest object + createStandardXHR; + +// Determine support properties +(function( xhr ) { + jQuery.extend( jQuery.support, { + ajax: !!xhr, + cors: !!xhr && ( "withCredentials" in xhr ) + }); +})( jQuery.ajaxSettings.xhr() ); + +// Create transport if the browser can provide an xhr +if ( jQuery.support.ajax ) { + + jQuery.ajaxTransport(function( s ) { + // Cross domain only allowed if supported through XMLHttpRequest + if ( !s.crossDomain || jQuery.support.cors ) { + + var callback; + + return { + send: function( headers, complete ) { + + // Get a new xhr + var xhr = s.xhr(), + handle, + i; + + // Open the socket + // Passing null username, generates a login popup on Opera (#2865) + if ( s.username ) { + xhr.open( s.type, s.url, s.async, s.username, s.password ); + } else { + xhr.open( s.type, s.url, s.async ); + } + + // Apply custom fields if provided + if ( s.xhrFields ) { + for ( i in s.xhrFields ) { + xhr[ i ] = s.xhrFields[ i ]; + } + } + + // Override mime type if needed + if ( s.mimeType && xhr.overrideMimeType ) { + xhr.overrideMimeType( s.mimeType ); + } + + // X-Requested-With header + // For cross-domain requests, seeing as conditions for a preflight are + // akin to a jigsaw puzzle, we simply never set it to be sure. + // (it can always be set on a per-request basis or even using ajaxSetup) + // For same-domain requests, won't change header if already provided. + if ( !s.crossDomain && !headers["X-Requested-With"] ) { + headers[ "X-Requested-With" ] = "XMLHttpRequest"; + } + + // Need an extra try/catch for cross domain requests in Firefox 3 + try { + for ( i in headers ) { + xhr.setRequestHeader( i, headers[ i ] ); + } + } catch( _ ) {} + + // Do send the request + // This may raise an exception which is actually + // handled in jQuery.ajax (so no try/catch here) + xhr.send( ( s.hasContent && s.data ) || null ); + + // Listener + callback = function( _, isAbort ) { + + var status, + statusText, + responseHeaders, + responses, + xml; + + // Firefox throws exceptions when accessing properties + // of an xhr when a network error occured + // http://helpful.knobs-dials.com/index.php/Component_returned_failure_code:_0x80040111_(NS_ERROR_NOT_AVAILABLE) + try { + + // Was never called and is aborted or complete + if ( callback && ( isAbort || xhr.readyState === 4 ) ) { + + // Only called once + callback = undefined; + + // Do not keep as active anymore + if ( handle ) { + xhr.onreadystatechange = jQuery.noop; + if ( xhrOnUnloadAbort ) { + delete xhrCallbacks[ handle ]; + } + } + + // If it's an abort + if ( isAbort ) { + // Abort it manually if needed + if ( xhr.readyState !== 4 ) { + xhr.abort(); + } + } else { + status = xhr.status; + responseHeaders = xhr.getAllResponseHeaders(); + responses = {}; + xml = xhr.responseXML; + + // Construct response list + if ( xml && xml.documentElement /* #4958 */ ) { + responses.xml = xml; + } + + // When requesting binary data, IE6-9 will throw an exception + // on any attempt to access responseText (#11426) + try { + responses.text = xhr.responseText; + } catch( _ ) { + } + + // Firefox throws an exception when accessing + // statusText for faulty cross-domain requests + try { + statusText = xhr.statusText; + } catch( e ) { + // We normalize with Webkit giving an empty statusText + statusText = ""; + } + + // Filter status for non standard behaviors + + // If the request is local and we have data: assume a success + // (success with no data won't get notified, that's the best we + // can do given current implementations) + if ( !status && s.isLocal && !s.crossDomain ) { + status = responses.text ? 200 : 404; + // IE - #1450: sometimes returns 1223 when it should be 204 + } else if ( status === 1223 ) { + status = 204; + } + } + } + } catch( firefoxAccessException ) { + if ( !isAbort ) { + complete( -1, firefoxAccessException ); + } + } + + // Call complete if needed + if ( responses ) { + complete( status, statusText, responses, responseHeaders ); + } + }; + + // if we're in sync mode or it's in cache + // and has been retrieved directly (IE6 & IE7) + // we need to manually fire the callback + if ( !s.async || xhr.readyState === 4 ) { + callback(); + } else { + handle = ++xhrId; + if ( xhrOnUnloadAbort ) { + // Create the active xhrs callbacks list if needed + // and attach the unload handler + if ( !xhrCallbacks ) { + xhrCallbacks = {}; + jQuery( window ).unload( xhrOnUnloadAbort ); + } + // Add to list of active xhrs callbacks + xhrCallbacks[ handle ] = callback; + } + xhr.onreadystatechange = callback; + } + }, + + abort: function() { + if ( callback ) { + callback(0,1); + } + } + }; + } + }); +} + + + + +var elemdisplay = {}, + iframe, iframeDoc, + rfxtypes = /^(?:toggle|show|hide)$/, + rfxnum = /^([+\-]=)?([\d+.\-]+)([a-z%]*)$/i, + timerId, + fxAttrs = [ + // height animations + [ "height", "marginTop", "marginBottom", "paddingTop", "paddingBottom" ], + // width animations + [ "width", "marginLeft", "marginRight", "paddingLeft", "paddingRight" ], + // opacity animations + [ "opacity" ] + ], + fxNow; + +jQuery.fn.extend({ + show: function( speed, easing, callback ) { + var elem, display; + + if ( speed || speed === 0 ) { + return this.animate( genFx("show", 3), speed, easing, callback ); + + } else { + for ( var i = 0, j = this.length; i < j; i++ ) { + elem = this[ i ]; + + if ( elem.style ) { + display = elem.style.display; + + // Reset the inline display of this element to learn if it is + // being hidden by cascaded rules or not + if ( !jQuery._data(elem, "olddisplay") && display === "none" ) { + display = elem.style.display = ""; + } + + // Set elements which have been overridden with display: none + // in a stylesheet to whatever the default browser style is + // for such an element + if ( (display === "" && jQuery.css(elem, "display") === "none") || + !jQuery.contains( elem.ownerDocument.documentElement, elem ) ) { + jQuery._data( elem, "olddisplay", defaultDisplay(elem.nodeName) ); + } + } + } + + // Set the display of most of the elements in a second loop + // to avoid the constant reflow + for ( i = 0; i < j; i++ ) { + elem = this[ i ]; + + if ( elem.style ) { + display = elem.style.display; + + if ( display === "" || display === "none" ) { + elem.style.display = jQuery._data( elem, "olddisplay" ) || ""; + } + } + } + + return this; + } + }, + + hide: function( speed, easing, callback ) { + if ( speed || speed === 0 ) { + return this.animate( genFx("hide", 3), speed, easing, callback); + + } else { + var elem, display, + i = 0, + j = this.length; + + for ( ; i < j; i++ ) { + elem = this[i]; + if ( elem.style ) { + display = jQuery.css( elem, "display" ); + + if ( display !== "none" && !jQuery._data( elem, "olddisplay" ) ) { + jQuery._data( elem, "olddisplay", display ); + } + } + } + + // Set the display of the elements in a second loop + // to avoid the constant reflow + for ( i = 0; i < j; i++ ) { + if ( this[i].style ) { + this[i].style.display = "none"; + } + } + + return this; + } + }, + + // Save the old toggle function + _toggle: jQuery.fn.toggle, + + toggle: function( fn, fn2, callback ) { + var bool = typeof fn === "boolean"; + + if ( jQuery.isFunction(fn) && jQuery.isFunction(fn2) ) { + this._toggle.apply( this, arguments ); + + } else if ( fn == null || bool ) { + this.each(function() { + var state = bool ? fn : jQuery(this).is(":hidden"); + jQuery(this)[ state ? "show" : "hide" ](); + }); + + } else { + this.animate(genFx("toggle", 3), fn, fn2, callback); + } + + return this; + }, + + fadeTo: function( speed, to, easing, callback ) { + return this.filter(":hidden").css("opacity", 0).show().end() + .animate({opacity: to}, speed, easing, callback); + }, + + animate: function( prop, speed, easing, callback ) { + var optall = jQuery.speed( speed, easing, callback ); + + if ( jQuery.isEmptyObject( prop ) ) { + return this.each( optall.complete, [ false ] ); + } + + // Do not change referenced properties as per-property easing will be lost + prop = jQuery.extend( {}, prop ); + + function doAnimation() { + // XXX 'this' does not always have a nodeName when running the + // test suite + + if ( optall.queue === false ) { + jQuery._mark( this ); + } + + var opt = jQuery.extend( {}, optall ), + isElement = this.nodeType === 1, + hidden = isElement && jQuery(this).is(":hidden"), + name, val, p, e, hooks, replace, + parts, start, end, unit, + method; + + // will store per property easing and be used to determine when an animation is complete + opt.animatedProperties = {}; + + // first pass over propertys to expand / normalize + for ( p in prop ) { + name = jQuery.camelCase( p ); + if ( p !== name ) { + prop[ name ] = prop[ p ]; + delete prop[ p ]; + } + + if ( ( hooks = jQuery.cssHooks[ name ] ) && "expand" in hooks ) { + replace = hooks.expand( prop[ name ] ); + delete prop[ name ]; + + // not quite $.extend, this wont overwrite keys already present. + // also - reusing 'p' from above because we have the correct "name" + for ( p in replace ) { + if ( ! ( p in prop ) ) { + prop[ p ] = replace[ p ]; + } + } + } + } + + for ( name in prop ) { + val = prop[ name ]; + // easing resolution: per property > opt.specialEasing > opt.easing > 'swing' (default) + if ( jQuery.isArray( val ) ) { + opt.animatedProperties[ name ] = val[ 1 ]; + val = prop[ name ] = val[ 0 ]; + } else { + opt.animatedProperties[ name ] = opt.specialEasing && opt.specialEasing[ name ] || opt.easing || 'swing'; + } + + if ( val === "hide" && hidden || val === "show" && !hidden ) { + return opt.complete.call( this ); + } + + if ( isElement && ( name === "height" || name === "width" ) ) { + // Make sure that nothing sneaks out + // Record all 3 overflow attributes because IE does not + // change the overflow attribute when overflowX and + // overflowY are set to the same value + opt.overflow = [ this.style.overflow, this.style.overflowX, this.style.overflowY ]; + + // Set display property to inline-block for height/width + // animations on inline elements that are having width/height animated + if ( jQuery.css( this, "display" ) === "inline" && + jQuery.css( this, "float" ) === "none" ) { + + // inline-level elements accept inline-block; + // block-level elements need to be inline with layout + if ( !jQuery.support.inlineBlockNeedsLayout || defaultDisplay( this.nodeName ) === "inline" ) { + this.style.display = "inline-block"; + + } else { + this.style.zoom = 1; + } + } + } + } + + if ( opt.overflow != null ) { + this.style.overflow = "hidden"; + } + + for ( p in prop ) { + e = new jQuery.fx( this, opt, p ); + val = prop[ p ]; + + if ( rfxtypes.test( val ) ) { + + // Tracks whether to show or hide based on private + // data attached to the element + method = jQuery._data( this, "toggle" + p ) || ( val === "toggle" ? hidden ? "show" : "hide" : 0 ); + if ( method ) { + jQuery._data( this, "toggle" + p, method === "show" ? "hide" : "show" ); + e[ method ](); + } else { + e[ val ](); + } + + } else { + parts = rfxnum.exec( val ); + start = e.cur(); + + if ( parts ) { + end = parseFloat( parts[2] ); + unit = parts[3] || ( jQuery.cssNumber[ p ] ? "" : "px" ); + + // We need to compute starting value + if ( unit !== "px" ) { + jQuery.style( this, p, (end || 1) + unit); + start = ( (end || 1) / e.cur() ) * start; + jQuery.style( this, p, start + unit); + } + + // If a +=/-= token was provided, we're doing a relative animation + if ( parts[1] ) { + end = ( (parts[ 1 ] === "-=" ? -1 : 1) * end ) + start; + } + + e.custom( start, end, unit ); + + } else { + e.custom( start, val, "" ); + } + } + } + + // For JS strict compliance + return true; + } + + return optall.queue === false ? + this.each( doAnimation ) : + this.queue( optall.queue, doAnimation ); + }, + + stop: function( type, clearQueue, gotoEnd ) { + if ( typeof type !== "string" ) { + gotoEnd = clearQueue; + clearQueue = type; + type = undefined; + } + if ( clearQueue && type !== false ) { + this.queue( type || "fx", [] ); + } + + return this.each(function() { + var index, + hadTimers = false, + timers = jQuery.timers, + data = jQuery._data( this ); + + // clear marker counters if we know they won't be + if ( !gotoEnd ) { + jQuery._unmark( true, this ); + } + + function stopQueue( elem, data, index ) { + var hooks = data[ index ]; + jQuery.removeData( elem, index, true ); + hooks.stop( gotoEnd ); + } + + if ( type == null ) { + for ( index in data ) { + if ( data[ index ] && data[ index ].stop && index.indexOf(".run") === index.length - 4 ) { + stopQueue( this, data, index ); + } + } + } else if ( data[ index = type + ".run" ] && data[ index ].stop ){ + stopQueue( this, data, index ); + } + + for ( index = timers.length; index--; ) { + if ( timers[ index ].elem === this && (type == null || timers[ index ].queue === type) ) { + if ( gotoEnd ) { + + // force the next step to be the last + timers[ index ]( true ); + } else { + timers[ index ].saveState(); + } + hadTimers = true; + timers.splice( index, 1 ); + } + } + + // start the next in the queue if the last step wasn't forced + // timers currently will call their complete callbacks, which will dequeue + // but only if they were gotoEnd + if ( !( gotoEnd && hadTimers ) ) { + jQuery.dequeue( this, type ); + } + }); + } + +}); + +// Animations created synchronously will run synchronously +function createFxNow() { + setTimeout( clearFxNow, 0 ); + return ( fxNow = jQuery.now() ); +} + +function clearFxNow() { + fxNow = undefined; +} + +// Generate parameters to create a standard animation +function genFx( type, num ) { + var obj = {}; + + jQuery.each( fxAttrs.concat.apply([], fxAttrs.slice( 0, num )), function() { + obj[ this ] = type; + }); + + return obj; +} + +// Generate shortcuts for custom animations +jQuery.each({ + slideDown: genFx( "show", 1 ), + slideUp: genFx( "hide", 1 ), + slideToggle: genFx( "toggle", 1 ), + fadeIn: { opacity: "show" }, + fadeOut: { opacity: "hide" }, + fadeToggle: { opacity: "toggle" } +}, function( name, props ) { + jQuery.fn[ name ] = function( speed, easing, callback ) { + return this.animate( props, speed, easing, callback ); + }; +}); + +jQuery.extend({ + speed: function( speed, easing, fn ) { + var opt = speed && typeof speed === "object" ? jQuery.extend( {}, speed ) : { + complete: fn || !fn && easing || + jQuery.isFunction( speed ) && speed, + duration: speed, + easing: fn && easing || easing && !jQuery.isFunction( easing ) && easing + }; + + opt.duration = jQuery.fx.off ? 0 : typeof opt.duration === "number" ? opt.duration : + opt.duration in jQuery.fx.speeds ? jQuery.fx.speeds[ opt.duration ] : jQuery.fx.speeds._default; + + // normalize opt.queue - true/undefined/null -> "fx" + if ( opt.queue == null || opt.queue === true ) { + opt.queue = "fx"; + } + + // Queueing + opt.old = opt.complete; + + opt.complete = function( noUnmark ) { + if ( jQuery.isFunction( opt.old ) ) { + opt.old.call( this ); + } + + if ( opt.queue ) { + jQuery.dequeue( this, opt.queue ); + } else if ( noUnmark !== false ) { + jQuery._unmark( this ); + } + }; + + return opt; + }, + + easing: { + linear: function( p ) { + return p; + }, + swing: function( p ) { + return ( -Math.cos( p*Math.PI ) / 2 ) + 0.5; + } + }, + + timers: [], + + fx: function( elem, options, prop ) { + this.options = options; + this.elem = elem; + this.prop = prop; + + options.orig = options.orig || {}; + } + +}); + +jQuery.fx.prototype = { + // Simple function for setting a style value + update: function() { + if ( this.options.step ) { + this.options.step.call( this.elem, this.now, this ); + } + + ( jQuery.fx.step[ this.prop ] || jQuery.fx.step._default )( this ); + }, + + // Get the current size + cur: function() { + if ( this.elem[ this.prop ] != null && (!this.elem.style || this.elem.style[ this.prop ] == null) ) { + return this.elem[ this.prop ]; + } + + var parsed, + r = jQuery.css( this.elem, this.prop ); + // Empty strings, null, undefined and "auto" are converted to 0, + // complex values such as "rotate(1rad)" are returned as is, + // simple values such as "10px" are parsed to Float. + return isNaN( parsed = parseFloat( r ) ) ? !r || r === "auto" ? 0 : r : parsed; + }, + + // Start an animation from one number to another + custom: function( from, to, unit ) { + var self = this, + fx = jQuery.fx; + + this.startTime = fxNow || createFxNow(); + this.end = to; + this.now = this.start = from; + this.pos = this.state = 0; + this.unit = unit || this.unit || ( jQuery.cssNumber[ this.prop ] ? "" : "px" ); + + function t( gotoEnd ) { + return self.step( gotoEnd ); + } + + t.queue = this.options.queue; + t.elem = this.elem; + t.saveState = function() { + if ( jQuery._data( self.elem, "fxshow" + self.prop ) === undefined ) { + if ( self.options.hide ) { + jQuery._data( self.elem, "fxshow" + self.prop, self.start ); + } else if ( self.options.show ) { + jQuery._data( self.elem, "fxshow" + self.prop, self.end ); + } + } + }; + + if ( t() && jQuery.timers.push(t) && !timerId ) { + timerId = setInterval( fx.tick, fx.interval ); + } + }, + + // Simple 'show' function + show: function() { + var dataShow = jQuery._data( this.elem, "fxshow" + this.prop ); + + // Remember where we started, so that we can go back to it later + this.options.orig[ this.prop ] = dataShow || jQuery.style( this.elem, this.prop ); + this.options.show = true; + + // Begin the animation + // Make sure that we start at a small width/height to avoid any flash of content + if ( dataShow !== undefined ) { + // This show is picking up where a previous hide or show left off + this.custom( this.cur(), dataShow ); + } else { + this.custom( this.prop === "width" || this.prop === "height" ? 1 : 0, this.cur() ); + } + + // Start by showing the element + jQuery( this.elem ).show(); + }, + + // Simple 'hide' function + hide: function() { + // Remember where we started, so that we can go back to it later + this.options.orig[ this.prop ] = jQuery._data( this.elem, "fxshow" + this.prop ) || jQuery.style( this.elem, this.prop ); + this.options.hide = true; + + // Begin the animation + this.custom( this.cur(), 0 ); + }, + + // Each step of an animation + step: function( gotoEnd ) { + var p, n, complete, + t = fxNow || createFxNow(), + done = true, + elem = this.elem, + options = this.options; + + if ( gotoEnd || t >= options.duration + this.startTime ) { + this.now = this.end; + this.pos = this.state = 1; + this.update(); + + options.animatedProperties[ this.prop ] = true; + + for ( p in options.animatedProperties ) { + if ( options.animatedProperties[ p ] !== true ) { + done = false; + } + } + + if ( done ) { + // Reset the overflow + if ( options.overflow != null && !jQuery.support.shrinkWrapBlocks ) { + + jQuery.each( [ "", "X", "Y" ], function( index, value ) { + elem.style[ "overflow" + value ] = options.overflow[ index ]; + }); + } + + // Hide the element if the "hide" operation was done + if ( options.hide ) { + jQuery( elem ).hide(); + } + + // Reset the properties, if the item has been hidden or shown + if ( options.hide || options.show ) { + for ( p in options.animatedProperties ) { + jQuery.style( elem, p, options.orig[ p ] ); + jQuery.removeData( elem, "fxshow" + p, true ); + // Toggle data is no longer needed + jQuery.removeData( elem, "toggle" + p, true ); + } + } + + // Execute the complete function + // in the event that the complete function throws an exception + // we must ensure it won't be called twice. #5684 + + complete = options.complete; + if ( complete ) { + + options.complete = false; + complete.call( elem ); + } + } + + return false; + + } else { + // classical easing cannot be used with an Infinity duration + if ( options.duration == Infinity ) { + this.now = t; + } else { + n = t - this.startTime; + this.state = n / options.duration; + + // Perform the easing function, defaults to swing + this.pos = jQuery.easing[ options.animatedProperties[this.prop] ]( this.state, n, 0, 1, options.duration ); + this.now = this.start + ( (this.end - this.start) * this.pos ); + } + // Perform the next step of the animation + this.update(); + } + + return true; + } +}; + +jQuery.extend( jQuery.fx, { + tick: function() { + var timer, + timers = jQuery.timers, + i = 0; + + for ( ; i < timers.length; i++ ) { + timer = timers[ i ]; + // Checks the timer has not already been removed + if ( !timer() && timers[ i ] === timer ) { + timers.splice( i--, 1 ); + } + } + + if ( !timers.length ) { + jQuery.fx.stop(); + } + }, + + interval: 13, + + stop: function() { + clearInterval( timerId ); + timerId = null; + }, + + speeds: { + slow: 600, + fast: 200, + // Default speed + _default: 400 + }, + + step: { + opacity: function( fx ) { + jQuery.style( fx.elem, "opacity", fx.now ); + }, + + _default: function( fx ) { + if ( fx.elem.style && fx.elem.style[ fx.prop ] != null ) { + fx.elem.style[ fx.prop ] = fx.now + fx.unit; + } else { + fx.elem[ fx.prop ] = fx.now; + } + } + } +}); + +// Ensure props that can't be negative don't go there on undershoot easing +jQuery.each( fxAttrs.concat.apply( [], fxAttrs ), function( i, prop ) { + // exclude marginTop, marginLeft, marginBottom and marginRight from this list + if ( prop.indexOf( "margin" ) ) { + jQuery.fx.step[ prop ] = function( fx ) { + jQuery.style( fx.elem, prop, Math.max(0, fx.now) + fx.unit ); + }; + } +}); + +if ( jQuery.expr && jQuery.expr.filters ) { + jQuery.expr.filters.animated = function( elem ) { + return jQuery.grep(jQuery.timers, function( fn ) { + return elem === fn.elem; + }).length; + }; +} + +// Try to restore the default display value of an element +function defaultDisplay( nodeName ) { + + if ( !elemdisplay[ nodeName ] ) { + + var body = document.body, + elem = jQuery( "<" + nodeName + ">" ).appendTo( body ), + display = elem.css( "display" ); + elem.remove(); + + // If the simple way fails, + // get element's real default display by attaching it to a temp iframe + if ( display === "none" || display === "" ) { + // No iframe to use yet, so create it + if ( !iframe ) { + iframe = document.createElement( "iframe" ); + iframe.frameBorder = iframe.width = iframe.height = 0; + } + + body.appendChild( iframe ); + + // Create a cacheable copy of the iframe document on first call. + // IE and Opera will allow us to reuse the iframeDoc without re-writing the fake HTML + // document to it; WebKit & Firefox won't allow reusing the iframe document. + if ( !iframeDoc || !iframe.createElement ) { + iframeDoc = ( iframe.contentWindow || iframe.contentDocument ).document; + iframeDoc.write( ( jQuery.support.boxModel ? "<!doctype html>" : "" ) + "<html><body>" ); + iframeDoc.close(); + } + + elem = iframeDoc.createElement( nodeName ); + + iframeDoc.body.appendChild( elem ); + + display = jQuery.css( elem, "display" ); + body.removeChild( iframe ); + } + + // Store the correct default display + elemdisplay[ nodeName ] = display; + } + + return elemdisplay[ nodeName ]; +} + + + + +var getOffset, + rtable = /^t(?:able|d|h)$/i, + rroot = /^(?:body|html)$/i; + +if ( "getBoundingClientRect" in document.documentElement ) { + getOffset = function( elem, doc, docElem, box ) { + try { + box = elem.getBoundingClientRect(); + } catch(e) {} + + // Make sure we're not dealing with a disconnected DOM node + if ( !box || !jQuery.contains( docElem, elem ) ) { + return box ? { top: box.top, left: box.left } : { top: 0, left: 0 }; + } + + var body = doc.body, + win = getWindow( doc ), + clientTop = docElem.clientTop || body.clientTop || 0, + clientLeft = docElem.clientLeft || body.clientLeft || 0, + scrollTop = win.pageYOffset || jQuery.support.boxModel && docElem.scrollTop || body.scrollTop, + scrollLeft = win.pageXOffset || jQuery.support.boxModel && docElem.scrollLeft || body.scrollLeft, + top = box.top + scrollTop - clientTop, + left = box.left + scrollLeft - clientLeft; + + return { top: top, left: left }; + }; + +} else { + getOffset = function( elem, doc, docElem ) { + var computedStyle, + offsetParent = elem.offsetParent, + prevOffsetParent = elem, + body = doc.body, + defaultView = doc.defaultView, + prevComputedStyle = defaultView ? defaultView.getComputedStyle( elem, null ) : elem.currentStyle, + top = elem.offsetTop, + left = elem.offsetLeft; + + while ( (elem = elem.parentNode) && elem !== body && elem !== docElem ) { + if ( jQuery.support.fixedPosition && prevComputedStyle.position === "fixed" ) { + break; + } + + computedStyle = defaultView ? defaultView.getComputedStyle(elem, null) : elem.currentStyle; + top -= elem.scrollTop; + left -= elem.scrollLeft; + + if ( elem === offsetParent ) { + top += elem.offsetTop; + left += elem.offsetLeft; + + if ( jQuery.support.doesNotAddBorder && !(jQuery.support.doesAddBorderForTableAndCells && rtable.test(elem.nodeName)) ) { + top += parseFloat( computedStyle.borderTopWidth ) || 0; + left += parseFloat( computedStyle.borderLeftWidth ) || 0; + } + + prevOffsetParent = offsetParent; + offsetParent = elem.offsetParent; + } + + if ( jQuery.support.subtractsBorderForOverflowNotVisible && computedStyle.overflow !== "visible" ) { + top += parseFloat( computedStyle.borderTopWidth ) || 0; + left += parseFloat( computedStyle.borderLeftWidth ) || 0; + } + + prevComputedStyle = computedStyle; + } + + if ( prevComputedStyle.position === "relative" || prevComputedStyle.position === "static" ) { + top += body.offsetTop; + left += body.offsetLeft; + } + + if ( jQuery.support.fixedPosition && prevComputedStyle.position === "fixed" ) { + top += Math.max( docElem.scrollTop, body.scrollTop ); + left += Math.max( docElem.scrollLeft, body.scrollLeft ); + } + + return { top: top, left: left }; + }; +} + +jQuery.fn.offset = function( options ) { + if ( arguments.length ) { + return options === undefined ? + this : + this.each(function( i ) { + jQuery.offset.setOffset( this, options, i ); + }); + } + + var elem = this[0], + doc = elem && elem.ownerDocument; + + if ( !doc ) { + return null; + } + + if ( elem === doc.body ) { + return jQuery.offset.bodyOffset( elem ); + } + + return getOffset( elem, doc, doc.documentElement ); +}; + +jQuery.offset = { + + bodyOffset: function( body ) { + var top = body.offsetTop, + left = body.offsetLeft; + + if ( jQuery.support.doesNotIncludeMarginInBodyOffset ) { + top += parseFloat( jQuery.css(body, "marginTop") ) || 0; + left += parseFloat( jQuery.css(body, "marginLeft") ) || 0; + } + + return { top: top, left: left }; + }, + + setOffset: function( elem, options, i ) { + var position = jQuery.css( elem, "position" ); + + // set position first, in-case top/left are set even on static elem + if ( position === "static" ) { + elem.style.position = "relative"; + } + + var curElem = jQuery( elem ), + curOffset = curElem.offset(), + curCSSTop = jQuery.css( elem, "top" ), + curCSSLeft = jQuery.css( elem, "left" ), + calculatePosition = ( position === "absolute" || position === "fixed" ) && jQuery.inArray("auto", [curCSSTop, curCSSLeft]) > -1, + props = {}, curPosition = {}, curTop, curLeft; + + // need to be able to calculate position if either top or left is auto and position is either absolute or fixed + if ( calculatePosition ) { + curPosition = curElem.position(); + curTop = curPosition.top; + curLeft = curPosition.left; + } else { + curTop = parseFloat( curCSSTop ) || 0; + curLeft = parseFloat( curCSSLeft ) || 0; + } + + if ( jQuery.isFunction( options ) ) { + options = options.call( elem, i, curOffset ); + } + + if ( options.top != null ) { + props.top = ( options.top - curOffset.top ) + curTop; + } + if ( options.left != null ) { + props.left = ( options.left - curOffset.left ) + curLeft; + } + + if ( "using" in options ) { + options.using.call( elem, props ); + } else { + curElem.css( props ); + } + } +}; + + +jQuery.fn.extend({ + + position: function() { + if ( !this[0] ) { + return null; + } + + var elem = this[0], + + // Get *real* offsetParent + offsetParent = this.offsetParent(), + + // Get correct offsets + offset = this.offset(), + parentOffset = rroot.test(offsetParent[0].nodeName) ? { top: 0, left: 0 } : offsetParent.offset(); + + // Subtract element margins + // note: when an element has margin: auto the offsetLeft and marginLeft + // are the same in Safari causing offset.left to incorrectly be 0 + offset.top -= parseFloat( jQuery.css(elem, "marginTop") ) || 0; + offset.left -= parseFloat( jQuery.css(elem, "marginLeft") ) || 0; + + // Add offsetParent borders + parentOffset.top += parseFloat( jQuery.css(offsetParent[0], "borderTopWidth") ) || 0; + parentOffset.left += parseFloat( jQuery.css(offsetParent[0], "borderLeftWidth") ) || 0; + + // Subtract the two offsets + return { + top: offset.top - parentOffset.top, + left: offset.left - parentOffset.left + }; + }, + + offsetParent: function() { + return this.map(function() { + var offsetParent = this.offsetParent || document.body; + while ( offsetParent && (!rroot.test(offsetParent.nodeName) && jQuery.css(offsetParent, "position") === "static") ) { + offsetParent = offsetParent.offsetParent; + } + return offsetParent; + }); + } +}); + + +// Create scrollLeft and scrollTop methods +jQuery.each( {scrollLeft: "pageXOffset", scrollTop: "pageYOffset"}, function( method, prop ) { + var top = /Y/.test( prop ); + + jQuery.fn[ method ] = function( val ) { + return jQuery.access( this, function( elem, method, val ) { + var win = getWindow( elem ); + + if ( val === undefined ) { + return win ? (prop in win) ? win[ prop ] : + jQuery.support.boxModel && win.document.documentElement[ method ] || + win.document.body[ method ] : + elem[ method ]; + } + + if ( win ) { + win.scrollTo( + !top ? val : jQuery( win ).scrollLeft(), + top ? val : jQuery( win ).scrollTop() + ); + + } else { + elem[ method ] = val; + } + }, method, val, arguments.length, null ); + }; +}); + +function getWindow( elem ) { + return jQuery.isWindow( elem ) ? + elem : + elem.nodeType === 9 ? + elem.defaultView || elem.parentWindow : + false; +} + + + + +// Create width, height, innerHeight, innerWidth, outerHeight and outerWidth methods +jQuery.each( { Height: "height", Width: "width" }, function( name, type ) { + var clientProp = "client" + name, + scrollProp = "scroll" + name, + offsetProp = "offset" + name; + + // innerHeight and innerWidth + jQuery.fn[ "inner" + name ] = function() { + var elem = this[0]; + return elem ? + elem.style ? + parseFloat( jQuery.css( elem, type, "padding" ) ) : + this[ type ]() : + null; + }; + + // outerHeight and outerWidth + jQuery.fn[ "outer" + name ] = function( margin ) { + var elem = this[0]; + return elem ? + elem.style ? + parseFloat( jQuery.css( elem, type, margin ? "margin" : "border" ) ) : + this[ type ]() : + null; + }; + + jQuery.fn[ type ] = function( value ) { + return jQuery.access( this, function( elem, type, value ) { + var doc, docElemProp, orig, ret; + + if ( jQuery.isWindow( elem ) ) { + // 3rd condition allows Nokia support, as it supports the docElem prop but not CSS1Compat + doc = elem.document; + docElemProp = doc.documentElement[ clientProp ]; + return jQuery.support.boxModel && docElemProp || + doc.body && doc.body[ clientProp ] || docElemProp; + } + + // Get document width or height + if ( elem.nodeType === 9 ) { + // Either scroll[Width/Height] or offset[Width/Height], whichever is greater + doc = elem.documentElement; + + // when a window > document, IE6 reports a offset[Width/Height] > client[Width/Height] + // so we can't use max, as it'll choose the incorrect offset[Width/Height] + // instead we use the correct client[Width/Height] + // support:IE6 + if ( doc[ clientProp ] >= doc[ scrollProp ] ) { + return doc[ clientProp ]; + } + + return Math.max( + elem.body[ scrollProp ], doc[ scrollProp ], + elem.body[ offsetProp ], doc[ offsetProp ] + ); + } + + // Get width or height on the element + if ( value === undefined ) { + orig = jQuery.css( elem, type ); + ret = parseFloat( orig ); + return jQuery.isNumeric( ret ) ? ret : orig; + } + + // Set the width or height on the element + jQuery( elem ).css( type, value ); + }, type, value, arguments.length, null ); + }; +}); + + + + +// Expose jQuery to the global object +window.jQuery = window.$ = jQuery; + +// Expose jQuery as an AMD module, but only for AMD loaders that +// understand the issues with loading multiple versions of jQuery +// in a page that all might call define(). The loader will indicate +// they have special allowances for multiple jQuery versions by +// specifying define.amd.jQuery = true. Register as a named module, +// since jQuery can be concatenated with other files that may use define, +// but not use a proper concatenation script that understands anonymous +// AMD modules. A named AMD is safest and most robust way to register. +// Lowercase jquery is used because AMD module names are derived from +// file names, and jQuery is normally delivered in a lowercase file name. +// Do this after creating the global so that if an AMD module wants to call +// noConflict to hide this version of jQuery, it will work. +if ( typeof define === "function" && define.amd && define.amd.jQuery ) { + define( "jquery", [], function () { return jQuery; } ); +} + + + +})( window ); diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp new file mode 100644 index 000000000..2b24f0b89 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp @@ -0,0 +1,360 @@ +<%@ page contentType="text/html;charset=UTF-8" %> +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <div id="list_area"> + <h2><%=LanguageHelper.getGUIString("webpages.moaconfig.header", request) %></h2> + + <s:if test="authUser.isAdmin()"> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.defaultbkus.header", request) %></h3> + + <s:textfield name="moaconfig.defaultBKUOnline" + value="%{moaconfig.defaultBKUOnline}" + labelposition="left" + key="webpages.oaconfig.general.bku.online" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="moaconfig.defaultBKUHandy" + value="%{moaconfig.defaultBKUHandy}" + labelposition="left" + key="webpages.oaconfig.general.bku.handy" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="moaconfig.defaultBKULocal" + value="%{moaconfig.defaultBKULocal}" + labelposition="left" + key="webpages.oaconfig.general.bku.local" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.slrequesttemplates.header", request) %></h3> + + <s:textfield name="moaconfig.SLRequestTemplateOnline" + value="%{moaconfig.SLRequestTemplateOnline}" + labelposition="left" + key="webpages.moaconfig.slrequesttemplates.online" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="moaconfig.SLRequestTemplateHandy" + value="%{moaconfig.SLRequestTemplateHandy}" + labelposition="left" + key="webpages.moaconfig.slrequesttemplates.handy" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="moaconfig.SLRequestTemplateLocal" + value="%{moaconfig.SLRequestTemplateLocal}" + labelposition="left" + key="webpages.moaconfig.slrequesttemplates.local" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.certificates.header", request) %></h3> + + <s:textfield name="moaconfig.certStoreDirectory" + value="%{moaconfig.certStoreDirectory}" + labelposition="left" + key="webpages.moaconfig.certificates.certstore" + cssClass="textfield_long"> + </s:textfield> + + <s:checkbox name="moaconfig.trustmanagerrevocationcheck" + value="%{moaconfig.trustmanagerrevocationcheck}" + labelposition="left" + key="webpages.moaconfig.certificates.trustmanagerrev" + cssClass="checkbox"> + </s:checkbox> + + <s:textfield name="moaconfig.trustedCACerts" + value="%{moaconfig.trustedCACerts}" + labelposition="left" + key="webpages.moaconfig.certificates.trustCACerts" + cssClass="textfield_long"> + </s:textfield> + + <s:radio list="moaconfig.chainigmodelist" + name="moaconfig.defaultchainigmode" + value="%{moaconfig.defaultchainigmode}" + labelposition="left" + key="webpages.moaconfig.certificates.chainingmode" + cssClass="radio"> + </s:radio> + + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.timeout.header", request) %></h3> + + <s:textfield name="moaconfig.timeoutAssertion" + value="%{moaconfig.timeoutAssertion}" + labelposition="left" + key="webpages.moaconfig.timeout.assertion" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.timeoutMOASessionCreated" + value="%{moaconfig.timeoutMOASessionCreated}" + labelposition="left" + key="webpages.moaconfig.timeout.MOASessionCreated" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.timeoutMOASessionUpdated" + value="%{moaconfig.timeoutMOASessionUpdated}" + labelposition="left" + key="webpages.moaconfig.timeout.MOASessionUpdated" + cssClass="textfield_long"> + </s:textfield> + + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.moasp.header", request) %></h3> + + <s:textfield name="moaconfig.moaspssIdlTrustProfile" + value="%{moaconfig.moaspssIdlTrustProfile}" + labelposition="left" + key="webpages.moaconfig.moasp.idltrustprofile" + cssClass="textfield_long"> + </s:textfield> + +<%-- <s:textarea name="moaconfig.identityLinkSigners" + value="%{moaconfig.identityLinkSigners}" + labelposition="left" + key="webpages.moaconfig.identitylinksigners" + cssClass="textfield_large"> + </s:textarea> --%> + + <s:textfield name="moaconfig.moaspssAuthTrustProfile" + value="%{moaconfig.moaspssAuthTrustProfile}" + labelposition="left" + key="webpages.moaconfig.moasp.authtrustprofile" + cssClass="textfield_long"> + </s:textfield> + + <s:textarea name="moaconfig.moaspssAuthTransformations" + value="%{moaconfig.moaspssAuthTransformations}" + labelposition="left" + key="webpages.moaconfig.moasp.authblocktransform" + cssClass="textfield_large"> + </s:textarea> + + <s:textfield name="moaconfig.moaspssURL" + value="%{moaconfig.moaspssURL}" + labelposition="left" + key="webpages.moaconfig.moasp.url" + cssClass="textfield_long"> + </s:textfield> + + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.services.header", request) %></h3> + <s:textfield name="moaconfig.mandateURL" + value="%{moaconfig.mandateURL}" + labelposition="left" + key="webpages.moaconfig.services.mandates" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.szrgwURL" + value="%{moaconfig.szrgwURL}" + labelposition="left" + key="webpages.moaconfig.services.szrgw" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div class="oa_config_block" > + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.sso.header", request) %></h3> + <s:textfield name="moaconfig.ssoPublicUrl" + value="%{moaconfig.ssoPublicUrl}" + labelposition="left" + key="webpages.moaconfig.sso.PublicUrl" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.ssoFriendlyName" + value="%{moaconfig.ssoFriendlyName}" + labelposition="left" + key="webpages.moaconfig.sso.FriendlyName" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.ssoTarget " + value="%{moaconfig.ssoTarget }" + labelposition="left" + key="webpages.moaconfig.services.sso.Target" + cssClass="textfield_long"> + </s:textfield> + <s:textarea name="moaconfig.ssoSpecialText" + value="%{moaconfig.ssoSpecialText}" + labelposition="left" + key="webpages.moaconfig.services.sso.SpecialText" + cssClass="textfield_large"> + </s:textarea> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.header", request) %></h3> + + <div id="moageneral_legacy_protocol" class="moageneral_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.legacy.header", request) %></h4> + <s:checkbox name="moaconfig.legacy_saml1" + value="%{moaconfig.legacy_saml1}" + labelposition="left" + key="webpages.moaconfig.protocols.legacy.saml1" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="moaconfig.legacy_pvp2" + value="%{moaconfig.legacy_pvp2}" + labelposition="left" + key="webpages.moaconfig.protocols.legacy.pvp2" + cssClass="checkbox"> + </s:checkbox> + </div> + + <div class="moageneral_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.header", request) %></h4> + + <s:textfield name="moaconfig.pvp2PublicUrlPrefix " + value="%{moaconfig.pvp2PublicUrlPrefix}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.PublicUrlPrefix" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2IssuerName" + value="%{moaconfig.pvp2IssuerName}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.IssuerName" + cssClass="textfield_long"> + </s:textfield> + + <h5><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.org.header", request) %></h5> + <s:textfield name="moaconfig.pvp2OrgName" + value="%{moaconfig.pvp2OrgName}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.org.name" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2OrgDisplayName" + value="%{moaconfig.pvp2OrgDisplayName}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.org.displayname" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2OrgURL " + value="%{moaconfig.pvp2OrgURL}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.org.url" + cssClass="textfield_long"> + </s:textfield> + + <h5><%=LanguageHelper.getGUIString("webpages.moaconfig.protocols.pvp2.contact.header", request) %></h5> + <s:textfield name="moaconfig.pvp2Contact.surname" + value="%{moaconfig.pvp2Contact.surname}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.contact.surename" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2Contact.givenname" + value="%{moaconfig.pvp2Contact.givenname}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.contact.givenname" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2Contact.mail" + value="%{moaconfig.pvp2Contact.mail}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.contact.email" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2Contact.phone" + value="%{moaconfig.pvp2Contact.phone}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.contact.phone" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2Contact.company" + value="%{moaconfig.pvp2Contact.company}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.contact.company" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="moaconfig.pvp2Contact.type" + value="%{moaconfig.pvp2Contact.type}" + labelposition="left" + key="webpages.moaconfig.protocols.pvp2.contact.type" + cssClass="textfield_long"> + </s:textfield> + </div> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.moaconfig.sl.transormations.header", request) %></h3> + + <s:iterator value="%{moaconfig.fileUploadFileName}" var="fileName"> + <s:label key="webpages.moaconfig.sl.transormations.filename" value="%{fileName}"/> + + <div id="pvp2_certificate_upload"> + <s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file> + </div> + </s:iterator> + <s:if test="moaconfig.fileUploadFileName.size() == 0"> + <div id="pvp2_certificate_upload"> + <s:file name="moaconfig.fileUpload" key="webpages.moaconfig.sl.transormations.upload" cssClass="textfield_long"></s:file> + </div> + </s:if> + + </div> + + <br> + <br> + + <div id="button_area"> + <s:submit key="webpages.edit.back" action="backGeneralConfig"/> + <s:submit key="webpages.edit.save" action="saveGeneralConfig"/> + </div> + + </s:form> + + </s:if> + </div> + + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp new file mode 100644 index 000000000..60f253222 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -0,0 +1,355 @@ +<%@ page contentType="text/html;charset=UTF-8" %> +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + + </head> + + <body onload="oaOnLoad()"> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <div id="list_area"> + <h2><%=LanguageHelper.getGUIString("webpages.oaconfig.header", request) %></h2> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + + <div class="oa_config_block"> + + <s:if test="authUser.isAdmin()"> + <s:checkbox name="generalOA.Active" + value="%{generalOA.Active}" + labelposition="left" + key="webpages.oaconfig.general.isActive" + cssClass="checkbox"> + </s:checkbox> + </s:if> + + <s:textfield name="generalOA.identifier" + value="%{generalOA.identifier}" + labelposition="left" + key="webpages.oaconfig.general.identification" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="generalOA.friendlyName" + value="%{generalOA.friendlyName}" + labelposition="left" + key="webpages.oaconfig.general.friendlyname" + cssClass="textfield_long"> + </s:textfield> + + <s:checkbox name="generalOA.businessService" + value="%{generalOA.businessService}" + labelposition="left" + key="webpages.oaconfig.general.isbusinessservice" + cssClass="checkbox" + onclick="oaBusinessService();" + id="OAisbusinessservice"> + </s:checkbox> + </div> + + <div id="oa_config_businessservice" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3> + + <s:textfield name="generalOA.identificationNumber" + value="%{generalOA.identificationNumber}" + labelposition="left" + key="webpages.oaconfig.general.business.value" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div id="oa_config_publicservice" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3> + + <s:textfield name="generalOA.target" + value="%{generalOA.target}" + labelposition="left" + key="webpages.oaconfig.general.target" + cssClass="textfield_short"> + </s:textfield> + + <s:textfield name="generalOA.targetFriendlyName" + value="%{generalOA.targetFriendlyName}" + labelposition="left" + key="webpages.oaconfig.general.target.friendlyname" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3> + + <s:textfield name="generalOA.bkuOnlineURL" + value="%{generalOA.bkuOnlineURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.online" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="generalOA.bkuHandyURL" + value="%{generalOA.bkuHandyURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.handy" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="generalOA.bkuLocalURL" + value="%{generalOA.bkuLocalURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.local" + cssClass="textfield_long"> + </s:textfield> + + <s:if test="authUser.isAdmin()"> + <s:textfield name="generalOA.slVersion" + value="%{generalOA.slVersion}" + labelposition="left" + key="webpages.oaconfig.general.bku.slversion" + cssClass="textfield_long"> + </s:textfield> + </s:if> + <s:radio list="generalOA.keyBoxIdentifierList" + name="generalOA.keyBoxIdentifier" + value="%{generalOA.keyBoxIdentifier}" + labelposition="left" + key="webpages.oaconfig.general.bku.keyboxidentifier" + cssClass="radio"> + </s:radio> + <s:checkbox name="generalOA.legacy" + value="%{generalOA.legacy}" + labelposition="left" + key="webpages.oaconfig.general.bku.legacy" + cssClass="checkbox" + onclick="oaLegacyService();" + id="OAislegacy"> + </s:checkbox> + <div id="oa_config_sltemplates"> + <s:textfield name="generalOA.SLTemplateURL1" + value="%{generalOA.SLTemplateURL1}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.first" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="generalOA.SLTemplateURL2" + value="%{generalOA.SLTemplateURL2}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.second" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="generalOA.SLTemplateURL3" + value="%{generalOA.SLTemplateURL3}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.third" + cssClass="textfield_long"> + </s:textfield> + </div> + + + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3> + + <s:textfield name="generalOA.mandateProfiles" + value="%{generalOA.mandateProfiles}" + labelposition="left" + key="webpages.oaconfig.general.mandate.profiles" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3> + + <s:checkbox name="ssoOA.useSSO" + value="%{ssoOA.useSSO}" + labelposition="left" + key="webpages.oaconfig.sso.usesso" + cssClass="checkbox" + onclick="oaSSOService();" + id="OAuseSSO"> + </s:checkbox> + + <div id="sso_bock"> + <s:if test="authUser.isAdmin()"> + <s:checkbox name="ssoOA.showAuthDataFrame" + value="%{ssoOA.showAuthDataFrame}" + labelposition="left" + key="webpages.oaconfig.sso.useauthdataframe" + cssClass="checkbox" + onclick="oaBusinessService();"> + </s:checkbox> + </s:if> + + <s:textfield name="ssoOA.singleLogOutURL" + value="%{ssoOA.singleLogOutURL}" + labelposition="left" + key="webpages.oaconfig.sso.singlelogouturl" + cssClass="textfield_long"> + </s:textfield> + </div> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %></h3> + <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_smal1_show"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.show", request) %> + </button> + <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_saml1_hidden"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.hidden", request) %> + </button> + + <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_show"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.show", request) %> + </button> + <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_hidden"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.pvp2.hidden", request) %> + </button> + + <div id="oa_saml1_area" class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4> + <s:checkbox name="saml1OA.provideStammZahl" + value="%{saml1OA.provideStammZahl}" + labelposition="left" + key="webpages.oaconfig.saml1.provideStammZahl" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideAuthBlock" + value="%{saml1OA.provideAuthBlock}" + labelposition="left" + key="webpages.oaconfig.saml1.provideAuthBlock" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideIdentityLink" + value="%{saml1OA.provideIdentityLink}" + labelposition="left" + key="webpages.oaconfig.saml1.provideIdentityLink" + cssClass="checkbox"> + </s:checkbox> + <br> + <s:checkbox name="saml1OA.provideCertificate" + value="%{saml1OA.provideCertificate}" + labelposition="left" + key="webpages.oaconfig.saml1.provideCertificate" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideFullMandateData" + value="%{saml1OA.provideFullMandateData}" + labelposition="left" + key="webpages.oaconfig.saml1.provideFullMandateData" + cssClass="checkbox"> + </s:checkbox> +<%-- <br> + <br> + <br> + <s:checkbox name="saml1OA.useCondition" + value="%{saml1OA.useCondition}" + labelposition="left" + key="webpages.oaconfig.saml1.useCondition" + cssClass="checkbox"> + </s:checkbox> + <s:textfield name="saml1OA.conditionLength" + value="%{saml1OA.conditionLength}" + labelposition="left" + key="webpages.oaconfig.saml1.conditionLength" + cssClass="textfield_short"> + </s:textfield> --%> + + </div> + + <div id="oa_pvp2_area" class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4> + + <s:textfield name="pvp2OA.metaDataURL" + value="%{pvp2OA.metaDataURL}" + labelposition="left" + key="webpages.oaconfig.pvp2.metaDataURL" + cssClass="textfield_long"> + </s:textfield> + + <s:label key="webpages.oaconfig.pvp2.certifcate.info" value="%{pvp2OA.certificateDN}"/> + + <div id="pvp2_certificate_upload"> + <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file> + </div> + </div> + </div> + + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3> + + <s:checkbox name="generalOA.useIFrame" + value="%{generalOA.useIFrame}" + labelposition="left" + key="webpages.oaconfig.general.aditional.iframe" + cssClass="checkbox"> + </s:checkbox> + + <s:checkbox name="generalOA.useUTC" + value="%{generalOA.useUTC}" + labelposition="left" + key="webpages.oaconfig.general.aditional.useUTC" + cssClass="checkbox"> + </s:checkbox> + +<%-- <s:checkbox name="generalOA.calculateHPI" + value="%{generalOA.calculateHPI}" + labelposition="left" + key="webpages.oaconfig.general.aditional.calculateHPI" + cssClass="textfield_long"> + </s:checkbox> --%> + + <s:textarea name="generalOA.aditionalAuthBlockText" + value="%{generalOA.aditionalAuthBlockText}" + labelposition="left" + key="webpages.oaconfig.general.aditional.authblocktext" + cssClass="textfield_large"> + </s:textarea> + + </div> + +<%-- <s:hidden name="generalOA.dbID" + value="%{generalOA.dbID}"></s:hidden> --%> + + <div id="button_area"> + + <s:submit key="webpages.edit.back" action="cancleandbackOA"/> + + <s:submit key="webpages.edit.save" action="saveOA"/> + + <s:if test="!isNewOA()"> + <s:submit key="webpages.edit.delete" action="deleteOA"/> + </s:if> + </div> + + </s:form> + </div> + + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp b/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp new file mode 100644 index 000000000..067bcd57d --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/edituser.jsp @@ -0,0 +1,149 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <div id="list_area"> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.edituser.header", request) %></h3> + <s:textfield name="user.givenName" + value="%{user.givenName}" + labelposition="left" + key="webpages.edituser.givenname" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="user.familyName" + value="%{user.familyName}" + labelposition="left" + key="webpages.edituser.familyName" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="user.institut" + value="%{user.institut}" + labelposition="left" + key="webpages.edituser.institut" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="user.mail" + value="%{user.mail}" + labelposition="left" + key="webpages.edituser.mail" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="user.phone" + value="%{user.phone}" + labelposition="left" + key="webpages.edituser.phone" + cssClass="textfield_long"> + </s:textfield> + </div> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.edituser.access.header", request) %></h3> + <s:if test="isNewUser()"> + <s:textfield name="user.username" + value="%{user.username}" + labelposition="left" + key="webpages.edituser.username" + cssClass="textfield_long" + maxlength="16"> + </s:textfield> + </s:if> + <s:else> + <s:textfield name="user.username" + value="%{user.username}" + labelposition="left" + key="webpages.edituser.username" + cssClass="textfield_long" + disabled="true" + maxlength="16"> + </s:textfield> + </s:else> + + <s:password name="user.password" + labelposition="left" + key="webpages.edituser.password" + cssClass="textfield_long" + maxlength="16"> + </s:password> + + <s:password name="user.password_second" + labelposition="left" + key="webpages.edituser.password_second" + cssClass="textfield_long" + maxlength="16"> + </s:password> + + <s:textfield name="user.bpk" + value="%{user.bpk}" + labelposition="left" + key="webpages.edituser.bpk" + cssClass="textfield_long"> + </s:textfield> + </div> + + <s:if test="authUser.isAdmin()"> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.edituser.role.header", request) %></h3> + <s:checkbox name="user.active" + value="%{user.active}" + labelposition="left" + key="webpages.edituser.active" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="user.admin" + value="%{user.admin}" + labelposition="left" + key="webpages.edituser.admin" + cssClass="checkbox"> + </s:checkbox> + </div> + </s:if> + + <s:hidden name="user.userID" value="%{user.userID}"></s:hidden> + + <div id="button_area"> + + <s:if test="authUser.isAdmin()"> + <s:submit key="webpages.edit.back" action="usermanagementInit"/> + </s:if> + <s:submit key="webpages.edit.save" action="saveUser"/> + <s:if test="!isNewUser()"> + <s:submit key="webpages.edit.delete.user" action="deleteUser"/> + </s:if> + </div> + </s:form> + </div> + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp b/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp new file mode 100644 index 000000000..b28bc5f57 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/importexport.jsp @@ -0,0 +1,76 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <div id="list_area"> + <h2><%=LanguageHelper.getGUIString("webpages.inportexport.header", request) %></h2> + + + <s:if test="authUser.isAdmin()"> + + <p><%=LanguageHelper.getGUIString("webpages.inportexport.descripten", request) %></p> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.inportexport.legacyimport.header", request) %></h3> + <s:file name="fileUpload" key="webpages.inportexport.legacyimport.upload" cssClass="textfield_long"></s:file> + + <div id="button_area"> + <%-- <s:submit key="webpages.edit.back" action="main"/> --%> + <s:submit key="webpages.edit.import" action="importlegacy"/> + </div> + </div> + + </s:form> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.inportexport.import.header", request) %></h3> + <s:file name="fileUpload" key="webpages.inportexport.import.upload" cssClass="textfield_long"></s:file> + + <div id="button_area"> + <s:submit key="webpages.edit.import" action="importConfig"/> + <s:submit key="webpages.edit.export" action="exportConfig"/> + </div> + + </div> + </s:form> + </s:if> + + </div> + + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp new file mode 100644 index 000000000..11953ec86 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp @@ -0,0 +1,37 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <jsp:include page="snippets/oas_list.jsp"></jsp:include> + + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp b/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp new file mode 100644 index 000000000..b700970cc --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/mainpage.jsp @@ -0,0 +1,35 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + + <s:if test="hasActionMessages()"> + <div id="message_area"> + <label><%=LanguageHelper.getGUIString("message.title", request) %></label> + <s:actionmessage/> + </div> + </s:if> + + <p>Im Menü auf der rechten Seite können Sie die einzelnen Operationen wählen.</p> + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/searchOAs.jsp b/id/ConfigWebTool/src/main/webapp/jsp/searchOAs.jsp new file mode 100644 index 000000000..38dee8c70 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/searchOAs.jsp @@ -0,0 +1,54 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <div id="search_area"> + <h2><%=LanguageHelper.getGUIString("webpages.searchoa.header", request) %></h2> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + <s:textfield name="friendlyname" + value="%{friendlyname}" + labelposition="left" + key="webpages.searchoa.search.friendlyname" + cssClass="textfield_long"> + </s:textfield> + + <s:submit key="webpages.searchoa.butten.search" action="searchOA"/> + + </s:form> + </div> + + <jsp:include page="snippets/oas_list.jsp"></jsp:include> + + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/footer.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/footer.jsp new file mode 100644 index 000000000..3f00984f2 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/footer.jsp @@ -0,0 +1,9 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="footer_area"> + MOA-ID 2.x Konfigurations-Tool + </div> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp new file mode 100644 index 000000000..72affde79 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/header_userinfos.jsp @@ -0,0 +1,17 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="header_area"> +<!-- <div> --> + <%=LanguageHelper.getGUIString("webpages.header.info", request) %> + <s:property value="authUser.givenName"/> <s:property value="authUser.familyName"/>, + <%=LanguageHelper.getGUIString("webpages.header.lastlogin", request) %> <s:property value="authUser.lastLogin"/> + + <s:url action="logout" var="logoutURL" namespace="/"/> + <a id="logoutbutton" href="<s:property value="#logoutURL" />"><%=LanguageHelper.getGUIString("webpages.index.logout", request) %></a> +<!-- </div> --> + + </div> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp new file mode 100644 index 000000000..26b12cdcb --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp @@ -0,0 +1,42 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="menu_area"> + <div class="menu_element"> + <s:url action="newOA" var="newOA" namespace="/secure"/> + <a href="<s:property value="#newOA" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.oa.insert", request) %></a> + </div> + <div class="menu_element"> + <s:url action="searchOAInit" var="searchOAs" namespace="/secure"/> + <a href="<s:property value="#searchOAs" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.oa.search", request) %></a> + </div> + <div class="menu_element"> + <s:url action="listallapplications" var="listAllOAs" namespace="/secure"/> + <a href="<s:property value="#listAllOAs" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.oa.display", request) %></a> + </div> + + <s:if test="authUser.isAdmin()"> + <div class="menu_element"> + <s:url action="loadGeneralConfig" var="generalConfig" namespace="/secure"/> + <a href="<s:property value="#generalConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %></a> + </div> + <div class="menu_element"> + <s:url action="importexport" var="importexportUrl" namespace="/secure"/> + <a href="<s:property value="#importexportUrl" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.importexport", request) %></a> + </div> + </s:if> + + <div class="menu_element"> + <s:url action="usermanagementInit" var="userManagementUrl" namespace="/secure"/> + <a href="<s:property value="#userManagementUrl" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.usermanagement", request) %></a> + </div> + + +<%-- <div class="menu_element"> + <a href=""><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.user", request) %></a> + </div> --%> + + </div> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp new file mode 100644 index 000000000..113e822f8 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp @@ -0,0 +1,35 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <s:if test="formOAs && formOAs.size > 0"> + <div id="list_area"> + <div id="listHeader" class="listElement"> + <div class="listFirst"> + <%=LanguageHelper.getGUIString("webpages.listOAs.list.first", request) %> + </div> + <div class="listSecond"> + <%=LanguageHelper.getGUIString("webpages.listOAs.list.second", request) %> + </div> + </div> + + <s:iterator var="OAelement" value="formOAs"> + + <div class="listElement" onclick="editOA(<s:property value='dataBaseID'/>);"> + <div class="listFirst"> + <s:property value="oaIdentifier"/> + </div> + <div class="listSecond"> + <s:property value="oaFriendlyName"/> + </div> + </div> + + </s:iterator> + </div> + + <s:form method="POST" id="selectOAForm" action="loadOA" namespace="/secure"> + <s:hidden id="selectOAForm_OAID" name="oaidobj"></s:hidden> + </s:form> + </s:if> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp new file mode 100644 index 000000000..c5b67cbac --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/user_list.jsp @@ -0,0 +1,42 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <s:if test="userlist && userlist.size > 0"> + <h3><%=LanguageHelper.getGUIString("webpages.listUsers.list.header", request) %></h3> + <div id="list_area"> + <div id="listHeader" class="listElement"> + <div class="userListFirst"> + <%=LanguageHelper.getGUIString("webpages.listUsers.list.first", request) %> + </div> + <div class="userListSecond"> + <%=LanguageHelper.getGUIString("webpages.listUsers.list.second", request) %> + </div> + <div class="userListThird"> + <%=LanguageHelper.getGUIString("webpages.listUsers.list.third", request) %> + </div> + </div> + + <s:iterator var="UserElement" value="userlist"> + + <div class="listElement" onclick="userOA(<s:property value='userID'/>);"> + <div class="userListFirst"> + <s:property value="givenName"/> + </div> + <div class="userListSecond"> + <s:property value="familyName"/> + </div> + <div class="userListThird"> + <s:property value="userName"/> + </div> + </div> + + </s:iterator> + </div> + + <s:form method="POST" id="selectUserForm" action="editUser" namespace="/secure"> + <s:hidden id="selectUserForm_OAID" name="useridobj"></s:hidden> + </s:form> + </s:if> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp b/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp new file mode 100644 index 000000000..a29780cff --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/usermanagement.jsp @@ -0,0 +1,50 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <h2><%=LanguageHelper.getGUIString("webpages.usermanagement.header", request) %></h2> + + <s:if test="authUser.isAdmin()"> + + <jsp:include page="snippets/user_list.jsp"></jsp:include> + + <div id="list_area"> + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + <div id="button_area"> + <s:submit key="webpages.usermanagement.newuser" action="createUser"/> + </div> + </s:form> + </div> + </s:if> + + </div> + + <jsp:include page="snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml index fec12087a..76426f651 100644 --- a/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/oa/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ <faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
+ <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="1.5"/>
- <installed facet="jst.web" version="2.3"/>
-</faceted-project>
+</faceted-project> diff --git a/id/oa/.settings/org.maven.ide.eclipse.prefs b/id/oa/.settings/org.maven.ide.eclipse.prefs new file mode 100644 index 000000000..7f28ca3cd --- /dev/null +++ b/id/oa/.settings/org.maven.ide.eclipse.prefs @@ -0,0 +1,8 @@ +activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+includeModules=false
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/id/pom.xml b/id/pom.xml index c1dfc03d3..f91f7874a 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -21,6 +21,7 @@ <properties> <repositoryPath>${basedir}/../repository</repositoryPath> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> </properties> </project> diff --git a/id/server/auth/.settings/org.eclipse.wst.common.component b/id/server/auth/.settings/org.eclipse.wst.common.component index 90413a56a..b4ffa88f6 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.component +++ b/id/server/auth/.settings/org.eclipse.wst.common.component @@ -1,18 +1,23 @@ -<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
- <wb-module deploy-name="moa-id-auth">
- <dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module archiveName="stork-saml-engine-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <property name="context-root" value="moa-id-auth"/>
- <wb-resource deploy-path="/" source-path="src/main/webapp"/>
- <wb-resource deploy-path="/" source-path="src/main/wsdl"/>
- <property name="java-output-path" value="/target/classes"/>
- <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/resources"/>
- </wb-module>
-</project-modules>
+<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0"> + <wb-module deploy-name="moa-id-auth"> + <dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib"> + <dependency-type>uses</dependency-type> + </dependent-module> + <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common"> + <dependency-type>uses</dependency-type> + </dependent-module> + <dependent-module archiveName="moa-id-lib-1.9.90-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib"> + <dependency-type>uses</dependency-type> + </dependent-module> + <dependent-module archiveName="stork-saml-engine-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine"> + <dependency-type>uses</dependency-type> + </dependent-module> + <dependent-module archiveName="moa-id-commons-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-commons/moa-id-commons"> + <dependency-type>uses</dependency-type> + </dependent-module> + <property name="context-root" value="moa-id-auth"/> + <wb-resource deploy-path="/WEB-INF/classes" source-path="src/main/resources"/> + <wb-resource deploy-path="/" source-path="/src/main/webapp"/> + <property name="java-output-path" value="/target/classes"/> + </wb-module> +</project-modules> diff --git a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml index 564572b10..ac59587b0 100644 --- a/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml +++ b/id/server/auth/.settings/org.eclipse.wst.common.project.facet.core.xml @@ -2,6 +2,6 @@ <faceted-project>
<fixed facet="jst.java"/>
<fixed facet="jst.web"/>
- <installed facet="jst.web" version="2.4"/>
<installed facet="jst.java" version="5.0"/>
-</faceted-project>
\ No newline at end of file + <installed facet="jst.web" version="2.3"/>
+</faceted-project>
diff --git a/id/server/auth/.settings/org.maven.ide.eclipse.prefs b/id/server/auth/.settings/org.maven.ide.eclipse.prefs new file mode 100644 index 000000000..7f28ca3cd --- /dev/null +++ b/id/server/auth/.settings/org.maven.ide.eclipse.prefs @@ -0,0 +1,8 @@ +activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+includeModules=false
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index d03fcdad4..c68236e0e 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -9,7 +9,7 @@ <groupId>MOA.id.server</groupId> <artifactId>moa-id-auth</artifactId> <packaging>war</packaging> - <version>1.5.2</version> + <version>1.9.90-SNAPSHOT</version> <name>MOA ID-Auth WebService</name> <properties> @@ -61,6 +61,11 @@ <version>1.1</version> </dependency> <dependency> + <groupId>org.tuckey</groupId> + <artifactId>urlrewritefilter</artifactId> + <version>4.0.3</version> + </dependency> + <dependency> <groupId>MOA.spss.server</groupId> <artifactId>moa-spss-lib</artifactId> <!--version>${project.version}</version--> @@ -68,7 +73,7 @@ <dependency> <groupId>MOA.id.server</groupId> <artifactId>moa-id-lib</artifactId> - <!--version>${project.version}</version --> + <version>${project.version}</version> </dependency> <!-- transitive dependencies we don't want to include into the war --> <dependency> diff --git a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd index 0f0eb49d1..121ec3cf9 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd +++ b/id/server/auth/src/main/webapp/WEB-INF/server-config.wsdd @@ -11,7 +11,7 @@ <service name="GetAuthenticationData" provider="java:MSG">
<namespace>urn:oasis:names:tc:SAML:1.0:protocol</namespace>
<parameter name="allowedMethods" value="Request"/>
- <parameter name="className" value="at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService"/>
+ <parameter name="className" value="at.gv.egovernment.moa.id.protocols.saml1.GetAuthenticationDataService"/>
<wsdlFile>/resources/wsdl/MOA-ID-1.x.wsdl</wsdlFile>
<requestFlow>
</requestFlow>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml new file mode 100644 index 000000000..d33cae207 --- /dev/null +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -0,0 +1,71 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN" + "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd"> + +<!-- Configuration file for UrlRewriteFilter http://www.tuckey.org/urlrewrite/ --> +<urlrewrite> + + <rule> + <note> + The rule means that requests to /test/status/ will be redirected to + /rewrite-status + the url will be rewritten. + </note> + <from>/test/status/</from> + <to type="redirect">%{context-path}/rewrite-status</to> + </rule> + + <!-- Legacy Rules --> + <rule match-type="regex"> + <from>^/StartAuthentication$</from> + <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact</to> + </rule> + <rule match-type="regex"> + <from>^/StartAuthentication\?(.*)$</from> + <to type="forward">/dispatcher?mod=id_saml1&action=GetArtifact&$1</to> + </rule> + + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)$</from> + <to type="forward">/dispatcher?mod=$1&action=$2</to> + </rule> + <rule match-type="regex"> + <from>^/auth/([a-zA-Z0-9]+)/([a-zA-Z0-9]+)\?(.*)$</from> + <to type="forward">/dispatcher?mod=$1&action=$2&$3</to> + </rule> + + + <rule match-type="regex"> + <from>^/pvp2/metadata$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Metadata&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/pvp2/redirect$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Redirect&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/pvp2/post$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Post&%{query-string}</to> + </rule> + <rule match-type="regex"> + <from>^/PVP2Soap$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=Soap</to> + </rule> + + <outbound-rule> + <note> + The outbound-rule specifies that when response.encodeURL is called (if + you are using JSTL c:url) + the url /rewrite-status will be rewritten to /test/status/. + + The above rule and this outbound-rule means that end users should never + see the + url /rewrite-status only /test/status/ both in thier location bar and in + hyperlinks + in your pages. + </note> + <from>/rewrite-status</from> + <to>/test/status/</to> + </outbound-rule> + +</urlrewrite> diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml index 2a1d093d9..e47fe26e2 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/web.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml @@ -3,18 +3,34 @@ <web-app> <display-name>MOA ID Auth</display-name> <description>MOA ID Authentication Service</description> - <servlet> +<!-- <servlet> <servlet-name>SelectBKU</servlet-name> <display-name>SelectBKU</display-name> <description>Select Bürgerkartenartenumgebung</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class> + </servlet> --> + <servlet> + <servlet-name>GenerateIframeTemplate</servlet-name> + <display-name>GenerateIframeTemplate</display-name> + <description>Generate BKU Request template</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class> </servlet> <servlet> - <servlet-name>StartAuthentication</servlet-name> - <display-name>StartAuthentication</display-name> - <description>Start authentication process</description> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.StartAuthenticationServlet</servlet-class> - <load-on-startup>0</load-on-startup> + <servlet-name>RedirectServlet</servlet-name> + <display-name>RedirectServlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>SSOSendAssertionServlet</servlet-name> + <display-name>SSOSendAssertionServlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class> + </servlet> + <servlet> + <servlet-name>LogOut</servlet-name> + <display-name>LogOut</display-name> + <description>SSO LogOut</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class> + <load-on-startup>1</load-on-startup> </servlet> <servlet> <servlet-name>VerifyIdentityLink</servlet-name> @@ -34,19 +50,19 @@ <description>Get the MIS session ID coming from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class> </servlet> - + <servlet> <servlet-name>GetForeignID</servlet-name> <display-name>GetForeignID</display-name> <description>Gets the foreign eID from security layer</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class> </servlet> - <servlet> - <servlet-name>ProcessInput</servlet-name> - <display-name>ProcessInput</display-name> - <description>Process user input needed by infobox validators</description> - <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> - </servlet> +<!-- <servlet> + <servlet-name>ProcessInput</servlet-name> + <display-name>ProcessInput</display-name> + <description>Process user input needed by infobox validators</description> + <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class> + </servlet> --> <servlet> <servlet-name>VerifyAuthBlock</servlet-name> <display-name>VerifyAuthBlock</display-name> @@ -56,7 +72,8 @@ <servlet> <servlet-name>ConfigurationUpdate</servlet-name> <display-name>ConfigurationUpdate</display-name> - <description>Update MOA-ID Auth configuration from the configuration file</description> + <description>Update MOA-ID Auth configuration from the configuration + file</description> <servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class> </servlet> <servlet> @@ -67,36 +84,82 @@ <!-- JSP servlet --> <servlet> - <servlet-name>jspservlet</servlet-name> - <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> - </servlet> + <servlet-name>jspservlet</servlet-name> + <servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class> + </servlet> <servlet> <servlet-name>PEPSConnectorServlet</servlet-name> <display-name>PEPSConnectorServlet</display-name> - <description>Servlet receiving STORK SAML Response Messages from different C-PEPS</description> + <description>Servlet receiving STORK SAML Response Messages from + different C-PEPS</description> <servlet-class> - at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> + at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class> + </servlet> + + <!-- Dispatcher servlets + <servlet> + <servlet-name>AuthDispatcherServlet</servlet-name> + <display-name>AuthDispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.AuthDispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet>--> + <servlet> + <servlet-name>DispatcherServlet</servlet-name> + <display-name>Dispatcher Servlet</display-name> + <servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class> + <load-on-startup>1</load-on-startup> + </servlet> + + <!-- Servlet Registration --> + <servlet> + <servlet-name>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-name> + <servlet-class>at.gv.egovernment.moa.id.protocols.saml1.GetArtifactServlet</servlet-class> </servlet> - + + + + + <servlet-mapping> + <servlet-name>DispatcherServlet</servlet-name> + <url-pattern>/dispatcher</url-pattern> + </servlet-mapping> + <!-- servlet-mapping> + <servlet-name>AuthDispatcherServlet</servlet-name> + <url-pattern>/AuthDispatcher</url-pattern> + </servlet-mapping --> + + <!-- servlet mapping for jsp pages --> <!-- errorpage.jsp (customizeable) --> <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/errorpage-auth.jsp</url-pattern> - </servlet-mapping> - <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/errorpage-auth.jsp</url-pattern> + </servlet-mapping> + <!-- message.jsp (customizeable) used for non error messages (e.g. ConfigurationUpdate) --> <servlet-mapping> - <servlet-name>jspservlet</servlet-name> - <url-pattern>/message-auth.jsp</url-pattern> - </servlet-mapping> + <servlet-name>jspservlet</servlet-name> + <url-pattern>/message-auth.jsp</url-pattern> + </servlet-mapping> - <servlet-mapping> +<!-- <servlet-mapping> <servlet-name>SelectBKU</servlet-name> <url-pattern>/SelectBKU</url-pattern> + </servlet-mapping> --> + <servlet-mapping> + <servlet-name>GenerateIframeTemplate</servlet-name> + <url-pattern>/GenerateIframeTemplate</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>RedirectServlet</servlet-name> + <url-pattern>/RedirectServlet</url-pattern> </servlet-mapping> <servlet-mapping> - <servlet-name>StartAuthentication</servlet-name> - <url-pattern>/StartAuthentication</url-pattern> + <servlet-name>SSOSendAssertionServlet</servlet-name> + <url-pattern>/SSOSendAssertionServlet</url-pattern> + </servlet-mapping> + <servlet-mapping> + <servlet-name>LogOut</servlet-name> + <url-pattern>/LogOut</url-pattern> </servlet-mapping> <servlet-mapping> <servlet-name>VerifyIdentityLink</servlet-name> @@ -114,15 +177,16 @@ <servlet-name>GetForeignID</servlet-name> <url-pattern>/GetForeignID</url-pattern> </servlet-mapping> - - <servlet-mapping> + +<!-- <servlet-mapping> <servlet-name>ProcessInput</servlet-name> <url-pattern>/ProcessInput</url-pattern> + </servlet-mapping> --> + + <servlet-mapping> + <servlet-name>VerifyAuthBlock</servlet-name> + <url-pattern>/VerifyAuthBlock</url-pattern> </servlet-mapping> - <servlet-mapping> - <servlet-name>VerifyAuthBlock</servlet-name> - <url-pattern>/VerifyAuthBlock</url-pattern> - </servlet-mapping> <servlet-mapping> <servlet-name>ConfigurationUpdate</servlet-name> <url-pattern>/ConfigurationUpdate</url-pattern> @@ -135,6 +199,26 @@ <servlet-name>PEPSConnectorServlet</servlet-name> <url-pattern>/PEPSConnector</url-pattern> </servlet-mapping> + + <!-- Filters --> + <!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class> + </filter> --> + + <filter> + <filter-name>UrlRewriteFilter</filter-name> + <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class> + </filter> + + <filter-mapping> + <filter-name>UrlRewriteFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + <!-- <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/AuthDispatcher</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> <filter-mapping> <filter-name>DispatcherDecoratorFilter</filter-name> + <url-pattern>/StartAuthentication</url-pattern> <dispatcher>REQUEST</dispatcher> + <dispatcher>FORWARD</dispatcher> </filter-mapping> --> + <session-config> <session-timeout>5</session-timeout> </session-config> @@ -157,8 +241,8 @@ </login-config> <security-role> <description> - The role that is required to log in to the moa Application - </description> + The role that is required to log in to the moa Application + </description> <role-name>moa-admin</role-name> </security-role> </web-app> diff --git a/id/server/auth/src/main/webapp/css/2.0/stammzahl.css b/id/server/auth/src/main/webapp/css/2.0/stammzahl.css new file mode 100644 index 000000000..99c9ab425 --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stammzahl.css @@ -0,0 +1,192 @@ +#header { + position: relative; + top: -5px; padding-top : 114px; +/* background: url("../../img/2.0/logo_dsk_szr_header.png") right top no-repeat; */ + text-align: right; + padding-top: 114px; +} + +html { + height: 100%; +} + +body { + margin: 0px; background : url(../../../img/2.0/bg_header.png) 0 0 repeat-x; + padding-bottom: 2em; + font-weight: inherit; + font-style: inherit; + font-size: 100%; + font-family: Verdana, Arial, Helvetica, sans-serif; + line-height: 1; + min-height: 101%; + background: url(../../img/2.0/bg_header.png) 0 0 repeat-x; +} + +ol,ul { + list-style-type: none; + list-style-image: none; + list-style-position: outside; +} + +#pagebase { + background: url(../../img/2.0/bg_footer.png) repeat-x left bottom; + width: 100%; +} + +#page { + min-width: 800px; + max-width: 1000px; + margin: 0 auto 5px auto; + padding: 0 5px; +} + +#homelink { + position: absolute; + top: 20px; + left: 0; +} + +#homelink a:hover,#homelink a:focus,#homelink a:active { + border-bottom: 3px solid #c51713; +} + +#mainnav { + margin-top: 0px; + margin-bottom: 0px; + margin-left: 95px; + background: url(../../img/2.0/bg_mainnav.png) right bottom repeat-x; + float: right; + padding-top: 0pt; + padding-right: 0pt; + padding-bottom: 0pt; + padding-left: 0pt; +} + +#mainnav li { + float: left; + /*font-size: 0.9em;*/ + background: #fff url(../../img/2.0/bg_mainnav_right.png) right top no-repeat; + margin-left: 2px; +} + +#mainnav li.first-item { + margin-left: 0; +} + +#mainnav li a { + display: block; + font-weight: bold; + padding: 7px 0.75em; + text-decoration: none; + color: Black; + background: url(../../img/2.0/bg_mainnav_left.png) left top no-repeat; +} + +#mainnav li a.current { + color: #c51713; +} + +#mainnav li a:hover,#mainnav li a:focus,#mainnav li a:active { + color: #c51713; + text-decoration: underline; +} + +#footer { + position: relative; + clear: both; + display: block; + height: 48px; +} + +#footer ul { + float: right; + margin-top: 0.5em; + background: url(../../img/2.0/bg_bottom_line.png) 0 3px repeat-x; +} + +#footer li { + float: left; + font-size: 0.8em; + display: inline; +} + +#footer li a { + display: block; + padding: 0 1em; + margin-top: 3px; + text-decoration: none; + border-right: 1px solid white; + color: white; +} + +#footer li a.last-item { + border-right: none; + padding-right: 0; +} + +#footer li a:hover,#footer li a:focus,#footer li a:active { + text-decoration: underline; +} + +#servicenav { + margin: 0px; + padding: 0px; position : absolute; + top: 0; + left: 0; + width: 100%; + text-align: right; + margin-top: 3px; + position: absolute; +} + +#servicenav li { + display: inline; + font-size: 0.8em; + line-height: 1.2; +} + +#servicenav li a,#servicenav li span.current { + padding: 0 0.5em; + text-decoration: none; + border-right: 1px solid white; + color: white; +} + +#servicenav li a:hover,#servicenav li a:focus,#servicenav li a:active { + text-decoration: underline; +} + +#servicenav li span.current { + color: #c51713; + font-weight: bold; +} + +#servicenav li a.last-item { + border-right: none; + padding-right: 2px; +} + +.hidden { + position: absolute; + top: -1000em; + left: -1000em; + height: 1px; + width: 1px; + overflow: hidden; +} + +.clearfix:after { + content: "."; + display: block; + height: 0; + clear: both; + visibility: hidden; +} + +.clearfix { + display: inline-block; +} + +.clearfix { + display: block; +}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/2.0/stylesinput.css b/id/server/auth/src/main/webapp/css/2.0/stylesinput.css new file mode 100644 index 000000000..000888b7b --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stylesinput.css @@ -0,0 +1,251 @@ +@CHARSET "utf-8"; + +/* ************************************* */ +/* * generated css (see input.css.jsp) * */ +/* ************************************* */ +/* **** classes for value **** */ + +fieldset label.value, textarea.value, input.value { + width: 150px !important; +} + +textarea.value { + height: 50px !important; +} + +select.value { + /* Firefox ... */ + width: 154px !important; + /* IE5 - IE6 */ + _width: 156px !important; + /* IE7 */ + !width: 156px !important; +} +/* **** classes for xs **** */ + +fieldset label.xs, textarea.xs, input.xs { + width: 25px !important; +} + +select.xs { + /* Firefox ... */ + width: 29px !important; + /* IE5 - IE6 */ + _width: 31px !important; + /* IE7 */ + !width: 31px !important; +} + +/* **** classes for s **** */ + +fieldset label.s, textarea.s, input.s { + width: 50px !important; +} + +select.s { + /* Firefox ... */ + width: 54px !important; + /* IE5 - IE6 */ + _width: 56px !important; + /* IE7 */ + !width: 56px !important; +} + +/* **** classes for m **** */ + +fieldset label.m, textarea.m, input.m { + width: 75px !important; +} + +select.m { + /* Firefox ... */ + width: 79px !important; + /* IE5 - IE6 */ + _width: 81px !important; + /* IE7 */ + !width: 81px !important; +} + +/* **** classes for l **** */ + +fieldset label.l, textarea.l, input.l { + width: 100px !important; +} + +select.l { + /* Firefox ... */ + width: 104px !important; + /* IE5 - IE6 */ + _width: 106px !important; + /* IE7 */ + !width: 106px !important; +} + +/* **** classes for xl **** */ + +fieldset label.xl, textarea.xl, input.xl { + width: 200px !important; +} + +select.xl { + /* Firefox ... */ + width: 204px !important; + /* IE5 - IE6 */ + _width: 206px !important; + /* IE7 */ + !width: 206px !important; +} + +/* **** classes for xll **** */ + +fieldset label.xll, textarea.xll, input.xll { + width: 250px !important; +} + +select.xll { + /* Firefox ... */ + width: 254px !important; + /* IE5 - IE6 */ + _width: 256px !important; + /* IE7 */ + !width: 256px !important; +} + +/* **** classes for xlll **** */ + +fieldset label.xlll, textarea.xlll, input.xlll { + width: 300px !important; +} + +select.xlll { + /* Firefox ... */ + width: 304px !important; + /* IE5 - IE6 */ + _width: 306px !important; + /* IE7 */ + !width: 306px !important; +} + +/* **** classes for xllll **** */ + +fieldset label.xllll, textarea.xllll, input.xllll { + width: 350px !important; +} + +select.xllll { + /* Firefox ... */ + width: 354px !important; + /* IE5 - IE6 */ + _width: 356px !important; + /* IE7 */ + !width: 356px !important; +} + +/* **** classes for xxl **** */ + +fieldset label.xxl, textarea.xxl, input.xxl { + width: 400px !important; +} + +fieldset input[type=file].xxl { + margin-right: 5px; + width: 250px !important; + !width: 400px !important; + _width: 400px !important; +} + + + +textarea.xxl { + height: 100px !important; +} + +select.xxl { + /* Firefox ... */ + width: 404px !important; + /* IE5 - IE6 */ + _width: 406px !important; + /* IE7 */ + !width: 406px !important; +} + +/* **** classes for xxll **** */ + +fieldset label.xxll, textarea.xxll, input.xxll { + width: 450px !important; +} + +select.xxll { + /* Firefox ... */ + width: 454px !important; + /* IE5 - IE6 */ + _width: 456px !important; + /* IE7 */ + !width: 456px !important; +} + +/* **** classes for xxlll **** */ + +fieldset label.xxlll, textarea.xxlll, input.xxlll { + width: 500px !important; +} + +select.xxlll { + /* Firefox ... */ + width: 504px !important; + /* IE5 - IE6 */ + _width: 506px !important; + /* IE7 */ + !width: 506px !important; +} + +/* **** classes for xxllll **** */ + +fieldset label.xxllll, textarea.xxllll, input.xxllll { + width: 550px !important; +} + +select.xxllll { + /* Firefox ... */ + width: 554px !important; + /* IE5 - IE6 */ + _width: 556px !important; + /* IE7 */ + !width: 556px !important; +} + +/* **** classes for xxxl **** */ + +fieldset label.xxxl, textarea.xxxl, input.xxxl { + width: 600px !important; +} + +textarea.xxxl { + height: 200px !important; +} + +select.xxxl { + /* Firefox ... */ + width: 604px !important; + /* IE5 - IE6 */ + _width: 606px !important; + /* IE7 */ + !width: 606px !important; +} +fieldset label.xxxxl, textarea.xxxxl, input.xxxxl { + width: 700px !important; +} + +textarea.xxxxl { + height: 250px !important; +} + +select.xxxxl { + /* Firefox ... */ + width: 704px !important; + /* IE5 - IE6 */ + _width: 706px !important; + /* IE7 */ + !width: 706px !important; +} + diff --git a/id/server/auth/src/main/webapp/css/2.0/stylesnew.css b/id/server/auth/src/main/webapp/css/2.0/stylesnew.css new file mode 100644 index 000000000..e9c02120f --- /dev/null +++ b/id/server/auth/src/main/webapp/css/2.0/stylesnew.css @@ -0,0 +1,830 @@ +@CHARSET "utf-8"; + +/* TODO: check min-width for all styles */ + +/* ********************************** */ +/* Neudefinition von bestehenden Tags */ +/* ********************************** */ + +html { + margin: 0px; + padding: 0px; +} + +body { + margin: 0px; + padding: 0px; + +} + +input, textarea, html, body { + font-family: Arial, Helvetica, sans-serif; + font-size: 10pt; +} + +h1 { + font-weight: bold; + font-size: 14pt; + color: #006464; + margin: 10px 0px 10px 0px; +} + +h2, h3, h4, h5, h6 { + background-color: #CCCCCC; + font-size: 11pt; + padding: 3px; + margin: 3px 2px 4px 2px; +} + + p { + margin: 1px; + padding: 4px 3px 0px 3px; +} + +img { + border: 0px; +} + +fieldset { + border: 0px; + margin: 0px; +} + +a { + color: #D60029; + text-decoration: none; +} + +a:hover { + text-decoration: underline; +} + +textarea { + overflow: auto; +} + +/* ****************** */ +/* allgemeine Klassen */ +/* ****************** */ + +.pageWidth { + min-width: 982px; /* wegen padding vom body, 950+20px */ + margin: 5px; + /* IE 6 hack */ + _width: 982px; +} + +.info-label{ + padding:6px; + white-space:nowrap; + width:100%; + font-size: 10pt; + font-weight: normal; +} + + + +.box, .overflowedBox, .whiteBox, .debugBox { + padding: 0px 0px; +} + +.box, .overflowedBox, .debugBox { + /*background-color: #EEEEEE;*/ +} + +.box { + padding-bottom: 4px; +} + +/*.whiteBox { + background-color: #FFFFFF; + border: 2px solid #EEEEEE; +}*/ + +.overflowedBox { + overflow: auto; +} + +.marginBottomNegative { + margin-bottom: -10px; + margin-top: 5px; +} + +.redColor { + color: #CC0000; +} + +.emcolor { + color: #006464; +} + +.subheader{ + font-weight: bold; + font-size:14pt; + color: #CC0000; + padding: 0px; + border: none; + background: #FFFFF; + padding: 0px; +} + +.pathnavigation { + border: none; + font-weight: bold; + font-family: Helvetica, sans-serif; + font-size: .9em; + margin-bottom: 10px; + padding: 3px; + cursor: pointer; + margin-right: 5px; +} + +.pathnavigation.selected { + color: #FFFFFF; + background: #006464; +} + +.pathnavigation.deselected { + color: #006464; + background: #FFFFFF; +} + +.upload-remove { + margin: 0px 2px 0px 2px; + width: 75px !important; +/* display: inline !important; + float: none !important;*/ +} + +.upload { + margin-top:2px; + padding:4px 1px 0px 3px; +} + +.repeat-evenindex, tr.repeat-item.repeat-evenindex td { + background-color: #dddddd; +} + +.repeat-minimal { + margin-bottom: 0px; +} + +.repeat-minimal, .repeat-minimal-item { + overflow: auto; +} + +fieldset.box .repeat-minimal-item input, +fieldset.box .repeat-minimal-item select, +fieldset.box .repeat-minimal-item textarea { + !margin-top: 1px; +} + +.repeat-minimal-item { + padding: 2px 0px; + margin: 2px; + _height: 100%; +} + +/* vertical centering ?? */ +/*.repeat-minimal-item span, .repeat-minimal-item a, .repeat-minimal-item input { + display: block; + float: left; + vertical-align: middle; + margin-right: 3px; +}*/ + +.repeat-selector { + width: auto !important; +} + +.full-repeat-box { + overflow: auto; + margin: 10px 0px 10px 0px; +} + +.disabled, .deselected-case { + display: none !important; +} + +.output-spaced { + display: block; +} + +.output{ + padding-top: 6px; + padding-left: 6px; + vertical-align: top; + text-align: left; +} + +fieldset.box span.verylarge{ + width: 650px; +} + +fieldset.box span.selector-item { + margin: 0px 5px; +} + +.groupwide { + width: 900px; +} + +fieldset.box span { + display: block; + float: left; + padding: 0px 3px; + min-height: 14px; + _height: 14px; +} + +fieldset.box span.output { + padding-top: 4px; +} + +dl.ic { + padding: 0px; + margin: 0px; + clear: both; +} + +dl.ic dt { + width: 200px; + font-weight: bold; + float: left; + clear: none; + text-align: right; + padding: 2px 0px 2px 10px; + margin: 0 2px 0 0; +} +dl.ic dd { + padding: 2px 3px 2px 0px; + margin-left: 215px; +} + +fieldset.box div { + padding-top: 0px; + !padding-top: 0px; + _padding-top: 0px; +} + +fieldset.box div span.selector-item { + float: none; + display: inline; +} + +fieldset.box div span.selector-item span, fieldset.box div span.selector-item input { + float: none; + display: inline; + vertical-align: middle; +} + + +/*fieldset.box div span, fieldset.box span span { + display: inline; + float: none; +}*/ + +.group { + background: #EEEEEE; + padding: 2px; + margin: 5px 0px; +} + +.groupwhite { + background: #FFFFFF; + padding: 2px; + margin: 5px 0px; +} + +.repeat-item { + padding: 0px; + margin: 0px; +} + +.repeated-evenindex { + background: #dddddd; + overflow: auto; +} + +div.spacing{ + overflow: hidden; + float: left; + !margin_bottom: 2px; + _height: 100%; +} + + +/* ******************** */ +/* tag specific classes */ +/* ******************** */ + +h2.label { + /*min-width: 954px;*/ + +} + +h3.inputcommit, h4.inputcommit, h5.inputcommit, h6.inputcommit { + margin: 10px 0px 0px -10px; +} + +a.info, span.info { + margin-right: 7px; + padding-bottom: 3px; +} + +div.signaturblock { + overflow: visible; + min-height: 160px; +} + +div.signaturtop { + float: left; + font-size: 9pt; + padding-left: 13px; + padding-top: 13px; + width: 240px; +} + +#amtssignaturtext .bold { + font-weight: bold; +} + +img.signaturlogo { + /*position: absolute;*/ + border: none; + padding-bottom: 3px; + display: block; +} + +br.clearAll { + clear: both; +} + +br.clearLeft { + clear: left; +} + +span.label { + float: left; + margin: 3px 0px 3px 0px; +} + +/* **** Inputs **** */ + +/* doesn't work with IE6 */ +/*input[type=submit].value, input[type=button].value { + width: auto !important; + margin-right: 5px; +} + +input[type=radio], input[type=radio].value { + width: auto !important; +} + +input[type=checkbox], input[type=checkbox].value { + width: auto !important; + float: left; +}*/ + +input.textright { + text-align: right; +} + +input.button, fieldset.box input.button, div input.button, div div input.button{ + width: auto !important; + margin-right: 5px; +} + +input.radio, fieldset.box input.radio { + width: auto !important; + margin: 4px 3px; + !margin: 4px; +} + +fieldset.box input[type=hidden] { + width: 0px; + display: none; +} + +input.checkbox, fieldset.box input.checkbox { + width: auto !important; + float: left; + padding: 2px; +} + +tr.repeat-item td label { + width: auto; +} + +/* **** Fieldsets **** */ + +/* needed to be html4 conform, only used for screen readers */ +fieldset.box legend { + display: none; +} + +fieldset.box { + padding-bottom: 0px; + margin-bottom: 0px; +} + +fieldset.box span.required,fieldset.box span.error,fieldset.box a.info, +span.required, span.error, a.info, span.info { + display: block; + float: left; + width: 10px; + overflow: hidden; + text-align: center; + font-weight: bold; + margin-right: 4px 0px 2px 0px; + height: 14px; + padding: 3px 0px 3px; +} + +fieldset.box a.info , fieldset.box span.error, span.error, a.info, span.info, span.required { + margin-top: 4px; + margin-left: 1px; + margin-right: 1px; +} + +fieldset.box .repeat-minimal-item a.info, +fieldset.box .repeat-minimal-item span.error, +fieldset.box .repeat-minimal-item span.info { + margin-top: 3px; + !margin-top: 3px; + _margin-top: 3px; +} + +/* +fieldset.box span.error, fieldset.box a.info, fieldset.box span.required +fieldset.box input, fieldset.box select, fieldset.box textarea, fieldset.box label { + margin-bottom: 5px; +}*/ + +fieldset.box span.error, span.error { + color: white; + background-color: red; +} + +fieldset.box a.info, a.info { + background-color: #005A00; + color: white; + font-family: serif; + text-decoration: none; + margin: 4px 4px; +} + +fieldset.box label { + display: block; + float: left; + width: 150px; + text-align: right; + padding: 4px 1px 0px 10px; + margin-top: 0px; +} + +fieldset.box label.bold { + font-weight: bold; +} + +fieldset.box br { + line-height: 1px; + !line-height: 2px; /* IE7 */ +} + +fieldset.box label.labelnone { + width: 0px; +} + +fieldset.box label.labelverysmall { + width: 50px; +} + +fieldset.box label.labelabitsmall { + width: 80px; +} + +fieldset.box label.labelsmaller { + width: 100px; +} + +fieldset.box label.labelsmall { + width: 120px; +} + +fieldset.box label.labelsm { + width: 130px; +} + +fieldset.box label.labelmedium { + width: 150px; +} + +fieldset.box label.labelml { + width: 170px; +} + +fieldset.box label.labelwide { + width: 190px; /* wegen tourismus-formular-seitenbreite */ +} + +fieldset.box label.labellarge { + width: 230px; +} + +fieldset.box label.labellarger { + width: 250px; +} + +fieldset.box label.labelverylarge, +div.box dl.labelverylarge dt { + width: 650px; +} + +fieldset.box input,fieldset.box output, fieldset.box select, fieldset.box textarea { + float: left; + display: block; + width: 150px; + margin: 3px 4px 3px 0px; +} + +fieldset.box br { + clear: left; + margin: 1px; +} + +/*fieldset.box label.s { + display: block; + float: left; + width: 100px !important; + text-align: right; + padding-right: 5px; + margin-top: 2px; +} + +fieldset.box label.xxxl { + width: 300px; +}*/ + +/* **** dl Liste **** */ + +dl.tabbed, dl.info, dl.signatur { + margin: 3px 0px; + min-height: 160px; +} + +dl.tabbed dt, dl.info dt, dl.signatur dt { + font-weight: bold; + width: 250px; + float: left; + text-align: right; + padding: 1px 5px; + clear: left; +} + +dl.signatur dt { + width: 170px; + clear: none; +} + +dl.tabbed dt.labelverylarge { + width: 650px; +} + +dl.info dt { + /* doesn't work with IE, caused by the float: left */ + /*display: list-item;*/ + width: 150px; + text-align: left; + margin-left: 25px; + padding: 0px 5px 5px 5px; +} + +dl.tabbed dd, dl.info dd, dl.signatur dd { + margin-left: 160px; + padding: 1px 3px 2px 0px; +} + +dl.signatur dd { + margin-left: 440px; +} + +dl.info dd { + padding: 0px 5px 5px 5px; +} + +/* ******** */ +/* Regionen */ +/* ******** */ + +/* **** Logo **** */ +#szrlogo { + float:right; + top: 10px; + right: 10px; + text-align: right; +} + +#logotext { + white-space: nowrap; + font-weight: bold; + font-size: 14pt; + color: #006464; +} + +/* **** Empfängerinfo **** */ + +#empfaengerinfo { + + float: left; +} + +#empfaengerinfo span#empfaenger { + font-weight: bold; + display: block; +} + +/* **** Hinweisbox **** */ +#hinweisbox { + background-color: #EEEEEE; + overflow: auto; + _padding-bottom: 40px; +} + +#hinweisbox #bittebeachten { + font-size: 16px; + font-weight: bold; + background-color: #d60028; + padding: 10px; + float: left; + color: white; + margin-right: 5px; +} + +#hinweisbox .spaced { + margin: 12px 50px 0px 0px; + float: left; +} + +#hinweisbox .spaced .error, #hinweisbox .spaced .info { + margin-right: 7px; + margin-top: -2px; + padding-top: 2px; +} + +#hinweisbox .spaced .info{ + background-color: #005A00; + color: white; + font-family: serif; +} + +/* **** Fehlermeldungen **** */ + +#fehlermeldungen h2 { + border-width: 0px; + background-color: #FFFFFF; +} + +#fehlermeldungen ul { + padding-left: 15px; +} + +#fehlermeldungen h2, #fehlermeldungen ul li, #fehlermeldungen ul li a{ + color:red; + font-weight: bold; + font-size: 10pt; +} + +#erfolgsmeldungen h2, #erfolgsmeldungen ul li, #erfolgsmeldungen ul li a{ + color:#009900; + font-weight: bold; + font-size: 10pt; +} + +/* **** Fehlermeldungen Transaction **** */ + +#fehlertransaction span { + color:red; + font-weight: bold; + font-size: 10pt; +} + +/* **** Navigationsleiste **** */ + +#submitbar { + clear: both; + background-color: #EEEEEE; + margin-top: 5px; + padding: 5px 10px; + overflow: auto; +} + +#submitbar #leftbuttons { + float: left; +} + +#submitbar #centerbuttons { + text-align: center; +} + +#submitbar #rightbuttons { + float: right; +} + +#submitbar #kontrollseite { + float: right; +} + +/* **** Fußzeile **** */ + +#footerbar { + margin-top: 5px; + background-color: #EEEEEE; + padding: 0px 5px; + overflow: auto; +} + +#footerbar #serverinfo { + float: left; + padding: 15px 0px; +} + +#footerbar #support { + text-align: center; + padding: 15px 0px; +} + +#footerbar #xgovguetesiegel { + float: right; + margin: 5px 0px; +} + +#savecommitdiv input, #formabortdiv input, +#errorabortdiv input, #loadcommitdiv input { + margin-right: 5px; + vertical-align: middle; + text-align: center; +} + +#formabortdiv h3, #savecommitdiv h3,#savecommitserverdiv h3, #loadcommitdiv h3 { + border: none; + font-size: 10pt; + background-color: transparent; + margin: 6px 0px 0px -2px; +} + +#formabortdiv ul, #savecommitdiv ul, #loadcommitdiv ul { + margin-top: 3px; +} + +#formabortdiv p, #savecommitdiv p, #loadcommitdiv p { + margin: 0 0 6px 6px; +} + +#statusimage { + width: 148px; + height: 57px; + /* special IE style propertie */ + behavior: url('bku-handling/css/pngbehavior.htc'); +} + +#validateallheader { + border-spacing: 2px; + border: thin solid #CCCCCC; +} + +#validateallsubheader { + background-color: transparent; + font-size: 10pt; + margin: 0px 0px 0px -10px; + padding: 0px; +} + + +/* bei repeats radio ausrücken */ +.repeat-item .radio { + float: left; + margin-top: 11px; +} + +.repeat-item .group { + margin-left: 20px; +} + +.repeat-without-radio .group { + margin-left: 0px; +} + +.area { + background-color: #EEEEEE; + padding-bottom: 5px; +} + +.area>p { + margin-left: 10px; + margin-bottom: 10px; +} + +#numberSearch { + margin-bottom: 15px; +}
\ No newline at end of file diff --git a/id/server/auth/src/main/webapp/css/index.css b/id/server/auth/src/main/webapp/css/index.css index 3dd974813..2af88f24a 100644 --- a/id/server/auth/src/main/webapp/css/index.css +++ b/id/server/auth/src/main/webapp/css/index.css @@ -76,25 +76,110 @@ p#skiplinks a:active { #main {
clear:both;
position:relative;
+ margin-left: 45%;
}
/* left */
#leftcontent {
float:left;
- width:220px;
+ width:250px;
+ margin-bottom: 25px;
+}
+
+.iframebkuselection {
+ text-align: center;
+ padding-bottom: 25px;
+ background-color : #DDDDDD;
}
h2#tabheader, h2#contentheader {
- padding:2px;
+ padding-bottom: 2px;
+ padding-right: 2px;
+ padding-top: 2px;
+ padding-left: 5px;
font-size:1.1em;
color:#fff;
border-bottom:2px solid #fff;
}
+h2#tabheader.full {
+ padding:5px;
+ font-size:20px;
+ color:#fff;
+ border-bottom:2px solid #fff;
+}
+
+#selectArea {
+ padding-top: 10px;
+ padding-bottom: 55px;
+ padding-left: 10px;
+}
+
+#selectArea.full {
+ font-size: 15px;
+ padding-bottom: 65px;
+}
+
+#leftcontent.full {
+ width: 400px;
+ margin-top: 30px;
+}
+
+#main.full {
+ margin-left: 35%;
+}
+
+.setAssertionButton {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 70px;
+ height: 25px;
+}
+
+.setAssertionButton_full {
+ background: #efefef;
+ cursor: pointer;
+ margin-top: 15px;
+ width: 100px;
+ height: 30px
+}
+
+#leftbutton {
+ width: 35%;
+ float:left;
+ margin-left: 15px;
+}
+
+#rightbutton {
+ width: 35%;
+ float:right;
+ margin-right: 25px;
+ text-align: right;
+}
+
+#leftbutton.full {
+ width: 30%;
+ float:left;
+ margin-left: 40px;
+}
+
+#rightbutton.full {
+ width: 30%;
+ float:right;
+ margin-right: 45px;
+ text-align: right;
+}
+
+#stork {
+ margin-bottom: 10px;
+ margin-top: 5px;
+}
+
#bkulogin {
overflow:hidden;
- width:220px;
+ width:250px;
}
#bkukarte {
@@ -140,6 +225,14 @@ input { padding:4px;
}
+.selectText{
+
+}
+
+.selectTextHeader{
+
+}
+
.sendButton {
background-color: DarkGray;
border-style: solid;
@@ -251,7 +344,24 @@ p { /* [OPTIONAL] Geben Sie hier die Farbe fuer Links an */
#leftcontent a, #content a {
- color: blue;
+ color: white;
+}
+
+.OA_header {
+ background-color: white;
+ font-size: 20pt;
+ margin-bottom: 25px;
+ margin-left: 25%;
+ margin-top: 25px;
+}
+
+.main_header {
+ color: black;
+ font-size: 32pt;
+ position: absolute;
+ right: 10%;
+ top: 40px;
+
}
@media print {
diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_footer.png b/id/server/auth/src/main/webapp/img/2.0/bg_footer.png Binary files differnew file mode 100644 index 000000000..d8a430e0f --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_footer.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_header.png b/id/server/auth/src/main/webapp/img/2.0/bg_header.png Binary files differnew file mode 100644 index 000000000..190cf97ea --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_header.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png Binary files differnew file mode 100644 index 000000000..efaf93582 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png Binary files differnew file mode 100644 index 000000000..1dd281826 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_left.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png Binary files differnew file mode 100644 index 000000000..f598be094 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bg_mainnav_right.png diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_local.gif b/id/server/auth/src/main/webapp/img/2.0/bku_local.gif Binary files differnew file mode 100644 index 000000000..9bbf631c0 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bku_local.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif b/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif Binary files differnew file mode 100644 index 000000000..97c8cee35 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bku_mobile.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/bku_online.gif b/id/server/auth/src/main/webapp/img/2.0/bku_online.gif Binary files differnew file mode 100644 index 000000000..03a54765a --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/bku_online.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png b/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png Binary files differnew file mode 100644 index 000000000..562fbc66f --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/checkbox_checked.png diff --git a/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif b/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif Binary files differnew file mode 100644 index 000000000..c93a6ea06 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/checkbox_unchecked.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/dsk.ico b/id/server/auth/src/main/webapp/img/2.0/dsk.ico Binary files differnew file mode 100644 index 000000000..df7e8d31e --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/dsk.ico diff --git a/id/server/auth/src/main/webapp/img/2.0/logo.png b/id/server/auth/src/main/webapp/img/2.0/logo.png Binary files differnew file mode 100644 index 000000000..dfb4351d0 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo.png diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif b/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif Binary files differnew file mode 100644 index 000000000..ff83cd82b --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo_digitalesOE.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png Binary files differnew file mode 100644 index 000000000..9b3e7055a --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_nav.png diff --git a/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png Binary files differnew file mode 100644 index 000000000..b4f8be6d8 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/logo_dsk_szr_header.png diff --git a/id/server/auth/src/main/webapp/img/2.0/std_handy.gif b/id/server/auth/src/main/webapp/img/2.0/std_handy.gif Binary files differnew file mode 100644 index 000000000..088ec0957 --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/std_handy.gif diff --git a/id/server/auth/src/main/webapp/img/2.0/std_karte.gif b/id/server/auth/src/main/webapp/img/2.0/std_karte.gif Binary files differnew file mode 100644 index 000000000..1ec7afc2e --- /dev/null +++ b/id/server/auth/src/main/webapp/img/2.0/std_karte.gif diff --git a/id/server/auth/src/main/webapp/template_onlineBKU.html b/id/server/auth/src/main/webapp/template_onlineBKU.html index b8cd19866..77f7d076a 100644 --- a/id/server/auth/src/main/webapp/template_onlineBKU.html +++ b/id/server/auth/src/main/webapp/template_onlineBKU.html @@ -23,6 +23,7 @@ <!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
<input type="hidden" name="appletBackgroundColor" value="#DDDDDD">
+ <input type="hidden" name="redirectTarget" value="_top">
</form>
<form name="CustomizedInfoForm" action="<BKU>" method="post">
diff --git a/id/server/data/deploy/conf/moa-id/pvp.ks b/id/server/data/deploy/conf/moa-id/pvp.ks Binary files differnew file mode 100644 index 000000000..4504c109d --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/pvp.ks diff --git a/id/server/data/deploy/conf/moa-id/pvp2config.properties b/id/server/data/deploy/conf/moa-id/pvp2config.properties new file mode 100644 index 000000000..3e851a255 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/pvp2config.properties @@ -0,0 +1,21 @@ +idp.ks.file=/home/afitzek/server/moaid_conf/moaid/pvp.ks +idp.ks.alias=pvpIDP +idp.ks.kspassword=123456 +idp.ks.keypassword=123456 + +idp.contact.test.surname=Mustermann +idp.contact.test.givenname=Max +idp.contact.test.mail=max@muster.mann +idp.contact.test.type=technical + +idp.org.name=OrganisatioName +idp.org.dispname=OrganisationDisplayName +idp.org.url=http://www.egiz.gv.at + +idp.sso.post=https://127.0.0.1:8443/moa-id-auth/dispatcher?mod=id_pvp2x&action=Post +idp.sso.redirect=https://127.0.0.1:8443/moa-id-auth/dispatcher?mod=id_pvp2x&action=Redirect +idp.resolve.soap=https://127.0.0.1:8443/moa-id-auth/dispatcher?mod=id_pvp2x&action=Soap + +idp.contact_list=test + +md.file=/home/afitzek/server/moaid_conf/moaid/metadata/samplePVP_MD.xml
\ No newline at end of file diff --git a/id/server/doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx b/id/server/doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx Binary files differnew file mode 100644 index 000000000..9c63cd941 --- /dev/null +++ b/id/server/doc/MOA-ID_PreRelease_1_9_90_SNAPSHOT.docx diff --git a/id/server/idserverlib/.settings/org.eclipse.wst.common.component b/id/server/idserverlib/.settings/org.eclipse.wst.common.component index a5eb3d4d8..97a7309a7 100644 --- a/id/server/idserverlib/.settings/org.eclipse.wst.common.component +++ b/id/server/idserverlib/.settings/org.eclipse.wst.common.component @@ -1,7 +1,8 @@ -<?xml version="1.0" encoding="UTF-8"?>
-<project-modules id="moduleCoreId" project-version="2.0">
+<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
<wb-module deploy-name="moa-id-lib">
<wb-resource deploy-path="/" source-path="src/main/java"/>
<wb-resource deploy-path="/" source-path="src/main/resources"/>
+ <wb-resource deploy-path="/" source-path="/src/main/java"/>
+ <wb-resource deploy-path="/" source-path="/src/main/resources"/>
</wb-module>
-</project-modules>
\ No newline at end of file +</project-modules> diff --git a/id/server/idserverlib/.settings/org.maven.ide.eclipse.prefs b/id/server/idserverlib/.settings/org.maven.ide.eclipse.prefs index 3f907cfa1..7f28ca3cd 100644 --- a/id/server/idserverlib/.settings/org.maven.ide.eclipse.prefs +++ b/id/server/idserverlib/.settings/org.maven.ide.eclipse.prefs @@ -1,4 +1,3 @@ -#Tue Jul 07 16:06:59 CEST 2009
activeProfiles=
eclipse.preferences.version=1
fullBuildGoals=process-test-resources
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 7fbde1c6a..d66159744 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -9,7 +9,7 @@ <groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
<packaging>jar</packaging>
- <version>1.5.2</version>
+ <version>1.9.90-SNAPSHOT</version>
<name>MOA ID API</name>
<properties>
@@ -114,6 +114,17 @@ <artifactId>iaik_X509TrustManager</artifactId>
</dependency>
<dependency>
+ <groupId>edu.internet2.middleware</groupId>
+ <artifactId>shibboleth-common</artifactId>
+ <version>1.4.0</version>
+ <exclusions>
+ <exclusion>
+ <artifactId>logback-classic</artifactId>
+ <groupId>ch.qos.logback</groupId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
<groupId>regexp</groupId>
<artifactId>regexp</artifactId>
</dependency>
@@ -135,7 +146,12 @@ <groupId>MOA.id</groupId>
<artifactId>stork-saml-engine</artifactId>
<version>1.5.2</version>
- </dependency>
+ </dependency>
+ <dependency>
+ <groupId>MOA.id.server</groupId>
+ <artifactId>moa-id-commons</artifactId>
+ <version>1.5.2</version>
+ </dependency>
</dependencies>
<build>
@@ -168,8 +184,10 @@ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
- <version>2.2</version>
+ <version>2.5</version>
<configuration>
+ <charset>UTF-8</charset>
+ <docencoding>UTF-8</docencoding>
<quiet>true</quiet>
<author>false</author>
<version>false</version>
diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java new file mode 100644 index 000000000..7219ada8f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Issued.java @@ -0,0 +1,134 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.datatype.XMLGregorianCalendar; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Place" type="{http://www.w3.org/2001/XMLSchema}token"/> + * <element name="Date" type="{http://reference.e-government.gv.at/namespace/mandates/20040701#}DateType"/> + * <element name="Time" type="{http://www.w3.org/2001/XMLSchema}time" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "place", + "date", + "time" +}) +@XmlRootElement(name = "Issued") +public class Issued { + + @XmlElement(name = "Place", required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String place; + @XmlElement(name = "Date", required = true) + protected String date; + @XmlElement(name = "Time") + @XmlSchemaType(name = "time") + protected XMLGregorianCalendar time; + + /** + * Gets the value of the place property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPlace() { + return place; + } + + /** + * Sets the value of the place property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPlace(String value) { + this.place = value; + } + + /** + * Gets the value of the date property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getDate() { + return date; + } + + /** + * Sets the value of the date property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setDate(String value) { + this.date = value; + } + + /** + * Gets the value of the time property. + * + * @return + * possible object is + * {@link XMLGregorianCalendar } + * + */ + public XMLGregorianCalendar getTime() { + return time; + } + + /** + * Sets the value of the time property. + * + * @param value + * allowed object is + * {@link XMLGregorianCalendar } + * + */ + public void setTime(XMLGregorianCalendar value) { + this.time = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java new file mode 100644 index 000000000..11e0b274e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandate.java @@ -0,0 +1,346 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import org.w3._2000._09.xmldsig_.SignatureType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Annotation" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}StatusInformationService" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Representative"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Mandator"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Intermediary" maxOccurs="unbounded" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Issued"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}Properties" minOccurs="0"/> + * <choice maxOccurs="unbounded"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SimpleMandateContent"/> + * </choice> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Signature"/> + * </sequence> + * <attribute name="MandateID" use="required" type="{http://www.w3.org/2001/XMLSchema}token" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "annotation", + "statusInformationService", + "representative", + "mandator", + "intermediary", + "issued", + "properties", + "simpleMandateContent", + "signature" +}) +@XmlRootElement(name = "Mandate") +public class Mandate { + + @XmlElement(name = "Annotation") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + protected String annotation; + @XmlElement(name = "StatusInformationService") + @XmlSchemaType(name = "anyURI") + protected String statusInformationService; + @XmlElement(name = "Representative", required = true) + protected Representative representative; + @XmlElement(name = "Mandator", required = true) + protected Mandator mandator; + @XmlElement(name = "Intermediary") + protected List<PhysicalPersonType> intermediary; + @XmlElement(name = "Issued", required = true) + protected Issued issued; + @XmlElement(name = "Properties") + protected PropertiesType properties; + @XmlElement(name = "SimpleMandateContent") + protected List<SimpleMandateContentType> simpleMandateContent; + @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#", required = true) + protected SignatureType signature; + @XmlAttribute(name = "MandateID", required = true) + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String mandateID; + + /** + * Gets the value of the annotation property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAnnotation() { + return annotation; + } + + /** + * Sets the value of the annotation property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAnnotation(String value) { + this.annotation = value; + } + + /** + * Gets the value of the statusInformationService property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getStatusInformationService() { + return statusInformationService; + } + + /** + * Sets the value of the statusInformationService property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setStatusInformationService(String value) { + this.statusInformationService = value; + } + + /** + * Gets the value of the representative property. + * + * @return + * possible object is + * {@link Representative } + * + */ + public Representative getRepresentative() { + return representative; + } + + /** + * Sets the value of the representative property. + * + * @param value + * allowed object is + * {@link Representative } + * + */ + public void setRepresentative(Representative value) { + this.representative = value; + } + + /** + * Gets the value of the mandator property. + * + * @return + * possible object is + * {@link Mandator } + * + */ + public Mandator getMandator() { + return mandator; + } + + /** + * Sets the value of the mandator property. + * + * @param value + * allowed object is + * {@link Mandator } + * + */ + public void setMandator(Mandator value) { + this.mandator = value; + } + + /** + * Gets the value of the intermediary property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the intermediary property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getIntermediary().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PhysicalPersonType } + * + * + */ + public List<PhysicalPersonType> getIntermediary() { + if (intermediary == null) { + intermediary = new ArrayList<PhysicalPersonType>(); + } + return this.intermediary; + } + + /** + * Gets the value of the issued property. + * + * @return + * possible object is + * {@link Issued } + * + */ + public Issued getIssued() { + return issued; + } + + /** + * Sets the value of the issued property. + * + * @param value + * allowed object is + * {@link Issued } + * + */ + public void setIssued(Issued value) { + this.issued = value; + } + + /** + * Gets the value of the properties property. + * + * @return + * possible object is + * {@link PropertiesType } + * + */ + public PropertiesType getProperties() { + return properties; + } + + /** + * Sets the value of the properties property. + * + * @param value + * allowed object is + * {@link PropertiesType } + * + */ + public void setProperties(PropertiesType value) { + this.properties = value; + } + + /** + * Gets the value of the simpleMandateContent property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the simpleMandateContent property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSimpleMandateContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SimpleMandateContentType } + * + * + */ + public List<SimpleMandateContentType> getSimpleMandateContent() { + if (simpleMandateContent == null) { + simpleMandateContent = new ArrayList<SimpleMandateContentType>(); + } + return this.simpleMandateContent; + } + + /** + * Gets the value of the signature property. + * + * @return + * possible object is + * {@link SignatureType } + * + */ + public SignatureType getSignature() { + return signature; + } + + /** + * Sets the value of the signature property. + * + * @param value + * allowed object is + * {@link SignatureType } + * + */ + public void setSignature(SignatureType value) { + this.signature = value; + } + + /** + * Gets the value of the mandateID property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getMandateID() { + return mandateID; + } + + /** + * Sets the value of the mandateID property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setMandateID(String value) { + this.mandateID = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java new file mode 100644 index 000000000..0fb50c06a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Mandator.java @@ -0,0 +1,101 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "physicalPerson", + "corporateBody" +}) +@XmlRootElement(name = "Mandator") +public class Mandator { + + @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected PhysicalPersonType physicalPerson; + @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected CorporateBodyType corporateBody; + + /** + * Gets the value of the physicalPerson property. + * + * @return + * possible object is + * {@link PhysicalPersonType } + * + */ + public PhysicalPersonType getPhysicalPerson() { + return physicalPerson; + } + + /** + * Sets the value of the physicalPerson property. + * + * @param value + * allowed object is + * {@link PhysicalPersonType } + * + */ + public void setPhysicalPerson(PhysicalPersonType value) { + this.physicalPerson = value; + } + + /** + * Gets the value of the corporateBody property. + * + * @return + * possible object is + * {@link CorporateBodyType } + * + */ + public CorporateBodyType getCorporateBody() { + return corporateBody; + } + + /** + * Sets the value of the corporateBody property. + * + * @param value + * allowed object is + * {@link CorporateBodyType } + * + */ + public void setCorporateBody(CorporateBodyType value) { + this.corporateBody = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java new file mode 100644 index 000000000..19e9eba0b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ObjectFactory.java @@ -0,0 +1,286 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlElementDecl; +import javax.xml.bind.annotation.XmlRegistry; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * This object contains factory methods for each + * Java content interface and Java element interface + * generated in the at.gv.e_government.reference.namespace.mandates._20040701_ package. + * <p>An ObjectFactory allows you to programatically + * construct new instances of the Java representation + * for XML content. The Java representation of XML + * content can consist of schema derived interfaces + * and classes representing the binding of schema + * type definitions, element declarations and model + * groups. Factory methods for each of these are + * provided in this class. + * + */ +@XmlRegistry +public class ObjectFactory { + + private final static QName _Intermediary_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Intermediary"); + private final static QName _ParameterisedDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedDescription"); + private final static QName _ParameterisedText_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ParameterisedText"); + private final static QName _TextualDescription_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "TextualDescription"); + private final static QName _Annotation_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Annotation"); + private final static QName _AnyConstraints_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "AnyConstraints"); + private final static QName _ValidFrom_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidFrom"); + private final static QName _SimpleMandateContent_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "SimpleMandateContent"); + private final static QName _StatusInformationService_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "StatusInformationService"); + private final static QName _Properties_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "Properties"); + private final static QName _ValidTo_QNAME = new QName("http://reference.e-government.gv.at/namespace/mandates/20040701#", "ValidTo"); + + /** + * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.mandates._20040701_ + * + */ + public ObjectFactory() { + } + + /** + * Create an instance of {@link SimpleMandateContentType } + * + */ + public SimpleMandateContentType createSimpleMandateContentType() { + return new SimpleMandateContentType(); + } + + /** + * Create an instance of {@link Issued } + * + */ + public Issued createIssued() { + return new Issued(); + } + + /** + * Create an instance of {@link ParameterisedTextType } + * + */ + public ParameterisedTextType createParameterisedTextType() { + return new ParameterisedTextType(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.CollectiveConstraint } + * + */ + public SimpleMandateContentType.CollectiveConstraint createSimpleMandateContentTypeCollectiveConstraint() { + return new SimpleMandateContentType.CollectiveConstraint(); + } + + /** + * Create an instance of {@link SetParameter } + * + */ + public SetParameter createSetParameter() { + return new SetParameter(); + } + + /** + * Create an instance of {@link PasteParameter } + * + */ + public PasteParameter createPasteParameter() { + return new PasteParameter(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.TimeConstraint } + * + */ + public SimpleMandateContentType.TimeConstraint createSimpleMandateContentTypeTimeConstraint() { + return new SimpleMandateContentType.TimeConstraint(); + } + + /** + * Create an instance of {@link Representative } + * + */ + public Representative createRepresentative() { + return new Representative(); + } + + /** + * Create an instance of {@link ParameterDefinition } + * + */ + public ParameterDefinition createParameterDefinition() { + return new ParameterDefinition(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.References.MandateID } + * + */ + public SimpleMandateContentType.References.MandateID createSimpleMandateContentTypeReferencesMandateID() { + return new SimpleMandateContentType.References.MandateID(); + } + + /** + * Create an instance of {@link Mandate } + * + */ + public Mandate createMandate() { + return new Mandate(); + } + + /** + * Create an instance of {@link PropertiesType } + * + */ + public PropertiesType createPropertiesType() { + return new PropertiesType(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.TransactionLimit } + * + */ + public SimpleMandateContentType.TransactionLimit createSimpleMandateContentTypeTransactionLimit() { + return new SimpleMandateContentType.TransactionLimit(); + } + + /** + * Create an instance of {@link ParameterisedDescriptionType } + * + */ + public ParameterisedDescriptionType createParameterisedDescriptionType() { + return new ParameterisedDescriptionType(); + } + + /** + * Create an instance of {@link Mandator } + * + */ + public Mandator createMandator() { + return new Mandator(); + } + + /** + * Create an instance of {@link SimpleMandateContentType.References } + * + */ + public SimpleMandateContentType.References createSimpleMandateContentTypeReferences() { + return new SimpleMandateContentType.References(); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Intermediary") + public JAXBElement<PhysicalPersonType> createIntermediary(PhysicalPersonType value) { + return new JAXBElement<PhysicalPersonType>(_Intermediary_QNAME, PhysicalPersonType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedDescription") + public JAXBElement<ParameterisedDescriptionType> createParameterisedDescription(ParameterisedDescriptionType value) { + return new JAXBElement<ParameterisedDescriptionType>(_ParameterisedDescription_QNAME, ParameterisedDescriptionType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link ParameterisedTextType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ParameterisedText") + public JAXBElement<ParameterisedTextType> createParameterisedText(ParameterisedTextType value) { + return new JAXBElement<ParameterisedTextType>(_ParameterisedText_QNAME, ParameterisedTextType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "TextualDescription") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + public JAXBElement<String> createTextualDescription(String value) { + return new JAXBElement<String>(_TextualDescription_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Annotation") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + public JAXBElement<String> createAnnotation(String value) { + return new JAXBElement<String>(_Annotation_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "AnyConstraints") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + public JAXBElement<String> createAnyConstraints(String value) { + return new JAXBElement<String>(_AnyConstraints_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidFrom") + public JAXBElement<String> createValidFrom(String value) { + return new JAXBElement<String>(_ValidFrom_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SimpleMandateContentType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "SimpleMandateContent") + public JAXBElement<SimpleMandateContentType> createSimpleMandateContent(SimpleMandateContentType value) { + return new JAXBElement<SimpleMandateContentType>(_SimpleMandateContent_QNAME, SimpleMandateContentType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "StatusInformationService") + public JAXBElement<String> createStatusInformationService(String value) { + return new JAXBElement<String>(_StatusInformationService_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PropertiesType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "Properties") + public JAXBElement<PropertiesType> createProperties(PropertiesType value) { + return new JAXBElement<PropertiesType>(_Properties_QNAME, PropertiesType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", name = "ValidTo") + public JAXBElement<String> createValidTo(String value) { + return new JAXBElement<String>(_ValidTo_QNAME, String.class, null, value); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java new file mode 100644 index 000000000..703d48005 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterDefinition.java @@ -0,0 +1,78 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}SetParameter"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "setParameter" +}) +@XmlRootElement(name = "ParameterDefinition") +public class ParameterDefinition { + + @XmlElement(name = "SetParameter") + protected List<SetParameter> setParameter; + + /** + * Gets the value of the setParameter property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the setParameter property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSetParameter().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SetParameter } + * + * + */ + public List<SetParameter> getSetParameter() { + if (setParameter == null) { + setParameter = new ArrayList<SetParameter>(); + } + return this.setParameter; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java new file mode 100644 index 000000000..e064e5379 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedDescriptionType.java @@ -0,0 +1,99 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * complex type for a parameterised description + * + * <p>Java class for ParameterisedDescriptionType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ParameterisedDescriptionType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedText"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterDefinition"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ParameterisedDescriptionType", propOrder = { + "parameterisedText", + "parameterDefinition" +}) +public class ParameterisedDescriptionType { + + @XmlElement(name = "ParameterisedText", required = true) + protected ParameterisedTextType parameterisedText; + @XmlElement(name = "ParameterDefinition", required = true) + protected ParameterDefinition parameterDefinition; + + /** + * Gets the value of the parameterisedText property. + * + * @return + * possible object is + * {@link ParameterisedTextType } + * + */ + public ParameterisedTextType getParameterisedText() { + return parameterisedText; + } + + /** + * Sets the value of the parameterisedText property. + * + * @param value + * allowed object is + * {@link ParameterisedTextType } + * + */ + public void setParameterisedText(ParameterisedTextType value) { + this.parameterisedText = value; + } + + /** + * Gets the value of the parameterDefinition property. + * + * @return + * possible object is + * {@link ParameterDefinition } + * + */ + public ParameterDefinition getParameterDefinition() { + return parameterDefinition; + } + + /** + * Sets the value of the parameterDefinition property. + * + * @param value + * allowed object is + * {@link ParameterDefinition } + * + */ + public void setParameterDefinition(ParameterDefinition value) { + this.parameterDefinition = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java new file mode 100644 index 000000000..7d086cf67 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/ParameterisedTextType.java @@ -0,0 +1,81 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlType; + + +/** + * complex type for describing a parameterised text + * + * <p>Java class for ParameterisedTextType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ParameterisedTextType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}PasteParameter"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ParameterisedTextType", propOrder = { + "content" +}) +public class ParameterisedTextType { + + @XmlElementRef(name = "PasteParameter", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = PasteParameter.class) + @XmlMixed + protected List<Object> content; + + /** + * complex type for describing a parameterised text Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link PasteParameter } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java new file mode 100644 index 000000000..d8a64b374 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PasteParameter.java @@ -0,0 +1,72 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "") +@XmlRootElement(name = "PasteParameter") +public class PasteParameter { + + @XmlAttribute(name = "Name") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String name; + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setName(String value) { + this.name = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java new file mode 100644 index 000000000..f3ffa5100 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/PropertiesType.java @@ -0,0 +1,109 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * complex type for describing arbitrary properties of mandates + * + * <p>Java class for PropertiesType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PropertiesType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="SubstitutionAllowed" type="{http://www.w3.org/2001/XMLSchema}boolean" minOccurs="0"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PropertiesType", propOrder = { + "substitutionAllowed", + "any" +}) +public class PropertiesType { + + @XmlElement(name = "SubstitutionAllowed", defaultValue = "false") + protected Boolean substitutionAllowed; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the substitutionAllowed property. + * + * @return + * possible object is + * {@link Boolean } + * + */ + public Boolean isSubstitutionAllowed() { + return substitutionAllowed; + } + + /** + * Sets the value of the substitutionAllowed property. + * + * @param value + * allowed object is + * {@link Boolean } + * + */ + public void setSubstitutionAllowed(Boolean value) { + this.substitutionAllowed = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java new file mode 100644 index 000000000..ba18566a0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/Representative.java @@ -0,0 +1,101 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlType; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "physicalPerson", + "corporateBody" +}) +@XmlRootElement(name = "Representative") +public class Representative { + + @XmlElement(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected PhysicalPersonType physicalPerson; + @XmlElement(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#") + protected CorporateBodyType corporateBody; + + /** + * Gets the value of the physicalPerson property. + * + * @return + * possible object is + * {@link PhysicalPersonType } + * + */ + public PhysicalPersonType getPhysicalPerson() { + return physicalPerson; + } + + /** + * Sets the value of the physicalPerson property. + * + * @param value + * allowed object is + * {@link PhysicalPersonType } + * + */ + public void setPhysicalPerson(PhysicalPersonType value) { + this.physicalPerson = value; + } + + /** + * Gets the value of the corporateBody property. + * + * @return + * possible object is + * {@link CorporateBodyType } + * + */ + public CorporateBodyType getCorporateBody() { + return corporateBody; + } + + /** + * Sets the value of the corporateBody property. + * + * @param value + * allowed object is + * {@link CorporateBodyType } + * + */ + public void setCorporateBody(CorporateBodyType value) { + this.corporateBody = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java new file mode 100644 index 000000000..5c85ebe25 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SetParameter.java @@ -0,0 +1,103 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlRootElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * <attribute name="Name" type="{http://www.w3.org/2001/XMLSchema}token" /> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "", propOrder = { + "value" +}) +@XmlRootElement(name = "SetParameter") +public class SetParameter { + + @XmlValue + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String value; + @XmlAttribute(name = "Name") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String name; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setName(String value) { + this.name = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java new file mode 100644 index 000000000..30fdcbab1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/SimpleMandateContentType.java @@ -0,0 +1,605 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.mandates._20040701_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; + + +/** + * complex type for describing the mandate using some textual descriptions + * + * <p>Java class for SimpleMandateContentType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SimpleMandateContentType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <choice maxOccurs="unbounded"> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}TextualDescription"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ParameterisedDescription"/> + * </choice> + * <element name="References" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded"> + * <element name="MandateID"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * <group ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ConstraintsGroup"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SimpleMandateContentType", propOrder = { + "textualDescriptionOrParameterisedDescription", + "references", + "timeConstraint", + "collectiveConstraint", + "transactionLimit", + "anyConstraints" +}) +public class SimpleMandateContentType { + + @XmlElementRefs({ + @XmlElementRef(name = "ParameterisedDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class), + @XmlElementRef(name = "TextualDescription", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class) + }) + protected List<JAXBElement<?>> textualDescriptionOrParameterisedDescription; + @XmlElement(name = "References") + protected SimpleMandateContentType.References references; + @XmlElement(name = "TimeConstraint") + protected SimpleMandateContentType.TimeConstraint timeConstraint; + @XmlElement(name = "CollectiveConstraint") + protected SimpleMandateContentType.CollectiveConstraint collectiveConstraint; + @XmlElement(name = "TransactionLimit") + protected SimpleMandateContentType.TransactionLimit transactionLimit; + @XmlElement(name = "AnyConstraints") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + protected List<String> anyConstraints; + + /** + * Gets the value of the textualDescriptionOrParameterisedDescription property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the textualDescriptionOrParameterisedDescription property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getTextualDescriptionOrParameterisedDescription().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link ParameterisedDescriptionType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + public List<JAXBElement<?>> getTextualDescriptionOrParameterisedDescription() { + if (textualDescriptionOrParameterisedDescription == null) { + textualDescriptionOrParameterisedDescription = new ArrayList<JAXBElement<?>>(); + } + return this.textualDescriptionOrParameterisedDescription; + } + + /** + * Gets the value of the references property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.References } + * + */ + public SimpleMandateContentType.References getReferences() { + return references; + } + + /** + * Sets the value of the references property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.References } + * + */ + public void setReferences(SimpleMandateContentType.References value) { + this.references = value; + } + + /** + * Gets the value of the timeConstraint property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.TimeConstraint } + * + */ + public SimpleMandateContentType.TimeConstraint getTimeConstraint() { + return timeConstraint; + } + + /** + * Sets the value of the timeConstraint property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.TimeConstraint } + * + */ + public void setTimeConstraint(SimpleMandateContentType.TimeConstraint value) { + this.timeConstraint = value; + } + + /** + * Gets the value of the collectiveConstraint property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.CollectiveConstraint } + * + */ + public SimpleMandateContentType.CollectiveConstraint getCollectiveConstraint() { + return collectiveConstraint; + } + + /** + * Sets the value of the collectiveConstraint property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.CollectiveConstraint } + * + */ + public void setCollectiveConstraint(SimpleMandateContentType.CollectiveConstraint value) { + this.collectiveConstraint = value; + } + + /** + * Gets the value of the transactionLimit property. + * + * @return + * possible object is + * {@link SimpleMandateContentType.TransactionLimit } + * + */ + public SimpleMandateContentType.TransactionLimit getTransactionLimit() { + return transactionLimit; + } + + /** + * Sets the value of the transactionLimit property. + * + * @param value + * allowed object is + * {@link SimpleMandateContentType.TransactionLimit } + * + */ + public void setTransactionLimit(SimpleMandateContentType.TransactionLimit value) { + this.transactionLimit = value; + } + + /** + * Gets the value of the anyConstraints property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the anyConstraints property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAnyConstraints().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAnyConstraints() { + if (anyConstraints == null) { + anyConstraints = new ArrayList<String>(); + } + return this.anyConstraints; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice maxOccurs="unbounded"> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PhysicalPerson"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}CorporateBody"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}AnyConstraints"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "physicalPersonOrCorporateBodyOrAnyConstraints" + }) + public static class CollectiveConstraint { + + @XmlElementRefs({ + @XmlElementRef(name = "PhysicalPerson", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class), + @XmlElementRef(name = "AnyConstraints", namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", type = JAXBElement.class), + @XmlElementRef(name = "CorporateBody", namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", type = JAXBElement.class) + }) + protected List<JAXBElement<?>> physicalPersonOrCorporateBodyOrAnyConstraints; + + /** + * Gets the value of the physicalPersonOrCorporateBodyOrAnyConstraints property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the physicalPersonOrCorporateBodyOrAnyConstraints property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getPhysicalPersonOrCorporateBodyOrAnyConstraints().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >} + * {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + public List<JAXBElement<?>> getPhysicalPersonOrCorporateBodyOrAnyConstraints() { + if (physicalPersonOrCorporateBodyOrAnyConstraints == null) { + physicalPersonOrCorporateBodyOrAnyConstraints = new ArrayList<JAXBElement<?>>(); + } + return this.physicalPersonOrCorporateBodyOrAnyConstraints; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded"> + * <element name="MandateID"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "mandateID" + }) + public static class References { + + @XmlElement(name = "MandateID", required = true) + protected List<SimpleMandateContentType.References.MandateID> mandateID; + + /** + * Gets the value of the mandateID property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the mandateID property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getMandateID().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SimpleMandateContentType.References.MandateID } + * + * + */ + public List<SimpleMandateContentType.References.MandateID> getMandateID() { + if (mandateID == null) { + mandateID = new ArrayList<SimpleMandateContentType.References.MandateID>(); + } + return this.mandateID; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>token"> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class MandateID { + + @XmlValue + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String value; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidFrom" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/mandates/20040701#}ValidTo" minOccurs="0"/> + * </sequence> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "validFrom", + "validTo" + }) + public static class TimeConstraint { + + @XmlElement(name = "ValidFrom") + protected String validFrom; + @XmlElement(name = "ValidTo") + protected String validTo; + + /** + * Gets the value of the validFrom property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValidFrom() { + return validFrom; + } + + /** + * Sets the value of the validFrom property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValidFrom(String value) { + this.validFrom = value; + } + + /** + * Gets the value of the validTo property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValidTo() { + return validTo; + } + + /** + * Sets the value of the validTo property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValidTo(String value) { + this.validTo = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Amount" type="{http://www.w3.org/2001/XMLSchema}float"/> + * <element name="Currency" type="{http://www.w3.org/2001/XMLSchema}token"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "amount", + "currency" + }) + public static class TransactionLimit { + + @XmlElement(name = "Amount") + protected float amount; + @XmlElement(name = "Currency", required = true, defaultValue = "EUR") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String currency; + + /** + * Gets the value of the amount property. + * + */ + public float getAmount() { + return amount; + } + + /** + * Sets the value of the amount property. + * + */ + public void setAmount(float value) { + this.amount = value; + } + + /** + * Gets the value of the currency property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getCurrency() { + return currency; + } + + /** + * Sets the value of the currency property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setCurrency(String value) { + this.currency = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java new file mode 100644 index 000000000..79c3dae88 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/mandates/_20040701_/package-info.java @@ -0,0 +1,9 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + +@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/mandates/20040701#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) +package at.gv.e_government.reference.namespace.mandates._20040701_; diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java new file mode 100644 index 000000000..406073972 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractAddressType.java @@ -0,0 +1,144 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyAttribute; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; + + +/** + * main structure of address data + * + * <p>Java class for AbstractAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="AbstractAddressType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence minOccurs="0"> + * <element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <anyAttribute namespace='##other'/> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "AbstractAddressType", propOrder = { + "identification" +}) +@XmlSeeAlso({ + TelephoneAddressType.class, + InternetAddressType.class, + TypedPostalAddressType.class +}) +public abstract class AbstractAddressType { + + @XmlElement(name = "Identification") + protected List<IdentificationType> identification; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAnyAttribute + private Map<QName, String> otherAttributes = new HashMap<QName, String>(); + + /** + * Gets the value of the identification property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the identification property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getIdentification().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link IdentificationType } + * + * + */ + public List<IdentificationType> getIdentification() { + if (identification == null) { + identification = new ArrayList<IdentificationType>(); + } + return this.identification; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets a map that contains attributes that aren't bound to any typed property on this class. + * + * <p> + * the map is keyed by the name of the attribute and + * the value is the string value of the attribute. + * + * the map returned by this method is live, and you can add new attribute + * by updating the map directly. Because of this design, there's no setter. + * + * + * @return + * always non-null + */ + public Map<QName, String> getOtherAttributes() { + return otherAttributes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java new file mode 100644 index 000000000..201b285dd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/AbstractPersonType.java @@ -0,0 +1,144 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyAttribute; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; + + +/** + * main structure of person data + * + * <p>Java class for AbstractPersonType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="AbstractPersonType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence minOccurs="0"> + * <element name="Identification" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}IdentificationType" maxOccurs="unbounded"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <anyAttribute namespace='##other'/> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "AbstractPersonType", propOrder = { + "identification" +}) +@XmlSeeAlso({ + PhysicalPersonType.class, + CorporateBodyType.class, + PersonDataType.class +}) +public abstract class AbstractPersonType { + + @XmlElement(name = "Identification") + protected List<IdentificationType> identification; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAnyAttribute + private Map<QName, String> otherAttributes = new HashMap<QName, String>(); + + /** + * Gets the value of the identification property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the identification property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getIdentification().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link IdentificationType } + * + * + */ + public List<IdentificationType> getIdentification() { + if (identification == null) { + identification = new ArrayList<IdentificationType>(); + } + return this.identification; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets a map that contains attributes that aren't bound to any typed property on this class. + * + * <p> + * the map is keyed by the name of the attribute and + * the value is the string value of the attribute. + * + * the map returned by this method is live, and you can add new attribute + * by updating the map directly. Because of this design, there's no setter. + * + * + * @return + * always non-null + */ + public Map<QName, String> getOtherAttributes() { + return otherAttributes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java new file mode 100644 index 000000000..382307a46 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/CorporateBodyType.java @@ -0,0 +1,245 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import org.w3c.dom.Element; + + +/** + * juridical person, organisation + * + * <p>Java class for CorporateBodyType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="CorporateBodyType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType"> + * <sequence minOccurs="0"> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/> + * <element name="FullName" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="AlternativeName" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/> + * <element name="LegalForm" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/> + * <element name="Organisation" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "CorporateBodyType", propOrder = { + "type", + "fullName", + "alternativeName", + "legalForm", + "organisation", + "any" +}) +public class CorporateBodyType + extends AbstractPersonType +{ + + @XmlElement(name = "Type") + @XmlSchemaType(name = "anyURI") + protected List<String> type; + @XmlElement(name = "FullName") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String fullName; + @XmlElement(name = "AlternativeName") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected List<String> alternativeName; + @XmlElement(name = "LegalForm") + @XmlSchemaType(name = "anyURI") + protected String legalForm; + @XmlElement(name = "Organisation") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String organisation; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the type property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the type property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getType().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getType() { + if (type == null) { + type = new ArrayList<String>(); + } + return this.type; + } + + /** + * Gets the value of the fullName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getFullName() { + return fullName; + } + + /** + * Sets the value of the fullName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setFullName(String value) { + this.fullName = value; + } + + /** + * Gets the value of the alternativeName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the alternativeName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAlternativeName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAlternativeName() { + if (alternativeName == null) { + alternativeName = new ArrayList<String>(); + } + return this.alternativeName; + } + + /** + * Gets the value of the legalForm property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getLegalForm() { + return legalForm; + } + + /** + * Sets the value of the legalForm property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setLegalForm(String value) { + this.legalForm = value; + } + + /** + * Gets the value of the organisation property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getOrganisation() { + return organisation; + } + + /** + * Sets the value of the organisation property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setOrganisation(String value) { + this.organisation = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java new file mode 100644 index 000000000..26d021556 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedAlternativeNameTypeType.java @@ -0,0 +1,67 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for DefinedAlternativeNameTypeType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="DefinedAlternativeNameTypeType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="ArtistName"/> + * <enumeration value="NickName"/> + * <enumeration value="FormerName"/> + * <enumeration value="Alias"/> + * <enumeration value="MaidenName"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "DefinedAlternativeNameTypeType") +@XmlEnum +public enum DefinedAlternativeNameTypeType { + + @XmlEnumValue("ArtistName") + ARTIST_NAME("ArtistName"), + @XmlEnumValue("NickName") + NICK_NAME("NickName"), + @XmlEnumValue("FormerName") + FORMER_NAME("FormerName"), + @XmlEnumValue("Alias") + ALIAS("Alias"), + @XmlEnumValue("MaidenName") + MAIDEN_NAME("MaidenName"); + private final String value; + + DefinedAlternativeNameTypeType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static DefinedAlternativeNameTypeType fromValue(String v) { + for (DefinedAlternativeNameTypeType c: DefinedAlternativeNameTypeType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java new file mode 100644 index 000000000..703db6a6f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/DefinedRelationType.java @@ -0,0 +1,79 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for DefinedRelationType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="DefinedRelationType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="family:Parent"/> + * <enumeration value="family:Child"/> + * <enumeration value="family:Sibling"/> + * <enumeration value="family:Grandparent"/> + * <enumeration value="family:Grandchild"/> + * <enumeration value="family:Spouse"/> + * <enumeration value="function:LegalGuardian"/> + * <enumeration value="function:IsGuardedBy"/> + * <enumeration value="function:Cohabitant"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "DefinedRelationType") +@XmlEnum +public enum DefinedRelationType { + + @XmlEnumValue("family:Parent") + FAMILY_PARENT("family:Parent"), + @XmlEnumValue("family:Child") + FAMILY_CHILD("family:Child"), + @XmlEnumValue("family:Sibling") + FAMILY_SIBLING("family:Sibling"), + @XmlEnumValue("family:Grandparent") + FAMILY_GRANDPARENT("family:Grandparent"), + @XmlEnumValue("family:Grandchild") + FAMILY_GRANDCHILD("family:Grandchild"), + @XmlEnumValue("family:Spouse") + FAMILY_SPOUSE("family:Spouse"), + @XmlEnumValue("function:LegalGuardian") + FUNCTION_LEGAL_GUARDIAN("function:LegalGuardian"), + @XmlEnumValue("function:IsGuardedBy") + FUNCTION_IS_GUARDED_BY("function:IsGuardedBy"), + @XmlEnumValue("function:Cohabitant") + FUNCTION_COHABITANT("function:Cohabitant"); + private final String value; + + DefinedRelationType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static DefinedRelationType fromValue(String v) { + for (DefinedRelationType c: DefinedRelationType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java new file mode 100644 index 000000000..d9f6541b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/IdentificationType.java @@ -0,0 +1,318 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyAttribute; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import javax.xml.namespace.QName; +import org.w3c.dom.Element; + + +/** + * unique identifier + * + * <p>Java class for IdentificationType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="IdentificationType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Value"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI"/> + * <element name="Authority" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <anyAttribute namespace='##other'/> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "IdentificationType", propOrder = { + "value", + "type", + "authority", + "any" +}) +public class IdentificationType { + + @XmlElement(name = "Value", required = true) + protected IdentificationType.Value value; + @XmlElement(name = "Type", required = true) + @XmlSchemaType(name = "anyURI") + protected String type; + @XmlElement(name = "Authority") + @XmlSchemaType(name = "anyURI") + protected String authority; + @XmlAnyElement(lax = true) + protected List<Object> any; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAnyAttribute + private Map<QName, String> otherAttributes = new HashMap<QName, String>(); + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link IdentificationType.Value } + * + */ + public IdentificationType.Value getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link IdentificationType.Value } + * + */ + public void setValue(IdentificationType.Value value) { + this.value = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + /** + * Gets the value of the authority property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAuthority() { + return authority; + } + + /** + * Sets the value of the authority property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAuthority(String value) { + this.authority = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets a map that contains attributes that aren't bound to any typed property on this class. + * + * <p> + * the map is keyed by the name of the attribute and + * the value is the string value of the attribute. + * + * the map returned by this method is live, and you can add new attribute + * by updating the map directly. Because of this design, there's no setter. + * + * + * @return + * always non-null + */ + public Map<QName, String> getOtherAttributes() { + return otherAttributes; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class Value { + + @XmlValue + protected String value; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java new file mode 100644 index 000000000..be59e85a8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/InternetAddressType.java @@ -0,0 +1,143 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3._2000._09.xmldsig_.KeyInfoType; +import org.w3c.dom.Element; + + +/** + * internet based communication + * + * <p>Java class for InternetAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="InternetAddressType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType"> + * <sequence minOccurs="0"> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}KeyInfo" minOccurs="0"/> + * <element name="Address" type="{http://www.w3.org/2001/XMLSchema}anyURI"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "InternetAddressType", propOrder = { + "keyInfo", + "address", + "any" +}) +public class InternetAddressType + extends AbstractAddressType +{ + + @XmlElement(name = "KeyInfo", namespace = "http://www.w3.org/2000/09/xmldsig#") + protected KeyInfoType keyInfo; + @XmlElement(name = "Address") + @XmlSchemaType(name = "anyURI") + protected String address; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * certificate for secure communication + * + * @return + * possible object is + * {@link KeyInfoType } + * + */ + public KeyInfoType getKeyInfo() { + return keyInfo; + } + + /** + * Sets the value of the keyInfo property. + * + * @param value + * allowed object is + * {@link KeyInfoType } + * + */ + public void setKeyInfo(KeyInfoType value) { + this.keyInfo = value; + } + + /** + * Gets the value of the address property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAddress() { + return address; + } + + /** + * Sets the value of the address property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAddress(String value) { + this.address = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java new file mode 100644 index 000000000..fa2130290 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MaritalStatusType.java @@ -0,0 +1,64 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for MaritalStatusType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="MaritalStatusType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}token"> + * <enumeration value="single"/> + * <enumeration value="married"/> + * <enumeration value="divorced"/> + * <enumeration value="widowed"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "MaritalStatusType") +@XmlEnum +public enum MaritalStatusType { + + @XmlEnumValue("single") + SINGLE("single"), + @XmlEnumValue("married") + MARRIED("married"), + @XmlEnumValue("divorced") + DIVORCED("divorced"), + @XmlEnumValue("widowed") + WIDOWED("widowed"); + private final String value; + + MaritalStatusType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static MaritalStatusType fromValue(String v) { + for (MaritalStatusType c: MaritalStatusType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java new file mode 100644 index 000000000..7a361f12d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/MobileTelcomNumberType.java @@ -0,0 +1,67 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for MobileTelcomNumberType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="MobileTelcomNumberType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType"> + * <attribute name="smsEnabled" type="{http://www.w3.org/2001/XMLSchema}boolean" /> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "MobileTelcomNumberType") +public class MobileTelcomNumberType + extends TelcomNumberType +{ + + @XmlAttribute + protected Boolean smsEnabled; + + /** + * Gets the value of the smsEnabled property. + * + * @return + * possible object is + * {@link Boolean } + * + */ + public Boolean isSmsEnabled() { + return smsEnabled; + } + + /** + * Sets the value of the smsEnabled property. + * + * @param value + * allowed object is + * {@link Boolean } + * + */ + public void setSmsEnabled(Boolean value) { + this.smsEnabled = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java new file mode 100644 index 000000000..07cb0c099 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/ObjectFactory.java @@ -0,0 +1,420 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlElementDecl; +import javax.xml.bind.annotation.XmlRegistry; +import javax.xml.namespace.QName; + + +/** + * This object contains factory methods for each + * Java content interface and Java element interface + * generated in the at.gv.e_government.reference.namespace.persondata._20020228_ package. + * <p>An ObjectFactory allows you to programatically + * construct new instances of the Java representation + * for XML content. The Java representation of XML + * content can consist of schema derived interfaces + * and classes representing the binding of schema + * type definitions, element declarations and model + * groups. Factory methods for each of these are + * provided in this class. + * + */ +@XmlRegistry +public class ObjectFactory { + + private final static QName _TypedPostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TypedPostalAddress"); + private final static QName _Extension_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Extension"); + private final static QName _Mobile_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Mobile"); + private final static QName _AreaCityCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "AreaCityCode"); + private final static QName _TTYTDD_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TTYTDD"); + private final static QName _PersonName_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonName"); + private final static QName _InternetAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternetAddress"); + private final static QName _InternationalCountryCode_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "InternationalCountryCode"); + private final static QName _Pager_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Pager"); + private final static QName _PersonData_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PersonData"); + private final static QName _SubscriberNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "SubscriberNumber"); + private final static QName _NationalNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "NationalNumber"); + private final static QName _PhysicalPerson_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PhysicalPerson"); + private final static QName _CorporateBody_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "CorporateBody"); + private final static QName _Telephone_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Telephone"); + private final static QName _Address_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Address"); + private final static QName _Person_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Person"); + private final static QName _Fax_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "Fax"); + private final static QName _PostalAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "PostalAddress"); + private final static QName _TelephoneAddress_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "TelephoneAddress"); + private final static QName _FormattedNumber_QNAME = new QName("http://reference.e-government.gv.at/namespace/persondata/20020228#", "FormattedNumber"); + + /** + * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: at.gv.e_government.reference.namespace.persondata._20020228_ + * + */ + public ObjectFactory() { + } + + /** + * Create an instance of {@link TelephoneAddressType } + * + */ + public TelephoneAddressType createTelephoneAddressType() { + return new TelephoneAddressType(); + } + + /** + * Create an instance of {@link PersonNameType.FamilyName } + * + */ + public PersonNameType.FamilyName createPersonNameTypeFamilyName() { + return new PersonNameType.FamilyName(); + } + + /** + * Create an instance of {@link PersonNameType.FormattedName } + * + */ + public PersonNameType.FormattedName createPersonNameTypeFormattedName() { + return new PersonNameType.FormattedName(); + } + + /** + * Create an instance of {@link PostalAddressType.DeliveryAddress } + * + */ + public PostalAddressType.DeliveryAddress createPostalAddressTypeDeliveryAddress() { + return new PostalAddressType.DeliveryAddress(); + } + + /** + * Create an instance of {@link TypedPostalAddressType } + * + */ + public TypedPostalAddressType createTypedPostalAddressType() { + return new TypedPostalAddressType(); + } + + /** + * Create an instance of {@link MobileTelcomNumberType } + * + */ + public MobileTelcomNumberType createMobileTelcomNumberType() { + return new MobileTelcomNumberType(); + } + + /** + * Create an instance of {@link PersonDataType.AdditionalData } + * + */ + public PersonDataType.AdditionalData createPersonDataTypeAdditionalData() { + return new PersonDataType.AdditionalData(); + } + + /** + * Create an instance of {@link PostalAddressType.Recipient } + * + */ + public PostalAddressType.Recipient createPostalAddressTypeRecipient() { + return new PostalAddressType.Recipient(); + } + + /** + * Create an instance of {@link PersonDataType } + * + */ + public PersonDataType createPersonDataType() { + return new PersonDataType(); + } + + /** + * Create an instance of {@link PhysicalPersonType } + * + */ + public PhysicalPersonType createPhysicalPersonType() { + return new PhysicalPersonType(); + } + + /** + * Create an instance of {@link TelcomNumberType } + * + */ + public TelcomNumberType createTelcomNumberType() { + return new TelcomNumberType(); + } + + /** + * Create an instance of {@link PhysicalPersonType.RelatedPerson } + * + */ + public PhysicalPersonType.RelatedPerson createPhysicalPersonTypeRelatedPerson() { + return new PhysicalPersonType.RelatedPerson(); + } + + /** + * Create an instance of {@link PostalAddressType } + * + */ + public PostalAddressType createPostalAddressType() { + return new PostalAddressType(); + } + + /** + * Create an instance of {@link TelcomNumberListType } + * + */ + public TelcomNumberListType createTelcomNumberListType() { + return new TelcomNumberListType(); + } + + /** + * Create an instance of {@link PersonNameType } + * + */ + public PersonNameType createPersonNameType() { + return new PersonNameType(); + } + + /** + * Create an instance of {@link PhysicalPersonType.AlternativeName } + * + */ + public PhysicalPersonType.AlternativeName createPhysicalPersonTypeAlternativeName() { + return new PhysicalPersonType.AlternativeName(); + } + + /** + * Create an instance of {@link PersonNameType.Affix } + * + */ + public PersonNameType.Affix createPersonNameTypeAffix() { + return new PersonNameType.Affix(); + } + + /** + * Create an instance of {@link IdentificationType.Value } + * + */ + public IdentificationType.Value createIdentificationTypeValue() { + return new IdentificationType.Value(); + } + + /** + * Create an instance of {@link IdentificationType } + * + */ + public IdentificationType createIdentificationType() { + return new IdentificationType(); + } + + /** + * Create an instance of {@link InternetAddressType } + * + */ + public InternetAddressType createInternetAddressType() { + return new InternetAddressType(); + } + + /** + * Create an instance of {@link CorporateBodyType } + * + */ + public CorporateBodyType createCorporateBodyType() { + return new CorporateBodyType(); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TypedPostalAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TypedPostalAddress") + public JAXBElement<TypedPostalAddressType> createTypedPostalAddress(TypedPostalAddressType value) { + return new JAXBElement<TypedPostalAddressType>(_TypedPostalAddress_QNAME, TypedPostalAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Extension") + public JAXBElement<String> createExtension(String value) { + return new JAXBElement<String>(_Extension_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link MobileTelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Mobile") + public JAXBElement<MobileTelcomNumberType> createMobile(MobileTelcomNumberType value) { + return new JAXBElement<MobileTelcomNumberType>(_Mobile_QNAME, MobileTelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "AreaCityCode") + public JAXBElement<String> createAreaCityCode(String value) { + return new JAXBElement<String>(_AreaCityCode_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TTYTDD") + public JAXBElement<TelcomNumberType> createTTYTDD(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_TTYTDD_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PersonNameType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonName") + public JAXBElement<PersonNameType> createPersonName(PersonNameType value) { + return new JAXBElement<PersonNameType>(_PersonName_QNAME, PersonNameType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link InternetAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternetAddress") + public JAXBElement<InternetAddressType> createInternetAddress(InternetAddressType value) { + return new JAXBElement<InternetAddressType>(_InternetAddress_QNAME, InternetAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "InternationalCountryCode") + public JAXBElement<String> createInternationalCountryCode(String value) { + return new JAXBElement<String>(_InternationalCountryCode_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Pager") + public JAXBElement<TelcomNumberType> createPager(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_Pager_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PersonDataType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PersonData") + public JAXBElement<PersonDataType> createPersonData(PersonDataType value) { + return new JAXBElement<PersonDataType>(_PersonData_QNAME, PersonDataType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "SubscriberNumber") + public JAXBElement<String> createSubscriberNumber(String value) { + return new JAXBElement<String>(_SubscriberNumber_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "NationalNumber") + public JAXBElement<String> createNationalNumber(String value) { + return new JAXBElement<String>(_NationalNumber_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PhysicalPersonType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PhysicalPerson") + public JAXBElement<PhysicalPersonType> createPhysicalPerson(PhysicalPersonType value) { + return new JAXBElement<PhysicalPersonType>(_PhysicalPerson_QNAME, PhysicalPersonType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link CorporateBodyType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "CorporateBody") + public JAXBElement<CorporateBodyType> createCorporateBody(CorporateBodyType value) { + return new JAXBElement<CorporateBodyType>(_CorporateBody_QNAME, CorporateBodyType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Telephone") + public JAXBElement<TelcomNumberType> createTelephone(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_Telephone_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link AbstractAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Address") + public JAXBElement<AbstractAddressType> createAddress(AbstractAddressType value) { + return new JAXBElement<AbstractAddressType>(_Address_QNAME, AbstractAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link AbstractPersonType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Person") + public JAXBElement<AbstractPersonType> createPerson(AbstractPersonType value) { + return new JAXBElement<AbstractPersonType>(_Person_QNAME, AbstractPersonType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelcomNumberType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "Fax") + public JAXBElement<TelcomNumberType> createFax(TelcomNumberType value) { + return new JAXBElement<TelcomNumberType>(_Fax_QNAME, TelcomNumberType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PostalAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "PostalAddress") + public JAXBElement<PostalAddressType> createPostalAddress(PostalAddressType value) { + return new JAXBElement<PostalAddressType>(_PostalAddress_QNAME, PostalAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TelephoneAddressType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "TelephoneAddress") + public JAXBElement<TelephoneAddressType> createTelephoneAddress(TelephoneAddressType value) { + return new JAXBElement<TelephoneAddressType>(_TelephoneAddress_QNAME, TelephoneAddressType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", name = "FormattedNumber") + public JAXBElement<String> createFormattedNumber(String value) { + return new JAXBElement<String>(_FormattedNumber_QNAME, String.class, null, value); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java new file mode 100644 index 000000000..2d3cd9315 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonDataType.java @@ -0,0 +1,247 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlType; +import org.w3._2000._09.xmldsig_.SignatureType; +import org.w3c.dom.Element; + + +/** + * signed person datastructure. The first Identification elements (from the base type) denote the record as such (e.g. database key for this record) - not to be mistaken for identifiers of the person or of an address (they have their own Identification elements). + * + * <p>Java class for PersonDataType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PersonDataType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Address" maxOccurs="unbounded" minOccurs="0"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Signature" maxOccurs="unbounded" minOccurs="0"/> + * <element name="AdditionalData" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <any processContents='lax'/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PersonDataType", propOrder = { + "person", + "address", + "signature", + "additionalData" +}) +public class PersonDataType + extends AbstractPersonType +{ + + @XmlElement(name = "Person", required = true) + protected AbstractPersonType person; + @XmlElement(name = "Address") + protected List<AbstractAddressType> address; + @XmlElement(name = "Signature", namespace = "http://www.w3.org/2000/09/xmldsig#") + protected List<SignatureType> signature; + @XmlElement(name = "AdditionalData") + protected PersonDataType.AdditionalData additionalData; + + /** + * Gets the value of the person property. + * + * @return + * possible object is + * {@link AbstractPersonType } + * + */ + public AbstractPersonType getPerson() { + return person; + } + + /** + * Sets the value of the person property. + * + * @param value + * allowed object is + * {@link AbstractPersonType } + * + */ + public void setPerson(AbstractPersonType value) { + this.person = value; + } + + /** + * Gets the value of the address property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the address property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAddress().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link AbstractAddressType } + * + * + */ + public List<AbstractAddressType> getAddress() { + if (address == null) { + address = new ArrayList<AbstractAddressType>(); + } + return this.address; + } + + /** + * one or more electronic signatures applied on fields above Gets the value of the signature property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the signature property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSignature().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SignatureType } + * + * + */ + public List<SignatureType> getSignature() { + if (signature == null) { + signature = new ArrayList<SignatureType>(); + } + return this.signature; + } + + /** + * Gets the value of the additionalData property. + * + * @return + * possible object is + * {@link PersonDataType.AdditionalData } + * + */ + public PersonDataType.AdditionalData getAdditionalData() { + return additionalData; + } + + /** + * Sets the value of the additionalData property. + * + * @param value + * allowed object is + * {@link PersonDataType.AdditionalData } + * + */ + public void setAdditionalData(PersonDataType.AdditionalData value) { + this.additionalData = value; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <any processContents='lax'/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "content" + }) + public static class AdditionalData { + + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java new file mode 100644 index 000000000..9e68a544c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PersonNameType.java @@ -0,0 +1,620 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; + + +/** + * <p>Java class for PersonNameType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PersonNameType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="FormattedName" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" default="presentation"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="presentation"/> + * <enumeration value="legal"/> + * <enumeration value="sortOrder"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * <element name="LegalName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="GivenName" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="PreferredGivenName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="MiddleName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="FamilyName" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="primary" default="undefined"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="true"/> + * <enumeration value="false"/> + * <enumeration value="undefined"/> + * </restriction> + * </simpleType> + * </attribute> + * <attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" /> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * <element name="Affix" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" use="required"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="academicGrade"/> + * <enumeration value="aristocraticPrefix"/> + * <enumeration value="aristocraticTitle"/> + * <enumeration value="familyNamePrefix"/> + * <enumeration value="familyNameSuffix"/> + * <enumeration value="formOfAddress"/> + * <enumeration value="generation"/> + * <enumeration value="qualification"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </element> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PersonNameType", propOrder = { + "formattedName", + "legalName", + "givenName", + "preferredGivenName", + "middleName", + "familyName", + "affix" +}) +@XmlSeeAlso({ + at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType.AlternativeName.class +}) +public class PersonNameType { + + @XmlElement(name = "FormattedName") + protected List<PersonNameType.FormattedName> formattedName; + @XmlElement(name = "LegalName") + protected String legalName; + @XmlElement(name = "GivenName") + protected List<String> givenName; + @XmlElement(name = "PreferredGivenName") + protected String preferredGivenName; + @XmlElement(name = "MiddleName") + protected String middleName; + @XmlElement(name = "FamilyName") + protected List<PersonNameType.FamilyName> familyName; + @XmlElement(name = "Affix") + protected List<PersonNameType.Affix> affix; + + /** + * Gets the value of the formattedName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the formattedName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getFormattedName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PersonNameType.FormattedName } + * + * + */ + public List<PersonNameType.FormattedName> getFormattedName() { + if (formattedName == null) { + formattedName = new ArrayList<PersonNameType.FormattedName>(); + } + return this.formattedName; + } + + /** + * Gets the value of the legalName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getLegalName() { + return legalName; + } + + /** + * Sets the value of the legalName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setLegalName(String value) { + this.legalName = value; + } + + /** + * Gets the value of the givenName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the givenName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getGivenName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getGivenName() { + if (givenName == null) { + givenName = new ArrayList<String>(); + } + return this.givenName; + } + + /** + * Gets the value of the preferredGivenName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPreferredGivenName() { + return preferredGivenName; + } + + /** + * Sets the value of the preferredGivenName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPreferredGivenName(String value) { + this.preferredGivenName = value; + } + + /** + * Gets the value of the middleName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getMiddleName() { + return middleName; + } + + /** + * Sets the value of the middleName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setMiddleName(String value) { + this.middleName = value; + } + + /** + * Gets the value of the familyName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the familyName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getFamilyName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PersonNameType.FamilyName } + * + * + */ + public List<PersonNameType.FamilyName> getFamilyName() { + if (familyName == null) { + familyName = new ArrayList<PersonNameType.FamilyName>(); + } + return this.familyName; + } + + /** + * Gets the value of the affix property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the affix property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAffix().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PersonNameType.Affix } + * + * + */ + public List<PersonNameType.Affix> getAffix() { + if (affix == null) { + affix = new ArrayList<PersonNameType.Affix>(); + } + return this.affix; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" use="required"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="academicGrade"/> + * <enumeration value="aristocraticPrefix"/> + * <enumeration value="aristocraticTitle"/> + * <enumeration value="familyNamePrefix"/> + * <enumeration value="familyNameSuffix"/> + * <enumeration value="formOfAddress"/> + * <enumeration value="generation"/> + * <enumeration value="qualification"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class Affix { + + @XmlValue + protected String value; + @XmlAttribute(required = true) + protected String type; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="primary" default="undefined"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="true"/> + * <enumeration value="false"/> + * <enumeration value="undefined"/> + * </restriction> + * </simpleType> + * </attribute> + * <attribute name="prefix" type="{http://www.w3.org/2001/XMLSchema}string" /> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class FamilyName { + + @XmlValue + protected String value; + @XmlAttribute + protected String primary; + @XmlAttribute + protected String prefix; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the primary property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPrimary() { + if (primary == null) { + return "undefined"; + } else { + return primary; + } + } + + /** + * Sets the value of the primary property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPrimary(String value) { + this.primary = value; + } + + /** + * Gets the value of the prefix property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPrefix() { + return prefix; + } + + /** + * Sets the value of the prefix property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPrefix(String value) { + this.prefix = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <simpleContent> + * <extension base="<http://www.w3.org/2001/XMLSchema>string"> + * <attribute name="type" default="presentation"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="presentation"/> + * <enumeration value="legal"/> + * <enumeration value="sortOrder"/> + * </restriction> + * </simpleType> + * </attribute> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "value" + }) + public static class FormattedName { + + @XmlValue + protected String value; + @XmlAttribute + protected String type; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + if (type == null) { + return "presentation"; + } else { + return type; + } + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java new file mode 100644 index 000000000..c858f9e8f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PhysicalPersonType.java @@ -0,0 +1,550 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import org.w3c.dom.Element; + + +/** + * physical person + * + * <p>Java class for PhysicalPersonType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PhysicalPersonType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractPersonType"> + * <sequence minOccurs="0"> + * <element name="Name" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/> + * <element name="AlternativeName" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType"> + * <attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" /> + * </extension> + * </complexContent> + * </complexType> + * </element> + * <element name="MaritalStatus" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}MaritalStatusType" minOccurs="0"/> + * <element name="Sex" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}SexType" minOccurs="0"/> + * <element name="DateOfBirth" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}DateOfBirthType" minOccurs="0"/> + * <element name="PlaceOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="CountryOfBirth" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="Nationality" type="{http://www.w3.org/2001/XMLSchema}token" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Confession" type="{http://www.w3.org/2001/XMLSchema}token" minOccurs="0"/> + * <element name="relatedPerson" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PhysicalPersonType", propOrder = { + "name", + "alternativeName", + "maritalStatus", + "sex", + "dateOfBirth", + "placeOfBirth", + "countryOfBirth", + "nationality", + "confession", + "relatedPerson", + "any" +}) +public class PhysicalPersonType + extends AbstractPersonType +{ + + @XmlElement(name = "Name") + protected PersonNameType name; + @XmlElement(name = "AlternativeName") + protected List<PhysicalPersonType.AlternativeName> alternativeName; + @XmlElement(name = "MaritalStatus") + protected MaritalStatusType maritalStatus; + @XmlElement(name = "Sex") + protected SexType sex; + @XmlElement(name = "DateOfBirth") + protected String dateOfBirth; + @XmlElement(name = "PlaceOfBirth") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String placeOfBirth; + @XmlElement(name = "CountryOfBirth") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String countryOfBirth; + @XmlElement(name = "Nationality") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected List<String> nationality; + @XmlElement(name = "Confession") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlSchemaType(name = "token") + protected String confession; + protected List<PhysicalPersonType.RelatedPerson> relatedPerson; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link PersonNameType } + * + */ + public PersonNameType getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link PersonNameType } + * + */ + public void setName(PersonNameType value) { + this.name = value; + } + + /** + * Gets the value of the alternativeName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the alternativeName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAlternativeName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PhysicalPersonType.AlternativeName } + * + * + */ + public List<PhysicalPersonType.AlternativeName> getAlternativeName() { + if (alternativeName == null) { + alternativeName = new ArrayList<PhysicalPersonType.AlternativeName>(); + } + return this.alternativeName; + } + + /** + * Gets the value of the maritalStatus property. + * + * @return + * possible object is + * {@link MaritalStatusType } + * + */ + public MaritalStatusType getMaritalStatus() { + return maritalStatus; + } + + /** + * Sets the value of the maritalStatus property. + * + * @param value + * allowed object is + * {@link MaritalStatusType } + * + */ + public void setMaritalStatus(MaritalStatusType value) { + this.maritalStatus = value; + } + + /** + * Gets the value of the sex property. + * + * @return + * possible object is + * {@link SexType } + * + */ + public SexType getSex() { + return sex; + } + + /** + * Sets the value of the sex property. + * + * @param value + * allowed object is + * {@link SexType } + * + */ + public void setSex(SexType value) { + this.sex = value; + } + + /** + * Gets the value of the dateOfBirth property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getDateOfBirth() { + return dateOfBirth; + } + + /** + * Sets the value of the dateOfBirth property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setDateOfBirth(String value) { + this.dateOfBirth = value; + } + + /** + * Gets the value of the placeOfBirth property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPlaceOfBirth() { + return placeOfBirth; + } + + /** + * Sets the value of the placeOfBirth property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPlaceOfBirth(String value) { + this.placeOfBirth = value; + } + + /** + * Gets the value of the countryOfBirth property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getCountryOfBirth() { + return countryOfBirth; + } + + /** + * Sets the value of the countryOfBirth property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setCountryOfBirth(String value) { + this.countryOfBirth = value; + } + + /** + * Gets the value of the nationality property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the nationality property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getNationality().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getNationality() { + if (nationality == null) { + nationality = new ArrayList<String>(); + } + return this.nationality; + } + + /** + * Gets the value of the confession property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getConfession() { + return confession; + } + + /** + * Sets the value of the confession property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setConfession(String value) { + this.confession = value; + } + + /** + * Gets the value of the relatedPerson property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the relatedPerson property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getRelatedPerson().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PhysicalPersonType.RelatedPerson } + * + * + */ + public List<PhysicalPersonType.RelatedPerson> getRelatedPerson() { + if (relatedPerson == null) { + relatedPerson = new ArrayList<PhysicalPersonType.RelatedPerson>(); + } + return this.relatedPerson; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType"> + * <attribute name="Type" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AlternativeNameTypeType" /> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "") + public static class AlternativeName + extends PersonNameType + { + + @XmlAttribute(name = "Type") + protected String type; + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="TypeOfRelation" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}RelationType" maxOccurs="unbounded"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Person"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "typeOfRelation", + "person" + }) + public static class RelatedPerson { + + @XmlElement(name = "TypeOfRelation", required = true) + protected List<String> typeOfRelation; + @XmlElement(name = "Person", required = true) + protected AbstractPersonType person; + + /** + * Gets the value of the typeOfRelation property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the typeOfRelation property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getTypeOfRelation().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getTypeOfRelation() { + if (typeOfRelation == null) { + typeOfRelation = new ArrayList<String>(); + } + return this.typeOfRelation; + } + + /** + * Gets the value of the person property. + * + * @return + * possible object is + * {@link AbstractPersonType } + * + */ + public AbstractPersonType getPerson() { + return person; + } + + /** + * Sets the value of the person property. + * + * @param value + * allowed object is + * {@link AbstractPersonType } + * + */ + public void setPerson(AbstractPersonType value) { + this.person = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java new file mode 100644 index 000000000..4f6c80200 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/PostalAddressType.java @@ -0,0 +1,611 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for PostalAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PostalAddressType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="CountryCode" minOccurs="0"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <pattern value="[A-Z]{2}"/> + * </restriction> + * </simpleType> + * </element> + * <element name="PostalCode" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="Region" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Municipality" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="DeliveryAddress" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * <element name="Recipient" maxOccurs="unbounded" minOccurs="0"> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/> + * <element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </element> + * </sequence> + * <attribute name="type" default="undefined"> + * <simpleType> + * <restriction base="{http://www.w3.org/2001/XMLSchema}string"> + * <enumeration value="postOfficeBoxAddress"/> + * <enumeration value="streetAddress"/> + * <enumeration value="militaryAddress"/> + * <enumeration value="undefined"/> + * </restriction> + * </simpleType> + * </attribute> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PostalAddressType", propOrder = { + "countryCode", + "postalCode", + "region", + "municipality", + "deliveryAddress", + "recipient" +}) +public class PostalAddressType { + + @XmlElement(name = "CountryCode") + protected String countryCode; + @XmlElement(name = "PostalCode") + protected String postalCode; + @XmlElement(name = "Region") + protected List<String> region; + @XmlElement(name = "Municipality") + protected String municipality; + @XmlElement(name = "DeliveryAddress") + protected PostalAddressType.DeliveryAddress deliveryAddress; + @XmlElement(name = "Recipient") + protected List<PostalAddressType.Recipient> recipient; + @XmlAttribute + protected String type; + + /** + * Gets the value of the countryCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getCountryCode() { + return countryCode; + } + + /** + * Sets the value of the countryCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setCountryCode(String value) { + this.countryCode = value; + } + + /** + * Gets the value of the postalCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPostalCode() { + return postalCode; + } + + /** + * Sets the value of the postalCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPostalCode(String value) { + this.postalCode = value; + } + + /** + * Gets the value of the region property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the region property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getRegion().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getRegion() { + if (region == null) { + region = new ArrayList<String>(); + } + return this.region; + } + + /** + * Gets the value of the municipality property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getMunicipality() { + return municipality; + } + + /** + * Sets the value of the municipality property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setMunicipality(String value) { + this.municipality = value; + } + + /** + * Gets the value of the deliveryAddress property. + * + * @return + * possible object is + * {@link PostalAddressType.DeliveryAddress } + * + */ + public PostalAddressType.DeliveryAddress getDeliveryAddress() { + return deliveryAddress; + } + + /** + * Sets the value of the deliveryAddress property. + * + * @param value + * allowed object is + * {@link PostalAddressType.DeliveryAddress } + * + */ + public void setDeliveryAddress(PostalAddressType.DeliveryAddress value) { + this.deliveryAddress = value; + } + + /** + * Gets the value of the recipient property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the recipient property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getRecipient().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link PostalAddressType.Recipient } + * + * + */ + public List<PostalAddressType.Recipient> getRecipient() { + if (recipient == null) { + recipient = new ArrayList<PostalAddressType.Recipient>(); + } + return this.recipient; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + if (type == null) { + return "undefined"; + } else { + return type; + } + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="AddressLine" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="StreetName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="BuildingNumber" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="Unit" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="PostOfficeBox" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "addressLine", + "streetName", + "buildingNumber", + "unit", + "postOfficeBox" + }) + public static class DeliveryAddress { + + @XmlElement(name = "AddressLine") + protected List<String> addressLine; + @XmlElement(name = "StreetName") + protected String streetName; + @XmlElement(name = "BuildingNumber") + protected String buildingNumber; + @XmlElement(name = "Unit") + protected String unit; + @XmlElement(name = "PostOfficeBox") + protected String postOfficeBox; + + /** + * Gets the value of the addressLine property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the addressLine property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAddressLine().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAddressLine() { + if (addressLine == null) { + addressLine = new ArrayList<String>(); + } + return this.addressLine; + } + + /** + * Gets the value of the streetName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getStreetName() { + return streetName; + } + + /** + * Sets the value of the streetName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setStreetName(String value) { + this.streetName = value; + } + + /** + * Gets the value of the buildingNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getBuildingNumber() { + return buildingNumber; + } + + /** + * Sets the value of the buildingNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setBuildingNumber(String value) { + this.buildingNumber = value; + } + + /** + * Gets the value of the unit property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getUnit() { + return unit; + } + + /** + * Sets the value of the unit property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setUnit(String value) { + this.unit = value; + } + + /** + * Gets the value of the postOfficeBox property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPostOfficeBox() { + return postOfficeBox; + } + + /** + * Sets the value of the postOfficeBox property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPostOfficeBox(String value) { + this.postOfficeBox = value; + } + + } + + + /** + * <p>Java class for anonymous complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="PersonName" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PersonNameType" minOccurs="0"/> + * <element name="AdditionalText" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Organization" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="OrganizationName" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ + @XmlAccessorType(XmlAccessType.FIELD) + @XmlType(name = "", propOrder = { + "personName", + "additionalText", + "organization", + "organizationName" + }) + public static class Recipient { + + @XmlElement(name = "PersonName") + protected PersonNameType personName; + @XmlElement(name = "AdditionalText") + protected List<String> additionalText; + @XmlElement(name = "Organization") + protected String organization; + @XmlElement(name = "OrganizationName") + protected String organizationName; + + /** + * Gets the value of the personName property. + * + * @return + * possible object is + * {@link PersonNameType } + * + */ + public PersonNameType getPersonName() { + return personName; + } + + /** + * Sets the value of the personName property. + * + * @param value + * allowed object is + * {@link PersonNameType } + * + */ + public void setPersonName(PersonNameType value) { + this.personName = value; + } + + /** + * Gets the value of the additionalText property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the additionalText property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAdditionalText().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getAdditionalText() { + if (additionalText == null) { + additionalText = new ArrayList<String>(); + } + return this.additionalText; + } + + /** + * Gets the value of the organization property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getOrganization() { + return organization; + } + + /** + * Sets the value of the organization property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setOrganization(String value) { + this.organization = value; + } + + /** + * Gets the value of the organizationName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getOrganizationName() { + return organizationName; + } + + /** + * Sets the value of the organizationName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setOrganizationName(String value) { + this.organizationName = value; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java new file mode 100644 index 000000000..7533e2fd4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/SexType.java @@ -0,0 +1,61 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlEnum; +import javax.xml.bind.annotation.XmlEnumValue; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for SexType. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * <p> + * <pre> + * <simpleType name="SexType"> + * <restriction base="{http://www.w3.org/2001/XMLSchema}token"> + * <enumeration value="male"/> + * <enumeration value="female"/> + * <enumeration value="unknown"/> + * </restriction> + * </simpleType> + * </pre> + * + */ +@XmlType(name = "SexType") +@XmlEnum +public enum SexType { + + @XmlEnumValue("male") + MALE("male"), + @XmlEnumValue("female") + FEMALE("female"), + @XmlEnumValue("unknown") + UNKNOWN("unknown"); + private final String value; + + SexType(String v) { + value = v; + } + + public String value() { + return value; + } + + public static SexType fromValue(String v) { + for (SexType c: SexType.values()) { + if (c.value.equals(v)) { + return c; + } + } + throw new IllegalArgumentException(v); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java new file mode 100644 index 000000000..55db75831 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberListType.java @@ -0,0 +1,181 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for TelcomNumberListType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TelcomNumberListType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Telephone" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Mobile" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Fax" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}Pager" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TTYTDD" minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TelcomNumberListType", propOrder = { + "telephone", + "mobile", + "fax", + "pager", + "ttytdd" +}) +public class TelcomNumberListType { + + @XmlElement(name = "Telephone") + protected TelcomNumberType telephone; + @XmlElement(name = "Mobile") + protected MobileTelcomNumberType mobile; + @XmlElement(name = "Fax") + protected TelcomNumberType fax; + @XmlElement(name = "Pager") + protected TelcomNumberType pager; + @XmlElement(name = "TTYTDD") + protected TelcomNumberType ttytdd; + + /** + * Gets the value of the telephone property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getTelephone() { + return telephone; + } + + /** + * Sets the value of the telephone property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setTelephone(TelcomNumberType value) { + this.telephone = value; + } + + /** + * Gets the value of the mobile property. + * + * @return + * possible object is + * {@link MobileTelcomNumberType } + * + */ + public MobileTelcomNumberType getMobile() { + return mobile; + } + + /** + * Sets the value of the mobile property. + * + * @param value + * allowed object is + * {@link MobileTelcomNumberType } + * + */ + public void setMobile(MobileTelcomNumberType value) { + this.mobile = value; + } + + /** + * Gets the value of the fax property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getFax() { + return fax; + } + + /** + * Sets the value of the fax property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setFax(TelcomNumberType value) { + this.fax = value; + } + + /** + * Gets the value of the pager property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getPager() { + return pager; + } + + /** + * Sets the value of the pager property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setPager(TelcomNumberType value) { + this.pager = value; + } + + /** + * Gets the value of the ttytdd property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getTTYTDD() { + return ttytdd; + } + + /** + * Sets the value of the ttytdd property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setTTYTDD(TelcomNumberType value) { + this.ttytdd = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java new file mode 100644 index 000000000..dfff3a208 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelcomNumberType.java @@ -0,0 +1,209 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSeeAlso; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for TelcomNumberType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TelcomNumberType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}FormattedNumber"/> + * <group ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberGroup"/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TelcomNumberType", propOrder = { + "formattedNumber", + "internationalCountryCode", + "nationalNumber", + "areaCityCode", + "subscriberNumber", + "extension" +}) +@XmlSeeAlso({ + MobileTelcomNumberType.class +}) +public class TelcomNumberType { + + @XmlElement(name = "FormattedNumber") + protected String formattedNumber; + @XmlElement(name = "InternationalCountryCode") + protected String internationalCountryCode; + @XmlElement(name = "NationalNumber") + protected String nationalNumber; + @XmlElement(name = "AreaCityCode") + protected String areaCityCode; + @XmlElement(name = "SubscriberNumber") + protected String subscriberNumber; + @XmlElement(name = "Extension") + protected String extension; + + /** + * Gets the value of the formattedNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getFormattedNumber() { + return formattedNumber; + } + + /** + * Sets the value of the formattedNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setFormattedNumber(String value) { + this.formattedNumber = value; + } + + /** + * Gets the value of the internationalCountryCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getInternationalCountryCode() { + return internationalCountryCode; + } + + /** + * Sets the value of the internationalCountryCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setInternationalCountryCode(String value) { + this.internationalCountryCode = value; + } + + /** + * Gets the value of the nationalNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getNationalNumber() { + return nationalNumber; + } + + /** + * Sets the value of the nationalNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setNationalNumber(String value) { + this.nationalNumber = value; + } + + /** + * Gets the value of the areaCityCode property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAreaCityCode() { + return areaCityCode; + } + + /** + * Sets the value of the areaCityCode property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAreaCityCode(String value) { + this.areaCityCode = value; + } + + /** + * Gets the value of the subscriberNumber property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getSubscriberNumber() { + return subscriberNumber; + } + + /** + * Sets the value of the subscriberNumber property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setSubscriberNumber(String value) { + this.subscriberNumber = value; + } + + /** + * Gets the value of the extension property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getExtension() { + return extension; + } + + /** + * Sets the value of the extension property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setExtension(String value) { + this.extension = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java new file mode 100644 index 000000000..ae87ba6ce --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TelephoneAddressType.java @@ -0,0 +1,147 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * phone numbers + * + * <p>Java class for TelephoneAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TelephoneAddressType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType"> + * <sequence minOccurs="0"> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" maxOccurs="unbounded" minOccurs="0"/> + * <element name="Number" type="{http://reference.e-government.gv.at/namespace/persondata/20020228#}TelcomNumberType"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TelephoneAddressType", propOrder = { + "type", + "number", + "any" +}) +public class TelephoneAddressType + extends AbstractAddressType +{ + + @XmlElement(name = "Type") + @XmlSchemaType(name = "anyURI") + protected List<String> type; + @XmlElement(name = "Number") + protected TelcomNumberType number; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the type property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the type property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getType().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * + * + */ + public List<String> getType() { + if (type == null) { + type = new ArrayList<String>(); + } + return this.type; + } + + /** + * Gets the value of the number property. + * + * @return + * possible object is + * {@link TelcomNumberType } + * + */ + public TelcomNumberType getNumber() { + return number; + } + + /** + * Sets the value of the number property. + * + * @param value + * allowed object is + * {@link TelcomNumberType } + * + */ + public void setNumber(TelcomNumberType value) { + this.number = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java new file mode 100644 index 000000000..4838c4cc7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/TypedPostalAddressType.java @@ -0,0 +1,142 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package at.gv.e_government.reference.namespace.persondata._20020228_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * postal address + * + * <p>Java class for TypedPostalAddressType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TypedPostalAddressType"> + * <complexContent> + * <extension base="{http://reference.e-government.gv.at/namespace/persondata/20020228#}AbstractAddressType"> + * <sequence minOccurs="0"> + * <element name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" minOccurs="0"/> + * <element ref="{http://reference.e-government.gv.at/namespace/persondata/20020228#}PostalAddress"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <anyAttribute namespace='##other'/> + * </extension> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TypedPostalAddressType", propOrder = { + "type", + "postalAddress", + "any" +}) +public class TypedPostalAddressType + extends AbstractAddressType +{ + + @XmlElement(name = "Type") + @XmlSchemaType(name = "anyURI") + protected String type; + @XmlElement(name = "PostalAddress") + protected PostalAddressType postalAddress; + @XmlAnyElement(lax = true) + protected List<Object> any; + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + + /** + * Gets the value of the postalAddress property. + * + * @return + * possible object is + * {@link PostalAddressType } + * + */ + public PostalAddressType getPostalAddress() { + return postalAddress; + } + + /** + * Sets the value of the postalAddress property. + * + * @param value + * allowed object is + * {@link PostalAddressType } + * + */ + public void setPostalAddress(PostalAddressType value) { + this.postalAddress = value; + } + + /** + * Gets the value of the any property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the any property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getAny() { + if (any == null) { + any = new ArrayList<Object>(); + } + return this.any; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java new file mode 100644 index 000000000..c866662d1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/e_government/reference/namespace/persondata/_20020228_/package-info.java @@ -0,0 +1,9 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + +@javax.xml.bind.annotation.XmlSchema(namespace = "http://reference.e-government.gv.at/namespace/persondata/20020228#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) +package at.gv.e_government.reference.namespace.persondata._20020228_; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d783c74d9..89adbce3f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -23,17 +23,19 @@ package at.gv.egovernment.moa.id.auth; +import iaik.asn1.ObjectID; import iaik.pki.PKIException; +import iaik.x509.CertificateFactory; import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; import java.io.ByteArrayInputStream; -import java.io.File; import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; +//import java.security.cert.CertificateFactory; import java.util.ArrayList; import java.util.Calendar; import java.util.Date; @@ -57,6 +59,7 @@ import org.opensaml.xml.util.Base64; import org.opensaml.xml.util.XMLHelper; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; @@ -66,7 +69,6 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; @@ -75,7 +77,6 @@ import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; -import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -89,13 +90,13 @@ import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet; import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; -import at.gv.egovernment.moa.id.auth.stork.STORKException; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; @@ -107,6 +108,8 @@ import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentity import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; @@ -117,6 +120,9 @@ import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; import at.gv.egovernment.moa.id.config.stork.CPEPS; import at.gv.egovernment.moa.id.config.stork.STORKConfig; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; @@ -130,7 +136,9 @@ import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.XPathUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; @@ -154,18 +162,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { /** single instance */ private static AuthenticationServer instance; /** session data store (session ID -> AuthenticationSession) */ - private static Map sessionStore = new HashMap(); - /** authentication data store (assertion handle -> AuthenticationData) */ - private static Map authenticationDataStore = new HashMap(); + //private static Map sessionStore = new HashMap(); + /** * time out in milliseconds used by {@link cleanup} for session store */ - private long sessionTimeOut = 10 * 60 * 1000; // default 10 minutes + private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes + private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ - private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes /** * Returns the single instance of <code>AuthenticationServer</code>. @@ -185,132 +193,144 @@ public class AuthenticationServer implements MOAIDAuthConstants { super(); } - /** - * Processes request to select a BKU. <br/> - * Processing depends on value of - * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/> - * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> - * for the "BKU Auswahl" service is returned. <br/> - * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU - * selection is returned. - * - * @param authURL - * base URL of MOA-ID Auth component - * @param target - * "Geschäftsbereich" - * @param oaURL - * online application URL requested - * @param bkuSelectionTemplateURL - * template for BKU selection form to be used in case of - * <code>HTMLSelect</code>; may be null - * @param templateURL - * URL providing an HTML template for the HTML form to be used - * for call <code>startAuthentication</code> - * @return for <code>bkuSelectionType==HTMLComplete</code>, the - * <code>returnURI</code> for the "BKU Auswahl" service; for - * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU - * selection - * @throws WrongParametersException - * upon missing parameters - * @throws AuthenticationException - * when the configured BKU selection service cannot be reached, - * and when the given bkuSelectionTemplateURL cannot be reached - * @throws ConfigurationException - * on missing configuration data - * @throws BuildException - * while building the HTML form - */ - public String selectBKU(String authURL, String target, String oaURL, - String bkuSelectionTemplateURL, String templateURL) - throws WrongParametersException, AuthenticationException, - ConfigurationException, BuildException { - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", new Object[] { authURL - + "*" }); - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, - "auth.05"); - - ConnectionParameter bkuConnParam = AuthConfigurationProvider - .getInstance().getBKUConnectionParameter(); - if (bkuConnParam == null) - throw new ConfigurationException("config.08", - new Object[] { "BKUSelection/ConnectionParameter" }); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (!isEmpty(target)) { - Logger - .info("Ignoring target parameter thus application type is \"businessService\""); - } - target = null; - } - - AuthenticationSession session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - String returnURL = new DataURLBuilder().buildDataURL(authURL, - REQ_START_AUTHENTICATION, session.getSessionID()); - String bkuSelectionType = AuthConfigurationProvider.getInstance() - .getBKUSelectionType(); - if (bkuSelectionType - .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = bkuConnParam.getUrl() + "?" - + AuthServlet.PARAM_RETURN + "=" + returnURL; - return redirectURL; - } else { - // bkuSelectionType==HTMLSelect - String bkuSelectTag; - try { - bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider - .getInstance(), bkuConnParam); - } catch (Throwable ex) { - throw new AuthenticationException("auth.11", new Object[] { - bkuConnParam.getUrl(), ex.toString() }, ex); - } - String bkuSelectionTemplate = null; - // override template url by url from configuration file - if (oaParam.getBkuSelectionTemplateURL() != null) { - bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); - } - if (bkuSelectionTemplateURL != null) { - try { - bkuSelectionTemplate = new String(FileUtils - .readURL(bkuSelectionTemplateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - bkuSelectionTemplateURL, ex.toString() }, ex); - } - } - String htmlForm = new SelectBKUFormBuilder().build( - bkuSelectionTemplate, returnURL, bkuSelectTag); - return htmlForm; - } - } +// /** +// * Processes request to select a BKU. <br/> +// * Processing depends on value of +// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/> +// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code> +// * for the "BKU Auswahl" service is returned. <br/> +// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU +// * selection is returned. +// * +// * @param authURL +// * base URL of MOA-ID Auth component +// * @param target +// * "Geschäftsbereich" +// * @param oaURL +// * online application URL requested +// * @param bkuSelectionTemplateURL +// * template for BKU selection form to be used in case of +// * <code>HTMLSelect</code>; may be null +// * @param templateURL +// * URL providing an HTML template for the HTML form to be used +// * for call <code>startAuthentication</code> +// * @return for <code>bkuSelectionType==HTMLComplete</code>, the +// * <code>returnURI</code> for the "BKU Auswahl" service; for +// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU +// * selection +// * @throws WrongParametersException +// * upon missing parameters +// * @throws AuthenticationException +// * when the configured BKU selection service cannot be reached, +// * and when the given bkuSelectionTemplateURL cannot be reached +// * @throws ConfigurationException +// * on missing configuration data +// * @throws BuildException +// * while building the HTML form +// */ +// public String selectBKU(String authURL, String target, String oaURL, +// String bkuSelectionTemplateURL, String templateURL) +// throws WrongParametersException, AuthenticationException, +// ConfigurationException, BuildException { +// +// // check if HTTP Connection may be allowed (through +// // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); +// if ((!authURL.startsWith("https:")) +// && (false == BoolUtils.valueOf(boolStr))) +// throw new AuthenticationException("auth.07", new Object[] { authURL +// + "*" }); +// if (isEmpty(authURL)) +// throw new WrongParametersException("StartAuthentication", +// "AuthURL", "auth.05"); +// if (isEmpty(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.05"); +// +// ConnectionParameter bkuConnParam = AuthConfigurationProvider +// .getInstance().getBKUConnectionParameter(); +// if (bkuConnParam == null) +// throw new ConfigurationException("config.08", +// new Object[] { "BKUSelection/ConnectionParameter" }); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// if (!oaParam.getBusinessService()) { +// if (isEmpty(target)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_TARGET, "auth.05"); +// } else { +// if (!isEmpty(target)) { +// Logger +// .info("Ignoring target parameter thus application type is \"businessService\""); +// } +// target = null; +// } +// +// AuthenticationSession session = newSession(); +// Logger.info("MOASession " + session.getSessionID() + " angelegt"); +// session.setTarget(target); +// session.setOAURLRequested(oaURL); +// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); +// session.setAuthURL(authURL); +// session.setTemplateURL(templateURL); +// session.setBusinessService(oaParam.getBusinessService()); +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +// +// String returnURL = new DataURLBuilder().buildDataURL(authURL, +// REQ_START_AUTHENTICATION, session.getSessionID()); +// String bkuSelectionType = AuthConfigurationProvider.getInstance() +// .getBKUSelectionType(); +// if (bkuSelectionType +// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = bkuConnParam.getUrl() + "?" +// + AuthServlet.PARAM_RETURN + "=" + returnURL; +// return redirectURL; +// } else { +// // bkuSelectionType==HTMLSelect +// String bkuSelectTag; +// try { +// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider +// .getInstance(), bkuConnParam); +// } catch (Throwable ex) { +// throw new AuthenticationException("auth.11", new Object[] { +// bkuConnParam.getUrl(), ex.toString() }, ex); +// } +// String bkuSelectionTemplate = null; +// +// //removed in MOAID 2.0 +// // override template url by url from configuration file +//// if (oaParam.getBkuSelectionTemplateURL() != null) { +//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL(); +//// } +// +//// if (bkuSelectionTemplateURL != null) { +//// try { +//// bkuSelectionTemplate = new String(FileUtils +//// .readURL(bkuSelectionTemplateURL)); +//// } catch (IOException ex) { +//// throw new AuthenticationException("auth.03", new Object[] { +//// bkuSelectionTemplateURL, ex.toString() }, ex); +//// } +//// } +// +// String htmlForm = new SelectBKUFormBuilder().build( +// bkuSelectionTemplate, returnURL, bkuSelectTag); +// return htmlForm; +// } +// } /** * Method readBKUSelectTag. @@ -382,131 +402,78 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @see GetIdentityLinkFormBuilder * @see InfoboxReadRequestBuilder */ - public String startAuthentication(String authURL, String target, - String targetFriendlyName, String oaURL, String templateURL, - String bkuURL, String useMandate, String sessionID, String scheme, - String sourceID) throws WrongParametersException, + public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException { - String useMandateString = null; - boolean useMandateBoolean = false; - if ((useMandate != null) && (useMandate.compareTo("") != 0)) { - useMandateString = useMandate; - } else { - useMandateString = "false"; + if (session == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - - if (useMandateString.compareToIgnoreCase("true") == 0) - useMandateBoolean = true; - else - useMandateBoolean = false; - - if (isEmpty(sessionID)) { - if (isEmpty(authURL)) - throw new WrongParametersException("StartAuthentication", - "AuthURL", "auth.05"); - - // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider - .getInstance() - .getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - if (isEmpty(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.05"); - } - AuthenticationSession session; - OAAuthParameter oaParam; - if (sessionID != null) { - session = getSession(sessionID); - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } else { - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", - new Object[] { oaURL }); - if (!oaParam.getBusinessService()) { - if (isEmpty(target)) - throw new WrongParametersException("StartAuthentication", - PARAM_TARGET, "auth.05"); - } else { - if (useMandateBoolean) { - Logger - .error("Online-Mandate Mode for bussines application not supported."); - throw new AuthenticationException("auth.17", null); - } - target = null; - targetFriendlyName = null; + + //load OnlineApplication configuration + OAAuthParameter oaParam = + AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { session.getPublicOAURLPrefix() }); + + //load Template + String template = null; + if (session.getTemplateURL() != null) { + try { + template = new String(FileUtils.readURL(session.getTemplateURL())); + } catch (IOException ex) { + throw new AuthenticationException("auth.03", new Object[] { + session.getTemplateURL(), ex.toString() }, ex); } - session = newSession(); - Logger.info("MOASession " + session.getSessionID() + " angelegt"); - session.setTarget(target); - session.setTargetFriendlyName(targetFriendlyName); - session.setOAURLRequested(oaURL); - session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - session.setAuthURL(authURL); - session.setTemplateURL(templateURL); - session.setBusinessService(oaParam.getBusinessService()); - if (sourceID != null) - session.setSourceID(sourceID); } - // BKU URL has not been set yet, even if session already exists - if (bkuURL == null) { - if (scheme != null && scheme.equalsIgnoreCase("https")) { - bkuURL = DEFAULT_BKU_HTTPS; - } else { - bkuURL = DEFAULT_BKU; + + String infoboxReadRequest = ""; + + if (session.isSsoRequested()) { + //load identityLink with SSO Target + boolean isbuisness = false; + String domainIdentifier = ""; + IdentificationNumber ssobusiness = AuthConfigurationProvider.getInstance().getSSOBusinessService(); + if (ssobusiness != null) { + isbuisness = true; + domainIdentifier = ssobusiness.getValue(); } - } - session.setBkuURL(bkuURL); - session.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - session.setUseMandate(useMandateString); - String infoboxReadRequest = new InfoboxReadRequestBuilder().build( - oaParam.getSlVersion12(), oaParam.getBusinessService(), oaParam + + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.isSlVersion12(), isbuisness, domainIdentifier); + + } else { + //build ReadInfobox request + infoboxReadRequest = new InfoboxReadRequestBuilder().build( + oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam .getIdentityLinkDomainIdentifier()); + } + String dataURL = new DataURLBuilder().buildDataURL( session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session .getSessionID()); - String template = null; - // override template url by url from configuration file - if (oaParam.getTemplateURL() != null) { - templateURL = oaParam.getTemplateURL(); - } else { - templateURL = session.getTemplateURL(); - } - if (templateURL != null) { - try { - template = new String(FileUtils.readURL(templateURL)); - } catch (IOException ex) { - throw new AuthenticationException("auth.03", new Object[] { - templateURL, ex.toString() }, ex); - } - } - + + //removed in MOAID 2.0 String pushInfobox = ""; - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); - if (verifyInfoboxParameters != null) { - pushInfobox = verifyInfoboxParameters.getPushInfobox(); - session.setPushInfobox(pushInfobox); - } +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// if (verifyInfoboxParameters != null) { +// pushInfobox = verifyInfoboxParameters.getPushInfobox(); +// session.setPushInfobox(pushInfobox); +// } + + //build CertInfo request String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder() - .build(oaParam.getSlVersion12()); + .build(oaParam.isSlVersion12()); String certInfoDataURL = new DataURLBuilder() .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION, session.getSessionID()); + String htmlForm = new GetIdentityLinkFormBuilder().build(template, - bkuURL, infoboxReadRequest, dataURL, certInfoRequest, + session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest, certInfoDataURL, pushInfobox); + return htmlForm; } @@ -535,12 +502,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyIdentityLink(String sessionID, + public String verifyIdentityLink(AuthenticationSession session, Map infoboxReadResponseParameters) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID }); @@ -553,10 +520,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); - if (session.getTimestampIdentityLink() != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); +// AuthenticationSession session = getSession(sessionID); +// if (session.getTimestampIdentityLink() != null) +// throw new AuthenticationException("auth.01", +// new Object[] { sessionID }); + session.setTimestampIdentityLink(); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -639,11 +607,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { session.setIdentityLink(identityLink); // now validate the extended infoboxes - verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam - .getProvideStammzahl()); + + //TODO: check correctness +// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam +// .getProvideStammzahl()); + verifyInfoboxes(session, infoboxReadResponseParameters, false); - return getCreateXMLSignatureRequestAuthBlockOrRedirect(session, - authConf, oaParam); + + //TODO: make it better!! + return "found!"; } /** @@ -671,31 +643,40 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String verifyCertificate(String sessionID, + public String verifyCertificate(AuthenticationSession session, X509Certificate certificate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, - ValidateException, ServiceException { + ValidateException, ServiceException, MOAIDException{ - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); // check if person is a Organwalter // if true - don't show bPK in AUTH Block - boolean isOW = false; -// String oid = null; -// if (oid.equalsIgnoreCase(MISMandate.OID_ORGANWALTER)) -// isOW = true; -// - AuthenticationSession session = getSession(sessionID); + try { + for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) { + if (certificate.getExtension(OWid) != null) { + session.setOW(true); + } + + } + + } catch (X509ExtensionInitException e) { + Logger.warn("Certificate extension is not readable."); + session.setOW(false); + } + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - return getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(session, - authConf, oaParam, isOW); + String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + + return returnvalue; } /** @@ -717,22 +698,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public void verifyMandate(String sessionID, MISMandate mandate) + public void verifyMandate(AuthenticationSession session, MISMandate mandate) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { GET_MIS_SESSIONID, PARAM_SESSIONID }); - String sMandate = new String(mandate.getMandate()); - if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { - Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); @@ -740,6 +714,10 @@ public class AuthenticationServer implements MOAIDAuthConstants { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam .getBusinessService()); + + validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService()); + + } catch (SAXException e) { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); @@ -753,27 +731,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID }, e); } - - if (oaParam.getProvideFullMandatorData()) { - try { - // set extended SAML attributes if provideMandatorData is true - setExtendedSAMLAttributeForMandates(session, mandate, oaParam - .getBusinessService(), oaParam.getProvideStammzahl()); - } catch (SAXException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (IOException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } catch (TransformerException e) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }, e); - } - } - + } /** @@ -802,17 +760,19 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getOnlineApplicationParameter( session.getPublicOAURLPrefix()); + //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink // if (!fromMandate) { // BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals( +// Constants.URN_PREFIX_BASEID)) { +// // only compute bPK if online application is a public service and we +// // have the Stammzahl +// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +// .getIdentificationValue(), session.getTarget()); +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +// } // ..BZ // } @@ -821,81 +781,88 @@ public class AuthenticationServer implements MOAIDAuthConstants { // session.setAuthBlock(authBlock); // builds the <CreateXMLSignatureRequest> - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { + List<String> transformsInfos = oaParam.getTransformsInfos(); + if ((transformsInfos == null) || (transformsInfos.size() == 0)) { // no OA specific transforms specified, use default ones transformsInfos = authConf.getTransformsInfos(); } String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); + transformsInfos, oaParam.isSlVersion12()); return createXMLSignatureRequest; } - /** - * - * @param session - * @param authConf - * @param oaParam - * @return - * @throws ConfigurationException - * @throws BuildException - * @throws ValidateException - */ - public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( - AuthenticationSession session, AuthConfigurationProvider authConf, - OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, - BuildException, ValidateException { - - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; - - if (authConf == null) - authConf = AuthConfigurationProvider.getInstance(); - if (oaParam == null) - oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - - // BZ.., calculate bPK for signing to be already present in AuthBlock - IdentityLink identityLink = session.getIdentityLink(); - if (identityLink.getIdentificationType().equals( - Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we - // have the Stammzahl - if (isOW) { - // if person is OW, delete identification value (bPK is calculated via MIS) - identityLink.setIdentificationValue(null); - identityLink.setIdentificationType(null); - } - else { - String bpkBase64 = new BPKBuilder().buildBPK(identityLink - .getIdentificationValue(), session.getTarget()); - identityLink.setIdentificationValue(bpkBase64); - } - } - // ..BZ - // } - - // builds the AUTH-block - String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); - - // session.setAuthBlock(authBlock); - // builds the <CreateXMLSignatureRequest> - String[] transformsInfos = oaParam.getTransformsInfos(); - if ((transformsInfos == null) || (transformsInfos.length == 0)) { - // no OA specific transforms specified, use default ones - transformsInfos = authConf.getTransformsInfos(); - } - String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() - .build(authBlock, oaParam.getKeyBoxIdentifier(), - transformsInfos, oaParam.getSlVersion12()); - - System.out.println("XML: " + createXMLSignatureRequest); - - return createXMLSignatureRequest; - } +// /** +// * +// * @param session +// * @param authConf +// * @param oaParam +// * @return +// * @throws ConfigurationException +// * @throws BuildException +// * @throws ValidateException +// */ +// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW( +// AuthenticationSession session, AuthConfigurationProvider authConf, +// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException, +// BuildException, ValidateException { +// +// // check for intermediate processing of the infoboxes +// if (session.isValidatorInputPending()) +// return "Redirect to Input Processor"; +// +// if (authConf == null) +// authConf = AuthConfigurationProvider.getInstance(); +// if (oaParam == null) +// oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter( +// session.getPublicOAURLPrefix()); +// +// // BZ.., calculate bPK for signing to be already present in AuthBlock +// IdentityLink identityLink = session.getIdentityLink(); +// if (identityLink.getIdentificationType().equals( +// Constants.URN_PREFIX_BASEID)) { +// +// // only compute bPK if online application is a public service and we +// // have the Stammzahl +//// if (isOW) { +//// // if person is OW, delete identification value (bPK is calculated via MIS) +//// identityLink.setIdentificationValue(null); +//// identityLink.setIdentificationType(null); +//// } +//// else { +// +// //TODO: check correctness!!! bpk calcultion is done during Assertion generation +//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink +//// .getIdentificationValue(), session.getTarget()); +//// identityLink.setIdentificationValue(bpkBase64); +//// +//// //TODO: insert correct Type!!!! +//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); +//// } +// +// } +// // ..BZ +// // } +// +// // builds the AUTH-block +// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW); +// +// // session.setAuthBlock(authBlock); +// // builds the <CreateXMLSignatureRequest> +// List<String> transformsInfos = oaParam.getTransformsInfos(); +// if ((transformsInfos == null) || (transformsInfos.size() == 0)) { +// // no OA specific transforms specified, use default ones +// transformsInfos = authConf.getTransformsInfos(); +// } +// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() +// .build(authBlock, oaParam.getKeyBoxIdentifier(), +// transformsInfos, oaParam.isSlVersion12()); +// +// System.out.println("XML: " + createXMLSignatureRequest); +// +// return createXMLSignatureRequest; +// } /** * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br> * <ul> @@ -909,16 +876,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return String representation of the * <code><CreateXMLSignatureRequest></code> */ - public String createXMLSignatureRequestForeignID(String sessionID, + public String createXMLSignatureRequestForeignID(AuthenticationSession session, X509Certificate cert) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ValidateException, ServiceException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); +// AuthenticationSession session = getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); @@ -926,6 +893,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + //session.setSignerCertificate(cert); + return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam, cert); } @@ -986,7 +955,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[] { REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); /* * if (session.getTimestampIdentityLink() != null) throw new * AuthenticationException("auth.01", new Object[] { sessionID }); @@ -1077,85 +1046,148 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException { + IdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); - - String issueInstant = DateTimeUtils.buildDateTime(Calendar - .getInstance(), oaParam.getUseUTC()); - session.setIssueInstant(issueInstant); - String authURL = session.getAuthURL(); - String target = session.getTarget(); - String targetFriendlyName = session.getTargetFriendlyName(); - // Bug #485 - // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) - // String oaURL = session.getPublicOAURLPrefix(); - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - String authBlock = new AuthenticationBlockAssertionBuilder() - .buildAuthBlock(issuer, issueInstant, authURL, target, - targetFriendlyName, identificationValue, - identificationType, oaURL, gebDat, - extendedSAMLAttributes, session); - return authBlock; - } - - /** - * Builds an authentication block <code><saml:Assertion></code> from - * given session data. - * - * @param session - * authentication session - * - * @return <code><saml:Assertion></code> as a String - * - * @throws BuildException - * If an error occurs on serializing an extended SAML attribute - * to be appended to the AUTH-Block. - */ - private String buildAuthenticationBlockForOW(AuthenticationSession session, - OAAuthParameter oaParam, boolean isOW) throws BuildException { - IdentityLink identityLink = session.getIdentityLink(); - String issuer = identityLink.getName(); - String gebDat = identityLink.getDateOfBirth(); - String identificationValue = identityLink.getIdentificationValue(); - String identificationType = identityLink.getIdentificationType(); + String identificationValue = null; + String identificationType = null; + + if (identityLink.getIdentificationType().equals( + Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we + // have the Stammzahl + + + if (session.isSsoRequested()) { + identificationType = ""; + identificationValue = ""; + + } else { + String bpkBase64 = new BPKBuilder().buildBPK(identityLink + .getIdentificationValue(), session.getTarget()); + identificationValue = bpkBase64; + identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget(); + } + +// identityLink.setIdentificationValue(bpkBase64); +// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget()); + + } else { + identificationValue = identityLink.getIdentificationValue(); + identificationType = identityLink.getIdentificationType(); + + } + //set empty AuthBlock BPK in case of OW + if (session.isOW()) { + identificationType = ""; + identificationValue = ""; + } + String issueInstant = DateTimeUtils.buildDateTime(Calendar .getInstance(), oaParam.getUseUTC()); session.setIssueInstant(issueInstant); String authURL = session.getAuthURL(); String target = session.getTarget(); String targetFriendlyName = session.getTargetFriendlyName(); + // Bug #485 // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) // String oaURL = session.getPublicOAURLPrefix(); - String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - Iterator it = extendedSAMLAttributes.iterator(); - // delete bPK attribute from extended SAML attributes - if (isOW) { - ExtendedSAMLAttribute toDelete = null; - while (it.hasNext()) { - ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); - if (attr.getName().equalsIgnoreCase("bPK")) - toDelete = attr; - } - if (toDelete != null) - extendedSAMLAttributes.remove(toDelete); - } - String authBlock = new AuthenticationBlockAssertionBuilder() + + if (session.isSsoRequested()) { + String oaURL =new String(); + try { + oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl(); + + if (MiscUtil.isNotEmpty(oaURL)) + oaURL = oaURL.replaceAll("&", "&"); + + } catch (ConfigurationException e) { + } + String authBlock = new AuthenticationBlockAssertionBuilder() + .buildAuthBlockSSO(issuer, issueInstant, authURL, target, + targetFriendlyName, identificationValue, + identificationType, oaURL, gebDat, + extendedSAMLAttributes, session, oaParam); + return authBlock; + + } else { + String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); + String authBlock = new AuthenticationBlockAssertionBuilder() .buildAuthBlock(issuer, issueInstant, authURL, target, targetFriendlyName, identificationValue, identificationType, oaURL, gebDat, - extendedSAMLAttributes, session); + extendedSAMLAttributes, session, oaParam); + return authBlock; + } + - return authBlock; + + + } + +// /** +// * Builds an authentication block <code><saml:Assertion></code> from +// * given session data. +// * +// * @param session +// * authentication session +// * +// * @return <code><saml:Assertion></code> as a String +// * +// * @throws BuildException +// * If an error occurs on serializing an extended SAML attribute +// * to be appended to the AUTH-Block. +// */ +// private String buildAuthenticationBlockForOW(AuthenticationSession session, +// OAAuthParameter oaParam, boolean isOW) throws BuildException { +// IdentityLink identityLink = session.getIdentityLink(); +// String issuer = identityLink.getName(); +// String gebDat = identityLink.getDateOfBirth(); +// String identificationValue = identityLink.getIdentificationValue(); +// String identificationType = identityLink.getIdentificationType(); +// +// String issueInstant = DateTimeUtils.buildDateTime(Calendar +// .getInstance(), oaParam.getUseUTC()); +// session.setIssueInstant(issueInstant); +// String authURL = session.getAuthURL(); +// String target = session.getTarget(); +// String targetFriendlyName = session.getTargetFriendlyName(); +// // Bug #485 +// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105) +// // String oaURL = session.getPublicOAURLPrefix(); +// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&"); +// +// +// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); +// Iterator it = extendedSAMLAttributes.iterator(); +// // delete bPK attribute from extended SAML attributes +// if (session.isOW()) { +// ExtendedSAMLAttribute toDelete = null; +// while (it.hasNext()) { +// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next(); +// if (attr.getName().equalsIgnoreCase("bPK")) +// toDelete = attr; +// } +// if (toDelete != null) +// extendedSAMLAttributes.remove(toDelete); +// } +// +// String authBlock = new AuthenticationBlockAssertionBuilder() +// .buildAuthBlock(issuer, issueInstant, authURL, target, +// targetFriendlyName, identificationValue, +// identificationType, oaURL, gebDat, +// extendedSAMLAttributes, session, oaParam); +// +// return authBlock; +// } /** * Verifies the infoboxes (except of the identity link infobox) returned by @@ -1184,18 +1216,26 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getInstance(); // get the default VerifyInfobox parameters Map defaultInfoboxParameters = null; - VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider - .getDefaultVerifyInfoboxParameters(); - if (defaultVerifyInfoboxParameters != null) { - defaultInfoboxParameters = defaultVerifyInfoboxParameters - .getInfoboxParameters(); - } + + //removed in MOA-ID 2.0 +// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider +// .getDefaultVerifyInfoboxParameters(); +// if (defaultVerifyInfoboxParameters != null) { +// defaultInfoboxParameters = defaultVerifyInfoboxParameters +// .getInfoboxParameters(); +// } + // get the OA specific VerifyInfobox parameters Map infoboxParameters = null; OAAuthParameter oaParam = authConfigurationProvider .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - VerifyInfoboxParameters verifyInfoboxParameters = oaParam - .getVerifyInfoboxParameters(); + + //TODO: check correctness!!!! + //removed in MOAID 2.0 +// VerifyInfoboxParameters verifyInfoboxParameters = oaParam +// .getVerifyInfoboxParameters(); +// VerifyInfoboxParameters verifyInfoboxParameters = null; + session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML // Attributes session.setExtendedSAMLAttributesOA(new Vector()); @@ -1203,191 +1243,191 @@ public class AuthenticationServer implements MOAIDAuthConstants { // System.out.println("SAML set: " + // session.getExtendedSAMLAttributesAUTH().size()); - if (verifyInfoboxParameters != null) { - - infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); - // get the list of infobox identifiers - List identifiers = verifyInfoboxParameters.getIdentifiers(); - if (identifiers != null) { - // step through the identifiers and verify the infoboxes - Iterator it = identifiers.iterator(); - while (it.hasNext()) { - String identifier = (String) it.next(); - // get the infobox read response from the map of parameters - String infoboxReadResponse = (String) infoboxReadResponseParams - .get(identifier); - // get the configuration parameters - VerifyInfoboxParameter verifyInfoboxParameter = null; - Object object = infoboxParameters.get(identifier); - // if not present, use default - if ((object == null) && (defaultInfoboxParameters != null)) { - object = defaultInfoboxParameters.get(identifier); - } - if (object != null) { - verifyInfoboxParameter = (VerifyInfoboxParameter) object; - } - if (infoboxReadResponse != null) { - if (verifyInfoboxParameter == null) { - // should not happen because of the pushinfobox - // mechanism; check it anyway - Logger.error("No validator for verifying \"" - + identifier + "\"-infobox configured."); - throw new ValidateException("validator.41", - new Object[] { identifier }); - } else { - String friendlyName = verifyInfoboxParameter - .getFriendlyName(); - boolean isParepRequest = false; - - // parse the infobox read reponse - List infoboxTokenList = null; - try { - infoboxTokenList = ExtendedInfoboxReadResponseParser - .parseInfoboxReadResponse( - infoboxReadResponse, - friendlyName); - } catch (ParseException e) { - Logger - .error("InfoboxReadResponse for \"" - + identifier - + "\"-infobox could not be parsed successfully: " - + e.getMessage()); - throw new ValidateException("validator.43", - new Object[] { friendlyName }); - } - // set compatibility mode for mandates infobox and - // all infoboxes (it is possible to be a parep - // infobox) - // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); - // check for party representation in mandates - // infobox - if (Constants.INFOBOXIDENTIFIER_MANDATES - .equalsIgnoreCase(identifier) - && !((infoboxTokenList == null || infoboxTokenList - .size() == 0))) { - // We need app specific parameters - if (null == verifyInfoboxParameter - .getApplicationSpecificParams()) { - throw new ValidateException("validator.66", - new Object[] { friendlyName }); - } - Element mandate = ParepValidator - .extractPrimaryToken(infoboxTokenList); - // ParepUtils.serializeElement(mandate, - // System.out); - String mandateID = ParepUtils - .extractRepresentativeID(mandate); - if (!isEmpty(mandateID) - && ("*".equals(mandateID) || mandateID - .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { - isParepRequest = true; - } - if (!isParepRequest) { - // if mandates validator is disabled we must - // throw an error in this case - if (!ParepUtils - .isValidatorEnabled(verifyInfoboxParameter - .getApplicationSpecificParams())) { - throw new ValidateException( - "validator.60", - new Object[] { friendlyName }); - } - } - } - - // get the class for validating the infobox - InfoboxValidator infoboxValidator = null; - try { - Class validatorClass = null; - if (isParepRequest) { - // Mandates infobox in party representation - // mode - validatorClass = Class - .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); - } else { - validatorClass = Class - .forName(verifyInfoboxParameter - .getValidatorClassName()); - } - infoboxValidator = (InfoboxValidator) validatorClass - .newInstance(); - } catch (Exception e) { - Logger - .error("Could not load validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox: " - + e.getMessage()); - throw new ValidateException("validator.42", - new Object[] { friendlyName }); - } - Logger - .debug("Successfully loaded validator class \"" - + verifyInfoboxParameter - .getValidatorClassName() - + "\" for \"" - + identifier - + "\"-infobox."); - // build the parameters for validating the infobox - InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder - .buildInfoboxValidatorParams(session, - verifyInfoboxParameter, - infoboxTokenList, oaParam); - - // now validate the infobox - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxValidator - .validate(infoboxValidatorParams); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - - Logger.info(identifier - + " infobox successfully validated."); - // store the validator for post processing - session.addInfoboxValidator(identifier, - friendlyName, infoboxValidator); - - // get the SAML attributes to be appended to the - // AUTHBlock or to the final - // SAML Assertion - AddAdditionalSAMLAttributes(session, - infoboxValidationResult - .getExtendedSamlAttributes(), - identifier, friendlyName); - } - } else { - if ((verifyInfoboxParameter != null) - && (verifyInfoboxParameter.isRequired())) { - Logger - .info("Infobox \"" - + identifier - + "\" is required, but not returned from the BKU"); - throw new ValidateException("validator.48", - new Object[] { verifyInfoboxParameter - .getFriendlyName() }); - } - Logger.debug("Infobox \"" + identifier - + "\" not returned from BKU."); - } - } - } - } +// if (verifyInfoboxParameters != null) { +// +// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters(); +// // get the list of infobox identifiers +// List identifiers = verifyInfoboxParameters.getIdentifiers(); +// if (identifiers != null) { +// // step through the identifiers and verify the infoboxes +// Iterator it = identifiers.iterator(); +// while (it.hasNext()) { +// String identifier = (String) it.next(); +// // get the infobox read response from the map of parameters +// String infoboxReadResponse = (String) infoboxReadResponseParams +// .get(identifier); +// // get the configuration parameters +// VerifyInfoboxParameter verifyInfoboxParameter = null; +// Object object = infoboxParameters.get(identifier); +// // if not present, use default +// if ((object == null) && (defaultInfoboxParameters != null)) { +// object = defaultInfoboxParameters.get(identifier); +// } +// if (object != null) { +// verifyInfoboxParameter = (VerifyInfoboxParameter) object; +// } +// if (infoboxReadResponse != null) { +// if (verifyInfoboxParameter == null) { +// // should not happen because of the pushinfobox +// // mechanism; check it anyway +// Logger.error("No validator for verifying \"" +// + identifier + "\"-infobox configured."); +// throw new ValidateException("validator.41", +// new Object[] { identifier }); +// } else { +// String friendlyName = verifyInfoboxParameter +// .getFriendlyName(); +// boolean isParepRequest = false; +// +// // parse the infobox read reponse +// List infoboxTokenList = null; +// try { +// infoboxTokenList = ExtendedInfoboxReadResponseParser +// .parseInfoboxReadResponse( +// infoboxReadResponse, +// friendlyName); +// } catch (ParseException e) { +// Logger +// .error("InfoboxReadResponse for \"" +// + identifier +// + "\"-infobox could not be parsed successfully: " +// + e.getMessage()); +// throw new ValidateException("validator.43", +// new Object[] { friendlyName }); +// } +// // set compatibility mode for mandates infobox and +// // all infoboxes (it is possible to be a parep +// // infobox) +// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams())); +// // check for party representation in mandates +// // infobox +// if (Constants.INFOBOXIDENTIFIER_MANDATES +// .equalsIgnoreCase(identifier) +// && !((infoboxTokenList == null || infoboxTokenList +// .size() == 0))) { +// // We need app specific parameters +// if (null == verifyInfoboxParameter +// .getApplicationSpecificParams()) { +// throw new ValidateException("validator.66", +// new Object[] { friendlyName }); +// } +// Element mandate = ParepValidator +// .extractPrimaryToken(infoboxTokenList); +// // ParepUtils.serializeElement(mandate, +// // System.out); +// String mandateID = ParepUtils +// .extractRepresentativeID(mandate); +// if (!isEmpty(mandateID) +// && ("*".equals(mandateID) || mandateID +// .startsWith(MOAIDAuthConstants.PARTY_REPRESENTATION_OID_NUMBER))) { +// isParepRequest = true; +// } +// if (!isParepRequest) { +// // if mandates validator is disabled we must +// // throw an error in this case +// if (!ParepUtils +// .isValidatorEnabled(verifyInfoboxParameter +// .getApplicationSpecificParams())) { +// throw new ValidateException( +// "validator.60", +// new Object[] { friendlyName }); +// } +// } +// } +// +// // get the class for validating the infobox +// InfoboxValidator infoboxValidator = null; +// try { +// Class validatorClass = null; +// if (isParepRequest) { +// // Mandates infobox in party representation +// // mode +// validatorClass = Class +// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator"); +// } else { +// validatorClass = Class +// .forName(verifyInfoboxParameter +// .getValidatorClassName()); +// } +// infoboxValidator = (InfoboxValidator) validatorClass +// .newInstance(); +// } catch (Exception e) { +// Logger +// .error("Could not load validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox: " +// + e.getMessage()); +// throw new ValidateException("validator.42", +// new Object[] { friendlyName }); +// } +// Logger +// .debug("Successfully loaded validator class \"" +// + verifyInfoboxParameter +// .getValidatorClassName() +// + "\" for \"" +// + identifier +// + "\"-infobox."); +// // build the parameters for validating the infobox +// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder +// .buildInfoboxValidatorParams(session, +// verifyInfoboxParameter, +// infoboxTokenList, oaParam); +// +// // now validate the infobox +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxValidator +// .validate(infoboxValidatorParams); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// +// Logger.info(identifier +// + " infobox successfully validated."); +// // store the validator for post processing +// session.addInfoboxValidator(identifier, +// friendlyName, infoboxValidator); +// +// // get the SAML attributes to be appended to the +// // AUTHBlock or to the final +// // SAML Assertion +// AddAdditionalSAMLAttributes(session, +// infoboxValidationResult +// .getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } else { +// if ((verifyInfoboxParameter != null) +// && (verifyInfoboxParameter.isRequired())) { +// Logger +// .info("Infobox \"" +// + identifier +// + "\" is required, but not returned from the BKU"); +// throw new ValidateException("validator.48", +// new Object[] { verifyInfoboxParameter +// .getFriendlyName() }); +// } +// Logger.debug("Infobox \"" + identifier +// + "\" not returned from BKU."); +// } +// } +// } +// } } /** @@ -1406,18 +1446,23 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws IOException * @throws SAXException */ - private void setExtendedSAMLAttributeForMandates( + private void validateExtendedSAMLAttributeForMandates( AuthenticationSession session, MISMandate mandate, - boolean business, boolean provideStammzahl) + boolean business) throws ValidateException, ConfigurationException, SAXException, IOException, ParserConfigurationException, TransformerException { - ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributes( - mandate, business, provideStammzahl); + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + mandate, business, false); - AddAdditionalSAMLAttributes(session, extendedSamlAttributes, - "MISService", "MISService"); + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + Object value = verifySAMLAttribute(samlAttribute, i, "MISService", + "MISService"); + + } } /** @@ -1449,56 +1494,56 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - /** - * Intermediate processing of the infoboxes. The first pending infobox - * validator may validate the provided input - * - * @param session - * The current authentication session - * @param parameters - * The parameters got returned by the user input fields - */ - public static void processInput(AuthenticationSession session, - Map parameters) throws ValidateException { - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector - .get(1); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator - .validate(parameters); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier - + " infobox:" + e.getMessage()); - throw new ValidateException("validator.44", - new Object[] { friendlyName }); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", - new Object[] { - friendlyName, - infoboxValidationResult - .getErrorMessage() }); - } - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } - } - } - } +// /** +// * Intermediate processing of the infoboxes. The first pending infobox +// * validator may validate the provided input +// * +// * @param session +// * The current authentication session +// * @param parameters +// * The parameters got returned by the user input fields +// */ +// public static void processInput(AuthenticationSession session, +// Map parameters) throws ValidateException { +// +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// if (iter != null) { +// while (iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) { +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector +// .get(1); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator +// .validate(parameters); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier +// + " infobox:" + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[] { friendlyName }); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", +// new Object[] { +// friendlyName, +// infoboxValidationResult +// .getErrorMessage() }); +// } +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } +// } +// } +// } /** * Adds given SAML Attributes to the current session. They will be appended @@ -1609,7 +1654,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws TransformerException */ - private static ExtendedSAMLAttribute[] addExtendedSamlAttributes( + protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes( MISMandate mandate, boolean business, boolean provideStammzahl) throws SAXException, IOException, ParserConfigurationException, TransformerException { @@ -1761,7 +1806,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { return doc.getDocumentElement(); } - private static void replaceExtendedSAMLAttribute(List attributes, + protected static void replaceExtendedSAMLAttribute(List attributes, ExtendedSAMLAttribute samlAttribute) { if (null == attributes) { attributes = new Vector(); @@ -1807,18 +1852,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlock(String sessionID, + public String verifyAuthenticationBlock(AuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); if (isEmpty(xmlCreateXMLSignatureReadResponse)) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - AuthenticationSession session = getSession(sessionID); + + //AuthenticationSession session = getSession(sessionID); + AuthConfigurationProvider authConf = AuthConfigurationProvider .getInstance(); // parses <CreateXMLSignatureResponse> @@ -1837,9 +1884,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); } // validates <CreateXMLSignatureResponse> - new CreateXMLSignatureResponseValidator().validate(csresp, session); + if (session.isSsoRequested()) + new CreateXMLSignatureResponseValidator().validateSSO(csresp, session); + else + new CreateXMLSignatureResponseValidator().validate(csresp, session); + // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call - String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); @@ -1876,7 +1927,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { // TODO See Bug #144 // Compare AuthBlock Data with information stored in session, especially // date and time - + CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); + // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( vsresp, session.getIdentityLink()); @@ -1920,27 +1972,45 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, false); + + //TL: moved to Authentification Data generation +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, false); +// +// //set Authblock +// session.setAuthData(authData); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(false); + if (session.getUseMandate()) { // mandate mode - // session.setAssertionAuthBlock(assertionAuthBlock) - - // set signer certificate - session.setSignerCertificate(vsresp.getX509certificate()); - return null; + } else { - + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); + + //Session is implicte stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + return newMOASessionID; + /* String samlAssertion = new AuthenticationDataAssertionBuilder() .build(authData, session.getAssertionPrPerson(), session .getAssertionAuthBlock(), session @@ -1973,7 +2043,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; - + */ } } @@ -2004,171 +2074,8 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String verifyAuthenticationBlockMandate(String sessionID, - Element mandate) throws AuthenticationException, BuildException, - ParseException, ConfigurationException, ServiceException, - ValidateException { - - if (isEmpty(sessionID)) - throw new AuthenticationException("auth.10", new Object[] { - REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); - // AuthConfigurationProvider authConf = - // AuthConfigurationProvider.getInstance(); - - IdentityLink tempIdentityLink = null; - - if (session.getUseMandate()) { - tempIdentityLink = new IdentityLink(); - Element mandator = ParepUtils.extractMandator(mandate); - String dateOfBirth = ""; - Element prPerson = null; - String familyName = ""; - String givenName = ""; - String identificationType = ""; - String identificationValue = ""; - if (mandator != null) { - boolean physical = ParepUtils.isPhysicalPerson(mandator); - if (physical) { - familyName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:FamilyName/text()"); - givenName = ParepUtils.extractText(mandator, - "descendant-or-self::pr:Name/pr:GivenName/text()"); - dateOfBirth = ParepUtils - .extractMandatorDateOfBirth(mandator); - } else { - familyName = ParepUtils.extractMandatorFullName(mandator); - } - identificationType = ParepUtils.getIdentification(mandator, - "Type"); - identificationValue = ParepUtils.extractMandatorWbpk(mandator); - - prPerson = ParepUtils.extractPrPersonOfMandate(mandate); - if (physical - && session.getBusinessService() - && identificationType != null - && Constants.URN_PREFIX_BASEID - .equals(identificationType)) { - // now we calculate the wbPK and do so if we got it from the - // BKU - identificationType = Constants.URN_PREFIX_WBPK + "+" - + session.getDomainIdentifier(); - identificationValue = new BPKBuilder().buildWBPK( - identificationValue, session.getDomainIdentifier()); - ParepUtils - .HideStammZahlen(prPerson, true, null, null, true); - } - - tempIdentityLink.setDateOfBirth(dateOfBirth); - tempIdentityLink.setFamilyName(familyName); - tempIdentityLink.setGivenName(givenName); - tempIdentityLink.setIdentificationType(identificationType); - tempIdentityLink.setIdentificationValue(identificationValue); - tempIdentityLink.setPrPerson(prPerson); - try { - tempIdentityLink.setSamlAssertion(session.getIdentityLink() - .getSamlAssertion()); - } catch (Exception e) { - throw new ValidateException("validator.64", null); - } - - } - - } - - // builds authentication data and stores it together with a SAML - // artifact - AuthenticationData authData = session.getAssertionAuthData(); // buildAuthenticationData(session, - // vsresp, - // replacementIdentityLink); - - - Element mandatePerson = tempIdentityLink.getPrPerson(); -// try { -// System.out.println("MANDATE: " + -// DOMUtils.serializeNode(mandatePerson)); -// } -// catch(Exception e) { -// e.printStackTrace(); -// } - String mandateData = null; - boolean useCondition = false; - int conditionLength = -1; - try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - useCondition = oaParam.getUseCondition(); - conditionLength = oaParam.getConditionLength(); - - String isPrPerson = mandatePerson.getAttribute("xsi:type"); - - if (!StringUtils.isEmpty(isPrPerson)) { - if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { - Element prIdentification = (Element) mandatePerson - .getElementsByTagNameNS(Constants.PD_NS_URI, - "Identification").item(0); - String baseid = getBaseId(mandatePerson); - Element identificationBpK = createIdentificationBPK(mandatePerson, - baseid, session.getTarget()); - - if (!provideStammzahl) { - prIdentification.getFirstChild().setTextContent(""); - } - - mandatePerson.insertBefore(identificationBpK, - prIdentification); - } - } - - mandateData = DOMUtils.serializeNode(mandatePerson); - - } catch (TransformerException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } catch (IOException e1) { - throw new AuthenticationException("auth.16", - new Object[] { GET_MIS_SESSIONID }); - } - - String samlAssertion = new AuthenticationDataAssertionBuilder() - .buildMandate(authData, session.getAssertionPrPerson(), - mandateData, session.getAssertionAuthBlock(), session - .getAssertionIlAssertion(), - session.getBkuURL(), session - .getAssertionSignerCertificateBase64(), session - .getAssertionBusinessService(), session - .getSourceID(), session - .getExtendedSAMLAttributesOA(), useCondition, - conditionLength); - authData.setSamlAssertion(samlAssertion); - String assertionFile = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.WriteAssertionToFile"); - if (!ParepUtils.isEmpty(assertionFile)) - try { - ParepUtils.saveStringToFile(samlAssertion, new File( - assertionFile)); - } catch (IOException e) { - throw new BuildException("builder.00", new Object[] { - "AuthenticationData", e.toString() }, e); - } - - String samlArtifact = new SAMLArtifactBuilder().build(session - .getAuthURL(), session.getSessionID(), session.getSourceID()); - storeAuthenticationData(samlArtifact, authData); - - // invalidates the authentication session - sessionStore.remove(sessionID); - Logger.info("Anmeldedaten zu MOASession " + sessionID - + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; - - } - - private Element createIdentificationBPK(Element mandatePerson, + protected Element createIdentificationBPK(Element mandatePerson, String baseid, String target) throws BuildException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); @@ -2189,7 +2096,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { } - private String getBaseId(Element mandatePerson) + protected String getBaseId(Element mandatePerson) throws TransformerException, IOException { NodeList list = mandatePerson.getElementsByTagNameNS( Constants.PD_NS_URI, "Identification"); @@ -2225,15 +2132,17 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @return SAML artifact needed for retrieving authentication data, encoded * BASE64 */ - public String getForeignAuthenticationData(String sessionID) + public String getForeignAuthenticationData(AuthenticationSession session) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (isEmpty(sessionID)) + //TODO: CHECK if STORK parts works correct!!!! + + if (session == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); - AuthenticationSession session = getSession(sessionID); + //AuthenticationSession session = getSession(sessionID); // AuthConfigurationProvider authConf = // AuthConfigurationProvider.getInstance(); @@ -2280,14 +2189,32 @@ public class AuthenticationServer implements MOAIDAuthConstants { X509Certificate cert = session.getSignerCertificate(); vsresp.setX509certificate(cert); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); - boolean useUTC = oaParam.getUseUTC(); - boolean useCondition = oaParam.getUseCondition(); - int conditionLength = oaParam.getConditionLength(); - AuthenticationData authData = buildAuthenticationData(session, vsresp, - useUTC, true); +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); +// boolean useUTC = oaParam.getUseUTC(); + +// boolean useCondition = oaParam.getUseCondition(); +// int conditionLength = oaParam.getConditionLength(); + + //TL: moved to Assertion generation. +// AuthenticationData authData = buildAuthenticationData(session, vsresp, +// useUTC, true); +// +// session.setAuthData(authData); + + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + session.setXMLVerifySignatureResponse(vsresp); + session.setSignerCertificate(vsresp.getX509certificate()); + vsresp.setX509certificate(null); + session.setForeigner(true); + + return "new Session"; + + //TODO: regenerate MOASession ID! + /* String samlAssertion = new AuthenticationDataAssertionBuilder().build( authData, session.getAssertionPrPerson(), session .getAssertionAuthBlock(), session @@ -2319,7 +2246,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.info("Anmeldedaten zu MOASession " + sessionID + " angelegt, SAML Artifakt " + samlArtifact); - return samlArtifact; + return samlArtifact;*/ } /** @@ -2339,23 +2266,28 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @throws BuildException * while building the <code><saml:Assertion></code> */ - private AuthenticationData buildAuthenticationData( - AuthenticationSession session, - VerifyXMLSignatureResponse verifyXMLSigResp, boolean useUTC, boolean isForeigner) + public static AuthenticationData buildAuthenticationData( + AuthenticationSession session, OAAuthParameter oaParam, String target) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + boolean useUTC = oaParam.getUseUTC(); boolean businessService = oaParam.getBusinessService(); + authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar .getInstance(), useUTC)); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); authData.setIdentificationType(identityLink.getIdentificationType()); + authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); @@ -2366,84 +2298,68 @@ public class AuthenticationServer implements MOAIDAuthConstants { .getPublicAuthorityCode()); authData.setBkuURL(session.getBkuURL()); authData.setUseUTC(oaParam.getUseUTC()); - boolean provideStammzahl = oaParam.getProvideStammzahl(); - if (provideStammzahl) { - authData.setIdentificationValue(identityLink - .getIdentificationValue()); - } - String prPerson = new PersonDataBuilder().build(identityLink, - provideStammzahl); - + try { - String signerCertificateBase64 = ""; - if (oaParam.getProvideCertifcate()) { - X509Certificate signerCertificate = verifyXMLSigResp - .getX509certificate(); - if (signerCertificate != null) { - signerCertificateBase64 = Base64Utils - .encode(signerCertificate.getEncoded()); - } else { - Logger - .info("\"provideCertificate\" is \"true\", but no signer certificate available"); - } - } - authData.setSignerCertificate(signerCertificateBase64); - if(!isForeigner) { - //we have Austrian citizen - if (businessService) { - authData.setWBPK(identityLink.getIdentificationValue()); - } else { - authData.setBPK(identityLink.getIdentificationValue()); - - // BZ.., calculation of bPK already before sending AUTHBlock - /* - * if(identityLink.getIdentificationType().equals(Constants. - * URN_PREFIX_BASEID)) { // only compute bPK if online - * application is a public service and we have the Stammzahl - * String bpkBase64 = new BPKBuilder().buildBPK( - * identityLink.getIdentificationValue(), session.getTarget()); - * authData.setBPK(bpkBase64); } - */ - - } + + //TODO: resign the IdentityLink!!! + + + if (session.getUseMandate() && session.isOW()) { + MISMandate mandate = session.getMISMandate(); + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + } else { - //we have foreigner, thus we have to calculate bPK and wbPK now (after receiving identity link from SZR-GW + if (businessService) { //since we have foreigner, wbPK is not calculated in BKU - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), session.getDomainIdentifier()); - authData.setWBPK(wbpkBase64); - } + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType( Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + } + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - } else { + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + authData.setIdentityLink(idl); - if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), session.getTarget()); - authData.setBPK(bpkBase64); - } + } else { + + if(identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } - + authData.setIdentityLink(identityLink); } - - } - String ilAssertion = oaParam.getProvideIdentityLink() ? identityLink - .getSerializedSamlAssertion() - : ""; - if (!oaParam.getProvideStammzahl()) { - ilAssertion = StringUtils.replaceAll(ilAssertion, identityLink - .getIdentificationValue(), ""); } - String authBlock = oaParam.getProvideAuthBlock() ? session - .getAuthBlock() : ""; - - session.setAssertionAuthBlock(authBlock); - session.setAssertionAuthData(authData); - session.setAssertionBusinessService(businessService); - session.setAssertionIlAssertion(ilAssertion); - session.setAssertionPrPerson(prPerson); - session.setAssertionSignerCertificateBase64(signerCertificateBase64); - + return authData; } catch (Throwable ex) { @@ -2453,117 +2369,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. - * The <code>AuthenticationData</code> is deleted from the store upon end of - * this call. - * - * @return <code>AuthenticationData</code> - */ - public AuthenticationData getAuthenticationData(String samlArtifact) - throws AuthenticationException { - String assertionHandle; - try { - assertionHandle = new SAMLArtifactParser(samlArtifact) - .parseAssertionHandle(); - } catch (ParseException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - AuthenticationData authData = null; - synchronized (authenticationDataStore) { - // System.out.println("assertionHandle: " + assertionHandle); - authData = (AuthenticationData) authenticationDataStore - .get(assertionHandle); - if (authData == null) { - Logger.error("Assertion not found for SAML Artifact: " - + samlArtifact); - throw new AuthenticationException("1206", - new Object[] { samlArtifact }); - } - boolean keepAssertion = false; - try { - String boolStr = AuthConfigurationProvider.getInstance() - .getGenericConfigurationParameter( - "AuthenticationServer.KeepAssertion"); - if (null != boolStr && boolStr.equalsIgnoreCase("true")) - keepAssertion = true;// Only allowed for debug purposes!!! - } catch (ConfigurationException ex) { - throw new AuthenticationException("1205", new Object[] { - samlArtifact, ex.toString() }); - } - if (!keepAssertion) { - authenticationDataStore.remove(assertionHandle); - } - } - long now = new Date().getTime(); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", - new Object[] { samlArtifact }); - Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); - return authData; - } - - /** - * Stores authentication data indexed by the assertion handle contained in - * the given saml artifact. - * - * @param samlArtifact - * SAML artifact - * @param authData - * authentication data - * @throws AuthenticationException - * when SAML artifact is invalid - */ - private void storeAuthenticationData(String samlArtifact, - AuthenticationData authData) throws AuthenticationException { - - try { - SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); - // check type code 0x0001 - byte[] typeCode = parser.parseTypeCode(); - if (typeCode[0] != 0 || typeCode[1] != 1) - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - String assertionHandle = parser.parseAssertionHandle(); - synchronized (authenticationDataStore) { - Logger.debug("Assertion stored for SAML Artifact: " - + samlArtifact); - authenticationDataStore.put(assertionHandle, authData); - } - } catch (AuthenticationException ex) { - throw ex; - } catch (Throwable ex) { - throw new AuthenticationException("auth.06", - new Object[] { samlArtifact }); - } - } - - /** - * Creates a new session and puts it into the session store. - * - * @param id - * Session ID - * @return AuthenticationSession created - * @exception AuthenticationException - * thrown when an <code>AuthenticationSession</code> is - * running already for the given session ID - */ - private static AuthenticationSession newSession() - throws AuthenticationException { - String sessionID = Random.nextRandom(); - AuthenticationSession newSession = new AuthenticationSession(sessionID); - synchronized (sessionStore) { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (session != null) - throw new AuthenticationException("auth.01", - new Object[] { sessionID }); - sessionStore.put(sessionID, newSession); - } - return newSession; - } - - /** * Retrieves a session from the session store. * * @param id @@ -2573,11 +2378,20 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public static AuthenticationSession getSession(String id) throws AuthenticationException { - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(id); - if (session == null) - throw new AuthenticationException("auth.02", new Object[] { id }); - return session; + + AuthenticationSession session; + try { + session = AuthenticationSessionStoreage.getSession(id); + + /*(AuthenticationSession) sessionStore + .get(id);*/ + if (session == null) + throw new AuthenticationException("auth.02", new Object[] { id }); + return session; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("parser.04", new Object[] { id }); + } } /** @@ -2585,33 +2399,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { */ public void cleanup() { long now = new Date().getTime(); - synchronized (sessionStore) { - Set keys = new HashSet(sessionStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String sessionID = (String) iter.next(); - AuthenticationSession session = (AuthenticationSession) sessionStore - .get(sessionID); - if (now - session.getTimestampStart().getTime() > sessionTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.02", new Object[] { sessionID })); - sessionStore.remove(sessionID); - } - } - } - synchronized (authenticationDataStore) { - Set keys = new HashSet(authenticationDataStore.keySet()); - for (Iterator iter = keys.iterator(); iter.hasNext();) { - String samlAssertionHandle = (String) iter.next(); - AuthenticationData authData = (AuthenticationData) authenticationDataStore - .get(samlAssertionHandle); - if (now - authData.getTimestamp().getTime() > authDataTimeOut) { - Logger.info(MOAIDMessageProvider.getInstance().getMessage( - "cleaner.03", - new Object[] { authData.getAssertionID() })); - authenticationDataStore.remove(samlAssertionHandle); - } - } - } + + //clean AuthenticationSessionStore + //TODO: acutally the StartAuthentificaten timestamp is used!!!!! + //TODO: maybe change this to lastupdate timestamp. + AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated); + + //clean AssertionStore + AssertionStorage assertionstore = AssertionStorage.getInstance(); + assertionstore.clean(now, authDataTimeOut); } /** @@ -2620,8 +2416,12 @@ public class AuthenticationServer implements MOAIDAuthConstants { * @param seconds * Time out of the session in seconds */ - public void setSecondsSessionTimeOut(long seconds) { - sessionTimeOut = 1000 * seconds; + public void setSecondsSessionTimeOutCreated(long seconds) { + sessionTimeOutCreated = seconds * 1000; + } + + public void setSecondsSessionTimeOutUpdated(long seconds) { + sessionTimeOutUpdated = seconds * 1000; } /** @@ -2631,7 +2431,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * Time out for signing AuthData in seconds */ public void setSecondsAuthDataTimeOut(long seconds) { - authDataTimeOut = 1000 * seconds; + authDataTimeOut = seconds * 1000; } /** @@ -2658,7 +2458,7 @@ public class AuthenticationServer implements MOAIDAuthConstants { * the friendly name of the infobox for messages * @return the SAML attribute value (Element or String) */ - private static Object verifySAMLAttribute( + protected static Object verifySAMLAttribute( ExtendedSAMLAttribute samlAttribute, int i, String identifier, String friendlyName) throws ValidateException { String name = samlAttribute.getName(); @@ -2776,42 +2576,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { public static void startSTORKAuthentication( HttpServletRequest req, HttpServletResponse resp, - String ccc, - String oaURL, - String target, - String targetFriendlyName, - String authURL, - String sourceID) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { + AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException { - //read configuration paramters of OA - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - if (!oaParam.getBusinessService()) { - if (StringUtils.isEmpty(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.05"); - } else { - target = null; + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); } - //create MOA session - AuthenticationSession moaSession = newSession(); - Logger.info("MOASession " + moaSession.getSessionID() + " angelegt"); - moaSession.setTarget(target); - moaSession.setTargetFriendlyName(targetFriendlyName); - moaSession.setOAURLRequested(oaURL); - moaSession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); - moaSession.setAuthURL(authURL); - moaSession.setBusinessService(oaParam.getBusinessService()); - moaSession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - if (sourceID != null) - moaSession.setSourceID(sourceID); + //read configuration paramters of OA + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getPublicOAURLPrefix() }); //Start of STORK Processing STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - CPEPS cpeps = storkConfig.getCPEPS(ccc); + CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc()); Logger.debug("Preparing to assemble STORK AuthnRequest witht the following values:"); String destination = cpeps.getPepsURL().toExternalForm(); @@ -2824,19 +2603,22 @@ public class AuthenticationServer implements MOAIDAuthConstants { String issuerValue = HTTPUtils.getBaseURL(req); Logger.debug("Issuer value: " + issuerValue); - QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); - Logger.debug("QAALevel: " + qaaLevel.getValue()); - RequestedAttributes requestedAttributes; + QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(oaParam.getQaaLevel().getValue()); + //Logger.debug("QAALevel: " + qaaLevel.getValue()); + + RequestedAttributes requestedAttributes = null; requestedAttributes = oaParam.getRequestedAttributes(); requestedAttributes.detach(); List<RequestedAttribute> reqAttributeList = new ArrayList<RequestedAttribute>(); - List<RequestedAttribute> oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); + List<RequestedAttribute> oaReqAttributeList = null; + oaReqAttributeList = new ArrayList<RequestedAttribute>(oaParam.getRequestedAttributes().getRequestedAttributes()); + //check if country specific attributes must be additionally requested if (!cpeps.getCountrySpecificRequestedAttributes().isEmpty()) { //add country specific attributes to be requested (Hierarchy: default oa attributes > country specific attributes > oa specific attributes - Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + ccc); + Logger.debug("We have addtional country specific attributes to be requested from the C-PEPS of country: " + moasession.getCcc()); Logger.debug("The following attributes are requested for this specific country:"); List<RequestedAttribute> countrySpecificReqAttributeList = new ArrayList<RequestedAttribute>(cpeps.getCountrySpecificRequestedAttributes()); for (RequestedAttribute csReqAttr : countrySpecificReqAttributeList) { @@ -2874,13 +2656,15 @@ public class AuthenticationServer implements MOAIDAuthConstants { } } - String spSector = StringUtils.isEmpty(target) ? "Business" : target; + + //TODO: check Target in case of SSO!! + String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget(); String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName(); String spApplication = spInstitution; String spCountry = "AT"; String textToBeSigned = - CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moaSession); + CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession); //generate AuthnRquest STORKAuthnRequest storkAuthnRequest = STORKAuthnRequestProcessor.generateSTORKAuthnRequest( @@ -2930,9 +2714,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest successfully internally validated."); //send - moaSession.setStorkAuthnRequest(storkAuthnRequest); + moasession.setStorkAuthnRequest(storkAuthnRequest); HttpSession httpSession = req.getSession(); - httpSession.setAttribute("MOA-Session-ID", moaSession.getSessionID()); + httpSession.setAttribute("MOA-Session-ID", moasession.getSessionID()); Logger.debug("Preparing to send STORK AuthnRequest."); @@ -2972,12 +2756,21 @@ public class AuthenticationServer implements MOAIDAuthConstants { InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString)); - CertificateFactory cf; - X509Certificate cert = null; - cf = CertificateFactory.getInstance("X.509"); - cert = (X509Certificate)cf.generateCertificate(is); - - return cert; + X509Certificate cert; + try { + cert = new X509Certificate(is); + return cert; + + } catch (Throwable e) { + throw new CertificateException(e); + } + +// CertificateFactory cf; +// X509Certificate cert = null; +// cf = CertificateFactory.getInstance("X.509"); +// CertificateFactory +// cert = (X509Certificate)cf.generateCertificate(is); +// return cert; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 7d5835f20..edc43da0c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth; +import java.util.Arrays; +import java.util.List; + import iaik.asn1.ObjectID; @@ -43,6 +46,9 @@ public interface MOAIDAuthConstants { public static final String PARAM_OA = "OA"; /** servlet parameter "bkuURI" */ public static final String PARAM_BKU = "bkuURI"; + public static final String PARAM_MODUL = "MODUL"; + public static final String PARAM_ACTION = "ACTION"; + public static final String PARAM_SSO = "SSO"; /** servlet parameter "sourceID" */ public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ @@ -112,9 +118,25 @@ public interface MOAIDAuthConstants { * used for checking the authorisation for signing the identity link for identity links signed after february 19th 2007 */ public static final ObjectID IDENTITY_LINK_SIGNER_OID = new ObjectID(IDENTITY_LINK_SIGNER_OID_NUMBER); + /** the number of the certifcate extension for party representatives */ public static final String PARTY_REPRESENTATION_OID_NUMBER = "1.2.40.0.10.3"; - /** the number of the certifcate extension for party organ representatives */ - public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + +// /** the number of the certifcate extension for party organ representatives */ +// public static final String PARTY_ORGAN_REPRESENTATION_OID_NUMBER = PARTY_REPRESENTATION_OID_NUMBER + ".10"; + + /** OW */ + public static final String OW_ORGANWALTER = PARTY_REPRESENTATION_OID_NUMBER + ".4"; + + /** List of OWs */ + public static final List<ObjectID> OW_LIST = Arrays.asList( + new ObjectID(OW_ORGANWALTER)); + + /**BKU type identifiers to use bkuURI from configuration*/ + public static final String REQ_BKU_TYPE_LOCAL = "local"; + public static final String REQ_BKU_TYPE_ONLINE = "online"; + public static final String REQ_BKU_TYPE_HANDY = "handy"; + public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY); + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java index cf5615a13..725773b75 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java @@ -28,6 +28,7 @@ import iaik.pki.PKIException; import iaik.pki.jsse.IAIKX509TrustManager; import java.io.IOException; +import java.math.BigInteger; import java.security.GeneralSecurityException; import java.util.Properties; @@ -93,7 +94,7 @@ public class MOAIDAuthInitializer { // Mapping OpenSSL - Java // OpenSSL Java // http://www.openssl.org/docs/apps/ciphers.html http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html -// via “openssl ciphers -tls1 HIGH –v” +// via !openssl ciphers -tls1 HIGH !v! // // ADH-AES256-SHA TLS_DH_anon_WITH_AES_256_CBC_SHA // DHE-RSA-AES256-SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA @@ -139,6 +140,7 @@ public class MOAIDAuthInitializer { // Loads the configuration AuthConfigurationProvider authConf = AuthConfigurationProvider.reload(); + ConnectionParameter moaSPConnParam = authConf .getMoaSpConnectionParameter(); @@ -158,6 +160,7 @@ public class MOAIDAuthInitializer { // Initializes IAIKX509TrustManager logging String log4jConfigURL = System.getProperty("log4j.configuration"); + Logger.info("Log4J Configuration: " + log4jConfigURL); if (log4jConfigURL != null) { IAIKX509TrustManager.initLog(new LoggerConfigImpl(log4jConfigURL)); } @@ -170,39 +173,27 @@ public class MOAIDAuthInitializer { AxisSecureSocketFactory.initialize(ssf); } + // sets the authentication session and authentication data time outs - String param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY); + BigInteger param = authConf.getTimeOuts().getMOASessionCreated(); if (param != null) { - long sessionTimeOut = 0; - try { - sessionTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); if (sessionTimeOut > 0) AuthenticationServer.getInstance() - .setSecondsSessionTimeOut(sessionTimeOut); + .setSecondsSessionTimeOutCreated(sessionTimeOut); } - param = authConf - .getGenericConfigurationParameter(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY); + + param = authConf.getTimeOuts().getMOASessionUpdated(); if (param != null) { - long authDataTimeOut = 0; - try { - authDataTimeOut = new Long(param).longValue(); - } catch (NumberFormatException ex) { - Logger - .error(MOAIDMessageProvider - .getInstance() - .getMessage( - "config.05", - new Object[] { AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY })); - } + long sessionTimeOut = param.longValue(); + if (sessionTimeOut > 0) + AuthenticationServer.getInstance() + .setSecondsSessionTimeOutUpdated(sessionTimeOut); + } + + param = authConf.getTimeOuts().getAssertion(); + if (param != null) { + long authDataTimeOut = param.longValue(); if (authDataTimeOut > 0) AuthenticationServer.getInstance() .setSecondsAuthDataTimeOut(authDataTimeOut); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 412f1db81..ee2313070 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -26,8 +26,13 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.StringWriter; import java.text.MessageFormat; +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.Date; import java.util.List; +import java.util.Locale; +import javax.xml.bind.DatatypeConverter; import javax.xml.transform.Result; import javax.xml.transform.Source; import javax.xml.transform.Transformer; @@ -49,10 +54,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; /** @@ -79,6 +86,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " <saml:AttributeValue>{6}</saml:AttributeValue>" + NL + " </saml:Attribute>" + NL + "{7}" + + "{8}" + " </saml:AttributeStatement>" + NL + "</saml:Assertion>"; @@ -97,6 +105,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion " </saml:AttributeValue>" + NL + " </saml:Attribute>" + NL; + private static String SPECIAL_TEXT_ATTRIBUTE = + " <saml:Attribute AttributeName=''SpecialText'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL + + " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL + + " </saml:Attribute>" + NL; + private static String PR_IDENTIFICATION_ATTRIBUTE = " <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL + @@ -107,7 +120,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion /** * The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes). */ - public static final int NUM_OF_SAML_ATTRIBUTES = 3; + public static final int NUM_OF_SAML_ATTRIBUTES = 4; + public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 3; /** * Constructor for AuthenticationBlockAssertionBuilder. @@ -156,25 +170,16 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String oaURL, String gebDat, List extendedSAMLAttributes, - AuthenticationSession session) + AuthenticationSession session, + OAAuthParameter oaParam) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); String gebeORwbpk = ""; String wbpkNSDeclaration = ""; - - //reading OA parameters - OAAuthParameter oaParam; - try { - oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( - session.getPublicOAURLPrefix()); - } catch (ConfigurationException e) { - Logger.error("Error on building AUTH-Block: " + e.getMessage()); - throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); - } - - + if (target == null) { + // OA is a business application if (!Constants.URN_PREFIX_HPI.equals(identityLinkType)) { // Only add wbPKs to AUTH-Block. HPIs can be added to the AUTH-Block by the corresponding Validator @@ -191,6 +196,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion // We do not have a wbPK, therefore no SAML-Attribute is provided session.setSAMLAttributeGebeORwbpk(false); } + } else { // OA is a govermental application String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(target); @@ -205,7 +211,6 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion //no business service, adding bPK - System.out.println("identityLinkValue: " + identityLinkValue); if (identityLinkValue != null) { Element bpkSamlValueElement; try { @@ -252,6 +257,21 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + String text = ""; + try { + OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + } + + + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -263,6 +283,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -385,6 +406,18 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion extendedSAMLAttributes.add(oaFriendlyNameAttribute); //..BZ + String text = ""; + try { + OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + } + + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + String assertion; try { assertion = MessageFormat.format( @@ -396,6 +429,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion gebeORwbpk, oaURL, gebDat, + specialText, buildExtendedSAMLAttributes(extendedSAMLAttributes)}); } catch (ParseException e) { Logger.error("Error on building AUTH-Block: " + e.getMessage()); @@ -406,6 +440,17 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } + public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { + Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); + SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); + SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); + + String text = inputtext.replaceAll("#NAME#", issuer); + text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); + text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); + + return text; + } public static String xmlToString(Node node) { try { @@ -424,4 +469,92 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion return null; } + public String buildAuthBlockSSO( + String issuer, + String issueInstant, + String authURL, + String target, + String targetFriendlyName, + String identityLinkValue, + String identityLinkType, + String oaURL, + String gebDat, + List extendedSAMLAttributes, + AuthenticationSession session, + OAAuthParameter oaParam) + throws BuildException + { + session.setSAMLAttributeGebeORwbpk(true); + String gebeORwbpk = ""; + String wbpkNSDeclaration = ""; + + if (target != null) { + + boolean useMandate = session.getUseMandate(); + if (useMandate) { + String mandateReferenceValue = Random.nextRandom(); + // remove leading "-" + if (mandateReferenceValue.startsWith("-")) + mandateReferenceValue = mandateReferenceValue.substring(1); + + session.setMandateReferenceValue(mandateReferenceValue); + + ExtendedSAMLAttribute mandateReferenceValueAttribute = + new ExtendedSAMLAttributeImpl("mandateReferenceValue", mandateReferenceValue, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK); + + extendedSAMLAttributes.add(mandateReferenceValueAttribute); + } + } + + //adding friendly name of OA + String friendlyname; + try { + friendlyname = AuthConfigurationProvider.getInstance().getSSOFriendlyName(); + + ExtendedSAMLAttribute oaFriendlyNameAttribute = + new ExtendedSAMLAttributeImpl("oaFriendlyName", friendlyname, Constants.MOA_NS_URI, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY); + + extendedSAMLAttributes.add(oaFriendlyNameAttribute); + + + String text = AuthConfigurationProvider.getInstance().getSSOSpecialText(); + + if (MiscUtil.isEmpty(text)) + text=""; + String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, + new Object[] { generateSpecialText(text, issuer, issueInstant) }); + + + + + String assertion; + + assertion = MessageFormat.format( + AUTH_BLOCK, new Object[] { + wbpkNSDeclaration, + issuer, + issueInstant, + authURL, + gebeORwbpk, + oaURL, + gebDat, + specialText, + buildExtendedSAMLAttributes(extendedSAMLAttributes)}); + + return assertion; + + } catch (ParseException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + + } catch (ConfigurationException e) { + Logger.error("Error on building AUTH-Block: " + e.getMessage()); + throw new BuildException("builder.00", new Object[] { "AUTH-Block", e.toString()}); + } + + + + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 0742261a7..839ebe7a4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -255,8 +255,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String pkType; String pkValue; if (businessService) { - pkType = authData.getIdentificationType(); - pkValue = authData.getWBPK(); + pkType = authData.getBPKType(); + pkValue = authData.getBPK(); } else { // <saml:NameIdentifier NameQualifier> always has the bPK as type/value @@ -350,7 +350,6 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String bkuURL, String signerCertificateBase64, boolean businessService, - String sourceID, List extendedSAMLAttributes, boolean useCondition, int conditionLength) @@ -377,8 +376,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB String pkType; String pkValue; if (businessService) { - pkType = authData.getIdentificationType(); - pkValue = authData.getWBPK(); + pkType = authData.getBPKType(); + pkValue = authData.getBPK(); } else { // <saml:NameIdentifier NameQualifier> always has the bPK as type/value diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index fa9789530..9bec06135 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -27,6 +27,8 @@ package at.gv.egovernment.moa.id.auth.builder; import java.security.MessageDigest; import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -59,7 +61,12 @@ public class BPKBuilder { new Object[] {"BPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",target=" + target}); } - String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + String basisbegriff; + if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) + basisbegriff = identificationValue + "+" + target; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; + try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); @@ -89,7 +96,13 @@ public class BPKBuilder { new Object[] {"wbPK", "Unvollständige Parameterangaben: identificationValue=" + identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); } - String basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + + String basisbegriff; + if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+" )) + basisbegriff = identificationValue + "+" + registerAndOrdNr; + else + basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; + try { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] hash = md.digest(basisbegriff.getBytes("ISO-8859-1")); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java index 2da7db2b2..23596abda 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.id.auth.builder; import java.text.MessageFormat; import java.util.Calendar; +import java.util.List; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; @@ -80,17 +81,22 @@ public class CreateXMLSignatureRequestBuilder implements Constants { * @param slVersion12 specifies whether the Security Layer version number is 1.2 or not * @return String representation of <code><CreateXMLSignatureRequest></code> */ - public String build(String authBlock, String keyBoxIdentifier, String[] dsigTransformInfos, boolean slVersion12) { + public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) { String sl10Prefix; String sl11Prefix; String slNsDeclaration; String dsigTransformInfosString = ""; - for (int i = 0; i < dsigTransformInfos.length; i++) { - dsigTransformInfosString += dsigTransformInfos[i]; + + for (String element : dsigTransformInfos) { + dsigTransformInfosString += element; } +// for (int i = 0; i < dsigTransformInfos.length; i++) { +// dsigTransformInfosString += dsigTransformInfos[i]; +// } + if (slVersion12) { // replace the SecurityLayer namespace prefixes and URIs within the transforms @@ -180,8 +186,8 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // request += "</style>"; request += "</head>"; request += "<body>"; - request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; - request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; + request += "<h4 class=\"h4style\">Anmeldedaten für (Requesting Application Access for):</h4>"; + request += "<p class=\"titlestyle\">Persönliche Daten (Personal Data)</p>"; request += "<table class=\"parameters\">"; request += "<tr>"; request += "<td class=\"italicstyle\">Name:</td>"; @@ -201,7 +207,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</tr>"; request += "<tr>"; request += "<td class=\"italicstyle\">Land (Country):</td>"; - request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; + request += "<td class=\"normalstyle\">Österreich (Austria)</td>"; request += "</tr>"; request += "</table>"; request += "<p class=\"titlestyle\">Technische Parameter (Technical Parameters)</p>"; @@ -253,14 +259,14 @@ public class CreateXMLSignatureRequestBuilder implements Constants { request += "</tr>"; request += "</table>"; - request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + - "natürliche Personen (ERnP), damit ich meinen elektronischen " + - "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + - "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + + request += "<p class=\"normalstyle\">Mit der Anmeldung erfolgt eine Abfrage des Ergänzungsregister für " + + "natürliche Personen (ERnP), damit ich meinen elektronischen " + + "Identitätsnachweis (meine elektronische Identitätskarte) unmittelbar " + + "als Österreichische Bürgerkarte verwenden kann. Ich bin nicht im " + "Zentralen Melderegister eingetragen und stimme, sofern ich nicht im " + "ERnP eingetragen bin, einer Eintragung ins ERnP zu. Ich nehme zur " + - "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + - "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; + "Kenntnis, dass die Eintragung ins ERnP ausschließlich der Aufzeichnung " + + "jener Daten, die für die eindeutige Identität notwendig sind, dient.</p>"; request += "<p class=\"normalstyle\">I affirm that I am not registered with the Austrian Central " + "Register of Residents or the Supplementary Register for Natural Persons. I therefore " + @@ -277,7 +283,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants { // "Residents Registry and that I am not obliged to register with the Austrian " + // "Central Residents Registry according to Austrian law.<br/>" + // "In the event I am not yet registered with the Supplementary Register, I " + -// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + +// "explicitly grant to do so according to §6 (5) E-Government Act (EGovG, idF: " + // "BGBl. I Nr. 7/2008 und BGBl. I Nr. 59/2008).</p>"; request += "</body>"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java index 6368713db..650f1578d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java @@ -123,19 +123,19 @@ public class CreateXMLSignatureRequestBuilderForeign extends Builder { out.write("<");
else if (ch == '>')
out.write(">");
- else if (ch == 'ä')
+ else if (ch == 'ä')
out.write("ä");
- else if (ch == 'ö')
+ else if (ch == 'ö')
out.write("ö");
- else if (ch == 'ü')
+ else if (ch == 'ü')
out.write("ü");
- else if (ch == 'Ä')
+ else if (ch == 'Ä')
out.write("Ä");
- else if (ch == 'Ö')
+ else if (ch == 'Ö')
out.write("Ö");
- else if (ch == 'Ü')
+ else if (ch == 'Ü')
out.write("Ü");
- else if (ch == 'ß')
+ else if (ch == 'ß')
out.write("ß");
else
out.write(ch);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java index 4dd6ac78b..9b7cc41ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java @@ -60,27 +60,23 @@ public class DataURLBuilder { String individualDataURLPrefix = null; String dataURL; - try { - //check if an individual prefix is configured - individualDataURLPrefix = AuthConfigurationProvider.getInstance(). - getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); - - if (null != individualDataURLPrefix) { - - //check individualDataURLPrefix - if(!individualDataURLPrefix.startsWith("http")) - throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); - - //when ok then use it - dataURL = individualDataURLPrefix + authServletName; - } else - dataURL = authBaseURL + authServletName; - - } catch (ConfigurationException e) { - Logger.warn(e); - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", new Object[] { authBaseURL } )); - dataURL = authBaseURL + authServletName; - } + + //is removed from config in MOA-ID 2.0 + //check if an individual prefix is configured +// individualDataURLPrefix = AuthConfigurationProvider.getInstance(). +// getGenericConfigurationParameter(AuthConfigurationProvider.INDIVIDUAL_DATA_URL_PREFIX); +// +// if (null != individualDataURLPrefix) { +// +// //check individualDataURLPrefix +// if(!individualDataURLPrefix.startsWith("http")) +// throw(new ConfigurationException("config.13", new Object[] { individualDataURLPrefix})); +// +// //when ok then use it +// dataURL = individualDataURLPrefix + authServletName; +// } else + + dataURL = authBaseURL + authServletName; dataURL = addParameter(dataURL, AuthServlet.PARAM_SESSIONID, sessionID); return dataURL; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index d40cd1909..bd8d52031 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -154,19 +154,19 @@ public class GetIdentityLinkFormBuilder extends Builder { out.write("<"); else if (ch == '>') out.write(">"); - else if (ch == 'ä') + else if (ch == 'ä') out.write("ä"); - else if (ch == 'ö') + else if (ch == 'ö') out.write("ö"); - else if (ch == 'ü') + else if (ch == 'ü') out.write("ü"); - else if (ch == 'Ä') + else if (ch == 'Ä') out.write("Ä"); - else if (ch == 'Ö') + else if (ch == 'Ö') out.write("Ö"); - else if (ch == 'Ü') + else if (ch == 'Ãœ') out.write("Ü"); - else if (ch == 'ß') + else if (ch == 'ß') out.write("ß"); else out.write(ch); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java index fa1de87de..0a526ebbe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java @@ -59,48 +59,52 @@ public class InfoboxValidatorParamsBuilder { * * @return Parameters for validating an infobox token. */ - public static InfoboxValidatorParams buildInfoboxValidatorParams( - AuthenticationSession session, - VerifyInfoboxParameter verifyInfoboxParameter, - List infoboxTokenList, - OAAuthParameter oaParam) - { - InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); - IdentityLink identityLink = session.getIdentityLink(); - - // the infobox token to validate - infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList); - // configuration parameters - infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID()); - infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations()); - infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams()); - // authentication session parameters - infoboxValidatorParams.setBkuURL(session.getBkuURL()); - infoboxValidatorParams.setTarget(session.getTarget()); - infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); - infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); - // parameters from the identity link - infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); - infoboxValidatorParams.setGivenName(identityLink.getGivenName()); - infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth()); - if (verifyInfoboxParameter.getProvideStammzahl()) { - infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue()); - } - infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType()); - infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey()); - if (verifyInfoboxParameter.getProvideIdentityLink()) { - Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true); - if (!verifyInfoboxParameter.getProvideStammzahl()) { - Element identificationValueElem = - (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - if (identificationValueElem != null) { - identificationValueElem.getFirstChild().setNodeValue(""); - } - } - infoboxValidatorParams.setIdentityLink(identityLinkElem); - } - infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); - return infoboxValidatorParams; - } +// public static InfoboxValidatorParams buildInfoboxValidatorParams( +// AuthenticationSession session, +// VerifyInfoboxParameter verifyInfoboxParameter, +// List infoboxTokenList, +// OAAuthParameter oaParam) +// { +// InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl(); +// IdentityLink identityLink = session.getIdentityLink(); +// +// // the infobox token to validate +// infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList); +// // configuration parameters +// infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID()); +// infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations()); +// infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams()); +// // authentication session parameters +// infoboxValidatorParams.setBkuURL(session.getBkuURL()); +// infoboxValidatorParams.setTarget(session.getTarget()); +// infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); +// infoboxValidatorParams.setBusinessApplication(session.getBusinessService()); +// // parameters from the identity link +// infoboxValidatorParams.setFamilyName(identityLink.getFamilyName()); +// infoboxValidatorParams.setGivenName(identityLink.getGivenName()); +// infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth()); +// if (verifyInfoboxParameter.getProvideStammzahl()) { +// infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue()); +// } +// infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType()); +// infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey()); +// if (verifyInfoboxParameter.getProvideIdentityLink()) { +// Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true); +// if (!verifyInfoboxParameter.getProvideStammzahl()) { +// Element identificationValueElem = +// (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); +// if (identificationValueElem != null) { +// identificationValueElem.getFirstChild().setNodeValue(""); +// } +// } +// infoboxValidatorParams.setIdentityLink(identityLinkElem); +// } +// +// //TODO: check if this is Protocol specific +// //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl()); +// infoboxValidatorParams.setHideStammzahl(true); +// +// return infoboxValidatorParams; +// } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java new file mode 100644 index 000000000..69e654f56 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java @@ -0,0 +1,79 @@ +package at.gv.egovernment.moa.id.auth.builder; + + +public class LoginConfirmationBuilder { + /** private static String NL contains the NewLine representation in Java*/ + private static final String nl = "\n"; + + private static final String OA_URL_TAG = "<OA_URL>"; + private static final String FORM_METHOD_TAG = "<FORM_METHOD_URL>"; + private static final String ATTR_NAME_TAG = "<ATTR_NAME_URL>"; + private static final String ATTR_VALUE_TAG = "<ATTR_VALUE_URL>"; + private static final String ATTR_TEMP_TAG = "<ATTR_TEMP_URL>"; + private static final String OA_TAG = "<OA_TAG>"; + private static final String NAME_TAG = "<NAME_URL>"; + + private static final String METHOD_GET = "GET"; + private static final String METHOD_POST = "POST"; + + + private static final String ATTR_TEMPLATE = + " <input type=\"hidden\" " + nl + + " name=\"" + ATTR_NAME_TAG + "\"" + nl + + " value=\"" + ATTR_VALUE_TAG + "\"/>" + nl; + + /** default HTML template */ + private static final String DEFAULT_HTML_TEMPLATE = + "<html>" + nl + + "<head>" + nl + + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + + "<title>Anmeldung mit Bürgerkarte</title>" + nl + + "</head>" + nl + + "<body>" + nl + + "<p>Wollen Sie sich als <b>"+NAME_TAG+"</b> bei <b>"+OA_TAG+ + "</b> anmelden?</p>" + nl + + "<form name=\"GetIdentityLinkForm\"" + nl + + " action=\"" + OA_URL_TAG + "\"" + nl + + " method=\"" + FORM_METHOD_TAG + "\">" + nl + + ATTR_TEMP_TAG + + " <input type=\"submit\" value=\"Anmeldung durchführen\"/>" + nl + + "</form>" + nl + + "</body>" + nl + + "</html>"; + + private String template; + + public LoginConfirmationBuilder(){ + init(METHOD_GET); + } + + public LoginConfirmationBuilder(String method) { + init(method); + } + + public void init(String method) { + if(method.equals(METHOD_POST)) { + template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_POST); + } else { + template = DEFAULT_HTML_TEMPLATE.replace(FORM_METHOD_TAG, METHOD_GET); + } + } + + public void addParameter(String name, String value) { + String attr_template = ATTR_TEMPLATE + ATTR_TEMP_TAG; + //Logger.info("Attr Template: " + attr_template); + attr_template = attr_template.replace(ATTR_NAME_TAG, name); + //Logger.info("Attr Template: " + attr_template); + attr_template = attr_template.replace(ATTR_VALUE_TAG, value); + //Logger.info("Attr Template: " + attr_template); + template = template.replace(ATTR_TEMP_TAG, attr_template); + //Logger.info("Template: " + template); + } + + public String finish(String oaURL, String userName, String oa) { + template = template.replace(NAME_TAG, userName); + template = template.replace(OA_TAG, oa); + template = template.replace(OA_URL_TAG, oaURL); + return template.replace(ATTR_TEMP_TAG, ""); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java new file mode 100644 index 000000000..a80fcfa25 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -0,0 +1,107 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.io.StringWriter; +import java.net.URI; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class LoginFormBuilder { + + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String HTMLTEMPLATEFULL = "loginFormFull.html"; + private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html"; + + private static String AUTH_URL = "#AUTH_URL#"; + private static String MODUL = "#MODUL#"; + private static String ACTION = "#ACTION#"; + private static String OANAME = "#OAName#"; + private static String BKU_ONLINE = "#ONLINE#"; + private static String BKU_HANDY = "#HANDY#"; + private static String BKU_LOCAL = "#LOCAL#"; + private static String CONTEXTPATH = "#CONTEXTPATH#"; + private static String MOASESSIONID = "#SESSIONID#"; + + private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate"; + + private static String getTemplate(boolean isIFrame) { + + String template = null; + + try { + String pathLocation; + + InputStream input; + + String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + + if (isIFrame) + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; + else + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + + try { + File file = new File(new URI(pathLocation)); + input = new FileInputStream(file); + + } catch (FileNotFoundException e) { + + Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); + + if (isIFrame) + pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; + else + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + + input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + + } + + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + template = template.replace(AUTH_URL, SERVLET); + template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); + template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); + template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); + + input.close(); + + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + return template; + } + + public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) { + String value = getTemplate(isIFrame); + + if(value != null) { + if(modul == null) { + modul = SAML1Protocol.PATH; + } + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + value = value.replace(MODUL, modul); + value = value.replace(ACTION, action); + value = value.replace(OANAME, oaname); + value = value.replace(CONTEXTPATH, contextpath); + value = value.replace(MOASESSIONID, moaSessionID); + } + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java new file mode 100644 index 000000000..6d10f5519 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.InputStream; +import java.io.StringWriter; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectFormBuilder { + + private static String URL = "#URL#"; + private static String template; + + private static String getTemplate() { + + if (template == null) { + try { + String classpathLocation = "resources/templates/redirectForm.html"; + InputStream input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(classpathLocation); + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + } + + return template; + } + + public static String buildLoginForm(String url) { + String value = getTemplate(); + value = value.replace(URL, url); + + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java index a0fe0de1b..304a5b70c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java @@ -72,7 +72,7 @@ public class SAMLArtifactBuilder { MessageDigest md = MessageDigest.getInstance("SHA-1"); byte[] sourceID; // alternative sourceId - String alternativeSourceID = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter(GENERIC_CONFIG_PARAM_SOURCEID); + String alternativeSourceID = AuthConfigurationProvider.getInstance().getAlternativeSourceID(); // if sourceID is given in GET/POST param - use this as source id if (!ParepUtils.isEmpty(sourceIdParam)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java new file mode 100644 index 000000000..956593237 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.InputStream; +import java.io.StringWriter; +import java.net.URI; + +import org.apache.commons.io.IOUtils; + +import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.logging.Logger; + +public class SendAssertionFormBuilder { + + private static final String HTMLTEMPLATESDIR = "htmlTemplates/"; + private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html"; + private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html"; + + private static String URL = "#URL#"; + private static String MODUL = "#MODUL#"; + private static String ACTION = "#ACTION#"; + private static String ID = "#ID#"; + private static String OANAME = "#OAName#"; + private static String CONTEXTPATH = "#CONTEXTPATH#"; + + private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet"; + + private static String getTemplate(boolean isIFrame) { + + String template = null; + + try { + String pathLocation; + InputStream input; + + String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + + if (isIFrame) + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME; + else + pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL; + + try { + File file = new File(new URI(pathLocation)); + input = new FileInputStream(file); + + } catch (FileNotFoundException e) { + + Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package."); + + if (isIFrame) + pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME; + else + pathLocation = "resources/templates/" + HTMLTEMPLATEFULL; + + input = Thread.currentThread() + .getContextClassLoader() + .getResourceAsStream(pathLocation); + + } + + StringWriter writer = new StringWriter(); + IOUtils.copy(input, writer); + template = writer.toString(); + template = template.replace(URL, SERVLET); + } catch (Exception e) { + Logger.error("Failed to read template", e); + } + + return template; + } + + public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) { + String value = getTemplate(isIFrame); + + if(value != null) { + if(modul == null) { + modul = SAML1Protocol.PATH; + } + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + value = value.replace(MODUL, modul); + value = value.replace(ACTION, action); + value = value.replace(ID, id); + value = value.replace(OANAME, oaname); + value = value.replace(CONTEXTPATH, contextpath); + } + return value; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java new file mode 100644 index 000000000..8a9c2b4fd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.builder; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class StartAuthenticationBuilder { + + private static StartAuthenticationBuilder instance = null; + + public static StartAuthenticationBuilder getInstance() { + if (instance == null) { + instance = new StartAuthenticationBuilder(); + } + return instance; + } + + + public String build(AuthenticationSession moasession, HttpServletRequest req, + HttpServletResponse resp) throws WrongParametersException, MOAIDException { + + if (moasession == null) { + throw new AuthenticationException("auth.18", new Object[] { }); + } + + STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); + + Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc())); + // STORK or normal authentication + if (storkConfig.isSTORKAuthentication(moasession.getCcc())) { + //STORK authentication + Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc()); + Logger.debug("Starting STORK authentication"); + + AuthenticationServer.startSTORKAuthentication(req, resp, moasession); + return ""; + + } else { + //normal MOA-ID authentication + Logger.debug("Starting normal MOA-ID authentication"); + + String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme()); + + return getIdentityLinkForm; + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java index 5e6d47bdf..b65b3db0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.auth.builder; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -253,7 +255,7 @@ public class VerifyXMLSignatureRequestBuilder { */ public Element build( CreateXMLSignatureResponse csr, - String[] verifyTransformsInfoProfileID, + List<String> verifyTransformsInfoProfileID, String trustProfileID) throws BuildException { //samlAssertionObject @@ -286,13 +288,25 @@ public class VerifyXMLSignatureRequestBuilder { // add the transform profile IDs Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); - } + +// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { +// +// Element verifyTransformsInfoProfileIDElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); +// verifyTransformsInfoProfileIDElem.appendChild( +// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); +// } + + for (String element : verifyTransformsInfoProfileID) { + + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(element)); + } + Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); requestElem_.appendChild(returnHashInputDataElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index e861c62fa..4560e69cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -21,59 +21,73 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.id.auth.data; - - import iaik.x509.X509Certificate; +import java.io.IOException; +import java.io.Serializable; +import java.security.cert.CertificateEncodingException; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Date; import java.util.Iterator; import java.util.List; import java.util.Vector; +import javax.xml.parsers.ParserConfigurationException; + +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; import eu.stork.mw.messages.saml.STORKAuthnRequest; /** - * Session data to be stored between <code>AuthenticationServer</code> API calls. + * Session data to be stored between <code>AuthenticationServer</code> API + * calls. * * @author Paul Ivancsics * @version $Id$ */ -public class AuthenticationSession { - - private static String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; - private static String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+"; - +public class AuthenticationSession implements Serializable { + + /** + * + */ + private static final long serialVersionUID = 1L; + + public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+"; + public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + + "+"; + /** * session ID */ private String sessionID; /** - * "Geschäftsbereich" the online application belongs to; maybe <code>null</code> - * if the online application is a business application + * "Geschäftsbereich" the online application belongs to; maybe + * <code>null</code> if the online application is a business application */ private String target; /** - * Friendly name for the target, if target is configured via MOA-ID configuration + * Friendly name for the target, if target is configured via MOA-ID + * configuration */ private String targetFriendlyName; - + /** * SourceID */ private String sourceID; - /** - * Indicates if target from configuration is used or not - */ - private boolean useTargetFromConfig; + /** * public online application URL requested */ @@ -86,758 +100,1037 @@ public class AuthenticationSession { * URL of MOA ID authentication component */ private String authURL; - /** - * HTML template URL - */ - private String templateURL; - - /** - * URL of the BKU - */ - private String bkuURL; - - /** - * Use mandate - */ - private boolean useMandate; - - /** - * Reference value for mandate - */ - private String mandateReferenceValue; - - /** - * Authentication data for the assertion - */ - private AuthenticationData assertionAuthData; - - /** - * Persondata for the assertion - */ - private String assertionPrPerson; - - /** - * Authblock for the assertion - */ - private String assertionAuthBlock; - - /** - * Identitylink assertion for the (MOA) assertion - */ - private String assertionIlAssertion; - - /** - * Signer certificate (base64 encoded) for the assertion - */ - private String assertionSignerCertificateBase64; - - /** - * bussiness service for the assertion - */ - boolean assertionBusinessService; - - /** - * SessionID for MIS - */ - private String misSessionID; + /** + * HTML template URL + */ + private String templateURL; + + /** + * URL of the BKU + */ + private String bkuURL; + + /** + * Indicates whether the corresponding online application is a business + * service or not + */ + private boolean businessService; + + //Store Mandate + /** + * Use mandate + */ + private boolean useMandate; + + + private boolean isOW = false; + + + /** + * STORK + */ + private String ccc; + + /** + * + * Mandate element + */ + private MISMandate mandate; + + /** + * Reference value for mandate + * bussiness service for the assertion + */ + private String mandateReferenceValue; + + /** + * SessionID for MIS + */ + private String misSessionID; + + //store Identitylink /** * identity link read from smartcard */ private IdentityLink identityLink; + + /** + * timestamp logging when identity link has been received + */ + private Date timestampIdentityLink; + + //store Authblock /** * authentication block to be signed by the user */ private String authBlock; + /** - * timestamp logging when authentication session has been created + * The issuing time of the AUTH-Block SAML assertion. */ - private Date timestampStart; + private String issueInstant; + + //Signer certificate /** - * timestamp logging when identity link has been received + * Signer certificate of the foreign citizen or for mandate mode */ - private Date timestampIdentityLink; - /** - * Indicates whether the corresponding online application is a business - * service or not - */ - private boolean businessService; - - /** - * Signer certificate of the foreign citizen or for mandate mode - */ - private X509Certificate signerCertificate; - /** - * SAML attributes from an extended infobox validation to be appended - * to the SAML assertion delivered to the final online application. - */ - private List extendedSAMLAttributesOA; - - /** - * The boolean value for either a target or a wbPK is provided as - * SAML Attribute in the SAML Assertion or not. - */ - private boolean samlAttributeGebeORwbpk; - - /** - * SAML attributes from an extended infobox validation to be appended - * to the SAML assertion of the AUTHBlock. - */ - private List extendedSAMLAttributesAUTH; - - /** - * The issuing time of the AUTH-Block SAML assertion. - */ - private String issueInstant; - - /** - * If infobox validators are needed after signing, they can be stored in - * this list. - */ - private List infoboxValidators; - - /** - * The register and number in the register parameter in case of a business - * service application. - */ - private String domainIdentifier; - - /** - * This string contains all identifiers of infoboxes, the online application - * is configured to accept. The infobox identifiers are comma separated. - */ - private String pushInfobox; - - /** - * The STORK AuthRequest to be sent to the C-PEPS - */ - private STORKAuthnRequest storkAuthnRequest; - - /** - * Constructor for AuthenticationSession. - * - * @param id Session ID - */ - public AuthenticationSession(String id) { - sessionID = id; - setTimestampStart(); - infoboxValidators = new ArrayList(); - } - - public X509Certificate getSignerCertificate() { - return signerCertificate; - } - - public void setSignerCertificate(X509Certificate signerCertificate) { - this.signerCertificate = signerCertificate; - } - - /** - * Returns the identityLink. - * @return IdentityLink - */ - public IdentityLink getIdentityLink() { - return identityLink; - } - - /** - * Returns the sessionID. - * @return String - */ - public String getSessionID() { - return sessionID; - } - - /** - * Sets the identityLink. - * @param identityLink The identityLink to set - */ - public void setIdentityLink(IdentityLink identityLink) { - this.identityLink = identityLink; - } - - /** - * Sets the sessionID. - * @param sessionId The sessionID to set - */ - public void setSessionID(String sessionId) { - this.sessionID = sessionId; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getOAURLRequested() { - return oaURLRequested; - } - - /** - * Returns the oaURLRequested. - * @return String - */ - public String getPublicOAURLPrefix() { - return oaPublicURLPrefix; - } - - /** - * Returns the BKU URL. - * @return String - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * Returns the target. - * @return String - */ - public String getTarget() { - return target; - } - - /** - * Returns the sourceID. - * @return String - */ - public String getSourceID() { - return sourceID; - } - - /** - * Returns the target friendly name. - * @return String - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the oaURLRequested. - * @param oaURLRequested The oaURLRequested to set - */ - public void setOAURLRequested(String oaURLRequested) { - this.oaURLRequested = oaURLRequested; - } - - /** - * Sets the oaPublicURLPrefix - * @param oaPublicURLPrefix The oaPublicURLPrefix to set - */ - public void setPublicOAURLPrefix(String oaPublicURLPrefix) { - this.oaPublicURLPrefix = oaPublicURLPrefix; - } - - /** - * Sets the bkuURL - * @param bkuURL The BKU URL to set - */ - public void setBkuURL(String bkuURL) { - this.bkuURL = bkuURL; - } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * @param target The target to set - */ - public void setTarget(String target) { - if (target != null && target.startsWith(TARGET_PREFIX_)) - { - // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove prefix - this.target = target.substring(TARGET_PREFIX_.length()); - Logger.debug("Target prefix stripped off; resulting target: " + this.target); - } - else - { - this.target = target; - } - } - - /** - * Sets the sourceID - * @param sourceID The sourceID to set - */ - public void setSourceID(String sourceID) { - this.sourceID = sourceID; - } - - /** - * Sets the target. If the target includes the target prefix, the prefix will be stripped off. - * @param target The target to set - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - /** - * Returns the authURL. - * @return String - */ - public String getAuthURL() { - return authURL; - } - - /** - * Sets the authURL. - * @param authURL The authURL to set - */ - public void setAuthURL(String authURL) { - this.authURL = authURL; - } - - /** - * Returns the authBlock. - * @return String - */ - public String getAuthBlock() { - return authBlock; - } - - /** - * Sets the authBlock. - * @param authBlock The authBlock to set - */ - public void setAuthBlock(String authBlock) { - this.authBlock = authBlock; - } - - /** - * Returns the timestampIdentityLink. - * @return Date - */ - public Date getTimestampIdentityLink() { - return timestampIdentityLink; - } - - /** - * Returns the businessService. - * @return <code>true</code> if the corresponding online application is - * a business application, otherwise <code>false</code> - */ - public boolean getBusinessService() { - return businessService; - } - - /** - * Sets the businessService variable. - * @param businessService the value for setting the businessService variable. - */ - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - /** - * Returns the timestampStart. - * @return Date - */ - public Date getTimestampStart() { - return timestampStart; - } - - /** - * Sets the current date as timestampIdentityLink. - */ - public void setTimestampIdentityLink() { - timestampIdentityLink = new Date(); - } - - /** - * Sets the current date as timestampStart. - */ - public void setTimestampStart() { - timestampStart = new Date(); - } - - /** - * @return template URL - */ - public String getTemplateURL() { - return templateURL; - } - - - /** - * @param string the template URL - */ - public void setTemplateURL(String string) { - templateURL = string; - } - - - /** - * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. - * - * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>. - */ - public List getExtendedSAMLAttributesAUTH() { - return extendedSAMLAttributesAUTH; - } - - /** - * Sets the SAML Attributes to be appended to the AUTHBlock. - * - * @param extendedSAMLAttributesAUTH The SAML Attributes to be appended to the AUTHBlock. - */ - public void setExtendedSAMLAttributesAUTH( - List extendedSAMLAttributesAUTH) { - this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; - } - - /** - * Returns the SAML Attributes to be appended to the SAML assertion - * delivered to the online application. Maybe <code>null</code>. - * - * @return The SAML Attributes to be appended to the SAML assertion - * delivered to the online application - */ - public List getExtendedSAMLAttributesOA() { - return extendedSAMLAttributesOA; - } - - /** - * Sets the SAML Attributes to be appended to the SAML assertion - * delivered to the online application. - * - * @param extendedSAMLAttributesOA The SAML Attributes to be appended to the SAML - * assertion delivered to the online application. - */ - public void setExtendedSAMLAttributesOA( - List extendedSAMLAttributesOA) { - this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; - } - - /** - * Returns the boolean value for either a target or a wbPK is - * provided as SAML Attribute in the SAML Assertion or not. - * - * @return true either a target or a wbPK is provided as SAML Attribute - * in the SAML Assertion or false if not. - */ - public boolean getSAMLAttributeGebeORwbpk() { - return this.samlAttributeGebeORwbpk; - } - - /** - * Sets the boolean value for either a target or a wbPK is - * provided as SAML Attribute in the SAML Assertion or not. - * - * @param samlAttributeGebeORwbpk The boolean for value either a target or - * wbPK is provided as SAML Attribute in the SAML Assertion or not. - */ - public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { - this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; - } - - /** - * Returns the issuing time of the AUTH-Block SAML assertion. - * - * @return The issuing time of the AUTH-Block SAML assertion. - */ - public String getIssueInstant() { - return issueInstant; - } - - /** - * Sets the issuing time of the AUTH-Block SAML assertion. - * - * @param issueInstant The issueInstant to set. - */ - public void setIssueInstant(String issueInstant) { - this.issueInstant = issueInstant; - } - - /** - * Returns the iterator to the stored infobox validators. - * @return Iterator - */ - public Iterator getInfoboxValidatorIterator() { - if (infoboxValidators==null) return null; - return infoboxValidators.iterator(); - } - - /** - * Adds an infobox validator class to the stored infobox validators. - * @param infoboxIdentifier the identifier of the infobox the validator belongs to - * @param infoboxFriendlyName the friendly name of the infobox - * @param infoboxValidator the infobox validator to add - */ - public Iterator addInfoboxValidator(String infoboxIdentifier, String infoboxFriendlyName, InfoboxValidator infoboxValidator) { - if (infoboxValidators==null) infoboxValidators = new ArrayList(); - Vector v = new Vector(3); - v.add(infoboxIdentifier); - v.add(infoboxFriendlyName); - v.add(infoboxValidator); - infoboxValidators.add(v); - return infoboxValidators.iterator(); - } - - /** - * Tests for pending input events of the infobox validators. - * @return true if a validator has a form to show - */ - public boolean isValidatorInputPending() { - boolean result = false; - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (!result && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result=true; - } - } - return result; - } - - /** - * Returns the first pending infobox validator. - * @return the infobox validator class - */ - public InfoboxValidator getFirstPendingValidator() { - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - String form = infoboxvalidator.getForm(); - if (!ParepUtils.isEmpty(form)) return infoboxvalidator; - } - } - return null; - } - - /** - * Returns the input form of the first pending infobox validator input processor. - * @return the form to show - */ - public String getFirstValidatorInputForm() { - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - String form = infoboxvalidator.getForm(); - if (!ParepUtils.isEmpty(form)) return form; - } - } - return null; - } - - /** - * Returns domain identifier (the register and number in the register parameter). - * <code>null</code> in the case of not a business service. - * - * @return the domainIdentifier - */ - public String getDomainIdentifier() { - return domainIdentifier; - } - - /** - * Sets the register and number in the register parameter if the application - * is a business service. - * If the domain identifier includes the registerAndOrdNr prefix, the prefix - * will be stripped off. - * - * @param domainIdentifier the domain identifier to set - */ - public void setDomainIdentifier(String domainIdentifier) { - if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) - { - // If domainIdentifier starts with prefix "urn:publicid:gv.at:wbpk+"; remove this prefix - this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier); - } - else - { - this.domainIdentifier = domainIdentifier; - } - } - - /** - * Gets all identifiers of infoboxes, the online application - * is configured to accept. The infobox identifiers are comma separated. - * - * @return the string containing infobox identifiers - */ - public String getPushInfobox() { - if (pushInfobox==null) return ""; - return pushInfobox; - } - - /** - * @param pushInfobox the infobox identifiers to set (comma separated) - */ - public void setPushInfobox(String pushInfobox) { - this.pushInfobox = pushInfobox; - } - - /** - * - * @param useMandate indicates if mandate is used or not - */ - public void setUseMandate(String useMandate) { - if (useMandate.compareToIgnoreCase("true") == 0) - this.useMandate = true; - else - this.useMandate = false; - - } - - /** - * Returns if mandate is used or not - * @return - */ - public boolean getUseMandate() { - return this.useMandate; - } - - /** - * - * @param useTargetFromConfig indicates if target from config is used or not - */ - public void setUseTargetFromConfig(boolean useTargetFromConfig) { - this.useTargetFromConfig = useTargetFromConfig; - - } - - /** - * Returns if target is used from mandate or not - * @return - */ - public boolean getUseTargetFromConfig() { - return this.useTargetFromConfig; - } - - /** - * - * @param misSessionID indicates the MIS session ID - */ - public void setMISSessionID(String misSessionID) { - this.misSessionID = misSessionID; - } - - /** - * Returns the MIS session ID - * @return - */ - public String getMISSessionID() { - return this.misSessionID; - } - - /** - * @return the assertionAuthData - */ - public AuthenticationData getAssertionAuthData() { - return assertionAuthData; - } - - /** - * @param assertionAuthData the assertionAuthData to set - */ - public void setAssertionAuthData(AuthenticationData assertionAuthData) { - this.assertionAuthData = assertionAuthData; - } - - /** - * @return the assertionPrPerson - */ - public String getAssertionPrPerson() { - return assertionPrPerson; - } - - /** - * @param assertionPrPerson the assertionPrPerson to set - */ - public void setAssertionPrPerson(String assertionPrPerson) { - this.assertionPrPerson = assertionPrPerson; - } - - /** - * @return the assertionAuthBlock - */ - public String getAssertionAuthBlock() { - return assertionAuthBlock; - } - - /** - * @param assertionAuthBlock the assertionAuthBlock to set - */ - public void setAssertionAuthBlock(String assertionAuthBlock) { - this.assertionAuthBlock = assertionAuthBlock; - } - - /** - * @return the assertionIlAssertion - */ - public String getAssertionIlAssertion() { - return assertionIlAssertion; - } - - /** - * @param assertionIlAssertion the assertionIlAssertion to set - */ - public void setAssertionIlAssertion(String assertionIlAssertion) { - this.assertionIlAssertion = assertionIlAssertion; - } - - /** - * @return the assertionSignerCertificateBase64 - */ - public String getAssertionSignerCertificateBase64() { - return assertionSignerCertificateBase64; - } - - /** - * @param assertionSignerCertificateBase64 the assertionSignerCertificateBase64 to set - */ - public void setAssertionSignerCertificateBase64(String assertionSignerCertificateBase64) { - this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; - } - - /** - * @return the assertionBusinessService - */ - public boolean getAssertionBusinessService() { - return assertionBusinessService; - } - - /** - * @param assertionBusinessService the assertionBusinessService to set - */ - public void setAssertionBusinessService(boolean assertionBusinessService) { - this.assertionBusinessService = assertionBusinessService; - } - - /** - * @return the mandateReferenceValue - */ - public String getMandateReferenceValue() { - return mandateReferenceValue; - } - - /** - * @param mandateReferenceValue the mandateReferenceValue to set - */ - public void setMandateReferenceValue(String mandateReferenceValue) { - this.mandateReferenceValue = mandateReferenceValue; - } - - /** - * Gets the STORK SAML AuthnRequest - * @return STORK SAML AuthnRequest - */ - public STORKAuthnRequest getStorkAuthnRequest() { - return storkAuthnRequest; + //private X509Certificate signerCertificate; + private byte[] signerCertificate; + + + /** + * SAML attributes from an extended infobox validation to be appended to the + * SAML assertion delivered to the final online application. + */ + private List extendedSAMLAttributesOA; + + /** + * The boolean value for either a target or a wbPK is provided as SAML + * Attribute in the SAML Assertion or not. + */ + private boolean samlAttributeGebeORwbpk; + + /** + * SAML attributes from an extended infobox validation to be appended to the + * SAML assertion of the AUTHBlock. + */ + private List extendedSAMLAttributesAUTH; + + + //TODO: check if it is in use! + /** + * If infobox validators are needed after signing, they can be stored in + * this list. + */ + private List infoboxValidators; + + /** + * The register and number in the register parameter in case of a business + * service application. + */ + private String domainIdentifier; + + /** + * This string contains all identifiers of infoboxes, the online application + * is configured to accept. The infobox identifiers are comma separated. + */ + private String pushInfobox; + + /** + * The STORK AuthRequest to be sent to the C-PEPS + */ + private STORKAuthnRequest storkAuthnRequest; + + + + //private AuthenticationData authData; + + //protocol selection + private String action; + private String modul; + + private boolean authenticated; + private boolean authenticatedUsed = false; + + private boolean ssoRequested = false; + +// /** +// * Indicates if target from configuration is used or not +// */ +// private boolean useTargetFromConfig; + +// /** +// * Authentication data for the assertion +// */ +// private AuthenticationData assertionAuthData; +// +// /** +// * Persondata for the assertion +// */ +// private String assertionPrPerson; +// +// /** +// * Authblock for the assertion +// */ +// private String assertionAuthBlock; +// +// /** +// * Identitylink assertion for the (MOA) assertion +// */ +// private String assertionIlAssertion; +// +// /** +// * Signer certificate (base64 encoded) for the assertion +// */ +// private String assertionSignerCertificateBase64; +// +// /** +// * bussiness service for the assertion +// */ +// boolean assertionBusinessService; +// +// /** +// * timestamp logging when authentication session has been created +// */ +// private Date timestampStart; +// private CreateXMLSignatureResponse XMLCreateSignatureResponse; + + private VerifyXMLSignatureResponse XMLVerifySignatureResponse; + + private boolean isForeigner; + +// private String requestedProtocolURL = null; + + public String getModul() { + return modul; + } + + public void setModul(String modul) { + this.modul = modul; + } + + public String getAction() { + return action; + } + + public void setAction(String action) { + this.action = action; + } + +// public AuthenticationData getAuthData() { +// return authData; +// } +// +// public void setAuthData(AuthenticationData authData) { +// this.authData = authData; +// } + + + public boolean isAuthenticatedUsed() { + return authenticatedUsed; + } + + public void setAuthenticatedUsed(boolean authenticatedUsed) { + this.authenticatedUsed = authenticatedUsed; } - /** - * Sets the STORK SAML AuthnRequest - * @param storkAuthnRequest STORK SAML AuthnRequest - */ + public boolean isAuthenticated() { + return authenticated; + } + + public void setAuthenticated(boolean authenticated) { + this.authenticated = authenticated; + } + + +// public String getRequestedProtocolURL() { +// return requestedProtocolURL; +// } +// +// public void setRequestedProtocolURL(String requestedProtocolURL) { +// this.requestedProtocolURL = requestedProtocolURL; +// } + + /** + * Constructor for AuthenticationSession. + * + * @param id + * Session ID + */ + public AuthenticationSession(String id) { + sessionID = id; +// setTimestampStart(); + infoboxValidators = new ArrayList(); + } + + public X509Certificate getSignerCertificate(){ + try { + return new X509Certificate(signerCertificate); + } catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + return null; + } + } + + public byte[] getEncodedSignerCertificate() { + return this.signerCertificate; + } + + public void setSignerCertificate(X509Certificate signerCertificate) { + try { + this.signerCertificate = signerCertificate.getEncoded(); + } catch (CertificateEncodingException e) { + Logger.warn("Signer certificate can not be stored to session database!", e); + } + } + + /** + * Returns the identityLink. + * + * @return IdentityLink + */ + public IdentityLink getIdentityLink() { + return identityLink; + } + + /** + * Returns the sessionID. + * + * @return String + */ + public String getSessionID() { + return sessionID; + } + + /** + * Sets the identityLink. + * + * @param identityLink + * The identityLink to set + */ + public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; + } + + /** + * Sets the sessionID. + * + * @param sessionId + * The sessionID to set + */ + public void setSessionID(String sessionId) { + this.sessionID = sessionId; + } + + /** + * Returns the oaURLRequested. + * + * @return String + */ + public String getOAURLRequested() { + return oaURLRequested; + } + + /** + * Returns the oaURLRequested. + * + * @return String + */ + public String getPublicOAURLPrefix() { + return oaPublicURLPrefix; + } + + /** + * Returns the BKU URL. + * + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Returns the target. + * + * @return String + */ + public String getTarget() { + return target; + } + + /** + * Returns the sourceID. + * + * @return String + */ + public String getSourceID() { + return sourceID; + } + + /** + * Returns the target friendly name. + * + * @return String + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the oaURLRequested. + * + * @param oaURLRequested + * The oaURLRequested to set + */ + public void setOAURLRequested(String oaURLRequested) { + this.oaURLRequested = oaURLRequested; + } + + /** + * Sets the oaPublicURLPrefix + * + * @param oaPublicURLPrefix + * The oaPublicURLPrefix to set + */ + public void setPublicOAURLPrefix(String oaPublicURLPrefix) { + this.oaPublicURLPrefix = oaPublicURLPrefix; + } + + /** + * Sets the bkuURL + * + * @param bkuURL + * The BKU URL to set + */ + public void setBkuURL(String bkuURL) { + this.bkuURL = bkuURL; + } + + /** + * Sets the target. If the target includes the target prefix, the prefix + * will be stripped off. + * + * @param target + * The target to set + */ + public void setTarget(String target) { + if (target != null && target.startsWith(TARGET_PREFIX_)) { + // If target starts with prefix "urn:publicid:gv.at:cdid+"; remove + // prefix + this.target = target.substring(TARGET_PREFIX_.length()); + Logger.debug("Target prefix stripped off; resulting target: " + + this.target); + } else { + this.target = target; + } + } + + /** + * Sets the sourceID + * + * @param sourceID + * The sourceID to set + */ + public void setSourceID(String sourceID) { + this.sourceID = sourceID; + } + + /** + * Sets the target. If the target includes the target prefix, the prefix + * will be stripped off. + * + * @param target + * The target to set + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + /** + * Returns the authURL. + * + * @return String + */ + public String getAuthURL() { + return authURL; + } + + /** + * Sets the authURL. + * + * @param authURL + * The authURL to set + */ + public void setAuthURL(String authURL) { + this.authURL = authURL; + } + + /** + * Returns the authBlock. + * + * @return String + */ + public String getAuthBlock() { + return authBlock; + } + + /** + * Sets the authBlock. + * + * @param authBlock + * The authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + /** + * Returns the timestampIdentityLink. + * + * @return Date + */ + public Date getTimestampIdentityLink() { + return timestampIdentityLink; + } + + /** + * Returns the businessService. + * + * @return <code>true</code> if the corresponding online application is a + * business application, otherwise <code>false</code> + */ + public boolean getBusinessService() { + return businessService; + } + + /** + * Sets the businessService variable. + * + * @param businessService + * the value for setting the businessService variable. + */ + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + +// /** +// * Returns the timestampStart. +// * +// * @return Date +// */ +// public Date getTimestampStart() { +// return timestampStart; +// } + + /** + * Sets the current date as timestampIdentityLink. + */ + public void setTimestampIdentityLink() { + timestampIdentityLink = new Date(); + } + +// /** +// * Sets the current date as timestampStart. +// */ +// public void setTimestampStart() { +// timestampStart = new Date(); +// } + + /** + * @return template URL + */ + public String getTemplateURL() { + return templateURL; + } + + /** + * @param string + * the template URL + */ + public void setTemplateURL(String string) { + templateURL = string; + } + + /** + * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe + * <code>null</code>. + * + * @return The SAML Attributes to be appended to the AUTHBlock. Maybe + * <code>null</code>. + */ + public List getExtendedSAMLAttributesAUTH() { + return extendedSAMLAttributesAUTH; + } + + /** + * Sets the SAML Attributes to be appended to the AUTHBlock. + * + * @param extendedSAMLAttributesAUTH + * The SAML Attributes to be appended to the AUTHBlock. + */ + public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { + this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH; + } + + /** + * Returns the SAML Attributes to be appended to the SAML assertion + * delivered to the online application. Maybe <code>null</code>. + * + * @return The SAML Attributes to be appended to the SAML assertion + * delivered to the online application + */ + public List getExtendedSAMLAttributesOA() { + return extendedSAMLAttributesOA; + } + + /** + * Sets the SAML Attributes to be appended to the SAML assertion delivered + * to the online application. + * + * @param extendedSAMLAttributesOA + * The SAML Attributes to be appended to the SAML assertion + * delivered to the online application. + */ + public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { + this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; + } + + /** + * Returns the boolean value for either a target or a wbPK is provided as + * SAML Attribute in the SAML Assertion or not. + * + * @return true either a target or a wbPK is provided as SAML Attribute in + * the SAML Assertion or false if not. + */ + public boolean getSAMLAttributeGebeORwbpk() { + return this.samlAttributeGebeORwbpk; + } + + /** + * Sets the boolean value for either a target or a wbPK is provided as SAML + * Attribute in the SAML Assertion or not. + * + * @param samlAttributeGebeORwbpk + * The boolean for value either a target or wbPK is provided as + * SAML Attribute in the SAML Assertion or not. + */ + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk; + } + + /** + * Returns the issuing time of the AUTH-Block SAML assertion. + * + * @return The issuing time of the AUTH-Block SAML assertion. + */ + public String getIssueInstant() { + return issueInstant; + } + + /** + * Sets the issuing time of the AUTH-Block SAML assertion. + * + * @param issueInstant + * The issueInstant to set. + */ + public void setIssueInstant(String issueInstant) { + this.issueInstant = issueInstant; + } + + /** + * Returns the iterator to the stored infobox validators. + * + * @return Iterator + */ + public Iterator getInfoboxValidatorIterator() { + if (infoboxValidators == null) + return null; + return infoboxValidators.iterator(); + } + + /** + * Adds an infobox validator class to the stored infobox validators. + * + * @param infoboxIdentifier + * the identifier of the infobox the validator belongs to + * @param infoboxFriendlyName + * the friendly name of the infobox + * @param infoboxValidator + * the infobox validator to add + */ + public Iterator addInfoboxValidator(String infoboxIdentifier, + String infoboxFriendlyName, InfoboxValidator infoboxValidator) { + if (infoboxValidators == null) + infoboxValidators = new ArrayList(); + Vector v = new Vector(3); + v.add(infoboxIdentifier); + v.add(infoboxFriendlyName); + v.add(infoboxValidator); + infoboxValidators.add(v); + return infoboxValidators.iterator(); + } + + /** + * Tests for pending input events of the infobox validators. + * + * @return true if a validator has a form to show + */ + public boolean isValidatorInputPending() { + boolean result = false; + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (!result && iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) + result = true; + } + } + return result; + } + + /** + * Returns the first pending infobox validator. + * + * @return the infobox validator class + */ + public InfoboxValidator getFirstPendingValidator() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) + return infoboxvalidator; + } + } + return null; + } + + /** + * Returns the input form of the first pending infobox validator input + * processor. + * + * @return the form to show + */ + public String getFirstValidatorInputForm() { + Iterator iter = getInfoboxValidatorIterator(); + if (iter != null) { + while (iter.hasNext()) { + Vector infoboxValidatorVector = (Vector) iter.next(); + InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector + .get(2); + String form = infoboxvalidator.getForm(); + if (!ParepUtils.isEmpty(form)) + return form; + } + } + return null; + } + + /** + * Returns domain identifier (the register and number in the register + * parameter). <code>null</code> in the case of not a business service. + * + * @return the domainIdentifier + */ + public String getDomainIdentifier() { + return domainIdentifier; + } + + /** + * Sets the register and number in the register parameter if the application + * is a business service. If the domain identifier includes the + * registerAndOrdNr prefix, the prefix will be stripped off. + * + * @param domainIdentifier + * the domain identifier to set + */ + public void setDomainIdentifier(String domainIdentifier) { + if (domainIdentifier != null + && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + this.domainIdentifier = domainIdentifier + .substring(REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + this.domainIdentifier); + } else { + this.domainIdentifier = domainIdentifier; + } + } + + /** + * Gets all identifiers of infoboxes, the online application is configured + * to accept. The infobox identifiers are comma separated. + * + * @return the string containing infobox identifiers + */ + public String getPushInfobox() { + if (pushInfobox == null) + return ""; + return pushInfobox; + } + + /** + * @param pushInfobox + * the infobox identifiers to set (comma separated) + */ + public void setPushInfobox(String pushInfobox) { + this.pushInfobox = pushInfobox; + } + + /** + * + * @param useMandate + * indicates if mandate is used or not + */ + public void setUseMandate(String useMandate) { + if (useMandate.compareToIgnoreCase("true") == 0) + this.useMandate = true; + else + this.useMandate = false; + + } + + /** + * Returns if mandate is used or not + * + * @return + */ + public boolean getUseMandate() { + return this.useMandate; + } + +// /** +// * +// * @param useTargetFromConfig +// * indicates if target from config is used or not +// */ +// public void setUseTargetFromConfig(boolean useTargetFromConfig) { +// this.useTargetFromConfig = useTargetFromConfig; +// +// } +// +// /** +// * Returns if target is used from mandate or not +// * +// * @return +// */ +// public boolean getUseTargetFromConfig() { +// return this.useTargetFromConfig; +// } + + /** + * + * @param misSessionID + * indicates the MIS session ID + */ + public void setMISSessionID(String misSessionID) { + this.misSessionID = misSessionID; + } + + /** + * Returns the MIS session ID + * + * @return + */ + public String getMISSessionID() { + return this.misSessionID; + } + +// /** +// * @return the assertionAuthData +// */ +// public AuthenticationData getAssertionAuthData() { +// return assertionAuthData; +// } +// +// /** +// * @param assertionAuthData +// * the assertionAuthData to set +// */ +// public void setAssertionAuthData(AuthenticationData assertionAuthData) { +// this.assertionAuthData = assertionAuthData; +// } +// +// /** +// * @return the assertionPrPerson +// */ +// public String getAssertionPrPerson() { +// return assertionPrPerson; +// } +// +// /** +// * @param assertionPrPerson +// * the assertionPrPerson to set +// */ +// public void setAssertionPrPerson(String assertionPrPerson) { +// this.assertionPrPerson = assertionPrPerson; +// } +// +// /** +// * @return the assertionAuthBlock +// */ +// public String getAssertionAuthBlock() { +// return assertionAuthBlock; +// } +// +// /** +// * @param assertionAuthBlock +// * the assertionAuthBlock to set +// */ +// public void setAssertionAuthBlock(String assertionAuthBlock) { +// this.assertionAuthBlock = assertionAuthBlock; +// } +// +// /** +// * @return the assertionIlAssertion +// */ +// public String getAssertionIlAssertion() { +// return assertionIlAssertion; +// } +// +// /** +// * @param assertionIlAssertion +// * the assertionIlAssertion to set +// */ +// public void setAssertionIlAssertion(String assertionIlAssertion) { +// this.assertionIlAssertion = assertionIlAssertion; +// } +// +// /** +// * @return the assertionSignerCertificateBase64 +// */ +// public String getAssertionSignerCertificateBase64() { +// return assertionSignerCertificateBase64; +// } +// +// /** +// * @param assertionSignerCertificateBase64 +// * the assertionSignerCertificateBase64 to set +// */ +// public void setAssertionSignerCertificateBase64( +// String assertionSignerCertificateBase64) { +// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64; +// } +// +// /** +// * @return the assertionBusinessService +// */ +// public boolean getAssertionBusinessService() { +// return assertionBusinessService; +// } +// +// /** +// * @param assertionBusinessService +// * the assertionBusinessService to set +// */ +// public void setAssertionBusinessService(boolean assertionBusinessService) { +// this.assertionBusinessService = assertionBusinessService; +// } + + /** + * @return the mandateReferenceValue + */ + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue + * the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + /** + * Gets the STORK SAML AuthnRequest + * + * @return STORK SAML AuthnRequest + */ + public STORKAuthnRequest getStorkAuthnRequest() { + return storkAuthnRequest; + } + + /** + * Sets the STORK SAML AuthnRequest + * + * @param storkAuthnRequest + * STORK SAML AuthnRequest + */ public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) { this.storkAuthnRequest = storkAuthnRequest; } - - - -} + public String getCcc() { + return ccc; + } + + public void setCcc(String ccc) { + this.ccc = ccc; + } + + + +// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() { +// return XMLCreateSignatureResponse; +// } +// +// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) { +// XMLCreateSignatureResponse = xMLCreateSignatureResponse; +// } + + public boolean isForeigner() { + return isForeigner; + } + + public void setForeigner(boolean isForeigner) { + this.isForeigner = isForeigner; + } + + public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() { + return XMLVerifySignatureResponse; + } + + public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) { + XMLVerifySignatureResponse = xMLVerifySignatureResponse; + } + + public MISMandate getMISMandate() { + return mandate; + } + + public void setMISMandate(MISMandate mandate) { + this.mandate = mandate; + } + + public Element getMandate() { + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + }catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } + + /** + * @return the ssoRequested + */ + + //TODO: SSO only allowed without mandates, actually!!!!!! + public boolean isSsoRequested() { + return ssoRequested && !useMandate; + } + + /** + * @param ssoRequested the ssoRequested to set + */ + public void setSsoRequested(boolean ssoRequested) { + this.ssoRequested = ssoRequested; + } + + /** + * @return the isOW + */ + public boolean isOW() { + return isOW; + } + + /** + * @param isOW the isOW to set + */ + public void setOW(boolean isOW) { + this.isOW = isOW; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java index 276e6414c..7523d7eaf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java @@ -24,15 +24,22 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; + /** * This class contains SAML attributes to be appended to the SAML assertion delivered to * the Online application. * * @author Harald Bratko */ -public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute { +public class ExtendedSAMLAttributeImpl implements ExtendedSAMLAttribute, Serializable{ /** + * + */ + private static final long serialVersionUID = 1L; + +/** * The value of this SAML attribute. Must be either of type <code>java.lang.String</code> * or <code>org.w3c.Element</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java index 0d11dc4f0..b03f23ce4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.data; import java.io.IOException; +import java.io.Serializable; import java.security.PublicKey; import javax.xml.transform.TransformerException; @@ -41,7 +42,10 @@ import at.gv.egovernment.moa.util.DOMUtils; * @author Paul Ivancsics * @version $Id$ */ -public class IdentityLink { +public class IdentityLink implements Serializable{ + + private static final long serialVersionUID = 1L; + /** * <code>"identificationValue"</code> is the translation of <code>"Stammzahl"</code>. */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java index ce418de01..ed54683ca 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.auth.data; +import java.io.Serializable; +import java.util.Date; + import iaik.x509.X509Certificate; /** @@ -34,8 +37,11 @@ import iaik.x509.X509Certificate; * @version $Id$ * */ -public class VerifyXMLSignatureResponse { - /** The xmlDsigSubjectName to be stored */ +public class VerifyXMLSignatureResponse implements Serializable{ + + private static final long serialVersionUID = 1L; + +/** The xmlDsigSubjectName to be stored */ private String xmlDsigSubjectName; /** The signatureCheckCode to be stored */ private int signatureCheckCode; @@ -59,6 +65,8 @@ public class VerifyXMLSignatureResponse { */ private int signatureManifestCheckCode = -1; + private Date signingDateTime; + /** * Returns the certificateCheckCode. * @return int @@ -221,4 +229,13 @@ public class VerifyXMLSignatureResponse { this.signatureManifestCheckCode = signatureManifestCheckCode; } + public Date getSigningDateTime() { + return signingDateTime; + } + + public void setSigningDateTime(Date signingDateTime) { + this.signingDateTime = signingDateTime; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index cb3ed5ad9..a468caf73 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -122,7 +122,7 @@ public class IdentityLinkAssertionParser { + "Value"; /** Xpath expression to the Identification Value element */ - private static final String PERSON_IDENT_TYPE_XPATH = + public static final String PERSON_IDENT_TYPE_XPATH = PERSON_XPATH + "/" + PDATA diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java new file mode 100644 index 000000000..58194361c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java @@ -0,0 +1,268 @@ +package at.gv.egovernment.moa.id.auth.parser; + +import java.io.UnsupportedEncodingException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.BoolUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.StringUtils; +import at.gv.egovernment.moa.util.URLEncoder; + +public class StartAuthentificationParameterParser implements MOAIDAuthConstants{ + + public static void parse(AuthenticationSession moasession, + String target, + String oaURL, + String bkuURL, + String templateURL, + String useMandate, + String ccc, + String module, + String action, + HttpServletRequest req) throws WrongParametersException, MOAIDException { + + String targetFriendlyName = null; + +// String sso = req.getParameter(PARAM_SSO); + + // escape parameter strings + target = StringEscapeUtils.escapeHtml(target); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + bkuURL = StringEscapeUtils.escapeHtml(bkuURL); + templateURL = StringEscapeUtils.escapeHtml(templateURL); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + ccc = StringEscapeUtils.escapeHtml(ccc); + // sso = StringEscapeUtils.escapeHtml(sso); + + // check parameter + + //pvp2.x can use general identifier (equals oaURL in SAML1) +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); +// if (!ParamValidatorUtils.isValidUseMandate(sso)) +// throw new WrongParametersException("StartAuthentication", PARAM_SSO, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + boolean useMandateBoolean = false; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + useMandateBoolean = true; + else + useMandateBoolean = false; + + moasession.setUseMandate(useMandateString); + + + //load OnlineApplication configuration + OAAuthParameter oaParam; + if (moasession.getPublicOAURLPrefix() != null) { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + moasession.getPublicOAURLPrefix()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { moasession.getPublicOAURLPrefix() }); + + } else { + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + + // get target and target friendly name from config + String targetConfig = oaParam.getTarget(); + String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); + + if (StringUtils.isEmpty(targetConfig)) { + // no target attribut is given in OA config + // target is used from request + // check parameter + if (!ParamValidatorUtils.isValidTarget(target)) + throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); + + } else { + // use target from config + target = targetConfig; + targetFriendlyName = targetFriendlyNameConfig; + } + + +// //check useSSO flag +// String useSSOString = null; +// boolean useSSOBoolean = false; +// if ((sso != null) && (sso.compareTo("") != 0)) { +// useSSOString = sso; +// } else { +// useSSOString = "false"; +// } + // +// if (useSSOString.compareToIgnoreCase("true") == 0) +// useSSOBoolean = true; +// else +// useSSOBoolean = false; + + //moasession.setSsoRequested(useSSOBoolean); + moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!! + + //Validate BKU URI + if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL())) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + + if (!oaParam.getBusinessService()) { + if (isEmpty(target)) + throw new WrongParametersException("StartAuthentication", + PARAM_TARGET, "auth.05"); + + } else { + if (useMandateBoolean) { + Logger.error("Online-Mandate Mode for bussines application not supported."); + throw new AuthenticationException("auth.17", null); + } + target = null; + targetFriendlyName = null; + } + + moasession.setPublicOAURLPrefix(oaParam.getPublicURLPrefix()); + + moasession.setTarget(target); + moasession.setBusinessService(oaParam.getBusinessService()); + moasession.setTargetFriendlyName(targetFriendlyName); + moasession.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier()); + } + + //check OnlineApplicationURL + if (isEmpty(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.05"); + moasession.setOAURLRequested(oaURL); + + //check AuthURL + String authURL = req.getScheme() + "://" + req.getServerName(); + if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { + authURL = authURL.concat(":" + req.getServerPort()); + } + authURL = authURL.concat(req.getContextPath() + "/"); + + if (isEmpty(authURL)) + throw new WrongParametersException("StartAuthentication", + "AuthURL", "auth.05"); + + // check if HTTP Connection may be allowed (through + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + //INFO: removed from MOA-ID 2.0 Config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + + if ((!authURL.startsWith("https:")) +// && (false == BoolUtils.valueOf(boolStr)) + ) + throw new AuthenticationException("auth.07", + new Object[] { authURL + "*" }); + + moasession.setAuthURL(authURL); + + //check and set SourceID + if (oaParam.getSAML1Parameter() != null) { + String sourceID = oaParam.getSAML1Parameter().getSourceID(); + if (MiscUtil.isNotEmpty(sourceID)) + moasession.setSourceID(sourceID); + } + + // BKU URL has not been set yet, even if session already exists + if (bkuURL == null) { + if (req.getScheme() != null && req.getScheme().equalsIgnoreCase("https")) { + bkuURL = DEFAULT_BKU_HTTPS; + } else { + bkuURL = DEFAULT_BKU; + } + } + moasession.setBkuURL(bkuURL); + + + if (!ParamValidatorUtils.isValidTemplate(req, templateURL, oaParam.getTemplateURL())) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + moasession.setTemplateURL(templateURL); + + moasession.setCcc(ccc); + + } + + public static void parse(HttpServletRequest req, HttpServletResponse resp, + AuthenticationSession moasession, IRequest request) throws WrongParametersException, MOAIDException { + + + String modul = request.requestedModule();//req.getParameter(PARAM_MODUL); + String action = request.requestedAction();//req.getParameter(PARAM_ACTION); + + modul = StringEscapeUtils.escapeHtml(modul); + action = StringEscapeUtils.escapeHtml(action); + if(modul == null) { + modul = SAML1Protocol.PATH; + } + + if(action == null) { + action = SAML1Protocol.GETARTIFACT; + } + moasession.setModul(modul); + moasession.setAction(action); + + //get Parameters from request + String target = req.getParameter(PARAM_TARGET); + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + oaURL = request.getOAURL(); + target = request.getTarget(); + + parse(moasession, target, oaURL, bkuURL, templateURL, useMandate, ccc, modul, action, req); + + } + + /** + * Checks a parameter. + * + * @param param + * parameter + * @return true if the parameter is null or empty + */ + private static boolean isEmpty(String param) { + return param == null || param.length() == 0; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index 16041f8cb..022f21491 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -21,7 +21,6 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ - package at.gv.egovernment.moa.id.auth.servlet; import java.io.ByteArrayOutputStream; @@ -47,228 +46,314 @@ import org.apache.commons.fileupload.disk.DiskFileItemFactory; import org.apache.commons.fileupload.servlet.ServletFileUpload; import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; +import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; +import at.gv.egovernment.moa.id.storage.IExceptionStore; +import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.URLDecoder; -import at.gv.egovernment.moa.util.URLEncoder; /** - * Base class for MOA-ID Auth Servlets, providing standard error handling - * and constant names. + * Base class for MOA-ID Auth Servlets, providing standard error handling and + * constant names. * * @author Paul Ivancsics * @version $Id$ */ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { - - /** + /** * */ private static final long serialVersionUID = -6929905344382283738L; - - + protected static final String ERROR_CODE_PARAM = "errorid"; + @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - Logger.debug("GET " + this.getServletName()); + throws ServletException, IOException { + Logger.debug("GET " + this.getServletName()); this.setNoCachingHeadersInHttpRespone(req, resp); -} -/** - * Handles an error. <br>> - * <ul> - * <li>Logs the error</li> - * <li>Places error message and exception thrown into the request - * as request attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li> - * <li>Sets HTTP status 500 (internal server error)</li> - * </ul> - * - * @param errorMessage error message - * @param exceptionThrown exception thrown - * @param req servlet request - * @param resp servlet response - */ - protected void handleError( - String errorMessage, Throwable exceptionThrown, HttpServletRequest req, HttpServletResponse resp) { + } - - if(null != errorMessage) { + protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp) { + + if (null != errorMessage) { Logger.error(errorMessage); - req.setAttribute("ErrorMessage", errorMessage ); + req.setAttribute("ErrorMessage", errorMessage); } - - + if (null != exceptionThrown) { - if(null == errorMessage) errorMessage = exceptionThrown.getMessage(); + if (null == errorMessage) + errorMessage = exceptionThrown.getMessage(); Logger.error(errorMessage, exceptionThrown); req.setAttribute("ExceptionThrown", exceptionThrown); } - + if (Logger.isDebugEnabled()) { - req.setAttribute("LogLevel", "debug"); + req.setAttribute("LogLevel", "debug"); } - - //forward this to errorpage-auth.jsp where the HTML error page is generated + + // forward this to errorpage-auth.jsp where the HTML error page is + // generated ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); - try { - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { + RequestDispatcher dispatcher = context + .getRequestDispatcher("/errorpage-auth.jsp"); + try { + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + dispatcher.forward(req, resp); + } catch (ServletException e) { Logger.error(e); - } - + } catch (IOException e) { + Logger.error(e); + } } - /** - * Handles a <code>WrongParametersException</code>. - * @param req servlet request - * @param resp servlet response - */ - protected void handleWrongParameters(WrongParametersException ex, HttpServletRequest req, HttpServletResponse resp) { - Logger.error(ex.toString()); - req.setAttribute("WrongParameters", ex.getMessage()); - - // forward this to errorpage-auth.jsp where the HTML error page is generated - ServletContext context = getServletContext(); - RequestDispatcher dispatcher = context.getRequestDispatcher("/errorpage-auth.jsp"); - try { - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + /** + * Handles an error. <br>> + * <ul> + * <li>Logs the error</li> + * <li>Places error message and exception thrown into the request as request + * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li> + * <li>Sets HTTP status 500 (internal server error)</li> + * </ul> + * + * @param errorMessage + * error message + * @param exceptionThrown + * exception thrown + * @param req + * servlet request + * @param resp + * servlet response + */ + protected void handleError(String errorMessage, Throwable exceptionThrown, + HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) { + + if (null != errorMessage) { + Logger.error(errorMessage); + req.setAttribute("ErrorMessage", errorMessage); + } + + if (null != exceptionThrown) { + if (null == errorMessage) + errorMessage = exceptionThrown.getMessage(); + Logger.error(errorMessage, exceptionThrown); + req.setAttribute("ExceptionThrown", exceptionThrown); + } + + if (Logger.isDebugEnabled()) { + req.setAttribute("LogLevel", "debug"); + } + + IExceptionStore store = ExceptionStoreImpl.getStore(); + String id = store.storeException(exceptionThrown); + + String redirectURL = null; + + redirectURL = ServletUtils.getBaseUrl(req); + redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id + + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; - dispatcher.forward(req, resp); - } catch (ServletException e) { - Logger.error(e); - } catch (IOException e) { - Logger.error(e); - } - } - - /** - * Logs all servlet parameters for debugging purposes. - */ - protected void logParameters(HttpServletRequest req) { - for (Enumeration params = req.getParameterNames(); params.hasMoreElements(); ) { - String parname = (String)params.nextElement(); - Logger.debug("Parameter " + parname + req.getParameter(parname)); - } - } - - /** - * Parses the request input stream for parameters, assuming parameters are encoded UTF-8 - * (no standard exists how browsers should encode them). - * - * @param req servlet request - * - * @return mapping parameter name -> value - * - * @throws IOException if parsing request parameters fails. - * - * @throws FileUploadException if parsing request parameters fails. - */ - protected Map getParameters(HttpServletRequest req) - throws IOException, FileUploadException { - - Map parameters = new HashMap(); - - - if (ServletFileUpload.isMultipartContent(req)) - { - // request is encoded as mulitpart/form-data - FileItemFactory factory = new DiskFileItemFactory(); - ServletFileUpload upload = null; - upload = new ServletFileUpload(factory); - List items = null; - items = upload.parseRequest(req); - for (int i = 0; i < items.size(); i++) - { - FileItem item = (FileItem) items.get(i); - if (item.isFormField()) - { - // Process only form fields - no file upload items - String logString = item.getString("UTF-8"); - - // TODO use RegExp - String startS = "<pr:Identification><pr:Value>"; - String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; - String logWithMaskedBaseid = logString; - int start = logString.indexOf(startS); - if (start > -1) { - int end = logString.indexOf(endS); - if (end > -1) { - logWithMaskedBaseid = logString.substring(0, start); - logWithMaskedBaseid += startS; - logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; - logWithMaskedBaseid += logString.substring(end, logString.length()); - } - } - parameters.put(item.getFieldName(), item.getString("UTF-8")); - Logger.debug("Processed multipart/form-data request parameter: \nName: " + - item.getFieldName() + "\nValue: " + - logWithMaskedBaseid); - } - } - } - - else - { - // request is encoded as application/x-www-urlencoded - InputStream in = req.getInputStream(); - - String paramName; - String paramValueURLEncoded; - do { - paramName = new String(readBytesUpTo(in, '=')); - if (paramName.length() > 0) { - paramValueURLEncoded = readBytesUpTo(in, '&'); - String paramValue = URLDecoder.decode(paramValueURLEncoded, "UTF-8"); - parameters.put(paramName, paramValue); - } - } - while (paramName.length() > 0); - in.close(); - } - - return parameters; - } - - /** - * Reads bytes up to a delimiter, consuming the delimiter. - * @param in input stream - * @param delimiter delimiter character - * @return String constructed from the read bytes - * @throws IOException - */ - protected String readBytesUpTo(InputStream in, char delimiter) throws IOException { - ByteArrayOutputStream bout = new ByteArrayOutputStream(); - boolean done = false; - int b; - while (! done && (b = in.read()) >= 0) { - if (b == delimiter) - done = true; - else - bout.write(b); - } - return bout.toString(); - } + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + return; + /* + // forward this to errorpage-auth.jsp where the HTML error page is + // generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context + .getRequestDispatcher("/errorpage-auth.jsp"); + try { + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + */ + } + + /** + * Handles a <code>WrongParametersException</code>. + * + * @param req + * servlet request + * @param resp + * servlet response + */ + protected void handleWrongParameters(WrongParametersException ex, + HttpServletRequest req, HttpServletResponse resp) { + Logger.error(ex.toString()); + req.setAttribute("WrongParameters", ex.getMessage()); + + // forward this to errorpage-auth.jsp where the HTML error page is + // generated + ServletContext context = getServletContext(); + RequestDispatcher dispatcher = context + .getRequestDispatcher("/errorpage-auth.jsp"); + try { + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + dispatcher.forward(req, resp); + } catch (ServletException e) { + Logger.error(e); + } catch (IOException e) { + Logger.error(e); + } + } + + /** + * Logs all servlet parameters for debugging purposes. + */ + protected void logParameters(HttpServletRequest req) { + for (Enumeration params = req.getParameterNames(); params + .hasMoreElements();) { + String parname = (String) params.nextElement(); + Logger.debug("Parameter " + parname + req.getParameter(parname)); + } + } + + /** + * Parses the request input stream for parameters, assuming parameters are + * encoded UTF-8 (no standard exists how browsers should encode them). + * + * @param req + * servlet request + * + * @return mapping parameter name -> value + * + * @throws IOException + * if parsing request parameters fails. + * + * @throws FileUploadException + * if parsing request parameters fails. + */ + protected Map getParameters(HttpServletRequest req) throws IOException, + FileUploadException { + + Map parameters = new HashMap(); + + if (ServletFileUpload.isMultipartContent(req)) { + // request is encoded as mulitpart/form-data + FileItemFactory factory = new DiskFileItemFactory(); + ServletFileUpload upload = null; + upload = new ServletFileUpload(factory); + List items = null; + items = upload.parseRequest(req); + for (int i = 0; i < items.size(); i++) { + FileItem item = (FileItem) items.get(i); + if (item.isFormField()) { + // Process only form fields - no file upload items + String logString = item.getString("UTF-8"); + + // TODO use RegExp + String startS = "<pr:Identification><pr:Value>"; + String endS = "</pr:Value><pr:Type>urn:publicid:gv.at:baseid</pr:Type>"; + String logWithMaskedBaseid = logString; + int start = logString.indexOf(startS); + if (start > -1) { + int end = logString.indexOf(endS); + if (end > -1) { + logWithMaskedBaseid = logString.substring(0, start); + logWithMaskedBaseid += startS; + logWithMaskedBaseid += "xxxxxxxxxxxxxxxxxxxxxxxx"; + logWithMaskedBaseid += logString.substring(end, + logString.length()); + } + } + parameters + .put(item.getFieldName(), item.getString("UTF-8")); + Logger.debug("Processed multipart/form-data request parameter: \nName: " + + item.getFieldName() + + "\nValue: " + + logWithMaskedBaseid); + } + } + } + + else { + // request is encoded as application/x-www-urlencoded + InputStream in = req.getInputStream(); + + String paramName; + String paramValueURLEncoded; + do { + paramName = new String(readBytesUpTo(in, '=')); + if (paramName.length() > 0) { + paramValueURLEncoded = readBytesUpTo(in, '&'); + String paramValue = URLDecoder.decode(paramValueURLEncoded, + "UTF-8"); + parameters.put(paramName, paramValue); + } + } while (paramName.length() > 0); + in.close(); + } + + return parameters; + } + + /** + * Reads bytes up to a delimiter, consuming the delimiter. + * + * @param in + * input stream + * @param delimiter + * delimiter character + * @return String constructed from the read bytes + * @throws IOException + */ + protected String readBytesUpTo(InputStream in, char delimiter) + throws IOException { + ByteArrayOutputStream bout = new ByteArrayOutputStream(); + boolean done = false; + int b; + while (!done && (b = in.read()) >= 0) { + if (b == delimiter) + done = true; + else + bout.write(b); + } + return bout.toString(); + } + /** * Calls the web application initializer. * @@ -277,51 +362,73 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { public void init(ServletConfig servletConfig) throws ServletException { super.init(servletConfig); } - + /** * Set response headers to avoid caching - * @param request HttpServletRequest - * @param response HttpServletResponse + * + * @param request + * HttpServletRequest + * @param response + * HttpServletResponse */ - protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, HttpServletResponse response) { - response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - + protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request, + HttpServletResponse response) { + response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } - + /** - * Adds a parameter to a URL. - * @param url the URL - * @param paramname parameter name - * @param paramvalue parameter value - * @return the URL with parameter added - */ - protected static String addURLParameter(String url, String paramname, String paramvalue) { - String param = paramname + "=" + paramvalue; - if (url.indexOf("?") < 0) - return url + "?" + param; - else - return url + "&" + param; - } - - /** - * Checks if HTTP requests are allowed - * @param authURL requestURL - * @throws AuthenticationException if HTTP requests are not allowed - * @throws ConfigurationException - */ - protected void checkIfHTTPisAllowed(String authURL) throws AuthenticationException, ConfigurationException { + * Adds a parameter to a URL. + * + * @param url + * the URL + * @param paramname + * parameter name + * @param paramvalue + * parameter value + * @return the URL with parameter added + */ + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + /** + * Checks if HTTP requests are allowed + * + * @param authURL + * requestURL + * @throws AuthenticationException + * if HTTP requests are not allowed + * @throws ConfigurationException + */ + protected void checkIfHTTPisAllowed(String authURL) + throws AuthenticationException, ConfigurationException { // check if HTTP Connection may be allowed (through - // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) - String boolStr = AuthConfigurationProvider.getInstance().getGenericConfigurationParameter( - AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); - if ((!authURL.startsWith("https:")) - && (false == BoolUtils.valueOf(boolStr))) - throw new AuthenticationException("auth.07", - new Object[] { authURL + "*" }); - - } + // FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY) + + //Removed from MOA-ID 2.0 config +// String boolStr = AuthConfigurationProvider +// .getInstance() +// .getGenericConfigurationParameter( +// AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY); + if ((!authURL.startsWith("https:")) + //&& (false == BoolUtils.valueOf(boolStr)) + ) + throw new AuthenticationException("auth.07", new Object[] { authURL + + "*" }); + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java new file mode 100644 index 000000000..d4484a97c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java @@ -0,0 +1,147 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.Arrays; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; +import org.bouncycastle.asn1.x509.Target; + +import com.trilead.ssh2.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class GenerateIFrameTemplateServlet extends AuthServlet { + + private static final long serialVersionUID = 1L; + + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding")); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + GenerateIFrameTemplateServlet.class + " Request"); + + String pendingRequestID = null; + + try { + String bkuid = req.getParameter(PARAM_BKU); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + String moasessionid = req.getParameter(PARAM_SESSIONID); + + AuthenticationSession moasession = null; + + try { + //moasessionid = (String) req.getSession().getAttribute(AuthenticationManager.MOA_SESSION); + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid); + + moasession = AuthenticationSessionStoreage.getSession(moasessionid); + + String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession); + + } catch (MOADatabaseException e) { + Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database"); + throw new MOAIDException("init.04", new Object[] { + moasessionid}); + + } catch (Throwable e) { + Logger.info("No HTTP Session found!"); + throw new MOAIDException("auth.18", new Object[] {}); + } + + //load OA Config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(moasession.getOAURLRequested()); + + if (oaParam == null) + throw new AuthenticationException("auth.00", new Object[] { moasession.getOAURLRequested() }); + + else { + + //load Parameters from config + String target = oaParam.getTarget(); + + String bkuURL = oaParam.getBKUURL(bkuid); + String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid); + + //parse all OA parameters i + StartAuthentificationParameterParser.parse(moasession, + target, + moasession.getOAURLRequested(), + bkuURL, + templateURL, + useMandate, + ccc, + moasession.getModul(), + moasession.getAction(), + req); + } + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + String getIdentityLinkForm = startauth.build(moasession, req, resp); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession); + + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET "+GenerateIFrameTemplateServlet.class); + } + } + catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } + + catch (MOAIDException ex) { + handleError(null, ex, req, resp, pendingRequestID); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 6516e64b7..02c751a0a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -49,10 +49,12 @@ import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.URLEncoder; /**
* Servlet requested for getting the foreign eID
@@ -112,7 +114,10 @@ public class GetForeignIDServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- Map parameters;
+ Map parameters; + + String pendingRequestID = null; +
try
{
parameters = getParameters(req);
@@ -121,7 +126,8 @@ public class GetForeignIDServlet extends AuthServlet { Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
}
- String sessionID = req.getParameter(PARAM_SESSIONID);
+ String sessionID = req.getParameter(PARAM_SESSIONID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
@@ -177,18 +183,38 @@ public class GetForeignIDServlet extends AuthServlet { session.setIdentityLink(identitylink);
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(sessionID); + AuthenticationServer.getInstance().getForeignAuthenticationData(session); + + + //session is implicit stored in changeSessionID!!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); + /*redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = resp.encodeRedirectURL(redirectURL);*/ + + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID); redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); + } else { + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID); + }
+ + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setContentType("text/html");
resp.setStatus(302);
@@ -198,10 +224,10 @@ public class GetForeignIDServlet extends AuthServlet { }
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
catch (SZRGWClientException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index 04fbc0588..e461197e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -21,9 +21,8 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ +package at.gv.egovernment.moa.id.auth.servlet; -package at.gv.egovernment.moa.id.auth.servlet;
-
import iaik.pki.PKIException; import java.io.IOException; @@ -41,6 +40,7 @@ import org.apache.commons.lang.StringEscapeUtils; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -48,8 +48,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -58,160 +61,181 @@ import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.URLEncoder; -
-/**
- * Servlet requested for getting the foreign eID
- * provided by the security layer implementation.
- * Utilizes the {@link AuthenticationServer}.
- *
- */
-public class GetMISSessionIDServlet extends AuthServlet {
-
- /** + +/** + * Servlet requested for getting the foreign eID provided by the security layer + * implementation. Utilizes the {@link AuthenticationServer}. + * + */ +public class GetMISSessionIDServlet extends AuthServlet { + + /** * */ private static final long serialVersionUID = 4666952867085392597L; -/**
- * Constructor for GetMISSessionIDServlet.
- */
- public GetMISSessionIDServlet() {
- super();
- }
-
- /**
- * GET requested by security layer implementation to verify
- * that data URL resource is available.
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- doPost(req, resp);
-
-// Logger.debug("GET GetMISSessionIDServlet");
-//
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
- }
-
- /**
- * Gets the signer certificate from the InfoboxReadRequest and
- * responds with a new
- * <code>CreateXMLSignatureRequest</code>.
- * <br>
- * Request parameters:
- * <ul>
- * <li>MOASessionID: ID of associated authentication session</li>
- * <li>XMLResponse: <code><InfoboxReadResponse></code></li>
- * </ul>
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-
- Logger.debug("POST GetMISSessionIDServlet");
-
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-
-// Map parameters;
-// try
-// {
-// parameters = getParameters(req);
-// } catch (FileUploadException e)
-// {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-
- String sessionID = req.getParameter(PARAM_SESSIONID);
-
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
- AuthenticationSession session = null;
- try {
- // check parameter
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("VerifyCertificate", PARAM_SESSIONID, "auth.12");
-
- session = AuthenticationServer.getSession(sessionID);
-
- String misSessionID = session.getMISSessionID();
-
- AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();
- SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
-
- List list = MISSimpleClient.sendGetMandatesRequest(connectionParameters.getUrl(), misSessionID, sslFactory);
-
- if (list == null) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
- if (list.size() == 0) {
- Logger.error("Keine Vollmacht gefunden.");
- throw new MISSimpleClientException("Keine Vollmacht gefunden");
- }
-
- // for now: list contains only one element
- MISMandate mandate = (MISMandate)list.get(0); -
-
- // verify mandate signature
- AuthenticationServer.getInstance().verifyMandate(sessionID, mandate);
- - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - //TODO OW bPK (Offen: was bei saml:NameIdentifier NameQualifier="urn:publicid:gv.at:cdid+bpk"> und <saml:Attribute AttributeName="bPK" ) - System.out.println("\n\n\n OW BPK: " + mandate.getOWbPK()); - // TODO wenn OW bPK vorhanden - in SAML Assertion setzen! - - String redirectURL = null; - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlockMandate(sessionID, mandateDoc); - - - if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); - if (!session.getBusinessService()) { - redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); - } - redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); - } else { - redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); - } - resp.setContentType("text/html"); - resp.setStatus(302); - - resp.addHeader("Location", redirectURL); - Logger.debug("REDIRECT TO: " + redirectURL); -
-
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- } catch (GeneralSecurityException ex) {
- handleError(null, ex, req, resp);
- } catch (PKIException e) {
- handleError(null, e, req, resp);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp);
+ /** + * Constructor for GetMISSessionIDServlet. + */ + public GetMISSessionIDServlet() { + super(); + } + + /** + * GET requested by security layer implementation to verify that data URL + * resource is available. + * + * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, + * HttpServletResponse) + */ + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doPost(req, resp); + + // Logger.debug("GET GetMISSessionIDServlet"); + // + // resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + // resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + // resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + // resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + } + + /** + * Gets the signer certificate from the InfoboxReadRequest and responds with + * a new <code>CreateXMLSignatureRequest</code>. <br> + * Request parameters: + * <ul> + * <li>MOASessionID: ID of associated authentication session</li> + * <li>XMLResponse: <code><InfoboxReadResponse></code></li> + * </ul> + * + * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, + * HttpServletResponse) + */ + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("POST GetMISSessionIDServlet"); + + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, + MOAIDAuthConstants.HEADER_VALUE_EXPIRES); + resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, + MOAIDAuthConstants.HEADER_VALUE_PRAGMA); + resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); + resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, + MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + + // Map parameters; + // try + // { + // parameters = getParameters(req); + // } catch (FileUploadException e) + // { + // Logger.error("Parsing mulitpart/form-data request parameters failed: " + // + e.getMessage()); + // throw new IOException(e.getMessage()); + // } + + String sessionID = req.getParameter(PARAM_SESSIONID); + + // escape parameter strings + sessionID = StringEscapeUtils.escapeHtml(sessionID); + + AuthenticationSession session = null; + String pendingRequestID = null; + try { + // check parameter + if (!ParamValidatorUtils.isValidSessionID(sessionID)) + throw new WrongParametersException("VerifyCertificate", + PARAM_SESSIONID, "auth.12"); + + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + + session = AuthenticationServer.getSession(sessionID); + + String misSessionID = session.getMISSessionID(); + + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + ConnectionParameter connectionParameters = authConf + .getOnlineMandatesConnectionParameter(); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + AuthConfigurationProvider.getInstance(), + connectionParameters); + + List list = MISSimpleClient.sendGetMandatesRequest( + connectionParameters.getUrl(), misSessionID, sslFactory); + + if (list == null) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + if (list.size() == 0) { + Logger.error("Keine Vollmacht gefunden."); + throw new MISSimpleClientException("Keine Vollmacht gefunden"); + } + + // for now: list contains only one element + MISMandate mandate = (MISMandate) list.get(0); + + String sMandate = new String(mandate.getMandate()); + if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) { + Logger.error("Mandate is empty."); + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + + //check if it is a parsable XML + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + Element mandateDoc = DOMUtils.parseDocument(stringMandate, false, + null, null).getDocumentElement(); + + // extract RepresentationType + AuthenticationServer.getInstance().verifyMandate(session, mandate); + + session.setMISMandate(mandate); + session.setAuthenticatedUsed(false); + session.setAuthenticated(true); + + String oldsessionID = session.getSessionID(); + + //Session is implicite stored in changeSessionID!!! + String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session); + + Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID); + Logger.info("Daten angelegt zu MOASession " + newMOASessionID); + + String redirectURL = new DataURLBuilder().buildDataURL( + session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), + session.getAction(), pendingRequestID), newMOASessionID); + redirectURL = resp.encodeRedirectURL(redirectURL); + + resp.setContentType("text/html"); + resp.setStatus(302); + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } catch (MOAIDException ex) { + handleError(null, ex, req, resp, pendingRequestID); + } catch (GeneralSecurityException ex) { + handleError(null, ex, req, resp, pendingRequestID); + } catch (PKIException e) { + handleError(null, e, req, resp, pendingRequestID); + } catch (MISSimpleClientException e) { + handleError(null, e, req, resp, pendingRequestID); } catch (SAXException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (ParserConfigurationException e) { - handleError(null, e, req, resp); - }
- } - -
-
- }
+ handleError(null, e, req, resp, pendingRequestID); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java new file mode 100644 index 000000000..8dc5d7469 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -0,0 +1,144 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.List; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.swing.text.StyleContext.SmallAttributeSet; + +import org.apache.commons.lang.StringEscapeUtils; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.stork.CPEPS; +import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; +import eu.stork.mw.messages.saml.STORKAuthnRequest; +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.exception.SAMLException; +import eu.stork.vidp.messages.exception.SAMLValidationException; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; + +public class LogOutServlet extends AuthServlet { + + private static final long serialVersionUID = 3908001651893673395L; + + private static final String REDIRECT_URL = "redirect"; + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + Logger.debug("receive LogOut Request"); + + String redirectUrl = (String) req.getParameter(REDIRECT_URL); + + SSOManager ssomanager = SSOManager.getInstance(); + + try { + //get SSO token from request + String ssoid = ssomanager.getSSOSessionID(req); + + if (ssomanager.isValidSSOSession(ssoid, req)) { + + //TODO: Single LogOut Implementation + + //delete SSO session and MOA session + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); + + RequestStorage.removePendingRequest(RequestStorage.getPendingRequest(req.getSession()), + AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); + + authmanager.logout(req, resp, moasessionid); + Logger.info("User with SSO Id " + ssoid + " is logged out and get redirect to "+ redirectUrl); + } else { + Logger.info("No active SSO session found. User is maybe logout already and get redirect to "+ redirectUrl); + } + + //Remove SSO token + ssomanager.deleteSSOSessionID(req, resp); + + } catch (Exception e) { + Logger.warn(LogOutServlet.class.getName() + " has an LogOut Error. Redirect to Applikation " + redirectUrl, e); + } + + //Redirect to Application + resp.setStatus(301); + resp.addHeader("Location", redirectUrl); + } + + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + doGet(req, resp); + } + + + /** + * Calls the web application initializer. + * + * @see javax.servlet.Servlet#init(ServletConfig) + */ + public void init(ServletConfig servletConfig) throws ServletException { + try { + super.init(servletConfig); + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); + } + catch (Exception ex) { + Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); + throw new ServletException(ex); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java index 4ec894d47..f6412f897 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java @@ -23,11 +23,13 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.util.XMLUtil;
@@ -54,6 +56,8 @@ public class PEPSConnectorServlet extends AuthServlet { */
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ String pendingRequestID = null;
+
try {
Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
@@ -78,6 +82,8 @@ public class PEPSConnectorServlet extends AuthServlet { httpSession.invalidate();
}
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
Logger.info("Found MOA sessionID: " + moaSessionID);
Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
@@ -194,21 +200,39 @@ public class PEPSConnectorServlet extends AuthServlet { Logger.debug("Starting to assemble MOA assertion");
//produce MOA-Assertion and artifact
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(moaSessionID);
+ AuthenticationServer.getInstance().getForeignAuthenticationData(moaSession);
Logger.info("MOA assertion assembled and SAML Artifact generated.");
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
//redirect
String redirectURL = null;
if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- redirectURL = moaSession.getOAURLRequested();
+ /*redirectURL = moaSession.getOAURLRequested();
if (!moaSession.getBusinessService()) {
redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(moaSession.getTarget(), "UTF-8"));
}
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = response.encodeRedirectURL(redirectURL);*/
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
} else {
- redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, moaSession.getSessionID());
+
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
}
+
+ try {
+ AuthenticationSessionStoreage.storeSession(moaSession);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
+
response.setContentType("text/html");
response.setStatus(302);
response.addHeader("Location", redirectURL);
@@ -217,9 +241,9 @@ public class PEPSConnectorServlet extends AuthServlet { } catch (AuthenticationException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
} catch (MOAIDException e) {
- handleError(null, e, request, response);
+ handleError(null, e, request, response, pendingRequestID);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java index b5c57d5cf..ba8698934 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java @@ -46,8 +46,10 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.FileUtils;
@@ -133,7 +135,7 @@ public class ProcessValidatorInputServlet extends AuthServlet { handleWrongParameters(ex, req, resp); }
catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
+ handleError(null, ex, req, resp, null); //TODO: is this Class required?
}
}
@@ -145,114 +147,122 @@ public class ProcessValidatorInputServlet extends AuthServlet { protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
- Logger.debug("POST ProcessInput"); - - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); -
- Map parameters;
- try {
- parameters = getParameters(req);
- } catch (FileUploadException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- } - - String sessionID = req.getParameter(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
- - // escape parameter strings - sessionID = StringEscapeUtils.escapeHtml(sessionID); -
- try { - - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); -
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- AuthenticationServer.processInput(session, parameters);
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
- if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
- // Now sign the AUTH Block
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-
- String htmlForm = null;
-
- boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
- - String inputProcessorSignForm = req.getParameter("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
- if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); - // escape parameter strings - inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
- if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
- if (doInputProcessorSign) {
- // Test if we have a user input form sign template -
- String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); - - if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) - throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); -
- String inputProcessorSignTemplate = null;
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
- // override template url by url from configuration file
- if (oaParam.getInputProcessorSignTemplateURL() != null) {
- inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
- }
- if (inputProcessorSignTemplateURL != null) {
- try {
- inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
- } catch (IOException ex) {
- throw new AuthenticationException(
- "auth.03",
- new Object[] { inputProcessorSignTemplateURL, ex.toString()},
- ex);
- }
- }
-
- htmlForm = new GetVerifyAuthBlockFormBuilder().build(
- inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
- htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
- htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
- resp.setContentType("text/html;charset=UTF-8");
- } else {
- htmlForm = createXMLSignatureRequestOrRedirect;
- resp.setStatus(307);
- resp.addHeader("Location", dataURL);
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
- }
-
- OutputStream out = resp.getOutputStream();
- out.write(htmlForm.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST ProcessInput");
- } else {
- String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
- resp.setContentType("text/html");
- resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
- }
- } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
+// Logger.debug("POST ProcessInput"); +// +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +//
+// Map parameters;
+// try {
+// parameters = getParameters(req);
+// } catch (FileUploadException e) {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new IOException(e.getMessage());
+// } +// +// String sessionID = req.getParameter(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
+// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
+// +// // escape parameter strings +// sessionID = StringEscapeUtils.escapeHtml(sessionID); +//
+// try { +// +// if (!ParamValidatorUtils.isValidSessionID(sessionID)) +// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12"); +//
+// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+// AuthenticationServer.processInput(session, parameters);
+// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
+// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
+// // Now sign the AUTH Block
+// String dataURL = new DataURLBuilder().buildDataURL(
+// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
+//
+// String htmlForm = null;
+//
+// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
+// +// String inputProcessorSignForm = req.getParameter("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
+// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_"); +// // escape parameter strings +// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
+// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
+// if (doInputProcessorSign) {
+// // Test if we have a user input form sign template +//
+// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE); +// +// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL)) +// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12"); +//
+// String inputProcessorSignTemplate = null;
+// OAAuthParameter oaParam =
+// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
+// // override template url by url from configuration file
+// if (oaParam.getInputProcessorSignTemplateURL() != null) {
+// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
+// }
+// if (inputProcessorSignTemplateURL != null) {
+// try {
+// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
+// } catch (IOException ex) {
+// throw new AuthenticationException(
+// "auth.03",
+// new Object[] { inputProcessorSignTemplateURL, ex.toString()},
+// ex);
+// }
+// }
+//
+// htmlForm = new GetVerifyAuthBlockFormBuilder().build(
+// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
+// htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
+// resp.setContentType("text/html;charset=UTF-8");
+// } else {
+// htmlForm = createXMLSignatureRequestOrRedirect;
+// resp.setStatus(307);
+// resp.addHeader("Location", dataURL);
+// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+// resp.setContentType("text/xml;charset=UTF-8");
+// }
+//
+// OutputStream out = resp.getOutputStream();
+// out.write(htmlForm.getBytes("UTF-8"));
+// out.flush();
+// out.close();
+// Logger.debug("Finished POST ProcessInput");
+// } else {
+// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
+// resp.setContentType("text/html");
+// resp.setStatus(302);
+// resp.addHeader("Location", redirectURL);
+// Logger.debug("REDIRECT TO: " + redirectURL);
+// } +// +// try { +// AuthenticationSessionStoreage.storeSession(session); +// +// } catch (MOADatabaseException e) { +// throw new AuthenticationException("", null); +// } +//
+// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// }
+// catch (MOAIDException ex) {
+// handleError(null, ex, req, resp);
+// }
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java new file mode 100644 index 000000000..5a0bd33bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -0,0 +1,54 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.URLEncoder; + + + +public class RedirectServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + public static final String REDIRCT_PARAM_URL = "redirecturl"; + + + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + Logger.info("Receive " + RedirectServlet.class + " Request"); + + String url = req.getParameter(REDIRCT_PARAM_URL); + String target = req.getParameter(PARAM_TARGET); + String artifact = req.getParameter(PARAM_SAMLARTIFACT); + + Logger.info("Redirect to " + url); + + if (MiscUtil.isNotEmpty(target)) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); + url = addURLParameter(url, PARAM_TARGET, + URLEncoder.encode(target, "UTF-8")); + + + } + url = addURLParameter(url, PARAM_SAMLARTIFACT, + URLEncoder.encode(artifact, "UTF-8")); + url = resp.encodeRedirectURL(url); + + String redirect_form = RedirectFormBuilder.buildLoginForm(url); + + resp.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java new file mode 100644 index 000000000..9b559770f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -0,0 +1,149 @@ +package at.gv.egovernment.moa.id.auth.servlet; + +import iaik.util.logging.Log; + +import java.io.IOException; +import java.io.PrintWriter; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.URLEncoder; + + + +public class SSOSendAssertionServlet extends AuthServlet{ + + private static final long serialVersionUID = 1L; + + private static final String PARAM = "value"; + private static final String MODULE = "mod"; + private static final String ACTION = "action"; + private static final String ID = "identifier"; + + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + + String id = null; + Logger.info("Receive " + SSOSendAssertionServlet.class + " Request"); + try { + + Object idObject = req.getParameter(ID); + + if (idObject != null && (idObject instanceof String)) { + id = (String) idObject; + } + + String value = req.getParameter(PARAM); + value = StringEscapeUtils.escapeHtml(value); + if (!ParamValidatorUtils.isValidUseMandate(value)) + throw new WrongParametersException("SSOSendAssertionServlet", PARAM, null); + + //get module and action + Object moduleObject = req.getParameter(MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } + + + Object actionObject = req.getParameter(ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } + + if (MiscUtil.isEmpty(module) || MiscUtil.isEmpty(action) || MiscUtil.isEmpty(id)) { + Logger.warn("No Moduel or Action parameter received!"); + throw new WrongParametersException("Module or Action is empty", "", "auth.10"); + } + + + SSOManager ssomanager = SSOManager.getInstance(); + //get SSO Cookie for Request + String ssoId = ssomanager.getSSOSessionID(req); + + //check SSO session + if (ssoId != null) { + String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Log.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + + AuthenticationSessionStoreage.destroySession(correspondingMOASession); + + ssomanager.deleteSSOSessionID(req, resp); + } + } + + boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + + String moaSessionID = null; + + if (isValidSSOSession) { + + + //check UseMandate flag + String valueString = null;; + if ((value != null) && (value.compareTo("") != 0)) { + valueString = value; + } else { + valueString = "false"; + } + + if (valueString.compareToIgnoreCase("true") == 0) { + moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId); + AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); + AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); + + String redirectURL = new DataURLBuilder().buildDataURL(moasession.getAuthURL(), + ModulUtils.buildAuthURL(module, action, id), ""); + + resp.setContentType("text/html"); + resp.setStatus(302); + + resp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + + } + + else { + throw new AuthenticationException("auth.21", new Object[] {}); + } + + } else { + handleError("SSO Session is not valid", null, req, resp, id); + } + + + } catch (MOADatabaseException e) { + handleError("SSO Session is not found", e, req, resp, id); + } catch (WrongParametersException e) { + handleError("Parameter is not valid", e, req, resp, id); + } catch (AuthenticationException e) { + handleError(e.getMessage(), e, req, resp, id); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java index d544e2f85..2deece26f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java @@ -91,94 +91,94 @@ public class SelectBKUServlet extends AuthServlet { Logger.debug("GET SelectBKU"); - resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); - resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); - resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); - - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - - String target = req.getParameter(PARAM_TARGET); - String oaURL = req.getParameter(PARAM_OA); - String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); - String templateURL = req.getParameter(PARAM_TEMPLATE); - - // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); - - - resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); - resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); - resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); - resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); - - try { - - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) - throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); - - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - - String returnValue = null; - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); - } - else { - // use target from config - returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); - } - - - String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); - if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { - // bkuSelectionType==HTMLComplete - String redirectURL = returnValue; - resp.setContentType("text/html"); - resp.sendRedirect(redirectURL); - Logger.info("REDIRECT TO: " + redirectURL); - } else { - // bkuSelectionType==HTMLSelect - String htmlForm = returnValue; - resp.setContentType("text/html;charset=UTF-8"); - Logger.debug("HTML-Form: " + htmlForm); - Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); - out.write(htmlForm); - out.flush(); - Logger.debug("Finished GET SelectBKU"); - } - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (Throwable ex) { - handleError(null, ex, req, resp); - } +// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); +// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); +// resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); +// +// String authURL = req.getScheme() + "://" + req.getServerName(); +// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { +// authURL = authURL.concat(":" + req.getServerPort()); +// } +// authURL = authURL.concat(req.getContextPath() + "/"); +// +// String target = req.getParameter(PARAM_TARGET); +// String oaURL = req.getParameter(PARAM_OA); +// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE); +// String templateURL = req.getParameter(PARAM_TEMPLATE); +// +// // escape parameter strings +// target = StringEscapeUtils.escapeHtml(target); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// templateURL = StringEscapeUtils.escapeHtml(templateURL); +// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL); +// +// +// resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES); +// resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA); +// resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); +// resp.addHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL_IE); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL)) +// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12"); +// +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12"); +// +// OAAuthParameter oaParam = +// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); +// if (oaParam == null) +// throw new AuthenticationException("auth.00", new Object[] { oaURL }); +// +// // get target and target friendly name from config +// String targetConfig = oaParam.getTarget(); +// +// String returnValue = null; +// if (StringUtils.isEmpty(targetConfig)) { +// // no target attribut is given in OA config +// // target is used from request +// // check parameter +// if (!ParamValidatorUtils.isValidTarget(target)) +// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); +// +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// else { +// // use target from config +// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL); +// } +// +// +// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType(); +// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) { +// // bkuSelectionType==HTMLComplete +// String redirectURL = returnValue; +// resp.setContentType("text/html"); +// resp.sendRedirect(redirectURL); +// Logger.info("REDIRECT TO: " + redirectURL); +// } else { +// // bkuSelectionType==HTMLSelect +// String htmlForm = returnValue; +// resp.setContentType("text/html;charset=UTF-8"); +// Logger.debug("HTML-Form: " + htmlForm); +// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8"); +// out.write(htmlForm); +// out.flush(); +// Logger.debug("Finished GET SelectBKU"); +// } +// } +// catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } +// catch (Throwable ex) { +// handleError(null, ex, req, resp); +// } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java deleted file mode 100644 index 012ed4c14..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ /dev/null @@ -1,224 +0,0 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.servlet; - -import java.io.IOException; -import java.io.PrintWriter; -import java.util.List; - -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.lang.StringEscapeUtils; -import org.opensaml.saml2.metadata.RequestedAttribute; - -import at.gv.egovernment.moa.id.AuthenticationException; -import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; -import at.gv.egovernment.moa.id.auth.WrongParametersException; -import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.STORKConfig; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.StringUtils; -import eu.stork.mw.messages.saml.STORKAuthnRequest; -import eu.stork.vidp.messages.builder.STORKMessagesBuilder; -import eu.stork.vidp.messages.exception.SAMLException; -import eu.stork.vidp.messages.exception.SAMLValidationException; -import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; -import eu.stork.vidp.messages.stork.RequestedAttributes; - -/** - * Servlet requested for starting a MOA ID authentication session. - * Utilizes the {@link AuthenticationServer}. - * - * @author Paul Ivancsics - * @version $Id$ - * @see AuthenticationServer#startAuthentication - */ -public class StartAuthenticationServlet extends AuthServlet { - - /** - * - */ - private static final long serialVersionUID = 3908001651893673395L; - - -/** - * Responds with an HTML form which upon submit requests the identity link - * from the security layer implementation. - * <br> - * Response: - * <ul> - * <li>Content type: <code>"text/html"</code></li> - * <li>Content: see return value of {@link AuthenticationServer#startAuthentication}</li> - * <li>Error status: <code>500</code> - * </ul> - * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse) - */ - protected void doGet(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - Logger.debug("GET StartAuthentication"); - String authURL = req.getScheme() + "://" + req.getServerName(); - if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) { - authURL = authURL.concat(":" + req.getServerPort()); - } - authURL = authURL.concat(req.getContextPath() + "/"); - - String target = req.getParameter(PARAM_TARGET); - String sourceID = req.getParameter(PARAM_SOURCEID); - String oaURL = req.getParameter(PARAM_OA); - String bkuURL = req.getParameter(PARAM_BKU); - String templateURL = req.getParameter(PARAM_TEMPLATE); - String sessionID = req.getParameter(PARAM_SESSIONID); - String useMandate = req.getParameter(PARAM_USEMANDATE); - String ccc = req.getParameter(PARAM_CCC); - - // escape parameter strings - target = StringEscapeUtils.escapeHtml(target); - sourceID = StringEscapeUtils.escapeHtml(sourceID); - oaURL = StringEscapeUtils.escapeHtml(oaURL); - bkuURL = StringEscapeUtils.escapeHtml(bkuURL); - templateURL = StringEscapeUtils.escapeHtml(templateURL); - sessionID = StringEscapeUtils.escapeHtml(sessionID); - useMandate = StringEscapeUtils.escapeHtml(useMandate); - ccc = StringEscapeUtils.escapeHtml(ccc); - - setNoCachingHeadersInHttpRespone(req, resp); - - - try { - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); - if (!ParamValidatorUtils.isValidBKUURI(bkuURL)) - throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); - if (!ParamValidatorUtils.isValidTemplate(req, templateURL)) - throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); - if (!ParamValidatorUtils.isValidSessionID(sessionID)) - throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12"); - if (!ParamValidatorUtils.isValidUseMandate(useMandate)) - throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); - if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); - if (!ParamValidatorUtils.isValidCCC(ccc)) - throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); - - - - OAAuthParameter oaParam = - AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); - if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { oaURL }); - - // get target and target friendly name from config - String targetConfig = oaParam.getTarget(); - String targetFriendlyNameConfig = oaParam.getTargetFriendlyName(); - - String targetFriendlyName = null; - - if (StringUtils.isEmpty(targetConfig)) { - // no target attribut is given in OA config - // target is used from request - // check parameter - if (!ParamValidatorUtils.isValidTarget(target)) - throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); - } else { - // use target from config - target = targetConfig; - targetFriendlyName = targetFriendlyNameConfig; - } - - STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig(); - - Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(ccc) ? "AT" : ccc)); - // STORK or normal authentication - if (storkConfig.isSTORKAuthentication(ccc)) { - //STORK authentication - Logger.trace("Found C-PEPS configuration for citizen of country: " + ccc); - Logger.debug("Starting STORK authentication"); - - AuthenticationServer.startSTORKAuthentication(req, resp, ccc, oaURL, target, targetFriendlyName, authURL, sourceID); - - } else { - //normal MOA-ID authentication - Logger.debug("Starting normal MOA-ID authentication"); - - String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, targetFriendlyName, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID); - - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.print(getIdentityLinkForm); - out.flush(); - } - Logger.debug("Finished GET StartAuthentication"); - - } - catch (WrongParametersException ex) { - handleWrongParameters(ex, req, resp); - } - catch (MOAIDException ex) { - handleError(null, ex, req, resp); - } - } - - - /** - * @see javax.servlet.http.HttpServlet#doPost(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ - protected void doPost(HttpServletRequest req, HttpServletResponse resp) - throws ServletException, IOException { - - doGet(req, resp); - } - - - /** - * Calls the web application initializer. - * - * @see javax.servlet.Servlet#init(ServletConfig) - */ - public void init(ServletConfig servletConfig) throws ServletException { - try { - super.init(servletConfig); - MOAIDAuthInitializer.initialize(); - Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null)); - } - catch (Exception ex) { - Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex); - throw new ServletException(ex); - } - } - -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index fbf700365..09e4e957d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -48,9 +48,13 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.ModulUtils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; @@ -133,6 +137,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE); + String pendingRequestID = null; Map parameters; try @@ -149,6 +154,8 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + String redirectURL = null; try { // check parameter @@ -157,11 +164,11 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String samlArtifactBase64 = - AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + + String samlArtifactBase64 = AuthenticationServer.getInstance().verifyAuthenticationBlock(session, createXMLSignatureResponse); + if (samlArtifactBase64 == null) { //mandate Mode @@ -202,8 +209,23 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); - X509Certificate cert = session.getSignerCertificate(); - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); + byte[] cert = session.getEncodedSignerCertificate(); + + //TODO: check in case of SSO!!! + String targetType = null; + if(oaParam.getBusinessService()) { + String id = oaParam.getIdentityLinkDomainIdentifier(); + if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + targetType = id; + else + targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } + + + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory); String redirectMISGUI = misSessionID.getRedirectURL(); if (misSessionID == null) { @@ -213,6 +235,12 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { session.setMISSessionID(misSessionID.getSessiondId()); + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("Session store error", null); + } + resp.setStatus(302); resp.addHeader("Location", redirectMISGUI); Logger.debug("REDIRECT TO: " + redirectURL); @@ -220,17 +248,22 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { else { if (!samlArtifactBase64.equals("Redirect to Input Processor")) { - redirectURL = session.getOAURLRequested(); + /*redirectURL = session.getOAURLRequested(); if (!session.getBusinessService()) { redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8")); } redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); - redirectURL = resp.encodeRedirectURL(redirectURL); + redirectURL = resp.encodeRedirectURL(redirectURL);*/ + + + redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), + ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), samlArtifactBase64); + } else { redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID()); } - + resp.setContentType("text/html"); resp.setStatus(302); @@ -242,16 +275,20 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (GeneralSecurityException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (PKIException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (MISSimpleClientException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } catch (TransformerException e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } + + finally { + ConfigurationDBUtils.closeSession(); + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index 689510a9d..477d99220 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -43,6 +43,9 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -104,6 +107,8 @@ public class VerifyCertificateServlet extends AuthServlet { resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
+ + String pendingRequestID = null; Map parameters;
try
@@ -118,7 +123,9 @@ public class VerifyCertificateServlet extends AuthServlet { // escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
-
+ + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); +
AuthenticationSession session = null;
try {
// check parameter
@@ -138,31 +145,49 @@ public class VerifyCertificateServlet extends AuthServlet { if (useMandate) {
- Logger.error("Online-Mandate Mode for foreign citizencs not supported.");
- throw new AuthenticationException("auth.13", null);
+ + // verify certificate for OrganWalter + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert); + + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + } + + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
}
else {
// Foreign Identities Modus
- String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(sessionID, cert);
+ String createXMLSignatureRequest = AuthenticationServer.getInstance().createXMLSignatureRequestForeignID(session, cert);
// build dataurl (to the GetForeignIDSerlvet)
String dataurl =
new DataURLBuilder().buildDataURL(
session.getAuthURL(),
REQ_GET_FOREIGN_ID,
session.getSessionID());
-
+ + try { + AuthenticationSessionStoreage.storeSession(session); + } catch (MOADatabaseException e) { + throw new MOAIDException("session store error", null); + } +
ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
Logger.debug("Send CreateXMLSignatureRequest to BKU");
- }
-
-
+ }
+ }
+ catch (MOAIDException ex) { +
+ handleError(null, ex, req, resp, pendingRequestID);
+ } + + finally { + ConfigurationDBUtils.closeSession(); }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp);
- }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 5178e27d3..38f650a65 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -43,6 +43,11 @@ import at.gv.egovernment.moa.id.auth.WrongParametersException; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.ServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -109,6 +114,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { Logger.debug("POST VerifyIdentityLink"); Map parameters; + String pendingRequestID = null; + try { parameters = getParameters(req); @@ -123,6 +130,8 @@ public class VerifyIdentityLinkServlet extends AuthServlet { // escape parameter strings sessionID = StringEscapeUtils.escapeHtml(sessionID); + pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID); + resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES); resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA); resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL); @@ -134,14 +143,17 @@ public class VerifyIdentityLinkServlet extends AuthServlet { if (!ParamValidatorUtils.isValidSessionID(sessionID)) throw new WrongParametersException("VerifyIdentityLink", PARAM_SESSIONID, "auth.12"); - AuthenticationSession session = AuthenticationServer.getSession(sessionID); - String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(sessionID, parameters); + + AuthenticationSession session = AuthenticationServer.getSession(sessionID); + + String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyIdentityLink(session, parameters); Logger.debug(createXMLSignatureRequestOrRedirect); + if (createXMLSignatureRequestOrRedirect == null) { // no identity link found - + boolean useMandate = session.getUseMandate(); if (useMandate) { Logger.error("Online-Mandate Mode for foreign citizencs not supported."); @@ -150,7 +162,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet { try { - Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); + Logger.info("Send InfoboxReadRequest to BKU to get signer certificate."); // create the InfoboxReadRequest to get the certificate String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); @@ -168,15 +180,18 @@ public class VerifyIdentityLinkServlet extends AuthServlet { } catch(Exception e) { - handleError(null, e, req, resp); + handleError(null, e, req, resp, pendingRequestID); } } else { // @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID), - // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber für OW nicht in + // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in // AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen) + + //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!! boolean useMandate = session.getUseMandate(); + if (useMandate) { // Mandate modus // read certificate and set dataurl to Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); @@ -191,27 +206,47 @@ public class VerifyIdentityLinkServlet extends AuthServlet { REQ_VERIFY_CERTIFICATE, session.getSessionID()); - //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)"); //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); + Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); - } + } else { + Logger.info("Normal"); + + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + AuthConfigurationProvider authConf = AuthConfigurationProvider + .getInstance(); + + createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance() + .getCreateXMLSignatureRequestAuthBlockOrRedirect(session, + authConf, oaParam); + ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink"); } - - } - + + try { + AuthenticationSessionStoreage.storeSession(session); + + } catch (MOADatabaseException e) { + Logger.info("No valid MOA session found. Authentification process is abourted."); + throw new AuthenticationException("auth.20", null); + } } catch (ParseException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); } catch (MOAIDException ex) { - handleError(null, ex, req, resp); + handleError(null, ex, req, resp, pendingRequestID); + } + + finally { + ConfigurationDBUtils.closeSession(); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index dfad29e50..d0fb1f87f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -35,9 +35,13 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathUtils; @@ -55,6 +59,7 @@ public class CreateXMLSignatureResponseValidator { /** Xpath expression to the dsig:Signature element */ private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + //private static final String XADES_SIGNINGTIME_PATH = Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; /** Singleton instance. <code>null</code>, if none has been created. */ private static CreateXMLSignatureResponseValidator instance; @@ -208,7 +213,7 @@ public class CreateXMLSignatureResponseValidator { } if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { foundOA = true; - if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); } } else { @@ -231,7 +236,35 @@ public class CreateXMLSignatureResponseValidator { } else { throw new ValidateException("validator.35", null); } + + // check four attribute could be a special text + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + String text = ""; + try { + OAAuthParameter oaparam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix()); + if (MiscUtil.isNotEmpty(text = oaparam.getAditionalAuthBlockText())) + Logger.info("Use addional AuthBlock Text from OA=" + oaparam.getPublicURLPrefix()); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from OA!", e); + } + + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + // now check the extended SAML attributes int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; if (extendedSAMLAttributes != null) { @@ -309,4 +342,216 @@ public class CreateXMLSignatureResponseValidator { throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; } } + + /** + * The Method validate is used for validating an explicit {@link CreateXMLSignatureResponse} + * @param createXMLSignatureResponse + * @param session + * @throws ValidateException + */ + public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, AuthenticationSession session) + throws ValidateException { + + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + + String oaURL; + try { + oaURL = AuthConfigurationProvider.getInstance().getSSOPublicUrl(); + } catch (ConfigurationException e1) { + oaURL = new String(); + } + + IdentityLink identityLink = session.getIdentityLink(); + + Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); + String issuer = samlAssertion.getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + // replace ' in name with ' + issuer = issuer.replaceAll("'", "'"); + + String issueInstant = samlAssertion.getAttribute("IssueInstant"); + if (!issueInstant.equals(session.getIssueInstant())) { + throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); + } + + String name = identityLink.getName(); + + if (!issuer.equals(name)) { + throw new ValidateException("validator.33", new Object[] {issuer, name}); + } + + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); + + boolean foundOA = false; + boolean foundGB = false; + boolean foundWBPK = false; + int offset = 0; + + // check number of SAML aatributes + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + int extendedSAMLAttributesNum = 0; + if (extendedSAMLAttributes != null) { + extendedSAMLAttributesNum = extendedSAMLAttributes.size(); + } + int expectedSAMLAttributeNumber = + AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + extendedSAMLAttributesNum; + if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; + int actualSAMLAttributeNumber = samlAttributes.length; + if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { + Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + + expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); + throw new ValidateException( + "validator.36", + new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); + } + + SAMLAttribute samlAttribute; + if (!session.getSAMLAttributeGebeORwbpk()) { + offset--; + } + + // check the first attribute (must be "OA") + samlAttribute = samlAttributes[0 + offset]; + if (!samlAttribute.getName().equals("OA")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); + } + } else { + throw new ValidateException("validator.15", null); + } + + // check the third attribute (must be "Geburtsdatum") + samlAttribute = samlAttributes[1 + offset]; + if (!samlAttribute.getName().equals("Geburtsdatum")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) { + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // check four attribute could be a special text + samlAttribute = samlAttributes[2 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + + String text = ""; + try { + if (MiscUtil.isNotEmpty(text = AuthConfigurationProvider.getInstance().getSSOSpecialText())) + Logger.info("Use addional AuthBlock Text from SSO=" +text); + else + text = new String(); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e); + } + + + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // now check the extended SAML attributes + int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset; + if (extendedSAMLAttributes != null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + samlAttribute = samlAttributes[i]; + String actualName = samlAttribute.getName(); + String expectedName = extendedSAMLAttribute.getName(); + if (!actualName.equals(expectedName)) { + throw new ValidateException( + "validator.38", + new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); + } + String actualNamespace = samlAttribute.getNamespace(); + String expectedNamespace = extendedSAMLAttribute.getNameSpace(); + if (!actualNamespace.equals(expectedNamespace)) { + throw new ValidateException( + "validator.38", + new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); + } + Object expectedValue = extendedSAMLAttribute.getValue(); + Object actualValue = samlAttribute.getValue(); + try { + if (expectedValue instanceof String) { + // replace \r\n because text might be base64-encoded + String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); + expValue = StringUtils.replaceAll(expValue,"\n",""); + String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); + actValue = StringUtils.replaceAll(actValue,"\n",""); + if (!expValue.equals(actValue)) { + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); + } + } else if (expectedValue instanceof Element) { + // only check the name of the element + String actualElementName = ((Element)actualValue).getNodeName(); + String expectedElementName = ((Element)expectedValue).getNodeName(); + if (!(expectedElementName.equals(actualElementName))){ + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); + } + } else { + // should not happen + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); + } + } catch (ClassCastException e) { + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); + } + i++; + } + } + + + if (!foundOA) throw new ValidateException("validator.14", null); + + //Check if dsig:Signature exists +// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); +// if (nl.getLength() != 1) { +// throw new ValidateException("validator.05", null); +// } + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); + if (dsigSignature == null) { + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + } + } + + public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { + + //TODO: insert Time validation!!!! + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 90282a28c..ed826c615 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -35,6 +35,7 @@ import java.security.interfaces.RSAPublicKey; import java.util.List; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -80,7 +81,7 @@ public class VerifyXMLSignatureResponseValidator { * @throws ValidateException on any validation error */ public void validate(VerifyXMLSignatureResponse verifyXMLSignatureResponse, - List identityLinkSignersSubjectDNNames, + List<String> identityLinkSignersSubjectDNNames, String whatToCheck, boolean ignoreManifestValidationResult) throws ValidateException { @@ -154,7 +155,7 @@ public class VerifyXMLSignatureResponseValidator { } } - + /** * Method validateCertificate. * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java index 576d9c358..a154c9ece 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java @@ -83,241 +83,255 @@ public class ParepInputProcessorImpl implements ParepInputProcessor{ this.rpGivenName = rpGivenName;
this.rpDateOfBirth = rpDateOfBirth;
this.request = request;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
- */
- public String start(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue)
- {
- // Load the form
- String form = loadForm(
- physical, familyName, givenName, dateOfBirth,
- streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue, "");
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- } catch (SZRGWClientException e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
- */
- public String validate(Map parameters, String extErrortext)
- {
-
- // Process the gotten parameters
- String form = null;
- boolean formNecessary = false;
- if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
- String locErrortext = "Folgende Parameter fehlen: ";
-
- String familyName = (String) parameters.get("familyname_");
- if (null == familyName) familyName ="";
- String givenName = (String) parameters.get("givenname_");
- if (null == givenName) givenName ="";
- boolean physical = "true".equals(parameters.get("physical_"));
- String dobday = (String) parameters.get("dobday_");
- if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
- String dobmonth = (String) parameters.get("dobmonth_");
- if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
- String dobyear = (String) parameters.get("dobyear_");
- if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
- String dateOfBirth = "";
- dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
- dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
- dobday = (" ".substring(0, 2-dobday.length()) + dobday);
- dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
- String cbFullName = (String) parameters.get("fullname_");
- if (null == cbFullName) cbFullName ="";
- String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
- if (null == cbIdentificationType) cbIdentificationType ="";
- String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
- if (null == cbIdentificationValue) cbIdentificationValue ="";
- String postalCode = (String) parameters.get("postalcode_");
- if (null == postalCode) postalCode ="";
- String municipality = (String) parameters.get("municipality_");
- if (null == municipality) municipality ="";
- String streetName = (String) parameters.get("streetname_");
- if (null == streetName) streetName ="";
- String buildingNumber = (String) parameters.get("buildingnumber_");
- if (null == buildingNumber) buildingNumber ="";
- String unit = (String) parameters.get("unit_");
- if (null == unit) unit ="";
-
- if (physical) {
- if (ParepUtils.isEmpty(familyName)) {
- formNecessary = true;
- locErrortext = locErrortext + "Familienname";
- }
- if (ParepUtils.isEmpty(givenName)) {
- formNecessary = true;
- if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Vorname";
- }
- // Auf existierendes Datum prüfen
- SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
- format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
- try {
- format.parse(dateOfBirth);
- }
- catch(ParseException pe)
- {
- formNecessary = true;
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "korrektes Geburtsdatum";
- }
- } else {
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- if (ParepUtils.isEmpty(cbFullName)) {
- locErrortext = locErrortext + "Name der Organisation";
- }
- if (ParepUtils.isEmpty(cbIdentificationType)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Auswahl des Registers";
- }
- if (ParepUtils.isEmpty(cbIdentificationValue)) {
- if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
- locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
- }
- }
- }
- try {
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- if (formNecessary) {
- // Daten noch nicht vollständig oder anderer Fehler
- if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
- String error = "";
- if (!ParepUtils.isEmpty(extErrortext)) {
- error = extErrortext;
- if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
- }
- if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
- if (!ParepUtils.isEmpty(error)) {
- error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
- }
- form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
- if (form == null) {
- return null;
- }
- } else {
- return ""; // everything is ok
- }
- } catch (Exception e) {
- //e.printStackTrace();
- Logger.info(e);
- return null;
- }
- return form;
- }
-
- /**
- * Loads the empty user input form and replaces tag occurences with given variables
- *
- * @param physical
- * @param familyName
- * @param givenName
- * @param dateOfBirth
- * @param streetName
- * @param buildingNumber
- * @param unit
- * @param postalCode
- * @param municipality
- * @param cbFullName
- * @param cbIdentificationType
- * @param cbIdentificationValue
- * @param errorText
- * @return
- */
- private String loadForm(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
- {
- String form = "";
- try {
- String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
- InputStream instream = null;
- File file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- fileName = parepConfiguration.getFullDirectoryName(fileName);
- if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
- file = new File(fileName);
- if (file.exists()) {
- //if this resolves to a file, load it
- instream = new FileInputStream(fileName);
- } else {
- //else load a named resource in our classloader.
- instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
- if (instream == null) {
- Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
- return null;
- }
- }
- }
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.dumpInputOutputStream(instream, bos);
- form = bos.toString("UTF-8");
- } catch(Exception e) {
- Logger.error("Fehler beim Einlesen des Input-Templates.", e);
- }
-
- if (!ParepUtils.isEmpty(form)) {
- boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
- boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
- boolean reducedSelection = (!physEnabled || !cbEnabled);
- if (reducedSelection) {
- physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
- }
- if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
- form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
- form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
- form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
- form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
- form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
- //darf zw. phys. und jur. Person gewählt werden:
- //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
- form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
- form = ParepUtils.replaceAll(form, "<givenname>", givenName);
- form = ParepUtils.replaceAll(form, "<familyname>", familyName);
- form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
- form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
- form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
- form = ParepUtils.replaceAll(form, "<streetname>", streetName);
- form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
- form = ParepUtils.replaceAll(form, "<unit>", unit);
- form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
- form = ParepUtils.replaceAll(form, "<municipality>", municipality);
- form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
- form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
- form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
- form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
- form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
- form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
- form = ParepUtils.replaceAll(form, "<errortext>", errorText);
- }
- return form;
- }
+ } + +public String start(boolean physical, String familyName, String givenName, + String dateOfBirth, String streetName, String buildingNumber, + String unit, String postalCode, String municipality, String cbFullName, + String cbIdentificationType, String cbIdentificationValue) { + // TODO Auto-generated method stub + return null; +} + +public String validate(Map parameters, String extErrortext) { + // TODO Auto-generated method stub + return null; +}
+ + //TODO: check correctness
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
+// */
+// public String start(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue)
+// {
+// // Load the form
+// String form = loadForm(
+// physical, familyName, givenName, dateOfBirth,
+// streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue, "");
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// } catch (SZRGWClientException e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
+// */
+// public String validate(Map parameters, String extErrortext)
+// {
+//
+// // Process the gotten parameters
+// String form = null;
+// boolean formNecessary = false;
+// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
+// String locErrortext = "Folgende Parameter fehlen: ";
+//
+// String familyName = (String) parameters.get("familyname_");
+// if (null == familyName) familyName ="";
+// String givenName = (String) parameters.get("givenname_");
+// if (null == givenName) givenName ="";
+// boolean physical = "true".equals(parameters.get("physical_"));
+// String dobday = (String) parameters.get("dobday_");
+// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
+// String dobmonth = (String) parameters.get("dobmonth_");
+// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
+// String dobyear = (String) parameters.get("dobyear_");
+// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
+// String dateOfBirth = "";
+// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
+// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
+// dobday = (" ".substring(0, 2-dobday.length()) + dobday);
+// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
+// String cbFullName = (String) parameters.get("fullname_");
+// if (null == cbFullName) cbFullName ="";
+// String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
+// if (null == cbIdentificationType) cbIdentificationType ="";
+// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
+// if (null == cbIdentificationValue) cbIdentificationValue ="";
+// String postalCode = (String) parameters.get("postalcode_");
+// if (null == postalCode) postalCode ="";
+// String municipality = (String) parameters.get("municipality_");
+// if (null == municipality) municipality ="";
+// String streetName = (String) parameters.get("streetname_");
+// if (null == streetName) streetName ="";
+// String buildingNumber = (String) parameters.get("buildingnumber_");
+// if (null == buildingNumber) buildingNumber ="";
+// String unit = (String) parameters.get("unit_");
+// if (null == unit) unit ="";
+//
+// if (physical) {
+// if (ParepUtils.isEmpty(familyName)) {
+// formNecessary = true;
+// locErrortext = locErrortext + "Familienname";
+// }
+// if (ParepUtils.isEmpty(givenName)) {
+// formNecessary = true;
+// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Vorname";
+// }
+// // Auf existierendes Datum prüfen
+// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
+// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
+// try {
+// format.parse(dateOfBirth);
+// }
+// catch(ParseException pe)
+// {
+// formNecessary = true;
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "korrektes Geburtsdatum";
+// }
+// } else {
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// if (ParepUtils.isEmpty(cbFullName)) {
+// locErrortext = locErrortext + "Name der Organisation";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationType)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Auswahl des Registers";
+// }
+// if (ParepUtils.isEmpty(cbIdentificationValue)) {
+// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
+// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
+// }
+// }
+// }
+// try {
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// if (formNecessary) {
+// // Daten noch nicht vollständig oder anderer Fehler
+// if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
+// String error = "";
+// if (!ParepUtils.isEmpty(extErrortext)) {
+// error = extErrortext;
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
+// }
+// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
+// if (!ParepUtils.isEmpty(error)) {
+// error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" /> " + error + "</div>";
+// }
+// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
+// if (form == null) {
+// return null;
+// }
+// } else {
+// return ""; // everything is ok
+// }
+// } catch (Exception e) {
+// //e.printStackTrace();
+// Logger.info(e);
+// return null;
+// }
+// return form;
+// }
+//
+// /**
+// * Loads the empty user input form and replaces tag occurences with given variables
+// *
+// * @param physical
+// * @param familyName
+// * @param givenName
+// * @param dateOfBirth
+// * @param streetName
+// * @param buildingNumber
+// * @param unit
+// * @param postalCode
+// * @param municipality
+// * @param cbFullName
+// * @param cbIdentificationType
+// * @param cbIdentificationValue
+// * @param errorText
+// * @return
+// */
+// private String loadForm(
+// boolean physical, String familyName, String givenName, String dateOfBirth,
+// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
+// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
+// {
+// String form = "";
+// try {
+// String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
+// InputStream instream = null;
+// File file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// fileName = parepConfiguration.getFullDirectoryName(fileName);
+// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
+// file = new File(fileName);
+// if (file.exists()) {
+// //if this resolves to a file, load it
+// instream = new FileInputStream(fileName);
+// } else {
+// //else load a named resource in our classloader.
+// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
+// if (instream == null) {
+// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
+// return null;
+// }
+// }
+// }
+// ByteArrayOutputStream bos = new ByteArrayOutputStream();
+// ParepUtils.dumpInputOutputStream(instream, bos);
+// form = bos.toString("UTF-8");
+// } catch(Exception e) {
+// Logger.error("Fehler beim Einlesen des Input-Templates.", e);
+// }
+//
+// if (!ParepUtils.isEmpty(form)) {
+// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
+// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
+// boolean reducedSelection = (!physEnabled || !cbEnabled);
+// if (reducedSelection) {
+// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
+// }
+// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
+// form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
+// form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
+// form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
+// form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
+// form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
+// //darf zw. phys. und jur. Person gewählt werden:
+// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
+// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
+// form = ParepUtils.replaceAll(form, "<givenname>", givenName);
+// form = ParepUtils.replaceAll(form, "<familyname>", familyName);
+// form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
+// form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
+// form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
+// form = ParepUtils.replaceAll(form, "<streetname>", streetName);
+// form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
+// form = ParepUtils.replaceAll(form, "<unit>", unit);
+// form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
+// form = ParepUtils.replaceAll(form, "<municipality>", municipality);
+// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
+// form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
+// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
+// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
+// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
+// form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
+// form = ParepUtils.replaceAll(form, "<errortext>", errorText);
+// }
+// return form;
+// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 5eeaa5d3d..ab7a134c8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -650,7 +650,7 @@ public class ParepUtils { if (ParepUtils.isEmpty(register)) return null;
if (register.equals("FN") || register.equals("XFN")) return "Firmenbuchnummer";
if (register.equals("VR") || register.equals("XZVR") || register.equals("XVR") || register.equals("ZVR")) return "Nummer im Vereinsregister";
- if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
+ if (register.equals("ERSB") || register.equals("XERSB")) return "Nummer im Ergänzungsregister für sonstige Betroffene";
return null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java index 7bd6f5e28..f2f897432 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java @@ -61,547 +61,583 @@ import at.gv.egovernment.moa.util.Constants; *
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
*/
-public class ParepValidator implements InfoboxValidator {
-
- /** activates debug settings */
- private boolean PAREP_DEBUG = false;
-
- /** contains the parameters the validator initially was called with */
- private InfoboxValidatorParams params = null;
-
- /** contains the configuration of the validator */
- private ParepConfiguration parepConfiguration = null;
-
- /** the requested representation ID (currently * or OID) */
- private String representationID = null;
-
- /** holds the information of the SZR-request */
- private CreateMandateRequest request = null;
-
- /** List of extended SAML attributes. */
- private Vector extendedSamlAttributes = new Vector();
-
- /** the class which processes the user input */
- private ParepInputProcessor inputProcessor = null;
-
- /** The form if user input is necessary */
- private String form = null;
-
- /** unspecified error of parep-validator (must not know more about)*/
- private final static String COMMON_ERROR = "Es ist ein Fehler bei der Überprüfung für berufsmäßige Parteienvetretung aufgetreten";
-
- /** Default class to gather remaining mandator data. */
- public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
-
- /** Default template to gather remaining mandator data. */
- public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
-
- /** kind of representation text in AUTH block*/
- public final static String STANDARD_REPRESENTATION_TEXT = "berufsmäßige(r) Parteienvertreter(in)";
-
- /** Names of the produced SAML-attributes. */
- public final static String EXT_SAML_MANDATE_RAW = "Mandate";
- public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
- public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
- public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +public class ParepValidator implements InfoboxValidator { + public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; public final static String EXT_SAML_MANDATE_OID = "OID"; + public final static String EXT_SAML_MANDATE_RAW = "Mandate"; + public final static String EXT_SAML_MANDATE_NAME = "MandatorName"; + public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth"; + public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; + public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter"; + public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier"; - /** */ - public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-
- /** register and register number for non physical persons - the domain identifier for business applications*/
- public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-
- /**
- * Parses the XML configuration element and creates the validators configuration
- * Use this function if you want to preconfigure the validator.
- *
- * @param configElem
- * the XML configuration element to parse.
- * @throws ConfigurationException
- * if an error occurs during the configuration process
- */
- public void Configure(Element configElem) throws ConfigurationException {
- if (this.parepConfiguration == null) {
- Logger.debug("Lade Konfiguration.");
- parepConfiguration = new ParepConfiguration(configElem);
- Logger.debug("Konfiguration erfolgreich geladen.");
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
- */
- public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-
- try {
- Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
- this.params = params;
-
- Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
- // ParepUtils.serializeElement(mandate, System.out);
- this.representationID = ParepUtils.extractRepresentativeID(mandate);
- if (ParepUtils.isEmpty(representationID)) {
- validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
- return validationResult;
- }
-
- // Überprüfen der Identifikation (Type/Value).
- String identificationType = this.params.getIdentificationType();
- String identificationValue = this.params.getIdentificationValue();
- if (this.params.getBusinessApplication()) {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
- return validationResult;
-
- } else {
- Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
- }
- } else {
- if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
- //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
- if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu übermitteln. In der MOA-ID Konfiguration muss die Übermittlung Stammzahl aktiviert sein.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- } else {
- Logger.debug("Organwalter wird mit Stammzahl identifiziert");
- }
- } else {
- if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
- // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
- identificationType = Constants.URN_PREFIX_CDID;
- String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
- identificationValue = bpkBase64;
- Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
- } else {
- Logger.debug("Parteienvertreter wird mit bPK identifiziert");
- }
- }
- }
-
- Configure(this.params.getApplicationSpecificParams());
- // check if we have a configured party representative for that
- if (!parepConfiguration.isPartyRepresentative(representationID)) {
- Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
- validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
- return validationResult;
- }
-
- // Vertreter
- this.request = new CreateMandateRequest();
- request.setRepresentative(this.params, identificationType, identificationValue);
- // ParepUtils.serializeElement(request.getRepresentative(), System.out);
- //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
-
- Logger.debug("Prüfe vorausgefüllte Daten...");
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- boolean formNecessary = false;
- // Vertretener (erstes Vorkommen)
- Element mandator = ParepUtils.extractMandator(mandate);
- if (mandator != null) {
- // ParepUtils.serializeElement(mandator, System.out);
- // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-
- }
- if (physical) {
- if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
- formNecessary = true;
- }
- } else {
- if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
- validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
- return validationResult;
- }
- if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
- formNecessary = true;
- }
- }
-
- //Zeigen wir, dass die Daten übernommen wurden:
- if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
-
- // Input processor
- this.form = "";
- if (formNecessary) {
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.start(
- physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
- cbFullName, cbIdentificationType, cbIdentificationValue);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- } else {
- // Request vorbereiten mit vorgegebenen Daten
- request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
- cbIdentificationType, cbIdentificationValue);
- }
-
-
- // ParepUtils.serializeElement(request.getMandator(), System.out);
- // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- Logger.debug("Überprüfung der vertretenen Partei erfolgreich beendet");
- validationResult.setValid(true);
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
- */
- public InfoboxValidationResult validate(Map parameters) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- Logger.debug("Prüfe im Formular ausgefüllte Daten...");
- if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
-
- // Input processor
- ParepInputProcessor inputProcessor= getInputProcessor();
- this.form = inputProcessor.validate(parameters, null);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
- addAuthBlockExtendedSamlAttributes();
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- return validationResult;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
- */
- public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
-
- InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
- this.form = "";
- try {
-
-
- request.setSignature(samlAssertion);
-
-//DPO debug
-// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
-// String id = representationID;
+ + public InfoboxValidationResult validate(InfoboxValidatorParams params) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Map parameters) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public InfoboxValidationResult validate(Element samlAssertion) + throws ValidateException { + // TODO Auto-generated method stub + return null; + } + + public String getForm() { + // TODO Auto-generated method stub + return null; + }
+ + + //TODO: check correctness!!!!
+// /** activates debug settings */
+// private boolean PAREP_DEBUG = false;
+//
+// /** contains the parameters the validator initially was called with */
+// private InfoboxValidatorParams params = null;
+//
+// /** contains the configuration of the validator */
+// private ParepConfiguration parepConfiguration = null;
+//
+// /** the requested representation ID (currently * or OID) */
+// private String representationID = null;
+//
+// /** holds the information of the SZR-request */
+// private CreateMandateRequest request = null;
+//
+// /** List of extended SAML attributes. */
+// private Vector extendedSamlAttributes = new Vector();
+//
+// /** the class which processes the user input */
+// private ParepInputProcessor inputProcessor = null;
+//
+// /** The form if user input is necessary */
+// private String form = null;
+//
+// /** unspecified error of parep-validator (must not know more about)*/
+// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
+//
+// /** Default class to gather remaining mandator data. */
+// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
+//
+// /** Default template to gather remaining mandator data. */
+// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
+//
+// /** kind of representation text in AUTH block*/
+// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
+//
+// /** Names of the produced SAML-attributes. */
+// public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+// public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType"; +// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription"; +// public final static String EXT_SAML_MANDATE_OID = "OID"; +// +// /** */ +// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+//
+// /** register and register number for non physical persons - the domain identifier for business applications*/
+// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+//
+// /**
+// * Parses the XML configuration element and creates the validators configuration
+// * Use this function if you want to preconfigure the validator.
+// *
+// * @param configElem
+// * the XML configuration element to parse.
+// * @throws ConfigurationException
+// * if an error occurs during the configuration process
+// */
+// public void Configure(Element configElem) throws ConfigurationException {
+// if (this.parepConfiguration == null) {
+// Logger.debug("Lade Konfiguration.");
+// parepConfiguration = new ParepConfiguration(configElem);
+// Logger.debug("Konfiguration erfolgreich geladen.");
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
+// */
+// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+//
+// try {
+// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
+// this.params = params;
+//
+// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
+// // ParepUtils.serializeElement(mandate, System.out);
+// this.representationID = ParepUtils.extractRepresentativeID(mandate);
+// if (ParepUtils.isEmpty(representationID)) {
+// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
+// return validationResult;
+// }
+//
+// // überprüfen der Identifikation (Type/Value).
+// String identificationType = this.params.getIdentificationType();
+// String identificationValue = this.params.getIdentificationValue();
+// if (this.params.getBusinessApplication()) {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
+// return validationResult;
+//
+// } else {
+// Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
+// }
+// } else {
+// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
+// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
+// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// } else {
+// Logger.debug("Organwalter wird mit Stammzahl identifiziert");
+// }
+// } else {
+// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
+// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
+// identificationType = Constants.URN_PREFIX_CDID;
+// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
+// identificationValue = bpkBase64;
+// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
+// } else {
+// Logger.debug("Parteienvertreter wird mit bPK identifiziert");
+// }
+// }
+// }
+//
+// Configure(this.params.getApplicationSpecificParams());
+// // check if we have a configured party representative for that
+// if (!parepConfiguration.isPartyRepresentative(representationID)) {
+// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
+// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
+// return validationResult;
+// }
+//
+// // Vertreter
+// this.request = new CreateMandateRequest();
+// request.setRepresentative(this.params, identificationType, identificationValue);
+// // ParepUtils.serializeElement(request.getRepresentative(), System.out);
+// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
+//
+// Logger.debug("Prüfe vorausgefüllte Daten...");
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// boolean formNecessary = false;
+// // Vertretener (erstes Vorkommen)
+// Element mandator = ParepUtils.extractMandator(mandate);
+// if (mandator != null) {
+// // ParepUtils.serializeElement(mandator, System.out);
+// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+//
+// }
+// if (physical) {
+// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
+// formNecessary = true;
+// }
+// } else {
+// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
+// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
+// return validationResult;
+// }
+// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
+// formNecessary = true;
+// }
+// }
+//
+// //Zeigen wir, dass die Daten �bernommen wurden:
+// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
+//
+// // Input processor
+// this.form = "";
+// if (formNecessary) {
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.start(
+// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
+// cbFullName, cbIdentificationType, cbIdentificationValue);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// } else {
+// // Request vorbereiten mit vorgegebenen Daten
+// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
+// cbIdentificationType, cbIdentificationValue);
+// }
+//
+//
+// // ParepUtils.serializeElement(request.getMandator(), System.out);
+// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
+// validationResult.setValid(true);
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
+// */
+// public InfoboxValidationResult validate(Map parameters) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
+// Logger.debug("Prüfe im Formular ausgefüllte Daten...");
+// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
+//
+// // Input processor
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// this.form = inputProcessor.validate(parameters, null);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+// addAuthBlockExtendedSamlAttributes();
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
+// return validationResult;
+// }
+//
+// /*
+// * (non-Javadoc)
+// *
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
+// */
+// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
+//
+// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
+// this.form = "";
+// try {
+//
+//
+// request.setSignature(samlAssertion);
+//
+////DPO debug
+//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1.2.40.0.10.3.1_origin-fixed.xml"))).getDocumentElement();
+//// String id = representationID;
+//// CreateMandateResponse response;
+//// if (true) {
+//// if (this.params.getHideStammzahl()) {
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
+//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
+//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
+//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
+//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+//// }
+//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
+//
+// //ParepUtils.serializeElement(request.toElement(), System.out);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
+//
+// // configure szrgw client
+// Logger.debug("Lade SZR-GW Client.");
+// SZRGWClient client = new SZRGWClient();
+// // System.out.println("Parameters: " + cfg.getConnectionParameters());
+// Logger.debug("Initialisiere Verbindung...");
+// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
+// // Logger.debug("Connection Parameters: " + connectionParameters);
+// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// }
+//
+// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
// CreateMandateResponse response;
-// if (true) {
+// Element requ = request.toElement();
+// try {
+// response = client.createMandateResponse(requ);
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+// client = new SZRGWClient(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// response = client.createMandateResponse(requ);
+// }
+// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
+// if (response.getResultCode()==2000) {
+// if(response.getMandate()==null) {
+// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+//
+//
+// //DPO debug output (2lines)
+// String id = representationID;
+// if (id.equals("*")) id="standardisiert";
+//
+// Element mandate = response.getMandate();
+// // Replace Stammzahlen
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
// if (this.params.getHideStammzahl()) {
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilitätsmodus Personendaten ersetzt werden können.
-// // Würden die Stammzahlen gelöscht (geblindet) werden, würde der Identifikationswert des Vertretenen gänzlich fehlen.
-// // Im Falle einen business Anwendung berechnet MOA-ID nach Rückkehr das wbPK
// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
+// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
// }
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
-
- //ParepUtils.serializeElement(request.toElement(), System.out);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
-
- // configure szrgw client
- Logger.debug("Lade SZR-GW Client.");
- SZRGWClient client = new SZRGWClient();
- // System.out.println("Parameters: " + cfg.getConnectionParameters());
- Logger.debug("Initialisiere Verbindung...");
- ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
- // Logger.debug("Connection Parameters: " + connectionParameters);
- Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- }
-
- Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
- CreateMandateResponse response;
- Element requ = request.toElement();
- try {
- response = client.createMandateResponse(requ);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- client = new SZRGWClient(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- response = client.createMandateResponse(requ);
- }
- Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
- if (response.getResultCode()==2000) {
- if(response.getMandate()==null) {
- Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
-
-
- //DPO debug output (2lines)
- String id = representationID;
- if (id.equals("*")) id="standardisiert";
-
- Element mandate = response.getMandate();
- // Replace Stammzahlen
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
- if (this.params.getHideStammzahl()) {
- ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
- if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
- }
-
- extendedSamlAttributes.clear();
- // Vollmacht
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
- validationResult.setValid(true);
- Logger.debug("Post processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
- } else {
- String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
- String responseInfo = response.getInfo();
- if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- validationResult.setErrorMessage(errorMsg);
- } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
- // Person not found
- ParepInputProcessor inputProcessor= getInputProcessor();
- switch (response.getResultCode()) {
- case 5230:
- errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben.";
- break;
- case 5231:
- errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben.";
- break;
- default:
- if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
- }
- this.form = inputProcessor.validate(generateParameters(), errorMsg);
- if (this.form == null) {
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- validationResult.setValid(true);
- } else {
- // Do not inform the user too much
- Logger.error(errorMsg);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- }
-
- }
- return validationResult;
- } catch (Exception e) {
- e.printStackTrace();
- Logger.info(e);
- validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
- return validationResult;
- }
- }
-
- /**
- * provides the primary infobox token of the given list.
- *
- * @param infoBoxTokens
- * the list of infobox tokens.
- * @return
- * the XML element of the primary token.
- * @throws ValidateException
- * if an error occurs or list is not suitable.
- */
- public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
- if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
- throw new ValidateException("validator.62", null);
- }
- for (int i = 0; i < infoBoxTokens.size(); i++) {
- InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
- if (token.isPrimary()) {
- return token.getXMLToken();
- }
- }
- throw new ValidateException("validator.62", null);
- }
-
- /*
- * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
- */
- public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
- return ret;
- }
-
-
- /**
- * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
- */
- public String getForm() {
- return this.form;
- }
-
- /**
- * Gets the user form input processor (class) assigned to the current party representative
- * If the method is called for the first time it initializes the input processor.
- *
- * @return The user form input processor
- */
- private ParepInputProcessor getInputProcessor() {
-
- if (this.inputProcessor!=null) return inputProcessor;
- String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
- ParepInputProcessor inputProcessor = null;
- try {
- Class inputProcessorClass = Class.forName(inputProcessorName);
- inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
- inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
- } catch (Exception e) {
- Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
- }
- this.inputProcessor = inputProcessor;
- return inputProcessor;
- }
-
- /**
- * Generates the parameter list, which is needed to simulate a return from
- * an user form.
- *
- * @return the form parameters
- */
- private Map generateParameters() {
- Map parameters = new HashMap();
- boolean physical = true;
- String familyName = "";
- String givenName = "";
- String dateOfBirth = "";
- String cbFullName = "";
- String cbIdentificationType = "";
- String cbIdentificationValue = "";
- String postalCode = "";
- String municipality = "";
- String streetName = "";
- String buildingNumber = "";
- String unit = "";
-
- try {
- // Vertretener (erstes Vorkommen)
- Element mandator = request.getMandator();
- if (mandator != null) {
- if (ParepUtils.isPhysicalPerson(mandator)) {
- familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
- givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
- dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
- } else {
- physical = false;
- cbFullName = ParepUtils.extractMandatorFullName(mandator);
- cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
- cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
- }
- postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
- municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
- streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
- buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
- unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
- }
- } catch (Exception e) {
- Logger.error("Could not extract Mandator form SZR-gateway request");
- }
- parameters.put("familyname_", familyName);
- parameters.put("givenname_", givenName);
- parameters.put("dateofbirth_", dateOfBirth);
- parameters.put("dobyear_", dateOfBirth.substring(0,4));
- parameters.put("dobmonth_", dateOfBirth.substring(5,7));
- parameters.put("dobday_", dateOfBirth.substring(8,10));
- parameters.put("physical_", physical ? "true" : "false");
- parameters.put("fullname_", cbFullName);
- parameters.put("cbidentificationtype_", cbIdentificationType);
- parameters.put("cbidentificationvalue_", cbIdentificationValue);
- parameters.put("postalcode_", postalCode);
- parameters.put("municipality_", municipality);
- parameters.put("streetname_", streetName);
- parameters.put("buildingnumber_", buildingNumber);
- parameters.put("unit_", unit);
- return parameters;
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- */
- private void addAuthBlockExtendedSamlAttributes() {
- extendedSamlAttributes.clear();
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- Element mandator = request.getMandator();
- // Name
- String name = ParepUtils.extractMandatorName(mandator);
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- if (dob != null && !"".equals(dob)) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- // (w)bpk
- String wbpk = ParepUtils.extractMandatorWbpk(mandator);
- if (!ParepUtils.isEmpty(wbpk)) {
- if (!ParepUtils.isPhysicalPerson(mandator)){
- String idType = ParepUtils.extractMandatorIdentificationType(mandator);
- if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- } else if (this.params.getBusinessApplication()) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- }
- }
-
-// public static void main(String[] args) throws Exception {
+//
+// extendedSamlAttributes.clear();
+// // Vollmacht
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+//
+// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
+// validationResult.setValid(true);
+// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
+// } else {
+// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
+// String responseInfo = response.getInfo();
+// if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// validationResult.setErrorMessage(errorMsg);
+// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
+// // Person not found
+// ParepInputProcessor inputProcessor= getInputProcessor();
+// switch (response.getResultCode()) {
+// case 5230:
+// errorMsg = "Keine mit den Eingaben übereinstimmende Person vorhanden. Bitte ergänzen/ändern Sie ihre Angaben.";
+// break;
+// case 5231:
+// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte ergänzen/ändern Sie ihre Angaben.";
+// break;
+// default:
+// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
+// }
+// this.form = inputProcessor.validate(generateParameters(), errorMsg);
+// if (this.form == null) {
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// validationResult.setValid(true);
+// } else {
+// // Do not inform the user too much
+// Logger.error(errorMsg);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// }
+//
+// }
+// return validationResult;
+// } catch (Exception e) {
+// e.printStackTrace();
+// Logger.info(e);
+// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
+// return validationResult;
+// }
+// }
+//
+// /**
+// * provides the primary infobox token of the given list.
+// *
+// * @param infoBoxTokens
+// * the list of infobox tokens.
+// * @return
+// * the XML element of the primary token.
+// * @throws ValidateException
+// * if an error occurs or list is not suitable.
+// */
+// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
+// if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
+// throw new ValidateException("validator.62", null);
+// }
+// for (int i = 0; i < infoBoxTokens.size(); i++) {
+// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
+// if (token.isPrimary()) {
+// return token.getXMLToken();
+// }
+// }
+// throw new ValidateException("validator.62", null);
+// }
+//
+// /*
+// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
+// */
+// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
+// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
+// extendedSamlAttributes.copyInto(ret);
+// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
+// return ret;
+// }
+//
+//
+// /**
+// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
+// */
+// public String getForm() {
+// return this.form;
+// }
+//
+// /**
+// * Gets the user form input processor (class) assigned to the current party representative
+// * If the method is called for the first time it initializes the input processor.
+// *
+// * @return The user form input processor
+// */
+// private ParepInputProcessor getInputProcessor() {
+//
+// if (this.inputProcessor!=null) return inputProcessor;
+// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
+// ParepInputProcessor inputProcessor = null;
+// try {
+// Class inputProcessorClass = Class.forName(inputProcessorName);
+// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
+// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
+// } catch (Exception e) {
+// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
+// }
+// this.inputProcessor = inputProcessor;
+// return inputProcessor;
+// }
+//
+// /**
+// * Generates the parameter list, which is needed to simulate a return from
+// * an user form.
+// *
+// * @return the form parameters
+// */
+// private Map generateParameters() {
+// Map parameters = new HashMap();
+// boolean physical = true;
+// String familyName = "";
+// String givenName = "";
+// String dateOfBirth = "";
+// String cbFullName = "";
+// String cbIdentificationType = "";
+// String cbIdentificationValue = "";
+// String postalCode = "";
+// String municipality = "";
+// String streetName = "";
+// String buildingNumber = "";
+// String unit = "";
+//
+// try {
+// // Vertretener (erstes Vorkommen)
+// Element mandator = request.getMandator();
+// if (mandator != null) {
+// if (ParepUtils.isPhysicalPerson(mandator)) {
+// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
+// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
+// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
+// } else {
+// physical = false;
+// cbFullName = ParepUtils.extractMandatorFullName(mandator);
+// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
+// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
+// }
+// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
+// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
+// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
+// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
+// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
+// }
+// } catch (Exception e) {
+// Logger.error("Could not extract Mandator form SZR-gateway request");
+// }
+// parameters.put("familyname_", familyName);
+// parameters.put("givenname_", givenName);
+// parameters.put("dateofbirth_", dateOfBirth);
+// parameters.put("dobyear_", dateOfBirth.substring(0,4));
+// parameters.put("dobmonth_", dateOfBirth.substring(5,7));
+// parameters.put("dobday_", dateOfBirth.substring(8,10));
+// parameters.put("physical_", physical ? "true" : "false");
+// parameters.put("fullname_", cbFullName);
+// parameters.put("cbidentificationtype_", cbIdentificationType);
+// parameters.put("cbidentificationvalue_", cbIdentificationValue);
+// parameters.put("postalcode_", postalCode);
+// parameters.put("municipality_", municipality);
+// parameters.put("streetname_", streetName);
+// parameters.put("buildingnumber_", buildingNumber);
+// parameters.put("unit_", unit);
+// return parameters;
+// }
+//
+// /**
+// * Adds the AUTH block related SAML attributes to the validation result.
+// * This is needed always before the AUTH block is to be signed, because the
+// * name of the mandator has to be set
+// */
+// private void addAuthBlockExtendedSamlAttributes() {
+// extendedSamlAttributes.clear();
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// Element mandator = request.getMandator();
+// // Name
+// String name = ParepUtils.extractMandatorName(mandator);
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// // Geburtsdatum
+// String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
+// if (dob != null && !"".equals(dob)) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// // (w)bpk
+// String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+// if (!ParepUtils.isEmpty(wbpk)) {
+// if (!ParepUtils.isPhysicalPerson(mandator)){
+// String idType = ParepUtils.extractMandatorIdentificationType(mandator);
+// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// } else if (this.params.getBusinessApplication()) {
+// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+// }
+// }
// }
+//
+//// public static void main(String[] args) throws Exception {
+//// }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java index bc5a0e061..ee5a57914 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java @@ -49,386 +49,388 @@ import at.gv.egovernment.moa.util.Constants; * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
*/
public class ParepConfiguration {
-
- /**
- * System property for config file.
- */
- public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
-
- /**
- * SZR-GW connection parameters.
- */
- private ConnectionParameter standardConnectionParameters;
-
- /**
- * Input field processor.
- */
- private String standardInputProcessorClass;
-
- /**
- * Input field processor template.
- */
- private String standardInputProcessorTemplate;
-
- /**
- * Configured party representatives.
- */
- private HashMap partyRepresentatives;
-
- /**
- * The configuration element.
- */
- private Element configElement = null;
-
- /**
- * Defines whether the user input form must be shown on each
- * request or not (also predefined mandates)
- */
- private boolean alwaysShowForm = false;
-
- /**
- * The configuration base directory.
- */
- private String baseDir_;
-
- /**
- * Gets the SZR-GW connection parameters.
- *
- * @return the connection parameters.
- */
- public ConnectionParameter getConnectionParameters(String representationID) {
- if (partyRepresentatives == null || "*".equals(representationID))
- return standardConnectionParameters;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- ConnectionParameter connectionParameters = pr.getConnectionParameters();
- if (connectionParameters==null) connectionParameters = standardConnectionParameters;
- return connectionParameters;
- }
-
- /**
- * Sets the SZR-GW connection parameters for standard connection.
- *
- * @param connectionParameters
- * the connection parameters.
- */
- public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
- this.standardConnectionParameters = connectionParameters;
- }
-
- /*
- *
- */
- public String getFullDirectoryName(String fileString) {
- return makeAbsoluteURL(fileString, baseDir_);
- }
-
- /*
- *
- */
- private static String makeAbsoluteURL(String url, String root) {
- // if url is relative to rootConfigFileDirName make it absolute
-
- File keyFile;
- String newURL = url;
-
- if (null == url)
- return null;
-
- if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
- return url;
- } else {
- // check if absolute - if not make it absolute
- keyFile = new File(url);
- if (!keyFile.isAbsolute()) {
- keyFile = new File(root, url);
- newURL = keyFile.getPath();
- }
- return newURL;
- }
- }
-
- /**
- * Initializes the configuration with a given XML configuration element found
- * in the MOA-ID configuration.
- *
- * @param configElem
- * the configuration element.
- * @throws ConfigurationException
- * if an error occurs initializing the configuration.
- */
- public ParepConfiguration(Element configElem) throws ConfigurationException {
-
- partyRepresentatives = new HashMap();
- partyRepresentatives.put("*", new PartyRepresentative(true, true));
-
- String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-
- try {
-
- baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
- Logger.trace("Config base directory: " + baseDir_);
- // check for configuration in system properties
- if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
- Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
- this.configElement = doc.getDocumentElement();
- } else {
- this.configElement = configElem;
- }
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
- }
- load();
- }
-
- /*
- *
- */
- private void load() throws ConfigurationException {
- Logger.debug("Parse ParepValidator Konfiguration");
- try {
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- // nameSpaceNode.setAttribute("xmlns:sgw",
- // SZRGWConstants.SZRGW_PROFILE_NS);
-
- Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorNode != null) {
- this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
- Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassNode != null) {
- this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
- }
- }
- Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
- if (alwaysShowFormNode != null) {
- this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
- }
-
- // load connection parameters
- Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
- Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamElement != null) {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamElement, System.out);
- this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
- }
-
- Logger.trace("Lade Konfiguration der Parteienvertreter");
- NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
- + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
- for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
-
- PartyRepresentative partyRepresentative = new PartyRepresentative();
-
- Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
- boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
- boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
- partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
- partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
- partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
- partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
-
- Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
- if (inputProcessorSubNode != null) {
- partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
- Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":InputProcessor/text()", nameSpaceNode);
- if (inputProcessorClassSubNode != null) {
- partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
- }
- }
-
- Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
- + ":ConnectionParameter", nameSpaceNode);
- if (connectionParamSubElement == null) {
- if (this.standardConnectionParameters == null) {
- throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
- + partyRepresentative.getOid() + " fehlen.", null, null);
- }
- } else {
- // parse connection parameters
- // ParepUtils.serializeElement(connectionParamSubElement, System.out);
- partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
- }
- partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
- Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
- + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
- + ", representationText=" + partyRepresentative.getRepresentationText()
- + ")");
- }
-
- Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
- }
- }
-
- /*
- *
- */
- private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
- try {
- ConnectionParameter connectionParameter = new ConnectionParameter();
-
- // parse connection url
- String URL = connParamElement.getAttribute("URL");
- connectionParameter.setUrl(URL);
-
- // accepted server certificates
- Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
- nameSpaceNode);
- if (accServerCertsNode != null) {
-
- String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
- Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
- connectionParameter.setAcceptedServerCertificates(serverCertsDir);
- }
-
- // client key store
- Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
- if (clientKeyStoreNode != null) {
- String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
- connectionParameter.setClientKeyStore(clientKeystore);
- }
-
- // client key store password
- Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
- nameSpaceNode);
- if (clientKeyStorePasswordNode != null) {
- connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
- }
-
- return connectionParameter;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
- }
- }
-
- public boolean isPartyRepresentative(String representationID) {
- if (partyRepresentatives == null)
- return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- return pr != null;
- }
-
- public boolean isRepresentingCorporateParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingCorporateParty();
- }
-
- public boolean isRepresentingPhysicalParty(String representationID) {
- if (partyRepresentatives == null) return false;
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr == null) return false;
- return pr.isRepresentingPhysicalParty();
- }
-
- public String getRepresentationText(String representationID) {
- String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
- if (partyRepresentatives != null) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr != null) {
- if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
- }
- }
- return result;
- }
-
- /**
- * @return the input processor classname corresponding to <code>representationID</code>
- * @param representationID
- * the representation ID.
- */
- public String getInputProcessorClass(String representationID) {
- String inputProcessorClass = standardInputProcessorClass;
- if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorClass = pr.getInputProcessorClass();
- if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
- }
- }
- return inputProcessorClass;
- }
-
- /**
- * @param standardInputProcessorClass the standardInputProcessorClass to set
- */
- public void setStandardInputProcessorClass(String standardInputProcessorClass) {
- this.standardInputProcessorClass = standardInputProcessorClass;
- }
-
- /**
- * @return the InputProcessorTemplate
- */
- public String getInputProcessorTemplate(String representationID) {
- String inputProcessorTemplate = standardInputProcessorTemplate;
- if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
- if (!(partyRepresentatives == null || "*".equals(representationID))) {
- PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
- if (pr!=null) {
- String prInputProcessorTemplate = pr.getInputProcessorTemplate();
- if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
- }
- }
- return inputProcessorTemplate;
- }
-
- /**
- * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
- */
- public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
- this.standardInputProcessorTemplate = standardInputProcessorTemplate;
- }
-
- /**
- * @return the alwaysShowForm
- */
- public boolean isAlwaysShowForm() {
- return alwaysShowForm;
- }
-
+ + + //TODO: check correctness!!!!
/**
- * @param alwaysShowForm the alwaysShowForm to set
- */
- public void setAlwaysShowForm(String alwaysShowForm) {
- if (ParepUtils.isEmpty(alwaysShowForm)) {
- this.alwaysShowForm = false;
- } else {
- this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
- }
- }
-
- public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
- try {
- if (configElement==null) return false;
- Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
- if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
- return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
- }
- return false;
- } catch (Exception e) {
- throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
- }
-
- }
-
-
-// public static void main(String[] args) throws Exception {
-// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
-// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
-// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
-// Configuration cfg = new Configuration(null);
-// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
-//}
+// * System property for config file.
+// */
+// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
+//
+// /**
+// * SZR-GW connection parameters.
+// */
+// private ConnectionParameter standardConnectionParameters;
+//
+// /**
+// * Input field processor.
+// */
+// private String standardInputProcessorClass;
+//
+// /**
+// * Input field processor template.
+// */
+// private String standardInputProcessorTemplate;
+//
+// /**
+// * Configured party representatives.
+// */
+// private HashMap partyRepresentatives;
+//
+// /**
+// * The configuration element.
+// */
+// private Element configElement = null;
+//
+// /**
+// * Defines whether the user input form must be shown on each
+// * request or not (also predefined mandates)
+// */
+// private boolean alwaysShowForm = false;
+//
+// /**
+// * The configuration base directory.
+// */
+// private String baseDir_;
+//
+// /**
+// * Gets the SZR-GW connection parameters.
+// *
+// * @return the connection parameters.
+// */
+// public ConnectionParameter getConnectionParameters(String representationID) {
+// if (partyRepresentatives == null || "*".equals(representationID))
+// return standardConnectionParameters;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// ConnectionParameter connectionParameters = pr.getConnectionParameters();
+// if (connectionParameters==null) connectionParameters = standardConnectionParameters;
+// return connectionParameters;
+// }
+//
+// /**
+// * Sets the SZR-GW connection parameters for standard connection.
+// *
+// * @param connectionParameters
+// * the connection parameters.
+// */
+// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
+// this.standardConnectionParameters = connectionParameters;
+// }
+//
+// /*
+// *
+// */
+// public String getFullDirectoryName(String fileString) {
+// return makeAbsoluteURL(fileString, baseDir_);
+// }
+//
+// /*
+// *
+// */
+// private static String makeAbsoluteURL(String url, String root) {
+// // if url is relative to rootConfigFileDirName make it absolute
+//
+// File keyFile;
+// String newURL = url;
+//
+// if (null == url)
+// return null;
+//
+// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
+// return url;
+// } else {
+// // check if absolute - if not make it absolute
+// keyFile = new File(url);
+// if (!keyFile.isAbsolute()) {
+// keyFile = new File(root, url);
+// newURL = keyFile.getPath();
+// }
+// return newURL;
+// }
+// }
+//
+// /**
+// * Initializes the configuration with a given XML configuration element found
+// * in the MOA-ID configuration.
+// *
+// * @param configElem
+// * the configuration element.
+// * @throws ConfigurationException
+// * if an error occurs initializing the configuration.
+// */
+// public ParepConfiguration(Element configElem) throws ConfigurationException {
+//
+// partyRepresentatives = new HashMap();
+// partyRepresentatives.put("*", new PartyRepresentative(true, true));
+//
+// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
+//
+// try {
+//
+// baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
+// Logger.trace("Config base directory: " + baseDir_);
+// // check for configuration in system properties
+// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
+// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
+// this.configElement = doc.getDocumentElement();
+// } else {
+// this.configElement = configElem;
+// }
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
+// }
+// load();
+// }
+//
+// /*
+// *
+// */
+// private void load() throws ConfigurationException {
+// Logger.debug("Parse ParepValidator Konfiguration");
+// try {
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// // nameSpaceNode.setAttribute("xmlns:sgw",
+// // SZRGWConstants.SZRGW_PROFILE_NS);
+//
+// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorNode != null) {
+// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
+// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassNode != null) {
+// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
+// }
+// }
+// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
+// if (alwaysShowFormNode != null) {
+// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
+// }
+//
+// // load connection parameters
+// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
+// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamElement != null) {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamElement, System.out);
+// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
+// }
+//
+// Logger.trace("Lade Konfiguration der Parteienvertreter");
+// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
+// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
+// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
+//
+// PartyRepresentative partyRepresentative = new PartyRepresentative();
+//
+// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
+// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
+// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
+// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
+// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
+// partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
+// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
+//
+// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
+// if (inputProcessorSubNode != null) {
+// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
+// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":InputProcessor/text()", nameSpaceNode);
+// if (inputProcessorClassSubNode != null) {
+// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
+// }
+// }
+//
+// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
+// + ":ConnectionParameter", nameSpaceNode);
+// if (connectionParamSubElement == null) {
+// if (this.standardConnectionParameters == null) {
+// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
+// + partyRepresentative.getOid() + " fehlen.", null, null);
+// }
+// } else {
+// // parse connection parameters
+// // ParepUtils.serializeElement(connectionParamSubElement, System.out);
+// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
+// }
+// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
+// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
+// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
+// + ", representationText=" + partyRepresentative.getRepresentationText()
+// + ")");
+// }
+//
+// Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
+// }
+// }
+//
+// /*
+// *
+// */
+// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
+// try {
+// ConnectionParameter connectionParameter = new ConnectionParameter();
+//
+// // parse connection url
+// String URL = connParamElement.getAttribute("URL");
+// connectionParameter.setUrl(URL);
+//
+// // accepted server certificates
+// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
+// nameSpaceNode);
+// if (accServerCertsNode != null) {
+//
+// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
+// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
+// connectionParameter.setAcceptedServerCertificates(serverCertsDir);
+// }
+//
+// // client key store
+// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
+// if (clientKeyStoreNode != null) {
+// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
+// connectionParameter.setClientKeyStore(clientKeystore);
+// }
+//
+// // client key store password
+// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
+// nameSpaceNode);
+// if (clientKeyStorePasswordNode != null) {
+// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
+// }
+//
+// return connectionParameter;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
+// }
+// }
+//
+// public boolean isPartyRepresentative(String representationID) {
+// if (partyRepresentatives == null)
+// return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// return pr != null;
+// }
+//
+// public boolean isRepresentingCorporateParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingCorporateParty();
+// }
+//
+// public boolean isRepresentingPhysicalParty(String representationID) {
+// if (partyRepresentatives == null) return false;
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr == null) return false;
+// return pr.isRepresentingPhysicalParty();
+// }
+//
+// public String getRepresentationText(String representationID) {
+// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
+// if (partyRepresentatives != null) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr != null) {
+// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
+// }
+// }
+// return result;
+// }
+//
+// /**
+// * @return the input processor classname corresponding to <code>representationID</code>
+// * @param representationID
+// * the representation ID.
+// */
+// public String getInputProcessorClass(String representationID) {
+// String inputProcessorClass = standardInputProcessorClass;
+// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorClass = pr.getInputProcessorClass();
+// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
+// }
+// }
+// return inputProcessorClass;
+// }
+//
+// /**
+// * @param standardInputProcessorClass the standardInputProcessorClass to set
+// */
+// public void setStandardInputProcessorClass(String standardInputProcessorClass) {
+// this.standardInputProcessorClass = standardInputProcessorClass;
+// }
+//
+// /**
+// * @return the InputProcessorTemplate
+// */
+// public String getInputProcessorTemplate(String representationID) {
+// String inputProcessorTemplate = standardInputProcessorTemplate;
+// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
+// if (!(partyRepresentatives == null || "*".equals(representationID))) {
+// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
+// if (pr!=null) {
+// String prInputProcessorTemplate = pr.getInputProcessorTemplate();
+// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
+// }
+// }
+// return inputProcessorTemplate;
+// }
+//
+// /**
+// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
+// */
+// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
+// this.standardInputProcessorTemplate = standardInputProcessorTemplate;
+// }
+//
+// /**
+// * @return the alwaysShowForm
+// */
+// public boolean isAlwaysShowForm() {
+// return alwaysShowForm;
+// }
+//
+// /**
+// * @param alwaysShowForm the alwaysShowForm to set
+// */
+// public void setAlwaysShowForm(String alwaysShowForm) {
+// if (ParepUtils.isEmpty(alwaysShowForm)) {
+// this.alwaysShowForm = false;
+// } else {
+// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
+// }
+// }
+//
+// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
+// try {
+// if (configElement==null) return false;
+// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
+// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
+// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
+// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
+// }
+// return false;
+// } catch (Exception e) {
+// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
+// }
+//
+// }
+//
+//
+//// public static void main(String[] args) throws Exception {
+//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
+//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
+//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
+//// Configuration cfg = new Configuration(null);
+//// System.out.println(cfg.getInputProcessorClass("1.2.40.0.10.3.110"));
+////}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index fb1dc0293..bf4952113 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -81,7 +81,7 @@ public class ConfigurationProvider { * A <code>Map</code> which contains the <code>IssuerAndSerial</code> to * chaining mode (a <code>String</code>) mapping. */ - protected Map chainingModes; + protected Map<IssuerAndSerial, String> chainingModes; /** * the URL for the trusted CA Certificates @@ -93,6 +93,10 @@ public class ConfigurationProvider { */ protected String rootConfigFileDir; + protected String certstoreDirectory; + + protected boolean trustmanagerrevoationchecking; + /** * Returns the main configuration file directory used to configure MOA-ID * @@ -148,5 +152,22 @@ public class ConfigurationProvider { return trustedCACertificates; } + +/** + * @return the certstoreDirectory + */ +public String getCertstoreDirectory() { + return certstoreDirectory; +} + +/** + * @return the trustmanagerrevoationchecking + */ +public boolean isTrustmanagerrevoationchecking() { + return trustmanagerrevoationchecking; +} + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java new file mode 100644 index 000000000..65fda8396 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.config; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.util.ArrayList; +import java.util.List; + +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + +public class ConfigurationUtils { + + public static List<String> getTransformInfos(List<TransformsInfoType> transformations) { + List<String> list = new ArrayList<String>(); + + for (TransformsInfoType e1 : transformations) { + + try { + String transform = new String(e1.getTransformation(), "UTF-8"); + String encoded = new String(Base64Utils.decode(transform, false), "UTF-8"); + list.add(encoded); + + } catch (UnsupportedEncodingException e) { + Logger.warn("Transformation can not be loaded. An encoding error ocurs"); + return null; + + } catch (IOException e) { + Logger.warn("Transformation can not be loaded from database."); + return null; + } + } + return list; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java index b1b90f40b..b358a31c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java @@ -1,130 +1,55 @@ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - package at.gv.egovernment.moa.id.config; -/** - * This bean class is used to store data for various connectionParameter - * within the MOA-ID configuration - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class ConnectionParameter { - - /** - * Server URL - */ - private String url; - /** - * File URL for a directory containing PKCS#12 server SSL certificates. - * From these certificates, a X509 trust store will be assembled for use - * by a JSSE <code>TrustManager</code>. - * This field will only be used in case of an HTTPS URL. - */ - private String acceptedServerCertificates; - /** - * File URL of a X509 key store containing the private key to be used - * for an HTTPS connection when the server requires client authentication. - * This field will only be used in case of an HTTPS URL. - */ - private String clientKeyStore; - /** - * Password protecting the client key store. - */ - private String clientKeyStorePassword; - - /** - * Checks whether the URL scheme is <code>"https"</code>. - * @return true in case of an URL starting with <code>"https"</code> - */ +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; + +public abstract class ConnectionParameter { + + protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore"; + protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword"; + protected static final String PROP_IDENTIFIER_ACCEPEDSERVERCERTS = "acceptedServerCertificates"; + + protected ConnectionParameterClientAuthType database; + protected Properties prop; + protected String basedirectory; + + public ConnectionParameter(ConnectionParameterClientAuthType database, Properties prop, String basedirectory) { + this.database = database; + this.prop = prop; + this.basedirectory = basedirectory; + } + + /** + * Returns the acceptedServerCertificates. + * @return String + */ + public abstract String getAcceptedServerCertificates(); + + /** + * Returns the clientKeyStore. + * @return String + */ + public abstract String getClientKeyStore(); + + /** + * Returns the clientKeyStorePassword. + * @return String + */ + public abstract String getClientKeyStorePassword(); + + public boolean isHTTPSURL() { - return getUrl().indexOf("https") == 0; + if (database==null) + return false; + else + return database.getURL().indexOf("https") == 0; + } + + public String getUrl() { + if (database == null) + return null; + else + return database.getURL(); } - - /** - * Returns the url. - * @return String - */ - public String getUrl() { - return url; - } - - /** - * Returns the acceptedServerCertificates. - * @return String - */ - public String getAcceptedServerCertificates() { - return acceptedServerCertificates; - } - - /** - * Sets the acceptedServerCertificates. - * @param acceptedServerCertificates The acceptedServerCertificates to set - */ - public void setAcceptedServerCertificates(String acceptedServerCertificates) { - this.acceptedServerCertificates = acceptedServerCertificates; - } - - /** - * Sets the url. - * @param url The url to set - */ - public void setUrl(String url) { - this.url = url; - } - - /** - * Returns the clientKeyStore. - * @return String - */ - public String getClientKeyStore() { - return clientKeyStore; - } - - /** - * Returns the clientKeyStorePassword. - * @return String - */ - public String getClientKeyStorePassword() { - return clientKeyStorePassword; - } - - /** - * Sets the clientKeyStore. - * @param clientKeyStore The clientKeyStore to set - */ - public void setClientKeyStore(String clientKeyStore) { - this.clientKeyStore = clientKeyStore; - } - - /** - * Sets the clientKeyStorePassword. - * @param clientKeyStorePassword The clientKeyStorePassword to set - */ - public void setClientKeyStorePassword(String clientKeyStorePassword) { - this.clientKeyStorePassword = clientKeyStorePassword; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java new file mode 100644 index 000000000..41d6959b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterForeign extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.foreignidentities."; + + public ConnectionParameterForeign(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java new file mode 100644 index 000000000..0e05633c8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMOASP extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.moasp."; + + public ConnectionParameterMOASP(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java new file mode 100644 index 000000000..00b393b92 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.config; + +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConnectionParameterMandate extends ConnectionParameter{ + + private static final String MOASP_PROP_IDENTIFIER_PREFIX = "service.onlinemandates."; + + public ConnectionParameterMandate(ConnectionParameterClientAuthType database, + Properties prop, String basedirectory) { + super(database, prop, basedirectory); + } + + public String getAcceptedServerCertificates() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_ACCEPEDSERVERCERTS); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStore() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTORE); + if (MiscUtil.isEmpty(e1)) + return null; + else + return basedirectory + e1; + } + + public String getClientKeyStorePassword() { + String e1 = prop.getProperty(MOASP_PROP_IDENTIFIER_PREFIX+PROP_IDENTIFIER_KEYSTOREPASSWORD); + if (MiscUtil.isEmpty(e1)) + return null; + else + return e1; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 56c97a802..c1715d6fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -24,6 +24,8 @@ package at.gv.egovernment.moa.id.config; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; + /** * Configuration parameters belonging to an online application, * to be used within both, the MOA ID Auth and the @@ -33,6 +35,25 @@ package at.gv.egovernment.moa.id.config; */ public class OAParameter { + public OAParameter(OnlineApplication oa) { + + this.oaType = oa.getType(); + + if (this.oaType.equals("businessService")) + this.businessService = true; + else + this.businessService = false; + + this.publicURLPrefix = oa.getPublicURLPrefix(); + + this.friendlyName = oa.getFriendlyName(); + + this.target = oa.getTarget(); + + this.targetFriendlyName = oa.getTargetFriendlyName(); + + } + /** * type of the online application (maybe "PublicService" or "BusinessService") */ @@ -63,102 +84,26 @@ public class OAParameter { */ private String targetFriendlyName; - /** - * Returns the type of the online application. - * @return the type of the online application. - */ - public String getOaType() { - return oaType; - } - - /** - * Returns <code>true</code> is the OA is a businss application, otherwise - * <code>false</code>. - * @return <code>true</code> is the OA is a businss application, otherwise - * <code>false</code> - */ - public boolean getBusinessService() { - return this.businessService; - } - /** - * Returns the publicURLPrefix. - * @return String - */ - public String getPublicURLPrefix() { - return publicURLPrefix; - } - /** - * - * Sets the type of the online application. - * If the type is "businessService" the value of <code>businessService</code> - * ({@link #getBusinessService()}) is also set to <code>true</code> - * @param oaType The type of the online application. - */ - public void setOaType(String oaType) { - this.oaType = oaType; - if ("businessService".equalsIgnoreCase(oaType)) { - this.businessService = true; - } - } + public String getOaType() { + return oaType; + } + public boolean getBusinessService() { + return businessService; + } + public String getPublicURLPrefix() { + return publicURLPrefix; + } + public String getFriendlyName() { + return friendlyName; + } + public String getTarget() { + return target; + } + public String getTargetFriendlyName() { + return targetFriendlyName; + } - /** - * Sets the publicURLPrefix. - * @param publicURLPrefix The publicURLPrefix to set - */ - public void setPublicURLPrefix(String publicURLPrefix) { - this.publicURLPrefix = publicURLPrefix; - } - - - /** - * Gets the friendly name of the OA - * @return Friendly Name of the OA - */ - public String getFriendlyName() { - return friendlyName; - } - - /** - * Sets the friendly name of the OA - * @param friendlyName - */ - public void setFriendlyName(String friendlyName) { - this.friendlyName = friendlyName; - } - - /** - * Gets the target of the OA - * @return target of the OA - */ - public String getTarget() { - return target; - } - - /** - * Sets the target of the OA - * @param target - */ - public void setTarget(String target) { - this.target = target; - } - - /** - * Gets the target friendly name of the OA - * @return target Friendly Name of the OA - */ - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - /** - * Sets the target friendly name of the OA - * @param targetFriendlyName - */ - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java index 1fe8f13b6..a2962e4b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java @@ -30,7 +30,7 @@ package at.gv.egovernment.moa.id.config; /**
* This interface contains all actual possible targets in Austria (shortcuts and friendly names)
- * Bereichskennung and Tätigkeitsbereich
+ * Bereichskennung and T�tigkeitsbereich
* @author bzwattendorfer
*
*/
@@ -38,178 +38,178 @@ public interface TargetsAndSectorNames { /** Bereichskennung AR */
public static String TARGET_AR = "AR";
- /** Tätigkeitsbereich AR */
+ /** Tätigkeitsbereich AR */
public static String TARGET_AR_SECTOR = "Arbeit";
/** Bereichskennung AS */
public static String TARGET_AS = "AS";
- /** Tätigkeitsbereich AS */
+ /** Tätigkeitsbereich AS */
public static String TARGET_AS_SECTOR = "Amtliche Statistik";
/** Bereichskennung BF */
public static String TARGET_BF = "BF";
- /** Tätigkeitsbereich BF */
+ /** Tätigkeitsbereich BF */
public static String TARGET_BF_SECTOR = "Bildung und Forschung";
/** Bereichskennung BW */
public static String TARGET_BW = "BW";
- /** Tätigkeitsbereich BW */
+ /** Tätigkeitsbereich BW */
public static String TARGET_BW_SECTOR = "Bauen und Wohnen";
/** Bereichskennung EA */
public static String TARGET_EA = "EA";
- /** Tätigkeitsbereich EA */
- public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
+ /** Tätigkeitsbereich EA */
+ public static String TARGET_EA_SECTOR = "EU und Auswärtige Angelegenheiten";
/** Bereichskennung EF */
public static String TARGET_EF = "EF";
- /** Tätigkeitsbereich EF */
+ /** Tätigkeitsbereich EF */
public static String TARGET_EF_SECTOR = "Ein- und Ausfuhr";
/** Bereichskennung GH */
public static String TARGET_GH = "GH";
- /** Tätigkeitsbereich GH */
+ /** Tätigkeitsbereich GH */
public static String TARGET_GH_SECTOR = "Gesundheit";
/** Bereichskennung GS */
public static String TARGET_GS = "GS";
- /** Tätigkeitsbereich GS */
+ /** Tätigkeitsbereich GS */
public static String TARGET_GS_SECTOR = "Gesellschaft und Soziales";
/** Bereichskennung GS-RE */
public static String TARGET_GS_RE = "GS-RE";
- /** Tätigkeitsbereich GS-RE */
+ /** Tätigkeitsbereich GS-RE */
public static String TARGET_GS_RE_SECTOR = "Restitution";
/** Bereichskennung JR */
public static String TARGET_JR = "JR";
- /** Tätigkeitsbereich JR */
+ /** Tätigkeitsbereich JR */
public static String TARGET_JR_SECTOR = "Justiz/Zivilrechtswesen";
/** Bereichskennung KL */
public static String TARGET_KL = "KL";
- /** Tätigkeitsbereich KL */
+ /** Tätigkeitsbereich KL */
public static String TARGET_KL_SECTOR = "Kultus";
/** Bereichskennung KU */
public static String TARGET_KU = "KU";
- /** Tätigkeitsbereich KU */
+ /** Tätigkeitsbereich KU */
public static String TARGET_KU_SECTOR = "Kunst und Kultur";
/** Bereichskennung LF */
public static String TARGET_LF = "LF";
- /** Tätigkeitsbereich LF */
+ /** Tätigkeitsbereich LF */
public static String TARGET_LF_SECTOR = "Land- und Forstwirtschaft";
/** Bereichskennung LV */
public static String TARGET_LV = "LV";
- /** Tätigkeitsbereich LV */
+ /** Tätigkeitsbereich LV */
public static String TARGET_LV_SECTOR = "Landesverteidigung";
/** Bereichskennung RT */
public static String TARGET_RT = "RT";
- /** Tätigkeitsbereich RT */
+ /** Tätigkeitsbereich RT */
public static String TARGET_RT_SECTOR = "Rundfunk und sonstige " +
"Medien sowie Telekommunikation";
/** Bereichskennung SA */
public static String TARGET_SA = "SA";
- /** Tätigkeitsbereich SA */
+ /** Tätigkeitsbereich SA */
public static String TARGET_SA_SECTOR = "Steuern und Abgaben";
/** Bereichskennung SF */
public static String TARGET_SF = "SF";
- /** Tätigkeitsbereich SF */
+ /** Tätigkeitsbereich SF */
public static String TARGET_SF_SECTOR = "Sport und Freizeit";
/** Bereichskennung SO */
public static String TARGET_SO = "SO";
- /** Tätigkeitsbereich SO */
+ /** Tätigkeitsbereich SO */
public static String TARGET_SO_SECTOR = "Sicherheit und Ordnung";
/** Bereichskennung SO-VR */
public static String TARGET_SO_VR = "SO-VR";
- /** Tätigkeitsbereich SO-VR */
+ /** Tätigkeitsbereich SO-VR */
public static String TARGET_SO_VR_SECTOR = "Vereinsregister";
/** Bereichskennung SR-RG */
public static String TARGET_SR_RG = "SR-RG";
- /** Tätigkeitsbereich SR-RG */
+ /** Tätigkeitsbereich SR-RG */
public static String TARGET_SR_RG_SECTOR = "Strafregister";
/** Bereichskennung SV */
public static String TARGET_SV = "SV";
- /** Tätigkeitsbereich SV */
+ /** Tätigkeitsbereich SV */
public static String TARGET_SV_SECTOR = "Sozialversicherung";
/** Bereichskennung UW */
public static String TARGET_UW = "UW";
- /** Tätigkeitsbereich UW */
+ /** Tätigkeitsbereich UW */
public static String TARGET_UW_SECTOR = "Umwelt";
/** Bereichskennung VT */
public static String TARGET_VT = "VT";
- /** Tätigkeitsbereich VT */
+ /** Tätigkeitsbereich VT */
public static String TARGET_VT_SECTOR = "Verkehr und Technik";
/** Bereichskennung VV */
public static String TARGET_VV = "VV";
- /** Tätigkeitsbereich VV */
- public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
+ /** Tätigkeitsbereich VV */
+ public static String TARGET_VV_SECTOR = "Vermögensverwaltung";
/** Bereichskennung WT */
public static String TARGET_WT = "WT";
- /** Tätigkeitsbereich WT */
+ /** Tätigkeitsbereich WT */
public static String TARGET_WT_SECTOR = "Wirtschaft";
/** Bereichskennung ZP */
public static String TARGET_ZP = "ZP";
- /** Tätigkeitsbereich ZP */
- public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
+ /** Tätigkeitsbereich ZP */
+ public static String TARGET_ZP_SECTOR = "Personenidentität und Bürgerrechte (zur Person)";
/** Bereichskennung BR */
public static String TARGET_BR = "BR";
- /** Tätigkeitsbereich BR */
- public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
+ /** Tätigkeitsbereich BR */
+ public static String TARGET_BR_SECTOR = "Bereichsübergreifender Rechtsschutz";
/** Bereichskennung HR */
public static String TARGET_HR = "HR";
- /** Tätigkeitsbereich HR */
+ /** Tätigkeitsbereich HR */
public static String TARGET_HR_SECTOR = "Zentrales Rechnungswesen";
/** Bereichskennung KI */
public static String TARGET_KI = "KI";
- /** Tätigkeitsbereich KI */
+ /** Tätigkeitsbereich KI */
public static String TARGET_KI_SECTOR = "Auftraggeberinterne allgemeine Kanzleiindizes";
/** Bereichskennung OI */
public static String TARGET_OI = "OI";
- /** Tätigkeitsbereich OI */
- public static String TARGET_OI_SECTOR = "Öffentlichkeitsarbeit";
+ /** Tätigkeitsbereich OI */
+ public static String TARGET_OI_SECTOR = "öffentlichkeitsarbeit";
/** Bereichskennung PV */
public static String TARGET_PV = "PV";
- /** Tätigkeitsbereich PV */
+ /** Tätigkeitsbereich PV */
public static String TARGET_PV_SECTOR = "Personalverwaltung";
/** Bereichskennung RD */
public static String TARGET_RD = "RD";
- /** Tätigkeitsbereich RD */
+ /** Tätigkeitsbereich RD */
public static String TARGET_RD_SECTOR = "Zentraler Rechtsdienst";
/** Bereichskennung VS */
public static String TARGET_VS = "VS";
- /** Tätigkeitsbereich VS */
- public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
+ /** Tätigkeitsbereich VS */
+ public static String TARGET_VS_SECTOR = "Zentrale Durchführung von Verwaltungsstrafverfahren";
/** Bereichskennung VS-RG */
public static String TARGET_VS_RG = "VS-RG";
- /** Tätigkeitsbereich VS-RG */
+ /** Tätigkeitsbereich VS-RG */
public static String TARGET_VS_RG_SECTOR = "Zentrales Verwaltungsstrafregister";
/** Bereichskennung ZU */
public static String TARGET_ZU = "ZU";
- /** Tätigkeitsbereich ZU */
+ /** Tätigkeitsbereich ZU */
public static String TARGET_ZU_SECTOR = "Zustellungen";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index b86b2ec68..55a20d558 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -24,29 +24,75 @@ package at.gv.egovernment.moa.id.config.auth; -import java.io.BufferedInputStream; +import iaik.security.cipher.AESKeyGenerator; +import iaik.util.logging.Log; + import java.io.File; import java.io.FileInputStream; +import java.io.FileNotFoundException; import java.io.IOException; -import java.io.InputStream; +import java.math.BigInteger; import java.net.MalformedURLException; +import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; +import java.util.ArrayList; +import java.util.HashMap; import java.util.List; - -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import eu.stork.vidp.messages.common.STORKBootstrap; - -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import java.util.Map; +import java.util.Properties; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.NoSuchPaddingException; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + +import org.hibernate.cfg.Configuration; + + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.ConnectionParameterForeign; +import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP; +import at.gv.egovernment.moa.id.config.ConnectionParameterMandate; import at.gv.egovernment.moa.id.config.stork.STORKConfig; +import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.FileUtils; -import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.stork.vidp.messages.common.STORKBootstrap; /** * A class providing access to the Auth Part of the MOA-ID configuration data. @@ -113,89 +159,34 @@ public class AuthConfigurationProvider extends ConfigurationProvider { // // configuration data // + private static MOAIDConfiguration moaidconfig = null; - /** - * configuration files containing transformations for rendering in the - * secure viewer of the security layer implementation; - * multiple files can be given for different mime types - */ - private String[] transformsInfoFileNames; + private static Properties props = null; - /** - * transformations for rendering in the secure viewer of the security layer implementation, - * read from {@link transformsInfoFileNames}; - * multiple transformation can be given for different mime types - */ - private String[] transformsInfos; + private static STORKConfig storkconfig = null; - /** - * parameters for connection to MOA SP component - */ - private ConnectionParameter moaSpConnectionParameter; + private static TimeOuts timeouts = null; - - /** - * trust profile ID to be used for verifying the identity link signature via MOA ID SP - */ - private String moaSpIdentityLinkTrustProfileID; - /** - * trust profile ID to be used for verifying the AUTH block signature via MOA ID SP - */ - private String moaSpAuthBlockTrustProfileID; - /** - * transformations to be used for verifying the AUTH block signature via MOA ID SP - */ - private String[] moaSpAuthBlockVerifyTransformsInfoIDs; - /** - * X509 SubjectNames which will be trusted - */ - private List identityLinkX509SubjectNames; - /** - * default parameters for verifying additional infoboxes. - */ - private VerifyInfoboxParameters defaultVerifyInfoboxParameters; - - /** - * configuration parameters for online applications - */ - private OAAuthParameter[] onlineApplicationAuthParameters; - /** - * the Selection Type of the bku Selection Element - */ - private String bKUSelectionType; - /** - * is the bku Selection Element present? - */ - private boolean bKUSelectable; - /** - * the bku Selection Connection Parameters - */ - private ConnectionParameter bKUConnectionParameter; + private static PVP2 pvp2general = null; - /** - * parameter for connection to SZR-GW GetIdentityLink - */ - private ConnectionParameter foreignIDConnectionParameter; + private static String alternativesourceid = null; - /** - * parameter for connection to OnlineMandates Service - */ - private ConnectionParameter onlineMandatesConnectionParameter; + private static List<String> legacyallowedprotocols = new ArrayList<String>(); - /** - * Parameter for trusted BKUs - */ - private List trustedBKUs; + private static VerifyAuthBlock verifyidl = null; - /** - * Parameter for trusted Template URLs - */ - private List trustedTemplateURLs; + private static ConnectionParameter MoaSpConnectionParameter = null; + private static ConnectionParameter ForeignIDConnectionParameter = null; + private static ConnectionParameter OnlineMandatesConnectionParameter = null; - /** - * Holds general information for STORK (e.g. C-PEPS connection parameter, SAML signing parameters, etc.) - */ - private STORKConfig storkConfig; + private static String MoaSpIdentityLinkTrustProfileID = null; + + private static List<String> TransformsInfos = null; + private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>(); + + private static Map<String, String> SLRequestTemplates = new HashMap<String, String>(); + + private static SSO ssoconfig = null; /** * Return the single instance of configuration data. @@ -250,129 +241,418 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * read/built. */ private void load(String fileName) throws ConfigurationException { - InputStream stream = null; - Element configElem; - ConfigurationBuilder builder; + + try { + //Initial Hibernate Framework + Logger.trace("Initializing Hibernate framework."); + + //Load MOAID-2.0 properties file + File propertiesFile = new File(fileName); + FileInputStream fis; + props = new Properties(); + + // determine the directory of the root config file + rootConfigFileDir = new File(fileName).getParent(); - try { - // load the main config file - stream = new BufferedInputStream(new FileInputStream(fileName)); - configElem = DOMUtils.parseXmlValidating(stream); - } catch (Throwable t) { - throw new ConfigurationException("config.03", null, t); - } - finally { - try { - if (stream != null) { - stream.close(); - } - } catch (IOException e) { - } - } try { - // determine the directory of the root config file - rootConfigFileDir = new File(fileName).getParent(); - try { - rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); - } catch (MalformedURLException t) { - throw new ConfigurationException("config.03", null, t); - } - + rootConfigFileDir = new File(rootConfigFileDir).toURL().toString(); + + } catch (MalformedURLException t) { + throw new ConfigurationException("config.03", null, t); + } + + try { + fis = new FileInputStream(propertiesFile); + props.load(fis); + + //TODO: maybe some general hibnerate config!!! + // read MOAID Session Hibernate properties + Properties moaSessionProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "moasession."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + moaSessionProp.put(propertyName, props.get(key.toString())); + } + } + + // read Config Hibernate properties + Properties configProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "configuration."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, props.get(key.toString())); + } + } + + // initialize hibernate + synchronized (AuthConfigurationProvider.class) { + + //Initial config Database + ConfigurationDBUtils.initHibernate(configProp); + + //initial MOAID Session Database + Configuration config = new Configuration(); + config.addAnnotatedClass(AssertionStore.class); + config.addAnnotatedClass(AuthenticatedSessionStore.class); + config.addAnnotatedClass(OASessionStore.class); + config.addAnnotatedClass(OldSSOSessionIDStore.class); + config.addProperties(moaSessionProp); + MOASessionDBUtils.initHibernate(config, moaSessionProp); + + } + Logger.trace("Hibernate initialization finished."); + + } catch (FileNotFoundException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (IOException e) { + throw new ConfigurationException("config.03", null, e); + + } catch (ExceptionInInitializerError e) { + throw new ConfigurationException("config.17", null, e); + } + + //Initialize OpenSAML for STORK - Logger.trace("Starting initialization of OpenSAML..."); + Logger.info("Starting initialization of OpenSAML..."); STORKBootstrap.bootstrap(); Logger.debug("OpenSAML successfully initialized"); + + + String legacyconfig = props.getProperty("configuration.xml.legacy"); + String xmlconfig = props.getProperty("configuration.xml"); +// String xmlconfigout = props.getProperty("configuration.xml.out"); + + + //check if XML config should be used + if (MiscUtil.isNotEmpty(legacyconfig) || MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!"); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) + ConfigurationDBUtils.delete(moaidconfig); + + List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications(); + if (oas != null && oas.size() > 0) { + for (OnlineApplication oa : oas) + ConfigurationDBUtils.delete(oa); + } + } + + //load legacy config if it is configured + if (MiscUtil.isNotEmpty(legacyconfig)) { + Logger.warn("WARNING! MOA-ID 2.0 is started with legacy configuration. This setup is not recommended!"); - // build the internal datastructures - builder = new ConfigurationBuilder(configElem, rootConfigFileDir); - bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); - bKUSelectable = (bKUConnectionParameter!=null); - bKUSelectionType = builder.buildAuthBKUSelectionType(); - genericConfiguration = builder.buildGenericConfiguration(); - transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); - transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); - moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); - moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); - moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); - moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); - defaultVerifyInfoboxParameters = null; - Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); - if (defaultVerifyInfoboxParamtersElem != null) { - defaultVerifyInfoboxParameters = - builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); - } - - - foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); - onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); - onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); - identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); - defaultChainingMode = builder.getDefaultChainingMode(); - chainingModes = builder.buildChainingModes(); - trustedCACertificates = builder.getTrustedCACertificates(); - trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); - trustedBKUs = builder.getTrustedBKUs(); - trustedTemplateURLs = builder.getTrustedTemplateURLs(); - storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); + MOAIDConfiguration moaconfig = BuildFromLegacyConfig.build(new File(legacyconfig), rootConfigFileDir, null); + + List<OnlineApplication> oas = moaconfig.getOnlineApplication(); + for (OnlineApplication oa : oas) + ConfigurationDBUtils.save(oa); + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.save(moaconfig); + + Logger.info("Legacy Configuration load is completed."); + + + } + + //load MOA-ID 2.x config from XML + if (MiscUtil.isNotEmpty(xmlconfig)) { + Logger.warn("Load configuration from MOA-ID 2.x XML configuration"); + + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); + Unmarshaller m = jc.createUnmarshaller(); + File file = new File(xmlconfig); + MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(file); + //ConfigurationDBUtils.save(moaconfig); + + List<OnlineApplication> importoas = moaconfig.getOnlineApplication(); + for (OnlineApplication importoa : importoas) { + ConfigurationDBUtils.saveOrUpdate(importoa); + } + + moaconfig.setOnlineApplication(null); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } catch (Exception e) { + Logger.warn("MOA-ID XML configuration can not be loaded from File.", e); + throw new ConfigurationException("config.02", null); + } + Logger.info("XML Configuration load is completed."); + } + + Logger.info("Read MOA-ID 2.0 configuration from database."); + moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + Logger.info("MOA-ID 2.0 is loaded."); + + if (moaidconfig == null) { + Logger.warn("NO MOA-ID configuration found."); + throw new ConfigurationException("config.18", null); + } + + +// //TODO: only for Testing!!! +// if (MiscUtil.isNotEmpty(xmlconfigout)) { +// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig); +// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config"); +// Marshaller m = jc.createMarshaller(); +// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true); +// File test = new File(xmlconfigout); +// m.marshal(moaidconfig, test); +// +// } + + //build STORK Config + AuthComponentGeneral auth = getAuthComponentGeneral(); + ForeignIdentities foreign = auth.getForeignIdentities(); + if (foreign == null ) { + Logger.warn("Error in MOA-ID Configuration. No STORK configuration found."); + + } else + storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir); + + + //load Chaining modes + ChainingModes cm = moaidconfig.getChainingModes(); + if (cm != null) { + defaultChainingMode = cm.getSystemDefaultMode().value(); + + List<TrustAnchor> tas = cm.getTrustAnchor(); + + chainingModes = new HashMap<IssuerAndSerial, String>(); + for (TrustAnchor ta : tas) { + IssuerAndSerial is = new IssuerAndSerial(ta.getX509IssuerName(), ta.getX509SerialNumber()); + chainingModes.put(is, ta.getMode().value()); + } + } else { + Logger.warn("Error in MOA-ID Configuration. No ChainingMode configuration found."); + throw new ConfigurationException("config.02", null); + } + + //set Trusted CA certs directory + trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates(); + + //set CertStoreDirectory + setCertStoreDirectory(); + + //set TrustManagerRevocationChecking + setTrustManagerRevocationChecking(); + + //set TimeOuts + if (auth.getGeneralConfiguration() != null) { + if (auth.getGeneralConfiguration().getTimeOuts() != null) { + + timeouts = new TimeOuts(); + if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null) + timeouts.setAssertion(new BigInteger("120")); + else + timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion()); + + if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null) + timeouts.setMOASessionCreated(new BigInteger("2700")); + else + timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated()); + + if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null) + timeouts.setMOASessionUpdated(new BigInteger("1200")); + else + timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated()); + } + } + else { + Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined."); + throw new ConfigurationException("config.02", null); + } + + //set PVP2 general config + Protocols protocols = auth.getProtocols(); + if (protocols != null) { + if (protocols.getPVP2() != null) { + PVP2 el = protocols.getPVP2();; + pvp2general = new PVP2(); + pvp2general.setIssuerName(el.getIssuerName()); + pvp2general.setPublicURLPrefix(el.getPublicURLPrefix()); + + if (el.getOrganization() != null) { + Organization org = new Organization(); + pvp2general.setOrganization(org); + org.setDisplayName(el.getOrganization().getDisplayName()); + org.setName(el.getOrganization().getName()); + org.setURL(el.getOrganization().getURL()); + } + + if (el.getContact() != null) { + List<Contact> cont = new ArrayList<Contact>(); + pvp2general.setContact(cont); + for (Contact e : el.getContact()) { + Contact c = new Contact(); + c.setCompany(e.getCompany()); + c.setGivenName(e.getGivenName()); + c.setMail(e.getMail()); + c.setPhone(e.getPhone()); + c.setSurName(e.getSurName()); + c.setType(e.getType()); + } + } + } + } else { + Logger.warn("Error in MOA-ID Configuration. No general Protcol configuration found."); + } + + //set alternativeSourceID + if (auth.getGeneralConfiguration() != null) + alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID(); + else { + Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined."); + throw new ConfigurationException("config.02", null); + } + + //set LegacyAllowedProtocols + try { + if (auth.getProtocols() != null) { + Protocols procols = auth.getProtocols(); + if (procols.getLegacyAllowed() != null) { + LegacyAllowed legacy = procols.getLegacyAllowed(); + legacyallowedprotocols = new ArrayList<String>(legacy.getProtocolName()); + } + } + } catch (Exception e) { + Logger.info("No protocols found with legacy allowed flag!"); + } + + //set VerifyAuthBlockConfig + MOASP moasp = getMOASPConfig(auth); + + VerifyAuthBlock el = moasp.getVerifyAuthBlock(); + if (el != null) { + verifyidl = new VerifyAuthBlock(); + verifyidl.setTrustProfileID(el.getTrustProfileID()); + verifyidl.setVerifyTransformsInfoProfileID(new ArrayList<String>(el.getVerifyTransformsInfoProfileID())); + } + else { + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for AuthBlock validation."); + throw new ConfigurationException("config.02", null); + } + + //set MOASP connection parameters + if (moasp.getConnectionParameter() != null) + MoaSpConnectionParameter = new ConnectionParameterMOASP(moasp.getConnectionParameter(), props, this.rootConfigFileDir); + else + MoaSpConnectionParameter = null; + + //set ForeignIDConnectionParameters + if (foreign != null) { + ForeignIDConnectionParameter = new ConnectionParameterForeign(foreign.getConnectionParameter(), props, this.rootConfigFileDir); + } else { + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to SZRGW Service found"); + } + + //set OnlineMandateConnectionParameters + OnlineMandates ovs = auth.getOnlineMandates(); + if (ovs != null) { + OnlineMandatesConnectionParameter = new ConnectionParameterMandate(ovs.getConnectionParameter(), props, this.rootConfigFileDir); + + } else { + Logger.warn("Error in MOA-ID Configuration. No Connectionconfiguration to OVS Service found"); + } + + //set MOASP IdentityLink Trust-ProfileID + VerifyIdentityLink verifyidl = moasp.getVerifyIdentityLink(); + if (verifyidl != null) + MoaSpIdentityLinkTrustProfileID = verifyidl.getTrustProfileID(); + else { + Logger.warn("Error in MOA-ID Configuration. No Trustprofile for IdentityLink validation."); + throw new ConfigurationException("config.02", null); + } + + //set SL transformation infos + SecurityLayer seclayer = auth.getSecurityLayer(); + if (seclayer == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration->SecurityLayer found"); + throw new ConfigurationException("config.02", null); + } else { + TransformsInfos = ConfigurationUtils.getTransformInfos(seclayer.getTransformsInfo()); + } + + //set IdentityLinkSignerSubjectNames + IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners(); + if (idlsigners != null) { + IdentityLinkX509SubjectNames = new ArrayList<String>(idlsigners.getX509SubjectName()); + + } else { + Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found."); + } + + //set SLRequestTemplates + SLRequestTemplates templ = moaidconfig.getSLRequestTemplates(); + if (templ == null) { + Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); + throw new ConfigurationException("config.02", null); + } else { + SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU()); + SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU()); + SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU()); + } + + //set SSO Config + if (auth.getSSO()!= null) { + ssoconfig = new SSO(); + ssoconfig.setFriendlyName(auth.getSSO().getFriendlyName()); + ssoconfig.setPublicURL(auth.getSSO().getPublicURL()); + ssoconfig.setSpecialText(auth.getSSO().getSpecialText()); + ssoconfig.setTarget(auth.getSSO().getTarget()); + + if (auth.getSSO().getIdentificationNumber() != null) { + IdentificationNumber value = new IdentificationNumber(); + value.setType(auth.getSSO().getIdentificationNumber().getType()); + value.setValue(auth.getSSO().getIdentificationNumber().getValue()); + ssoconfig.setIdentificationNumber(value); + } + } else { + Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found"); + } + + //close Database + ConfigurationDBUtils.closeSession(); + } catch (Throwable t) { throw new ConfigurationException("config.02", null, t); } } - /** - * Loads the <code>transformsInfos</code> from files. - * @throws Exception on any exception thrown - */ -// private void loadTransformsInfos() throws Exception { -// -// transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// } - -// /** -// * Loads the <code>transformsInfos</code> from files. -// * @throws Exception on any exception thrown -// */ -// private String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { -// -// String[] transformsInfos = new String[transformsInfoFileNames.length]; -// for (int i = 0; i < transformsInfoFileNames.length; i++) { -// String fileURL = transformsInfoFileNames[i]; -// -// //if fileURL is relative to rootConfigFileDir make it absolute -// fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir); -// String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); -// transformsInfos[i] = transformsInfo; -// } -// return transformsInfos; -// } - /** - * Return a string array with all filenames leading - * to the Transforms Information for the Security Layer - * @return String[] of filenames to the Security Layer Transforms Information - */ - public String[] getTransformsInfoFileNames() { - return transformsInfoFileNames; + + public Properties getGeneralPVP2ProperiesConfig() { + Properties configProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "protocols.pvp2."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, props.get(key.toString())); + } + } + return configProp; } - /** - * Build an array of the OnlineApplication Parameters containing information - * about the authentication component - * @return An OAProxyParameter array containing beans - * with all relevant information for theauthentication component of the online - * application - */ - public OAAuthParameter[] getOnlineApplicationParameters() { - return onlineApplicationAuthParameters; + + public PVP2 getGeneralPVP2DBConfig() { + return pvp2general; } + + public TimeOuts getTimeOuts() throws ConfigurationException { + return timeouts; + } + + public String getAlternativeSourceID() throws ConfigurationException { + return alternativesourceid; + } + + public List<String> getLegacyAllowedProtocols() { + return legacyallowedprotocols; + } + /** * Provides configuration information regarding the online application behind @@ -383,13 +663,15 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * if none is applicable */ public OAAuthParameter getOnlineApplicationParameter(String oaURL) { - OAAuthParameter[] oaParams = getOnlineApplicationParameters(); - for (int i = 0; i < oaParams.length; i++) { - OAAuthParameter oaParam = oaParams[i]; - if (oaURL.indexOf(oaParam.getPublicURLPrefix()) == 0) - return oaParam; - } - return null; + + OnlineApplication oa = ConfigurationDBRead.getActiveOnlineApplication(oaURL); + + if (oa == null) { + Logger.warn("Online application with identifier " + oaURL + " is not found."); + return null; + } + + return new OAAuthParameter(oa); } @@ -398,9 +680,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * profile id within the moa-sp part of the authentication component * * @return String with a url-reference to the VerifyAuthBlock trust profile ID + * @throws ConfigurationException */ - public String getMoaSpAuthBlockTrustProfileID() { - return moaSpAuthBlockTrustProfileID; + public String getMoaSpAuthBlockTrustProfileID() throws ConfigurationException { + return verifyidl.getTrustProfileID(); } /** @@ -408,119 +691,194 @@ public class AuthConfigurationProvider extends ConfigurationProvider { * IDs within the moa-sp part of the authentication component * @return A string array containing all urls to the * verify transform info IDs + * @throws ConfigurationException */ - public String[] getMoaSpAuthBlockVerifyTransformsInfoIDs() { - return moaSpAuthBlockVerifyTransformsInfoIDs; + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + return verifyidl.getVerifyTransformsInfoProfileID(); } /** * Return a ConnectionParameter bean containing all information * of the authentication component moa-sp element * @return ConnectionParameter of the authentication component moa-sp element + * @throws ConfigurationException */ - public ConnectionParameter getMoaSpConnectionParameter() { - return moaSpConnectionParameter; + public ConnectionParameter getMoaSpConnectionParameter() throws ConfigurationException { + return MoaSpConnectionParameter; } /** * Return a ConnectionParameter bean containing all information * of the authentication component foreigid element * @return ConnectionParameter of the authentication component foreignid element + * @throws ConfigurationException */ - public ConnectionParameter getForeignIDConnectionParameter() { - return foreignIDConnectionParameter; + public ConnectionParameter getForeignIDConnectionParameter() throws ConfigurationException { + return ForeignIDConnectionParameter; } /** * Return a ConnectionParameter bean containing all information * of the authentication component OnlineMandates element * @return ConnectionParameter of the authentication component OnlineMandates element + * @throws ConfigurationException */ - public ConnectionParameter getOnlineMandatesConnectionParameter() { - return onlineMandatesConnectionParameter; + public ConnectionParameter getOnlineMandatesConnectionParameter() throws ConfigurationException { + return OnlineMandatesConnectionParameter; } /** * Return a string with a url-reference to the VerifyIdentityLink trust * profile id within the moa-sp part of the authentication component * @return String with a url-reference to the VerifyIdentityLink trust profile ID + * @throws ConfigurationException */ - public String getMoaSpIdentityLinkTrustProfileID() { - return moaSpIdentityLinkTrustProfileID; + public String getMoaSpIdentityLinkTrustProfileID() throws ConfigurationException { + return MoaSpIdentityLinkTrustProfileID; } + /** * Returns the transformsInfos. * @return String[] + * @throws ConfigurationException */ - public String[] getTransformsInfos() { - return transformsInfos; + public List<String> getTransformsInfos() throws ConfigurationException { + return TransformsInfos; } /** * Returns the identityLinkX509SubjectNames. * @return List + * @throws ConfigurationException */ - public List getIdentityLinkX509SubjectNames() { - return identityLinkX509SubjectNames; + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + return IdentityLinkX509SubjectNames; } - /** - * Returns the trustBKUs. - * @return List - */ - public List getTrustedBKUs() { - return this.trustedBKUs; + public List<String> getSLRequestTemplates() throws ConfigurationException { + return new ArrayList<String>(SLRequestTemplates.values()); } - - /** - * Returns the trustedTemplateURLs. - * @return List - */ - public List getTrustedTemplateURLs() { - return this.trustedTemplateURLs; + + public String getSLRequestTemplates(String type) throws ConfigurationException { + String el = SLRequestTemplates.get(type); + if (MiscUtil.isNotEmpty(el)) + return el; + else { + Logger.warn("getSLRequestTemplates: BKU Type does not match: " + + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + return null; + } } - - /** - * Returns the bKUConnectionParameter. - * @return ConnectionParameter - */ - public ConnectionParameter getBKUConnectionParameter() { - return bKUConnectionParameter; + + public boolean isSSOBusinessService() throws ConfigurationException { + + if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null) + return true; + else + return false; } - - /** - * Returns the bKUSelectable. - * @return boolean - */ - public boolean isBKUSelectable() { - return bKUSelectable; + + public IdentificationNumber getSSOBusinessService() throws ConfigurationException { + if (ssoconfig != null) + return ssoconfig.getIdentificationNumber(); + else + return null; } - - /** - * Returns the bKUSelectionType. - * @return String - */ - public String getBKUSelectionType() { - return bKUSelectionType; + + public String getSSOTarget() throws ConfigurationException { + if (ssoconfig!= null) + return ssoconfig.getTarget(); + + return null; } - - /** - * Returns the defaultVerifyInfoboxParameters. - * - * @return The defaultVerifyInfoboxParameters. - */ - public VerifyInfoboxParameters getDefaultVerifyInfoboxParameters() { - return defaultVerifyInfoboxParameters; + + public String getSSOFriendlyName() { + if (ssoconfig!= null) { + if (MiscUtil.isNotEmpty(ssoconfig.getFriendlyName())) + return ssoconfig.getFriendlyName(); + } + + return "Default MOA-ID friendly name for SSO"; } - + + public String getSSOSpecialText() { + if (ssoconfig!= null) { + String text = ssoconfig.getSpecialText(); + if (MiscUtil.isEmpty(text)) + text = new String(); + + return text; + } + return new String(); + } + + public String getSSOPublicUrl() { + if (ssoconfig!= null) { + String url = ssoconfig.getPublicURL(); + if (MiscUtil.isEmpty(url)) + url = new String(); + return url; + } + return new String(); + } + + public String getMOASessionEncryptionKey() { + + String prop = props.getProperty("configuration.moasession.key"); + if (MiscUtil.isEmpty(prop)) + return null; + else + return prop; + } + /** * Retruns the STORK Configuration * @return STORK Configuration + * @throws ConfigurationException */ - public STORKConfig getStorkConfig() { - return storkConfig; + public STORKConfig getStorkConfig() throws ConfigurationException { + + return storkconfig; } + + private void setCertStoreDirectory() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + if (auth.getGeneralConfiguration() != null) + certstoreDirectory = rootConfigFileDir + auth.getGeneralConfiguration().getCertStoreDirectory(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + private void setTrustManagerRevocationChecking() throws ConfigurationException { + AuthComponentGeneral auth = getAuthComponentGeneral(); + + if (auth.getGeneralConfiguration() != null) + trustmanagerrevoationchecking = auth.getGeneralConfiguration().isTrustManagerRevocationChecking(); + else { + Logger.warn("Error in MOA-ID Configuration. No CertStoreDirectory defined."); + throw new ConfigurationException("config.02", null); + } + } + + private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException { + AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral(); + if (authgeneral == null) { + Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found"); + throw new ConfigurationException("config.02", null); + } + return authgeneral; + } + private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException { + MOASP moasp = authgeneral.getMOASP(); + + if (moasp == null) { + Logger.warn("Error in MOA-ID Configuration. No MOASP configuration found"); + throw new ConfigurationException("config.02", null); + } + return moasp; + } }
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 091a01bf7..c62594d6f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -25,10 +25,22 @@ package at.gv.egovernment.moa.id.config.auth; import java.util.ArrayList; +import java.util.List; -import org.opensaml.saml2.metadata.RequestedAttribute; - +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.config.ConfigurationUtils; import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.logging.Logger; import eu.stork.vidp.messages.builder.STORKMessagesBuilder; import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; @@ -47,93 +59,25 @@ import eu.stork.vidp.messages.stork.RequestedAttributes; * @author Harald Bratko */ public class OAAuthParameter extends OAParameter { - /** - * Sercurity Layer version - */ - private String slVersion; - /** - * true, if the Security Layer version is version 1.2, otherwise false - */ - private boolean slVersion12; - /** - * identityLinkDomainIdentifier - * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer") - * <br> - * only used within a business application context for providing it to the - * security layer as input for wbPK computation - */ - private String identityLinkDomainIdentifier; - /** - * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) - */ - private String keyBoxIdentifier; - /** - * transformations for rendering in the secure viewer of the security layer - * implementation; multiple transformation can be given for different mime types - */ - private String[] transformsInfos; - /** - * determines whether "Stammzahl" is to be included in the authentication data - */ - private boolean provideStammzahl; - /** - * determines whether AUTH block is to be included in the authentication data - */ - private boolean provideAuthBlock; - /** - * determines whether identity link is to be included in the authentication data - */ - private boolean provideIdentityLink; - /** - * determines whether the certificate is to be included in the authentication data - */ - private boolean provideCertificate; - /** - * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data - */ - private boolean provideFullMandatorData; - - /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ - private boolean useUTC; - - /** determines wheter a saml:Condition is added to the SAML assertion or not */ - private boolean useCondition; - - /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ - private int conditionLength; - /** - * url to a template for web page "Auswahl der Bürgerkartenumgebung" - */ - private String bkuSelectionTemplateURL; - /** - * template for web page "Anmeldung mit Bürgerkarte" - */ - private String templateURL; - /** - * template for web page "Signatur der Anmeldedaten" - */ - private String inputProcessorSignTemplateURL; - /** - * Parameters for verifying infoboxes. - */ - private VerifyInfoboxParameters verifyInfoboxParameters; - - /** - * Parameter for Mandate profiles - */ - private String mandateProfiles; - - /** - * - * Type for authentication number (e.g. Firmenbuchnummer) - */ - private String identityLinkDomainIdentifierType; + public static final String ONLINEBKU = "online"; + public static final String HANDYBKU = "handy"; + public static final String LOCALBKU = "local"; + + private AuthComponentOA oa_auth; + + public OAAuthParameter(OnlineApplication oa) { + super(oa); + + this.oa_auth = oa.getAuthComponentOA(); + + this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); +} /** * STORK QAA Level, Default = 4 */ - private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); /** * STORK RequestedAttributes for Online Application @@ -144,359 +88,215 @@ public class OAAuthParameter extends OAParameter { STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); - - -/** - * Returns <code>true</code> if the Security Layer version is version 1.2, - * otherwise <code>false</code>. - * @return <code>true</code> if the Security Layer version is version 1.2, - * otherwise <code>false</code> - */ - public boolean getSlVersion12() { - return slVersion12; - } - - /** - * Returns the security layer version. - * @return the security layer version. - */ - public String getSlVersion() { - return slVersion; - } - - /** - * Returns the identityLinkDomainIdentifier. - * @return the identityLinkDomainIdentifier. - */ - public String getIdentityLinkDomainIdentifier() { - return identityLinkDomainIdentifier; - } - - /** - * Returns the transformsInfos. - * @return the transformsInfos. - */ - public String[] getTransformsInfos() { - return transformsInfos; - } - - /** - * Returns the provideAuthBlock. - * @return String - */ - public boolean getProvideAuthBlock() { - return provideAuthBlock; - } - - /** - * Returns the provideIdentityLink. - * @return String - */ - public boolean getProvideIdentityLink() { - return provideIdentityLink; - } - /** - * Returns the provideStammzahl. - * @return String - */ - public boolean getProvideStammzahl() { - return provideStammzahl; - } - - /** - * Returns <code>true</code> if the certificate should be provided within the - * authentication data, otherwise <code>false</code>. - * @return <code>true</code> if the certificate should be provided, - * otherwise <code>false</code> - */ - public boolean getProvideCertifcate() { - return provideCertificate; - } - - /** - * Returns <code>true</code> if the full mandator data should be provided within the - * authentication data, otherwise <code>false</code>. - * @return <code>true</code> if the full mandator data should be provided, - * otherwise <code>false</code> - */ - public boolean getProvideFullMandatorData() { - return provideFullMandatorData; - } - - /** - * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. - * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. - */ - public boolean getUseUTC() { - return useUTC; - } - - /** - * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. - * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. - */ - public boolean getUseCondition() { - return useCondition; - } - - /** - * Returns the validity time of the SAML assertion (if useCondition is true) in seconds - * @return the validity time of the SAML assertion (if useCondition is true) in seconds - */ - public int getConditionLength() { - return conditionLength; - } + private String keyBoxIdentifier; - /** - * Returns the key box identifier. - * @return String - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - /** - * Returns the BkuSelectionTemplate url. - * @return The BkuSelectionTemplate url or <code>null</code> if no url for - * a BkuSelectionTemplate is set. - */ - public String getBkuSelectionTemplateURL() { - return bkuSelectionTemplateURL; - } - - /** - * Returns the TemplateURL url. - * @return The TemplateURL url or <code>null</code> if no url for - * a Template is set. - */ - public String getTemplateURL() { - return templateURL; - } - - - /** - * Returns the inputProcessorSignTemplateURL url. - * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for - * a input processor sign template is set. - */ - public String getInputProcessorSignTemplateURL() { - return inputProcessorSignTemplateURL; - } - - /** - * Returns the parameters for verifying additional infoboxes. - * - * @return The parameters for verifying additional infoboxes. - * Maybe <code>null</code>. - */ - public VerifyInfoboxParameters getVerifyInfoboxParameters() { - return verifyInfoboxParameters; - } - - /** - * Sets the security layer version. - * Also sets <code>slVersion12</code> ({@link #getSlVersion12()}) - * to <code>true</code> if the Security Layer version is 1.2. - * @param slVersion The security layer version to be used. - */ - public void setSlVersion(String slVersion) { - this.slVersion = slVersion; - if ("1.2".equals(slVersion)) { - this.slVersion12 = true; - } - } - /** - * Sets the IdentityLinkDomainIdentifier. - * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. - */ - public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { - this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; - } - /** - * Sets the transformsInfos. - * @param transformsInfos The transformsInfos to be used. - */ - public void setTransformsInfos(String[] transformsInfos) { - this.transformsInfos = transformsInfos; - } - + * @return the slVersion + */ +public String getSlVersion() { + return oa_auth.getSlVersion(); +} /** - * Sets the provideAuthBlock. - * @param provideAuthBlock The provideAuthBlock to set - */ - public void setProvideAuthBlock(boolean provideAuthBlock) { - this.provideAuthBlock = provideAuthBlock; - } + * @return the slVersion12 + */ +public boolean isSlVersion12() { + if ("1.2".equals(oa_auth.getSlVersion())) + return true; + else + return false; + } - /** - * Sets the provideIdentityLink. - * @param provideIdentityLink The provideIdentityLink to set - */ - public void setProvideIdentityLink(boolean provideIdentityLink) { - this.provideIdentityLink = provideIdentityLink; - } +public boolean getUseUTC() { + return oa_auth.isUseUTC(); +} - /** - * Sets the provideStammzahl. - * @param provideStammzahl The provideStammzahl to set - */ - public void setProvideStammzahl(boolean provideStammzahl) { - this.provideStammzahl = provideStammzahl; - } - - /** - * Sets the provideCertificate variable. - * @param provideCertificate The provideCertificate value to set - */ - public void setProvideCertificate(boolean provideCertificate) { - this.provideCertificate = provideCertificate; - } - - /** - * Sets the provideFullMandatorData variable. - * @param provideFullMandatorData The provideFullMandatorData value to set - */ - public void setProvideFullMandatorData(boolean provideFullMandatorData) { - this.provideFullMandatorData = provideFullMandatorData; - } - - /** - * Sets the useUTC variable. - * @param useUTC The useUTC value to set - */ - public void setUseUTC(boolean useUTC) { - this.useUTC = useUTC; - } - - /** - * Sets the useCondition variable - * @param useCondition The useCondition value to set - */ - public void setUseCondition(boolean useCondition) { - this.useCondition = useCondition; - } - - /** - * Sets the conditionLength variable - * @param conditionLength the conditionLength value to set - */ - public void setConditionLength(int conditionLength) { - this.conditionLength = conditionLength; - } - +public boolean useIFrame() { + return oa_auth.isUseIFrame(); +} - /** - * Sets the key box identifier. - * @param keyBoxIdentifier to set - */ - public void setKeyBoxIdentier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - /** - * Sets the BkuSelectionTemplate url. - * @param bkuSelectionTemplateURL The url string specifying the location - * of a BkuSelectionTemplate. - */ - public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { - this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; - } - - /** - * Sets the Template url. - * @param templateURL The url string specifying the location - * of a Template. - */ - public void setTemplateURL(String templateURL) { - this.templateURL = templateURL; - } - - /** - * Sets the input processor sign form template url. - * - * @param inputProcessorSignTemplateURL The url string specifying the - * location of the input processor sign form - */ - public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { - this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; - } +/** + * @return the identityLinkDomainIdentifier + */ +public String getIdentityLinkDomainIdentifier() { + + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getValue(); + + return null; +} - /** - * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. - * - * @param verifyInfoboxParameters The verifyInfoboxParameters to set. - */ - public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { - this.verifyInfoboxParameters = verifyInfoboxParameters; - } - - /** - * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - */ - public String getIdentityLinkDomainIdentifierType() { - return identityLinkDomainIdentifierType; - } +/** + * @return the keyBoxIdentifier + */ +public String getKeyBoxIdentifier() { + + return keyBoxIdentifier; +} - /** - * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) - * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) - */ - public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { - this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; - } - - /** - * Sets the Mandate/Profiles - * @param profiles - */ - public void setMandateProfiles(String profiles) { - this.mandateProfiles = profiles; - } - - /** - * Returns the Mandates/Profiles - * @return - */ - public String getMandateProfiles() { - return this.mandateProfiles; - } +/** + * @return the transformsInfos + */ +public List<String> getTransformsInfos() { + + List<TransformsInfoType> transformations = oa_auth.getTransformsInfo(); + return ConfigurationUtils.getTransformInfos(transformations); +} - /** - * Returns the defined STORK QAALevel - * @return STORK QAALevel - */ - public QualityAuthenticationAssuranceLevel getQaaLevel() { - return qaaLevel; + public OASAML1 getSAML1Parameter() { + return oa_auth.getOASAML1(); } + public OAPVP2 getPVP2Parameter() { + return oa_auth.getOAPVP2(); + } + +///** +// * @return the bkuSelectionTemplateURL +// */ +//public String getBkuSelectionTemplateURL() { +// return bkuSelectionTemplateURL; +//} + /** - * Sets the STORK QAALevel - * @param qaaLevel + * @return the templateURL */ - public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { - this.qaaLevel = qaaLevel; + public List<TemplateType> getTemplateURL() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + if (templates.getTemplate() != null) { + return templates.getTemplate(); + } + } + return null; } - /** - * Returns the desired STORK Requested Attributes - * @return STORK Requested Attributes - */ - public RequestedAttributes getRequestedAttributes() { - return requestedAttributes; + public String getAditionalAuthBlockText() { + TemplatesType templates = oa_auth.getTemplates(); + + if (templates != null) { + return templates.getAditionalAuthBlockText(); + } + return null; } - /** - * Sets the desired STORK Requested Attributes - * @param requestedAttributes - */ - public void setRequestedAttributes(RequestedAttributes requestedAttributes) { - this.requestedAttributes = requestedAttributes; + public String getBKUURL(String bkutype) { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + if (bkuurls != null) { + if (bkutype.equals(ONLINEBKU)) + return bkuurls.getOnlineBKU(); + else if (bkutype.equals(HANDYBKU)) + return bkuurls.getHandyBKU(); + else if (bkutype.equals(LOCALBKU)) + return bkuurls.getLocalBKU(); + + } + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + return null; + } + + public List<String> getBKUURL() { + BKUURLS bkuurls = oa_auth.getBKUURLS(); + + List<String> list = new ArrayList<String>(); + + if (bkuurls == null) { + Logger.warn("BKU Type does not match: " + + ONLINEBKU + " or " + HANDYBKU + " or " + LOCALBKU); + } else { + list.add(bkuurls.getOnlineBKU()); + list.add(bkuurls.getHandyBKU()); + list.add(bkuurls.getLocalBKU()); + } + return list; + } + + + public boolean useSSO() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.isUseSSO(); + else + return false; + } + + public boolean useSSOQuestion() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.isAuthDataFrame(); + else + return true; + + } + + public String getSingleLogOutURL() { + OASSO sso = oa_auth.getOASSO(); + if (sso != null) + return sso.getSingleLogOutURL(); + else + return null; } + +///** +// * @return the inputProcessorSignTemplateURL +// */ +//public String getInputProcessorSignTemplateURL() { +// return inputProcessorSignTemplateURL; +//} + +///** +// * @return the verifyInfoboxParameters +// */ +//public VerifyInfoboxParameters getVerifyInfoboxParameters() { +// return verifyInfoboxParameters; +//} + +/** + * @return the mandateProfiles + */ +public String getMandateProfiles() { + + Mandates mandates = oa_auth.getMandates(); + + if (mandates != null) + return mandates.getProfiles(); + else + return null; +} + +/** + * @return the identityLinkDomainIdentifierType + */ +public String getIdentityLinkDomainIdentifierType() { + IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); + if (idnumber != null) + return idnumber.getType(); + + return null; +} + +/** + * @return the qaaLevel + */ +public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; +} + +/** + * @return the requestedAttributes + */ +public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; +} + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java new file mode 100644 index 000000000..1460668e2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java @@ -0,0 +1,591 @@ +package at.gv.egovernment.moa.id.config.legacy; + +import iaik.util.logging.Log; +import iaik.x509.X509Certificate; + +import java.io.BufferedInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Properties; +import java.util.Set; + +import org.bouncycastle.crypto.macs.OldHMac; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.XMLObject; +import org.w3c.dom.Element; + +import eu.stork.vidp.messages.util.SAMLUtil; +import eu.stork.vidp.messages.util.XMLUtil; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes; +import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore; +import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType; +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities; +import at.gv.egovernment.moa.id.commons.db.dao.config.GeneralConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners; +import at.gv.egovernment.moa.id.commons.db.dao.config.KeyName; +import at.gv.egovernment.moa.id.commons.db.dao.config.KeyStore; +import at.gv.egovernment.moa.id.commons.db.dao.config.LegacyAllowed; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOASP; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.Organization; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols; +import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter; +import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates; +import at.gv.egovernment.moa.id.commons.db.dao.config.SSO; +import at.gv.egovernment.moa.id.commons.db.dao.config.STORK; +import at.gv.egovernment.moa.id.commons.db.dao.config.SecurityLayer; +import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureCreationParameterType; +import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TimeOuts; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; +import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; + +import at.gv.egovernment.moa.id.data.IssuerAndSerial; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; + +public class BuildFromLegacyConfig { + + private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID"; + + private static final String SEARCHBKUTEMPLATE_LOCAL = "https://127.0.0.1:3496/"; + private static final String SEARCHBKUTEMPLATE_HANDY = "https://www.handy-signatur.at"; + private static final String SEARCHBKUTEMPLATE_ONLINE = "bkuonline/http-security-layer-request"; + + public static MOAIDConfiguration build(File fileName, String rootConfigFileDir, MOAIDConfiguration oldconfig) throws ConfigurationException { + InputStream stream = null; + Element configElem; + ConfigurationBuilder builder; + + Log.info("Load Legacy-Configuration from file=" + fileName); + + try { + // load the main config file + stream = new BufferedInputStream(new FileInputStream(fileName)); + configElem = DOMUtils.parseXmlValidating(stream); + + } catch (Throwable t) { + throw new ConfigurationException("config.03", null, t); + } + + finally { + try { + if (stream != null) { + stream.close(); + } + } catch (IOException e) { + + } + } + + try { + String oldbkuonline = ""; + String oldbkulocal = ""; + String oldbkuhandy = ""; + + // build the internal datastructures + builder = new ConfigurationBuilder(configElem, rootConfigFileDir); + + + MOAIDConfiguration moaIDConfig = new MOAIDConfiguration(); + + AuthComponentGeneral generalAuth = new AuthComponentGeneral(); + moaIDConfig.setAuthComponentGeneral(generalAuth); + + + //not supported by MOA-ID 2.0 + //ConnectionParameter bKUConnectionParameter = builder.buildAuthBKUConnectionParameter(); + //bKUSelectable = (bKUConnectionParameter!=null); + //bKUSelectionType = builder.buildAuthBKUSelectionType(); + + + //Load generic Config + Map genericConfiguration = builder.buildGenericConfiguration(); + GeneralConfiguration authGeneral = new GeneralConfiguration(); + + if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID)) + authGeneral.setAlternativeSourceID( + (String)genericConfiguration.get(GENERIC_CONFIG_PARAM_SOURCEID)); + + if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING)) + authGeneral.setTrustManagerRevocationChecking( + Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))); + + if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)) + authGeneral.setCertStoreDirectory( + (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY)); + + + //Load Assertion and Session timeouts + TimeOuts timeOuts = new TimeOuts(); + if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY)) + timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_DATA_TIMEOUT_PROPERTY)))); + else + timeOuts.setAssertion(BigInteger.valueOf(2*60)); //default 2min + + if (genericConfiguration.containsKey(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY)) + timeOuts.setAssertion(BigInteger.valueOf(Long.valueOf((String)genericConfiguration.get(AuthConfigurationProvider.AUTH_SESSION_TIMEOUT_PROPERTY)))); + else + timeOuts.setAssertion(BigInteger.valueOf(30*60)); //default 30min + + timeOuts.setMOASessionUpdated(BigInteger.valueOf(15*60)); //default 15min + authGeneral.setTimeOuts(timeOuts); + generalAuth.setGeneralConfiguration(authGeneral); + + + //TODO: set Protocols!!!! + Protocols auth_protocols = new Protocols(); + generalAuth.setProtocols(auth_protocols); + + LegacyAllowed prot_legacy = new LegacyAllowed(); + auth_protocols.setLegacyAllowed(prot_legacy); + final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values + prot_legacy.setProtocolName(PROTOCOLS_LEGACY_ALLOWED); + + //TODO: remove beta test values + PVP2 prot_pvp2 = new PVP2(); + auth_protocols.setPVP2(prot_pvp2); + prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/"); + prot_pvp2.setIssuerName("MOA-ID 2.0 Demo IDP"); + + Organization pvp2_org = new Organization(); + prot_pvp2.setOrganization(pvp2_org); + pvp2_org.setDisplayName("OrganisationDisplayName"); + pvp2_org.setName("OrganisatioName"); + pvp2_org.setURL("http://www.egiz.gv.at"); + + List<Contact> pvp2_contacts = new ArrayList<Contact>(); + prot_pvp2.setContact(pvp2_contacts); + + Contact pvp2_contact = new Contact(); + pvp2_contact.setCompany("OrganisationDisplayName"); + pvp2_contact.setGivenName("Max"); + + + List<String> mails = new ArrayList<String>(); + pvp2_contact.setMail(mails); + mails.add("max@muster.mann"); + + List<String> phones = new ArrayList<String>(); + pvp2_contact.setPhone(phones); + phones.add("01 5555 5555"); + + pvp2_contact.setSurName("Mustermann"); + pvp2_contact.setType("technical"); + pvp2_contacts.add(pvp2_contact); + + //SSO + SSO auth_sso = new SSO(); + generalAuth.setSSO(auth_sso); + auth_sso.setTarget("BF"); + auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta"); + + + //set SecurityLayer Transformations + String[] transformsInfoFileNames = builder.buildTransformsInfoFileNames(builder.getConfigElem(), ConfigurationBuilder.AUTH_SECLAYER_TRANSFORMS_INFO_FILENAME_XPATH); + String[] transformsInfos = builder.loadTransformsInfos(transformsInfoFileNames); + + List<TransformsInfoType> auth_transformInfos = new ArrayList<TransformsInfoType>(); + if (transformsInfos != null && transformsInfos.length > 0) { + for (int i=0; i<transformsInfos.length; i++) { + + TransformsInfoType transforminfotype = new TransformsInfoType(); + transforminfotype.setFilename(transformsInfoFileNames[i]); + + transforminfotype.setTransformation(Base64Utils.encode(transformsInfos[i].getBytes("UTF-8")).getBytes("UTF-8")); + auth_transformInfos.add(transforminfotype); + } + + } + + SecurityLayer auth_securityLayer = new SecurityLayer(); + auth_securityLayer.setTransformsInfo(auth_transformInfos); + generalAuth.setSecurityLayer(auth_securityLayer); + + + //set MOASP configuration + MOASP auth_moaSP = new MOASP(); + generalAuth.setMOASP(auth_moaSP); + + //set MOASP connection + ConnectionParameter moaSpConnectionParameter = builder.buildMoaSpConnectionParameter(); + if (moaSpConnectionParameter != null) { + ConnectionParameterClientAuthType auth_moaSP_connection = + parseConnectionParameterClientAuth(moaSpConnectionParameter); + auth_moaSP.setConnectionParameter(auth_moaSP_connection); + } + + //set VerifyIdentityLink + String moaSpIdentityLinkTrustProfileID = builder.getMoaSpIdentityLinkTrustProfileID(); + VerifyIdentityLink auth_moaSP_verifyIdentityLink = new VerifyIdentityLink(); + auth_moaSP_verifyIdentityLink.setTrustProfileID(moaSpIdentityLinkTrustProfileID); + auth_moaSP.setVerifyIdentityLink(auth_moaSP_verifyIdentityLink); + + //set VerifyAuthBlock + String moaSpAuthBlockTrustProfileID = builder.getMoaSpAuthBlockTrustProfileID(); + VerifyAuthBlock auth_moaSP_verifyAuthBlock = new VerifyAuthBlock(); + auth_moaSP_verifyAuthBlock.setTrustProfileID(moaSpAuthBlockTrustProfileID); + String[] moaSpAuthBlockVerifyTransformsInfoIDs = builder.buildMoaSpAuthBlockVerifyTransformsInfoIDs(); + List<String> transformlist = new ArrayList<String>(); + Collections.addAll(transformlist, moaSpAuthBlockVerifyTransformsInfoIDs); + auth_moaSP_verifyAuthBlock.setVerifyTransformsInfoProfileID(transformlist); + auth_moaSP.setVerifyAuthBlock(auth_moaSP_verifyAuthBlock); + + + //TODO: check correctness!!! + //set IdentityLinkSigners + IdentityLinkSigners auth_idsigners = new IdentityLinkSigners(); + generalAuth.setIdentityLinkSigners(auth_idsigners); + List<String> identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); + auth_idsigners.setX509SubjectName(identityLinkX509SubjectNames); + + + //not supported by MOA-ID 2.0 + VerifyInfoboxParameters defaultVerifyInfoboxParameters = null; +// Node defaultVerifyInfoboxParamtersElem = XPathUtils.selectSingleNode(configElem, ConfigurationBuilder.AUTH_VERIFY_INFOBOXES_XPATH); +// if (defaultVerifyInfoboxParamtersElem != null) { +// defaultVerifyInfoboxParameters = +// builder.buildVerifyInfoboxParameters((Element)defaultVerifyInfoboxParamtersElem, null, moaSpIdentityLinkTrustProfileID); +// } + + + //Set ForeignIdentities + ForeignIdentities auth_foreign = new ForeignIdentities(); + generalAuth.setForeignIdentities(auth_foreign); + + //set Connection parameters + ConnectionParameter foreignIDConnectionParameter = builder.buildForeignIDConnectionParameter(); + ConnectionParameterClientAuthType auth_foreign_connection = + parseConnectionParameterClientAuth(foreignIDConnectionParameter); + auth_foreign.setConnectionParameter(auth_foreign_connection); + + //set STORK configuration + STORKConfig storkConfig = new STORKConfig(builder.buildSTORKSignatureCreationParameter(),builder.buildSTORKSignatureVerificationParameter(), builder.buildSTORKcPEPSMap()); + STORK auth_foreign_stork = new STORK(); + auth_foreign.setSTORK(auth_foreign_stork); + + //set CPEPS + Map<String, at.gv.egovernment.moa.id.config.legacy.CPEPS> map = storkConfig.getCpepsMap(); + Set<String> map_keys = map.keySet(); + List<CPEPS> auth_foreign_stork_cpeps = new ArrayList<CPEPS>(); + for (String key : map_keys) { + CPEPS cpep = new CPEPS(); + cpep.setCountryCode(map.get(key).getCountryCode()); + cpep.setURL(map.get(key).getPepsURL().toExternalForm()); //check correctness!!!! + + List<String> cpep_reqs = new ArrayList<String>(); + + List<RequestedAttribute> map1 = map.get(key).getCountrySpecificRequestedAttributes(); + for (RequestedAttribute e1 : map1) { + Element element = SAMLUtil.marshallMessage(e1); + cpep_reqs.add(XMLUtil.printXML(element)); + } + cpep.setAttributeValue(cpep_reqs); + auth_foreign_stork_cpeps.add(cpep); + } + auth_foreign_stork.setCPEPS(auth_foreign_stork_cpeps); + + + //set SAMLSigningParameter + if (storkConfig.getSignatureCreationParameter() != null && + storkConfig.getSignatureVerificationParameter() != null) { + SAMLSigningParameter auth_foreign_stork_samlSign = new SAMLSigningParameter(); + auth_foreign_stork.setSAMLSigningParameter(auth_foreign_stork_samlSign); + + SignatureCreationParameterType stork_saml_creat = new SignatureCreationParameterType(); + auth_foreign_stork_samlSign.setSignatureCreationParameter(stork_saml_creat); + KeyStore stork_saml_creat_keystore = new KeyStore(); + stork_saml_creat.setKeyStore(stork_saml_creat_keystore); + stork_saml_creat_keystore.setPassword(storkConfig.getSignatureCreationParameter().getKeyStorePassword()); + stork_saml_creat_keystore.setValue(storkConfig.getSignatureCreationParameter().getKeyStorePath()); + KeyName stork_saml_creat_keyname = new KeyName(); + stork_saml_creat.setKeyName(stork_saml_creat_keyname); + stork_saml_creat_keyname.setValue(storkConfig.getSignatureCreationParameter().getKeyName()); + stork_saml_creat_keyname.setPassword(storkConfig.getSignatureCreationParameter().getKeyPassword()); + + + + SignatureVerificationParameterType stork_saml_verify = new SignatureVerificationParameterType(); + auth_foreign_stork_samlSign.setSignatureVerificationParameter(stork_saml_verify); + stork_saml_verify.setTrustProfileID(storkConfig.getSignatureVerificationParameter().getTrustProfileID()); + + } + + //TODO: check correctness + //set QualityAuthenticationAssurance + //set RequestedAttbutes + + + //set OnlineMandates config + ConnectionParameter onlineMandatesConnectionParameter = builder.buildOnlineMandatesConnectionParameter(); + if (onlineMandatesConnectionParameter != null) { + OnlineMandates auth_mandates = new OnlineMandates(); + generalAuth.setOnlineMandates(auth_mandates); + auth_mandates.setConnectionParameter( + parseConnectionParameterClientAuth(onlineMandatesConnectionParameter)); + } + + + //TODO: add auth template configuration!!! + + + if (oldconfig != null) { + if (oldconfig.getDefaultBKUs() != null) { + oldbkuhandy = oldconfig.getDefaultBKUs().getHandyBKU(); + oldbkulocal = oldconfig.getDefaultBKUs().getLocalBKU(); + oldbkuonline = oldconfig.getDefaultBKUs().getOnlineBKU(); + } + } else { + List<String> trustbkus = builder.getTrustedBKUs(); + for (String trustbku : trustbkus) { + if (MiscUtil.isEmpty(oldbkuonline) && trustbku.endsWith(SEARCHBKUTEMPLATE_ONLINE)) + oldbkuonline = trustbku; + + if (MiscUtil.isEmpty(oldbkuhandy) && trustbku.startsWith(SEARCHBKUTEMPLATE_HANDY)) + oldbkuhandy = trustbku; + + if (MiscUtil.isEmpty(oldbkulocal) && trustbku.startsWith(SEARCHBKUTEMPLATE_LOCAL)) + oldbkulocal = trustbku; + } + + } + + + //set OnlineApplications + OAAuthParameter[] onlineApplicationAuthParameters = builder.buildOnlineApplicationAuthParameters(defaultVerifyInfoboxParameters, moaSpIdentityLinkTrustProfileID); + + ArrayList<OnlineApplication> moa_oas = new ArrayList<OnlineApplication>(); + moaIDConfig.setOnlineApplication(moa_oas); + + for (OAAuthParameter oa : onlineApplicationAuthParameters) { + OnlineApplication moa_oa = new OnlineApplication(); + + //set general OA configuration + moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird + moa_oa.setFriendlyName(oa.getFriendlyName()); + moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness + moa_oa.setPublicURLPrefix(oa.getPublicURLPrefix()); + moa_oa.setTarget(oa.getTarget()); + moa_oa.setTargetFriendlyName(oa.getTargetFriendlyName()); + moa_oa.setType(oa.getOaType()); + moa_oa.setIsActive(true); + + + AuthComponentOA oa_auth = new AuthComponentOA(); + moa_oa.setAuthComponentOA(oa_auth); + + //SLLayer Version / useIframe + oa_auth.setSlVersion(oa.getSlVersion()); + oa_auth.setUseIFrame(false); + oa_auth.setUseUTC(oa.getUseUTC()); + + + //BKUURLs + BKUURLS bkuurls = new BKUURLS(); + bkuurls.setOnlineBKU(oldbkuonline); + bkuurls.setHandyBKU(oldbkuhandy); + bkuurls.setLocalBKU(oldbkulocal); + oa_auth.setBKUURLS(bkuurls); + + //IdentificationNumber + IdentificationNumber idnumber = new IdentificationNumber(); + idnumber.setValue(oa.getIdentityLinkDomainIdentifier()); + idnumber.setType(oa.getIdentityLinkDomainIdentifierType()); + oa_auth.setIdentificationNumber(idnumber); + + //set Templates + TemplatesType templates = new TemplatesType(); + oa_auth.setTemplates(templates); + templates.setAditionalAuthBlockText(""); + TemplateType template = new TemplateType(); + template.setURL(oa.getTemplateURL()); + ArrayList<TemplateType> template_list = new ArrayList<TemplateType>(); + template_list.add(template); + templates.setTemplate(template_list); + + + //set TransformsInfo + String[] transforminfos = oa.getTransformsInfos(); + ArrayList<TransformsInfoType> oa_transforminfos = new ArrayList<TransformsInfoType>(); + for (String e1 : transforminfos) { + TransformsInfoType transforminfo = new TransformsInfoType(); + transforminfo.setFilename(e1); + oa_transforminfos.add(transforminfo); + } + oa_auth.setTransformsInfo(oa_transforminfos); + + //VerifyInfoBoxes not supported by MOAID 2.0 + + //set Mandates + Mandates oa_mandates = new Mandates(); + oa_auth.setMandates(oa_mandates); + oa_mandates.setProfiles(oa.getMandateProfiles()); + + //STORK + //TODO: OA specific STORK config is deactivated in MOA 1.5.2 + + //SSO + OASSO oa_sso = new OASSO(); + oa_auth.setOASSO(oa_sso); + oa_sso.setUseSSO(true); + oa_sso.setSingleLogOutURL(""); + oa_sso.setAuthDataFrame(true); + + //OA_SAML1 + OASAML1 oa_saml1 = new OASAML1(); + oa_auth.setOASAML1(oa_saml1); + oa_saml1.setConditionLength(BigInteger.valueOf(oa.getConditionLength())); + oa_saml1.setProvideAUTHBlock(oa.getProvideAuthBlock()); + oa_saml1.setProvideCertificate(oa.getProvideCertifcate()); + oa_saml1.setProvideFullMandatorData(oa.getProvideFullMandatorData()); + oa_saml1.setProvideIdentityLink(oa.getProvideIdentityLink()); + oa_saml1.setProvideStammzahl(oa.getProvideStammzahl()); + oa_saml1.setUseCondition(oa.getUseCondition()); + + //OA_PVP2 + OAPVP2 oa_pvp2 = new OAPVP2(); + oa_auth.setOAPVP2(oa_pvp2); + +// oa_pvp2.setMetadataURL("empty"); +// +// //TODO: is only a workaround!!!! +// Properties props = getGeneralPVP2ProperiesConfig(properies); +// File dir = new File(props.getProperty("idp.truststore")); +// File[] files = dir.listFiles(); +// if (files.length > 0) { +// FileInputStream filestream = new FileInputStream(files[0]); +// X509Certificate signerCertificate = new X509Certificate(filestream); +// oa_pvp2.setCertificate(signerCertificate.getEncoded()); +// +// } else { +// oa_pvp2.setCertificate(null); +// } + + moa_oas.add(moa_oa); + //ConfigurationDBUtils.save(moa_oa); + } + + //removed from MOAID 2.0 config + //identityLinkX509SubjectNames = builder.getIdentityLink_X509SubjectNames(); + + + //set chaining modes + ChainingModes moa_chainingModes = new ChainingModes(); + moaIDConfig.setChainingModes(moa_chainingModes); + + ChainingModeType type = ChainingModeType.fromValue(builder.getDefaultChainingMode()); + moa_chainingModes.setSystemDefaultMode(type); + + Map<IssuerAndSerial, String> chainingModes = builder.buildChainingModes(); + List<TrustAnchor> chaining_anchor = new ArrayList<TrustAnchor>(); + Set<IssuerAndSerial> chaining_anchor_map = chainingModes.keySet(); + for (IssuerAndSerial e1 : chaining_anchor_map) { + TrustAnchor trustanchor = new TrustAnchor(); + + ChainingModeType type1 = ChainingModeType.fromValue(chainingModes.get(e1)); + trustanchor.setMode(type1); + + trustanchor.setX509IssuerName(e1.getIssuerDN()); + trustanchor.setX509SerialNumber(e1.getSerial()); + chaining_anchor.add(trustanchor); + } + moa_chainingModes.setTrustAnchor(chaining_anchor); + + + //set trustedCACertificate path + moaIDConfig.setTrustedCACertificates(builder.getTrustedCACertificates()); + + + //TODO: move to read config functionality + //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir); + + + //Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates) + //trustedBKUs = builder.getTrustedBKUs(); + //trustedTemplateURLs = builder.getTrustedTemplateURLs(); + + + //set DefaultBKUs + DefaultBKUs moa_defaultbkus = new DefaultBKUs(); + moaIDConfig.setDefaultBKUs(moa_defaultbkus); + moa_defaultbkus.setOnlineBKU(oldbkuonline); + moa_defaultbkus.setHandyBKU(oldbkuhandy); + moa_defaultbkus.setLocalBKU(oldbkulocal); + + + //set SLRequest Templates + SLRequestTemplates moa_slrequesttemp = new SLRequestTemplates(); + moaIDConfig.setSLRequestTemplates(moa_slrequesttemp); + moa_slrequesttemp.setOnlineBKU("http://localhost:8080/moa-id-auth/template_onlineBKU.html"); + moa_slrequesttemp.setHandyBKU("http://localhost:8080/moa-id-auth/template_handyBKU.html"); + moa_slrequesttemp.setLocalBKU("http://127.0.0.1:8080/moa-id-auth/template_localBKU.html"); + + return moaIDConfig; + + } catch (Throwable t) { + throw new ConfigurationException("config.02", null, t); + } + } + + private static ConnectionParameterClientAuthType parseConnectionParameterClientAuth( + ConnectionParameter old) { + ConnectionParameterClientAuthType auth_moaSP_connection = new ConnectionParameterClientAuthType(); + auth_moaSP_connection.setURL(old.getUrl()); + + //TODO: remove from Database config!!!!! +// auth_moaSP_connection.setAcceptedServerCertificates(old.getAcceptedServerCertificates()); +// ClientKeyStore auth_moaSP_connection_keyStore = new ClientKeyStore(); +// auth_moaSP_connection_keyStore.setValue(old.getClientKeyStore()); +// auth_moaSP_connection_keyStore.setPassword(old.getClientKeyStorePassword()); +// auth_moaSP_connection.setClientKeyStore(auth_moaSP_connection_keyStore); + return auth_moaSP_connection; + } + + private static Properties getGeneralPVP2ProperiesConfig(Properties props) { + Properties configProp = new Properties(); + for (Object key : props.keySet()) { + String propPrefix = "protocols.pvp2."; + if (key.toString().startsWith(propPrefix)) { + String propertyName = key.toString().substring(propPrefix.length()); + configProp.put(propertyName, props.get(key.toString())); + } + } + return configProp; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java new file mode 100644 index 000000000..c191d7b2b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java @@ -0,0 +1,98 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +/** + * Encpasulates C-PEPS information according MOA configuration + * + * @author bzwattendorfer + * + */ +public class CPEPS { + + /** Country Code of C-PEPS */ + private String countryCode; + + /** URL of C-PEPS */ + private URL pepsURL; + + /** Specific attributes to be requested for this C-PEPS */ + private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>(); + + /** + * Constructs a C-PEPS + * @param countryCode ISO Country Code of C-PEPS + * @param pepsURL URL of C-PEPS + */ + public CPEPS(String countryCode, URL pepsURL) { + super(); + this.countryCode = countryCode; + this.pepsURL = pepsURL; + } + + /** + * Gets the country code of this C-PEPS + * @return ISO country code + */ + public String getCountryCode() { + return countryCode; + } + + /** + * Sets the country code of this C-PEPS + * @param countryCode ISO country code + */ + public void setCountryCode(String countryCode) { + this.countryCode = countryCode; + } + + /** + * Gets the URL of this C-PEPS + * @return C-PEPS URL + */ + public URL getPepsURL() { + return pepsURL; + } + + /** + * Sets the C-PEPS URL + * @param pepsURL C-PEPS URL + */ + public void setPepsURL(URL pepsURL) { + this.pepsURL = pepsURL; + } + + /** + * Gets the country specific attributes of this C-PEPS + * @return List of country specific attributes + */ + public List<RequestedAttribute> getCountrySpecificRequestedAttributes() { + return countrySpecificRequestedAttributes; + } + + /** + * Sets the country specific attributes + * @param countrySpecificRequestedAttributes List of country specific requested attributes + */ + public void setCountrySpecificRequestedAttributes( + List<RequestedAttribute> countrySpecificRequestedAttributes) { + this.countrySpecificRequestedAttributes = countrySpecificRequestedAttributes; + } + + /** + * Adds a Requested attribute to the country specific attribute List + * @param countrySpecificRequestedAttribute Additional country specific requested attribute to add + */ + public void addCountrySpecificRequestedAttribute(RequestedAttribute countrySpecificRequestedAttribute) { + this.countrySpecificRequestedAttributes.add(countrySpecificRequestedAttribute); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java index 839de48bf..3abc94b02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java @@ -22,12 +22,13 @@ */ -package at.gv.egovernment.moa.id.config; +package at.gv.egovernment.moa.id.config.legacy; import iaik.pki.pathvalidation.ChainingModes; import iaik.utils.RFC2253NameParser; import iaik.utils.RFC2253NameParserException; +import java.io.IOException; import java.math.BigInteger; import java.net.MalformedURLException; import java.net.URL; @@ -51,12 +52,13 @@ import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.data.Schema; import at.gv.egovernment.moa.id.auth.data.SchemaImpl; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter; -import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters; -import at.gv.egovernment.moa.id.config.stork.CPEPS; -import at.gv.egovernment.moa.id.config.stork.SignatureCreationParameter; -import at.gv.egovernment.moa.id.config.stork.SignatureVerificationParameter; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.legacy.OAAuthParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameter; +import at.gv.egovernment.moa.id.config.legacy.VerifyInfoboxParameters; +import at.gv.egovernment.moa.id.config.legacy.CPEPS; +import at.gv.egovernment.moa.id.config.legacy.SignatureCreationParameter; +import at.gv.egovernment.moa.id.config.legacy.SignatureVerificationParameter; import at.gv.egovernment.moa.id.data.IssuerAndSerial; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; @@ -64,6 +66,7 @@ import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moa.util.XPathException; import at.gv.egovernment.moa.util.XPathUtils; @@ -72,7 +75,6 @@ import eu.stork.vidp.messages.common.STORKConstants; import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; import eu.stork.vidp.messages.stork.RequestedAttributes; import eu.stork.vidp.messages.util.SAMLUtil; -import eu.stork.vidp.messages.util.XMLUtil; /** * A class that builds configuration data from a DOM based representation. @@ -406,15 +408,24 @@ public class ConfigurationBuilder { */ public String[] loadTransformsInfos(String[] transformsInfoFileNames) throws Exception { - String[] transformsInfos = new String[transformsInfoFileNames.length]; - for (int i = 0; i < transformsInfoFileNames.length; i++) { - String fileURL = transformsInfoFileNames[i]; - - //if fileURL is relative to rootConfigFileDir make it absolute - fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); - String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); - transformsInfos[i] = transformsInfo; - } + String[] transformsInfos; + + transformsInfos = new String[transformsInfoFileNames.length]; + for (int i = 0; i < transformsInfoFileNames.length; i++) { + + String fileURL = transformsInfoFileNames[i]; + try { + // if fileURL is relative to rootConfigFileDir make it absolute + fileURL = FileUtils.makeAbsoluteURL(fileURL, rootConfigFileDir_); + + String transformsInfo = FileUtils.readURL(fileURL, DEFAULT_ENCODING); + transformsInfos[i] = transformsInfo; + + } catch (IOException e) { + Logger.info("Transformation with URL " + fileURL + " can not be loaded"); + } + } + return transformsInfos; } @@ -704,28 +715,28 @@ public List getTrustedTemplateURLs() { } //add STORK Configuration specific to OA (RequestedAttributes, QAALevel) - QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); - if (qaaLevel != null) { - oap.setQaaLevel(qaaLevel); - Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); - } + //QualityAuthenticationAssuranceLevel qaaLevel = buildOaSTORKQAALevel(authComponent); + //if (qaaLevel != null) { + // oap.setQaaLevel(qaaLevel); + // Logger.debug("Using non-MOA-default STORK QAALevel for this OA " + "(" + oap.getPublicURLPrefix() + "): " + qaaLevel.getValue()); + //} - RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); - - if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { - //we have additional STORK attributes to request for this OA - Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); - for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { - if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { - addReqAttr.detach(); - oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); - Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); - } - } + //RequestedAttributes additionalRequestedAttributes = buildOaSTORKRequestedAttributes(authComponent); + // + //if(!additionalRequestedAttributes.getRequestedAttributes().isEmpty()) { + // //we have additional STORK attributes to request for this OA + // Logger.debug("Using non-MOA-default STORK RequestedAttributes for this OA " + "(" + oap.getPublicURLPrefix() + "): "); + // for (RequestedAttribute addReqAttr : additionalRequestedAttributes.getRequestedAttributes()) { + // if (!SAMLUtil.containsAttribute(oap.getRequestedAttributes().getRequestedAttributes(),addReqAttr.getName())) { + /// addReqAttr.detach(); + // oap.getRequestedAttributes().getRequestedAttributes().add(addReqAttr); + // Logger.debug("Requesting additional attribute: " + addReqAttr.getName() + ", isRequired: " + addReqAttr.isRequired()); + // } + // } - } else { - //do nothing, only request default attributes - } + //} else { + // //do nothing, only request default attributes + //} } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java new file mode 100644 index 000000000..455fde9bf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java @@ -0,0 +1,130 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * This bean class is used to store data for various connectionParameter + * within the MOA-ID configuration + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class ConnectionParameter { + + /** + * Server URL + */ + private String url; + /** + * File URL for a directory containing PKCS#12 server SSL certificates. + * From these certificates, a X509 trust store will be assembled for use + * by a JSSE <code>TrustManager</code>. + * This field will only be used in case of an HTTPS URL. + */ + private String acceptedServerCertificates; + /** + * File URL of a X509 key store containing the private key to be used + * for an HTTPS connection when the server requires client authentication. + * This field will only be used in case of an HTTPS URL. + */ + private String clientKeyStore; + /** + * Password protecting the client key store. + */ + private String clientKeyStorePassword; + + /** + * Checks whether the URL scheme is <code>"https"</code>. + * @return true in case of an URL starting with <code>"https"</code> + */ + public boolean isHTTPSURL() { + return getUrl().indexOf("https") == 0; + } + + /** + * Returns the url. + * @return String + */ + public String getUrl() { + return url; + } + + /** + * Returns the acceptedServerCertificates. + * @return String + */ + public String getAcceptedServerCertificates() { + return acceptedServerCertificates; + } + + /** + * Sets the acceptedServerCertificates. + * @param acceptedServerCertificates The acceptedServerCertificates to set + */ + public void setAcceptedServerCertificates(String acceptedServerCertificates) { + this.acceptedServerCertificates = acceptedServerCertificates; + } + + /** + * Sets the url. + * @param url The url to set + */ + public void setUrl(String url) { + this.url = url; + } + + /** + * Returns the clientKeyStore. + * @return String + */ + public String getClientKeyStore() { + return clientKeyStore; + } + + /** + * Returns the clientKeyStorePassword. + * @return String + */ + public String getClientKeyStorePassword() { + return clientKeyStorePassword; + } + + /** + * Sets the clientKeyStore. + * @param clientKeyStore The clientKeyStore to set + */ + public void setClientKeyStore(String clientKeyStore) { + this.clientKeyStore = clientKeyStore; + } + + /** + * Sets the clientKeyStorePassword. + * @param clientKeyStorePassword The clientKeyStorePassword to set + */ + public void setClientKeyStorePassword(String clientKeyStorePassword) { + this.clientKeyStorePassword = clientKeyStorePassword; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java new file mode 100644 index 000000000..3948522c0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java @@ -0,0 +1,501 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.ArrayList; + +import org.opensaml.saml2.metadata.RequestedAttribute; + +import eu.stork.vidp.messages.builder.STORKMessagesBuilder; +import eu.stork.vidp.messages.common.STORKConstants; +import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel; +import eu.stork.vidp.messages.stork.RequestedAttributes; + +/** + * Configuration parameters belonging to an online application, + * to use with the MOA ID Auth component. + * + * @author Stefan Knirsch + * @version $Id$ + */ +/** + * + * + * @author Harald Bratko + */ +public class OAAuthParameter extends OAParameter { + /** + * Sercurity Layer version + */ + private String slVersion; + /** + * true, if the Security Layer version is version 1.2, otherwise false + */ + private boolean slVersion12; + /** + * identityLinkDomainIdentifier + * (e.g <code>urn:publicid:gv.at+wbpk+FN468i</code> for a "Firmenbuchnummer") + * <br> + * only used within a business application context for providing it to the + * security layer as input for wbPK computation + */ + private String identityLinkDomainIdentifier; + /** + * key box Identifier (e.g. CertifiedKeypair, SecureSignatureKeypair) + */ + private String keyBoxIdentifier; + /** + * transformations for rendering in the secure viewer of the security layer + * implementation; multiple transformation can be given for different mime types + */ + private String[] transformsInfos; + /** + * determines whether "Stammzahl" is to be included in the authentication data + */ + private boolean provideStammzahl; + /** + * determines whether AUTH block is to be included in the authentication data + */ + private boolean provideAuthBlock; + /** + * determines whether identity link is to be included in the authentication data + */ + private boolean provideIdentityLink; + /** + * determines whether the certificate is to be included in the authentication data + */ + private boolean provideCertificate; + /** + * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data + */ + private boolean provideFullMandatorData; + + /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ + private boolean useUTC; + + /** determines wheter a saml:Condition is added to the SAML assertion or not */ + private boolean useCondition; + + /** determines the validity time of the SAML assertion (if useCondition is true) in seconds */ + private int conditionLength; + /** + * url to a template for web page "Auswahl der Bürgerkartenumgebung" + */ + private String bkuSelectionTemplateURL; + /** + * template for web page "Anmeldung mit Bürgerkarte" + */ + private String templateURL; + + /** + * template for web page "Signatur der Anmeldedaten" + */ + private String inputProcessorSignTemplateURL; + /** + * Parameters for verifying infoboxes. + */ + private VerifyInfoboxParameters verifyInfoboxParameters; + + /** + * Parameter for Mandate profiles + */ + private String mandateProfiles; + + /** + * + * Type for authentication number (e.g. Firmenbuchnummer) + */ + private String identityLinkDomainIdentifierType; + + /** + * STORK QAA Level, Default = 4 + */ + private QualityAuthenticationAssuranceLevel qaaLevel = STORKMessagesBuilder.buildQualityAuthenticationAssuranceLevel(4); + + /** + * STORK RequestedAttributes for Online Application + * Default RequestedAttributes are: eIdentifier, givenName, surname, dateOfBirth + */ + private RequestedAttributes requestedAttributes = STORKMessagesBuilder.buildRequestedAttributes( + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_EIDENTIFIER, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_GIVENNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_SURNAME, true, null), + STORKMessagesBuilder.buildRequestedAttribute(STORKConstants.STORK_ATTRIBUTE_DATEOFBIRTH, false, null)); + + +/** + * Returns <code>true</code> if the Security Layer version is version 1.2, + * otherwise <code>false</code>. + * @return <code>true</code> if the Security Layer version is version 1.2, + * otherwise <code>false</code> + */ + public boolean getSlVersion12() { + return slVersion12; + } + + /** + * Returns the security layer version. + * @return the security layer version. + */ + public String getSlVersion() { + return slVersion; + } + + /** + * Returns the identityLinkDomainIdentifier. + * @return the identityLinkDomainIdentifier. + */ + public String getIdentityLinkDomainIdentifier() { + return identityLinkDomainIdentifier; + } + + /** + * Returns the transformsInfos. + * @return the transformsInfos. + */ + public String[] getTransformsInfos() { + return transformsInfos; + } + + /** + * Returns the provideAuthBlock. + * @return String + */ + public boolean getProvideAuthBlock() { + return provideAuthBlock; + } + + /** + * Returns the provideIdentityLink. + * @return String + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink; + } + + /** + * Returns the provideStammzahl. + * @return String + */ + public boolean getProvideStammzahl() { + return provideStammzahl; + } + + /** + * Returns <code>true</code> if the certificate should be provided within the + * authentication data, otherwise <code>false</code>. + * @return <code>true</code> if the certificate should be provided, + * otherwise <code>false</code> + */ + public boolean getProvideCertifcate() { + return provideCertificate; + } + + /** + * Returns <code>true</code> if the full mandator data should be provided within the + * authentication data, otherwise <code>false</code>. + * @return <code>true</code> if the full mandator data should be provided, + * otherwise <code>false</code> + */ + public boolean getProvideFullMandatorData() { + return provideFullMandatorData; + } + + /** + * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. + */ + public boolean getUseUTC() { + return useUTC; + } + + /** + * Returns <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. + * @return <code>true</code> if the SAML assertion should contain a saml:Condition, otherwise <code>false</code>. + */ + public boolean getUseCondition() { + return useCondition; + } + + /** + * Returns the validity time of the SAML assertion (if useCondition is true) in seconds + * @return the validity time of the SAML assertion (if useCondition is true) in seconds + */ + public int getConditionLength() { + return conditionLength; + } + + +/** + * Returns the key box identifier. + * @return String + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + /** + * Returns the BkuSelectionTemplate url. + * @return The BkuSelectionTemplate url or <code>null</code> if no url for + * a BkuSelectionTemplate is set. + */ + public String getBkuSelectionTemplateURL() { + return bkuSelectionTemplateURL; + } + + /** + * Returns the TemplateURL url. + * @return The TemplateURL url or <code>null</code> if no url for + * a Template is set. + */ + public String getTemplateURL() { + return templateURL; + } + + + /** + * Returns the inputProcessorSignTemplateURL url. + * @return The inputProcessorSignTemplateURL url or <code>null</code> if no url for + * a input processor sign template is set. + */ + public String getInputProcessorSignTemplateURL() { + return inputProcessorSignTemplateURL; + } + + /** + * Returns the parameters for verifying additional infoboxes. + * + * @return The parameters for verifying additional infoboxes. + * Maybe <code>null</code>. + */ + public VerifyInfoboxParameters getVerifyInfoboxParameters() { + return verifyInfoboxParameters; + } + + /** + * Sets the security layer version. + * Also sets <code>slVersion12</code> ({@link #getSlVersion12()}) + * to <code>true</code> if the Security Layer version is 1.2. + * @param slVersion The security layer version to be used. + */ + public void setSlVersion(String slVersion) { + this.slVersion = slVersion; + if ("1.2".equals(slVersion)) { + this.slVersion12 = true; + } + } + /** + * Sets the IdentityLinkDomainIdentifier. + * @param identityLinkDomainIdentifier The IdentityLinkDomainIdentifiern number of the online application. + */ + public void setIdentityLinkDomainIdentifier(String identityLinkDomainIdentifier) { + this.identityLinkDomainIdentifier = identityLinkDomainIdentifier; + } + /** + * Sets the transformsInfos. + * @param transformsInfos The transformsInfos to be used. + */ + public void setTransformsInfos(String[] transformsInfos) { + this.transformsInfos = transformsInfos; + } + + +/** + * Sets the provideAuthBlock. + * @param provideAuthBlock The provideAuthBlock to set + */ + public void setProvideAuthBlock(boolean provideAuthBlock) { + this.provideAuthBlock = provideAuthBlock; + } + + /** + * Sets the provideIdentityLink. + * @param provideIdentityLink The provideIdentityLink to set + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + this.provideIdentityLink = provideIdentityLink; + } + + /** + * Sets the provideStammzahl. + * @param provideStammzahl The provideStammzahl to set + */ + public void setProvideStammzahl(boolean provideStammzahl) { + this.provideStammzahl = provideStammzahl; + } + + /** + * Sets the provideCertificate variable. + * @param provideCertificate The provideCertificate value to set + */ + public void setProvideCertificate(boolean provideCertificate) { + this.provideCertificate = provideCertificate; + } + + /** + * Sets the provideFullMandatorData variable. + * @param provideFullMandatorData The provideFullMandatorData value to set + */ + public void setProvideFullMandatorData(boolean provideFullMandatorData) { + this.provideFullMandatorData = provideFullMandatorData; + } + + /** + * Sets the useUTC variable. + * @param useUTC The useUTC value to set + */ + public void setUseUTC(boolean useUTC) { + this.useUTC = useUTC; + } + + /** + * Sets the useCondition variable + * @param useCondition The useCondition value to set + */ + public void setUseCondition(boolean useCondition) { + this.useCondition = useCondition; + } + + /** + * Sets the conditionLength variable + * @param conditionLength the conditionLength value to set + */ + public void setConditionLength(int conditionLength) { + this.conditionLength = conditionLength; + } + + + /** + * Sets the key box identifier. + * @param keyBoxIdentifier to set + */ + public void setKeyBoxIdentier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + /** + * Sets the BkuSelectionTemplate url. + * @param bkuSelectionTemplateURL The url string specifying the location + * of a BkuSelectionTemplate. + */ + public void setBkuSelectionTemplateURL(String bkuSelectionTemplateURL) { + this.bkuSelectionTemplateURL = bkuSelectionTemplateURL; + } + + /** + * Sets the Template url. + * @param templateURL The url string specifying the location + * of a Template. + */ + public void setTemplateURL(String templateURL) { + this.templateURL = templateURL; + } + + /** + * Sets the input processor sign form template url. + * + * @param inputProcessorSignTemplateURL The url string specifying the + * location of the input processor sign form + */ + public void setInputProcessorSignTemplateURL(String inputProcessorSignTemplateURL) { + this.inputProcessorSignTemplateURL = inputProcessorSignTemplateURL; + } + + /** + * Sets the parameters for verifying additonal (to the identitylink infobox) infoboxes. + * + * @param verifyInfoboxParameters The verifyInfoboxParameters to set. + */ + public void setVerifyInfoboxParameters(VerifyInfoboxParameters verifyInfoboxParameters) { + this.verifyInfoboxParameters = verifyInfoboxParameters; + } + + /** + * Gets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @return IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + */ + public String getIdentityLinkDomainIdentifierType() { + return identityLinkDomainIdentifierType; + } + + /** + * Sets the IdentityLinkDomainIdentifier (e.g. Firmenbuchnummer) + * @param identityLinkDomainIdentifierType The IdentityLinkDomainIdentifier to set (e.g. Firmenbuchnummer) + */ + public void setIdentityLinkDomainIdentifierType(String identityLinkDomainIdentifierType) { + this.identityLinkDomainIdentifierType = identityLinkDomainIdentifierType; + } + + /** + * Sets the Mandate/Profiles + * @param profiles + */ + public void setMandateProfiles(String profiles) { + this.mandateProfiles = profiles; + } + + /** + * Returns the Mandates/Profiles + * @return + */ + public String getMandateProfiles() { + return this.mandateProfiles; + } + + /** + * Returns the defined STORK QAALevel + * @return STORK QAALevel + */ + public QualityAuthenticationAssuranceLevel getQaaLevel() { + return qaaLevel; + } + + /** + * Sets the STORK QAALevel + * @param qaaLevel + */ + public void setQaaLevel(QualityAuthenticationAssuranceLevel qaaLevel) { + this.qaaLevel = qaaLevel; + } + + /** + * Returns the desired STORK Requested Attributes + * @return STORK Requested Attributes + */ + public RequestedAttributes getRequestedAttributes() { + return requestedAttributes; + } + + /** + * Sets the desired STORK Requested Attributes + * @param requestedAttributes + */ + public void setRequestedAttributes(RequestedAttributes requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java new file mode 100644 index 000000000..de449cbcf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java @@ -0,0 +1,164 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Configuration parameters belonging to an online application, + * to be used within both, the MOA ID Auth and the + * MOA ID PROXY component. + * + * @author Harald Bratko + */ +public class OAParameter { + + /** + * type of the online application (maybe "PublicService" or "BusinessService") + */ + private String oaType; + + /** + * specifies whether the online application is a business application or not + * (<code>true</code> if value of {@link #oaType} is "businessService" + */ + private boolean businessService; + + /** + * public URL prefix of the online application + */ + private String publicURLPrefix; + + /** + * specifies a human readable name of the Online Application + */ + private String friendlyName; + + /** + * specified a specific target for the Online Application (overwrites the target in der request) + */ + private String target; + /** + * specifies a friendly name for the target + */ + private String targetFriendlyName; + + /** + * Returns the type of the online application. + * @return the type of the online application. + */ + public String getOaType() { + return oaType; + } + + /** + * Returns <code>true</code> is the OA is a businss application, otherwise + * <code>false</code>. + * @return <code>true</code> is the OA is a businss application, otherwise + * <code>false</code> + */ + public boolean getBusinessService() { + return this.businessService; + } + + /** + * Returns the publicURLPrefix. + * @return String + */ + public String getPublicURLPrefix() { + return publicURLPrefix; + } + + /** + * + * Sets the type of the online application. + * If the type is "businessService" the value of <code>businessService</code> + * ({@link #getBusinessService()}) is also set to <code>true</code> + * @param oaType The type of the online application. + */ + public void setOaType(String oaType) { + this.oaType = oaType; + if ("businessService".equalsIgnoreCase(oaType)) { + this.businessService = true; + } + } + + /** + * Sets the publicURLPrefix. + * @param publicURLPrefix The publicURLPrefix to set + */ + public void setPublicURLPrefix(String publicURLPrefix) { + this.publicURLPrefix = publicURLPrefix; + } + + + /** + * Gets the friendly name of the OA + * @return Friendly Name of the OA + */ + public String getFriendlyName() { + return friendlyName; + } + + /** + * Sets the friendly name of the OA + * @param friendlyName + */ + public void setFriendlyName(String friendlyName) { + this.friendlyName = friendlyName; + } + + /** + * Gets the target of the OA + * @return target of the OA + */ + public String getTarget() { + return target; + } + + /** + * Sets the target of the OA + * @param target + */ + public void setTarget(String target) { + this.target = target; + } + + /** + * Gets the target friendly name of the OA + * @return target Friendly Name of the OA + */ + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + /** + * Sets the target friendly name of the OA + * @param targetFriendlyName + */ + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java new file mode 100644 index 000000000..2d0a91fb9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java @@ -0,0 +1,90 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.util.StringUtils; + +/** + * Encapsulates several STORK configuration parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class STORKConfig { + + /** STORK SAML signature creation parameters */ + private SignatureCreationParameter signatureCreationParameter; + + /** STORK SAML signature verification parameters */ + private SignatureVerificationParameter signatureVerificationParameter; + + /** Map of supported C-PEPSs */ + private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>(); + + + /** + * Constructs a STORK Config object + * @param signatureCreationParameter STORK SAML Signature creation parameters + * @param signatureVerificationParameter STORK SAML Signature verification parameters + * @param cpepsMap Map of supported C-PEPS + */ + public STORKConfig(SignatureCreationParameter signatureCreationParameter, + SignatureVerificationParameter signatureVerificationParameter, + Map<String, CPEPS> cpepsMap) { + super(); + this.signatureCreationParameter = signatureCreationParameter; + this.signatureVerificationParameter = signatureVerificationParameter; + this.cpepsMap = cpepsMap; + } + + public SignatureCreationParameter getSignatureCreationParameter() { + return signatureCreationParameter; + } + + public void setSignatureCreationParameter( + SignatureCreationParameter signatureCreationParameter) { + this.signatureCreationParameter = signatureCreationParameter; + } + + public SignatureVerificationParameter getSignatureVerificationParameter() { + return signatureVerificationParameter; + } + + public void setSignatureVerificationParameter( + SignatureVerificationParameter signatureVerificationParameter) { + this.signatureVerificationParameter = signatureVerificationParameter; + } + + public Map<String, CPEPS> getCpepsMap() { + return cpepsMap; + } + + public void setCpepsMap(Map<String, CPEPS> cpepsMap) { + this.cpepsMap = cpepsMap; + } + + public boolean isSTORKAuthentication(String ccc) { + + if (StringUtils.isEmpty(ccc) || this.cpepsMap.isEmpty()) + return false; + + if (this.cpepsMap.containsKey(ccc.toUpperCase())) + return true; + else + return false; + + } + + public CPEPS getCPEPS(String ccc) { + if (isSTORKAuthentication(ccc)) + return this.cpepsMap.get(ccc); + else + return null; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java new file mode 100644 index 000000000..fcccf41f0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java @@ -0,0 +1,112 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates signature creation parameters according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureCreationParameter { + + /** KeyStore Path */ + private String keyStorePath; + + /** KeyStore Password */ + private String keyStorePassword; + + /** Signing Key Name */ + private String keyName; + + /** Signing Key Password */ + private String keyPassword; + + /** + * Gets the KeyStore Path + * @return File Path to KeyStore + */ + public String getKeyStorePath() { + return keyStorePath; + } + + /** + * Sets the KeyStore Path + * @param keyStorePath Path to KeyStore + */ + public void setKeyStorePath(String keyStorePath) { + this.keyStorePath = keyStorePath; + } + + /** + * Gets the KeyStore Password + * @return Password to KeyStore + */ + public String getKeyStorePassword() { + return keyStorePassword; + } + + /** + * Sets the KeyStore Password + * @param keyStorePassword Password to KeyStore + */ + public void setKeyStorePassword(String keyStorePassword) { + this.keyStorePassword = keyStorePassword; + } + + /** + * Gets the Signing Key Name + * @return Siging Key Name + */ + public String getKeyName() { + return keyName; + } + + /** + * Sets the Signing Key Name + * @param keyName Signing Key Name + */ + public void setKeyName(String keyName) { + this.keyName = keyName; + } + + /** + * Gets the Signing Key Password + * @return Signing Key Password + */ + public String getKeyPassword() { + return keyPassword; + } + + /** + * Sets the Signing Key Password + * @param keyPassword Signing Key Password + */ + public void setKeyPassword(String keyPassword) { + this.keyPassword = keyPassword; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java new file mode 100644 index 000000000..d01c8e541 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java @@ -0,0 +1,35 @@ +/** + * + */ +package at.gv.egovernment.moa.id.config.legacy; + +/** + * Encapsulates Signature Verification data for STORK according MOA configuration + * + * @author bzwattendorfer + * + */ +public class SignatureVerificationParameter { + + /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */ + private String trustProfileID; + + /** + * Gets the MOA-SP TrustProfileID + * @return TrustProfileID of MOA-SP for STORK signature verification + */ + public String getTrustProfileID() { + return trustProfileID; + } + + /** + * Sets the MOA-SP TrustProfileID + * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification + */ + public void setTrustProfileID(String trustProfileID) { + this.trustProfileID = trustProfileID; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java new file mode 100644 index 000000000..a482da430 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java @@ -0,0 +1,411 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.io.IOException; +import java.util.Iterator; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import org.apache.xpath.XPathAPI; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.Schema; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +/** + * This class is a container for parameters that maybe needed for verifying an infobox. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameter { + + /** + * The default package name (first part) of a infobox validator class. + */ + public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator."; + + /** + * The identifier of the infobox to be verified. This identifier must exactly the + * identifier of the infobox returned by BKU. + */ + protected String identifier_; + + /** + * The friendly name of the infobox. + * This name is used within browser messages, thus it should be the german equivalent of + * the {@link #identifier_ infobox identifier} (e.g. "<code>Stellvertretungen</code>" + * for "<code>Mandates</code>" or "<code>GDAToken</code>" for + * "<code>EHSPToken</code>". + * <br>If not specified within the config file the {@link #identifier_ infobox identifier} + * will be used. + */ + protected String friendlyName_; + + /** + * The Id of the TrustProfile to be used for validating certificates. + */ + protected String trustProfileID_; + + /** + * The full name of the class to be used for verifying the infobox. + */ + protected String validatorClassName_; + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + */ + protected List schemaLocations_; + + /** + * Application specific parameters that may be needed for verifying an infobox. + */ + protected Element applicationSpecificParams_; + + /** + * Specifies if the infobox is be required to be returned by the BKU. + */ + protected boolean required_; + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + */ + protected boolean provideStammzahl_; + + /** + * Specifies whether the <code>identity link</code> should be passed to the verifying + * application or not. + */ + protected boolean provideIdentityLink_; + + /** + * Initializes this VerifiyInfoboxParamater with the given identifier and a default + * validator class name. + * + * @param identifier The identifier of the infobox to be verified. + */ + public VerifyInfoboxParameter(String identifier) { + identifier_ = identifier; + StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK); + sb.append(identifier.toLowerCase()); + sb.append("."); + sb.append(identifier.substring(0, 1).toUpperCase()); + sb.append(identifier.substring(1)); + sb.append("Validator"); + validatorClassName_ = sb.toString(); + } + + /** + * Returns application specific parameters. + * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_} + * + * @see #applicationSpecificParams_ + * + * @return Application specific parameters. + */ + public Element getApplicationSpecificParams() { + return applicationSpecificParams_; + } + + /** + * Sets the application specific parameters. + * + * @see #applicationSpecificParams_ + * + * @param applicationSpecificParams The application specific parameters to set. + */ + public void setApplicationSpecificParams(Element applicationSpecificParams) { + applicationSpecificParams_ = applicationSpecificParams; + } + + /** + * Appends special application specific parameters for party representation. + * + * @param applicationSpecificParams The application specific parameters for party representation to set. + */ + public void appendParepSpecificParams(Element applicationSpecificParams) { + try { + if (applicationSpecificParams_==null) { + applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters"); + } + Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode"); + nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI); + NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode); + if (null!=nodeList) { + for (int i=0; i<nodeList.getLength(); i++) { + applicationSpecificParams_.appendChild((Node) nodeList.item(i)); + } + } + } catch (TransformerException e) { + //Do nothing + } + } + + /** + * Returns the friendly name. + * + * @see #friendlyName_ + * + * @return The friendly name. + */ + public String getFriendlyName() { + return friendlyName_; + } + + /** + * Sets the friendly name. + * + * @param friendlyName The friendly name to set. + */ + public void setFriendlyName(String friendlyName) { + friendlyName_ = friendlyName; + } + + /** + * Returns the infobox identifier. + * + * @see #identifier_ + * + * @return The infobox identifier. + */ + public String getIdentifier() { + return identifier_; + } + + /** + * Sets the the infobox identifier. + * + * @see #identifier_ + * + * @param identifier The infobox identifier to set. + */ + public void setIdentifier(String identifier) { + identifier_ = identifier; + } + + /** + * Specifies whether the identity link should be passed to the verifying application + * or not. + * + * @return <code>True</code> if the identity link should be passed to the verifying + * application, otherwise <code>false</code>. + */ + public boolean getProvideIdentityLink() { + return provideIdentityLink_; + } + + /** + * Sets the {@link #provideIdentityLink_} parameter. + * + * @param provideIdentityLink <code>True</code> if the identity link should be passed to + * the verifying application, otherwise <code>false</code>. + */ + public void setProvideIdentityLink(boolean provideIdentityLink) { + provideIdentityLink_ = provideIdentityLink; + } + + /** + * Specifies whether the <code>Stammzahl</code> should be passed to the verifying + * application or not. + * + * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the + * verifying application, otherwise <code>false</code>. + */ + public boolean getProvideStammzahl() { + return provideStammzahl_; + } + + /** + * Sets the {@link #provideStammzahl_} parameter. + * + * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be + * passed to the verifying application, otherwise <code>false</code>. + */ + public void setProvideStammzahl(boolean provideStammzahl) { + provideStammzahl_ = provideStammzahl; + } + + /** + * Specifies whether the infobox is required or not. + * + * @return <code>True</code> if the infobox is required to be returned by the BKU, + * otherwise <code>false</code>. + */ + public boolean isRequired() { + return required_; + } + + /** + * Sets the {@link #required_} parameter. + * + * @param required <code>True</code> if the infobox is required to be returned by the + * BKU, otherwise <code>false</code>. + */ + public void setRequired(boolean required) { + required_ = required; + } + + /** + * Schema location URIs that may be needed by the + * validator to parse infobox tokens. + * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} + * specifying the location of an XML schema. + * + * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects + * each of them specifying the location of an XML schema. + */ + public List getSchemaLocations() { + return schemaLocations_; + } + + /** + * Sets the schema locations. + * + * @see #schemaLocations_ + * + * @param schemaLocations The schema location list to be set. + */ + public void setSchemaLocations(List schemaLocations) { + schemaLocations_ = schemaLocations; + } + + /** + * Returns the ID of the trust profile to be used for verifying certificates. + * + * @return The ID of the trust profile to be used for verifying certificates. + * Maybe <code>null</code>. + */ + public String getTrustProfileID() { + return trustProfileID_; + } + + /** + * Sets the ID of the trust profile to be used for verifying certificates. + * + * @param trustProfileID The ID of the trust profile to be used for verifying certificates. + */ + public void setTrustProfileID(String trustProfileID) { + trustProfileID_ = trustProfileID; + } + + /** + * Returns the name of the class to be used for verifying this infobox. + * + * @return The name of the class to be used for verifying this infobox. + */ + public String getValidatorClassName() { + return validatorClassName_; + } + + /** + * Sets the name of the class to be used for verifying this infobox. + * + * @param validatorClassName The name of the class to be used for verifying this infobox. + */ + public void setValidatorClassName(String validatorClassName) { + validatorClassName_ = validatorClassName; + } + + /** + * Get a string representation of this object. + * This method is for debugging purposes only. + * + * @return A string representation of this object. + */ + public String toString() { + + StringBuffer buffer = new StringBuffer(1024); + + buffer.append(" <Infobox Identifier=\""); + buffer.append(identifier_); + buffer.append("\" required=\""); + buffer.append(required_); + buffer.append("\" provideStammzahl=\""); + buffer.append(provideStammzahl_); + buffer.append("\" provideIdentityLink=\""); + buffer.append(provideIdentityLink_); + buffer.append("\">"); + buffer.append("\n"); + if (friendlyName_ != null) { + buffer.append(" <FriendlyName>"); + buffer.append(friendlyName_); + buffer.append("</FriendlyName>"); + buffer.append("\n"); + } + if (trustProfileID_ != null) { + buffer.append(" <TrustProfileID>"); + buffer.append(trustProfileID_); + buffer.append("</TrustProfileID>"); + buffer.append("\n"); + } + if (validatorClassName_ != null) { + buffer.append(" <ValidatorClass>"); + buffer.append(validatorClassName_); + buffer.append("</ValidatorClass>"); + buffer.append("\n"); + } + if (schemaLocations_ != null) { + buffer.append(" <SchemaLocations>"); + buffer.append("\n"); + Iterator it = schemaLocations_.iterator(); + while (it.hasNext()) { + buffer.append(" <Schema namespace=\""); + Schema schema = (Schema)it.next(); + buffer.append(schema.getNamespace()); + buffer.append("\" schemaLocation=\""); + buffer.append(schema.getSchemaLocation()); + buffer.append("\"/>\n"); + } + buffer.append(" </SchemaLocations>"); + buffer.append("\n"); + } + if (applicationSpecificParams_ != null) { + try { + String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_); + buffer.append(" "); + buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams)); + buffer.append("\n"); + } catch (TransformerException e) { + // do nothing + } catch (IOException e) { + // do nothing + } + } + buffer.append(" </Infobox>"); + + + return buffer.toString() ; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java new file mode 100644 index 000000000..c7f5aa7ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java @@ -0,0 +1,159 @@ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.config.legacy; + +import java.util.Hashtable; +import java.util.Iterator; +import java.util.List; +import java.util.Map; + +/** + * This class contains the parameters for verifying all the infoboxes configured for an + * online application. + * + * @author Harald Bratko + */ +public class VerifyInfoboxParameters { + + /** + * A map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + */ + protected Map infoboxParameters_; + + /** + * A list of the identifiers of the infoboxes supported by this + * VerifyInfoboxParameters; + */ + protected List identifiers_; + + /** + * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate + * in the context of the actual online application. + * The string will be added as value of the <code>PushInfobox</code> parameter in the + * HTML form used for reading the infoboxes from the BKU. + */ + protected String pushInfobox_; + + /** + * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_} + * map. + */ + public VerifyInfoboxParameters() { + infoboxParameters_ = new Hashtable(); + pushInfobox_ = ""; + } + + /** + * Initializes this VerifyInfoboxParameters with the given + * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string + * from the keys of the given map. + */ + public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) { + identifiers_ = identifiers; + infoboxParameters_ = infoboxParameters; + // build the pushInfobox string + if ((identifiers != null) && (!identifiers.isEmpty())) { + StringBuffer identifiersSB = new StringBuffer(); + int identifiersNum = identifiers.size(); + int i = 1; + Iterator it = identifiers.iterator(); + while (it.hasNext()) { + identifiersSB.append((String)it.next()); + if (i != identifiersNum) { + identifiersSB.append(","); + } + i++; + } + pushInfobox_ = identifiersSB.toString(); + } else { + pushInfobox_ = ""; + } + } + + /** + * Returns the (comma separated) identifiers of the infoboxes configured for the actual + * online application. + * + * @see #pushInfobox_ + * + * @return The (comma separated) identifiers of the infoboxes configured for the actual + * online application. + */ + public String getPushInfobox() { + return pushInfobox_; + } + + /** + * Sets the {@link #pushInfobox_} string. + * + * @param pushInfobox The pushInfobox string to be set. + */ + public void setPushInfobox(String pushInfobox) { + pushInfobox_ = pushInfobox; + } + + /** + * Returns map of {@link VerifyInfoboxParameter} objects. + * Each of these objects contains parameters that maybe needed for validating an + * infobox. + * + * @return The map of {@link VerifyInfoboxParameter} objects. + */ + public Map getInfoboxParameters() { + return infoboxParameters_; + } + + /** + * Sets the map of {@link VerifyInfoboxParameter} objects. + * + * @see #infoboxParameters_ + * + * @param infoboxParameters The infoboxParameters to set. + */ + public void setInfoboxParameters(Map infoboxParameters) { + infoboxParameters_ = infoboxParameters; + } + + /** + * Returns the identifiers of the supported infoboxes. + * + * @return The identifiers. + */ + public List getIdentifiers() { + return identifiers_; + } + + /** + * Sets the identifiers. + * + * @param identifiers The identifiers to set. + */ + public void setIdentifiers(List identifiers) { + identifiers_ = identifiers; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java index ed0de8ebe..d14d570ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.config.proxy; -import at.gv.egovernment.moa.id.config.ConnectionParameter; -import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.OAParameter; /** * Configuration parameters belonging to an online application, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java index bf8cbcdce..094e7162e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java @@ -33,9 +33,9 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; -import at.gv.egovernment.moa.id.config.ConfigurationBuilder; +import at.gv.egovernment.moa.id.config.legacy.ConfigurationBuilder; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; @@ -131,7 +131,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { String name = XPathUtils.getAttributeValue(paramAuthElem, "@Name", null); String value = XPathUtils.getAttributeValue(paramAuthElem, "@Value", null); if (paramAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); paramAuthMap.put(name, value); } oaConfiguration.setParamAuthMapping(paramAuthMap); @@ -153,7 +153,7 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder { XPathUtils.getAttributeValue(headerAuthElem, "@Value", null); // Contains Key (Neue Config-Exception: doppelte werte) if (headerAuthMap.containsKey(name)) - throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); + throw new ConfigurationException("config.06", new Object[]{"Doppelter Wert für Parameter per HeaderAuthentication"}); headerAuthMap.put(name, value); } oaConfiguration.setHeaderAuthMapping(headerAuthMap); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java index 86ae93a4b..1c9c1caa8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java @@ -33,7 +33,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java index 485a44421..39f5479ce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java @@ -3,9 +3,32 @@ */
package at.gv.egovernment.moa.id.config.stork;
+import iaik.util.logging.Log;
+
+import java.io.IOException;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.ArrayList;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
+import java.util.Properties;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import eu.stork.vidp.messages.util.SAMLUtil;
+import eu.stork.vidp.messages.util.XMLUtil;
+import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
+import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
+import at.gv.egovernment.moa.id.commons.db.dao.config.SignatureVerificationParameterType;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
/**
@@ -17,55 +40,88 @@ import at.gv.egovernment.moa.util.StringUtils; public class STORKConfig {
/** STORK SAML signature creation parameters */
- private SignatureCreationParameter signatureCreationParameter;
+ private Properties props = null;
+ private Map<String, CPEPS> cpepsMap = null;
+ private String basedirectory = null;
+ private SignatureVerificationParameter sigverifyparam = null;
- /** STORK SAML signature verification parameters */
- private SignatureVerificationParameter signatureVerificationParameter;
- /** Map of supported C-PEPSs */
- private Map<String, CPEPS> cpepsMap = new HashMap<String, CPEPS>();
-
-
- /**
- * Constructs a STORK Config object
- * @param signatureCreationParameter STORK SAML Signature creation parameters
- * @param signatureVerificationParameter STORK SAML Signature verification parameters
- * @param cpepsMap Map of supported C-PEPS
- */
- public STORKConfig(SignatureCreationParameter signatureCreationParameter,
- SignatureVerificationParameter signatureVerificationParameter,
- Map<String, CPEPS> cpepsMap) {
- super();
- this.signatureCreationParameter = signatureCreationParameter;
- this.signatureVerificationParameter = signatureVerificationParameter;
- this.cpepsMap = cpepsMap;
- }
+ public STORKConfig(STORK stork, Properties props, String basedirectory) {
+ this.basedirectory = basedirectory;
+ this.props = props;
+
+ //create CPEPS map
+ List<at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS> cpeps = stork.getCPEPS();
+
+ cpepsMap = new HashMap<String, CPEPS>();
+
+ for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
+
+ try {
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+
+ List<String> attr = cpep.getAttributeValue();
+
+ ArrayList<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>();
+
+ for (String e1 : attr) {
+ Element element = XMLUtil.stringToDOM(e1);
+ RequestedAttribute requestedAttribute = (RequestedAttribute) SAMLUtil.unmarshallMessage(element);
+ requestedAttributes.add(requestedAttribute);
+ }
+ moacpep.setCountrySpecificRequestedAttributes(requestedAttributes);
+
+ cpepsMap.put(cpep.getCountryCode(), moacpep);
+
+ } catch (MalformedURLException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid URL and is ignored.");
+ } catch (ParserConfigurationException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (SAXException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (IOException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ } catch (MessageEncodingException e) {
+ Logger.warn("Error in MOA-ID Configuration. CPEP entry for country "
+ + cpep.getCountryCode() + " has an invalid Attribute and is ignored.");
+ }
+ }
+
+ SAMLSigningParameter samlsign = stork.getSAMLSigningParameter();
+
+ if (samlsign == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SAMLSigningParameter configuration found.");
- public SignatureCreationParameter getSignatureCreationParameter() {
- return signatureCreationParameter;
+ } else {
+ SignatureVerificationParameterType sigverify = samlsign.getSignatureVerificationParameter();
+
+ if (sigverify == null) {
+ Log.warn("Error in MOA-ID Configuration. No STORK->SignatureVerificationParameter configuration found.");
+
+ } else {
+ sigverifyparam = new SignatureVerificationParameter(sigverify.getTrustProfileID());
+ }
+ }
+
}
- public void setSignatureCreationParameter(
- SignatureCreationParameter signatureCreationParameter) {
- this.signatureCreationParameter = signatureCreationParameter;
+ public SignatureCreationParameter getSignatureCreationParameter() {
+
+ return new SignatureCreationParameter(props, basedirectory);
}
public SignatureVerificationParameter getSignatureVerificationParameter() {
- return signatureVerificationParameter;
- }
-
- public void setSignatureVerificationParameter(
- SignatureVerificationParameter signatureVerificationParameter) {
- this.signatureVerificationParameter = signatureVerificationParameter;
+
+ return sigverifyparam;
}
public Map<String, CPEPS> getCpepsMap() {
return cpepsMap;
}
-
- public void setCpepsMap(Map<String, CPEPS> cpepsMap) {
- this.cpepsMap = cpepsMap;
- }
public boolean isSTORKAuthentication(String ccc) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java index 1f66b7752..4010ab491 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java @@ -23,6 +23,8 @@ package at.gv.egovernment.moa.id.config.stork;
+import java.util.Properties;
+
/**
* Encapsulates signature creation parameters according MOA configuration
*
@@ -31,32 +33,26 @@ package at.gv.egovernment.moa.id.config.stork; */
public class SignatureCreationParameter {
- /** KeyStore Path */
- private String keyStorePath;
+ private static final String PROPS_PREFIX = "stork.samlsigningparameter.signaturecreation.";
+ private static final String PROPS_KEYSTORE_FILE = "keystore.file";
+ private static final String PROPS_KEYSTORE_PASS = "keystore.password";
+ private static final String PROPS_KEYNAME_NAME = "keyname.name";
+ private static final String PROPS_KEYNAME_PASS = "keyname.password";
- /** KeyStore Password */
- private String keyStorePassword;
+ private Properties props;
+ private String basedirectory;
- /** Signing Key Name */
- private String keyName;
+ SignatureCreationParameter(Properties props, String basedirectory) {
+ this.props = props;
+ this.basedirectory = basedirectory;
+ }
- /** Signing Key Password */
- private String keyPassword;
-
/**
* Gets the KeyStore Path
* @return File Path to KeyStore
*/
public String getKeyStorePath() {
- return keyStorePath;
- }
-
- /**
- * Sets the KeyStore Path
- * @param keyStorePath Path to KeyStore
- */
- public void setKeyStorePath(String keyStorePath) {
- this.keyStorePath = keyStorePath;
+ return basedirectory + props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_FILE);
}
/**
@@ -64,15 +60,7 @@ public class SignatureCreationParameter { * @return Password to KeyStore
*/
public String getKeyStorePassword() {
- return keyStorePassword;
- }
-
- /**
- * Sets the KeyStore Password
- * @param keyStorePassword Password to KeyStore
- */
- public void setKeyStorePassword(String keyStorePassword) {
- this.keyStorePassword = keyStorePassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYSTORE_PASS);
}
/**
@@ -80,15 +68,7 @@ public class SignatureCreationParameter { * @return Siging Key Name
*/
public String getKeyName() {
- return keyName;
- }
-
- /**
- * Sets the Signing Key Name
- * @param keyName Signing Key Name
- */
- public void setKeyName(String keyName) {
- this.keyName = keyName;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_NAME);
}
/**
@@ -96,17 +76,6 @@ public class SignatureCreationParameter { * @return Signing Key Password
*/
public String getKeyPassword() {
- return keyPassword;
+ return props.getProperty(PROPS_PREFIX+PROPS_KEYNAME_PASS);
}
-
- /**
- * Sets the Signing Key Password
- * @param keyPassword Signing Key Password
- */
- public void setKeyPassword(String keyPassword) {
- this.keyPassword = keyPassword;
- }
-
-
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java index 2d8402e4d..211c7dde4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java @@ -14,6 +14,10 @@ public class SignatureVerificationParameter { /** ID of the MOA-SP TrustProfile to be used for STORK SAML signature verification */
private String trustProfileID;
+ public SignatureVerificationParameter(String trustProfileID2) {
+ this.trustProfileID = trustProfileID2;
+ }
+
/**
* Gets the MOA-SP TrustProfileID
* @return TrustProfileID of MOA-SP for STORK signature verification
@@ -22,14 +26,6 @@ public class SignatureVerificationParameter { return trustProfileID;
}
- /**
- * Sets the MOA-SP TrustProfileID
- * @param trustProfileID TrustProfileID of MOA-SP for STORK signature verification
- */
- public void setTrustProfileID(String trustProfileID) {
- this.trustProfileID = trustProfileID;
- }
-
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 79f3b4e30..4bbd221a5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -24,8 +24,11 @@ package at.gv.egovernment.moa.id.data; +import java.io.Serializable; import java.util.Date; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; + /** * Encapsulates authentication data contained in a <code><saml:Assertion></code>. * @@ -33,8 +36,12 @@ import java.util.Date; * @version $Id$ */ -public class AuthenticationData { +public class AuthenticationData implements Serializable { /** + * + */ + private static final long serialVersionUID = -1042697056735596866L; +/** * major version number of the SAML assertion */ private int majorVersion; @@ -62,15 +69,23 @@ public class AuthenticationData { /** * user identification type */ - private String identificationType; + private String identificationType; + + /** + * user identityLink specialized to OAParamter + */ + private IdentityLink identityLink; + /** - * application specific user identifier (bPK) + * application specific user identifier (bPK/wbPK) */ private String bPK; + /** - * private sector-specific personal identifier (wbPK) + * application specific user identifier type */ - private String wbPK; + private String bPKType; + /** * given name of the user */ @@ -162,13 +177,13 @@ public class AuthenticationData { return bPK; } - /** - * Returns the wbPK. - * @return String the wbPK. - */ - public String getWBPK() { - return wbPK; - } +// /** +// * Returns the wbPK. +// * @return String the wbPK. +// */ +// public String getWBPK() { +// return wbPK; +// } /** * Returns useUTC @@ -218,13 +233,13 @@ public class AuthenticationData { this.bPK = bPK; } - /** - * Sets the wbPK. - * @param wbPK The wbPK to set - */ - public void setWBPK(String wbPK) { - this.wbPK = wbPK; - } +// /** +// * Sets the wbPK. +// * @param wbPK The wbPK to set +// */ +// public void setWBPK(String wbPK) { +// this.wbPK = wbPK; +// } public void setUseUTC(boolean useUTC) { this.useUTC = useUTC; @@ -430,4 +445,29 @@ public class AuthenticationData { return timestamp; } +public String getBPKType() { + return bPKType; +} + +public void setBPKType(String bPKType) { + this.bPKType = bPKType; +} + +/** + * @return the identityLink + */ +public IdentityLink getIdentityLink() { + return identityLink; +} + +/** + * @param identityLink the identityLink to set + */ +public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; +} + + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java new file mode 100644 index 000000000..604077844 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -0,0 +1,495 @@ +package at.gv.egovernment.moa.id.entrypoints; + +import iaik.util.logging.Log; + +import java.io.IOException; +import java.util.ConcurrentModificationException; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; + +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import javax.swing.ListModel; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.ModulStorage; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; +import at.gv.egovernment.moa.logging.Logger; + +public class DispatcherServlet extends AuthServlet{ + + /** + * + */ + private static final long serialVersionUID = 1L; + + public static final String PARAM_TARGET_MODULE = "mod"; + public static final String PARAM_TARGET_ACTION = "action"; + public static final String PARAM_TARGET_PENDINGREQUESTID = "pendingid"; + + @Override + public void init(ServletConfig config) throws ServletException { + try { + super.init(config); + MOAIDAuthInitializer.initialize(); + Logger.info(MOAIDMessageProvider.getInstance().getMessage( + "init.00", null)); + } catch (Exception ex) { + Logger.fatal( + MOAIDMessageProvider.getInstance().getMessage("init.02", + null), ex); + throw new ServletException(ex); + } + Logger.info("Dispatcher Servlet initialization"); + } + + protected void processRequest(HttpServletRequest req, + HttpServletResponse resp) throws ServletException, IOException { + + boolean isValidSSOSession = false; + boolean useSSOOA = false; + String protocolRequestID = null; + + + try { + Logger.info("REQUEST: " + req.getRequestURI()); + Logger.info("QUERY : " + req.getQueryString()); + String errorid = req.getParameter(ERROR_CODE_PARAM); + if (errorid != null) { + + Throwable throwable = ExceptionStoreImpl.getStore() + .fetchException(errorid); + ExceptionStoreImpl.getStore().removeException(errorid); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + + Map<String, IRequest> errorRequests = RequestStorage.getPendingRequest(req.getSession()); + + String pendingRequestID = null; + if (idObject != null && (idObject instanceof String)) { + if (errorRequests.containsKey((String)idObject)) + pendingRequestID = (String) idObject; + } + + if (throwable != null) { + if (errorRequests != null) { + + synchronized (errorRequests) { + + IRequest errorRequest = null; + if (pendingRequestID != null) { + errorRequest = errorRequests.get(pendingRequestID); + + //remove the + RequestStorage.removePendingRequest(errorRequests, pendingRequestID); + } + else { + if (errorRequests.size() > 1) { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + + } else { + Set<String> keys = errorRequests.keySet(); + errorRequest = errorRequests.get(keys.toArray()[0]); + RequestStorage.removeAllPendingRequests(req.getSession()); + } + + } + + if (errorRequest != null) { + + try { + IModulInfo handlingModule = ModulStorage + .getModuleByPath(errorRequest + .requestedModule()); + if (handlingModule != null) { + if (handlingModule.generateErrorMessage( + throwable, req, resp, errorRequest)) { + return; + } + } + } catch (Throwable e) { + Logger.error(e); + handleErrorNoRedirect(throwable.getMessage(), + throwable, req, resp); + } + } + else { + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + } + } + handleErrorNoRedirect(throwable.getMessage(), throwable, + req, resp); + + } else { + // TODO: use better string + handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req, + resp); + } + + return; + } + } + + Object moduleObject = req.getParameter(PARAM_TARGET_MODULE); + String module = null; + if (moduleObject != null && (moduleObject instanceof String)) { + module = (String) moduleObject; + } + + if (module == null) { + module = (String) req.getAttribute(PARAM_TARGET_MODULE); + } + + Object actionObject = req.getParameter(PARAM_TARGET_ACTION); + String action = null; + if (actionObject != null && (actionObject instanceof String)) { + action = (String) actionObject; + } + + if (action == null) { + action = req.getParameter(PARAM_TARGET_ACTION); + } + + Logger.debug("dispatching to " + module + " protocol " + action); + + IModulInfo info = ModulStorage.getModuleByPath(module); + + IAction moduleAction = null; + + if (info == null) { + + Iterator<IModulInfo> modules = ModulStorage.getAllModules() + .iterator(); + while (modules.hasNext()) { + info = modules.next(); + moduleAction = info.canHandleRequest(req, resp); + if (moduleAction != null) { + action = moduleAction.getDefaultActionName(); + module = info.getPath(); + break; + } + info = null; + } + + if (moduleAction == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Protocol " + module + + " has no module registered"); + return; + } + } + + if (moduleAction == null) { + moduleAction = info.getAction(action); + + if (moduleAction == null) { + resp.sendError(HttpServletResponse.SC_NOT_FOUND); + Logger.error("Action " + action + " is not available!"); + return; + } + } + + HttpSession httpSession = req.getSession(); + Map<String, IRequest> protocolRequests = null; + IRequest protocolRequest = null; + + try { + protocolRequests = RequestStorage.getPendingRequest(httpSession); + + Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID); + + if (protocolRequests != null && + idObject != null && (idObject instanceof String)) { + +// synchronized (protocolRequests) { + + protocolRequestID = (String) idObject; + + //get IRequest if it exits + if (protocolRequests.containsKey(protocolRequestID)) { + protocolRequest = protocolRequests.get(protocolRequestID); + + + + Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID); + + //RequestStorage.setPendingRequest(httpSession, protocolRequests); + + } else { + Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!"); + + Set<String> mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) + Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el)); + + handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.", + null, req, resp); + //resp.sendError(HttpServletResponse.SC_CONFLICT); + return; + } +// } + } else { + try { + protocolRequest = info.preProcess(req, resp, action); + + if (protocolRequest != null) { + + if(protocolRequests != null) { + +// synchronized (protocolRequests) { +// synchronized (protocolRequest) { + Set<String> mapkeys = protocolRequests.keySet(); + for (String el : mapkeys) { + IRequest value = protocolRequests.get(el); + + if (value.getOAURL().equals(protocolRequest.getOAURL())) { + + if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) { + Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!"); + RequestStorage.removeAllPendingRequests(req.getSession()); + + } else { + RequestStorage.removePendingRequest(protocolRequests, el); + } + } + } +// } +// } + + } else { + protocolRequests = new ConcurrentHashMap<String, IRequest>(); + } + + synchronized (protocolRequest) { + synchronized (protocolRequests) { + + //Start new Authentication + protocolRequest.setAction(action); + protocolRequest.setModule(module); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); + protocolRequests.put(protocolRequestID, protocolRequest); + Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); + } + } + } + } catch (MOAIDException e) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); + return; + } + + if (protocolRequest == null) { + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); + Logger.error("Failed to generate a valid protocol request!"); + return; + } + } + + + RequestStorage.setPendingRequest(httpSession, protocolRequests); + + AuthenticationManager authmanager = AuthenticationManager.getInstance(); + SSOManager ssomanager = SSOManager.getInstance(); + + String moasessionID = null; + AuthenticationSession moasession = null; + + //get SSO Cookie for Request + String ssoId = ssomanager.getSSOSessionID(req); + + boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); + + if (needAuthentication) { + + //check SSO session + if (ssoId != null) { + String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); + + if (correspondingMOASession != null) { + Log.warn("Request sends an old SSO Session ID("+ssoId+")! " + + "Invalidate the corresponding MOASession with ID="+ correspondingMOASession); + + AuthenticationSessionStoreage.destroySession(correspondingMOASession); + ssomanager.deleteSSOSessionID(req, resp); + } + } + + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(protocolRequest.getOAURL()); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { protocolRequest.getOAURL() }); + } + + + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + useSSOOA = oaParam.useSSO(); + + //if a legacy request is used SSO should not be allowed, actually + boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req); + + if (protocolRequest.isPassiv() + && protocolRequest.forceAuth()) { + // conflict! + throw new NoPassivAuthenticationException(); + } + + boolean tryperform = authmanager.tryPerformAuthentication( + req, resp); + + if (protocolRequest.forceAuth()) { + if (!tryperform) { + authmanager.doAuthentication(req, resp, + protocolRequest); + return; + } + } else if (protocolRequest.isPassiv()) { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { + // Passive authentication ok! + } else { + throw new NoPassivAuthenticationException(); + } + } else { + if (tryperform || (isValidSSOSession && useSSOOA && !isUseMandateRequested) ) { + // Is authenticated .. proceed + } else { + // Start authentication! + authmanager.doAuthentication(req, resp, + protocolRequest); + return; + } + } + + + if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension + { + + //TODO SSO Question!!!! + if (useSSOOA && isValidSSOSession) { + + moasessionID = ssomanager.getMOASession(ssoId); + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + + //use new OAParameter + if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { + authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); + return; + } + } + else { + + //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest! + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } + + //save SSO session usage in Database + String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); + + if (newSSOSessionId != null) { + ssomanager.setSSOSessionID(req, resp, newSSOSessionId); + + } else { + ssomanager.deleteSSOSessionID(req, resp); + } + + } else { +// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + moasessionID = (String) req.getParameter(PARAM_SESSIONID); + + moasession = AuthenticationSessionStoreage.getSession(moasessionID); + } + + + + } + + moduleAction.processRequest(protocolRequest, req, resp, moasession); + + RequestStorage.removePendingRequest(protocolRequests, protocolRequestID); + + if (needAuthentication) { + boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID); + + if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension + && !moasession.getUseMandate()) + { + + } else { + authmanager.logout(req, resp, moasessionID); + } + + //authmanager.logout(req, resp); + } + + } catch (Throwable e) { + e.printStackTrace(); + // Try handle module specific, if not possible rethrow + if (!info.generateErrorMessage(e, req, resp, protocolRequest)) { + throw e; + } + } + } catch (WrongParametersException ex) { + handleWrongParameters(ex, req, resp); + } catch (MOAIDException ex) { + handleError(null, ex, req, resp, protocolRequestID); + } catch (Throwable e) { + handleErrorNoRedirect(e.getMessage(), null, req, + resp); + } + + finally { + ConfigurationDBUtils.closeSession(); + } + + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + processRequest(req, resp); + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + processRequest(req, resp); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java index e1a8673b7..10ff4bfc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java @@ -58,18 +58,19 @@ public class CertStoreConfigurationImpl extends ObservableImpl */ public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { this.conf=conf; - String paramName = ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY; - String certStoreRootDirParam = conf.getGenericConfigurationParameter(paramName); + + String certStoreRootDirParam = conf.getCertstoreDirectory(); + if (certStoreRootDirParam == null) throw new ConfigurationException( - "config.08", new Object[] {paramName}); + "config.08", new Object[] {"CertStoreDirectory"}); rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); if(rootDirectory.startsWith("file:")) rootDirectory = rootDirectory.substring(6); File f = new File(rootDirectory); if (!f.isDirectory()) throw new ConfigurationException( - "config.05", new Object[] {paramName}); + "config.05", new Object[] {"CertStoreDirectory"}); parameters = new CertStoreParameters[] { this }; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java new file mode 100644 index 000000000..be0132c14 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -0,0 +1,347 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.io.IOException; +import java.io.PrintWriter; +import java.util.List; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.OAParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.StringUtils; + +public class AuthenticationManager extends AuthServlet { + + private static AuthenticationManager instance = null; + + private static final long serialVersionUID = 1L; + + public static final String MOA_SESSION = "MoaAuthenticationSession"; + public static final String MOA_AUTHENTICATED = "MoaAuthenticated"; + + + public static AuthenticationManager getInstance() { + if (instance == null) { + instance = new AuthenticationManager(); + } + + return instance; + } + + +// public AuthenticationSession getAuthenticationSession( +// HttpSession session) { +// String sessionID = HTTPSessionUtils.getHTTPSessionString(session, +// MOA_SESSION, null); +// if (sessionID != null) { +// try { +// return AuthenticationSessionStoreage.getSession(sessionID); +// +// } catch (MOADatabaseException e) { +// return null; +// } +// } +// return null; +// } + +// /** +// * Checks if the session is authenticated +// * +// * @param request +// * @param response +// * @return +// */ +// public boolean isAuthenticated(HttpServletRequest request, +// HttpServletResponse response) { +// Logger.info("Checking authentication"); +// +// HttpSession session = request.getSession(); +// +// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); +// +// if(moaSessionID == null) { +// Logger.info("NO MOA Session to logout"); +// return false; +// } +// +//// AuthenticationSession authSession; +//// try { +//// authSession = AuthenticationSessionStoreage +//// .getSession(moaSessionID); +//// +//// } catch (MOADatabaseException e) { +//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +//// return false; +//// } +//// +//// if(authSession == null) { +//// Logger.info("NO MOA Authentication data for ID " + moaSessionID); +//// return false; +//// } +//// +//// return authSession.isAuthenticated(); +// +// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID); +// } + + /** + * Checks if this request can authenticate a MOA Session + * + * @param request + * @param response + * @return + */ + public boolean tryPerformAuthentication(HttpServletRequest request, + HttpServletResponse response) { + + HttpSession session = request.getSession(); + + String sessionID = (String) request.getParameter(PARAM_SESSIONID); + if (sessionID != null) { + Logger.info("got MOASession: " + sessionID); + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage.getSession(sessionID); + + + + if (authSession != null) { + Logger.info("MOASession found! A: " + + authSession.isAuthenticated() + ", AU " + + authSession.isAuthenticatedUsed()); + if (authSession.isAuthenticated() + && !authSession.isAuthenticatedUsed()) { + authSession.setAuthenticatedUsed(true); + + AuthenticationSessionStoreage.storeSession(authSession); + +// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, +// sessionID); + return true; // got authenticated + } + } + + } catch (MOADatabaseException e) { + return false; + } catch (BuildException e) { + return false; + } + } + return false; + } + + public void logout(HttpServletRequest request, + HttpServletResponse response, String moaSessionID) { + Logger.info("Logout"); + + HttpSession session = request.getSession(); + + //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null); + + if(moaSessionID == null) { + moaSessionID = (String) request.getParameter(PARAM_SESSIONID); + } + + if(moaSessionID == null) { + Logger.info("NO MOA Session to logout"); + return; + } + + AuthenticationSession authSession; + try { + authSession = AuthenticationSessionStoreage + .getSession(moaSessionID); + + if(authSession == null) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + authSession.setAuthenticated(false); + //HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION, null); // remove moa session from HTTP Session + + AuthenticationSessionStoreage.destroySession(moaSessionID); + + //session.invalidate(); + + } catch (MOADatabaseException e) { + Logger.info("NO MOA Authentication data for ID " + moaSessionID); + return; + } + + } + + public void doAuthentication(HttpServletRequest request, + HttpServletResponse response, IRequest target) + throws ServletException, IOException, MOAIDException { + Logger.info("Starting authentication ..."); + +// if (!ParamValidatorUtils.isValidOA(target.getOAURL())) +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.12"); +// +// if (target.getOAURL() == null) { +// throw new WrongParametersException("StartAuthentication", PARAM_OA, +// "auth.12"); +// } + + setNoCachingHeadersInHttpRespone(request, response); + + List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols(); + + //is legacy allowed + boolean legacyallowed = legacyallowed_prot.contains(target.requestedModule()); + + //check legacy request parameter + boolean legacyparamavail = ParamValidatorUtils.areAllLegacyParametersAvailable(request); + + AuthenticationSession moasession; + try { + //check if an MOASession exists and if not create an new MOASession + //moasession = getORCreateMOASession(request); + moasession = AuthenticationSessionStoreage.createSession(); + + } catch (MOADatabaseException e1) { + Logger.error("Database Error! MOASession can not be created!"); + throw new MOAIDException("init.04", new Object[] {}); + } + + + if (legacyallowed && legacyparamavail) { + + //parse request parameter into MOASession + + StartAuthentificationParameterParser.parse(request, response, moasession, target); + + Logger.info("Start Authentication Module: " + moasession.getModul() + + " Action: " + moasession.getAction()); + + //start authentication process +// session.getServletContext().getNamedDispatcher("StartAuthentication") +// .forward(request, response); + + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); + + String getIdentityLinkForm = startauth.build(moasession, request, response); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + if (!StringUtils.isEmpty(getIdentityLinkForm)) { + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(getIdentityLinkForm); + out.flush(); + Logger.debug("Finished GET StartAuthentication"); + } + + } else { + //load Parameters from OnlineApplicationConfiguration + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(target.getOAURL()); + + if (oaParam == null) { + throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() }); + } + + else { + + //check if an MOASession exists and if not create an new MOASession + //moasession = getORCreateMOASession(request); + + //set OnlineApplication configuration in Session + moasession.setOAURLRequested(target.getOAURL()); + moasession.setAction(target.requestedAction()); + moasession.setModul(target.requestedModule()); + } + + //Build authentication form + + + String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), + target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID()); + + //store MOASession + try { + AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID()); + } catch (MOADatabaseException e) { + Logger.error("Database Error! MOASession is not stored!"); + throw new MOAIDException("init.04", new Object[] { + moasession.getSessionID()}); + } + + //set MOAIDSession + request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(loginForm); + out.flush(); + } + } + + public void sendTransmitAssertionQuestion(HttpServletRequest request, + HttpServletResponse response, IRequest target, OAAuthParameter oaParam) + throws ServletException, IOException, MOAIDException { + + String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), + target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(form); + out.flush(); + } + + +// private AuthenticationSession getORCreateMOASession(HttpServletRequest request) throws MOAIDException { +// +// //String sessionID = request.getParameter(PARAM_SESSIONID); +// String sessionID = (String) request.getSession().getAttribute(MOA_SESSION); +// AuthenticationSession moasession; +// +// try { +// moasession = AuthenticationSessionStoreage.getSession(sessionID); +// Logger.info("Found existing MOASession with sessionID=" + sessionID +// + ". This session is used for reauthentification."); +// +// } catch (MOADatabaseException e) { +// try { +// moasession = AuthenticationSessionStoreage.createSession(); +// Logger.info("Create a new MOASession with sessionID=" + moasession.getSessionID() + "."); +// +// } catch (MOADatabaseException e1) { +// Logger.error("Database Error! MOASession are not created."); +// throw new MOAIDException("init.04", new Object[] { +// "0"}); +// } +// } +// +// return moasession; +// } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java new file mode 100644 index 000000000..aa8a8d9a9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; + +public interface IAction extends MOAIDAuthConstants { + public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) + throws MOAIDException; + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); + + public String getDefaultActionName(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java new file mode 100644 index 000000000..679ccb000 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; + +public interface IModulInfo { + //public List<ServletInfo> getServlets(); + public String getName(); + public String getPath(); + + public IAction getAction(String action); + + public IRequest preProcess(HttpServletRequest request, + HttpServletResponse response, String action) + throws MOAIDException; + + public IAction canHandleRequest(HttpServletRequest request, + HttpServletResponse response); + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable; + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java new file mode 100644 index 000000000..824b210cf --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.moduls; + +public interface IRequest { + public String getOAURL(); + public boolean isPassiv(); + public boolean forceAuth(); + public boolean isSSOSupported(); + public String requestedModule(); + public String requestedAction(); + public void setModule(String module); + public void setAction(String action); + public String getTarget(); + public void setRequestID(String id); + public String getRequestID(); + + //public void setTarget(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java new file mode 100644 index 000000000..2a92f3ce5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java @@ -0,0 +1,52 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.logging.Logger; + +public class ModulStorage { + + private static final String[] modulClasses = new String[]{ + "at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol", + "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol" + }; + + + private static List<IModulInfo> registeredModules = new ArrayList<IModulInfo>(); + + public static List<IModulInfo> getAllModules() { + return registeredModules; + } + + public static IModulInfo getModuleByPath(String modname) { + Iterator<IModulInfo> it = registeredModules.iterator(); + while (it.hasNext()) { + IModulInfo info = it.next(); + if (info.getPath().equals(modname)) { + return info; + } + } + return null; + } + + static { + Logger.info("Loading modules:"); + for(int i = 0; i < modulClasses.length; i++) { + String modulClassName = modulClasses[i]; + try { + @SuppressWarnings("unchecked") + Class<IModulInfo> moduleClass = (Class<IModulInfo>)Class.forName(modulClassName); + IModulInfo module = moduleClass.newInstance(); + Logger.info("Loading Modul Information: " + module.getName()); + registeredModules.add(module); + } catch(Throwable e) { + Logger.error("Check configuration! " + modulClassName + + " is not a valid IModulInfo", e); + } + } + Logger.info("Loading modules done"); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java new file mode 100644 index 000000000..b07695938 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; + + +public class ModulUtils { + + public static final String UNAUTHDISPATCHER = "dispatcher"; + public static final String AUTHDISPATCHER = "dispatcher"; + + public static String buildUnauthURL(String modul, String action, String pendingRequestID) { + return UNAUTHDISPATCHER + "?" + + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; + } + + public static String buildAuthURL(String modul, String action, String pendingRequestID) { + return AUTHDISPATCHER + + "?" + DispatcherServlet.PARAM_TARGET_MODULE + "=" + modul + "&" + + DispatcherServlet.PARAM_TARGET_ACTION + "=" + action + "&" + + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java new file mode 100644 index 000000000..286da5a91 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.moduls; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class NoPassivAuthenticationException extends MOAIDException { + + public NoPassivAuthenticationException() { + super("auth.18", null); + } + + /** + * + */ + private static final long serialVersionUID = 596920452166197688L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java new file mode 100644 index 000000000..d47e8df05 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -0,0 +1,83 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.io.Serializable; + +public class RequestImpl implements IRequest, Serializable{ + + private static final long serialVersionUID = 1L; + + private String oaURL; + private boolean passiv = false; + private boolean force = false; + private boolean ssosupport = false; + private String module = null; + private String action = null; + private String target = null; + private String requestID; + + + public void setOAURL(String value) { + oaURL = value; + } + + public String getOAURL() { + return oaURL; + } + + public boolean isPassiv() { + return passiv; + } + + public boolean forceAuth() { + return force; + } + + public void setPassiv(boolean passiv) { + this.passiv = passiv; + } + + public void setForce(boolean force) { + this.force = force; + } + + public boolean isSSOSupported() { + return ssosupport; + } + + public String requestedModule() { + return module; + } + + public String requestedAction() { + return action; + } + + public void setSsosupport(boolean ssosupport) { + this.ssosupport = ssosupport; + } + + public void setModule(String module) { + this.module = module; + } + + public void setAction(String action) { + this.action = action; + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public void setRequestID(String id) { + this.requestID = id; + + } + + public String getRequestID() { + return requestID; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java new file mode 100644 index 000000000..d33d4693d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java @@ -0,0 +1,68 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpSession; + +import at.gv.egovernment.moa.logging.Logger; + +public class RequestStorage { + + private static final String PENDING_REQUEST = "PENDING_REQUEST"; + + public static Map<String,IRequest> getPendingRequest(HttpSession session) { + + + Object obj = session.getAttribute(PENDING_REQUEST); + if (obj != null) { + synchronized (obj) { + if (obj instanceof Map<?,?>) { + if (((Map<?,?>) obj).size() > 0) { + if ( ((Map<?,?>) obj).keySet().toArray()[0] instanceof String) { + if (((Map<?,?>) obj).get(((Map<?,?>) obj).keySet().toArray()[0]) + instanceof IRequest) { + return (Map<String, IRequest>) obj; + + + + } + } + } + } + } + session.setAttribute(PENDING_REQUEST, null); + } + return null; + } + + public static void setPendingRequest(HttpSession session, Map<String, IRequest> request) { + session.setAttribute(PENDING_REQUEST, request); + } + + public static void removeAllPendingRequests(HttpSession session) { + + Logger.debug(RequestStorage.class.getName()+": Remove all PendingRequests"); + + session.setAttribute(PENDING_REQUEST, null); + } + + public static void removePendingRequest(Map<String, IRequest> requestmap, String requestID) { + + if (requestmap != null && requestID != null) { + + synchronized (requestmap) { + + //Map<String, IRequest> requestmap = getPendingRequest(session); + + if (requestmap.containsKey(requestID)) { + requestmap.remove(requestID); + Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID); + + } + + //setPendingRequest(session, requestmap); + } + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java new file mode 100644 index 000000000..18eeae58e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -0,0 +1,184 @@ +package at.gv.egovernment.moa.id.moduls; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.List; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.HTTPSessionUtils; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class SSOManager { + + private static final String SSOCOOKIE = "MOA_ID_SSO"; + + private static final int DEFAULTSSOTIMEOUT = 15*60; //sec + + private static SSOManager instance = null; + private static int sso_timeout; + + + public static SSOManager getInstance() { + if (instance == null) { + instance = new SSOManager(); + + //TODO: move to config based timeout! + try { + sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue(); + + } catch (ConfigurationException e) { + Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT); + sso_timeout = DEFAULTSSOTIMEOUT; + } + + } + + return instance; + } + + public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) { + + //search SSO Session + if (ssoSessionID == null) { + Logger.info("No SSO Session cookie found."); + return false; + } + +// String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), +// AuthenticationManager.MOA_SESSION, null); + + return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + + } + + public String getMOASession(String ssoSessionID) { + return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID); + } + + public String existsOldSSOSession(String ssoId) { + + Logger.trace("Check that the SSOID has already been used"); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<OldSSOSessionIDStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSSOSessionWithOldSessionID"); + query.setString("sessionid", ssoId); + result = query.list(); + + //send transaction + + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + session.getTransaction().commit(); + return null; + } + + OldSSOSessionIDStore oldSSOSession = result.get(0); + + AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession(); + + if (correspondingMoaSession == null) { + Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found."); + //TODO: ist der OldSSOSessionStore zum Aufräumen? + return null; + } + + + String moasessionid = correspondingMoaSession.getSessionid(); + + session.getTransaction().commit(); + + return moasessionid; + + } + + public String storeSSOSessionInformations(String moaSessionID, String OAUrl) { + + String newSSOId = Random.nextRandom(); + + System.out.println("generate new SSO Tokken (" + newSSOId + ")"); + + if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) { + Logger.warn("MoaSessionID or OAUrl are empty -> SSO is not enabled!"); + return null; + } + + try { + AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl); + + return newSSOId; + + } catch (AuthenticationException e) { + Logger.warn("SSO Session information can not be stored -> SSO is not enabled!"); + return null; + } + } + + + public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + deleteSSOSessionID(httpReq, httpResp); + } + + Cookie cookie = new Cookie(SSOCOOKIE, ssoId); + cookie.setMaxAge(sso_timeout); + cookie.setSecure(true); + cookie.setPath(httpReq.getContextPath()); + httpResp.addCookie(cookie); + } + + + + public String getSSOSessionID(HttpServletRequest httpReq) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + + //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox) + //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { + + if (cookie.getName().equals(SSOCOOKIE)) { + return cookie.getValue(); + } + } + } + return null; + } + + public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + Cookie[] cookies = httpReq.getCookies(); + + if (cookies != null) { + for (Cookie cookie : cookies) { + if (!cookie.getName().equals(SSOCOOKIE)) + httpResp.addCookie(cookie); + } + } + } +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java new file mode 100644 index 000000000..0181233d5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.moduls; + +import javax.servlet.http.HttpServlet; + + +public class ServletInfo { + Class<? extends HttpServlet> servletClass; + String servletTarget; + ServletType type; + + public ServletInfo(Class<? extends HttpServlet> servletClass, + String servletTarget, ServletType type) { + super(); + this.servletClass = servletClass; + this.servletTarget = servletTarget; + this.type = type; + } + + public HttpServlet getServletInstance() + throws InstantiationException, IllegalAccessException { + return servletClass.newInstance(); + } + + public String getTarget() { + return servletTarget; + } + + public ServletType getType() { + return type; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java new file mode 100644 index 000000000..50b1702f8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.moduls; + +public enum ServletType { + UNAUTH, AUTH, NONE +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java new file mode 100644 index 000000000..59a5158bd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -0,0 +1,31 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager; + +public class AuthenticationAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + + System.out.println("Process PVP2 auth request!"); + PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req; + RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession); + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return (PVP2XProtocol.REDIRECT); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java new file mode 100644 index 000000000..1e3c6145f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.util.HashMap; +import java.util.Map; + +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.xml.io.MarshallingException; + +public class ExternalPVPSessionStore { + + private Map<String, SPSSODescriptor> externalSessions = new HashMap<String, SPSSODescriptor>(); + + public boolean contains(String sessionID) { + return externalSessions.containsKey(sessionID); + } + + public void put(String sessionID, SPSSODescriptor sso) throws MarshallingException { + externalSessions.put(sessionID, sso); + } + + public SPSSODescriptor get(String sessionID) { + return externalSessions.get(sessionID); + } + + public void remove(String sessionID) { + externalSessions.remove(sessionID); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java new file mode 100644 index 000000000..3d0fd80bd --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -0,0 +1,209 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.io.StringWriter; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.dom.DOMSource; +import javax.xml.transform.stream.StreamResult; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +public class MetadataAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + try { + + EntitiesDescriptor idpEntitiesDescriptor = + SAML2Utils.createSAMLObject(EntitiesDescriptor.class); + + idpEntitiesDescriptor.setName(PVPConfiguration.getInstance().getIDPIssuerName()); + + idpEntitiesDescriptor.setID(SAML2Utils.getSecureIdentifier()); + + idpEntitiesDescriptor.setValidUntil(new DateTime().plusWeeks(4)); + + EntityDescriptor idpEntityDescriptor = SAML2Utils + .createSAMLObject(EntityDescriptor.class); + + idpEntitiesDescriptor.getEntityDescriptors().add(idpEntityDescriptor); + + idpEntityDescriptor + .setEntityID(PVPConfiguration.getInstance().getIDPPublicPath()); + + List<ContactPerson> persons = PVPConfiguration.getInstance() + .getIDPContacts(); + + idpEntityDescriptor.getContactPersons().addAll(persons); + + idpEntityDescriptor.setOrganization(PVPConfiguration.getInstance() + .getIDPOrganisation()); + + X509KeyInfoGeneratorFactory keyInfoFactory = new X509KeyInfoGeneratorFactory(); + keyInfoFactory.setEmitPublicKeyValue(true); + keyInfoFactory.setEmitEntityIDAsKeyName(true); + keyInfoFactory.setEmitEntityCertificate(true); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); + + Credential credential = CredentialProvider + .getIDPSigningCredential(); + + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential)); + + Signature signature = CredentialProvider + .getIDPSignature(credential); + + idpEntitiesDescriptor.setSignature(signature); + + IDPSSODescriptor idpSSODescriptor = SAML2Utils + .createSAMLObject(IDPSSODescriptor.class); + + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + idpSSODescriptor.setWantAuthnRequestsSigned(true); + + if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { + SingleSignOnService postSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + + postSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSOPostService()); + postSingleSignOnService + .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + + idpSSODescriptor.getSingleSignOnServices().add( + postSingleSignOnService); + } + + if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { + SingleSignOnService redirectSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + + redirectSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSORedirectService()); + redirectSingleSignOnService + .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + + idpSSODescriptor.getSingleSignOnServices().add( + redirectSingleSignOnService); + } + + /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { + ArtifactResolutionService artifactResolutionService = SAML2Utils + .createSAMLObject(ArtifactResolutionService.class); + + artifactResolutionService + .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + artifactResolutionService.setLocation(PVPConfiguration + .getInstance().getIDPResolveSOAPService()); + + artifactResolutionService.setIndex(0); + + idpSSODescriptor.getArtifactResolutionServices().add( + artifactResolutionService); + }*/ + + idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); + + NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); + + idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); + + NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + + idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); + + NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); + + idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(idpEntitiesDescriptor); + out.marshall(idpEntitiesDescriptor, document); + + Signer.signObject(signature); + + Transformer transformer = TransformerFactory.newInstance() + .newTransformer(); + + StringWriter sw = new StringWriter(); + StreamResult sr = new StreamResult(sw); + DOMSource source = new DOMSource(document); + transformer.transform(source, sr); + sw.close(); + + String metadataXML = sw.toString(); + + System.out.println("METADATA: " + metadataXML); + + httpResp.setContentType("text/xml"); + httpResp.getOutputStream().write(metadataXML.getBytes()); + + httpResp.getOutputStream().close(); + + } catch (Exception e) { + Logger.error("Failed to generate metadata", e); + throw new MOAIDException("pvp2.13", null); + } + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + } + + public String getDefaultActionName() { + return (PVP2XProtocol.METADATA); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java new file mode 100644 index 000000000..6055484f7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -0,0 +1,302 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import iaik.pkcs.pkcs11.objects.Object; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.opensaml.DefaultBootstrap; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusMessage; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.xml.ConfigurationException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.ServletInfo; +import at.gv.egovernment.moa.id.moduls.ServletType; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.VelocityLogAdapter; + +public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = PVP2XProtocol.class.getName(); + public static final String PATH = "id_pvp2x"; + + public static final String REDIRECT = "Redirect"; + public static final String POST = "Post"; + public static final String SOAP = "Soap"; + public static final String METADATA = "Metadata"; + + private static List<ServletInfo> servletList = new ArrayList<ServletInfo>(); + + private static List<IDecoder> decoder = new ArrayList<IDecoder>(); + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT, + ServletType.AUTH)); + servletList.add(new ServletInfo(PVPProcessor.class, POST, + ServletType.AUTH)); + + decoder.add(new PostBinding()); + decoder.add(new RedirectBinding()); + + actions.put(REDIRECT, new AuthenticationAction()); + actions.put(POST, new AuthenticationAction()); + actions.put(METADATA, new MetadataAction()); + + instance = new PVP2XProtocol(); + + new VelocityLogAdapter(); + } + + private static PVP2XProtocol instance = null; + + public static PVP2XProtocol getInstance() { + if (instance == null) { + instance = new PVP2XProtocol(); + } + return instance; + } + + public List<ServletInfo> getServlets() { + return servletList; + } + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + private IDecoder findDecoder(String action, HttpServletRequest req) { + Iterator<IDecoder> decoderIT = decoder.iterator(); + while (decoderIT.hasNext()) { + IDecoder decoder = decoderIT.next(); + if (decoder.handleDecode(action, req)) { + return decoder; + } + } + + return null; + } + + public PVP2XProtocol() { + super(); + } + + public IRequest preProcess(HttpServletRequest request, + HttpServletResponse response, String action) throws MOAIDException { + + if(METADATA.equals(action)) { + return new PVPTargetConfiguration(); + } + + IDecoder decoder = findDecoder(action, request); + if (decoder == null) { + return null; + } + try { + PVPTargetConfiguration config = new PVPTargetConfiguration(); + + + MOARequest moaRequest = decoder.decodeRequest(request, response); + + RequestAbstractType samlReq = moaRequest.getSamlRequest(); + + //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq)); + + //Logger.info("SAML : " + xml); + + if(!moaRequest.isVerified()) { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + moaRequest.setVerified(true); + } + + if(!(samlReq instanceof AuthnRequest)) { + throw new MOAIDException("Unsupported request", new Object[] {}); + } + + AuthnRequest authnRequest = (AuthnRequest)samlReq; + + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int assertionidx = 0; + + if(aIdx != null) { + assertionidx = aIdx.intValue(); + } + + aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int attributeIdx = 0; + + if(aIdx != null) { + attributeIdx = aIdx.intValue(); + } + + EntityDescriptor metadata = moaRequest.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); + AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + + //TODO: maybe change to getEntityID() + //String oaURL = consumerService.getLocation(); + String oaURL = moaRequest.getEntityMetadata().getEntityID(); + String binding = consumerService.getBinding(); + String entityID = moaRequest.getEntityMetadata().getEntityID(); + + //String oaURL = (String) request.getParameter(PARAM_OA); + oaURL = StringEscapeUtils.escapeHtml(oaURL); +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); + + config.setOAURL(oaURL); + config.setBinding(binding); + config.setRequest(moaRequest); + config.setConsumerURL(consumerService.getLocation()); + + //TODO: set correct target; + config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID)); + + String useMandate = request.getParameter(PARAM_USEMANDATE); + if(useMandate != null) { + if(useMandate.equals("true")) { + if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { + throw new MandateAttributesNotHandleAbleException(); + } + } + } + + request.getSession().setAttribute(PARAM_OA, oaURL); + + return config; + } catch (Exception e) { + e.printStackTrace(); + throw new MOAIDException(e.getMessage(), new Object[] {}); + } + } + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) throws Throwable { + + if(protocolRequest == null) { + throw e; + } + + if(!(protocolRequest instanceof PVPTargetConfiguration) ) { + throw e; + } + PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration)protocolRequest; + + Response samlResponse = + SAML2Utils.createSAMLObject(Response.class); + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + if(e instanceof NoPassivAuthenticationException) { + statusCode.setValue(StatusCode.NO_PASSIVE_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } else if(e instanceof PVP2Exception) { + PVP2Exception ex = (PVP2Exception) e; + statusCode.setValue(ex.getStatusCodeValue()); + String statusMessageValue = ex.getStatusMessageValue(); + if(statusMessageValue != null) { + statusMessage.setMessage(statusMessageValue); + } + } else { + statusCode.setValue(StatusCode.RESPONDER_URI); + statusMessage.setMessage(e.getLocalizedMessage()); + } + + status.setStatusCode(statusCode); + if(statusMessage.getMessage() != null) { + status.setStatusMessage(statusMessage); + } + samlResponse.setStatus(status); + + IEncoder encoder = null; + + if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + encoder = new RedirectBinding(); + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { + // TODO: not supported YET!! + //binding = new ArtifactBinding(); + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + encoder = new PostBinding(); + } + + if(encoder == null) { + // default to redirect binding + encoder = new RedirectBinding(); + } + + encoder.encodeRespone(request, response, samlResponse, pvpRequest.getConsumerURL()); + return true; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + public IAction canHandleRequest(HttpServletRequest request, + HttpServletResponse response) { + if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) { + return getAction(REDIRECT); + } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) { + return getAction(POST); + } + + if(METADATA.equals(request.getParameter("action"))) { + return getAction(METADATA); + } + return null; + } + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + // TODO implement validation! + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java new file mode 100644 index 000000000..2e2f75b94 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.artifact.SAMLArtifactMap; +import org.opensaml.xml.io.MarshallingException; + +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.StoredAssertion; +import at.gv.egovernment.moa.id.storage.AssertionStorage; + +public class PVPAssertionStorage implements SAMLArtifactMap { + + private static PVPAssertionStorage instance = null; + + public static PVPAssertionStorage getInstance() { + if(instance == null) { + instance = new PVPAssertionStorage(); + } + return instance; + } + + //private Map<String, SAMLArtifactMapEntry> assertions = new HashMap<String, SAMLArtifactMapEntry>(); + private AssertionStorage assertions = AssertionStorage.getInstance(); + + public boolean contains(String artifact) { + return assertions.containsKey(artifact); + } + + public void put(String artifact, String relyingPartyId, String issuerId, + SAMLObject samlMessage) throws MarshallingException { + SAMLArtifactMapEntry assertion = new StoredAssertion(artifact, + relyingPartyId, + issuerId, + samlMessage); + + try { + assertions.put(artifact, assertion); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be stored + throw new MarshallingException("Assertion are not stored in Database.",e); + } + } + + public SAMLArtifactMapEntry get(String artifact) { + try { + return assertions.get(artifact, SAMLArtifactMapEntry.class); + + } catch (MOADatabaseException e) { + // TODO Insert Error Handling, if Assertion could not be read + e.printStackTrace(); + return null; + } + } + + public void remove(String artifact) { + assertions.remove(artifact); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java new file mode 100644 index 000000000..e8b661362 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -0,0 +1,236 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +public interface PVPConstants { + + public static final String STORK_QAA_1_1 = "http://www.stork.gov.eu/1.0/citizenQAALevel/1"; + public static final String STORK_QAA_1_2 = "http://www.stork.gov.eu/1.0/citizenQAALevel/2"; + public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; + public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; + + public static final String URN_OID_PREFIX = "urn:oid:"; + + public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10"; + public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID; + public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION"; + public static final String PVP_VERSION_2_1 = "2.1"; + + public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS"; + + public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20"; + public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID; + public static final String PRINCIPAL_NAME_FRIENDLY_NAME = "PRINCIPAL-NAME"; + public static final int PRINCIPAL_NAME_MAX_LENGTH = 128; + + public static final String GIVEN_NAME_OID = "2.5.4.42"; + public static final String GIVEN_NAME_NAME = URN_OID_PREFIX + GIVEN_NAME_OID; + public static final String GIVEN_NAME_FRIENDLY_NAME = "GIVEN-NAME"; + public static final int GIVEN_NAME_MAX_LENGTH = 128; + + public static final String BIRTHDATE_OID = "1.2.40.0.10.2.1.1.55"; + public static final String BIRTHDATE_NAME = URN_OID_PREFIX + BIRTHDATE_OID; + public static final String BIRTHDATE_FRIENDLY_NAME = "BIRTHDATE"; + public static final String BIRTHDATE_FORMAT_PATTERN = "yyyy-MM-dd"; + + public static final String USERID_OID = "0.9.2342.19200300.100.1.1"; + public static final String USERID_NAME = URN_OID_PREFIX + USERID_OID; + public static final String USERID_FRIENDLY_NAME = "USERID"; + public static final int USERID_MAX_LENGTH = 128; + + public static final String GID_OID = "1.2.40.0.10.2.1.1.1"; + public static final String GID_NAME = URN_OID_PREFIX + GID_OID; + public static final String GID_FRIENDLY_NAME = "GID"; + public static final int GID_MAX_LENGTH = 128; + + public static final String BPK_OID = "1.2.40.0.10.2.1.1.149"; + public static final String BPK_NAME = URN_OID_PREFIX + BPK_OID; + public static final String BPK_FRIENDLY_NAME = "BPK"; + public static final int BPK_MAX_LENGTH = 1024; + + public static final String ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.22"; + public static final String ENC_BPK_LIST_NAME = URN_OID_PREFIX+ENC_BPK_LIST_OID; + public static final String ENC_BPK_LIST_FRIENDLY_NAME = "ENC-BPK-LIST"; + public static final int ENC_BPK_LIST_MAX_LENGTH = 32767; + + public static final String MAIL_OID = "0.9.2342.19200300.100.1.3"; + public static final String MAIL_NAME = URN_OID_PREFIX + MAIL_OID; + public static final String MAIL_FRIENDLY_NAME = "MAIL"; + public static final int MAIL_MAX_LENGTH = 128; + + public static final String TEL_OID = "2.5.4.20"; + public static final String TEL_NAME = URN_OID_PREFIX + TEL_OID; + public static final String TEL_FRIENDLY_NAME = "TEL"; + public static final int TEL_MAX_LENGTH = 32; + + public static final String PARTICIPANT_ID_OID = "1.2.40.0.10.2.1.1.71"; + public static final String PARTICIPANT_ID_NAME = URN_OID_PREFIX + PARTICIPANT_ID_OID; + public static final String PARTICIPANT_ID_FRIENDLY_NAME = "PARTICIPANT-ID"; + public static final int PARTICIPANT_MAX_LENGTH = 39; + + public static final String PARTICIPANT_OKZ_OID = "1.2.40.0.10.2.1.1.261.24"; + public static final String PARTICIPANT_OKZ_NAME = URN_OID_PREFIX + PARTICIPANT_OKZ_OID; + public static final String PARTICIPANT_OKZ_FRIENDLY_NAME = "PARTICIPANT-OKZ"; + public static final int PARTICIPANT_OKZ_MAX_LENGTH = 32; + + public static final String OU_OKZ_OID = "1.2.40.0.10.2.1.1.153"; + public static final String OU_OKZ_NAME = URN_OID_PREFIX + OU_OKZ_OID; + public static final int OU_OKZ_MAX_LENGTH = 32; + + public static final String OU_GV_OU_ID_OID = "1.2.40.0.10.2.1.1.3"; + public static final String OU_GV_OU_ID_NAME = URN_OID_PREFIX + OU_GV_OU_ID_OID; + public static final String OU_GV_OU_ID_FRIENDLY_NAME = "OU-GV-OU-ID"; + public static final int OU_GV_OU_ID_MAX_LENGTH = 39; + + public static final String OU_OID = "2.5.4.11"; + public static final String OU_NAME = URN_OID_PREFIX + OU_OID; + public static final String OU_FRIENDLY_NAME = "OU"; + public static final int OU_MAX_LENGTH = 64; + + public static final String FUNCTION_OID = "1.2.40.0.10.2.1.1.33"; + public static final String FUNCTION_NAME = URN_OID_PREFIX + FUNCTION_OID; + public static final String FUNCTION_FRIENDLY_NAME = "FUNCTION"; + public static final int FUNCTION_MAX_LENGTH = 32; + + public static final String ROLES_OID = "1.2.40.0.10.2.1.1.261.30"; + public static final String ROLES_NAME = URN_OID_PREFIX + ROLES_OID; + public static final String ROLES_FRIENDLY_NAME = "ROLES"; + public static final int ROLES_MAX_LENGTH = 32767; + + public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94"; + public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID; + public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL"; + + public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32"; + public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID; + public static final String EID_ISSUING_NATION_FRIENDLY_NAME = "EID-ISSUING-NATION"; + public static final int EID_ISSUING_NATION_MAX_LENGTH = 2; + + public static final String EID_SECTOR_FOR_IDENTIFIER_OID = "1.2.40.0.10.2.1.1.261.34"; + public static final String EID_SECTOR_FOR_IDENTIFIER_NAME = URN_OID_PREFIX + EID_SECTOR_FOR_IDENTIFIER_OID; + public static final String EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME = "EID-SECTOR-FOR-IDENTIFIER"; + public static final int EID_SECTOR_FOR_IDENTIFIER_MAX_LENGTH = 255; + + public static final String EID_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.36"; + public static final String EID_SOURCE_PIN_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_OID; + public static final String EID_SOURCE_PIN_FRIENDLY_NAME = "EID-SOURCE-PIN"; + public static final int EID_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String EID_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.104"; + public static final String EID_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + EID_SOURCE_PIN_TYPE_OID; + public static final String EID_SOURCE_PIN_TYPE_FRIENDLY_NAME = "EID-SOURCE-PIN-TYPE"; + public static final int EID_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String EID_IDENTITY_LINK_OID = "1.2.40.0.10.2.1.1.261.38"; + public static final String EID_IDENTITY_LINK_NAME = URN_OID_PREFIX + EID_IDENTITY_LINK_OID; + public static final String EID_IDENTITY_LINK_FRIENDLY_NAME = "EID-IDENTITY-LINK"; + public static final int EID_IDENTITY_LINK_MAX_LENGTH = 32767; + + public static final String EID_AUTH_BLOCK_OID = "1.2.40.0.10.2.1.1.261.62"; + public static final String EID_AUTH_BLOCK_NAME = URN_OID_PREFIX + EID_AUTH_BLOCK_OID; + public static final String EID_AUTH_BLOCK_FRIENDLY_NAME = "EID-AUTH-BLOCK"; + public static final int EID_AUTH_BLOCK_MAX_LENGTH = 32767; + + public static final String EID_CCS_URL_OID = "1.2.40.0.10.2.1.1.261.64"; + public static final String EID_CCS_URL_NAME = URN_OID_PREFIX + EID_CCS_URL_OID; + public static final String EID_CCS_URL_FRIENDLY_NAME = "EID-CCS-URL"; + public static final int EID_CCS_URL_MAX_LENGTH = 1024; + + public static final String EID_SIGNER_CERTIFICATE_OID = "1.2.40.0.10.2.1.1.261.66"; + public static final String EID_SIGNER_CERTIFICATE_NAME = URN_OID_PREFIX + EID_SIGNER_CERTIFICATE_OID; + public static final String EID_SIGNER_CERTIFICATE_FRIENDLY_NAME = "EID-SIGNER-CERTIFICATE"; + public static final int EID_SIGNER_CERTIFICATE_MAX_LENGTH = 32767; + + public static final String EID_STORK_TOKEN_OID = "1.2.40.0.10.2.1.1.261.96"; + public static final String EID_STORK_TOKEN_NAME = URN_OID_PREFIX + EID_STORK_TOKEN_OID; + public static final String EID_STORK_TOKEN_FRIENDLY_NAME = "EID-STORK-TOKEN"; + public static final int EID_STORK_TOKEN_MAX_LENGTH = 32767; + + public static final String MANDATE_TYPE_OID = "1.2.40.0.10.2.1.1.261.68"; + public static final String MANDATE_TYPE_NAME = URN_OID_PREFIX + MANDATE_TYPE_OID; + public static final String MANDATE_TYPE_FRIENDLY_NAME = "MANDATE-TYPE"; + public static final int MANDATE_TYPE_MAX_LENGTH = 256; + + public static final String MANDATE_NAT_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.70"; + public static final String MANDATE_NAT_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_OID; + public static final String MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN"; + public static final int MANDATE_NAT_PER_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String MANDATE_LEG_PER_SOURCE_PIN_OID = "1.2.40.0.10.2.1.1.261.100"; + public static final String MANDATE_LEG_PER_SOURCE_PIN_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_OID; + public static final String MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN"; + public static final int MANDATE_LEG_PER_SOURCE_PIN_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.102"; + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + public static final String MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-SOURCE-PIN-TYPE"; + public static final int MANDATE_NAT_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID = "1.2.40.0.10.2.1.1.261.76"; + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_SOURCE_PIN_TYPE_OID; + public static final String MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-SOURCE-PIN-TYPE"; + public static final int MANDATE_LEG_PER_SOURCE_PIN_TYPE_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_BPK_OID = "1.2.40.0.10.2.1.1.261.98"; + public static final String MANDATE_NAT_PER_BPK_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BPK_OID; + public static final String MANDATE_NAT_PER_BPK_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BPK"; + public static final int MANDATE_NAT_PER_BPK_MAX_LENGTH = 1024; + + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_OID = "1.2.40.0.10.2.1.1.261.72"; + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_ENC_BPK_LIST_OID; + public static final String MANDATE_NAT_PER_ENC_BPK_LIST_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-ENC-BPK-LIST"; + public static final int MANDATE_NAT_PER_ENC_BPK_LIST_MAX_LENGTH = 32767; + + public static final String MANDATE_NAT_PER_GIVEN_NAME_OID = "1.2.40.0.10.2.1.1.261.78"; + public static final String MANDATE_NAT_PER_GIVEN_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_GIVEN_NAME_OID; + public static final String MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-GIVEN-NAME"; + public static final int MANDATE_NAT_PER_GIVEN_NAME_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_FAMILY_NAME_OID = "1.2.40.0.10.2.1.1.261.80"; + public static final String MANDATE_NAT_PER_FAMILY_NAME_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_FAMILY_NAME_OID; + public static final String MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-FAMILY-NAME"; + public static final int MANDATE_NAT_PER_FAMILY_NAME_MAX_LENGTH = 128; + + public static final String MANDATE_NAT_PER_BIRTHDATE_OID = "1.2.40.0.10.2.1.1.261.82"; + public static final String MANDATE_NAT_PER_BIRTHDATE_NAME = URN_OID_PREFIX + MANDATE_NAT_PER_BIRTHDATE_OID; + public static final String MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME = "MANDATOR-NATURAL-PERSON-BIRTHDATE"; + public static final String MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN = BIRTHDATE_FORMAT_PATTERN; + + public static final String MANDATE_LEG_PER_FULL_NAME_OID = "1.2.40.0.10.2.1.1.261.84"; + public static final String MANDATE_LEG_PER_FULL_NAME_NAME = URN_OID_PREFIX + MANDATE_LEG_PER_FULL_NAME_OID; + public static final String MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME = "MANDATOR-LEGAL-PERSON-FULL-NAME"; + public static final int MANDATE_LEG_PER_FULL_NAME_MAX_LENGTH = 256; + + public static final String MANDATE_PROF_REP_OID_OID = "1.2.40.0.10.2.1.1.261.86"; + public static final String MANDATE_PROF_REP_OID_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_OID_OID; + public static final String MANDATE_PROF_REP_OID_FRIENDLY_NAME = "MANDATOR-PROF-REP-OID"; + public static final int MANDATE_PROF_REP_OID_MAX_LENGTH = 256; + + public static final String MANDATE_PROF_REP_DESC_OID = "1.2.40.0.10.2.1.1.261.88"; + public static final String MANDATE_PROF_REP_DESC_NAME = URN_OID_PREFIX + MANDATE_PROF_REP_DESC_OID; + public static final String MANDATE_PROF_REP_DESC_FRIENDLY_NAME = "MANDATOR-PROF-REP-DESCRIPTION"; + public static final int MANDATE_PROF_REP_DESC_MAX_LENGTH = 1024; + + public static final String MANDATE_REFERENCE_VALUE_OID = "1.2.40.0.10.2.1.1.261.90"; + public static final String MANDATE_REFERENCE_VALUE_NAME = URN_OID_PREFIX + MANDATE_REFERENCE_VALUE_OID; + public static final String MANDATE_REFERENCE_VALUE_FRIENDLY_NAME = "MANDATE-REFERENCE-VALUE"; + public static final int MANDATE_REFERENCE_VALUE_MAX_LENGTH = 100; + + public static final String MANDATE_FULL_MANDATE_OID = "1.2.40.0.10.2.1.1.261.92"; + public static final String MANDATE_FULL_MANDATE_NAME = URN_OID_PREFIX + MANDATE_FULL_MANDATE_OID; + public static final String MANDATE_FULL_MANDATE_FRIENDLY_NAME = "MANDATE-FULL-MANDATE"; + public static final int MANDATE_FULL_MANDATE_MAX_LENGTH = 32767; + + public static final String INVOICE_RECPT_ID_OID = "1.2.40.0.10.2.1.1.261.40"; + public static final String INVOICE_RECPT_ID_NAME = URN_OID_PREFIX + INVOICE_RECPT_ID_OID; + public static final String INVOICE_RECPT_ID_FRIENDLY_NAME = "INVOICE-RECPT-ID"; + public static final int INVOICE_RECPT_ID_MAX_LENGTH = 64; + + public static final String COST_CENTER_ID_OID = "1.2.40.0.10.2.1.1.261.50"; + public static final String COST_CENTER_ID_NAME = URN_OID_PREFIX + COST_CENTER_ID_OID; + public static final String COST_CENTER_ID_FRIENDLY_NAME = "COST-CENTER-ID"; + public static final int COST_CENTER_ID_MAX_LENGTH = 32767; + + public static final String CHARGE_CODE_OID = "1.2.40.0.10.2.1.1.261.60"; + public static final String CHARGE_CODE_NAME = URN_OID_PREFIX + CHARGE_CODE_OID; + public static final String CHARGE_CODE_FRIENDLY_NAME = "CHARGE-CODE"; + public static final int CHARGE_CODE_MAX_LENGTH = 32767; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java new file mode 100644 index 000000000..d7079ba5c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; + +public class PVPProcessor extends AuthServlet { + + /** + * + */ + private static final long serialVersionUID = 4102075202310068260L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java new file mode 100644 index 000000000..d842d5fe0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; + +public class PVPTargetConfiguration extends RequestImpl { + MOARequest request; + String binding; + String consumerURL; + + public MOARequest getRequest() { + return request; + } + + public void setRequest(MOARequest request) { + this.request = request; + } + + public String getBinding() { + return binding; + } + + public void setBinding(String binding) { + this.binding = binding; + } + + public String getConsumerURL() { + return consumerURL; + } + + public void setConsumerURL(String consumerURL) { + this.consumerURL = consumerURL; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java new file mode 100644 index 000000000..1d51d91f1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPArtifactEncoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.Signature; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; + +public class ArtifactBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO Auto-generated method stub + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + Signature signer = CredentialProvider.getIDPSignature(credentials); + response.setSignature(signer); + + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.init(); + + HTTPArtifactEncoder encoder = new HTTPArtifactEncoder(engine, + "resources/templates/pvp_postbinding_template.html", + PVPAssertionStorage.getInstance()); + + encoder.setPostEncoding(false); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_ARTIFACT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + // TODO Auto-generated method stub + return null; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + // TODO Auto-generated method stub + return null; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java new file mode 100644 index 000000000..0f82d9a3f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IDecoder { + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) + throws MessageDecodingException, SecurityException, PVP2Exception; + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) + throws MessageDecodingException, SecurityException, PVP2Exception; + + public boolean handleDecode(String action, HttpServletRequest req); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java new file mode 100644 index 000000000..66526534d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -0,0 +1,30 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IEncoder { + public void encodeRequest(HttpServletRequest req, + HttpServletResponse resp, RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception; + + /** + * Encoder SAML Response + * @param req The http request + * @param resp The http response + * @param response The repsonse object + * @param targetLocation + * @throws MessageEncodingException + * @throws SecurityException + */ + public void encodeRespone(HttpServletRequest req, + HttpServletResponse resp, StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java new file mode 100644 index 000000000..946f62066 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java @@ -0,0 +1,40 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.metadata.EntityDescriptor; + +public class MOARequest { + private RequestAbstractType samlRequest; + private EntityDescriptor entityMetadata; + private boolean verified = false; + + public MOARequest(RequestAbstractType request) { + samlRequest = request; + } + + public RequestAbstractType getSamlRequest() { + return samlRequest; + } + + public void setSamlRequest(RequestAbstractType request) { + this.samlRequest = request; + } + + public boolean isVerified() { + return verified; + } + + public void setVerified(boolean verified) { + this.verified = verified; + } + + public EntityDescriptor getEntityMetadata() { + return entityMetadata; + } + + public void setEntityMetadata(EntityDescriptor entityMetadata) { + this.entityMetadata = entityMetadata; + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java new file mode 100644 index 000000000..47f935b0c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java @@ -0,0 +1,38 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.EntityDescriptor; + +public class MOAResponse { + private Response samlResponse; + private EntityDescriptor entityMetadata; + private boolean verified = false; + + public MOAResponse(Response response) { + samlResponse = response; + } + + public Response getSamlResponse() { + return samlResponse; + } + + public void setSamlResponse(Response samlResponse) { + this.samlResponse = samlResponse; + } + + public boolean isVerified() { + return verified; + } + + public void setVerified(boolean verified) { + this.verified = verified; + } + + public EntityDescriptor getEntityMetadata() { + return entityMetadata; + } + + public void setEntityMetadata(EntityDescriptor entityMetadata) { + this.entityMetadata = entityMetadata; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java new file mode 100644 index 000000000..513939e5d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -0,0 +1,12 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import org.opensaml.common.binding.decoding.URIComparator; + +public class MOAURICompare implements URIComparator { + + public boolean compare(String uri1, String uri2) { + // TODO: implement proper equalizer for rewritten URLS + return true; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java new file mode 100644 index 000000000..85861297c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -0,0 +1,139 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.velocity.app.VelocityEngine; +import org.apache.velocity.runtime.RuntimeConstants; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPPostDecoder; +import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.auth.stork.VelocityProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; + +public class PostBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO Auto-generated method stub + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + // VelocityEngine engine = + // VelocityProvider.getClassPathVelocityEngine(); + VelocityEngine engine = new VelocityEngine(); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8"); + engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8"); + engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath"); + engine.setProperty("classpath.resource.loader.class", + "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader"); + engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS, + "org.apache.velocity.runtime.log.SimpleLog4JLogSystem"); + engine.init(); + + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "resources/templates/pvp_postbinding_template.html"); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + // context.setOutboundMessage(authReq); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } catch (Exception e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + decode.setURIComparator(new MOAURICompare()); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + + decode.decode(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + + MOARequest request = new MOARequest(inboundMessage); + request.setVerified(false); + request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return request; + + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + decode.decode(messageContext); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + + MOAResponse moaResponse = new MOAResponse(inboundMessage); + moaResponse.setVerified(false); + moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return moaResponse; + + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (req.getMethod().equals("POST")); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java new file mode 100644 index 000000000..86801dde5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -0,0 +1,148 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder; +import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder; +import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.security.SecurityPolicyResolver; +import org.opensaml.ws.security.provider.BasicSecurityPolicy; +import org.opensaml.ws.security.provider.StaticSecurityPolicyResolver; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.logging.Logger; + +public class RedirectBinding implements IDecoder, IEncoder { + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException { + // TODO: implement + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + // context.setOutboundMessage(authReq); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + decode.setURIComparator(new MOAURICompare()); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + messageContext.setSecurityPolicyResolver(resolver); + + decode.decode(messageContext); + + signatureRule.evaluate(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + MOARequest request = new MOARequest(inboundMessage); + request.setVerified(true); + request.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return request; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException { + + HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( + new BasicParserPool()); + BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( + TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + // signatureRule.evaluate(messageContext); + BasicSecurityPolicy policy = new BasicSecurityPolicy(); + policy.getPolicyRules().add(signatureRule); + SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( + policy); + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + messageContext.setSecurityPolicyResolver(resolver); + MOAMetadataProvider provider = null; + + provider = MOAMetadataProvider.getInstance(); + + messageContext.setMetadataProvider(provider); + + decode.decode(messageContext); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + + MOAResponse moaResponse = new MOAResponse(inboundMessage); + moaResponse.setVerified(true); + moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); + return moaResponse; + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod() + .equals("GET")); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java new file mode 100644 index 000000000..04ec3eaee --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -0,0 +1,87 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.BasicSAMLMessageContext; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; +import org.opensaml.ws.transport.http.HttpServletRequestAdapter; +import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; + +public class SoapBinding implements IDecoder, IEncoder { + + public MOARequest decodeRequest(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException, PVP2Exception { + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(); + BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = + new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + messageContext + .setInboundMessageTransport(new HttpServletRequestAdapter( + req)); + soapDecoder.decode(messageContext); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + + MOARequest request = new MOARequest(inboundMessage); + + return request; + } + + public MOAResponse decodeRespone(HttpServletRequest req, + HttpServletResponse resp) throws MessageDecodingException, + SecurityException, PVP2Exception { + throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response"); + } + + public boolean handleDecode(String action, HttpServletRequest req) { + return (action.equals(PVP2XProtocol.SOAP)); + } + + public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, + RequestAbstractType request, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception { + + } + + public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, + StatusResponseType response, String targetLocation) + throws MessageEncodingException, SecurityException, PVP2Exception { + try { + Credential credentials = CredentialProvider + .getIDPSigningCredential(); + + HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setOutboundSAMLMessage(response); + context.setOutboundMessageTransport(responseAdapter); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java new file mode 100644 index 000000000..ab880bb9e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java @@ -0,0 +1,158 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; + +public class CitizenTokenBuilder { + + public static XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + public static XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + public static Attribute buildStringAttribute(String friendlyName, + String name, String value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + public static Attribute buildIntegerAttribute(String friendlyName, + String name, int value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + public static Attribute buildPVPVersion(String value) { + return buildStringAttribute("PVP-VERSION", + "urn:oid:1.2.40.0.10.2.1.1.261.10", value); + } + + public static Attribute buildSecClass(int value) { + return buildIntegerAttribute("SECCLASS", + "", value); + } + + public static Attribute buildPrincipalName(String value) { + return buildStringAttribute("PRINCIPAL-NAME", + "urn:oid:1.2.40.0.10.2.1.1.261.20", value); + } + + public static Attribute buildGivenName(String value) { + return buildStringAttribute("GIVEN-NAME", + "urn:oid:2.5.4.42", value); + } + + public static Attribute buildBirthday(String value) { + return buildStringAttribute("BIRTHDATE", + "urn:oid:1.2.40.0.10.2.1.1.55", value); + } + + public static Attribute buildBPK(String value) { + return buildStringAttribute("BPK", + "urn:oid:1.2.40.0.10.2.1.1.149", value); + } + + public static Attribute buildEID_CITIZEN_QAALEVEL(int value) { + return buildIntegerAttribute("EID-CITIZEN-QAA-LEVEL", + "urn:oid:1.2.40.0.10.2.1.1.261.94", value); + } + + public static Attribute buildEID_ISSUING_NATION(String value) { + return buildStringAttribute("EID-ISSUING-NATION", + "urn:oid:1.2.40.0.10.2.1.1.261.32", value); + } + + public static Attribute buildEID_SECTOR_FOR_IDENTIFIER(String value) { + return buildStringAttribute("EID-SECTOR-FOR-IDENTIFIER", + "urn:oid:1.2.40.0.10.2.1.1.261.34", value); + } + + +// public static AttributeStatement buildCitizenToken(MOARequest obj, +// AuthenticationSession authSession) { +// AttributeStatement statement = +// SAML2Utils.createSAMLObject(AttributeStatement.class); +// +// //TL: AuthData generation is moved out from VerifyAuthBlockServlet +// try { +// +// //TODO: LOAD oaParam from request and not from MOASession in case of SSO +// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() +// .getOnlineApplicationParameter(authSession.getPublicOAURLPrefix()); +// +// AuthenticationData authData = AuthenticationServer.buildAuthenticationData(authSession, +// oaParam, +// authSession.getTarget()); +// +// Attribute pvpVersion = buildPVPVersion("2.1"); +// Attribute secClass = buildSecClass(3); +// Attribute principalName = buildPrincipalName(authData.getFamilyName()); +// Attribute givenName = buildGivenName(authData.getGivenName()); +// Attribute birthdate = buildBirthday(authData.getDateOfBirth()); +// +// //TL: getIdentificationValue holds the baseID --> change to pBK +// Attribute bpk = buildBPK(authData.getBPK()); +// +// Attribute eid_citizen_qaa = buildEID_CITIZEN_QAALEVEL(3); +// Attribute eid_issuing_nation = buildEID_ISSUING_NATION("AT"); +// Attribute eid_sector_for_id = buildEID_SECTOR_FOR_IDENTIFIER(authData.getIdentificationType()); +// +// statement.getAttributes().add(pvpVersion); +// statement.getAttributes().add(secClass); +// statement.getAttributes().add(principalName); +// statement.getAttributes().add(givenName); +// statement.getAttributes().add(birthdate); +// statement.getAttributes().add(bpk); +// statement.getAttributes().add(eid_citizen_qaa); +// statement.getAttributes().add(eid_issuing_nation); +// statement.getAttributes().add(eid_sector_for_id); +// +// return statement; +// +// } catch (ConfigurationException e) { +// +// // TODO: check Exception Handling +// return null; +// } catch (BuildException e) { +// +// // TODO: check Exception Handling +// return null; +// } +// +// +// } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java new file mode 100644 index 000000000..60e510de2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -0,0 +1,98 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public class PVPAttributeBuilder { + + private static HashMap<String, IAttributeBuilder> builders; + + private static void addBuilder(IAttributeBuilder builder) { + builders.put(builder.getName(), builder); + } + + static { + builders = new HashMap<String, IAttributeBuilder>(); + // Citizen Token normal + addBuilder(new PVPVersionAttributeBuilder()); + addBuilder(new PrincipalNameAttributeBuilder()); + addBuilder(new GivenNameAttributeBuilder()); + addBuilder(new BirthdateAttributeBuilder()); + addBuilder(new BPKAttributeBuilder()); + addBuilder(new EIDCitizenQAALevelAttributeBuilder()); + addBuilder(new EIDIssuingNationAttributeBuilder()); + addBuilder(new EIDSectorForIDAttributeBuilder()); + + // Mandate Attributes + addBuilder(new MandateTypeAttributeBuilder()); + addBuilder(new MandateLegalPersonFullNameAttributeBuilder()); + addBuilder(new MandateLegalPersonSourcePinAttributeBuilder()); + addBuilder(new MandateLegalPersonSourcePinTypeAttributeBuilder()); + addBuilder(new MandateNaturalPersonBirthDateAttributeBuilder()); + addBuilder(new MandateNaturalPersonBPKAttributeBuilder()); + addBuilder(new MandateNaturalPersonFamilyNameAttributeBuilder()); + addBuilder(new MandateNaturalPersonGivenNameAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinAttributeBuilder()); + addBuilder(new MandateNaturalPersonSourcePinTypeAttributeBuilder()); + addBuilder(new MandateTypeAttributeBuilder()); + addBuilder(new MandateProfRepOIDAttributeBuilder()); + addBuilder(new MandateProfRepDescAttributeBuilder()); + addBuilder(new MandateReferenceValueAttributeBuilder()); + addBuilder(new MandateFullMandateAttributeBuilder()); + } + + public static Attribute buildAttribute(String name, + AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if (builders.containsKey(name)) { + return builders.get(name).build(authSession, oaParam, authData); + } + return null; + } + + public static List<Attribute> buildSupportedEmptyAttributes() { + List<Attribute> attributes = new ArrayList<Attribute>(); + Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); + while (builderIt.hasNext()) { + IAttributeBuilder builder = builderIt.next(); + Attribute emptyAttribute = builder.buildEmpty(); + if (emptyAttribute != null) { + attributes.add(emptyAttribute); + } + } + return attributes; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java new file mode 100644 index 000000000..17fc52a8c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -0,0 +1,325 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; + +import java.util.Iterator; +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; +import org.opensaml.saml2.core.AuthnContext; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.SubjectConfirmation; +import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +public class PVP2AssertionBuilder implements PVPConstants { + public static Assertion buildAssertion(AuthnRequest authnRequest, + AuthenticationSession authSession, EntityDescriptor peerEntity) + throws MOAIDException { + Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + + RequestedAuthnContext reqAuthnContext = authnRequest + .getRequestedAuthnContext(); + + if (reqAuthnContext == null) { + throw new NoAuthContextException(); + } + + boolean stork_qaa_1_4_found = false; + + AuthnContextClassRef authnContextClassRef = SAML2Utils + .createSAMLObject(AuthnContextClassRef.class); + + List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext + .getAuthnContextClassRefs(); + + if (reqAuthnContextClassRefIt.size() == 0) { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + + } else { + for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) { + String qaa_uri = authnClassRef.getAuthnContextClassRef(); + if (qaa_uri.trim().equals(STORK_QAA_1_4) + || qaa_uri.trim().equals(STORK_QAA_1_3) + || qaa_uri.trim().equals(STORK_QAA_1_2) + || qaa_uri.trim().equals(STORK_QAA_1_1)) { + + if (authSession.isForeigner()) { + //TODO: insert QAA check + + stork_qaa_1_4_found = false; + + } else { + stork_qaa_1_4_found = true; + authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4); + } + break; + } + } + } + + if (!stork_qaa_1_4_found) { + throw new QAANotSupportedException(STORK_QAA_1_4); + } + +// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs() +// .iterator(); +// +// StringBuilder authContextsb = new StringBuilder(); +// +// while (reqAuthnContextClassRefIt.hasNext()) { +// AuthnContextClassRef authnClassRef = reqAuthnContextClassRefIt +// .next(); +// String[] qaa_uris = authnClassRef.getAuthnContextClassRef().split( +// "\\s+"); +// for (int i = 0; i < qaa_uris.length; i++) { +// if (qaa_uris[i].trim().equals(STORK_QAA_1_4) +// || qaa_uris[i].trim().equals(STORK_QAA_1_3) +// || qaa_uris[i].trim().equals(STORK_QAA_1_2) +// || qaa_uris[i].trim().equals(STORK_QAA_1_1)) { +// authContextsb.append(qaa_uris[i].trim()); +// authContextsb.append(" "); +// } +// } +// +// } + + AuthnContext authnContext = SAML2Utils + .createSAMLObject(AuthnContext.class); + authnContext.setAuthnContextClassRef(authnContextClassRef); + + AuthnStatement authnStatement = SAML2Utils + .createSAMLObject(AuthnStatement.class); + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authnStatement.setAuthnInstant(new DateTime()); + // currently dummy id ... + authnStatement.setSessionIndex(remoteSessionID); + authnStatement.setAuthnContext(authnContext); + + assertion.getAuthnStatements().add(authnStatement); + + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + Integer aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int idx = 0; + + if (aIdx != null) { + idx = aIdx.intValue(); + } + + AttributeConsumingService attributeConsumingService = spSSODescriptor + .getAttributeConsumingServices().get(idx); + + AttributeStatement attributeStatement = SAML2Utils + .createSAMLObject(AttributeStatement.class); + + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + boolean foundFormat = false; + + // TL: AuthData generation is moved to Assertion generation. + + Iterator<NameIDFormat> formatIt = spSSODescriptor.getNameIDFormats() + .iterator(); + while (formatIt.hasNext()) { + if (formatIt.next().getFormat().equals(NameID.PERSISTENT)) { + foundFormat = true; + break; + } + } + if (!foundFormat) { + // TODO use correct exception + throw new NameIDFormatNotSupportedException(""); + } + + // TODO: Check if we need to hide source pin + /* + * if(authSession.getUseMandate()) { Element mandate = + * authSession.getMandate(); if(authSession.getBusinessService()) { // + * Hide Source PIN! ParepUtils.HideStammZahlen(mandate, true, null, + * authSession.getDomainIdentifier(), true); } else { + * ParepUtils.HideStammZahlen(mandate, false, authSession.getTarget(), + * null, true); } } + */ + + // TODO: LOAD oaParam from request and not from MOASession in case of + // SSO + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter( + peerEntity.getEntityID()); + + AuthenticationData authData = AuthenticationServer + .buildAuthenticationData(authSession, oaParam, + oaParam.getTarget()); + + Iterator<RequestedAttribute> it = attributeConsumingService + .getRequestAttributes().iterator(); + while (it.hasNext()) { + RequestedAttribute reqAttribut = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttribut.getName(), authSession, oaParam, authData); + if (attr == null) { + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } else { + attributeStatement.getAttributes().add(attr); + } + } catch (PVP2Exception e) { + Logger.error( + "Attribute generation failed! for " + + reqAttribut.getFriendlyName(), e); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } + } + + if (attributeStatement.getAttributes().size() > 0) { + assertion.getAttributeStatements().add(attributeStatement); + } + + subjectNameID.setFormat(NameID.PERSISTENT); + + //TLenz: set correct bPK Type and Value from AuthData + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + PhysicalPersonType pysicalperson = mandateObject.getMandator().getPhysicalPerson(); + + IdentificationType id; + if(corporation != null && corporation.getIdentification().size() > 0) + id = corporation.getIdentification().get(0); + + + else if (pysicalperson != null && pysicalperson.getIdentification().size() > 0) + id = pysicalperson.getIdentification().get(0); + + else { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpktype = id.getType(); + String bpk = id.getValue().getValue(); + + if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier()); + + } else { + subjectNameID.setValue(new BPKBuilder().buildBPK(bpk, oaParam.getTarget())); + if (oaParam.getTarget().startsWith(Constants.URN_PREFIX_CDID + "+")) + subjectNameID.setNameQualifier(oaParam.getTarget()); + else + subjectNameID.setNameQualifier(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + + } else { + subjectNameID.setNameQualifier(bpktype); + subjectNameID.setValue(bpk); + } + + } else { + subjectNameID.setNameQualifier(authData.getBPKType()); + subjectNameID.setValue(authData.getBPK()); + } + + + subject.setNameID(subjectNameID); + + SubjectConfirmation subjectConfirmation = SAML2Utils + .createSAMLObject(SubjectConfirmation.class); + subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); + SubjectConfirmationData subjectConfirmationData = SAML2Utils + .createSAMLObject(SubjectConfirmationData.class); + subjectConfirmationData.setInResponseTo(authnRequest.getID()); + subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20)); + subjectConfirmationData.setRecipient(peerEntity.getEntityID()); + + subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); + + subject.getSubjectConfirmations().add(subjectConfirmation); + + Conditions conditions = SAML2Utils.createSAMLObject(Conditions.class); + AudienceRestriction audienceRestriction = SAML2Utils + .createSAMLObject(AudienceRestriction.class); + Audience audience = SAML2Utils.createSAMLObject(Audience.class); + + audience.setAudienceURI(peerEntity.getEntityID()); + audienceRestriction.getAudiences().add(audience); + conditions.setNotBefore(new DateTime()); + conditions.setNotOnOrAfter(new DateTime().plusMinutes(20)); + conditions.getAudienceRestrictions().add(audienceRestriction); + + assertion.setConditions(conditions); + + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + issuer.setFormat(NameID.ENTITY); + assertion.setIssuer(issuer); + assertion.setSubject(subject); + assertion.setID(SAML2Utils.getSecureIdentifier()); + assertion.setIssueInstant(new DateTime()); + + return assertion; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java new file mode 100644 index 000000000..4fb76c377 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.util.Constants; + +public class BPKAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return BPK_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String bpk = authData.getBPK(); + String type = authData.getBPKType(); + + if (type.startsWith(Constants.URN_PREFIX_WBPK)) + type = type.substring((Constants.URN_PREFIX_WBPK+"+").length()); + else if (type.startsWith(Constants.URN_PREFIX_CDID)) + type = type.substring((Constants.URN_PREFIX_CDID+"+").length()); + + if(bpk.length() > BPK_MAX_LENGTH) { + bpk = bpk.substring(0, BPK_MAX_LENGTH); + } + return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk); + } + + + public Attribute buildEmpty() { + return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java new file mode 100644 index 000000000..d3c79c939 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java @@ -0,0 +1,62 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeValue; +import org.opensaml.xml.Configuration; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.schema.XSInteger; +import org.opensaml.xml.schema.XSString; +import org.opensaml.xml.schema.impl.XSIntegerBuilder; +import org.opensaml.xml.schema.impl.XSStringBuilder; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; + +public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBuilder { + + + protected static XMLObject buildAttributeStringValue(String value) { + XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME); + XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME); + stringValue.setValue(value); + return stringValue; + } + + protected static XMLObject buildAttributeIntegerValue(int value) { + XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME); + XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME); + integerValue.setValue(value); + return integerValue; + } + + protected static Attribute buildStringAttribute(String friendlyName, + String name, String value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeStringValue(value)); + return attribute; + } + + protected static Attribute buildIntegerAttribute(String friendlyName, + String name, int value) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + attribute.getAttributeValues().add(buildAttributeIntegerValue(value)); + return attribute; + } + + protected static Attribute buildemptyAttribute(String friendlyName, String name) { + Attribute attribute = + SAML2Utils.createSAMLObject(Attribute.class); + attribute.setFriendlyName(friendlyName); + attribute.setName(name); + attribute.setNameFormat(Attribute.URI_REFERENCE); + return attribute; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java new file mode 100644 index 000000000..fa42fc54f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class BirthdateAttributeBuilder extends BaseAttributeBuilder { + + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + + public String getName() { + return BIRTHDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + try { + DateFormat identityLinkFormat = new SimpleDateFormat( + IDENTITY_LINK_DATE_FORMAT); + Date date = identityLinkFormat.parse(authSession.getIdentityLink() + .getDateOfBirth()); + DateFormat pvpDateFormat = new SimpleDateFormat( + BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, + BIRTHDATE_NAME, dateString); + } catch (ParseException e) { + e.printStackTrace(); + return null; + } + } + + public Attribute buildEmpty() { + return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME, + BIRTHDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java new file mode 100644 index 000000000..5ddd87c7b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_CITIZEN_QAA_LEVEL_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME, 4); + } + + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, + EID_CITIZEN_QAA_LEVEL_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java new file mode 100644 index 000000000..08e4e67b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import iaik.x509.X509Certificate; + +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.logging.Logger; + +public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_ISSUING_NATION_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String countryCode = "AT"; + + + if (authSession.getStorkAuthnRequest() != null) { + countryCode = authSession.getStorkAuthnRequest() + .getCitizenCountryCode(); + } else { + + //TODO: replace with TSL lookup when TSL is ready! + X509Certificate certificate = authSession.getSignerCertificate(); + + if (certificate != null) { + try { + LdapName ln = new LdapName(certificate.getIssuerDN() + .getName()); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("C")) { + Logger.info("C is: " + rdn.getValue()); + countryCode = rdn.getValue().toString(); + break; + } + } + } catch (Exception e) { + Logger.error("Failed to extract country code from certificate", e); + } + } + } + + return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME, countryCode); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, + EID_ISSUING_NATION_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java new file mode 100644 index 000000000..8cb2b5be6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -0,0 +1,27 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return EID_SECTOR_FOR_IDENTIFIER_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + String bpktype = authData.getBPKType(); + return buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, + EID_SECTOR_FOR_IDENTIFIER_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java new file mode 100644 index 000000000..5c8151c01 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class GivenNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return GIVEN_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java new file mode 100644 index 000000000..173fbd52f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; + +public interface IAttributeBuilder { + public String getName(); + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception; + public Attribute buildEmpty(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java new file mode 100644 index 000000000..cecd90448 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.io.IOException; + +import javax.xml.transform.TransformerException; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; + +public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_FULL_MANDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + if (authSession.getMandate() != null) { + String fullMandate; + try { + fullMandate = DOMUtils.serializeNode(authSession + .getMandate()); + return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME, fullMandate); + } catch (TransformerException e) { + Logger.error("Failed to generate Full Mandate", e); + } catch (IOException e) { + Logger.error("Failed to generate Full Mandate", e); + } + } + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, + MANDATE_FULL_MANDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java new file mode 100644 index 000000000..15059c036 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_FULL_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if(corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, + MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, + MANDATE_LEG_PER_FULL_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..820efb209 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,64 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_SOURCE_PIN_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody(); + if(corporation == null) { + Logger.error("No corporation mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + if(corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + id = corporation.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(corporation); + } else { + id = MandateBuilder.getBPKIdentification(corporation); + }*/ + /*if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + }*/ + return buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, MANDATE_LEG_PER_SOURCE_PIN_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..44b58d04f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateLegalPersonSourcePinTypeAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if (mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + CorporateBodyType corporation = mandateObject.getMandator() + .getCorporateBody(); + if (corporation == null) { + Logger.error("No corporate mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + if(corporation.getIdentification().size() == 0) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + id = corporation.getIdentification().get(0); + /*id = MandateBuilder.getBPKIdentification(corporate); + if (id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + }*/ + return buildStringAttribute( + MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute( + MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java new file mode 100644 index 000000000..49e013fe0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -0,0 +1,90 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BPK_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); +// if(authSession.getBusinessService()) { +// id = MandateBuilder.getWBPKIdentification(physicalPerson); +// } else { +// id = MandateBuilder.getBPKIdentification(physicalPerson); +// } + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + String bpk; + try { + + if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { + if (authSession.getBusinessService()) { + bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); + + } + + else { + bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget()); + + } + + } else + bpk = id.getValue().getValue(); + + } catch (BuildException e ){ + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, + MANDATE_NAT_PER_BPK_NAME, bpk); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME, + MANDATE_NAT_PER_BPK_NAME); + } + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java new file mode 100644 index 000000000..a87d4d25c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -0,0 +1,74 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; +import java.util.Date; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonBirthDateAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_BIRTHDATE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if (authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if (mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if (mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + String dateOfBirth = physicalPerson.getDateOfBirth(); + try { + DateFormat mandateFormat = new SimpleDateFormat( + MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT); + Date date = mandateFormat.parse(dateOfBirth); + DateFormat pvpDateFormat = new SimpleDateFormat( + MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(date); + + return buildStringAttribute( + MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, + MANDATE_NAT_PER_BIRTHDATE_NAME, dateString); + } catch (ParseException e) { + e.printStackTrace(); + throw new InvalidDateFormatException(); + } + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, + MANDATE_NAT_PER_BIRTHDATE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java new file mode 100644 index 000000000..6744e5d20 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -0,0 +1,61 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.util.Iterator; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_FAMILY_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<FamilyName> fNamesit = physicalPerson.getName().getFamilyName().iterator(); + + while(fNamesit.hasNext()) { + sb.append(" " + fNamesit.next().getValue()); + } + + return buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME, sb.toString()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_FAMILY_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java new file mode 100644 index 000000000..67aa8df0e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -0,0 +1,60 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import java.util.Iterator; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_GIVEN_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson(); + if(physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + + StringBuilder sb = new StringBuilder(); + Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator(); + + while(gNamesit.hasNext()) { + sb.append(" " + gNamesit.next()); + } + + return buildStringAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_GIVEN_NAME_NAME, sb.toString()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, + MANDATE_NAT_PER_GIVEN_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java new file mode 100644 index 000000000..eaa7e88af --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java new file mode 100644 index 000000000..7b8f59dd2 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; +import at.gv.egovernment.moa.logging.Logger; + +public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends + BaseAttributeBuilder { + + public String getName() { + return MANDATE_NAT_PER_SOURCE_PIN_TYPE_OID; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) + throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + PhysicalPersonType physicalPerson = mandateObject.getMandator() + .getPhysicalPerson(); + if (physicalPerson == null) { + Logger.error("No physicalPerson mandate"); + throw new NoMandateDataAvailableException(); + } + IdentificationType id = null; + id = physicalPerson.getIdentification().get(0); + /*if(authSession.getBusinessService()) { + id = MandateBuilder.getWBPKIdentification(physicalPerson); + } else { + id = MandateBuilder.getBPKIdentification(physicalPerson); + }*/ + if(id == null) { + Logger.error("Failed to generate IdentificationType"); + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, id.getType()); + } + return null; + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, + MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java new file mode 100644 index 000000000..b7c356112 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; + +public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_PROF_REP_DESC_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + + String text = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, + authSession); + + if(text == null) { + return null; + } + + return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME, text); + + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java new file mode 100644 index 000000000..740a99649 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; + +public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_PROF_REP_OID_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + + String oid = AttributeExtractor.extractSAMLAttributeOA( + ParepValidator.EXT_SAML_MANDATE_OID, + authSession); + + if(oid == null) { + return null; + } + + return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, + MANDATE_PROF_REP_OID_NAME, oid); + + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, + MANDATE_PROF_REP_OID_NAME); + } +} +
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java new file mode 100644 index 000000000..5a50473d3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.util.MandateBuilder; + +public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_REFERENCE_VALUE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new NoMandateDataAvailableException(); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new NoMandateDataAvailableException(); + } + + return buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, + MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, + MANDATE_REFERENCE_VALUE_NAME); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java new file mode 100644 index 000000000..bc7fdaf73 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; +import org.w3c.dom.Element; + +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException; +import at.gv.egovernment.moa.id.util.MandateBuilder; + +public class MandateTypeAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return MANDATE_TYPE_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException { + if(authSession.getUseMandate()) { + Element mandate = authSession.getMandate(); + if(mandate == null) { + throw new ResponderErrorException("No mandate data available", null); + } + Mandate mandateObject = MandateBuilder.buildMandate(mandate); + if(mandateObject == null) { + throw new ResponderErrorException("No mandate data available", null); + } + + return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation()); + } + return null; + + } + + public Attribute buildEmpty() { + return buildemptyAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java new file mode 100644 index 000000000..545d70d76 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class PVPVersionAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return PVP_VERSION_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java new file mode 100644 index 000000000..7ca7eb829 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java @@ -0,0 +1,24 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder { + + public String getName() { + return PRINCIPAL_NAME_NAME; + } + + public Attribute build(AuthenticationSession authSession, + OAAuthParameter oaParam, AuthenticationData authData) { + return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); + } + + public Attribute buildEmpty() { + return buildemptyAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java new file mode 100644 index 000000000..0786f896a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -0,0 +1,339 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.config; + +import iaik.x509.X509Certificate; + +import java.io.File; +import java.io.FileInputStream; +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Properties; +import java.util.Set; + +import org.opensaml.saml2.metadata.Company; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.ContactPersonTypeEnumeration; +import org.opensaml.saml2.metadata.EmailAddress; +import org.opensaml.saml2.metadata.GivenName; +import org.opensaml.saml2.metadata.LocalizedString; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.OrganizationDisplayName; +import org.opensaml.saml2.metadata.OrganizationName; +import org.opensaml.saml2.metadata.OrganizationURL; +import org.opensaml.saml2.metadata.SurName; +import org.opensaml.saml2.metadata.TelephoneNumber; + +import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.Digester; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +public class PVPConfiguration { + + private static PVPConfiguration instance; + + public static PVPConfiguration getInstance() { + if (instance == null) { + instance = new PVPConfiguration(); + } + return instance; + } + + public static final String PVP2_METADATA = "/pvp2/metadata"; + public static final String PVP2_REDIRECT = "/pvp2/redirect"; + public static final String PVP2_POST = "/pvp2/post"; + + public static final String PVP_CONFIG_FILE = "pvp2config.properties"; + public static final String IDP_JAVAKEYSTORE = "idp.ks.file"; + public static final String IDP_KEYALIAS = "idp.ks.alias"; + public static final String IDP_KS_PASS = "idp.ks.kspassword"; + public static final String IDP_KEY_PASS = "idp.ks.keypassword"; + + public static final String IDP_ISSUER_NAME = "idp.issuer.name"; + + public static final String METADATA_FILE = "md.dir"; + public static final String METADATA_EXTENSION = "md.ext"; + + public static final String IDP_ENTITY = "idp.entityid"; + public static final String IDP_ORG_NAME = "idp.org.name"; + public static final String IDP_ORG_DISPNAME = "idp.org.dispname"; + public static final String IDP_ORG_URL = "idp.org.url"; + + public static final String IDP_PUBLIC_URL = "idp.public.url"; + + public static final String IDP_TRUST_STORE = "idp.truststore"; + public static final String SP_TARGET_PREFIX = "sp.target."; + + public static final String IDP_CONTACT_PREFIX = "idp.contact"; + public static final String IDP_CONTACT_LIST = "idp.contact_list"; + + public static final String IDP_CONTACT_SURNAME = "surname"; + public static final String IDP_CONTACT_GIVENNAME = "givenname"; + public static final String IDP_CONTACT_MAIL = "mail"; + public static final String IDP_CONTACT_TYPE = "type"; + public static final String IDP_CONTACT_COMPANY = "company"; + public static final String IDP_CONTACT_PHONE = "phone"; + + PVP2 generalpvpconfigdb; + Properties props; + + private PVPConfiguration() { + try { + generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); + props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); + + } catch (ConfigurationException e) { + e.printStackTrace(); + } + } + + public String getIDPPublicPath() { + String publicPath = generalpvpconfigdb.getPublicURLPrefix(); + if(publicPath != null) { + if(publicPath.endsWith("/")) { + publicPath = publicPath.substring(0, publicPath.length()-2); + } + } + return publicPath; + } + + public String getIDPSSOPostService() { + return getIDPPublicPath() + PVP2_POST; + } + + public String getIDPSSORedirectService() { + return getIDPPublicPath() + PVP2_REDIRECT; + } + + public String getIDPSSOMetadataService() { + return getIDPPublicPath() + PVP2_METADATA; + } + + public String getIDPKeyStoreFilename() { + return props.getProperty(IDP_JAVAKEYSTORE); + } + + public String getIDPKeyStorePassword() { + return props.getProperty(IDP_KS_PASS); + } + + public String getIDPKeyAlias() { + return props.getProperty(IDP_KEYALIAS); + } + + public String getIDPKeyPassword() { + return props.getProperty(IDP_KEY_PASS); + } + + public String getIDPIssuerName() { + return generalpvpconfigdb.getIssuerName(); + } + + public List<String> getMetadataFiles() { + String filter = props.getProperty(METADATA_EXTENSION); + + if (filter == null) { + filter = ".mdxml"; + } + + List<String> files = new ArrayList<String>(); + + File[] faFiles = new File(props.getProperty(METADATA_FILE)).listFiles(); + for (File file : faFiles) { + if (!file.isDirectory()) { + if (file.getName().endsWith(filter)) { + files.add(file.getAbsolutePath()); + } + } + } + + return files; + } + + //TODO: + public String getTargetForSP(String sp) { + + try { + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(sp); + + if (oaParam != null) + return oaParam.getTarget(); + + Logger.warn("OnlineApplication with ID "+ sp + " is not found."); + return null; + + } catch (ConfigurationException e) { + Logger.warn("OnlineApplication with ID "+ sp + " is not found."); + return null; + } + + } + + + public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { + + try { + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); + + if (oaParam == null) { + Logger.warn("Online Application with ID " + entityID + " not found!"); + return null; + } + + OAPVP2 pvp2param = oaParam.getPVP2Parameter(); + + if (pvp2param == null) { + return null; + } + + Logger.info("Load TrustEntityCertificate ("+entityID+") from Database."); + return new X509Certificate(pvp2param.getCertificate()); + + } catch (CertificateException e) { + Logger.warn("Signer certificate can not be loaded from session database!", e); + return null; + + } catch (ConfigurationException e) { + e.printStackTrace(); + return null; + } + } + + public List<ContactPerson> getIDPContacts() { + List<ContactPerson> list = new ArrayList<ContactPerson>(); + + List<Contact> contacts = generalpvpconfigdb.getContact(); + + if (contacts != null) { + + for (Contact contact : contacts) { + + ContactPerson person = SAML2Utils + .createSAMLObject(ContactPerson.class); + + String type = contact.getType(); + + if (type == null) { + Logger.error("IDP Contact with SurName " + contact.getSurName() + + " has no type defined!"); + break; + } + + ContactPersonTypeEnumeration enumType = null; + + if (type.equals(ContactPersonTypeEnumeration.ADMINISTRATIVE + .toString())) { + enumType = ContactPersonTypeEnumeration.ADMINISTRATIVE; + } else if (type.equals(ContactPersonTypeEnumeration.BILLING + .toString())) { + enumType = ContactPersonTypeEnumeration.BILLING; + } else if (type.equals(ContactPersonTypeEnumeration.OTHER + .toString())) { + enumType = ContactPersonTypeEnumeration.OTHER; + } else if (type.equals(ContactPersonTypeEnumeration.SUPPORT + .toString())) { + enumType = ContactPersonTypeEnumeration.SUPPORT; + } else if (type.equals(ContactPersonTypeEnumeration.TECHNICAL + .toString())) { + enumType = ContactPersonTypeEnumeration.TECHNICAL; + } + + if (enumType == null) { + Logger.error("IDP Contact with SurName " + contact.getSurName() + + " has invalid type defined: " + type); + break; + } + + person.setType(enumType); + + String givenName = contact.getGivenName(); + + if (givenName != null) { + GivenName name = SAML2Utils + .createSAMLObject(GivenName.class); + name.setName(givenName); + person.setGivenName(name); + } + + String company = contact.getCompany(); + + if (company != null) { + Company comp = SAML2Utils.createSAMLObject(Company.class); + comp.setName(company); + person.setCompany(comp); + } + + String surname = contact.getSurName(); + + if (surname != null) { + SurName name = SAML2Utils.createSAMLObject(SurName.class); + name.setName(surname); + person.setSurName(name); + } + + List<String> phones = contact.getPhone(); + for (String phone : phones) { + TelephoneNumber telePhone = SAML2Utils + .createSAMLObject(TelephoneNumber.class); + telePhone.setNumber(phone); + person.getTelephoneNumbers().add(telePhone); + } + + List<String> mails = contact.getMail(); + for (String mail : mails) { + EmailAddress mailAddress = SAML2Utils + .createSAMLObject(EmailAddress.class); + mailAddress.setAddress(mail); + person.getEmailAddresses().add(mailAddress); + } + + list.add(person); + } + } + return list; + } + + public Organization getIDPOrganisation() { + Organization org = SAML2Utils.createSAMLObject(Organization.class); + + at.gv.egovernment.moa.id.commons.db.dao.config.Organization organisation = generalpvpconfigdb.getOrganization(); + + String org_name = null; + String org_dispname = null; + String org_url = null; + + if (organisation != null) { + org_name = organisation.getName(); + org_dispname = organisation.getDisplayName(); + org_url = organisation.getURL(); + } + + if (org_name == null || org_dispname == null || org_url == null) { + return null; + } + + OrganizationDisplayName dispName = SAML2Utils + .createSAMLObject(OrganizationDisplayName.class); + dispName.setName(new LocalizedString(org_dispname, "de")); + org.getDisplayNames().add(dispName); + + OrganizationName name = SAML2Utils + .createSAMLObject(OrganizationName.class); + name.setName(new LocalizedString(org_name, "de")); + org.getOrganizationNames().add(name); + + OrganizationURL url = SAML2Utils + .createSAMLObject(OrganizationURL.class); + url.setURL(new LocalizedString(org_url, "de")); + org.getURLs().add(url); + + return org; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java new file mode 100644 index 000000000..51c4b7e72 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class BindingNotSupportedException extends PVP2Exception { + + public BindingNotSupportedException(String binding) { + super("pvp2.11", new Object[] {binding}); + this.statusCodeValue = StatusCode.UNSUPPORTED_BINDING_URI; + } + + /** + * + */ + private static final long serialVersionUID = -7227603941387879360L; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java new file mode 100644 index 000000000..521b55580 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class InvalidAssertionConsumerServiceException extends PVP2Exception { + + public InvalidAssertionConsumerServiceException(int idx) { + super("pvp2.00", new Object[]{idx}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = 7861790149343943091L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java new file mode 100644 index 000000000..799d26ccb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class InvalidDateFormatException extends PVP2Exception { + + public InvalidDateFormatException() { + super("pvp2.02", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -6867976890237846085L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java new file mode 100644 index 000000000..41a56639a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class MandateAttributesNotHandleAbleException extends PVP2Exception { + + public MandateAttributesNotHandleAbleException() { + super("pvp2.03", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -1466424425852327722L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java new file mode 100644 index 000000000..7dc9d5645 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java @@ -0,0 +1,14 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +public class NameIDFormatNotSupportedException extends PVP2Exception { + + public NameIDFormatNotSupportedException(String nameIDFormat) { + super("pvp2.12", new Object[] {nameIDFormat}); + } + + /** + * + */ + private static final long serialVersionUID = -2270762519437873336L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java new file mode 100644 index 000000000..cd81de30f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoAuthContextException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = 7040652043174500992L; + + public NoAuthContextException() { + super("pvp2.04", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java new file mode 100644 index 000000000..6af97301f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoCredentialsException extends PVP2Exception { + + public static final String MOA_IDP_TARGET = "MOA-ID"; + + public NoCredentialsException(String target) { + super("pvp2.08", new Object[] {target}); + this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; + } + + /** + * + */ + private static final long serialVersionUID = -9086515080686076313L; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java new file mode 100644 index 000000000..d24905f68 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java @@ -0,0 +1,14 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +public class NoMandateDataAvailableException extends PVP2Exception { + + public NoMandateDataAvailableException() { + super("pvp2.06", null); + } + + /** + * + */ + private static final long serialVersionUID = 4540420741715406351L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java new file mode 100644 index 000000000..c45820cfb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class NoMetadataInformationException extends PVP2Exception { + + public NoMetadataInformationException() { + super("pvp2.15", null); + this.statusCodeValue = StatusCode.UNKNOWN_PRINCIPAL_URI; + } + + /** + * + */ + private static final long serialVersionUID = -4608068445208032193L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java new file mode 100644 index 000000000..a9bd8104e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +public class PVP2EncodingException extends PVP2Exception { + + public PVP2EncodingException() { + super("pvp2.01", null); + } + + public PVP2EncodingException(Throwable wrapped) { + super("pvp2.01", null, wrapped); + } + + /** + * + */ + private static final long serialVersionUID = -1348774139990071020L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java new file mode 100644 index 000000000..990a76562 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +import at.gv.egovernment.moa.id.MOAIDException; + +public abstract class PVP2Exception extends MOAIDException { + + protected String statusCodeValue = StatusCode.RESPONDER_URI; + protected String statusMessageValue = null; + + public PVP2Exception(String messageId, Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + this.statusMessageValue = this.getMessage(); + } + + public PVP2Exception(String messageId, Object[] parameters) { + super(messageId, parameters); + this.statusMessageValue = this.getMessage(); + } + + + public String getStatusCodeValue() { + return (this.statusCodeValue); + } + + public String getStatusMessageValue() { + return (this.statusMessageValue); + } + + /** + * + */ + private static final long serialVersionUID = 7669537952484421069L; + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java new file mode 100644 index 000000000..be22be859 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + + +public class QAANotSupportedException extends PVP2Exception { + + public QAANotSupportedException(String qaa) { + super("pvp2.05", new Object[] {qaa}); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = -3964192953884089323L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java new file mode 100644 index 000000000..61c41d82b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class RequestDeniedException extends PVP2Exception { + + public RequestDeniedException() { + super("pvp2.14", null); + this.statusCodeValue = StatusCode.REQUEST_DENIED_URI; + } + + /** + * + */ + private static final long serialVersionUID = 4415896615794730553L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java new file mode 100644 index 000000000..a24320cbc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class ResponderErrorException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -425416760138285446L; + + public ResponderErrorException(String messageId, Object[] parameters, + Throwable wrapped) { + super(messageId, parameters, wrapped); + this.statusCodeValue = StatusCode.RESPONDER_URI; + } + + public ResponderErrorException(String messageId, Object[] parameters) { + super(messageId, parameters); + this.statusCodeValue = StatusCode.RESPONDER_URI; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java new file mode 100644 index 000000000..e0f576205 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class SAMLRequestNotSignedException extends PVP2Exception { + + public SAMLRequestNotSignedException() { + super("pvp2.07", null); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + public SAMLRequestNotSignedException(Throwable e) { + super("pvp2.07", null, e); + this.statusCodeValue = StatusCode.REQUESTER_URI; + } + + /** + * + */ + private static final long serialVersionUID = 1L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java new file mode 100644 index 000000000..029470b94 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java @@ -0,0 +1,18 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + + +public class SAMLRequestNotSupported extends PVP2Exception { + + public SAMLRequestNotSupported() { + super("pvp2.09", null); + this.statusCodeValue = StatusCode.REQUEST_UNSUPPORTED_URI; + } + + /** + * + */ + private static final long serialVersionUID = 1244883178458802767L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java new file mode 100644 index 000000000..0a91cc61a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import org.opensaml.saml2.core.StatusCode; + +public class UnprovideableAttributeException extends PVP2Exception { + /** + * + */ + private static final long serialVersionUID = 3972197758163647157L; + + public UnprovideableAttributeException(String attributeName) { + super("pvp2.10", new Object[] {attributeName}); + this.statusCodeValue = StatusCode.UNKNOWN_ATTR_PROFILE_URI; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java new file mode 100644 index 000000000..99567478d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -0,0 +1,144 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; + +import java.io.File; +import java.security.cert.CertificateException; +import java.util.Iterator; +import java.util.List; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.protocol.Protocol; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; + +import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.logging.Logger; + +public class MOAMetadataProvider implements MetadataProvider { + + private static MOAMetadataProvider instance = null; + + private static Object mutex = new Object(); + + public static MOAMetadataProvider getInstance() { + if (instance == null) { + synchronized (mutex) { + if (instance == null) { + instance = new MOAMetadataProvider(); + } + } + } + return instance; + } + + MetadataProvider internalProvider; + + private MOAMetadataProvider() { + ChainingMetadataProvider chainProvider = new ChainingMetadataProvider(); + Logger.info("Loading metadata"); + List<OnlineApplication> oaList = ConfigurationDBRead + .getAllActiveOnlineApplications(); + Iterator<OnlineApplication> oaIt = oaList.iterator(); + while (oaIt.hasNext()) { + try { + OnlineApplication oa = oaIt.next(); + Logger.info("Loading metadata for: " + oa.getFriendlyName()); + OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); + if (pvp2Config != null) { + String metadataURL = pvp2Config.getMetadataURL(); + try { + // TODO: use proper SSL checking + HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( + metadataURL, 20000); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + MetadataFilter filter = new MetadataSignatureFilter( + metadataURL, pvp2Config.getCertificate()); + httpProvider.setMetadataFilter(filter); + chainProvider.addMetadataProvider(httpProvider); + httpProvider.initialize(); + } catch (MetadataProviderException e) { + Logger.error( + "Failed to add Metadata file for " + + oa.getFriendlyName() + "[ " + + e.getMessage() + " ]", e); + } catch (CertificateException e) { + Logger.error( + "Failed to add Metadata file for " + + oa.getFriendlyName() + "[ " + + e.getMessage() + " ]", e); + } + } else { + Logger.info(oa.getFriendlyName() + + " is not a PVP2 Application skipping"); + } + } catch (Throwable e) { + Logger.error( + "Failed to add Metadata (unhandled reason: " + + e.getMessage(), e); + } + } + + internalProvider = chainProvider; + } + + public boolean requireValidMetadata() { + return internalProvider.requireValidMetadata(); + } + + public void setRequireValidMetadata(boolean requireValidMetadata) { + internalProvider.setRequireValidMetadata(requireValidMetadata); + } + + public MetadataFilter getMetadataFilter() { + return internalProvider.getMetadataFilter(); + } + + public void setMetadataFilter(MetadataFilter newFilter) + throws MetadataProviderException { + internalProvider.setMetadataFilter(newFilter); + } + + public XMLObject getMetadata() throws MetadataProviderException { + return internalProvider.getMetadata(); + } + + public EntitiesDescriptor getEntitiesDescriptor(String name) + throws MetadataProviderException { + return internalProvider.getEntitiesDescriptor(name); + } + + public EntityDescriptor getEntityDescriptor(String entityID) + throws MetadataProviderException { + return internalProvider.getEntityDescriptor(entityID); + } + + public List<RoleDescriptor> getRole(String entityID, QName roleName) + throws MetadataProviderException { + return internalProvider.getRole(entityID, roleName); + } + + public RoleDescriptor getRole(String entityID, QName roleName, + String supportedProtocol) throws MetadataProviderException { + return internalProvider.getRole(entityID, roleName, supportedProtocol); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java new file mode 100644 index 000000000..d479de2d7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; +import org.opensaml.saml2.core.ArtifactResolve; +import org.opensaml.saml2.core.ArtifactResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +public class ArtifactResolution implements IRequestHandler { + + public boolean handleObject(MOARequest obj) { + return (obj.getSamlRequest() instanceof ArtifactResolve); + } + + public void process(MOARequest obj, HttpServletRequest req, + HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException { + if (!handleObject(obj)) { + throw new MOAIDException("pvp2.13", null); + } + + ArtifactResolve artifactResolve = (ArtifactResolve) obj + .getSamlRequest(); + String artifactID = artifactResolve.getArtifact().getArtifact(); + + PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); + + if (!pvpAssertion.contains(artifactID)) { + throw new RequestDeniedException(); + } else { + try { + SAMLArtifactMapEntry assertion = pvpAssertion.get(artifactID); + ArtifactResponse response = SAML2Utils + .createSAMLObject(ArtifactResponse.class); + response.setMessage(assertion.getSamlMessage()); + response.setIssueInstant(new DateTime()); + SoapBinding encoder = new SoapBinding(); + encoder.encodeRespone(req, resp, response, null); + } catch (Exception e) { + Logger.error("Failed to resolve artifact", e); + } + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java new file mode 100644 index 000000000..f8270cf33 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -0,0 +1,120 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; + +public class AuthnRequestHandler implements IRequestHandler, PVPConstants { + + public boolean handleObject(MOARequest obj) { + return (obj.getSamlRequest() instanceof AuthnRequest); + } + + public void process(MOARequest obj, HttpServletRequest req, + HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException { + if (!handleObject(obj)) { + throw new MOAIDException("pvp2.13", null); + } + + AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest(); + EntityDescriptor peerEntity = obj.getEntityMetadata(); + +// if (!AuthenticationSessionStoreage.isAuthenticated(authSession.getSessionID())) { +// throw new AuthenticationException("auth.21", new Object[] {}); +// } + +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession()); + + // authSession.getM + + Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity); + + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + nissuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName()); + nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); + authResponse.setInResponseTo(authnRequest.getID()); + authResponse.getAssertions().add(assertion); + authResponse.setStatus(SAML2Utils.getSuccessStatus()); + + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int idx = 0; + + if (aIdx != null) { + idx = aIdx.intValue(); + } + + SPSSODescriptor spSSODescriptor = peerEntity + .getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + AssertionConsumerService consumerService = spSSODescriptor + .getAssertionConsumerServices().get(idx); + + if (consumerService == null) { + throw new InvalidAssertionConsumerServiceException(idx); + } + String oaURL = consumerService.getLocation(); + + IEncoder binding = null; + + if (consumerService.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { + // TODO: not supported YET!! + binding = new ArtifactBinding(); + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + } + + if (binding == null) { + throw new BindingNotSupportedException(consumerService.getBinding()); + } + + try { + binding.encodeRespone(req, resp, authResponse, oaURL); + // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java new file mode 100644 index 000000000..458316c6d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java @@ -0,0 +1,15 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; + +public interface IRequestHandler { + public boolean handleObject(MOARequest obj); + + public void process(MOARequest obj, HttpServletRequest req, + HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java new file mode 100644 index 000000000..a043bfde5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported; + +public class RequestManager { + + private static RequestManager instance = null; + + private List<IRequestHandler> handler; + + public static synchronized RequestManager getInstance() { + if(instance == null) { + instance = new RequestManager(); + } + return instance; + } + + private RequestManager() { + handler = new ArrayList<IRequestHandler>(); + handler.add(new AuthnRequestHandler()); + handler.add(new ArtifactResolution()); + } + + public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) + throws SAMLRequestNotSupported, MOAIDException { + Iterator<IRequestHandler> it = handler.iterator(); + while(it.hasNext()) { + IRequestHandler handler = it.next(); + if(handler.handleObject(obj)) { + handler.process(obj, req, resp, moasession); + return; + } + } + + // not handled + throw new SAMLRequestNotSupported(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java new file mode 100644 index 000000000..38251ab56 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -0,0 +1,96 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import iaik.pkcs.pkcs12.PKCS12; +import iaik.x509.X509Certificate; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.security.KeyStore; +import java.security.cert.CertificateException; + +import javax.jws.soap.SOAPBinding.Use; + +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.x509.BasicX509Credential; +import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; + +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.KeyStoreUtils; + +public class CredentialProvider { + public static Credential getIDPSigningCredential() + throws CredentialsNotAvailableException { + KeyStore keyStore; + PVPConfiguration config = PVPConfiguration.getInstance(); + try { + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); + + KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter( + keyStore, config.getIDPKeyAlias(), config + .getIDPKeyPassword().toCharArray()); + + credentials.setUsageType(UsageType.SIGNING); + return credentials; + } catch (Exception e) { + Logger.error("Failed to generate IDP Signing credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + + public static Signature getIDPSignature(Credential credentials) { + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(credentials); + return signer; + } + + public static Credential getSPTrustedCredential(String entityID) + throws CredentialsNotAvailableException { + + iaik.x509.X509Certificate cert = PVPConfiguration.getInstance() + .getTrustEntityCertificate(entityID); + + if (cert == null) { + throw new CredentialsNotAvailableException("ServiceProvider Certificate can not be loaded from Database", null); + } + + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityId(entityID); + credential.setUsageType(UsageType.SIGNING); + credential.setPublicKey(cert.getPublicKey()); + + return credential; + } + /* + * public static Credential getTrustedCredential() throws + * CredentialsNotAvailableException { String filename = + * PVPConfiguration.getInstance().getTrustEntityCertificate("sp.crt"); + * + * iaik.x509.X509Certificate cert; try { cert = new X509Certificate(new + * FileInputStream(new File(filename))); } catch (CertificateException e) { + * e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } catch + * (FileNotFoundException e) { e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } catch + * (IOException e) { e.printStackTrace(); throw new + * CredentialsNotAvailableException(e.getMessage(), null); } + * + * BasicX509Credential credential = new BasicX509Credential(); + * credential.setEntityId("sp.crt"); + * credential.setUsageType(UsageType.SIGNING); + * credential.setPublicKey(cert.getPublicKey()); + * + * return credential; } + */ +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java new file mode 100644 index 000000000..56864bc1f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class CredentialsNotAvailableException extends MOAIDException { + + public CredentialsNotAvailableException(String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + /** + * + */ + private static final long serialVersionUID = -2564476345552842599L; + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java new file mode 100644 index 000000000..b88998cd1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.signer; + +public class SAMLSigner { + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java new file mode 100644 index 000000000..a59fc17c5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java @@ -0,0 +1,66 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.Iterator; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator; + +public class AttributeExtractor { + + public static String extractSAMLAttributeOA(String name, + AuthenticationSession authSession) { + List extAttributes = authSession.getExtendedSAMLAttributesOA(); + if(extAttributes == null) { + return null; + } + Iterator extAttributesIt = extAttributes.iterator(); + String value = null; + while(extAttributesIt.hasNext()) { + Object attr = extAttributesIt.next(); + if(attr instanceof ExtendedSAMLAttribute) { + ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; + if(extAttribute.getName().equals(name)) { + if(extAttribute.getValue() instanceof String) { + return extAttribute.getValue().toString(); + } + break; + } + } + } + return null; + } + + public static String extractSAMLAttributeAUTH(String name, + AuthenticationSession authSession) { + List extAttributes = authSession.getExtendedSAMLAttributesAUTH(); + if(extAttributes == null) { + return null; + } + Iterator extAttributesIt = extAttributes.iterator(); + String value = null; + while(extAttributesIt.hasNext()) { + Object attr = extAttributesIt.next(); + if(attr instanceof ExtendedSAMLAttribute) { + ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; + if(extAttribute.getName().equals(name)) { + if(extAttribute.getValue() instanceof String) { + return extAttribute.getValue().toString(); + } + break; + } + } + } + return null; + } + + public static String extractSAMLAttributeBOTH(String name, + AuthenticationSession authSession) { + String value = extractSAMLAttributeOA(name, authSession); + if(value == null) { + value = extractSAMLAttributeAUTH(name, authSession); + } + return value; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java new file mode 100644 index 000000000..66d0b1d46 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java @@ -0,0 +1,47 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.RequestedAttribute; + +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +public class CheckMandateAttributes implements PVPConstants { + private static List<String> minMandateAttributes; + + static { + minMandateAttributes = new ArrayList<String>(); + minMandateAttributes.add(MANDATE_TYPE_NAME); + + minMandateAttributes.add(MANDATE_LEG_PER_FULL_NAME_NAME); + minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_NAME); + minMandateAttributes.add(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME); + + minMandateAttributes.add(MANDATE_NAT_PER_BIRTHDATE_NAME); + minMandateAttributes.add(MANDATE_NAT_PER_GIVEN_NAME_NAME); + minMandateAttributes.add(MANDATE_NAT_PER_BPK_NAME); + minMandateAttributes.add(MANDATE_NAT_PER_FAMILY_NAME_NAME); + + minMandateAttributes.add(MANDATE_PROF_REP_OID_NAME); + minMandateAttributes.add(MANDATE_PROF_REP_DESC_NAME); + minMandateAttributes.add(MANDATE_REFERENCE_VALUE_NAME); + } + + public static boolean canHandleMandate(AttributeConsumingService attributeConsumer) { + List<String> attrList = new ArrayList<String>(minMandateAttributes); + Iterator<RequestedAttribute> attrIt = attributeConsumer.getRequestAttributes().iterator(); + + while(attrIt.hasNext()) { + RequestedAttribute reqAttr = attrIt.next(); + + if(attrList.contains(reqAttr.getName())) { + attrList.remove(reqAttr.getName()); + } + } + + return attrList.isEmpty(); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java new file mode 100644 index 000000000..7d81825d9 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java @@ -0,0 +1,26 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public class Digester { + public static String byteArrayToHexString(byte[] b) { + String result = ""; + for (int i=0; i < b.length; i++) { + result += + Integer.toString( ( b[i] & 0xff ) + 0x100, 16).substring( 1 ); + } + return result; + } + + public static String toSHA1(byte[] convertme) { + MessageDigest md = null; + try { + md = MessageDigest.getInstance("SHA-1"); + } + catch(NoSuchAlgorithmException e) { + e.printStackTrace(); + } + return byteArrayToHexString(md.digest(convertme)); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java new file mode 100644 index 000000000..807da0ebe --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java @@ -0,0 +1,301 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.io.*; +import javax.xml.parsers.*; +import javax.xml.transform.*; +import javax.xml.transform.dom.*; +import javax.xml.transform.stream.*; + +import org.w3c.dom.Document; + +import org.xml.sax.*; +import org.xml.sax.helpers.*; + + +/** +This class "pretty prints" an XML stream to something more human-readable. +It duplicates the character content with some modifications to whitespace, +restoring line breaks and a simple pattern of indenting child elements. + +This version of the class acts as a SAX 2.0 <code>DefaultHandler</code>, +so to provide the unformatted XML just pass a new instance to a SAX parser. +Its output is via the {@link #toString toString} method. + +One major limitation: we gather character data for elements in a single +buffer, so mixed-content documents will lose a lot of data! This works +best with data-centric documents where elements either have single values +or child elements, but not both. + +@author Will Provost +*/ +/* +Copyright 2002-2003 by Will Provost. +All rights reserved. +*/ +public class PrettyPrinter + extends DefaultHandler +{ + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (byte[] content) + { + try + { + PrettyPrinter pretty = new PrettyPrinter (); + SAXParserFactory factory = SAXParserFactory.newInstance (); + factory.setFeature + ("http://xml.org/sax/features/namespace-prefixes", true); + factory.newSAXParser ().parse + (new ByteArrayInputStream (content), pretty); + return pretty.toString (); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (String content) + { + try + { + PrettyPrinter pretty = new PrettyPrinter (); + SAXParserFactory factory = SAXParserFactory.newInstance (); + factory.setFeature + ("http://xml.org/sax/features/namespace-prefixes", true); + factory.newSAXParser ().parse (content, pretty); + return pretty.toString (); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (InputStream content) + { + try + { + PrettyPrinter pretty = new PrettyPrinter (); + SAXParserFactory factory = SAXParserFactory.newInstance (); + factory.setFeature + ("http://xml.org/sax/features/namespace-prefixes", true); + factory.newSAXParser ().parse (content, pretty); + return pretty.toString (); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + /** + Convenience method to wrap pretty-printing SAX pass over existing content. + */ + public static String prettyPrint (Document doc) + throws TransformerException + { + try + { + ByteArrayOutputStream buffer = new ByteArrayOutputStream (); + TransformerFactory.newInstance ().newTransformer() + .transform (new DOMSource (doc), new StreamResult (buffer)); + byte[] rawResult = buffer.toByteArray (); + buffer.close (); + + return prettyPrint (rawResult); + } + catch (Exception ex) + { + ex.printStackTrace (); + return "EXCEPTION: " + ex.getClass ().getName () + " saying \"" + + ex.getMessage () + "\""; + } + } + + public static class StreamAdapter + extends OutputStream + { + public StreamAdapter (Writer finalDestination) + { + this.finalDestination = finalDestination; + } + + public void write (int b) + { + out.write (b); + } + + public void flushPretty () + throws IOException + { + PrintWriter finalPrinter = new PrintWriter (finalDestination); + finalPrinter.println + (PrettyPrinter.prettyPrint (out.toByteArray ())); + finalPrinter.close (); + out.close (); + } + + private ByteArrayOutputStream out = new ByteArrayOutputStream (); + Writer finalDestination; + } + + /** + Call this to get the formatted XML post-parsing. + */ + public String toString () + { + return output.toString (); + } + + /** + Prints the XML declaration. + */ + public void startDocument () + throws SAXException + { + output.append ("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>") + .append (endLine); + } + + /** + Prints a blank line at the end of the reformatted document. + */ + public void endDocument () throws SAXException + { + output.append (endLine); + } + + /** + Writes the start tag for the element. + Attributes are written out, one to a text line. Starts gathering + character data for the element. + */ + public void startElement + (String URI, String name, String qName, Attributes attributes) + throws SAXException + { + if (justHitStartTag) + output.append ('>'); + + output.append (endLine) + .append (indent) + .append ('<') + .append (qName); + + int length = attributes.getLength (); + for (int a = 0; a < length; ++a) + output.append (endLine) + .append (indent) + .append (standardIndent) + .append (attributes.getQName (a)) + .append ("=\"") + .append (attributes.getValue (a)) + .append ('\"'); + + if (length > 0) + output.append (endLine) + .append (indent); + + indent += standardIndent; + currentValue = new StringBuffer (); + justHitStartTag = true; + } + + /** + Checks the {@link #currentValue} buffer to gather element content. + Writes this out if it is available. Writes the element end tag. + */ + public void endElement (String URI, String name, String qName) + throws SAXException + { + indent = indent.substring + (0, indent.length () - standardIndent.length ()); + + if (currentValue == null) + output.append (endLine) + .append (indent) + .append ("</") + .append (qName) + .append ('>'); + else if (currentValue.length () != 0) + output.append ('>') + .append (currentValue.toString ()) + .append ("</") + .append (qName) + .append ('>'); + else + output.append ("/>"); + + currentValue = null; + justHitStartTag = false; + } + + /** + When the {@link #currentValue} buffer is enabled, appends character + data into it, to be gathered when the element end tag is encountered. + */ + public void characters (char[] chars, int start, int length) + throws SAXException + { + if (currentValue != null) + currentValue.append (escape (chars, start, length)); + } + + /** + Filter to pass strings to output, escaping <b><</b> and <b>&</b> + characters to &lt; and &amp; respectively. + */ + private static String escape (char[] chars, int start, int length) + { + StringBuffer result = new StringBuffer (); + for (int c = start; c < start + length; ++c) + if (chars[c] == '<') + result.append ("<"); + else if (chars[c] == '&') + result.append ("&"); + else + result.append (chars[c]); + + return result.toString (); + } + + /** + This whitespace string is expanded and collapsed to manage the output + indenting. + */ + private String indent = ""; + + /** + A buffer for character data. It is "enabled" in + {@link #startElement startElement} by being initialized to a + new <b>StringBuffer</b>, and then read and reset to + <code>null</code> in {@link #endElement endElement}. + */ + private StringBuffer currentValue = null; + + /** + The primary buffer for accumulating the formatted XML. + */ + private StringBuffer output = new StringBuffer (); + + private boolean justHitStartTag; + + private static final String standardIndent = " "; + private static final String endLine = + System.getProperty ("line.separator"); +} + diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java new file mode 100644 index 000000000..d6ac121b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -0,0 +1,82 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.io.IOException; +import java.security.NoSuchAlgorithmException; + +import javax.xml.namespace.QName; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.opensaml.Configuration; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.XMLObjectBuilderFactory; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.w3c.dom.Document; + +import eu.stork.vidp.messages.common.STORKBootstrap; + +public class SAML2Utils { + + public static <T> T createSAMLObject(final Class<T> clazz) { + try { + XMLObjectBuilderFactory builderFactory = Configuration + .getBuilderFactory(); + + QName defaultElementName = (QName) clazz.getDeclaredField( + "DEFAULT_ELEMENT_NAME").get(null); + @SuppressWarnings("unchecked") + T object = (T) builderFactory.getBuilder(defaultElementName) + .buildObject(defaultElementName); + return object; + } catch (Throwable e) { + e.printStackTrace(); + return null; + } + } + + public static String getSecureIdentifier() { + return idGenerator.generateIdentifier(); + } + + private static SecureRandomIdentifierGenerator idGenerator; + + private static DocumentBuilder builder; + static { + DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + factory.setNamespaceAware(true); + try { + builder = factory.newDocumentBuilder(); + } catch (ParserConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + try { + idGenerator = new SecureRandomIdentifierGenerator(); + } catch(NoSuchAlgorithmException e) { + e.printStackTrace(); + } + } + + public static Document asDOMDocument(XMLObject object) throws IOException, + MarshallingException, TransformerException { + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory().getMarshaller( + object); + out.marshall(object, document); + return document; + } + + public static Status getSuccessStatus() { + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + statusCode.setValue(StatusCode.SUCCESS_URI); + status.setStatusCode(statusCode); + return status; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java new file mode 100644 index 000000000..70793d073 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java @@ -0,0 +1,48 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import org.joda.time.DateTime; +import org.opensaml.common.SAMLObject; +import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry; + +public class StoredAssertion implements SAMLArtifactMapEntry { + private String artifact; + private String relyingPartyId; + private String issuerId; + private SAMLObject samlMessage; + private DateTime expirationTime; + + public StoredAssertion(String artifact, + String relyingPartyId, + String issuerId, + SAMLObject samlMessage) { + this.artifact = artifact; + this.relyingPartyId = relyingPartyId; + this.issuerId = issuerId; + this.samlMessage = samlMessage; + this.expirationTime = new DateTime(); + this.expirationTime.plusMinutes(5); + } + + public DateTime getExpirationTime() { + return expirationTime; + } + + public boolean isExpired() { + return this.expirationTime.isAfterNow(); + } + + public void onExpire() { + } + public String getArtifact() { + return artifact; + } + public String getIssuerId() { + return issuerId; + } + public String getRelyingPartyId() { + return relyingPartyId; + } + public SAMLObject getSamlMessage() { + return samlMessage; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java new file mode 100644 index 000000000..bf30c72cb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class ChainSAMLValidator implements ISAMLValidator { + +private List<ISAMLValidator> validator = new ArrayList<ISAMLValidator>(); + + public void addValidator(ISAMLValidator validator) { + this.validator.add(validator); + } + + public void validateRequest(RequestAbstractType request) + throws MOAIDException { + Iterator<ISAMLValidator> validatorIterator = validator.iterator(); + while(validatorIterator.hasNext()) { + ISAMLValidator validator = validatorIterator.next(); + validator.validateRequest(request); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java new file mode 100644 index 000000000..525a0870e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java @@ -0,0 +1,9 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public interface ISAMLValidator { + public void validateRequest(RequestAbstractType request) throws MOAIDException; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java new file mode 100644 index 000000000..db1241e6f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.validation; + +import org.opensaml.common.SignableSAMLObject; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.validation.ValidationException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; + +public class SAMLSignatureValidator implements ISAMLValidator { + + public void validateRequest(RequestAbstractType request) + throws MOAIDException { + if (request.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(request.getSignature()); + } catch (ValidationException e) { + e.printStackTrace(); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void validateSignable(SignableSAMLObject signableObject) + throws MOAIDException { + if (signableObject.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(signableObject.getSignature()); + } catch (ValidationException e) { + e.printStackTrace(); + throw new SAMLRequestNotSignedException(e); + } + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java new file mode 100644 index 000000000..5cea607bc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public class ChainSAMLVerifier implements ISAMLVerifier { + + private List<ISAMLVerifier> verifier = new ArrayList<ISAMLVerifier>(); + + public void addVerifier(ISAMLVerifier verifier) { + this.verifier.add(verifier); + } + + public void verifyRequest(RequestAbstractType request) + throws MOAIDException { + Iterator<ISAMLVerifier> verifyIterator = verifier.iterator(); + while(verifyIterator.hasNext()) { + ISAMLVerifier verifier = verifyIterator.next(); + verifier.verifyRequest(request); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java new file mode 100644 index 000000000..b78c2f264 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java @@ -0,0 +1,160 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import java.util.Iterator; +import java.util.List; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.SignatureValidator; +import org.opensaml.xml.validation.ValidationException; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +public class EntityVerifier { + + public static byte[] fetchSavedCredential(String entityID) { + List<OnlineApplication> oaList = ConfigurationDBRead + .getAllActiveOnlineApplications(); + Iterator<OnlineApplication> oaIt = oaList.iterator(); + while (oaIt.hasNext()) { + OnlineApplication oa = oaIt.next(); + if (oa.getPublicURLPrefix().equals(entityID)) { + OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2(); + if (pvp2Config != null) { + return pvp2Config.getCertificate(); + } + } + } + return null; + } + + public static void verify(EntityDescriptor entityDescriptor) + throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + Credential credential = CredentialProvider + .getSPTrustedCredential(entityDescriptor.getEntityID()); + if (credential == null) { + throw new NoCredentialsException(entityDescriptor.getEntityID()); + } + + SignatureValidator sigValidator = new SignatureValidator(credential); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntityDescriptor entityDescriptor, Credential cred) + throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntitiesDescriptor entityDescriptor, + Credential cred) throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + SignatureValidator sigValidator = new SignatureValidator(cred); + try { + sigValidator.validate(entityDescriptor.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + + public static void verify(EntitiesDescriptor entityDescriptor) + throws MOAIDException { + if (entityDescriptor.getSignature() == null) { + throw new SAMLRequestNotSignedException(); + } + + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(entityDescriptor.getSignature()); + } catch (ValidationException e) { + Logger.error("Failed to validate Signature", e); + throw new SAMLRequestNotSignedException(e); + } + + List<EntityDescriptor> entities = entityDescriptor + .getEntityDescriptors(); + + if (entities.size() > 0) { + + if (entities.size() > 1) { + Logger.warn("More then one EntityID in Metadatafile with Name " + + entityDescriptor.getName() + + " defined. Actually only the first" + + " entryID is used to select the certificate to perform Metadata verification."); + } + + Credential credential = CredentialProvider + .getSPTrustedCredential(entities.get(0).getEntityID()); + + if (credential == null) { + throw new NoCredentialsException("moaID IDP"); + } + + SignatureValidator sigValidator = new SignatureValidator(credential); + try { + sigValidator.validate(entityDescriptor.getSignature()); + + } catch (ValidationException e) { + Logger.error("Failed to verfiy Signature", e); + throw new SAMLRequestNotSignedException(e); + } + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java new file mode 100644 index 000000000..a577f3f46 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java @@ -0,0 +1,9 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import org.opensaml.saml2.core.RequestAbstractType; + +import at.gv.egovernment.moa.id.MOAIDException; + +public interface ISAMLVerifier { + public void verifyRequest(RequestAbstractType request) throws MOAIDException; +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java new file mode 100644 index 000000000..36dc2442c --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java @@ -0,0 +1,78 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import iaik.x509.X509Certificate; + +import java.security.cert.CertificateException; +import java.util.Iterator; + +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.security.x509.BasicX509Credential; + +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; + +public class MetadataSignatureFilter implements MetadataFilter { + + private String metadataURL; + private BasicX509Credential savedCredential; + + public MetadataSignatureFilter(String url, byte[] certificate) + throws CertificateException { + this.metadataURL = url; + X509Certificate cert = new X509Certificate(certificate); + savedCredential = new BasicX509Credential(); + savedCredential.setEntityCertificate(cert); + } + + public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException { + + String entityID = desc.getEntityID(); + + EntityVerifier.verify(desc); + } + + public void processEntitiesDescriptor(EntitiesDescriptor desc) throws MOAIDException { + Iterator<EntitiesDescriptor> entID = desc.getEntitiesDescriptors().iterator(); + + if(desc.getSignature() != null) { + EntityVerifier.verify(desc, this.savedCredential); + } + + while(entID.hasNext()) { + processEntitiesDescriptor(entID.next()); + } + + Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator(); + + while(entID.hasNext()) { + processEntityDescriptorr(entIT.next()); + } + } + + public void doFilter(XMLObject metadata) throws FilterException { + try { + if (metadata instanceof EntitiesDescriptor) { + EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata; + if(entitiesDescriptor.getSignature() == null) { + throw new MOAIDException("Root element of metadata file has to be signed", null); + } + processEntitiesDescriptor(entitiesDescriptor); + } /*else if (metadata instanceof EntityDescriptor) { + EntityDescriptor entityDescriptor = (EntityDescriptor) metadata; + processEntityDescriptorr(entityDescriptor); + } */else { + throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null); + } + Logger.info("Metadata Filter done OK"); + } catch (MOAIDException e) { + e.printStackTrace(); + throw new FilterException(e); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java new file mode 100644 index 000000000..8df418f9a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -0,0 +1,67 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.validation.ValidationException; + +public class SAMLVerificationEngine { + + public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + } catch (ValidationException e) { + // Indicates signature did not conform to SAML Signature profile + e.printStackTrace(); + } + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new Exception("Signature was either invalid or signing key could not be established as trusted"); + } + } catch (SecurityException e) { + // Indicates processing error evaluating the signature + e.printStackTrace(); + } + } + + public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); + try { + profileValidator.validate(samlObj.getSignature()); + } catch (ValidationException e) { + // Indicates signature did not conform to SAML Signature profile + e.printStackTrace(); + } + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); + + try { + if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { + throw new Exception("Signature was either invalid or signing key could not be established as trusted"); + } + } catch (SecurityException e) { + // Indicates processing error evaluating the signature + e.printStackTrace(); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java new file mode 100644 index 000000000..6dbaae0a1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java @@ -0,0 +1,108 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.validation.ValidationException; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; +import eu.stork.vidp.messages.util.XMLUtil; + +public class SAMLVerifierMOASP implements ISAMLVerifier { + + + //TODO: implement via metadata validator .... + public void verifyRequest(RequestAbstractType request) + throws MOAIDException { + // validate Signature + try { + if (request.isSigned()) { + + String trustProfileID = AuthConfigurationProvider.getInstance() + .getStorkConfig().getSignatureVerificationParameter() + .getTrustProfileID(); + + Logger.trace("Starting validation of Signature references"); + try { + SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); + sigValidator.validate(request.getSignature()); + } catch (ValidationException e) { + Logger.error("Validation of XML Signature refrences failed: " + + e.getMessage()); + throw new SecurityException(e); + } + Logger.debug("XML Signature references are OK."); + + Logger.debug("Invoking MOA-SP with TrustProfileID: " + + trustProfileID); + + // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(XMLUtil.printXML(request.getDOM()).getBytes(), + trustProfileID); + + Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built"); + + Logger.trace("Calling MOA-SP"); + // invokes the call + Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the <VerifyXMLSignatureResponse> + VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( + domVerifyXMLSignatureResponse).parseData(); + + Logger.trace("Received VerifyXMLSignatureResponse from MOA-SP"); + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) { + String msg = "Signature of SAMLResponse not valid"; + Logger.error(msg); + throw new SecurityException(msg); + } + + Logger.debug("Signature of SAML response successfully verified"); + + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { + String msg = "Certificate of SAMLResponse not valid"; + Logger.error(msg); + throw new SecurityException(msg); + } + + Logger.debug("Signing certificate of SAML response succesfully verified"); + + } else { + String msg = "SAML Object is not signed."; + throw new SecurityException(msg); + } + + } catch (ConfigurationException e) { + String msg = "Unable to load STORK configuration for STORK SAML Response signature verification."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (ParseException e) { + String msg = "Unable to parse VerifyXMLSignature Request or Response."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (BuildException e) { + String msg = "Unable to parse VerifyXMLSignature Request or Response."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } catch (ServiceException e) { + String msg = "Unable to invoke MOA-SP."; + Logger.error(msg, e); + throw new SecurityException(msg, e); + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java new file mode 100644 index 000000000..f3c5ed86a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java @@ -0,0 +1,71 @@ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification; + +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.xml.security.credential.CredentialResolver; +import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xml.security.keyinfo.KeyInfoProvider; +import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider; +import org.opensaml.xml.security.keyinfo.provider.InlineX509DataProvider; +import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider; +import org.opensaml.xml.signature.SignatureTrustEngine; +import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; +import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine; + +import sun.security.krb5.Credentials; + +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver; + +public class TrustEngineFactory { + + public static SignatureTrustEngine getSignatureTrustEngine() { + try { + MetadataPKIXValidationInformationResolver mdResolver = new MetadataPKIXValidationInformationResolver( + MOAMetadataProvider.getInstance()); + + List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + PKIXSignatureTrustEngine engine = new PKIXSignatureTrustEngine( + mdResolver, keyInfoResolver); + + return engine; + + } catch (Exception e) { + e.printStackTrace(); + return null; + } + } + + public static SignatureTrustEngine getSignatureKnownKeysTrustEngine() { + MetadataCredentialResolver resolver; + + resolver = new MetadataCredentialResolver( + MOAMetadataProvider.getInstance()); + + List<KeyInfoProvider> keyInfoProvider = new ArrayList<KeyInfoProvider>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + + KeyInfoCredentialResolver keyInfoResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + ExplicitKeySignatureTrustEngine engine = new ExplicitKeySignatureTrustEngine( + resolver, keyInfoResolver); + + return engine; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java new file mode 100644 index 000000000..75825d92d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -0,0 +1,186 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.IOException; +import java.io.PrintWriter; +import java.io.UnsupportedEncodingException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class GetArtifactAction implements IAction { + + public void processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException { + +// HttpSession httpSession = httpReq.getSession(); +// AuthenticationManager authmanager = AuthenticationManager.getInstance(); +// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession); + +// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) { +// throw new AuthenticationException("auth.21", new Object[] {}); +// } + + String oaURL = (String) req.getOAURL(); + String target = (String) req.getTarget(); + + try { + + + if (oaURL == null) { + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + } + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + + // if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } + + + // TODO: Support Mandate MODE! + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + // builds authentication data and stores it together with a SAML + // artifact + + //TODO: check, if this is correct!!!! + //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(), + // useUTC, false); + + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + + AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, + oaParam, + target); + + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData); + + if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { + String url = "RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); + if (!oaParam.getBusinessService()) + url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8")); + url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = httpResp.encodeRedirectURL(url); + + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + httpResp.addHeader("Location", url); + + } else { + String redirectURL = oaURL; + + //session.getOAURLRequested(); + + if (!oaParam.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); + redirectURL = addURLParameter(redirectURL, PARAM_TARGET, + URLEncoder.encode(oaParam.getTarget(), "UTF-8")); + + + } + redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, + URLEncoder.encode(samlArtifactBase64, "UTF-8")); + redirectURL = httpResp.encodeRedirectURL(redirectURL); + httpResp.setContentType("text/html"); + httpResp.setStatus(302); + httpResp.addHeader("Location", redirectURL); + Logger.debug("REDIRECT TO: " + redirectURL); + } + // CONFIRMATION FOR SSO! + /* + * OAAuthParameter oaParam = + * AuthConfigurationProvider.getInstance(). + * getOnlineApplicationParameter(oaURL); + * + * String friendlyName = oaParam.getFriendlyName(); if(friendlyName + * == null) { friendlyName = oaURL; } + * + * + * LoginConfirmationBuilder builder = new + * LoginConfirmationBuilder(); + * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); + * String form = builder.finish(oaURL, session.getIdentityLink() + * .getName(), friendlyName); + */ + + /* + * resp.setContentType("text/html"); + * + * OutputStream out = resp.getOutputStream(); + * out.write(form.getBytes("UTF-8")); out.flush(); out.close(); + */ + + } catch (WrongParametersException ex) { + // handleWrongParameters(ex, req, httpResp); + ex.printStackTrace(); + } catch (ConfigurationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (BuildException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (AuthenticationException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (UnsupportedEncodingException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (IOException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } catch (MOADatabaseException e) { + // TODO Auto-generated catch block + e.printStackTrace(); + } + } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return true; + } + + public String getDefaultActionName() { + return SAML1Protocol.GETARTIFACT; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java new file mode 100644 index 000000000..433302b4f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java @@ -0,0 +1,135 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.IOException; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class GetArtifactServlet extends AuthServlet { + + /** + * + */ + private static final long serialVersionUID = 3593264832041467899L; + + /** + * Constructor for GetArtifactServlet. + */ + public GetArtifactServlet() { + super(); + } + + @Override + protected void doGet(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + HttpSession httpSession = req.getSession(); + + + +// AuthenticationSession session = AuthenticationManager +// .getAuthenticationSession(httpSession); +// +// String oaURL = (String) req.getAttribute(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// +// String target = (String) req.getAttribute(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// try { +// +// // check parameter +// if (!ParamValidatorUtils.isValidOA(oaURL)) +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// +// if (oaURL == null) { +// oaURL = session.getOAURLRequested(); +// } +// +// if (oaURL == null) { +// throw new WrongParametersException("StartAuthentication", +// PARAM_OA, "auth.12"); +// } +// +// String samlArtifactBase64 = SAML1AuthenticationServer +// .BuildSAMLArtifact(session); +// +// String redirectURL = oaURL; +// session.getOAURLRequested(); +// if (!session.getBusinessService()) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); +// +// } +// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, +// URLEncoder.encode(samlArtifactBase64, "UTF-8")); +// redirectURL = resp.encodeRedirectURL(redirectURL); +// +// resp.setContentType("text/html"); +// resp.setStatus(302); +// +// resp.addHeader("Location", redirectURL); +// Logger.debug("REDIRECT TO: " + redirectURL); +// +// // CONFIRMATION FOR SSO! +// /* +// * OAAuthParameter oaParam = +// * AuthConfigurationProvider.getInstance(). +// * getOnlineApplicationParameter(oaURL); +// * +// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName +// * == null) { friendlyName = oaURL; } +// * +// * +// * LoginConfirmationBuilder builder = new +// * LoginConfirmationBuilder(); +// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64); +// * String form = builder.finish(oaURL, session.getIdentityLink() +// * .getName(), friendlyName); +// */ +// +// /* +// resp.setContentType("text/html"); +// +// OutputStream out = resp.getOutputStream(); +// out.write(form.getBytes("UTF-8")); +// out.flush(); +// out.close();*/ +// +// } catch (WrongParametersException ex) { +// handleWrongParameters(ex, req, resp); +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (BuildException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } catch (AuthenticationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } + + } + + @Override + protected void doPost(HttpServletRequest req, HttpServletResponse resp) + throws ServletException, IOException { + doGet(req, resp); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index b5c72ef9f..1fbcb9a46 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -22,18 +22,17 @@ */ -package at.gv.egovernment.moa.id.auth.servlet; +package at.gv.egovernment.moa.id.protocols.saml1; import java.util.Calendar; import org.apache.axis.AxisFault; +import org.apache.commons.lang3.StringEscapeUtils; import org.w3c.dom.Element; - import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.MOAIDException; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; @@ -47,7 +46,7 @@ import at.gv.egovernment.moa.util.XPathUtils; * Web service for picking up authentication data created in the MOA-ID Auth component. * * @author Paul Ivancsics - * @version $Id$ + * @version $Id: GetAuthenticationDataService.java 1233 2012-01-26 21:59:33Z kstranacher $ * @see at.gv.egovernment.moa.id.auth.AuthenticationServer#getAuthenticationData */ public class GetAuthenticationDataService implements Constants { @@ -80,12 +79,12 @@ public class GetAuthenticationDataService implements Constants { throws AxisFault { Element request = requests[0]; - Element[] responses = new Element[1]; + Element[] responses = new Element[1]; String requestID = ""; String statusCode = ""; String subStatusCode = null; String statusMessageCode = null; - String statusMessage = null; + String statusMessage = null; String samlAssertion = ""; boolean useUTC = false; if (requests.length > 1) { @@ -109,23 +108,53 @@ public class GetAuthenticationDataService implements Constants { subStatusCode = "samlp:TooManyResponses"; statusMessageCode = "1203"; } + else { Element samlArtifactElem = (Element)samlArtifactList.item(0); requestID = request.getAttribute("RequestID"); String samlArtifact = DOMUtils.getText(samlArtifactElem); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + try { - - AuthenticationData authData = AuthenticationServer.getInstance(). - getAuthenticationData(samlArtifact); + + AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); - useUTC = authData.getUseUTC(); - // success - samlAssertion = authData.getSamlAssertion(); - statusCode = "samlp:Success"; - statusMessageCode = "1200"; - } - catch (AuthenticationException ex) { - // no authentication data for given SAML artifact + useUTC = authData.getUseUTC(); + + // success + samlAssertion = authData.getSamlAssertion(); + statusCode = "samlp:Success"; + statusMessageCode = "1200"; + } + + catch (ClassCastException ex) { + + try { + Throwable error = saml1server.getErrorResponse(samlArtifact); + statusCode = "samlp:Responder"; + subStatusCode = "samlp:RequestDenied"; + + if (error instanceof MOAIDException) { + statusMessageCode = ((MOAIDException)error).getMessageId(); + statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); + + } else { + statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); + } + + + + } catch (Exception e) { + //no authentication data for given SAML artifact + statusCode = "samlp:Requester"; + subStatusCode = "samlp:ResourceNotRecognized"; + statusMessage = ex.toString(); + } + + } + + catch (AuthenticationException ex) { + //no authentication data for given SAML artifact statusCode = "samlp:Requester"; subStatusCode = "samlp:ResourceNotRecognized"; statusMessage = ex.toString(); @@ -137,10 +166,12 @@ public class GetAuthenticationDataService implements Constants { statusCode = "samlp:Requester"; statusMessageCode = "1204"; } - } + } + try { String responseID = Random.nextRandom(); String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC); + if (statusMessage == null) statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null); responses[0] = new SAMLResponseBuilder().build( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java new file mode 100644 index 000000000..fec2d2b35 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -0,0 +1,522 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.io.IOException; +import java.util.Date; +import java.util.List; + +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.ParseException; +import at.gv.egovernment.moa.id.ServiceException; +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.auth.validator.ValidateException; +import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.StringUtils; + +public class SAML1AuthenticationServer extends AuthenticationServer { + + private static SAML1AuthenticationServer instance; + + public static SAML1AuthenticationServer getInstace() { + if (instance == null) + instance = new SAML1AuthenticationServer(); + + return instance; + } + + //private static Map authenticationDataStore = new HashMap(); + private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance(); + + + //TODO: make this time configurable + /** + * time out in milliseconds used by {@link cleanup} for authentication data + * store + */ + private static final long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes + + + public Throwable getErrorResponse(String samlArtifact) throws AuthenticationException { + try { + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + Throwable error = null; + synchronized (authenticationDataStore) { + try { + error = authenticationDataStore + .get(samlArtifact, Throwable.class); + + authenticationDataStore.remove(samlArtifact); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + + } + + return error; + } + + /** + * Retrieves <code>AuthenticationData</code> indexed by the SAML artifact. + * The <code>AuthenticationData</code> is deleted from the store upon end of + * this call. + * + * @return <code>AuthenticationData</code> + */ + public AuthenticationData getSaml1AuthenticationData(String samlArtifact) + throws AuthenticationException { + try { + new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + + } catch (ParseException ex) { + throw new AuthenticationException("1205", new Object[] { + samlArtifact, ex.toString() }); + } + AuthenticationData authData = null; + synchronized (authenticationDataStore) { + // System.out.println("assertionHandle: " + assertionHandle); + + try { + authData = authenticationDataStore + .get(samlArtifact, AuthenticationData.class); + + } catch (MOADatabaseException e) { + Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); + throw new AuthenticationException("1206", new Object[] { samlArtifact }); + } + } + + boolean keepAssertion = false; + + //removed from MOA-ID 2.0 config +// try { +// String boolStr = AuthConfigurationProvider.getInstance() +// .getGenericConfigurationParameter( +// "AuthenticationServer.KeepAssertion"); +// if (null != boolStr && boolStr.equalsIgnoreCase("true")) +// keepAssertion = true;// Only allowed for debug purposes!!! +// +// } catch (ConfigurationException ex) { +// throw new AuthenticationException("1205", new Object[] { +// samlArtifact, ex.toString() }); +// } + if (!keepAssertion) { + authenticationDataStore.remove(samlArtifact); + } + + long now = new Date().getTime(); + + if (now - authData.getTimestamp().getTime() > authDataTimeOut) + throw new AuthenticationException("1207", new Object[] { samlArtifact }); + + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); + + return authData; + } + + public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) + throws BuildException, MOADatabaseException { + + String samlArtifact = new SAMLArtifactBuilder().build( + protocolRequest.getOAURL(), protocolRequest.getRequestID(), + null); + + authenticationDataStore.put(samlArtifact, error); + + return samlArtifact; + } + + public String BuildSAMLArtifact(AuthenticationSession session, + OAAuthParameter oaParam, + AuthenticationData authData) + throws ConfigurationException, BuildException, AuthenticationException { + + //Load SAML1 Parameter from OA config + OASAML1 saml1parameter = oaParam.getSAML1Parameter(); + + boolean useCondition = saml1parameter.isUseCondition(); + int conditionLength = saml1parameter.getConditionLength().intValue(); + + try { + + //set BASE64 encoded signer certificate + String signerCertificateBase64 = ""; + if (saml1parameter.isProvideCertificate()) { + byte[] signerCertificate = session.getEncodedSignerCertificate(); + if (signerCertificate != null) { + + signerCertificateBase64 = Base64Utils + .encode(signerCertificate); + } else { + Logger.info("\"provideCertificate\" is \"true\", but no signer certificate available"); + } + } + + //set prPersion + boolean provideStammzahl = saml1parameter.isProvideStammzahl(); + String prPerson = new PersonDataBuilder().build(authData.getIdentityLink(), + provideStammzahl); + + //set Authblock + String authBlock = saml1parameter.isProvideAUTHBlock() ? session + .getAuthBlock() : ""; + + //set IdentityLink for assortion + String ilAssertion = saml1parameter.isProvideIdentityLink() ? authData.getIdentityLink() + .getSerializedSamlAssertion() + : ""; + if (!saml1parameter.isProvideStammzahl()) { + ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() + .getIdentificationValue(), ""); + } + + String samlAssertion; + + if (session.getUseMandate()) { + List oaAttributes = session.getExtendedSAMLAttributesOA(); + + if (saml1parameter.isProvideFullMandatorData()) { + + try { + + ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( + session.getMISMandate(), oaParam.getBusinessService(), + saml1parameter.isProvideStammzahl()); + + if (extendedSAMLAttributes != null) { + + String identifier = "MISService"; + String friendlyName ="MISService"; + + int length = extendedSAMLAttributes.length; + for (int i = 0; i < length; i++) { + ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i]; + + Object value = verifySAMLAttribute(samlAttribute, i, identifier, + friendlyName); + + if ((value instanceof String) || (value instanceof Element)) { + switch (samlAttribute.getAddToAUTHBlock()) { + case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK: + replaceExtendedSAMLAttribute(oaAttributes, samlAttribute); + break; + default: + Logger + .info("Invalid return value from method \"getAddToAUTHBlock()\" (" + + samlAttribute.getAddToAUTHBlock() + + ") in SAML attribute number " + + (i + 1) + + " for infobox " + identifier); + throw new ValidateException("validator.47", new Object[] { + friendlyName, String.valueOf((i + 1)) }); + } + } else { + Logger + .info("The type of SAML-Attribute number " + + (i + 1) + + " returned from " + + identifier + + "-infobox validator is not valid. Must be either \"java.Lang.String\"" + + " or \"org.w3c.dom.Element\""); + throw new ValidateException("validator.46", new Object[] { + identifier, String.valueOf((i + 1)) }); + } + } + } + + } catch (SAXException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (IOException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (ParserConfigurationException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } catch (TransformerException e) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }, e); + } + } + + String mandateDate = generateMandateDate(session, oaParam, authData); + + samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( + authData, + prPerson, + mandateDate, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + oaAttributes, + useCondition, + conditionLength); + + } else { + samlAssertion = new AuthenticationDataAssertionBuilder().build( + authData, + prPerson, + authBlock, + ilAssertion, + session.getBkuURL(), + signerCertificateBase64, + oaParam.getBusinessService(), + session.getExtendedSAMLAttributesOA(), + useCondition, + conditionLength); + } + + authData.setSamlAssertion(samlAssertion); + + String samlArtifact = new SAMLArtifactBuilder().build( + session.getAuthURL(), session.getSessionID(), + saml1parameter.getSourceID()); + + storeAuthenticationData(samlArtifact, authData); + + Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() + + " angelegt, SAML Artifakt " + samlArtifact); + return samlArtifact; + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[] { + "AuthenticationData", ex.toString() }, ex); + } + + } + + private String generateMandateDate(AuthenticationSession session, + OAAuthParameter oaParam, AuthenticationData authData + ) throws AuthenticationException, BuildException, + ParseException, ConfigurationException, ServiceException, + ValidateException { + + if (session == null) + throw new AuthenticationException("auth.10", new Object[] { + REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); + + //AuthenticationSession session = getSession(sessionID); + // AuthConfigurationProvider authConf = + // AuthConfigurationProvider.getInstance(); + + IdentityLink tempIdentityLink = null; + + Element mandate = session.getMandate(); + + if (session.getUseMandate()) { + tempIdentityLink = new IdentityLink(); + Element mandator = ParepUtils.extractMandator(mandate); + String dateOfBirth = ""; + Element prPerson = null; + String familyName = ""; + String givenName = ""; + String identificationType = ""; + String identificationValue = ""; + if (mandator != null) { + boolean physical = ParepUtils.isPhysicalPerson(mandator); + if (physical) { + familyName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:FamilyName/text()"); + givenName = ParepUtils.extractText(mandator, + "descendant-or-self::pr:Name/pr:GivenName/text()"); + dateOfBirth = ParepUtils + .extractMandatorDateOfBirth(mandator); + } else { + familyName = ParepUtils.extractMandatorFullName(mandator); + } + identificationType = ParepUtils.getIdentification(mandator, + "Type"); + identificationValue = ParepUtils.extractMandatorWbpk(mandator); + + prPerson = ParepUtils.extractPrPersonOfMandate(mandate); + if (physical + && oaParam.getBusinessService() + && identificationType != null + && Constants.URN_PREFIX_BASEID + .equals(identificationType)) { + // now we calculate the wbPK and do so if we got it from the + // BKU + + + //load IdentityLinkDomainType from OAParam + String type = oaParam.getIdentityLinkDomainIdentifier(); + if (type.startsWith(Constants.URN_PREFIX_WBPK + "+")) + identificationType = type; + else + identificationType = Constants.URN_PREFIX_WBPK + "+" + + type; + + + identificationValue = new BPKBuilder().buildWBPK( + identificationValue, identificationType); + ParepUtils + .HideStammZahlen(prPerson, true, null, null, true); + } + + tempIdentityLink.setDateOfBirth(dateOfBirth); + tempIdentityLink.setFamilyName(familyName); + tempIdentityLink.setGivenName(givenName); + tempIdentityLink.setIdentificationType(identificationType); + tempIdentityLink.setIdentificationValue(identificationValue); + tempIdentityLink.setPrPerson(prPerson); + try { + tempIdentityLink.setSamlAssertion(authData.getIdentityLink() + .getSamlAssertion()); + } catch (Exception e) { + throw new ValidateException("validator.64", null); + } + + } + + } + + Element mandatePerson = tempIdentityLink.getPrPerson(); + + String mandateData = null; + try { + + boolean provideStammzahl = oaParam.getSAML1Parameter().isProvideStammzahl(); + + String oatargetType; + + if(oaParam.getBusinessService()) { + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + + } else { + oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); + } + + Element prIdentification = (Element) mandatePerson + .getElementsByTagNameNS(Constants.PD_NS_URI, + "Identification").item(0); + + if (!oatargetType.equals(tempIdentityLink.getIdentificationType())) { + + String isPrPerson = mandatePerson.getAttribute("xsi:type"); + + if (!StringUtils.isEmpty(isPrPerson)) { + if (isPrPerson.equalsIgnoreCase("pr:PhysicalPerson")) { + String baseid = getBaseId(mandatePerson); + Element identificationBpK = createIdentificationBPK(mandatePerson, + baseid, oaParam.getTarget()); + + if (!provideStammzahl) { + prIdentification.getFirstChild().setTextContent(""); + } + + mandatePerson.insertBefore(identificationBpK, + prIdentification); + } + } + + } else { + +// Element identificationBpK = mandatePerson.getOwnerDocument() +// .createElementNS(Constants.PD_NS_URI, "Identification"); +// Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Value"); +// +// valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// tempIdentityLink.getIdentificationValue())); +// Element typeBpK = mandatePerson.getOwnerDocument().createElementNS( +// Constants.PD_NS_URI, "Type"); +// typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode( +// "urn:publicid:gv.at:cdid+bpk")); +// identificationBpK.appendChild(valueBpK); +// identificationBpK.appendChild(typeBpK); +// +// mandatePerson.insertBefore(identificationBpK, prIdentification); + } + + + mandateData = DOMUtils.serializeNode(mandatePerson); + + } catch (TransformerException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } catch (IOException e1) { + throw new AuthenticationException("auth.16", + new Object[] { GET_MIS_SESSIONID }); + } + + return mandateData; + } + + + + + /** + * Stores authentication data indexed by the assertion handle contained in + * the given saml artifact. + * + * @param samlArtifact + * SAML artifact + * @param authData + * authentication data + * @throws AuthenticationException + * when SAML artifact is invalid + */ + private void storeAuthenticationData(String samlArtifact, + AuthenticationData authData) throws AuthenticationException { + + try { + SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); + // check type code 0x0001 + byte[] typeCode = parser.parseTypeCode(); + if (typeCode[0] != 0 || typeCode[1] != 1) + throw new AuthenticationException("auth.06", + new Object[] { samlArtifact }); + parser.parseAssertionHandle(); + + synchronized (authenticationDataStore) { + Logger.debug("Assertion stored for SAML Artifact: " + + samlArtifact); + authenticationDataStore.put(samlArtifact, authData); + } + + } catch (AuthenticationException ex) { + throw ex; + + } catch (Throwable ex) { + throw new AuthenticationException("auth.06", + new Object[] { samlArtifact }); + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java new file mode 100644 index 000000000..a310b16ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -0,0 +1,175 @@ +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IModulInfo; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.ServletInfo; +import at.gv.egovernment.moa.id.moduls.ServletType; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.URLEncoder; + +public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { + + public static final String NAME = SAML1Protocol.class.getName(); + public static final String PATH = "id_saml1"; + + public static final String GETARTIFACT = "GetArtifact"; + + private static List<ServletInfo> servletList = new ArrayList<ServletInfo>(); + + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + + static { + servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT, + ServletType.AUTH)); + + actions.put(GETARTIFACT, new GetArtifactAction()); + + instance = new SAML1Protocol(); + } + + private static SAML1Protocol instance = null; + + public static SAML1Protocol getInstance() { + if (instance == null) { + instance = new SAML1Protocol(); + } + return instance; + } + + public List<ServletInfo> getServlets() { + return servletList; + } + + + public String getName() { + return NAME; + } + + public String getPath() { + return PATH; + } + + public IRequest preProcess(HttpServletRequest request, + HttpServletResponse response, String action) throws MOAIDException { + RequestImpl config = new RequestImpl(); + String oaURL = (String) request.getParameter(PARAM_OA); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + String target = (String) request.getParameter(PARAM_TARGET); + target = StringEscapeUtils.escapeHtml(target); + + //the target parameter is used to define the OA in SAML1 standard + if (target != null && target.startsWith("http")) { + oaURL = target; + target = null; + } + + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, + "auth.12"); + config.setOAURL(oaURL); + + //load Target only from OA config + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaURL); + + if (oaParam == null) + throw new AuthenticationException("auth.00", + new Object[] { oaURL }); + + config.setTarget(oaParam.getTarget()); + + + //TODO: set reauthenticate if OA.useSSO=false + + request.getSession().setAttribute(PARAM_OA, oaURL); + request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); + return config; + } + + public boolean generateErrorMessage(Throwable e, + HttpServletRequest request, HttpServletResponse response, + IRequest protocolRequest) + throws Throwable{ + + SAML1AuthenticationServer saml1authentication = SAML1AuthenticationServer.getInstace(); + + String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); + + String url = "RedirectServlet"; + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); + url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = response.encodeRedirectURL(url); + + response.setContentType("text/html"); + response.setStatus(302); + response.addHeader("Location", url); + Logger.debug("REDIRECT TO: " + url); + + return true; + } + + public IAction getAction(String action) { + return actions.get(action); + } + + public IAction canHandleRequest(HttpServletRequest request, + HttpServletResponse response) { + return null; + } + + public boolean validate(HttpServletRequest request, + HttpServletResponse response, IRequest pending) { + + //TODO: funktioniert so nicht!!! + +// String oaURL = (String) request.getParameter(PARAM_OA); +// oaURL = StringEscapeUtils.escapeHtml(oaURL); +// String target = (String) request.getParameter(PARAM_TARGET); +// target = StringEscapeUtils.escapeHtml(target); +// +// //the target parameter is used to define the OA in SAML1 standard +// if (target.startsWith("http")) { +// oaURL = target; +// target = null; +// } +// +// if (oaURL != null) { +// if (oaURL.equals(pending.getOAURL())) +// return true; +// else +// return false; +// } + + return true; + } + + protected static String addURLParameter(String url, String paramname, + String paramvalue) { + String param = paramname + "=" + paramvalue; + if (url.indexOf("?") < 0) + return url + "?" + param; + else + return url + "&" + param; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java index c1e64dd53..e1bd38d68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java @@ -63,9 +63,11 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public DefaultConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); @@ -113,7 +115,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { //conn.setAllowUserInteraction(true); conn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -187,7 +189,7 @@ public class DefaultConnectionBuilder implements ConnectionBuilder { * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 7a356aaf0..03b012a27 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -136,8 +136,10 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { return authData.getDateOfBirth(); if (predicate.equals(MOABPK)) return authData.getBPK(); - if (predicate.equals(MOAWBPK)) - return authData.getWBPK(); + + //AuthData holdes the correct BPK/WBPK + if (predicate.equals(MOAWBPK)) + return authData.getBPK(); if (predicate.equals(MOAPublicAuthority)) if (authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java index 29c8b3bca..1243960ac 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java @@ -86,9 +86,12 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public ElakConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); @@ -204,7 +207,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { //conn.setUseCaches(false); webDavConn.setAllowUserInteraction(true); webDavConn.setInstanceFollowRedirects(false); - // JSSE Abhängigkeit + // JSSE Abhängigkeit if (conn instanceof HttpsURLConnection && sslSocketFactory != null) { HttpsURLConnection httpsConn = (HttpsURLConnection) conn; httpsConn.setSSLSocketFactory(sslSocketFactory); @@ -258,7 +261,7 @@ public class ElakConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ -//JSSE Abhängigkeit +//JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java index 023b2c272..9bbef8aa9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java @@ -46,7 +46,7 @@ import at.gv.egovernment.moa.util.BoolUtils; /** * Outlook Web Access (OWA) Implementierung von <code>ConnectionBuilder</code>. - * uses the HTTP(s)Client from Ronald Tschalär. + * uses the HTTP(s)Client from Ronald Tschalär. * origin version (without https support) is available at http://www.innovation.ch/java/HTTPClient/ * * @author pdanner @@ -79,9 +79,12 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * @throws ConfigurationException on any config error */ public EnhancedConnectionBuilder() throws ConfigurationException { - cbDisableHostnameVerification = BoolUtils.valueOf( - ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( - "ProxyComponent.DisableHostnameVerification")); + + //INFO: removed from MOA-ID 2.0 config + cbDisableHostnameVerification = false; +// cbDisableHostnameVerification = BoolUtils.valueOf( +// ProxyConfigurationProvider.getInstance().getGenericConfigurationParameter( +// "ProxyComponent.DisableHostnameVerification")); //TODO MOA-ID BRZ undocumented feature if (cbDisableHostnameVerification) Logger.warn("ProxyComponent.DisableHostnameVerification: " + cbDisableHostnameVerification); @@ -168,7 +171,7 @@ public class EnhancedConnectionBuilder implements ConnectionBuilder { * A private class to change the standard HostName verifier to disable the * Hostname Verification Check */ - // JSSE Abhängigkeit + // JSSE Abhängigkeit private class HostnameNonVerifier implements HostnameVerifier { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java index 61f38412e..e075c99ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java @@ -33,7 +33,7 @@ import java.security.GeneralSecurityException; import javax.net.ssl.SSLSocketFactory; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; @@ -91,8 +91,10 @@ public class MOAIDProxyInitializer { ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter(); if (connParamAuth!=null) { if (connParamAuth.isHTTPSURL()) { - SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); - AxisSecureSocketFactory.initialize(ssf); + + //TODO: einkommentieren!!!! + //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth); + //AxisSecureSocketFactory.initialize(ssf); } } else { throw new ConfigurationException("config.16", null); @@ -104,8 +106,10 @@ public class MOAIDProxyInitializer { for (int i = 0; i < oaParams.length; i++) { OAProxyParameter oaParam = oaParams[i]; ConnectionParameter oaConnParam = oaParam.getConnectionParameter(); - if (oaConnParam.isHTTPSURL()) - SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + if (oaConnParam.isHTTPSURL()); + + //TODO: einkommentieren!!!! + //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } // Initializes the ConnectionBuilderFactory from configuration data diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 1fc257ea8..1a466c520 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -499,8 +499,10 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes return authData.getDateOfBirth(); if (predicate.equals("MOABPK")) return authData.getBPK(); + + //AuthData holdes the correct BPK/WBPK if (predicate.equals("MOAWBPK")) - return authData.getWBPK(); + return authData.getBPK(); if (predicate.equals("MOAPublicAuthority")) if (authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 6f698770c..b904161a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -324,8 +324,10 @@ public class XMLLoginParameterResolverPlainData return authData.getDateOfBirth(); if(predicate.equals(MOABPK)) return authData.getBPK(); + + //AuthData holds the correct BPK/WBPK if(predicate.equals(MOAWBPK)) - return authData.getWBPK(); + return authData.getBPK(); if(predicate.equals(MOAPublicAuthority)) if(authData.isPublicAuthority()) return "true"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index fa455b4ef..6cb7ffdfc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -41,7 +41,7 @@ import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index f2aca057a..1589f1440 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -130,7 +130,7 @@ public class AuthenticationDataAssertionParser implements Constants { try { AuthenticationData authData = new AuthenticationData(); - //ÄNDERN: NUR der Identification-Teil + //ÄNDERN: NUR der Identification-Teil authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); authData.setMajorVersion(new Integer( XPathUtils.getAttributeValue(samlAssertion, MAJOR_VERSION_XPATH, "-1")).intValue()); @@ -143,10 +143,17 @@ public class AuthenticationDataAssertionParser implements Constants { authData.setIssueInstant( XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, "")); String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, ""); + + + //TODO: set pBK and Type if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) { - authData.setBPK(pkValue); + //bPK + authData.setBPK(Constants.URN_PREFIX_BPK); + } else { - authData.setWBPK(pkValue); + //wbPK + authData.setBPK(pkValue); + authData.setBPKType(XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_TYPE_XPATH, "")); } authData.setIdentificationValue( XPathUtils.getElementValue(samlAssertion, IDENTIFICATION_VALUE_XPATH, "")); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index a55e02cdd..ddaab7a28 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -55,7 +55,7 @@ import at.gv.egovernment.moa.id.MOAIDException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.ServiceException; import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; @@ -265,7 +265,9 @@ public class ProxyServlet extends HttpServlet { // setup SSLSocketFactory for communication with the online application if (oaConnParam.isHTTPSURL()) { try { - ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); + + //TODO: einkommentieren!!!! + //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam); } catch (Throwable ex) { throw new ProxyException( "proxy.05", @@ -440,7 +442,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } - /* Soll auch bei anderen bindings zuerst ein passwort probiert werden können: + /* Soll auch bei anderen bindings zuerst ein passwort probiert werden k�nnen: //if we have the first Login-Try and we have Binding to Username and a predefined Password we try this one first // full binding will be covered by next block if (loginTry==1 && !OAConfiguration.BINDUNG_FULL.equals(binding)) { @@ -662,7 +664,7 @@ private int tunnelRequest(HttpServletRequest req, HttpServletResponse resp, Map } } -// // Überschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) +// // Ãœberschrift im Browser-Passworteingabedialog setzen (sonst ist der reale host eingetragen) // if (headerKey.equalsIgnoreCase("WWW-Authenticate") && headerValue.startsWith("Basic realm=\"")) { // headerValue = "Basic realm=\"" + publicURLPrefix + "\""; // if (OAConfiguration.BINDUNG_USERNAME.equals(originBinding) || OAConfiguration.BINDUNG_NOMATCH.equals(originBinding)) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java new file mode 100644 index 000000000..b01a6a36e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -0,0 +1,156 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.List; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; + +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionStorage { + + private static AssertionStorage instance = null; + + public static AssertionStorage getInstance() { + if(instance == null) { + instance = new AssertionStorage(); + } + return instance; + } + + public boolean containsKey(String artifact) { + try { + searchInDatabase(artifact); + return true; + + } catch (MOADatabaseException e) { + return false; + } + + } + + public void put(String artifact, Object assertion) throws MOADatabaseException { + //setup AssertionStore element + AssertionStore element = new AssertionStore(); + element.setArtifact(artifact); + element.setType(assertion.getClass().getName()); + element.setDatatime(new Date()); + + //serialize the Assertion for Database storage + byte[] data = SerializationUtils.serialize((Serializable) assertion); + element.setAssertion(data); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(element); + Log.info("Assertion with Artifact=" + artifact + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("Assertion could not be stored."); + throw new MOADatabaseException(e); + } + + } + + public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException { + + AssertionStore element = searchInDatabase(artifact); + + //Deserialize Assertion + Object data = SerializationUtils.deserialize(element.getAssertion()); + + //check if assertion has the correct class type + try { + @SuppressWarnings("unchecked") + T test = (T) Class.forName(element.getType()).cast(data); + return test; + + } catch (Exception e) { + Log.warn("Assertion Cast-Exception by using Artifact=" + artifact); + throw new MOADatabaseException("Assertion Cast-Exception"); + } + } + + public void clean(long now, long authDataTimeOut) { + Date expioredate = new Date(now - authDataTimeOut); + + List<AssertionStore> results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithTimeOut"); + query.setTimestamp("timeout", expioredate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AssertionStore result : results) { + try { + MOASessionDBUtils.delete(result); + Logger.info("Remove Assertion with Artifact=" + result.getArtifact() + + " after assertion timeout."); + + } catch (HibernateException e){ + Logger.warn("Assertion with Artifact=" + result.getArtifact() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + public void remove(String artifact) { + + try { + AssertionStore element = searchInDatabase(artifact); + MOASessionDBUtils.delete(element); + + } catch (MOADatabaseException e) { + Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact + + "not found)"); + + } catch (HibernateException e) { + Logger.warn("Assertion not removed! (Error during Database communication)", e); + } + } + + @SuppressWarnings("rawtypes") + private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { + MiscUtil.assertNotNull(artifact, "artifact"); + Logger.trace("Getting Assertion with Artifact " + artifact + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getAssertionWithArtifact"); + query.setString("artifact", artifact); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No Assertion found with this Artifact"); + } + + return (AssertionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java new file mode 100644 index 000000000..498188ffe --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -0,0 +1,496 @@ +package at.gv.egovernment.moa.id.storage; + +import iaik.util.logging.Log; + +import java.io.Serializable; +import java.util.Date; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import org.apache.commons.lang.SerializationUtils; +import org.hibernate.HibernateException; +import org.hibernate.Query; +import org.hibernate.Session; +import org.hibernate.Transaction; + +import at.gv.egovernment.moa.id.AuthenticationException; +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.MOAIDException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AuthenticationSessionStoreage { + + //private static HashMap<String, AuthenticationSession> sessionStore = new HashMap<String, AuthenticationSession>(); + + public static boolean isAuthenticated(String moaSessionID) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + return session.isAuthenticated(); + + } catch (MOADatabaseException e) { + return false; + } + } + + public static void setAuthenticated(String moaSessionID, boolean value) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + session.setAuthenticated(value); + MOASessionDBUtils.saveOrUpdate(session); + + + } catch (MOADatabaseException e) { + Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); + } + } + + public static AuthenticationSession createSession() throws MOADatabaseException { + String id = Random.nextRandom(); + AuthenticationSession session = new AuthenticationSession(id); + + AuthenticatedSessionStore dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setAuthenticated(false); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setCreated(new Date()); + dbsession.setUpdated(new Date()); + + dbsession.setSession(SerializationUtils.serialize(session)); + + //store AssertionStore element to Database + try { + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + id + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); + } + + return session; + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + } + + public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + dbsession.setPendingRequestID(pendingRequestID); + + dbsession.setAuthenticated(session.isAuthenticated()); + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + Log.info("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession could not be stored."); + throw new MOADatabaseException(e); + } + } + + + public static void destroySession(String moaSessionID) throws MOADatabaseException { + + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); + + //delete MOA Session + session.delete(dbsession); + session.getTransaction().commit(); + } + + } + +// public static void dumpSessionStore() { +// synchronized (sessionStore) { +// Set<String> keys = sessionStore.keySet(); +// Iterator<String> keyIterator = keys.iterator(); +// while(keyIterator.hasNext()) { +// String key = keyIterator.next(); +// AuthenticationSession session = sessionStore.get(key); +// Logger.info("Key: " + key + " -> " + session.toString()); +// } +// } +// } + + public static String changeSessionID(AuthenticationSession session) + throws AuthenticationException, BuildException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); + + String id = Random.nextRandom(); + session.setSessionID(id); + + dbsession.setSessionid(id); + dbsession.setAuthenticated(session.isAuthenticated()); + + byte[] serialized = SerializationUtils.serialize(session); + + dbsession.setSession(SessionEncrytionUtil.encrypt(serialized)); + + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setUpdated(new Date()); + + MOASessionDBUtils.saveOrUpdate(dbsession); + + return id; + + } catch (MOADatabaseException e) { + throw new AuthenticationException("TODO!", null); + } + } + + public static void addSSOInformation(String moaSessionID, String SSOSessionID, + String OAUrl) throws AuthenticationException { + + AuthenticatedSessionStore dbsession; + Transaction tx = null; + + try { + + Session session = MOASessionDBUtils.getCurrentSession(); + List result; + + synchronized (session) { + + tx = session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", moaSessionID); + result = query.list(); + + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + dbsession = (AuthenticatedSessionStore) result.get(0); + + //set active OA applications + OASessionStore activeOA = new OASessionStore(); + activeOA.setOaurlprefix(OAUrl); + activeOA.setMoasession(dbsession); + activeOA.setCreated(new Date()); + + List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); + activeOAs.add(activeOA); + dbsession.setActiveOAsessions(activeOAs); + + + //Store used SSOId + if (dbsession.getSSOsessionid() != null) { + OldSSOSessionIDStore oldSSOId = new OldSSOSessionIDStore(); + oldSSOId.setOldsessionid(dbsession.getSSOsessionid()); + oldSSOId.setMoasession(dbsession); + + List<OldSSOSessionIDStore> oldSSOIds = dbsession.getOldssosessionids(); + oldSSOIds.add(oldSSOId); + } + + dbsession.setSSOSession(true); + dbsession.setSSOsessionid(SSOSessionID); + dbsession.setAuthenticated(false); + dbsession.setPendingRequestID(""); + + //Store MOASession + session.saveOrUpdate(dbsession); + + //send transaction + tx.commit(); + } + + } catch (MOADatabaseException e) { + throw new AuthenticationException("No MOASession found with Id="+moaSessionID, null); + + } catch(HibernateException e) { + Logger.warn("Error during database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); + } + } + + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + + //decrypt Session + byte[] decrypted = SessionEncrytionUtil.decrypt(dbsession.getSession()); + + AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted); + + return session; + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + + } catch (Throwable e) { + Log.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + + + } + + public static String getMOASessionID(String SSOSessionID) { + MiscUtil.assertNotNull(SSOSessionID, "moasessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOSessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0).getSessionid(); + + } + + } + + public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { + + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setString("sessionid", SSOId); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + return true; + +// AuthenticatedSessionStore dbsession = result.get(0); +// +// +// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) { +// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId); +// return true; +// +// } else { +// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid() +// + " but this Session does not match to MOA Sesson ID=" + moaSessionId); +// } +// +// return false; + } + + } + + public static boolean deleteSessionWithPendingRequestID(String id) { + MiscUtil.assertNotNull(id, "PendingRequestID"); + Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setString("sessionid", id); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return false; + + } else { + MOASessionDBUtils.delete(result.get(0)); + return true; + } + + + } + + public static String getPendingRequestID(String sessionID) { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.getPendingRequestID(); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession with ID " + sessionID + " not found"); + return ""; + } + + } + + public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + Date expioredatecreate = new Date(now - authDataTimeOutCreated); + Date expioredateupdate = new Date(now - authDataTimeOutUpdated); + + List<AuthenticatedSessionStore> results; + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionsWithTimeOut"); + query.setTimestamp("timeoutcreate", expioredatecreate); + query.setTimestamp("timeoutupdate", expioredateupdate); + results = query.list(); + session.getTransaction().commit(); + } + + if (results.size() != 0) { + for(AuthenticatedSessionStore result : results) { + try { + MOASessionDBUtils.delete(result); + Logger.info("Authenticated session with sessionID=" + result.getSessionid() + + " after session timeout."); + + } catch (HibernateException e){ + Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + + " not removed after timeout! (Error during Database communication)", e); + } + + } + } + } + + @SuppressWarnings("rawtypes") + private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { + MiscUtil.assertNotNull(sessionID, "moasessionID"); + Logger.trace("Get authenticated session with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithID"); + query.setString("sessionid", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + throw new MOADatabaseException("No session found with this sessionID"); + } + + return (AuthenticatedSessionStore) result.get(0); + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java new file mode 100644 index 000000000..5ea3be837 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java @@ -0,0 +1,36 @@ +package at.gv.egovernment.moa.id.storage; + +import java.util.HashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.util.Random; + +public class ExceptionStoreImpl implements IExceptionStore { + + // Just a quick implementation + private static IExceptionStore store; + + public static IExceptionStore getStore() { + if(store == null) { + store = new ExceptionStoreImpl(); + } + return store; + } + + private Map<String, Throwable> exceptionStore = new HashMap<String, Throwable>(); + + public String storeException(Throwable e) { + String id = Random.nextRandom(); + exceptionStore.put(id, e); + return id; + } + + public Throwable fetchException(String id) { + return exceptionStore.get(id); + } + + public void removeException(String id) { + exceptionStore.remove(id); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java new file mode 100644 index 000000000..5c51fff73 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java @@ -0,0 +1,7 @@ +package at.gv.egovernment.moa.id.storage; + +public interface IExceptionStore { + public String storeException(Throwable e); + public Throwable fetchException(String id); + public void removeException(String id); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java new file mode 100644 index 000000000..1e9cb9024 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java @@ -0,0 +1,70 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Enumeration; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Set; + +import javax.servlet.http.HttpSession; + +public class HTTPSessionUtils { + +// public static HashMap<String, Object> extractAllProperties(HttpSession session) { +// @SuppressWarnings("unchecked") +// Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames(); +// HashMap<String, Object> properties = new HashMap<String, Object>(); +// +// while(keys.hasMoreElements()) { +// Object keyObject = keys.nextElement(); +// String key = keyObject.toString(); +// Object value = session.getAttribute(key); +// properties.put(key, value); +// } +// +// return properties; +// } +// +// public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) { +// Set<String> keys = properties.keySet(); +// Iterator<String> keysIterator = keys.iterator(); +// while(keysIterator.hasNext()) { +// String key = keysIterator.next(); +// session.setAttribute(key, properties.get(key)); +// } +// } +// +// public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) { +// Object obj = session.getAttribute(name); +// if(obj == null) { +// return fallback; +// } +// +// if(obj instanceof Boolean) { +// Boolean b = (Boolean)obj; +// if(b != null) { +// return b.booleanValue(); +// } +// } +// return fallback; +// } +// +// public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) { +// session.setAttribute(name, new Boolean(value)); +// } +// +// public static String getHTTPSessionString(HttpSession session, String name, String fallback) { +// Object obj = session.getAttribute(name); +// if(obj == null) { +// return fallback; +// } +// +// if(obj instanceof String) { +// return (String)obj; +// } +// return fallback; +// } +// +// public static void setHTTPSessionString(HttpSession session, String name, String value) { +// session.setAttribute(name, value); +// } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java new file mode 100644 index 000000000..b56a54c90 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java @@ -0,0 +1,59 @@ +package at.gv.egovernment.moa.id.util; + +import java.util.Iterator; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.w3c.dom.Element; +import org.w3._2000._09.xmldsig_.*; +import at.gv.e_government.reference.namespace.*; +import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; +import at.gv.e_government.reference.namespace.persondata._20020228_.AbstractPersonType; +import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.util.Constants; + +@SuppressWarnings("unused") +public class MandateBuilder { + + public static final String MANDATE_DATE_OF_BIRTH_FORMAT = "yyyy-MM-dd"; + + public static Mandate buildMandate(Element mandate) { + + try { + JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_"); + + Unmarshaller u = jc.createUnmarshaller(); + Mandate mand = (Mandate) u.unmarshal(mandate); + return mand; + } catch (JAXBException e) { + Logger.error("Failed to parse Mandate", e); + } + return null; + } + + public static IdentificationType getWBPKIdentification(AbstractPersonType person) { + Iterator<IdentificationType> typesIt = person.getIdentification().iterator(); + while(typesIt.hasNext()) { + IdentificationType id = typesIt.next(); + if(id.getType().startsWith(Constants.URN_PREFIX_WBPK)) { + return id; + } + } + return null; + } + + public static IdentificationType getBPKIdentification(AbstractPersonType person) { + Iterator<IdentificationType> typesIt = person.getIdentification().iterator(); + while(typesIt.hasNext()) { + IdentificationType id = typesIt.next(); + if(id.getType().startsWith(Constants.URN_PREFIX_BPK)) { + return id; + } + } + return null; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index bd79f88b7..ea823889f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -41,13 +41,17 @@ import javax.xml.parsers.ParserConfigurationException; import org.xml.sax.InputSource; import org.xml.sax.SAXException; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -public class ParamValidatorUtils {
+public class ParamValidatorUtils implements MOAIDAuthConstants{
/**
* Checks if the given target is valid
@@ -175,7 +179,7 @@ public class ParamValidatorUtils { * @param target HTTP parameter from request
* @return
*/
- public static boolean isValidBKUURI(String bkuURI) {
+ public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
Logger.debug("Ueberpruefe Parameter bkuURI"); // if non parameter is given return true
@@ -200,9 +204,7 @@ public class ParamValidatorUtils { }
else {
Logger.debug("Parameter bkuURI ist keine lokale BKU. Ueberpruefe Liste der vertrauenswuerdigen BKUs.");
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List trustedBKUs = authConf.getTrustedBKUs();
- boolean b = trustedBKUs.contains(bkuURI);
+ boolean b = allowedBKUs.contains(bkuURI);
if (b) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -212,10 +214,12 @@ public class ParamValidatorUtils { return false;
}
}
-
-
}
- else {
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) { + Logger.debug("Parameter bkuURI from configuration is used."); + return true; + + } else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
}
@@ -224,10 +228,7 @@ public class ParamValidatorUtils { } catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
return false;
- } catch (ConfigurationException e) {
- Logger.error("Fehler Ueberpruefung Parameter bkuURI", e);
- return false;
- }
+ }
}
@@ -237,7 +238,7 @@ public class ParamValidatorUtils { * @param template
* @return
*/
- public static boolean isValidTemplate(HttpServletRequest req, String template) {
+ public static boolean isValidTemplate(HttpServletRequest req, String template, List<TemplateType> oaSlTemplates) {
Logger.debug("Ueberpruefe Parameter Template bzw. bkuSelectionTemplateURL");
@@ -266,7 +267,14 @@ public class ParamValidatorUtils { else { //check against configured trustet template urls AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); - List trustedTemplateURLs = authConf.getTrustedTemplateURLs(); + List<String> trustedTemplateURLs = authConf.getSLRequestTemplates(); + + //get OA specific template URLs + if (oaSlTemplates != null && oaSlTemplates.size() > 0) { + for (TemplateType el : oaSlTemplates) + trustedTemplateURLs.add(el.getURL()); + } + boolean b = trustedTemplateURLs.contains(template); if (b) { Logger.debug("Parameter Template erfolgreich ueberprueft"); @@ -308,18 +316,18 @@ public class ParamValidatorUtils { Logger.debug("Parameter MOASessionId ist null");
return true;
}
-
-
- Pattern pattern = Pattern.compile("[0-9-]*");
+
+ Pattern pattern = Pattern.compile("[0-9-]*");
Matcher matcher = pattern.matcher(sessionID);
boolean b = matcher.matches();
if (b) {
Logger.debug("Parameter MOASessionId erfolgreich ueberprueft");
return true;
}
- else {
- Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
- return false;
+ else { + Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
+ return false; +
}
}
@@ -467,7 +475,39 @@ public class ParamValidatorUtils { return false;
}
- }
+ } + + public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) { + + String oaURL = req.getParameter(PARAM_OA); + String bkuURL = req.getParameter(PARAM_BKU); + String templateURL = req.getParameter(PARAM_TEMPLATE); + String useMandate = req.getParameter(PARAM_USEMANDATE); + String ccc = req.getParameter(PARAM_CCC); + + + // check parameter + try { + if (!ParamValidatorUtils.isValidOA(oaURL)) + throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12"); + if (MiscUtil.isEmpty(bkuURL)) + throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12"); + if (MiscUtil.isEmpty(templateURL)) + throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12"); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + if (!ParamValidatorUtils.isValidCCC(ccc)) + throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12"); + + } catch (WrongParametersException e) { + return false; + } + + if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL)) + return false; + else + return true; + }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java index d006dcdfc..f1d0ecd45 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java @@ -24,9 +24,16 @@ package at.gv.egovernment.moa.id.util; + +import iaik.security.random.SeedGenerator; + +import java.io.IOException; import java.nio.ByteBuffer; import java.security.SecureRandom; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; + /** * Random number generator used to generate ID's * @author Paul Ivancsics @@ -35,21 +42,36 @@ import java.security.SecureRandom; public class Random { /** random number generator used */ - private static SecureRandom random = new SecureRandom(); + //private static SecureRandom random = new SecureRandom(); + private static SecureRandom random; + private static SeedGenerator seedgenerator; + + static { + random = iaik.security.random.SHA256FIPS186Random.getDefault(); + seedgenerator = iaik.security.random.AutoSeedGenerator.getDefault(); + + + } /** * Creates a new random number, to be used as an ID. * * @return random long as a String */ public static String nextRandom() { - - byte[] b = new byte[16]; // 16 bytes = 128 bits - random.nextBytes(b); - - ByteBuffer bb = ByteBuffer.wrap(b); - long l = bb.getLong(); + byte[] b = new byte[32]; // 32 bytes = 256 bits + random.nextBytes(b); + + ByteBuffer bb = ByteBuffer.wrap(b); + long l = bb.getLong(); + return "" + l; + + + } + + public static void seedRandom() { - return "" + l; + if (seedgenerator.seedAvailable()) + random.setSeed(seedgenerator.getSeed()); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index a0add1054..a6619fc11 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -79,7 +79,7 @@ public class SSLUtils { */ public static void initialize() { sslSocketFactories = new HashMap(); - // JSSE Abhängigkeit + // JSSE Abhängigkeit //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new IAIK()); //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); @@ -154,9 +154,7 @@ public class SSLUtils { PKIConfiguration cfg = null; if (! PKIFactory.getInstance().isAlreadyConfigured()) cfg = new PKIConfigurationImpl(conf); - String boolString = conf.getGenericConfigurationParameter(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING); - //not using BoolUtils because default value hast to be true! - boolean checkRevocation = !("false".equals(boolString) || "0".equals(boolString)); + boolean checkRevocation = conf.isTrustmanagerrevoationchecking(); PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); // This call fixes a bug occuring when PKIConfiguration is // initialized by the MOA-SP initialization code, in case diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java index 2ff9e5210..db6d7aa53 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java @@ -31,6 +31,7 @@ import java.io.IOException; import java.io.OutputStream; import java.net.URLEncoder; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.MOAIDException; @@ -145,5 +146,17 @@ public class ServletUtils { Logger.debug("Finished POST " + servletName); } -
+ + public static String getBaseUrl( HttpServletRequest request ) { + if ( ( request.getServerPort() == 80 ) || + ( request.getServerPort() == 443 ) ) + return request.getScheme() + "://" + + request.getServerName() + + request.getContextPath(); + else + return request.getScheme() + "://" + + request.getServerName() + ":" + request.getServerPort() + + request.getContextPath(); + } +
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java new file mode 100644 index 000000000..1f8c31bb5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java @@ -0,0 +1,83 @@ +package at.gv.egovernment.moa.id.util; + +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.KeySpec; + +import javax.crypto.Cipher; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.logging.Logger; + +public class SessionEncrytionUtil { + + static SecretKey secret = null; + + static { + try { + String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey(); + + if (key != null) { + SecretKeyFactory factory; + + factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + KeySpec spec = new PBEKeySpec(key.toCharArray(), "TestSALT".getBytes(), 1024, 128); + SecretKey tmp = factory.generateSecret(spec); + secret = new SecretKeySpec(tmp.getEncoded(), "AES"); + + + } else { + Logger.warn("MOASession encryption is deaktivated."); + } + + } catch (Exception e) { + Logger.warn("MOASession encryption can not be inizialized.", e); + } + + } + + public static byte[] encrypt(byte[] data) throws BuildException { + Cipher cipher; + + if (secret != null) { + try { + cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding"); + cipher.init(Cipher.ENCRYPT_MODE, secret); + + Logger.debug("Encrypt MOASession"); + return cipher.doFinal(data); + + } catch (Exception e) { + Logger.warn("MOASession is not encrypted",e); + throw new BuildException("MOASession is not encrypted", new Object[]{}, e); + } + } else + return data; + } + + public static byte[] decrypt(byte[] data) throws BuildException { + Cipher cipher; + + if (secret != null) { + try { + cipher = Cipher.getInstance("AES/ECB/"+"ISO10126Padding"); + cipher.init(Cipher.DECRYPT_MODE, secret); + + Logger.debug("Decrypt MOASession"); + return cipher.doFinal(data); + + } catch (Exception e) { + Logger.warn("MOASession is not decrypted",e); + throw new BuildException("MOASession is not decrypted", new Object[]{}, e); + } + } else + return data; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java new file mode 100644 index 000000000..caa8f1769 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java @@ -0,0 +1,77 @@ +package at.gv.egovernment.moa.id.util; + +import org.apache.velocity.app.Velocity; +import org.apache.velocity.runtime.RuntimeServices; +import org.apache.velocity.runtime.log.LogChute; + +import at.gv.egovernment.moa.logging.Logger; + +public class VelocityLogAdapter implements LogChute { + + public VelocityLogAdapter() { + try + { + /* + * register this class as a logger with the Velocity singleton + * (NOTE: this would not work for the non-singleton method.) + */ + Velocity.setProperty(Velocity.RUNTIME_LOG_LOGSYSTEM, this ); + Velocity.init(); + } + catch (Exception e) + { + Logger.error("Failed to register Velocity logger"); + } + } + + public void init(RuntimeServices arg0) throws Exception { + } + + public boolean isLevelEnabled(int arg0) { + switch(arg0) { + case LogChute.DEBUG_ID: + return Logger.isDebugEnabled(); + case LogChute.TRACE_ID: + return Logger.isTraceEnabled(); + default: + return true; + } + } + + public void log(int arg0, String arg1) { + switch(arg0) { + case LogChute.DEBUG_ID: + Logger.debug(arg1); + break; + case LogChute.TRACE_ID: + Logger.trace(arg1); + break; + case LogChute.INFO_ID: + Logger.info(arg1); + break; + case LogChute.WARN_ID: + Logger.warn(arg1); + break; + case LogChute.ERROR_ID: + default: + Logger.error(arg1); + break; + } + } + + public void log(int arg0, String arg1, Throwable arg2) { + switch(arg0) { + case LogChute.DEBUG_ID: + case LogChute.TRACE_ID: + case LogChute.INFO_ID: + case LogChute.WARN_ID: + Logger.warn(arg1, arg2); + break; + case LogChute.ERROR_ID: + default: + Logger.error(arg1, arg2); + break; + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 80f2d744c..979744edb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -23,19 +23,23 @@ package at.gv.egovernment.moa.id.util.client.mis.simple;
+ +import java.io.Serializable; -public class MISMandate {
-
+public class MISMandate implements Serializable{
+ + private static final long serialVersionUID = 1L; + final static private String OID_NOTAR = "1.2.40.0.10.3.1";
- final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
+ final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
final static private String OID_RECHTSANWALT = "1.2.40.0.10.3.2";
- final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
+ final static private String TEXT_RECHTSANWALT = "berufsmäßige(r) Parteienvertreter(in) mit Rechtsanwaltseigenschaft";
final static private String OID_ZIVILTECHNIKER = "1.2.40.0.10.3.3";
- final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
+ final static private String TEXT_ZIVILTECHNIKER = "berufsmäßige(r) Parteienvertreter(in) mit Ziviltechnikerinneneigenschaft";
- final static private String OID_ORGANWALTER = "1.2.40.0.10.3.4";
+ final static public String OID_ORGANWALTER = "1.2.40.0.10.3.4";
final static private String TEXT_ORGANWALTER = "Organwalter";
@@ -73,7 +77,7 @@ public class MISMandate { if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index ad4e45a2b..8970abc10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -109,16 +109,7 @@ public class MISSimpleClient { ArrayList foundMandates = new ArrayList();
for (int i=0; i<mandateElements.getLength(); i++) {
Element mandate = (Element) mandateElements.item(i); - -// try { -// String s = DOMUtils.serializeNode(mandate); -// System.out.println("\n\n Mandate: \n" + s); -// } catch (IOException e) { -// // TODO Auto-generated catch block -// e.printStackTrace(); -// } - -
+
MISMandate misMandate = new MISMandate();
if (mandate.hasAttribute("ProfessionalRepresentative")) { // System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative"));
@@ -143,7 +134,7 @@ public class MISSimpleClient { }
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, String mandateIdentifier[], String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
}
@@ -201,7 +192,17 @@ public class MISSimpleClient { }
filtersElement.appendChild(mandateIdentifiersElement);
mirElement.appendChild(filtersElement);
- }
+ } + + //add Target element + Element targetElement = doc.createElementNS(MIS_NS, "Target"); + Element targetTypeElement = doc.createElementNS(MIS_NS, "Type"); + targetTypeElement.appendChild(doc.createTextNode(targetType)); + targetElement.appendChild(targetTypeElement); + mirElement.appendChild(targetElement); + + +
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java new file mode 100644 index 000000000..03521cf2f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java @@ -0,0 +1,33 @@ +package at.gv.egovernment.moa.id.util.legacy; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.commons.lang.StringEscapeUtils; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.WrongParametersException; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; + +public class LegacyHelper implements MOAIDAuthConstants{ + + public static boolean isUseMandateRequested(HttpServletRequest req) throws WrongParametersException { + + String useMandate = req.getParameter(PARAM_USEMANDATE); + useMandate = StringEscapeUtils.escapeHtml(useMandate); + if (!ParamValidatorUtils.isValidUseMandate(useMandate)) + throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); + + //check UseMandate flag + String useMandateString = null; + if ((useMandate != null) && (useMandate.compareTo("") != 0)) { + useMandateString = useMandate; + } else { + useMandateString = "false"; + } + + if (useMandateString.compareToIgnoreCase("true") == 0) + return true; + else + return false; + } +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java new file mode 100644 index 000000000..b393b179c --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/CanonicalizationMethodType.java @@ -0,0 +1,109 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for CanonicalizationMethodType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="CanonicalizationMethodType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <any maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "CanonicalizationMethodType", propOrder = { + "content" +}) +public class CanonicalizationMethodType { + + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + @XmlAttribute(name = "Algorithm", required = true) + @XmlSchemaType(name = "anyURI") + protected String algorithm; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + /** + * Gets the value of the algorithm property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAlgorithm() { + return algorithm; + } + + /** + * Sets the value of the algorithm property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAlgorithm(String value) { + this.algorithm = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java new file mode 100644 index 000000000..7c77fd0bc --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DSAKeyValueType.java @@ -0,0 +1,241 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for DSAKeyValueType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="DSAKeyValueType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <sequence minOccurs="0"> + * <element name="P" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <element name="Q" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * </sequence> + * <element name="J" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary" minOccurs="0"/> + * <element name="G" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary" minOccurs="0"/> + * <element name="Y" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <sequence minOccurs="0"> + * <element name="Seed" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <element name="PgenCounter" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * </sequence> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "DSAKeyValueType", propOrder = { + "p", + "q", + "j", + "g", + "y", + "seed", + "pgenCounter" +}) +public class DSAKeyValueType { + + @XmlElement(name = "P") + protected String p; + @XmlElement(name = "Q") + protected String q; + @XmlElement(name = "J") + protected String j; + @XmlElement(name = "G") + protected String g; + @XmlElement(name = "Y", required = true) + protected String y; + @XmlElement(name = "Seed") + protected String seed; + @XmlElement(name = "PgenCounter") + protected String pgenCounter; + + /** + * Gets the value of the p property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getP() { + return p; + } + + /** + * Sets the value of the p property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setP(String value) { + this.p = value; + } + + /** + * Gets the value of the q property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getQ() { + return q; + } + + /** + * Sets the value of the q property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setQ(String value) { + this.q = value; + } + + /** + * Gets the value of the j property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getJ() { + return j; + } + + /** + * Sets the value of the j property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setJ(String value) { + this.j = value; + } + + /** + * Gets the value of the g property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getG() { + return g; + } + + /** + * Sets the value of the g property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setG(String value) { + this.g = value; + } + + /** + * Gets the value of the y property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getY() { + return y; + } + + /** + * Sets the value of the y property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setY(String value) { + this.y = value; + } + + /** + * Gets the value of the seed property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getSeed() { + return seed; + } + + /** + * Sets the value of the seed property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setSeed(String value) { + this.seed = value; + } + + /** + * Gets the value of the pgenCounter property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getPgenCounter() { + return pgenCounter; + } + + /** + * Sets the value of the pgenCounter property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setPgenCounter(String value) { + this.pgenCounter = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java new file mode 100644 index 000000000..4fca03d47 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/DigestMethodType.java @@ -0,0 +1,111 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * <p>Java class for DigestMethodType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="DigestMethodType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "DigestMethodType", propOrder = { + "content" +}) +public class DigestMethodType { + + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + @XmlAttribute(name = "Algorithm", required = true) + @XmlSchemaType(name = "anyURI") + protected String algorithm; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + /** + * Gets the value of the algorithm property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAlgorithm() { + return algorithm; + } + + /** + * Sets the value of the algorithm property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAlgorithm(String value) { + this.algorithm = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java new file mode 100644 index 000000000..be872a357 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyInfoType.java @@ -0,0 +1,142 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import org.w3c.dom.Element; + + +/** + * <p>Java class for KeyInfoType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="KeyInfoType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice maxOccurs="unbounded"> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}KeyName"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}KeyValue"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}RetrievalMethod"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}X509Data"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}PGPData"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}SPKIData"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}MgmtData"/> + * <any processContents='lax' namespace='##other'/> + * </choice> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "KeyInfoType", propOrder = { + "content" +}) +public class KeyInfoType { + + @XmlElementRefs({ + @XmlElementRef(name = "MgmtData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509Data", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "RetrievalMethod", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "SPKIData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "PGPData", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "KeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "KeyName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) + }) + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link JAXBElement }{@code <}{@link X509DataType }{@code >} + * {@link Object } + * {@link Element } + * {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >} + * {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >} + * {@link JAXBElement }{@code <}{@link PGPDataType }{@code >} + * {@link JAXBElement }{@code <}{@link KeyValueType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java new file mode 100644 index 000000000..98967ec80 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/KeyValueType.java @@ -0,0 +1,92 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * <p>Java class for KeyValueType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="KeyValueType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}DSAKeyValue"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}RSAKeyValue"/> + * <any processContents='lax' namespace='##other'/> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "KeyValueType", propOrder = { + "content" +}) +public class KeyValueType { + + @XmlElementRefs({ + @XmlElementRef(name = "RSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "DSAKeyValue", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) + }) + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Element } + * {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >} + * {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >} + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java new file mode 100644 index 000000000..6c81286dd --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ManifestType.java @@ -0,0 +1,111 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for ManifestType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ManifestType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Reference" maxOccurs="unbounded"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ManifestType", propOrder = { + "reference" +}) +public class ManifestType { + + @XmlElement(name = "Reference", required = true) + protected List<ReferenceType> reference; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the reference property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the reference property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getReference().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link ReferenceType } + * + * + */ + public List<ReferenceType> getReference() { + if (reference == null) { + reference = new ArrayList<ReferenceType>(); + } + return this.reference; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java new file mode 100644 index 000000000..cf31e0e07 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectFactory.java @@ -0,0 +1,559 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.math.BigInteger; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlElementDecl; +import javax.xml.bind.annotation.XmlRegistry; +import javax.xml.namespace.QName; + + +/** + * This object contains factory methods for each + * Java content interface and Java element interface + * generated in the org.w3._2000._09.xmldsig_ package. + * <p>An ObjectFactory allows you to programatically + * construct new instances of the Java representation + * for XML content. The Java representation of XML + * content can consist of schema derived interfaces + * and classes representing the binding of schema + * type definitions, element declarations and model + * groups. Factory methods for each of these are + * provided in this class. + * + */ +@XmlRegistry +public class ObjectFactory { + + private final static QName _PGPData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPData"); + private final static QName _SPKIData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKIData"); + private final static QName _RetrievalMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "RetrievalMethod"); + private final static QName _CanonicalizationMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "CanonicalizationMethod"); + private final static QName _SignatureProperty_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureProperty"); + private final static QName _Manifest_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Manifest"); + private final static QName _Transforms_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transforms"); + private final static QName _SignatureMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureMethod"); + private final static QName _KeyInfo_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo"); + private final static QName _DigestMethod_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestMethod"); + private final static QName _MgmtData_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "MgmtData"); + private final static QName _Reference_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Reference"); + private final static QName _RSAKeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "RSAKeyValue"); + private final static QName _Signature_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Signature"); + private final static QName _DSAKeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DSAKeyValue"); + private final static QName _SignedInfo_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignedInfo"); + private final static QName _Object_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Object"); + private final static QName _SignatureValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureValue"); + private final static QName _Transform_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "Transform"); + private final static QName _X509Data_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Data"); + private final static QName _DigestValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "DigestValue"); + private final static QName _SignatureProperties_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SignatureProperties"); + private final static QName _KeyName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyName"); + private final static QName _KeyValue_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyValue"); + private final static QName _SignatureMethodTypeHMACOutputLength_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "HMACOutputLength"); + private final static QName _SPKIDataTypeSPKISexp_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "SPKISexp"); + private final static QName _TransformTypeXPath_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "XPath"); + private final static QName _X509DataTypeX509IssuerSerial_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial"); + private final static QName _X509DataTypeX509Certificate_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate"); + private final static QName _X509DataTypeX509SKI_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SKI"); + private final static QName _X509DataTypeX509SubjectName_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName"); + private final static QName _X509DataTypeX509CRL_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509CRL"); + private final static QName _PGPDataTypePGPKeyID_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyID"); + private final static QName _PGPDataTypePGPKeyPacket_QNAME = new QName("http://www.w3.org/2000/09/xmldsig#", "PGPKeyPacket"); + + /** + * Create a new ObjectFactory that can be used to create new instances of schema derived classes for package: org.w3._2000._09.xmldsig_ + * + */ + public ObjectFactory() { + } + + /** + * Create an instance of {@link SignaturePropertyType } + * + */ + public SignaturePropertyType createSignaturePropertyType() { + return new SignaturePropertyType(); + } + + /** + * Create an instance of {@link SPKIDataType } + * + */ + public SPKIDataType createSPKIDataType() { + return new SPKIDataType(); + } + + /** + * Create an instance of {@link SignaturePropertiesType } + * + */ + public SignaturePropertiesType createSignaturePropertiesType() { + return new SignaturePropertiesType(); + } + + /** + * Create an instance of {@link X509DataType } + * + */ + public X509DataType createX509DataType() { + return new X509DataType(); + } + + /** + * Create an instance of {@link TransformsType } + * + */ + public TransformsType createTransformsType() { + return new TransformsType(); + } + + /** + * Create an instance of {@link RetrievalMethodType } + * + */ + public RetrievalMethodType createRetrievalMethodType() { + return new RetrievalMethodType(); + } + + /** + * Create an instance of {@link DigestMethodType } + * + */ + public DigestMethodType createDigestMethodType() { + return new DigestMethodType(); + } + + /** + * Create an instance of {@link SignatureValueType } + * + */ + public SignatureValueType createSignatureValueType() { + return new SignatureValueType(); + } + + /** + * Create an instance of {@link SignatureType } + * + */ + public SignatureType createSignatureType() { + return new SignatureType(); + } + + /** + * Create an instance of {@link ManifestType } + * + */ + public ManifestType createManifestType() { + return new ManifestType(); + } + + /** + * Create an instance of {@link KeyValueType } + * + */ + public KeyValueType createKeyValueType() { + return new KeyValueType(); + } + + /** + * Create an instance of {@link TransformType } + * + */ + public TransformType createTransformType() { + return new TransformType(); + } + + /** + * Create an instance of {@link DSAKeyValueType } + * + */ + public DSAKeyValueType createDSAKeyValueType() { + return new DSAKeyValueType(); + } + + /** + * Create an instance of {@link CanonicalizationMethodType } + * + */ + public CanonicalizationMethodType createCanonicalizationMethodType() { + return new CanonicalizationMethodType(); + } + + /** + * Create an instance of {@link SignatureMethodType } + * + */ + public SignatureMethodType createSignatureMethodType() { + return new SignatureMethodType(); + } + + /** + * Create an instance of {@link X509IssuerSerialType } + * + */ + public X509IssuerSerialType createX509IssuerSerialType() { + return new X509IssuerSerialType(); + } + + /** + * Create an instance of {@link PGPDataType } + * + */ + public PGPDataType createPGPDataType() { + return new PGPDataType(); + } + + /** + * Create an instance of {@link ObjectType } + * + */ + public ObjectType createObjectType() { + return new ObjectType(); + } + + /** + * Create an instance of {@link ReferenceType } + * + */ + public ReferenceType createReferenceType() { + return new ReferenceType(); + } + + /** + * Create an instance of {@link SignedInfoType } + * + */ + public SignedInfoType createSignedInfoType() { + return new SignedInfoType(); + } + + /** + * Create an instance of {@link KeyInfoType } + * + */ + public KeyInfoType createKeyInfoType() { + return new KeyInfoType(); + } + + /** + * Create an instance of {@link RSAKeyValueType } + * + */ + public RSAKeyValueType createRSAKeyValueType() { + return new RSAKeyValueType(); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link PGPDataType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPData") + public JAXBElement<PGPDataType> createPGPData(PGPDataType value) { + return new JAXBElement<PGPDataType>(_PGPData_QNAME, PGPDataType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SPKIDataType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKIData") + public JAXBElement<SPKIDataType> createSPKIData(SPKIDataType value) { + return new JAXBElement<SPKIDataType>(_SPKIData_QNAME, SPKIDataType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link RetrievalMethodType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "RetrievalMethod") + public JAXBElement<RetrievalMethodType> createRetrievalMethod(RetrievalMethodType value) { + return new JAXBElement<RetrievalMethodType>(_RetrievalMethod_QNAME, RetrievalMethodType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link CanonicalizationMethodType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "CanonicalizationMethod") + public JAXBElement<CanonicalizationMethodType> createCanonicalizationMethod(CanonicalizationMethodType value) { + return new JAXBElement<CanonicalizationMethodType>(_CanonicalizationMethod_QNAME, CanonicalizationMethodType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SignaturePropertyType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureProperty") + public JAXBElement<SignaturePropertyType> createSignatureProperty(SignaturePropertyType value) { + return new JAXBElement<SignaturePropertyType>(_SignatureProperty_QNAME, SignaturePropertyType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link ManifestType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Manifest") + public JAXBElement<ManifestType> createManifest(ManifestType value) { + return new JAXBElement<ManifestType>(_Manifest_QNAME, ManifestType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TransformsType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Transforms") + public JAXBElement<TransformsType> createTransforms(TransformsType value) { + return new JAXBElement<TransformsType>(_Transforms_QNAME, TransformsType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SignatureMethodType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureMethod") + public JAXBElement<SignatureMethodType> createSignatureMethod(SignatureMethodType value) { + return new JAXBElement<SignatureMethodType>(_SignatureMethod_QNAME, SignatureMethodType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link KeyInfoType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "KeyInfo") + public JAXBElement<KeyInfoType> createKeyInfo(KeyInfoType value) { + return new JAXBElement<KeyInfoType>(_KeyInfo_QNAME, KeyInfoType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link DigestMethodType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "DigestMethod") + public JAXBElement<DigestMethodType> createDigestMethod(DigestMethodType value) { + return new JAXBElement<DigestMethodType>(_DigestMethod_QNAME, DigestMethodType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "MgmtData") + public JAXBElement<String> createMgmtData(String value) { + return new JAXBElement<String>(_MgmtData_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link ReferenceType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Reference") + public JAXBElement<ReferenceType> createReference(ReferenceType value) { + return new JAXBElement<ReferenceType>(_Reference_QNAME, ReferenceType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link RSAKeyValueType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "RSAKeyValue") + public JAXBElement<RSAKeyValueType> createRSAKeyValue(RSAKeyValueType value) { + return new JAXBElement<RSAKeyValueType>(_RSAKeyValue_QNAME, RSAKeyValueType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SignatureType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Signature") + public JAXBElement<SignatureType> createSignature(SignatureType value) { + return new JAXBElement<SignatureType>(_Signature_QNAME, SignatureType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link DSAKeyValueType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "DSAKeyValue") + public JAXBElement<DSAKeyValueType> createDSAKeyValue(DSAKeyValueType value) { + return new JAXBElement<DSAKeyValueType>(_DSAKeyValue_QNAME, DSAKeyValueType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SignedInfoType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignedInfo") + public JAXBElement<SignedInfoType> createSignedInfo(SignedInfoType value) { + return new JAXBElement<SignedInfoType>(_SignedInfo_QNAME, SignedInfoType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link ObjectType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Object") + public JAXBElement<ObjectType> createObject(ObjectType value) { + return new JAXBElement<ObjectType>(_Object_QNAME, ObjectType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SignatureValueType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureValue") + public JAXBElement<SignatureValueType> createSignatureValue(SignatureValueType value) { + return new JAXBElement<SignatureValueType>(_SignatureValue_QNAME, SignatureValueType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link TransformType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "Transform") + public JAXBElement<TransformType> createTransform(TransformType value) { + return new JAXBElement<TransformType>(_Transform_QNAME, TransformType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link X509DataType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509Data") + public JAXBElement<X509DataType> createX509Data(X509DataType value) { + return new JAXBElement<X509DataType>(_X509Data_QNAME, X509DataType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "DigestValue") + public JAXBElement<String> createDigestValue(String value) { + return new JAXBElement<String>(_DigestValue_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link SignaturePropertiesType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SignatureProperties") + public JAXBElement<SignaturePropertiesType> createSignatureProperties(SignaturePropertiesType value) { + return new JAXBElement<SignaturePropertiesType>(_SignatureProperties_QNAME, SignaturePropertiesType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "KeyName") + public JAXBElement<String> createKeyName(String value) { + return new JAXBElement<String>(_KeyName_QNAME, String.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link KeyValueType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "KeyValue") + public JAXBElement<KeyValueType> createKeyValue(KeyValueType value) { + return new JAXBElement<KeyValueType>(_KeyValue_QNAME, KeyValueType.class, null, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link BigInteger }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "HMACOutputLength", scope = SignatureMethodType.class) + public JAXBElement<BigInteger> createSignatureMethodTypeHMACOutputLength(BigInteger value) { + return new JAXBElement<BigInteger>(_SignatureMethodTypeHMACOutputLength_QNAME, BigInteger.class, SignatureMethodType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "SPKISexp", scope = SPKIDataType.class) + public JAXBElement<String> createSPKIDataTypeSPKISexp(String value) { + return new JAXBElement<String>(_SPKIDataTypeSPKISexp_QNAME, String.class, SPKIDataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "XPath", scope = TransformType.class) + public JAXBElement<String> createTransformTypeXPath(String value) { + return new JAXBElement<String>(_TransformTypeXPath_QNAME, String.class, TransformType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509IssuerSerial", scope = X509DataType.class) + public JAXBElement<X509IssuerSerialType> createX509DataTypeX509IssuerSerial(X509IssuerSerialType value) { + return new JAXBElement<X509IssuerSerialType>(_X509DataTypeX509IssuerSerial_QNAME, X509IssuerSerialType.class, X509DataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509Certificate", scope = X509DataType.class) + public JAXBElement<String> createX509DataTypeX509Certificate(String value) { + return new JAXBElement<String>(_X509DataTypeX509Certificate_QNAME, String.class, X509DataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509SKI", scope = X509DataType.class) + public JAXBElement<String> createX509DataTypeX509SKI(String value) { + return new JAXBElement<String>(_X509DataTypeX509SKI_QNAME, String.class, X509DataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509SubjectName", scope = X509DataType.class) + public JAXBElement<String> createX509DataTypeX509SubjectName(String value) { + return new JAXBElement<String>(_X509DataTypeX509SubjectName_QNAME, String.class, X509DataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "X509CRL", scope = X509DataType.class) + public JAXBElement<String> createX509DataTypeX509CRL(String value) { + return new JAXBElement<String>(_X509DataTypeX509CRL_QNAME, String.class, X509DataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyID", scope = PGPDataType.class) + public JAXBElement<String> createPGPDataTypePGPKeyID(String value) { + return new JAXBElement<String>(_PGPDataTypePGPKeyID_QNAME, String.class, PGPDataType.class, value); + } + + /** + * Create an instance of {@link JAXBElement }{@code <}{@link String }{@code >}} + * + */ + @XmlElementDecl(namespace = "http://www.w3.org/2000/09/xmldsig#", name = "PGPKeyPacket", scope = PGPDataType.class) + public JAXBElement<String> createPGPDataTypePGPKeyPacket(String value) { + return new JAXBElement<String>(_PGPDataTypePGPKeyPacket_QNAME, String.class, PGPDataType.class, value); + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java new file mode 100644 index 000000000..95313f887 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ObjectType.java @@ -0,0 +1,171 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import org.w3c.dom.Element; + + +/** + * <p>Java class for ObjectType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ObjectType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded" minOccurs="0"> + * <any processContents='lax'/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <attribute name="MimeType" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="Encoding" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ObjectType", propOrder = { + "content" +}) +public class ObjectType { + + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAttribute(name = "MimeType") + protected String mimeType; + @XmlAttribute(name = "Encoding") + @XmlSchemaType(name = "anyURI") + protected String encoding; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets the value of the mimeType property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getMimeType() { + return mimeType; + } + + /** + * Sets the value of the mimeType property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setMimeType(String value) { + this.mimeType = value; + } + + /** + * Gets the value of the encoding property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getEncoding() { + return encoding; + } + + /** + * Sets the value of the encoding property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setEncoding(String value) { + this.encoding = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java new file mode 100644 index 000000000..1f18a5df7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/PGPDataType.java @@ -0,0 +1,105 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * <p>Java class for PGPDataType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PGPDataType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice> + * <sequence> + * <element name="PGPKeyID" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <element name="PGPKeyPacket" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary" minOccurs="0"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <sequence> + * <element name="PGPKeyPacket" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <any processContents='lax' namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * </choice> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PGPDataType", propOrder = { + "content" +}) +public class PGPDataType { + + @XmlElementRefs({ + @XmlElementRef(name = "PGPKeyID", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "PGPKeyPacket", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) + }) + @XmlAnyElement(lax = true) + protected List<Object> content; + + /** + * Gets the rest of the content model. + * + * <p> + * You are getting this "catch-all" property because of the following reason: + * The field name "PGPKeyPacket" is used by two different parts of a schema. See: + * line 190 of file:/home/afitzek/mandate_xml/W3C-XMLDSig.xsd + * line 186 of file:/home/afitzek/mandate_xml/W3C-XMLDSig.xsd + * <p> + * To get rid of this property, apply a property customization to one + * of both of the following declarations to change their names: + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java new file mode 100644 index 000000000..a7c7ab393 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RSAKeyValueType.java @@ -0,0 +1,97 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for RSAKeyValueType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="RSAKeyValueType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Modulus" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <element name="Exponent" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "RSAKeyValueType", propOrder = { + "modulus", + "exponent" +}) +public class RSAKeyValueType { + + @XmlElement(name = "Modulus", required = true) + protected String modulus; + @XmlElement(name = "Exponent", required = true) + protected String exponent; + + /** + * Gets the value of the modulus property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getModulus() { + return modulus; + } + + /** + * Sets the value of the modulus property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setModulus(String value) { + this.modulus = value; + } + + /** + * Gets the value of the exponent property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getExponent() { + return exponent; + } + + /** + * Sets the value of the exponent property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setExponent(String value) { + this.exponent = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java new file mode 100644 index 000000000..74327ab2a --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/ReferenceType.java @@ -0,0 +1,216 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for ReferenceType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ReferenceType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Transforms" minOccurs="0"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}DigestMethod"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}DigestValue"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * <attribute name="URI" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * <attribute name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ReferenceType", propOrder = { + "transforms", + "digestMethod", + "digestValue" +}) +public class ReferenceType { + + @XmlElement(name = "Transforms") + protected TransformsType transforms; + @XmlElement(name = "DigestMethod", required = true) + protected DigestMethodType digestMethod; + @XmlElement(name = "DigestValue", required = true) + protected String digestValue; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + @XmlAttribute(name = "URI") + @XmlSchemaType(name = "anyURI") + protected String uri; + @XmlAttribute(name = "Type") + @XmlSchemaType(name = "anyURI") + protected String type; + + /** + * Gets the value of the transforms property. + * + * @return + * possible object is + * {@link TransformsType } + * + */ + public TransformsType getTransforms() { + return transforms; + } + + /** + * Sets the value of the transforms property. + * + * @param value + * allowed object is + * {@link TransformsType } + * + */ + public void setTransforms(TransformsType value) { + this.transforms = value; + } + + /** + * Gets the value of the digestMethod property. + * + * @return + * possible object is + * {@link DigestMethodType } + * + */ + public DigestMethodType getDigestMethod() { + return digestMethod; + } + + /** + * Sets the value of the digestMethod property. + * + * @param value + * allowed object is + * {@link DigestMethodType } + * + */ + public void setDigestMethod(DigestMethodType value) { + this.digestMethod = value; + } + + /** + * Gets the value of the digestValue property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getDigestValue() { + return digestValue; + } + + /** + * Sets the value of the digestValue property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setDigestValue(String value) { + this.digestValue = value; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + + /** + * Gets the value of the uri property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getURI() { + return uri; + } + + /** + * Sets the value of the uri property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setURI(String value) { + this.uri = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java new file mode 100644 index 000000000..ee006a5f4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/RetrievalMethodType.java @@ -0,0 +1,127 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for RetrievalMethodType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="RetrievalMethodType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Transforms" type="{http://www.w3.org/2000/09/xmldsig#}TransformsType" minOccurs="0"/> + * </sequence> + * <attribute name="URI" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * <attribute name="Type" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "RetrievalMethodType", propOrder = { + "transforms" +}) +public class RetrievalMethodType { + + @XmlElement(name = "Transforms") + protected TransformsType transforms; + @XmlAttribute(name = "URI") + @XmlSchemaType(name = "anyURI") + protected String uri; + @XmlAttribute(name = "Type") + @XmlSchemaType(name = "anyURI") + protected String type; + + /** + * Gets the value of the transforms property. + * + * @return + * possible object is + * {@link TransformsType } + * + */ + public TransformsType getTransforms() { + return transforms; + } + + /** + * Sets the value of the transforms property. + * + * @param value + * allowed object is + * {@link TransformsType } + * + */ + public void setTransforms(TransformsType value) { + this.transforms = value; + } + + /** + * Gets the value of the uri property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getURI() { + return uri; + } + + /** + * Sets the value of the uri property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setURI(String value) { + this.uri = value; + } + + /** + * Gets the value of the type property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getType() { + return type; + } + + /** + * Sets the value of the type property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setType(String value) { + this.type = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java new file mode 100644 index 000000000..12d633339 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SPKIDataType.java @@ -0,0 +1,83 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * <p>Java class for SPKIDataType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SPKIDataType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded"> + * <element name="SPKISexp" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <any processContents='lax' namespace='##other' minOccurs="0"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SPKIDataType", propOrder = { + "spkiSexpAndAny" +}) +public class SPKIDataType { + + @XmlElementRef(name = "SPKISexp", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) + @XmlAnyElement(lax = true) + protected List<Object> spkiSexpAndAny; + + /** + * Gets the value of the spkiSexpAndAny property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the spkiSexpAndAny property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSPKISexpAndAny().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link Object } + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + public List<Object> getSPKISexpAndAny() { + if (spkiSexpAndAny == null) { + spkiSexpAndAny = new ArrayList<Object>(); + } + return this.spkiSexpAndAny; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java new file mode 100644 index 000000000..35e715a26 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureMethodType.java @@ -0,0 +1,115 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for SignatureMethodType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SignatureMethodType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="HMACOutputLength" type="{http://www.w3.org/2000/09/xmldsig#}HMACOutputLengthType" minOccurs="0"/> + * <any namespace='##other' maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SignatureMethodType", propOrder = { + "content" +}) +public class SignatureMethodType { + + @XmlElementRef(name = "HMACOutputLength", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + @XmlAttribute(name = "Algorithm", required = true) + @XmlSchemaType(name = "anyURI") + protected String algorithm; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Object } + * {@link JAXBElement }{@code <}{@link BigInteger }{@code >} + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + /** + * Gets the value of the algorithm property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAlgorithm() { + return algorithm; + } + + /** + * Sets the value of the algorithm property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAlgorithm(String value) { + this.algorithm = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java new file mode 100644 index 000000000..20da01d83 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertiesType.java @@ -0,0 +1,111 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for SignaturePropertiesType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SignaturePropertiesType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}SignatureProperty" maxOccurs="unbounded"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SignaturePropertiesType", propOrder = { + "signatureProperty" +}) +public class SignaturePropertiesType { + + @XmlElement(name = "SignatureProperty", required = true) + protected List<SignaturePropertyType> signatureProperty; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the signatureProperty property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the signatureProperty property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getSignatureProperty().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link SignaturePropertyType } + * + * + */ + public List<SignaturePropertyType> getSignatureProperty() { + if (signatureProperty == null) { + signatureProperty = new ArrayList<SignaturePropertyType>(); + } + return this.signatureProperty; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java new file mode 100644 index 000000000..52f630ae8 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignaturePropertyType.java @@ -0,0 +1,144 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import org.w3c.dom.Element; + + +/** + * <p>Java class for SignaturePropertyType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SignaturePropertyType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice maxOccurs="unbounded"> + * <any processContents='lax' namespace='##other'/> + * </choice> + * <attribute name="Target" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SignaturePropertyType", propOrder = { + "content" +}) +public class SignaturePropertyType { + + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + @XmlAttribute(name = "Target", required = true) + @XmlSchemaType(name = "anyURI") + protected String target; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link String } + * {@link Element } + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + /** + * Gets the value of the target property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getTarget() { + return target; + } + + /** + * Sets the value of the target property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setTarget(String value) { + this.target = value; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java new file mode 100644 index 000000000..c4f33b799 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureType.java @@ -0,0 +1,195 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for SignatureType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SignatureType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}SignedInfo"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}SignatureValue"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}KeyInfo" minOccurs="0"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Object" maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SignatureType", propOrder = { + "signedInfo", + "signatureValue", + "keyInfo", + "object" +}) +public class SignatureType { + + @XmlElement(name = "SignedInfo", required = true) + protected SignedInfoType signedInfo; + @XmlElement(name = "SignatureValue", required = true) + protected SignatureValueType signatureValue; + @XmlElement(name = "KeyInfo") + protected KeyInfoType keyInfo; + @XmlElement(name = "Object") + protected List<ObjectType> object; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the signedInfo property. + * + * @return + * possible object is + * {@link SignedInfoType } + * + */ + public SignedInfoType getSignedInfo() { + return signedInfo; + } + + /** + * Sets the value of the signedInfo property. + * + * @param value + * allowed object is + * {@link SignedInfoType } + * + */ + public void setSignedInfo(SignedInfoType value) { + this.signedInfo = value; + } + + /** + * Gets the value of the signatureValue property. + * + * @return + * possible object is + * {@link SignatureValueType } + * + */ + public SignatureValueType getSignatureValue() { + return signatureValue; + } + + /** + * Sets the value of the signatureValue property. + * + * @param value + * allowed object is + * {@link SignatureValueType } + * + */ + public void setSignatureValue(SignatureValueType value) { + this.signatureValue = value; + } + + /** + * Gets the value of the keyInfo property. + * + * @return + * possible object is + * {@link KeyInfoType } + * + */ + public KeyInfoType getKeyInfo() { + return keyInfo; + } + + /** + * Sets the value of the keyInfo property. + * + * @param value + * allowed object is + * {@link KeyInfoType } + * + */ + public void setKeyInfo(KeyInfoType value) { + this.keyInfo = value; + } + + /** + * Gets the value of the object property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the object property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getObject().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link ObjectType } + * + * + */ + public List<ObjectType> getObject() { + if (object == null) { + object = new ArrayList<ObjectType>(); + } + return this.object; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java new file mode 100644 index 000000000..92e9ca169 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignatureValueType.java @@ -0,0 +1,101 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.XmlValue; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for SignatureValueType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SignatureValueType"> + * <simpleContent> + * <extension base="<http://www.w3.org/2000/09/xmldsig#>CryptoBinary"> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </extension> + * </simpleContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SignatureValueType", propOrder = { + "value" +}) +public class SignatureValueType { + + @XmlValue + protected String value; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java new file mode 100644 index 000000000..8b87feb7c --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/SignedInfoType.java @@ -0,0 +1,167 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlID; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.CollapsedStringAdapter; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; + + +/** + * <p>Java class for SignedInfoType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="SignedInfoType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}CanonicalizationMethod"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}SignatureMethod"/> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Reference" maxOccurs="unbounded"/> + * </sequence> + * <attribute name="Id" type="{http://www.w3.org/2001/XMLSchema}ID" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "SignedInfoType", propOrder = { + "canonicalizationMethod", + "signatureMethod", + "reference" +}) +public class SignedInfoType { + + @XmlElement(name = "CanonicalizationMethod", required = true) + protected CanonicalizationMethodType canonicalizationMethod; + @XmlElement(name = "SignatureMethod", required = true) + protected SignatureMethodType signatureMethod; + @XmlElement(name = "Reference", required = true) + protected List<ReferenceType> reference; + @XmlAttribute(name = "Id") + @XmlJavaTypeAdapter(CollapsedStringAdapter.class) + @XmlID + @XmlSchemaType(name = "ID") + protected String id; + + /** + * Gets the value of the canonicalizationMethod property. + * + * @return + * possible object is + * {@link CanonicalizationMethodType } + * + */ + public CanonicalizationMethodType getCanonicalizationMethod() { + return canonicalizationMethod; + } + + /** + * Sets the value of the canonicalizationMethod property. + * + * @param value + * allowed object is + * {@link CanonicalizationMethodType } + * + */ + public void setCanonicalizationMethod(CanonicalizationMethodType value) { + this.canonicalizationMethod = value; + } + + /** + * Gets the value of the signatureMethod property. + * + * @return + * possible object is + * {@link SignatureMethodType } + * + */ + public SignatureMethodType getSignatureMethod() { + return signatureMethod; + } + + /** + * Sets the value of the signatureMethod property. + * + * @param value + * allowed object is + * {@link SignatureMethodType } + * + */ + public void setSignatureMethod(SignatureMethodType value) { + this.signatureMethod = value; + } + + /** + * Gets the value of the reference property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the reference property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getReference().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link ReferenceType } + * + * + */ + public List<ReferenceType> getReference() { + if (reference == null) { + reference = new ArrayList<ReferenceType>(); + } + return this.reference; + } + + /** + * Gets the value of the id property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getId() { + return id; + } + + /** + * Sets the value of the id property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setId(String value) { + this.id = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java new file mode 100644 index 000000000..1ac4bb0f1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformType.java @@ -0,0 +1,116 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlMixed; +import javax.xml.bind.annotation.XmlSchemaType; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * <p>Java class for TransformType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TransformType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <choice maxOccurs="unbounded" minOccurs="0"> + * <any processContents='lax' namespace='##other'/> + * <element name="XPath" type="{http://www.w3.org/2001/XMLSchema}string"/> + * </choice> + * <attribute name="Algorithm" use="required" type="{http://www.w3.org/2001/XMLSchema}anyURI" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TransformType", propOrder = { + "content" +}) +public class TransformType { + + @XmlElementRef(name = "XPath", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) + @XmlMixed + @XmlAnyElement(lax = true) + protected List<Object> content; + @XmlAttribute(name = "Algorithm", required = true) + @XmlSchemaType(name = "anyURI") + protected String algorithm; + + /** + * Gets the value of the content property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the content property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getContent().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link Element } + * {@link String } + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } + * + * + */ + public List<Object> getContent() { + if (content == null) { + content = new ArrayList<Object>(); + } + return this.content; + } + + /** + * Gets the value of the algorithm property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getAlgorithm() { + return algorithm; + } + + /** + * Sets the value of the algorithm property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setAlgorithm(String value) { + this.algorithm = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java new file mode 100644 index 000000000..243e1aa52 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/TransformsType.java @@ -0,0 +1,76 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for TransformsType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="TransformsType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element ref="{http://www.w3.org/2000/09/xmldsig#}Transform" maxOccurs="unbounded"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "TransformsType", propOrder = { + "transform" +}) +public class TransformsType { + + @XmlElement(name = "Transform", required = true) + protected List<TransformType> transform; + + /** + * Gets the value of the transform property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the transform property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getTransform().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link TransformType } + * + * + */ + public List<TransformType> getTransform() { + if (transform == null) { + transform = new ArrayList<TransformType>(); + } + return this.transform; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java new file mode 100644 index 000000000..e58941023 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509DataType.java @@ -0,0 +1,100 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAnyElement; +import javax.xml.bind.annotation.XmlElementRef; +import javax.xml.bind.annotation.XmlElementRefs; +import javax.xml.bind.annotation.XmlType; +import org.w3c.dom.Element; + + +/** + * <p>Java class for X509DataType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="X509DataType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence maxOccurs="unbounded"> + * <choice> + * <element name="X509IssuerSerial" type="{http://www.w3.org/2000/09/xmldsig#}X509IssuerSerialType"/> + * <element name="X509SKI" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <element name="X509SubjectName" type="{http://www.w3.org/2001/XMLSchema}string"/> + * <element name="X509Certificate" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <element name="X509CRL" type="{http://www.w3.org/2000/09/xmldsig#}CryptoBinary"/> + * <any processContents='lax' namespace='##other'/> + * </choice> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "X509DataType", propOrder = { + "x509IssuerSerialOrX509SKIOrX509SubjectName" +}) +public class X509DataType { + + @XmlElementRefs({ + @XmlElementRef(name = "X509SKI", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509IssuerSerial", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509SubjectName", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509CRL", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class), + @XmlElementRef(name = "X509Certificate", namespace = "http://www.w3.org/2000/09/xmldsig#", type = JAXBElement.class) + }) + @XmlAnyElement(lax = true) + protected List<Object> x509IssuerSerialOrX509SKIOrX509SubjectName; + + /** + * Gets the value of the x509IssuerSerialOrX509SKIOrX509SubjectName property. + * + * <p> + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the x509IssuerSerialOrX509SKIOrX509SubjectName property. + * + * <p> + * For example, to add a new item, do as follows: + * <pre> + * getX509IssuerSerialOrX509SKIOrX509SubjectName().add(newItem); + * </pre> + * + * + * <p> + * Objects of the following type(s) are allowed in the list + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link JAXBElement }{@code <}{@link X509IssuerSerialType }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link Object } + * {@link Element } + * {@link JAXBElement }{@code <}{@link String }{@code >} + * {@link JAXBElement }{@code <}{@link String }{@code >} + * + * + */ + public List<Object> getX509IssuerSerialOrX509SKIOrX509SubjectName() { + if (x509IssuerSerialOrX509SKIOrX509SubjectName == null) { + x509IssuerSerialOrX509SKIOrX509SubjectName = new ArrayList<Object>(); + } + return this.x509IssuerSerialOrX509SKIOrX509SubjectName; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java new file mode 100644 index 000000000..66502598e --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/X509IssuerSerialType.java @@ -0,0 +1,98 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + + +package org.w3._2000._09.xmldsig_; + +import java.math.BigInteger; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * <p>Java class for X509IssuerSerialType complex type. + * + * <p>The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="X509IssuerSerialType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="X509IssuerName" type="{http://www.w3.org/2001/XMLSchema}string"/> + * <element name="X509SerialNumber" type="{http://www.w3.org/2001/XMLSchema}integer"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "X509IssuerSerialType", propOrder = { + "x509IssuerName", + "x509SerialNumber" +}) +public class X509IssuerSerialType { + + @XmlElement(name = "X509IssuerName", required = true) + protected String x509IssuerName; + @XmlElement(name = "X509SerialNumber", required = true) + protected BigInteger x509SerialNumber; + + /** + * Gets the value of the x509IssuerName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getX509IssuerName() { + return x509IssuerName; + } + + /** + * Sets the value of the x509IssuerName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setX509IssuerName(String value) { + this.x509IssuerName = value; + } + + /** + * Gets the value of the x509SerialNumber property. + * + * @return + * possible object is + * {@link BigInteger } + * + */ + public BigInteger getX509SerialNumber() { + return x509SerialNumber; + } + + /** + * Sets the value of the x509SerialNumber property. + * + * @param value + * allowed object is + * {@link BigInteger } + * + */ + public void setX509SerialNumber(BigInteger value) { + this.x509SerialNumber = value; + } + +} diff --git a/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java new file mode 100644 index 000000000..3ec4bd567 --- /dev/null +++ b/id/server/idserverlib/src/main/java/org/w3/_2000/_09/xmldsig_/package-info.java @@ -0,0 +1,9 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 in JDK 6 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2013.06.19 at 11:53:10 AM CEST +// + +@javax.xml.bind.annotation.XmlSchema(namespace = "http://www.w3.org/2000/09/xmldsig#", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) +package org.w3._2000._09.xmldsig_; diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 8089b851c..272f26efb 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -8,70 +8,78 @@ # status messages included in <samlp:Response> of GetAuthenticationDataService
1200=Anfrage erfolgreich beantwortet
-1201=Fehlerhaftes Requestformat: mehr als 1 Request übergeben
-1202=Fehlerhaftes Requestformat: kein SAML-Artifakt übergeben
-1203=Fehlerhaftes Requestformat: mehr als 1 SAML-Artifakt übergeben
+1201=Fehlerhaftes Requestformat\: mehr als 1 Request ?bergeben
+1202=Fehlerhaftes Requestformat\: kein SAML-Artifakt ?bergeben
+1203=Fehlerhaftes Requestformat\: mehr als 1 SAML-Artifakt ?bergeben
1204=Fehlerhaftes Requestformat
1205=Fehler beim Abholen der Anmeldedaten, fehlerhaftes SAML-Artifakt Format (SAML-Artifakt={0}): {1}
1206=Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt (SAML-Artifakt={0})
-1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt={0})
+1207=Zeitüberschreitung beim Abholen der Anmeldedaten (SAML-Artifakt\={0})
1299=Interner Server-Fehler
-auth.00=Anmeldung an dieser Applikation wird nicht unterstützt (URL={0})
+auth.00=Anmeldung an dieser Applikation wird nicht unterst?tzt (URL\={0})
auth.01=Die Anmeldung ist bereits im Gange (MOASessionID={0})
auth.02=MOASessionID ist unbekannt (MOASessionID={0})
auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung: {1}
auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
-auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
-auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten: <br>Fehlercode <i>{0}</i>: {1}
-auth.09=Zur Auswahlseite der Bürgertenumgebung (URL={0}) konnte keine Verbindung hergestellt werden. : <br>HTTP-Statuscode <i>{1}</i>
+#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
+auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
+auth.08=In der Bürgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
+auth.09=Zur Auswahlseite der Bürgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
auth.10=Fehler beim Aufruf von "{0}": Parameter "{1}" fehlt
-auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung: {1}
+auth.11=Die zentral gespeicherte Auswahlseite für Bürgerkartenumgebungen konnte nicht geladen werden. Bitte informieren Sie den Adminstrator des Servers und versuchen Sie die Anmeldung in einiger Zeit abermals. <br>URL "{0}" Interne Fehlermeldung\: {1}
auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
-auth.13=Vollmachtenmodus für ausländische Bürger wird nicht unterstützt.
+auth.13=Vollmachtenmodus für ausl�ndische B�rger wird nicht unterst�tzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
auth.15=Fehler bei Anfrage an Vollmachten Service.
-auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
-auth.17=Vollmachtenmodus für nicht-öffentlichen Bereich wird nicht unterstützt.
+auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}" +auth.17=Vollmachtenmodus für nicht-öffentlichen Bereich wird nicht unterstützt.
+auth.18=Keine MOASessionID vorhanden
+auth.19=Die Authentifizierung kann nicht passiv durchgeführt werden.
+auth.20=No valid MOA session found. Authentification process is abourted.
+auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen. init.00=MOA ID Authentisierung wurde erfolgreich gestartet
-init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround: SSL ist möglicherweise nicht verfügbar
+init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist möglicherweise nicht verfügbar
init.02=Fehler beim Starten des Service MOA ID Authentisierung
+init.04=Fehler beim Datenbankzugriff mit der SessionID {0}
+
config.00=MOA ID Konfiguration erfolgreich geladen: {0}
config.01=Umgebungsvariable "moa.id.configuration" nicht gesetzt
-config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details)
-config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details)
-config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet
-config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration
-config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0}
+config.02=Nicht klassifizierter Fehler in der Konfiguration (siehe Log-Datei für Details)
+config.03=Fehler beim Einlesen der Konfiguration (siehe Log-Datei für Details)
+config.04=Fehler beim Lesen der MOA ID Konfiguration; es wird weiterhin die ursprüngliche Konfiguration verwendet
+config.05=Fehlerhafter Wert für "{0}" in der MOA ID Konfiguration
+config.06=Doppelter Eintrag in der Konfiguration für die Online-Applikation gefunden: {0}
config.07=Klasse {0} kann nicht instanziert werden
-config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration
+config.08=Fehlender Wert für "{0}" in der MOA ID Konfiguration
config.09=Fehler beim Erstellen von X509IssuerSerial (IssuerName={0}, SerialNumber={1})
config.10=Fehler in der MOA SPSS Konfiguration: {0}
config.11=LoginParameterResolver konnte nicht konfiguriert werden {0}
config.12=Standard DATA URL Prefix "{0}" wird anstatt des konfigurierten DATA URL Prefix verwendet
config.13=Konfiguriertes DATA URL Prefix "{0}" muss mit http:// bzw. https:// beginnen
config.14=LoginParameterResolver-Fehler: {0}
-config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden.
+config.15=Das Personenbindungs-Trust-Profil (TrustProfileID = {0}) darf nicht für die Verifikation anderer Infoboxen verwendet werden.
config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionParameter im allgemeinen Konfigurationsteil der MOA-ID-PROXY Konfigurationsdatei fehlt.
-
+config.17=Fehler beim initialisieren von Hibernate
+config.18=Keine MOA-ID 2.x Konfiguration gefunden.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
parser.02=Schwerer Fehler beim Parsen: {0}
-parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels: {0}
+parser.03=Fehler beim Parsen oder Konvertieren eines ECDSA-Schlüssels\: {0}
parser.04=Fehler beim Serialisieren: {0}
parser.05=Fehler beim Serialisieren: SAML-Attribute {0} (Namespace: {1}) konnte nicht serialsiert werden.
-parser.06=Fehler beim Parsen: {0}-InfoboxResponse nicht vollständig ({1} im {2} fehlt)
-parser.07=Fehler beim Parsen: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element).
+parser.06=Fehler beim Parsen\: {0}-InfoboxResponse nicht vollst?ndig ({1} im {2} fehlt)
+parser.07=Fehler beim Parsen\: Assoziatives Array im {0}-InfoboxResponse enthält einen Schlüssel ohne zugehörigen Wert ("Key"-Element statt "Pair"-Element).
builder.00=Fehler beim Aufbau der Struktur "{0}": {1}
builder.01=Fehlerhaftes Template: Kennung "{0}" fehlt
builder.02=Fehler beim Ausblenden von Stammzahlen
-builder.03=Fehler beim Aufbau des HTML Codes für Vollmachten
+builder.03=Fehler beim Aufbau des HTML Codes für Vollmachten
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
@@ -85,102 +93,121 @@ cleaner.03=Abgelaufene Anmeldedaten zur SAML-Assertion ID {0} wurden aus dem Spe proxy.00=MOA ID Proxy wurde erfolgreich gestartet
proxy.01=Unbekannter URL {0}, erwarteter URL auf {1}
-proxy.02=Unbekannter URL {0}. <br>Es wurde keine Übereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
+proxy.02=Unbekannter URL {0}. <br>Es wurde keine Ãœbereinstimmung zum Attribut publicURLPrefix im Element 'OnlineApplication' der verwendeten MOA-ID Konfigurationsdatei gefunden.
proxy.04=URL {0} : {1}
-proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} : {1}
+proxy.05=Fehler beim Aufbauen der SSLSocketFactory für {0} \: {1}
proxy.06=Fehler beim Starten des Service MOA ID Proxy
proxy.07=Sie sind nicht bzw. nicht mehr angemeldet. Melden Sie sich bitte erneut an.
-proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0})
+proxy.08=Kein URL-Mapping in der HttpSession verfügbar (URL {0})
proxy.09=Fehler beim Aufruf des MOA-ID Auth API: {0}
proxy.10=Fehler beim Weiterleiten (MOA-ID Proxy)
proxy.11=Beim Weiterleiten der Verbindung zur Anwendung ist ein Fehler aufgetreten.
proxy.12=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht möglich. <br>Prüfen Sie bitte ihre Berechtigung.
-proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Präfix: {0}
-proxy.14=<p> Folgende Ursachen können zu dem Fehler geführt haben:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
-proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die benötigte Berechtigung.
+proxy.13=Fehler beim Aufruf des LoginParameterResolvers zu URL-Pr?fix\: {0}
+proxy.14=<p> Folgende Ursachen können zu dem Fehler geführt haben\:</p><ol><li>Sie sind nicht mehr angemeldet (Verbindungen werden aus Sicherheitsgründen bei längerer Inaktivität beendet.)<br>Melden Sie sich bitte erneut an.</li><li> Die Kommunikation mit dem Server schlug fehl.<br> </li></ol>
+proxy.15=Auf die gewünschte Seite kann nicht zugegriffen werden, Sie besitzen nicht die ben�tigte Berechtigung.
proxy.16=Fehler bei der Anmeldung. <br>Eine Anmeldung an der Anwendung <b>{0}</b> war nicht möglich. Die maximale Anzahl von {1} ungültigen Loginversuchen wurde überschritten.<br>Prüfen Sie bitte ihre Berechtigung.
validator.00=Kein SAML:Assertion Objekt gefunden {0}
validator.01=Im Subject kommt mehr als ein Element des Typs PhysicalPersonType vor {0}
-validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0}
-validator.03=Der Namespace eines öffentlichen Schlüssels ist ungültig {0}
-validator.04=Es wurde ein SAML:Attribut ohne öffentlichen Schlüssel gefunden {0}
+validator.02=Das verwendete Schlüsselformat eines öffentlichen Schlüssels ist unbekannt {0}
+validator.03=Der Namespace eines öffentlicher Schlüssels ist ungültig {0}
+validator.04=Es wurde ein SAML\:Attribut ohne öffentlichen Schlüssel gefunden {0}
validator.05=Es wurde {0} keine DSIG:Signature gefunden
-validator.06=Die Signatur ist ungültig
-validator.07=Das Zertifikat der Personenbindung ist ungültig.<br>{0}
-validator.08=Das Manifest ist ungültig
-validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein
+validator.06=Die Signatur ist ungültig
+validator.07=Das Zertifikat der Personenbindung ist ungültig.<br>{0}
+validator.08=Das Manifest ist ungültig
+validator.09=Die öffentlichen Schlüssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat überein
-validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0}
-validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
-validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0}
-validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0}
+validator.10=Anzahl der URLs zur Authentisierungskomponente ungültig {0}
+validator.11="Geschäftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.12=Der Namespace des SAML-Attributs "Geschäftsbereich" ist ungültig {0}
+validator.13=Das Target des 'Geschäftsbereichs' ist ungültig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
-validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0}
+validator.15=Der Namespace des SAML-Attributs "OA" ist ungültig {0}
validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
-validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als gültiger SubjectDN-Name für eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
-validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
+validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ungültig {0}
+#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
+validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zulässig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enthält das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
-validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.<br>{0}
+validator.19=Das verwendete Zertifikat zum Signieren ist ungültig.<br>{0}
-validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.
-validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette fällt der Prüfzeitpunkt nicht in das Gültigkeitsintervall.
-validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
-validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen.
-validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt.
+validator.21=Es konnte keine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konstruiert werden.
+validator.22=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für zumindest ein Zertifikat dieser Kette f�llt der Pr�fzeitpunkt nicht in das Gültigkeitsintervall.
+validator.23=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
+validator.24=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Zumindest ein Zertifikat ist zum Prüfzeitpunkt widerrufen.
+validator.25=Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Kein Zertifikat dieser Kette ist zum Prüfzeitpunkt widerrufen. Zumindest ein Zertifikat ist zum Prüfzeitpunkt gesperrt.
-validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten
+validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "Geschäftsbereich" enthalten
validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
-validator.30=Der Namespace des SAML-Attributs "wbPK" ist ungültig {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
validator.32="Issuer" im AUTH-Block nicht vorhanden.
-validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein.
-validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein.
-validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig.
-validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert: {0} statt der erwarteten {1}
-validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
-validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig: "{3}" anstelle von "{4}"
-validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
-
-
-validator.40=Überprüfung der {0}-Infobox fehlgeschlagen: {1}
-validator.41=Überprüfung der {0}-Infobox fehlgeschlagen: Keine Konfigurationsparameter zur Überprüfung der {0}-Infobox vorhanden.
-validator.42=Überprüfung der {0}-Infobox fehlgeschlagen: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
-validator.43=Überprüfung der {0}-Infobox fehlgeschlagen: Der InfoboxReadResponse für die {0}-Infobox konnte nicht erfolgreich geparst werden.
-validator.44=Überprüfung der {0}-Infobox fehlgeschlagen: In der {0}-Infobox Prüfapplikation ist ein Fehler aufgetreten.
-validator.45=Überprüfung der {0}-Infobox fehlgeschlagen: Der {1} des von der {0}-Infobox Prüfapplikation zurückgegebenen SAML-Attributes Nummer {2} ist {3}.
-validator.46=Überprüfung der {0}-Infobox fehlgeschlagen: Der Wert des von der Prüfapplikation zurückgegebenen SAML-Attributes Nummer {1} ist ungültig.
-validator.47=Überprüfung der {0}-Infobox fehlgeschlagen: Das von der Prüfapplikation zurückgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
-validator.48={0}-Infobox wurde nicht von der BKU übermittelt: Für die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
+validator.33="Issuer"-Attribut im AUTH-Block ("{0}") stimmt nicht mit dem Namen in der Personenbindung ("{1}") überein.
+validator.34=Das Geburtsdatum ({0}) stimmt nicht mit dem in der Personenbindung ({1}) überein.
+validator.35=Der Namespace des SAML-Attributs "Geburtsdatum" ist ungültig.
+validator.36=Die Anzahl der SAML-Attribute im AUTH-Block wurde verändert\: {0} statt der erwarteten {1}
+validator.37=Die Reihenfolge der SAML-Attribute im AUTH-Block wurde verändert\: Attribut "{0}" anstelle von Attribut "{1}" an der {2}. Position
+validator.38=Der {0} des SAML-Attributs Nummer {1} ({2}) im AUTH-Block ist ungültig\: "{3}" anstelle von "{4}"
+validator.39=Der Austellungszeitpunkt (IssueInstant) im AUTH-Block wurde verändert\: {0} anstelle von {1}. Möglicherweise wurde Ihre Bürgerkartenumgebung kompromittiert. Verwenden Sie Ihre Bürgerkarte bis auf weiteres nicht mehr, und setzen Sie sich umgehend mit dem Betreiber des Online-Dienstes, an dem Sie sich anmelden wollten, in Verbindung.
+
+
+validator.40=?berpr?fung der {0}-Infobox fehlgeschlagen\: {1}
+validator.41=?berpr?fung der {0}-Infobox fehlgeschlagen\: Keine Konfigurationsparameter zur ?berpr?fung der {0}-Infobox vorhanden.
+validator.42=?berpr?fung der {0}-Infobox fehlgeschlagen\: Es konnte keine geeignete Applikation zur Verifikation der {0}-Infobox geladen werden.
+validator.43=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der InfoboxReadResponse f?r die {0}-Infobox konnte nicht erfolgreich geparst werden.
+validator.44=?berpr?fung der {0}-Infobox fehlgeschlagen\: In der {0}-Infobox Pr?fapplikation ist ein Fehler aufgetreten.
+validator.45=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der {1} des von der {0}-Infobox Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {2} ist {3}.
+validator.46=?berpr?fung der {0}-Infobox fehlgeschlagen\: Der Wert des von der Pr?fapplikation zur?ckgegebenen SAML-Attributes Nummer {1} ist ung?ltig.
+validator.47=?berpr?fung der {0}-Infobox fehlgeschlagen\: Das von der Pr?fapplikation zur?ckgegebene SAML-Attribut Nummer {1} kann nicht eindeutig zugeordnet werden.
+validator.48={0}-Infobox wurde nicht von der BKU ?bermittelt\: F?r die Anmeldung an dieser Online-Applikation ist die {0}-Infobox erforderlich. Bitte melden Sie sich erneut an, und selektieren Sie in Ihrer BKU die {0}-Infobox.
validator.49=Beim Ermitteln der Personenbindungs-OID im Zertifikat, mit dem die Personenbindung signiert wurde, ist ein Fehler aufgetreten.
-validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Prüfprofil überein.
+validator.50=Transformationskette in der Signatur stimmt mit keiner Transformationskette aus dem Pr�fprofil �berein.
-validator.60=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
-validator.61=Überprüfung der {0}-Infobox fehlgeschlagen: Vollmachtenprüfung ist für diesen Typ von Vollmachten für berufliche Parteienvertreter nicht aktiviert. Die übermittelte Vollmacht kann nicht für eine Anmeldung verwendet werden.
-validator.62=Fehler in der Übermittlung: keine primäre Vollmacht übergeben.
-validator.63=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten.
+validator.60=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.61=?berpr?fung der {0}-Infobox fehlgeschlagen\: Vollmachtenpr?fung ist f?r diesen Typ von Vollmachten f?r berufliche Parteienvertreter nicht aktiviert. Die ?bermittelte Vollmacht kann nicht f?r eine Anmeldung verwendet werden.
+validator.62=Fehler in der ?bermittlung\: keine prim?re Vollmacht ?bergeben.
+validator.63=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten.
validator.64=Fehler beim Austausch von Vollmachtsdaten
-validator.65=Es ist ein Fehler bei der Formulargenerierung für berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
-validator.66=Überprüfung der {0}-Infobox fehlgeschlagen: berufliche Parteienvetretung ist nicht konfiguriert.
+validator.65=Es ist ein Fehler bei der Formulargenerierung f�r berufliche Parteienvetretung aufgetreten - kein Formular zur Anzeige vorhanden.
+validator.66=?berpr?fung der {0}-Infobox fehlgeschlagen\: berufliche Parteienvetretung ist nicht konfiguriert.
+
+validator.67=Der Specialtext ({0}) stimmt nicht mit dem für diese Applikation hinterlegten Text ({1}) überein.
ssl.01=Validierung des SSL-Server-Endzertifikates hat fehlgeschlagen
stork.00=STORK SAML AuthnRequest konnte nicht signiert werden
-stork.01=STORK SAML AuthnRequest nicht gültig
+stork.01=STORK SAML AuthnRequest nicht g�ltig
stork.02=STORK SAML AuthnRequest kann nicht an folgende URL geschickt werden: {0}
stork.04=STORK SAML Response konnte nicht decodiert werden
stork.05=STORK SAML Response Validierung fehlgeschlagen
-stork.06=STORK SAML Response enthält eine Fehlermeldung: {0}
-stork.07=Es existiert kein STORK AuthnRequest für diese STORK Response
+stork.06=STORK SAML Response enth?lt eine Fehlermeldung\: {0}
+stork.07=Es existiert kein STORK AuthnRequest f�r diese STORK Response
stork.08=STORK SAML Assertion Validierung fehlgeschlagen
-stork.09=Fehler beim Überprüfen der STORK BürgerInnen Signatur
+stork.09=Fehler beim �berpr�fen der STORK B�rgerInnen Signatur
stork.10=Fehler in der Verbindung zum SZR-Gateway
+
+pvp2.00={0} ist kein gueltiger consumer service index
+pvp2.01=Fehler beim kodieren der PVP2 Antwort
+pvp2.02=Ungueltiges Datumsformat
+pvp2.03=Vollmachtattribute nicht in Metadaten verfuegbar
+pvp2.04=Kein Authorisierungs Context verfuegbar
+pvp2.05=Es wird nur {0} als QAA unterstuetzt
+pvp2.06=Keine Vollmacht verfuegbar
+pvp2.07=SAML Anfrage nicht korrekt digital signiert
+pvp2.08=Keine Credentials fuer {0} verfuegbar
+pvp2.09=SAML Anfrage wird nicht unterstuetzt
+pvp2.10=Attribut {0} nicht verfuegbar
+pvp2.11=Binding {0} wird nicht unterstuetzt
+pvp2.12=NameID Format {0} wird nicht unterstuetzt
+pvp2.13=Interner Server Fehler
+pvp2.14=SAML Anfrage verweigert
+pvp2.15=Keine Metadateninformation gefunden diff --git a/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html new file mode 100644 index 000000000..ccd85a38a --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/pvp_postbinding_template.html @@ -0,0 +1,51 @@ +## +## Velocity Template for SAML 2 HTTP-POST binding +## +## Velocity context may contain the following properties +## action - String - the action URL for the form +## RelayState - String - the relay state for the message +## SAMLRequest - String - the Base64 encoded SAML Request +## SAMLResponse - String - the Base64 encoded SAML Response + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> + + <body onload="document.forms[0].submit()"> + <noscript> + <p> + <strong>Note:</strong> Since your browser does not support JavaScript, + you must press the Continue button once to proceed. + </p> + </noscript> + + + <div id="alert">Your login is being processed. Thank you for waiting.</div> + + <style type="text/css"> + <!-- + #alert { + margin:100px 250px; + font-family: Verdana, Arial, Helvetica, sans-serif; + font-size:14px; + font-weight:normal; + } + --> + </style> + + <form action="${action}" method="post" target="_parent"> + <div> + #if($RelayState)<input type="hidden" name="RelayState" value="${RelayState}"/>#end + + #if($SAMLRequest)<input type="hidden" name="SAMLRequest" value="${SAMLRequest}"/>#end + + #if($SAMLResponse)<input type="hidden" name="SAMLResponse" value="${SAMLResponse}"/>#end + + </div> + <noscript> + <div> + <input type="submit" value="Continue"/> + </div> + </noscript> + </form> + + </body> +</html>
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html b/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html new file mode 100644 index 000000000..cde1ac7a5 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/redirectForm.html @@ -0,0 +1,12 @@ +<html> +<head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <script type="text/javascript"> + </script> +</head> + + +<body onload="document.getElementById('link').click();"> + <a href="#URL#" target="_parent" id="link">CLICK to perform a redirect back to Online Application</a> +</body> +</html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html new file mode 100644 index 000000000..f4377ace4 --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormFull.html @@ -0,0 +1,106 @@ +<html> +<head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <meta content="text/css" http-equiv="Content-Style-Type"> + <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css"> + <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stammzahl.css"> + <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesnew.css"> + <link type="text/css" rel="stylesheet" href="#CONTEXTPATH#/css/2.0/stylesinput.css"> + +</head> + + +<body> + <div class="pageWidth"> + + <div id="pagebase"> + <div id="page"> + + <div id="header" class="header clearfix"> + <h1 class="main_header">MOA-ID 2.0 - Login Preview</h1> + +<!-- <ul id="servicenav"> + <li><a href="http://www.dsk.gv.at">Datenschutzkommission<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/5109/default.aspx">Stammzahlenregister<span class="hidden">.</span></a></li> + <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dvr">Datenverarbeitungsregister<span class="hidden">.</span></a></li> + <li><a href="http://www.dsk.gv.at/DesktopDefault.aspx?alias=dsken" lang="en" class="last-item">English<span class="hidden">.</span></a></li> + </ul> --> + + <div id="mainnavjump"></div> + <p id="homelink"><img src="#CONTEXTPATH#/img/2.0/logo.png" style="width: 250px" alt="EGIZ"></p> + <ul id="mainnav" class="clearfix"> +<!-- <li><a href="http://www2.egiz.gv.at">Home<span class="hidden">.</span></a></li> --> +<!-- <li><a href="http://www.stammzahlenregister.gv.at/site/5970/default.aspx">bPK<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/5981/default.aspx">Ergänzungsregister<span class="hidden">.</span></a></li> + <li class="selected"><a href="http://www.stammzahlenregister.gv.at/site/5983/default.aspx" class="current">Vollmachten<span class="hidden"> (gewählt)</span><span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/6001/default.aspx">Veröffentlichungen<span class="hidden">.</span></a></li> --> + </ul> + + </div> + + + <br class="clearAll"> + + <div id="viewcontrol" class="switch"> + <div id="page1" class="case selected-case"> + <div style="margin-left: 0px;"> + +<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> + + <div id="main" class="full"> + <div id="leftcontent" class="full"> + <h2 id="tabheader" class="dunkel full"> + Anmeldeinformationen: + + </h2> + + <div id="selectArea" class="hell full"> + <b>Anmeldung an:</b> + <p>#OAName#</p> + + +<!-- <div class="hell"> --> + <div id="leftbutton" class="hell full"> + <form method="post" id="moaidform_yes" action="#URL#"> + <input type="hidden" name="value" value="true"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" size="400" value="Ja" class="setAssertionButton_full"> + </form> + </div> + <div id="rightbutton" class="hell full"> + <form method="post" id="moaidform_no" action="#URL#"> + <input type="hidden" name="value" value="false"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" size="400" value="Nein" class="setAssertionButton_full"> + </form> + </div> + + </div> + </div> + </div> + </div> + </div> + + <br style="clear: both"> + <div id="footer" class="clearfix"> + +<!-- <h2 class="hidden">Über die Website der Stammzahlenregisterbehörde</h2> + <ul> + <li><a href="http://www.stammzahlenregister.gv.at/site/5115/Default.aspx" class="first-item">Impressum<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/6004/Default.aspx" lang="en">Sitemap<span class="hidden">.</span></a></li> + + <li><a href="http://www.stammzahlenregister.gv.at/site/5122/Default.aspx">Kontakt<span class="hidden">.</span></a></li> + <li><a href="http://www.stammzahlenregister.gv.at/site/6005/Default.aspx">Hilfe<span class="hidden">.</span></a></li> + </ul> --> + </div> + + + </div> + </div> + </div> +</body> +</html> diff --git a/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html new file mode 100644 index 000000000..a30bbfa9a --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/templates/sendAssertionFormIFrame.html @@ -0,0 +1,44 @@ +<html> +<head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <meta content="text/css" http-equiv="Content-Style-Type"> + <link rel="stylesheet" type="text/css" href="#CONTEXTPATH#/css/index.css"> +</head> + + +<body> + <div id="leftcontent"> + <h2 id="tabheader" class="dunkel"> + Anmeldeinformationen: + + </h2> + + <div id="selectArea" class="hell"> + <b>Anmeldung an:</b> + <p>#OAName#</p> + + +<!-- <div class="hell"> --> + <div id="leftbutton" class="hell"> + <form method="post" id="moaidform_yes" action="#URL#"> + <input type="hidden" name="value" value="true"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" size="400" value="Ja" class="setAssertionButton"> + </form> + </div> + <div id="rightbutton" class="hell"> + <form method="post" id="moaidform_no" action="#URL#"> + <input type="hidden" name="value" value="false"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" size="400" value="Nein" class="setAssertionButton"> + </form> + </div> + + </div> + </div> +</body> +</html> diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java new file mode 100644 index 000000000..67504fa47 --- /dev/null +++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java @@ -0,0 +1,77 @@ +package test.tlenz; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.util.Date; +import java.util.Properties; + +import org.hibernate.cfg.Configuration; + +import at.gv.egovernment.moa.id.commons.db.HibernateUtil; +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.util.MiscUtil; + +public class simpletest { + + public static void main(String[] args) { + + System.setProperty("mandates.configuration", "D:/Projekte/svn/moa-id/moa-id.properties"); + String propertiesFileLocation = System.getProperty("mandates.configuration"); + + MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName"); + File propertiesFile = new File(propertiesFileLocation); + FileInputStream fis; + try { + fis = new FileInputStream(propertiesFile); + } catch (FileNotFoundException e) { + + e.printStackTrace(); + return; + } + + Properties props = new Properties(); + try { + props.load(fis); + } catch (IOException e) { + + e.printStackTrace(); + return; + } + + // initialize hibernate + synchronized (simpletest.class) { + + + Configuration hibernateConfig = new Configuration(); + hibernateConfig.addAnnotatedClass(AssertionStore.class); + hibernateConfig.addProperties(props); + HibernateUtil.initHibernate(hibernateConfig, props); + } + + AssertionStorage store = new AssertionStorage(); +// +// AuthenticationData assertion = new AuthenticationData(); +// assertion.setBPK("bPK_schaut_anders_aus"); +// +// //store.put("test", assertion ); + + + store.clean(new Date().getTime(), 1000); + +// try { +// AuthenticationData test = (AuthenticationData) store.get("test"); +// +// } catch (MOADatabaseException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } + + + + } +} diff --git a/id/server/moa-id-commons/.classpath b/id/server/moa-id-commons/.classpath new file mode 100644 index 000000000..88431cf04 --- /dev/null +++ b/id/server/moa-id-commons/.classpath @@ -0,0 +1,38 @@ +<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="src" output="target/classes" path="src/main/java"> + <attributes> + <attribute name="optional" value="true"/> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="src" output="target/test-classes" path="src/test/java"> + <attributes> + <attribute name="optional" value="true"/> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="src" path="target/generated-sources/xjc"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + <attribute name="org.eclipse.jst.component.nondependency" value=""/> + </attributes> + </classpathentry> + <classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"> + <attributes> + <attribute name="maven.pomderived" value="true"/> + </attributes> + </classpathentry> + <classpathentry kind="output" path="target/classes"/> +</classpath> diff --git a/id/server/moa-id-commons/.project b/id/server/moa-id-commons/.project new file mode 100644 index 000000000..75c3e013e --- /dev/null +++ b/id/server/moa-id-commons/.project @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<projectDescription> + <name>moa-id-commons</name> + <comment></comment> + <projects> + <project>moa-common</project> + </projects> + <buildSpec> + <buildCommand> + <name>org.eclipse.wst.common.project.facet.core.builder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.wst.validation.validationbuilder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.eclipse.m2e.core.maven2Builder</name> + <arguments> + </arguments> + </buildCommand> + </buildSpec> + <natures> + <nature>org.eclipse.jem.workbench.JavaEMFNature</nature> + <nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature> + <nature>org.eclipse.jdt.core.javanature</nature> + <nature>org.eclipse.m2e.core.maven2Nature</nature> + <nature>org.eclipse.wst.common.project.facet.core.nature</nature> + </natures> +</projectDescription> diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml new file mode 100644 index 000000000..f04de3ad8 --- /dev/null +++ b/id/server/moa-id-commons/pom.xml @@ -0,0 +1,183 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id</groupId> + <artifactId>moa-id</artifactId> + <version>1.5.2</version> + </parent> + <artifactId>moa-id-commons</artifactId> + <name>moa-id-commons</name> + <groupId>MOA.id.server</groupId> + + <dependencies> + <dependency> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-core</artifactId> + <version>4.2.1.Final</version> + </dependency> + <dependency> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-c3p0</artifactId> + <version>4.2.1.Final</version> + </dependency> + <dependency> + <groupId>org.hibernate</groupId> + <artifactId>hibernate-entitymanager</artifactId> + <version>4.2.1.Final</version> + </dependency> + + <dependency> + <groupId>org.apache.commons</groupId> + <artifactId>commons-lang3</artifactId> + <version>3.1</version> + </dependency> + <dependency> + <groupId>MOA</groupId> + <artifactId>moa-common</artifactId> + <type>jar</type> + </dependency> + + <!-- dependency> + <groupId>com.sun.xml.bind</groupId> + <artifactId>jaxb-xjc</artifactId> + <version>2.2.7</version> + </dependency --> + + <dependency> + <groupId>org.hibernate.javax.persistence</groupId> + <artifactId>hibernate-jpa-2.0-api</artifactId> + <version>1.0.1.Final</version> + </dependency> + + <dependency> + <groupId>org.jvnet.hyperjaxb3</groupId> + <artifactId>hyperjaxb3-ejb-runtime</artifactId> + <version>0.5.6</version> + </dependency> + + <dependency> + <groupId>mysql</groupId> + <artifactId>mysql-connector-java</artifactId> + <version>5.1.25</version> + </dependency> + </dependencies> + + <build> + <defaultGoal>install</defaultGoal> + + <resources> + <resource> + <directory>src/main/resources/config</directory> + <excludes> + <exclude>**/*.java</exclude> + </excludes> + </resource> + <resource> + <directory>target/generated-sources/xjc</directory> + <excludes> + <exclude>**/*.java</exclude> + </excludes> + </resource> + </resources> + + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-compiler-plugin</artifactId> + <configuration> + <source>1.5</source> + <target>1.5</target> + </configuration> + </plugin> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-jar-plugin</artifactId> + <configuration> + <skipTests>true</skipTests> + <archive> + <addMavenDescriptor>false</addMavenDescriptor> + </archive> + </configuration> + <executions> + <execution> + <goals> + <goal>test-jar</goal> + </goals> + </execution> + </executions> + </plugin> + + <plugin> + <groupId>org.jvnet.hyperjaxb3</groupId> + <artifactId>maven-hyperjaxb3-plugin</artifactId> + <version>0.5.6</version> + <executions> + <execution> + <goals> + <goal>generate</goal> + </goals> + </execution> + </executions> + <configuration> + <extension>true</extension> + <schemaDirectory>src/main/resources/config</schemaDirectory> + <bindingDirectory>src/main/resources/config</bindingDirectory> + <persistenceXml>src/main/resources/config/persistence_template.xml</persistenceXml> + <generatePackage>at.gv.egovernment.moa.id.commons.db.dao.config</generatePackage> + </configuration> + </plugin> + <plugin> + <inherited>true</inherited> + <artifactId>maven-compiler-plugin</artifactId> + <version>2.0.2</version> + <configuration> + <source>1.5</source> + <target>1.5</target> + </configuration> + </plugin> + + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-javadoc-plugin</artifactId> + <version>2.5</version> + <configuration> + <charset>UTF-8</charset> + <docencoding>UTF-8</docencoding> + <quiet>true</quiet> + <author>false</author> + <version>false</version> + <use>true</use> + <excludePackageNames>at.gv.egovernment.moa.spss.server.*;at.gv.egovernment.moa.spss.api.impl.*;at.gv.egovernment.moa.spss.impl.*</excludePackageNames> + <tags> + <tag> + <name>pre</name> + <placement>a</placement> + <head>Preconditions:</head> + </tag> + <tag> + <name>post</name> + <placement>a</placement> + <head>Postconditions:</head> + </tag> + </tags> + <links> + <link>http://java.sun.com/j2se/1.4/docs/api/</link> + <link>http://java.sun.com/j2se/1.5.0/docs/api/</link> + <link>http://logging.apache.org/log4j/docs/api/</link> + </links> + <target>1.5</target> + </configuration> + <executions> + <execution> + <id>generate-javadoc</id> + <phase>package</phase> + <goals> + <goal>jar</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + <version>1.5.2</version> +</project>
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java new file mode 100644 index 000000000..795981777 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java @@ -0,0 +1,238 @@ +package at.gv.egovernment.moa.id.commons.db; + +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.persistence.EntityManager; + +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; + +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class ConfigurationDBRead { + + private static Map<String, String> QUERIES = new HashMap<String, String>(); + static { + QUERIES.put("getActiveOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix like SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix)) and onlineapplication.isActive = '1'"); + QUERIES.put("getOnlineApplicationWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.publicURLPrefix like SUBSTRING(:id, 1, LENGTH(onlineapplication.publicURLPrefix))"); + QUERIES.put("getOnlineApplicationWithDBID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.hjid = :id"); + QUERIES.put("getAllOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication"); + QUERIES.put("getAllActiveOnlineApplications", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.isActive = '1'"); + QUERIES.put("getMOAIDConfiguration", "select moaidconfiguration from MOAIDConfiguration moaidconfiguration"); + QUERIES.put("getUserWithUserID", "select userdatabase from UserDatabase userdatabase where userdatabase.hjid = :id"); + QUERIES.put("getUserWithUserUsername", "select userdatabase from UserDatabase userdatabase where userdatabase.username = :username"); + QUERIES.put("getAllUsers", "select userdatabase from UserDatabase userdatabase"); + QUERIES.put("searchOnlineApplicationsWithID", "select onlineapplication from OnlineApplication onlineapplication where onlineapplication.friendlyName like :id"); } + + @SuppressWarnings("rawtypes") + public static OnlineApplication getActiveOnlineApplication(String id) { + MiscUtil.assertNotNull(id, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with ID " + id + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID")); + //query.setParameter("id", id+"%"); + query.setParameter("id", id); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return (OnlineApplication) result.get(0); + } + + + @SuppressWarnings("rawtypes") + public static OnlineApplication getOnlineApplication(String id) { + MiscUtil.assertNotNull(id, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with ID " + id + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithID")); + //query.setParameter("id", id+"%"); + query.setParameter("id", id); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return (OnlineApplication) result.get(0); + } + + @SuppressWarnings("rawtypes") + public static OnlineApplication getOnlineApplication(long dbid) { + MiscUtil.assertNotNull(dbid, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with DBID " + dbid + " from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getOnlineApplicationWithDBID")); + //query.setParameter("id", id+"%"); + query.setParameter("id", dbid); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return (OnlineApplication) result.get(0); + } + + public static MOAIDConfiguration getMOAIDConfiguration() { + Logger.trace("Load MOAID Configuration from database."); + + List result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getMOAIDConfiguration")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return (MOAIDConfiguration) result.get(0); + } + + public static List<OnlineApplication> getAllOnlineApplications() { + Logger.trace("Get All OnlineApplications from database."); + + List<OnlineApplication> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllOnlineApplications")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + public static List<UserDatabase> getAllUsers() { + Logger.trace("Get All OnlineApplications from database."); + + List<UserDatabase> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllUsers")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + public static List<OnlineApplication> getAllActiveOnlineApplications() { + Logger.trace("Get All active OnlineApplications from database."); + + List<OnlineApplication> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getAllActiveOnlineApplications")); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return result; + } + + @SuppressWarnings("rawtypes") + public static List<OnlineApplication> searchOnlineApplications(String id) { + MiscUtil.assertNotNull(id, "OnlineApplictionID"); + Logger.trace("Getting OnlineApplication with ID " + id + " from database."); + + List<OnlineApplication> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("searchOnlineApplicationsWithID")); + query.setParameter("id", "%"+id+"%"); + + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return result; + } + + public static UserDatabase getUserWithID(long id) { + MiscUtil.assertNotNull(id, "UserID"); + Logger.trace("Getting Userinformation with ID " + id + " from database."); + + List<UserDatabase> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserID")); + query.setParameter("id", id); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } + + + + public static UserDatabase getUserWithUserName(String username) { + MiscUtil.assertNotNull(username, "UserName"); + Logger.trace("Getting Userinformation with ID " + username + " from database."); + + List<UserDatabase> result; + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + + javax.persistence.Query query = session.createQuery(QUERIES.get("getUserWithUserUsername")); + query.setParameter("username", username); + result = query.getResultList(); + + Logger.trace("Found entries: " + result.size()); + + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + return (UserDatabase) result.get(0); + } +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java new file mode 100644 index 000000000..16cea07d8 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java @@ -0,0 +1,214 @@ +package at.gv.egovernment.moa.id.commons.db; + +import java.util.Properties; + +import javax.persistence.EntityManager; +import javax.persistence.EntityManagerFactory; +import javax.persistence.EntityTransaction; +import javax.persistence.Persistence; + +import org.hibernate.HibernateException; +import org.hibernate.Session; + + +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; + +public final class ConfigurationDBUtils { + + private static EntityManagerFactory entitymanagerfactory; + + @SuppressWarnings("rawtypes") + private static final ThreadLocal THREAD_LOCAL_CONFIG = new ThreadLocal(); + private static boolean automaticSessionHandling = false; + + protected ConfigurationDBUtils() { } + + public static void initHibernate(Properties props) throws MOADatabaseException { + + try { + + //add Hibernate annotations +// Configuration hibernateConfig = new Configuration(); +// hibernateConfig.addAnnotatedClass(AssertionStore.class); +// hibernateConfig.addAnnotatedClass(AuthenticatedSessionStore.class); +// hibernateConfig.addAnnotatedClass(OASessionStore.class); +// hibernateConfig.addAnnotatedClass(OldSSOSessionIDStore.class); +// hibernateConfig.addProperties(props); + + + Logger.debug("Creating initial session factory..."); +// entitymanagerfactory = +// Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config", +// hibernateConfig.getProperties()); + + entitymanagerfactory = + Persistence.createEntityManagerFactory("at.gv.egovernment.moa.id.commons.db.dao.config", + props); + + Logger.debug("Initial ConfigDB session factory successfully created."); + + + } catch (Throwable ex) { + Logger.error("Initial session factory creation failed: " + ex.getMessage()); + throw new MOADatabaseException("Initialization of Configuration Hibernate session factory failed.",ex); + } + } + + + /** + * Checks if a session factory is currently available. If necessary a new + * session factory is created. + * + * @return current (or new) session factory + * @throws HibernateException + * thrown if a hibernate error occurs + */ + public static EntityManager getCurrentSession() { + if (automaticSessionHandling) { + + return entitymanagerfactory.createEntityManager(); + } + + EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); + + if (session != null && session.isOpen()) { + + //maybe a hack, but sometimes we do not know if the session is closed (session already closed but isOpen()=true) + try { + javax.persistence.Query query = session.createQuery("select userdatabase from UserDatabase userdatabase"); + query.getResultList(); + + } catch (Throwable e) { + Logger.warn("JPA Session Handling Warning!!!! - This error should not occur."); + session = getNewSession(); + } + + } else + session = getNewSession(); + + return session; + } + + @SuppressWarnings("unchecked") + public static EntityManager getNewSession() { + if (automaticSessionHandling) { + Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead."); + //return sessionFactory.getCurrentSession(); + return entitymanagerfactory.createEntityManager(); + } + EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); + if (session != null ) { + Logger.warn("Previous session has not been closed; closing ConfigDB session now."); + closeSession(); + } + Logger.debug("Opening new ConfigDB hibernate session..."); + try { + session = entitymanagerfactory.createEntityManager(); + THREAD_LOCAL_CONFIG.set(session); + } catch (HibernateException hex) { + Logger.error(hex.getMessage()); + } + return session; + } + + /** + * Closes the current session. + * + * @throws HibernateException + * thrown if session is already closed or a hibernate error + * occurs. + */ + @SuppressWarnings("unchecked") + public static void closeSession() { + if (automaticSessionHandling) { + Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand."); + return; + } + Logger.debug("Closing current ConfigDB hibernate session..."); + EntityManager session = (EntityManager) THREAD_LOCAL_CONFIG.get(); + THREAD_LOCAL_CONFIG.set(null); + if (session != null) { + try { + session.close(); + + } catch (HibernateException hex) { + Logger.error(hex.getMessage()); + } + } + } + + public static boolean save(Object dbo) throws MOADatabaseException { + EntityTransaction tx = null; + + try { + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + tx = session.getTransaction(); + + synchronized (session) { + tx.begin(); + session.persist(dbo); + tx.commit(); + + //session.clear(); + } + return true; + + } catch(HibernateException e) { + Logger.warn("Error during Config database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new MOADatabaseException(e); + } + } + + + public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException { + EntityTransaction tx = null; + + try { + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + tx = session.getTransaction(); + + synchronized (session) { + tx.begin(); + + session.merge(dbo); + session.flush(); + + tx.commit(); + + //session.clear(); + } + return true; + + } catch(HibernateException e) { + Logger.warn("Error during Config database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new MOADatabaseException(e); + } + } + + public static boolean delete(Object dbo) { + EntityTransaction tx = null; + try { + EntityManager session = ConfigurationDBUtils.getCurrentSession(); + tx = session.getTransaction(); + + synchronized (session) { + tx.begin(); + session.remove(session.contains(dbo) ? dbo : session.merge(dbo)); + tx.commit(); + + //session.clear(); + } + + return true; + + } catch(HibernateException e) { + Logger.warn("Error during Config database delete. Rollback.", e); + tx.rollback(); + return false; + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java new file mode 100644 index 000000000..5e4ec0f13 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/MOASessionDBUtils.java @@ -0,0 +1,170 @@ +package at.gv.egovernment.moa.id.commons.db; + +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; +import org.hibernate.HibernateException; +import org.hibernate.Session; +import org.hibernate.SessionFactory; +import org.hibernate.Transaction; +import org.hibernate.cfg.Configuration; +import org.hibernate.service.ServiceRegistry; +import org.hibernate.service.ServiceRegistryBuilder; + +import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.logging.Logger; + +public final class MOASessionDBUtils { + + private static SessionFactory sessionFactory; + private static ServiceRegistry serviceRegistry; + + @SuppressWarnings("rawtypes") + private static final ThreadLocal THREAD_LOCAL = new ThreadLocal(); + private static boolean automaticSessionHandling = false; + + private static final String[] AUTOMATIC_SESSION_HANDLING_VALUES = new String[] { "jta", "thread" }; + private static final String SESSION_HANDLING_KEY = "hibernate.current_session_context_class"; + + private static Configuration configuration; + + protected MOASessionDBUtils() { } + + public static void initHibernate(Configuration config, Properties hibernateProperties) { + + String scm = StringUtils.trimToNull(hibernateProperties.getProperty(SESSION_HANDLING_KEY)); + if (scm != null) { + automaticSessionHandling = scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[0]) != -1 || scm.indexOf(AUTOMATIC_SESSION_HANDLING_VALUES[1]) != -1; + } + Logger.debug("Evaluating hibernate property \"" + SESSION_HANDLING_KEY + "\"."); + if (automaticSessionHandling) { + Logger.info("Hibernate is automatically handling session context management."); + } else { + Logger.info("Hibernate is NOT automatically handling session context management. Using build-in ThreadLocal session handling."); + } + try { + //Create the SessionFactory + Logger.debug("Creating initial MOASession session factory..."); + + config.configure(); + serviceRegistry = new ServiceRegistryBuilder().applySettings(config.getProperties()).buildServiceRegistry(); + sessionFactory = config.buildSessionFactory(serviceRegistry); + Logger.debug("Initial MOASession session factory successfully created."); + + } catch (Throwable ex) { + Logger.error("Initial MOASession session factory creation failed: " + ex.getMessage()); + throw new ExceptionInInitializerError(ex); + } + } + + /** + * Checks if a session factory is currently available. If necessary a new + * session factory is created. + * + * @return current (or new) session factory + * @throws HibernateException + * thrown if a hibernate error occurs + */ + public static Session getCurrentSession() { + if (automaticSessionHandling) { + return sessionFactory.getCurrentSession(); + } + Session session = (Session) THREAD_LOCAL.get(); + // Open a new Session, if this Thread has none yet + if (session == null || !session.isConnected()) { + session = getNewSession(); + } + return session; + } + + @SuppressWarnings("unchecked") + public static Session getNewSession() { + if (automaticSessionHandling) { + Logger.warn("Session is being automatically handled by hibernate. Therefore this session maybe not being newly created. Use HibernateUtil.getCurrentSession() instead."); + return sessionFactory.getCurrentSession(); + } + Session session = (Session) THREAD_LOCAL.get(); + if (session != null) { + Logger.warn("Previous MOASession session has not been closed; closing session now."); + closeSession(); + } + Logger.debug("Opening new MOASession hibernate session..."); + try { + session = sessionFactory.openSession(); + THREAD_LOCAL.set(session); + } catch (HibernateException hex) { + Logger.error(hex.getMessage()); + } + return session; + } + + /** + * Closes the current session. + * + * @throws HibernateException + * thrown if session is already closed or a hibernate error + * occurs. + */ + @SuppressWarnings("unchecked") + public static void closeSession() { + if (automaticSessionHandling) { + Logger.warn("Session is being automatically handled by hibernate. Therefore the current session cannot be closed on demand."); + return; + } + Logger.debug("Closing current MOASession hibernate session..."); + Session session = (Session) THREAD_LOCAL.get(); + THREAD_LOCAL.set(null); + if (session != null) { + try { + session.close(); + + } catch (HibernateException hex) { + Logger.error(hex.getMessage()); + } + } + } + + public static boolean saveOrUpdate(Object dbo) throws MOADatabaseException { + Transaction tx = null; + try { + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + tx = session.beginTransaction(); + session.saveOrUpdate(dbo); + tx.commit(); + } + return true; + + } catch(HibernateException e) { + Logger.warn("Error during MOASession database saveOrUpdate. Rollback.", e); + tx.rollback(); + throw new MOADatabaseException(e); + } + } + + public static boolean delete(Object dbo) { + Transaction tx = null; + try { + Session session = MOASessionDBUtils.getCurrentSession(); + + synchronized (session) { + tx = session.beginTransaction(); + session.delete(dbo); + tx.commit(); + } + + return true; + + } catch(HibernateException e) { + Logger.warn("Error during MOASession database delete. Rollback.", e); + tx.rollback(); + return false; + } + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java new file mode 100644 index 000000000..50c156c4e --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AssertionStore.java @@ -0,0 +1,92 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Lob; +import javax.persistence.NamedQueries; +import javax.persistence.NamedQuery; +import javax.persistence.Table; + +import org.hibernate.annotations.DynamicUpdate; + + + +@Entity +@DynamicUpdate(value=true) +@Table(name = "assertionstore") +@NamedQueries({ + @NamedQuery(name="getAssertionWithArtifact", query = "select assertionstore from AssertionStore assertionstore where assertionstore.artifact = :artifact"), + @NamedQuery(name="getAssertionWithTimeOut", query = "select assertionstore from AssertionStore assertionstore where assertionstore.timestamp < :timeout") +}) + +public class AssertionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", unique=true, nullable=false) + private long id; + + @Column(name = "artifact", unique=true, nullable=false) + private String artifact; + + @Column(name = "type", nullable=false) + private String type; + + @Column(name = "assertion", nullable=false) + @Lob private byte [] assertion; + + @Column(name = "timestamp", nullable=false) + Date timestamp; + + + + public String getArtifact() { + return artifact; + } + + public void setArtifact(String artifact) { + this.artifact = artifact; + } + + public String getType() { + return type; + } + + public void setType(String type) { + this.type = type; + } + + public byte[] getAssertion() { + return assertion; + } + + public void setAssertion(byte[] assertion) { + this.assertion = assertion; + } + + public Date getDatatime() { + return timestamp; + } + + public void setDatatime(Date datatime) { + this.timestamp = datatime; + } + + public long getId() { + return id; + } + + public void setId(long id) { + this.id = id; + } + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java new file mode 100644 index 000000000..ed865d70f --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -0,0 +1,187 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import javax.persistence.CascadeType; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Lob; +import javax.persistence.OneToMany; +import javax.persistence.PrePersist; +import javax.persistence.PreUpdate; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; +import javax.persistence.NamedQueries; +import javax.persistence.NamedQuery; + +import org.hibernate.annotations.DynamicUpdate; + + +@Entity +@DynamicUpdate(value=true) +@Table(name = "authenticatedsessionstore") +@NamedQueries({ + @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"), + @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"), + @NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"), + @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate") +}) + +public class AuthenticatedSessionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.AUTO) + @Column(name = "id", unique=true, nullable=false) + private long id; + + @Column(name = "sessionid", unique=true, nullable=false) + private String sessionid; + + @Column(name = "SSOsessionid") + private String SSOsessionid; + + @Column(name = "session", nullable=false) + @Lob private byte [] session; + + @Column(name = "isAuthenticated", nullable=false) + private boolean isAuthenticated = false; + + @Column(name = "isSSOSession", nullable=false) + private boolean isSSOSession = false; + + @Column(name = "pendingRequestID", nullable=false) + private String pendingRequestID = ""; + + @Column(name = "created", updatable=false, nullable=false) + @Temporal(TemporalType.TIMESTAMP) + private Date created; + + @Column(name = "updated") + @Temporal(TemporalType.TIMESTAMP) + private Date updated; + + @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL) + private List<OASessionStore> activeOAsessions = null; + + @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL) + private List<OldSSOSessionIDStore> oldssosessionids = null; + + @PrePersist + protected void created() { + this.updated = this.created = new Date(); + } + + @PreUpdate + protected void lastUpdate() { + this.updated = new Date(); + } + + public long getId() { + return id; + } + + public void setId(long id) { + this.id = id; + } + + public String getSessionid() { + return sessionid; + } + + public void setSessionid(String sessionid) { + this.sessionid = sessionid; + } + + public String getSSOsessionid() { + return SSOsessionid; + } + + public void setSSOsessionid(String sSOsessionid) { + SSOsessionid = sSOsessionid; + } + + public byte[] getSession() { + return session; + } + + public void setSession(byte[] session) { + this.session = session; + } + + public boolean isAuthenticated() { + return isAuthenticated; + } + + public void setAuthenticated(boolean isAuthenticated) { + this.isAuthenticated = isAuthenticated; + } + + public boolean isSSOSession() { + return isSSOSession; + } + + public void setSSOSession(boolean isSSOSession) { + this.isSSOSession = isSSOSession; + } + + public Date getCreated() { + return created; + } + + public void setCreated(Date created) { + this.created = created; + } + + public Date getUpdated() { + return updated; + } + + public void setUpdated(Date updated) { + this.updated = updated; + } + + public List<OASessionStore> getActiveOAsessions() { + return activeOAsessions; + } + + public void setActiveOAsessions(List<OASessionStore> activeOAsessions) { + if (activeOAsessions == null) { + this.activeOAsessions = new ArrayList<OASessionStore>(); + } + + this.activeOAsessions = activeOAsessions; + } + + public List<OldSSOSessionIDStore> getOldssosessionids() { + return oldssosessionids; + } + + public void setOldssosessionids(List<OldSSOSessionIDStore> oldssosessionids) { + this.oldssosessionids = oldssosessionids; + } + + /** + * @return the pendingRequestID + */ + public String getPendingRequestID() { + return pendingRequestID; + } + + /** + * @param pendingRequestID the pendingRequestID to set + */ + public void setPendingRequestID(String pendingRequestID) { + this.pendingRequestID = pendingRequestID; + } + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java new file mode 100644 index 000000000..6e0f47805 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -0,0 +1,87 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.PrePersist; +import javax.persistence.Table; +import javax.persistence.Temporal; +import javax.persistence.TemporalType; + +import org.hibernate.annotations.DynamicUpdate; +import org.hibernate.annotations.NamedQueries; +import org.hibernate.annotations.NamedQuery; + +@Entity +@DynamicUpdate(value=true) +@Table(name = "oasessionstore") + +public class OASessionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "idOASession", unique=true, nullable=false) + private long idOASession; + + @Column(name = "oaurlprefix", unique=false, nullable=false) + private String oaurlprefix; + + @Column(name = "created", updatable=false, nullable=false) +// @Temporal(TemporalType.TIMESTAMP) + private Date created; + +// @PrePersist +// protected void created() { +// this.created = new Date(); +// } + + @ManyToOne(fetch=FetchType.LAZY) + @JoinColumn(name = "moasession") + private AuthenticatedSessionStore moasession; + + public long getIdOASession() { + return idOASession; + } + + public void setIdOASession(long idOASession) { + this.idOASession = idOASession; + } + + public String getOaurlprefix() { + return oaurlprefix; + } + + public void setOaurlprefix(String oaurlprefix) { + this.oaurlprefix = oaurlprefix; + } + + public AuthenticatedSessionStore getMoasession() { + return moasession; + } + + public void setMoasession(AuthenticatedSessionStore moasession) { + this.moasession = moasession; + } + + public Date getCreated() { + return created; + } + + public void setCreated(Date created) { + this.created = created; + } + + + +} + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java new file mode 100644 index 000000000..3ec2babad --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OldSSOSessionIDStore.java @@ -0,0 +1,69 @@ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.Table; + +import org.hibernate.annotations.DynamicUpdate; +import org.hibernate.annotations.NamedQueries; +import org.hibernate.annotations.NamedQuery; + +@Entity +@DynamicUpdate(value=true) +@Table(name = "oldssosessionid") + +@NamedQueries({ + @NamedQuery(name="getSSOSessionWithOldSessionID", query = "select oldssosessionid from OldSSOSessionIDStore oldssosessionid where oldssosessionid.oldsessionid = :sessionid") +}) + +public class OldSSOSessionIDStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "idOldSSOSession", unique=true, nullable=false) + private long idOldSSOSession; + + @Column(name = "oldsessionid", unique=true, nullable=false) + private String oldsessionid; + + //@ManyToOne(fetch=FetchType.LAZY) + @ManyToOne(fetch=FetchType.LAZY) + @JoinColumn(name = "moasession") + private AuthenticatedSessionStore moasession; + + public long getIdOldSSOSession() { + return idOldSSOSession; + } + + public void setIdOldSSOSession(long idOldSSOSession) { + this.idOldSSOSession = idOldSSOSession; + } + + public String getOldsessionid() { + return oldsessionid; + } + + public void setOldsessionid(String oldsessionid) { + this.oldsessionid = oldsessionid; + } + + public AuthenticatedSessionStore getMoasession() { + return moasession; + } + + public void setMoasession(AuthenticatedSessionStore moasession) { + this.moasession = moasession; + } + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java new file mode 100644 index 000000000..169d31aac --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ex/MOADatabaseException.java @@ -0,0 +1,22 @@ +package at.gv.egovernment.moa.id.commons.db.ex; + +public class MOADatabaseException extends Exception { + + private static final long serialVersionUID = 1L; + + public MOADatabaseException() { + super(); + } + + public MOADatabaseException(String message, Throwable cause) { + super(message, cause); + } + + public MOADatabaseException(String message) { + super(message); + } + + public MOADatabaseException(Throwable cause) { + super(cause); + } +} diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb new file mode 100644 index 000000000..6269e2dbc --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb @@ -0,0 +1,10 @@ +<jaxb:bindings version="1.0" + xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" + xmlns:xsd="http://www.w3.org/2001/XMLSchema"> + + <jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema"> + <jaxb:globalBindings localScoping="toplevel"> + <jaxb:serializable/> + </jaxb:globalBindings> + </jaxb:bindings> +</jaxb:bindings>
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml b/id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml new file mode 100644 index 000000000..4841481b6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/config/hibernate.cfg.xml @@ -0,0 +1,14 @@ +<?xml version='1.0' encoding='utf-8'?> +<!DOCTYPE hibernate-configuration PUBLIC +"-//Hibernate/Hibernate Configuration DTD 3.0//EN" +"http://www.hibernate.org/dtd/hibernate-configuration-3.0.dtd"> + +<hibernate-configuration> + <session-factory> + <!-- MOA Session handling mapping files --> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore"/> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore"/> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore"/> + <mapping class="at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore"/> + </session-factory> +</hibernate-configuration>
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd new file mode 100644 index 000000000..06f0f0bcb --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -0,0 +1,951 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet --> +<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0"> + <xsd:complexType name="OnlineApplication"> + <xsd:complexContent> + <xsd:extension base="OnlineApplicationType"> + <xsd:attribute name="publicURLPrefix" type="xsd:anyURI" use="required"/> + <xsd:attribute name="keyBoxIdentifier" type="MOAKeyBoxSelector" use="optional" default="SecureSignatureKeypair"/> + <xsd:attribute name="type" use="optional" default="publicService"> + <xsd:simpleType> + <xsd:restriction base="xsd:NMTOKEN"> + <xsd:enumeration value="businessService"/> + <xsd:enumeration value="publicService"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + <xsd:attribute name="calculateHPI" type="xsd:boolean" use="optional" default="false"/> + <xsd:attribute name="friendlyName" type="xsd:string" use="optional"/> + <xsd:attribute name="target" type="xsd:string" use="optional"/> + <xsd:attribute name="targetFriendlyName" type="xsd:string" use="optional"/> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + <xsd:element name="Configuration"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="LoginType" type="LoginType" default="stateful"/> + <xsd:element name="Binding" minOccurs="0"> + <xsd:simpleType> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="full"/> + <xsd:enumeration value="userName"/> + <xsd:enumeration value="none"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:element> + <xsd:choice> + <xsd:element ref="ParamAuth"/> + <xsd:element ref="BasicAuth"/> + <xsd:element ref="HeaderAuth"/> + </xsd:choice> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <!-- ### Identification elements ### --> + <xsd:complexType name="AbstractSimpleIdentificationType"> + <xsd:simpleContent> + <xsd:extension base="xsd:string"/> + </xsd:simpleContent> + </xsd:complexType> + <xsd:element name="AbstractSimpleIdentification" type="AbstractSimpleIdentificationType"> + <xsd:annotation> + <xsd:documentation>possibility to include common austrian primary + keys in human readable way, english translation not available + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <!-- ### DSIG imports ### --> + <xsd:complexType name="X509IssuerSerialType"> + <xsd:sequence> + <xsd:element name="X509IssuerName" type="xsd:string"/> + <xsd:element name="X509SerialNumber" type="xsd:integer"/> + </xsd:sequence> + </xsd:complexType> + <!-- ### Imported STORK resources ### --> + <xsd:simpleType name="QualityAuthenticationAssuranceLevelType"> + <xsd:restriction base="xsd:integer"> + <xsd:minInclusive value="1"/> + <xsd:maxInclusive value="4"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:element name="QualityAuthenticationAssuranceLevel" type="QualityAuthenticationAssuranceLevelType"/> + <xsd:element name="AttributeValue" type="xsd:anyType"/> + <xsd:complexType name="RequestedAttributeType"/> + <xsd:element name="RequestedAttribute" type="RequestedAttributeType"/> + <xsd:simpleType name="CountryCodeType"> + <xsd:restriction base="xsd:token"> + <xsd:pattern value="[A-Z]{2}"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:complexType name="RequestedAttributesType"> + <xsd:sequence> + <xsd:element name="AttributeValue" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="RequestedAttributes" type="RequestedAttributesType"/> + <xsd:simpleType name="LoginType"> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="stateless"/> + <xsd:enumeration value="stateful"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:element name="ParamAuth"> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="Parameter" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="Parameter"> + <xsd:complexType> + <xsd:attribute name="Name" type="xsd:token" use="required"/> + <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/> + </xsd:complexType> + </xsd:element> + <xsd:element name="BasicAuth"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="UserID" type="MOAAuthDataType"/> + <xsd:element name="Password" type="MOAAuthDataType"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="HeaderAuth"> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="Header" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="Header"> + <xsd:complexType> + <xsd:attribute name="Name" type="xsd:token" use="required"/> + <xsd:attribute name="Value" type="MOAAuthDataType" use="required"/> + </xsd:complexType> + </xsd:element> + <xsd:simpleType name="MOAAuthDataType"> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="MOAGivenName"/> + <xsd:enumeration value="MOAFamilyName"/> + <xsd:enumeration value="MOADateOfBirth"/> + <xsd:enumeration value="MOABPK"/> + <xsd:enumeration value="MOAWBPK"/> + <xsd:enumeration value="MOAPublicAuthority"/> + <xsd:enumeration value="MOABKZ"/> + <xsd:enumeration value="MOAQualifiedCertificate"/> + <xsd:enumeration value="MOAStammzahl"/> + <xsd:enumeration value="MOAIdentificationValueType"/> + <xsd:enumeration value="MOAIPAddress"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="MOAKeyBoxSelector"> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="SecureSignatureKeypair"/> + <xsd:enumeration value="CertifiedKeypair"/> + </xsd:restriction> + </xsd:simpleType> + <!--Konfiguration für Authentisierungs- und Proxy-Komponente und Online-Applikation --> + <xsd:element name="MOA-IDConfiguration"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="AuthComponent_General" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>enthält Parameter der + Authentisierungs-Komponente + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="AuthComponentType"/> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + <xsd:element name="ProxyComponent_General" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>enthält Konfigurationsparameter der + Proxy-Komponente + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="AuthComponent"> + <xsd:annotation> + <xsd:documentation>enthält Parameter für die Kommunikation zw. + Proxykomponente und Authenttisierungskomponente + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="ConnectionParameter_Proxy" type="ConnectionParameterClientAuthType" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>enthält Parameter für die SOAP-Verbindung + von der Proxy-Komponente zur Auth-Komponente (vgl. + AuthComponent/MOA-SP/ConnectionParameter) + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="OnlineApplication" type="OnlineApplication" maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>enthält Parameter für die OA + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="ChainingModes" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>spezifiziert den Algorithmus ("pkix" oder + "chaining") für die Zertifikatspfadvalidierung + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence minOccurs="0" maxOccurs="unbounded"> + <xsd:element name="TrustAnchor"> + <xsd:annotation> + <xsd:documentation>ein vom SystemDefaultMode abweichender + ChiningMode kann für jeden TrustAnchor gesetzt werden + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:complexContent> + <xsd:extension base="X509IssuerSerialType"> + <xsd:attribute name="mode" type="ChainingModeType" use="required"/> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="systemDefaultMode" type="ChainingModeType" use="optional" default="pkix"/> + </xsd:complexType> + </xsd:element> + <xsd:element name="TrustedCACertificates" type="xsd:anyURI" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>verweist auf ein Verzeichnis, das + vertrauenswürdige CA (Zwischen-CA, Wurzel-CA) Zertifikate + enthält. + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="GenericConfiguration" minOccurs="0" maxOccurs="unbounded"> + <xsd:complexType> + <xsd:attribute name="name" use="required"> + <xsd:simpleType> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="DirectoryCertStoreParameters.RootDir"/> + <xsd:enumeration value="AuthenticationSession.TimeOut"/> + <xsd:enumeration value="AuthenticationData.TimeOut"/> + <xsd:enumeration value="TrustManager.RevocationChecking"/> + <xsd:enumeration value="FrontendServlets.EnableHTTPConnection"/> + <xsd:enumeration value="FrontendServlets.DataURLPrefix"/> + <xsd:enumeration value="AuthenticationServer.KeepAssertion"/> + <xsd:enumeration value="AuthenticationServer.WriteAssertionToFile"/> + <xsd:enumeration value="AuthenticationServer.SourceID"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + <xsd:attribute name="value" type="xsd:string" use="required"/> + </xsd:complexType> + </xsd:element> + <xsd:element name="DefaultBKUs"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="OnlineBKU" type="xsd:anyURI" minOccurs="0"/> + <xsd:element name="HandyBKU" type="xsd:anyURI"/> + <xsd:element name="LocalBKU" type="xsd:anyURI"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="SLRequestTemplates"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="OnlineBKU" type="xsd:anyURI"/> + <xsd:element name="HandyBKU" type="xsd:anyURI"/> + <xsd:element name="LocalBKU" type="xsd:anyURI"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:complexType name="AuthComponentType"> + <xsd:sequence> + <xsd:element ref="GeneralConfiguration"/> + <xsd:element name="Protocols"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="SAML1" minOccurs="0"/> + <xsd:element name="PVP2" minOccurs="0"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="PublicURLPrefix" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/> + <xsd:element name="IssuerName" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/> + <xsd:element name="Organization"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="Name" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="DisplayName" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="URL" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element ref="Contact" minOccurs="1" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="LegacyAllowed"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="ProtocolName" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="SSO"> + <xsd:complexType> + <xsd:choice> + <xsd:element name="target" type="xsd:string"/> + <xsd:element ref="IdentificationNumber" minOccurs="1"/> + </xsd:choice> + <xsd:attribute name="PublicURL" type="xsd:string"/> + <xsd:attribute name="FriendlyName" type="xsd:string"/> + <xsd:attribute name="SpecialText" type="xsd:string"/> + </xsd:complexType> + </xsd:element> + <xsd:element name="SecurityLayer"> + <xsd:annotation> + <xsd:documentation>enthält Parameter für die Kommunikation mit dem + Security-Layer + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="TransformsInfo" type="TransformsInfoType" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="MOA-SP"> + <xsd:annotation> + <xsd:documentation>enthaelt Konfiguratiosnparameter für die + Kommunikation mit dem MOA SP Modul + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>enthält Parameter für die SOAP-Verbindung von + der AUTH-Komponente zu MOA-SP; das Attribut URL enthält den + Endpunkt des Server; wird das Schema "https" verwendet müssen + die Kind-Elemente angegeben werden; wird das Schema "http" + verwendet dürfen keine Kind-Elemente angegeben werden; wird das + Element nicht verwendet dann wird MOA-SP über das API + aufgerufen + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="VerifyIdentityLink"> + <xsd:annotation> + <xsd:documentation>enthält Parameter für die Überprüfung der + Personenbindung + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="TrustProfileID"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="VerifyAuthBlock"> + <xsd:annotation> + <xsd:documentation>enthält Parameter für die Überprüfung des + AUTH-Blocks + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="TrustProfileID"/> + <xsd:element name="VerifyTransformsInfoProfileID" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="IdentityLinkSigners" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>enthält Informationen über akzeptierte Signers + des IdentityLinks + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="X509SubjectName" type="xsd:string" maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>akzeptierte Signer des IdentityLinks werden + per X509SubjectName (Kodierung nach RFC 2253) identifiziert + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="ForeignIdentities" minOccurs="0"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType"> + <xsd:annotation> + <xsd:documentation>Verbindungsparameter zum SZR-Gateway + (GetIdentityLink) + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element ref="STORK" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Verbindungsparameter zu den Country-PEPS + (C-PEPS) + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="OnlineMandates" minOccurs="0"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType"> + <xsd:annotation> + <xsd:documentation>Verbindungsparameter zum + Online-Vollmachten-Service + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="TransformsInfoType"> + <xsd:annotation> + <xsd:documentation>das Attribut filename verweist auf eine Datei mit + globalem Element TransformsInfo vom Typ sl10:TransformsInfo; diese + TransformsInfo werden in den CreateXMLSignatureRequest fuer die + Signatur des AUTH-Blocks inkludiert + </xsd:documentation> + </xsd:annotation> + <xsd:sequence> + <xsd:element name="transformation" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/> + </xsd:sequence> + <xsd:attribute name="filename" type="xsd:anyURI" use="required"/> + </xsd:complexType> + <xsd:complexType name="TemplatesType"> + <xsd:sequence> + <xsd:element name="Template" type="TemplateType" minOccurs="0" maxOccurs="3"/> + <xsd:element name="AditionalAuthBlockText" type="xsd:string" minOccurs="0"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="TemplateType"> + <xsd:annotation> + <xsd:documentation>das Attribut URL spezifiziert die Lage des + Templates + </xsd:documentation> + </xsd:annotation> + <xsd:attribute name="URL" type="xsd:anyURI" use="required"/> + </xsd:complexType> + <xsd:complexType name="VerifyInfoboxesType"> + <xsd:annotation> + <xsd:documentation>Verifikation zusaetzlicher Infoboxen + </xsd:documentation> + </xsd:annotation> + <xsd:sequence> + <xsd:element name="DefaultTrustProfile" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Optionales DefaultTrustprofil für die + Überprüfung aller weiteren Infoboxen + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element ref="TrustProfileID"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="SchemaLocationType"> + <xsd:annotation> + <xsd:documentation>Spezifiziert die Lage von XML Schemas + </xsd:documentation> + </xsd:annotation> + <xsd:sequence> + <xsd:element name="Schema" maxOccurs="unbounded"> + <xsd:complexType> + <xsd:attribute name="namespace" type="xsd:anyURI" use="required"/> + <xsd:attribute name="schemaLocation" type="xsd:anyURI" use="required"/> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="ProxyComponentType"/> + <xsd:complexType name="OnlineApplicationType"> + <xsd:sequence> + <xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> + <xsd:element name="AuthComponent_OA" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>enthält Parameter über die OA, die die + Authentisierungs-Komponente betreffen + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="BKUURLS"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="OnlineBKU" type="xsd:anyURI" minOccurs="1"/> + <xsd:element name="HandyBKU" type="xsd:anyURI" minOccurs="1"/> + <xsd:element name="LocalBKU" type="xsd:anyURI" minOccurs="1"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element ref="IdentificationNumber" minOccurs="0"/> + <xsd:element name="Templates" type="TemplatesType" minOccurs="0"/> + <xsd:element name="TransformsInfo" type="TransformsInfoType" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="Mandates" minOccurs="0"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="Profiles" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element ref="STORK" minOccurs="0"/> + <xsd:element name="OA_SSO" minOccurs="0"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="UseSSO" type="xsd:boolean"/> + <xsd:element name="AuthDataFrame" type="xsd:boolean" default="true"/> + <xsd:element name="SingleLogOutURL" type="xsd:anyURI"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element ref="OA_SAML1" minOccurs="0"/> + <xsd:element ref="OA_PVP2" minOccurs="0"/> + </xsd:sequence> + <xsd:attribute name="slVersion" use="optional" default="1.1"> + <xsd:simpleType> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="1.1"/> + <xsd:enumeration value="1.2"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:attribute> + <xsd:attribute name="useIFrame" type="xsd:boolean" default="false"/> + <xsd:attribute name="useUTC" type="xsd:boolean" default="true"/> + <!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" + maxOccurs="1"/ --> + </xsd:complexType> + </xsd:element> + <xsd:element name="ProxyComponent_OA" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>enthält Parameter über die OA, die die + Proxy-Komponente betreffen + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType"> + <xsd:annotation> + <xsd:documentation>enthält Parameter über die OA, die die + Proxy-Komponente betreffen + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="configFileURL" type="xsd:anyURI" use="optional"/> + <xsd:attribute name="sessionTimeOut" type="xsd:int" use="optional"/> + <xsd:attribute name="loginParameterResolverImpl" type="xsd:string" use="optional"/> + <xsd:attribute name="loginParameterResolverConfiguration" type="xsd:string" use="optional"/> + <xsd:attribute name="connectionBuilderImpl" type="xsd:string" use="optional"/> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="ConnectionParameterServerAuthType"> + <xsd:sequence> + <xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>URL zu einem Verzeichnis, das akzeptierte + Server-Zertifikate der TLS-Verbindung enthält (keine + CA-Zertifikate) + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="URL" type="xsd:anyURI" use="required"/> + </xsd:complexType> + <xsd:complexType name="ConnectionParameterClientAuthType"> + <xsd:complexContent> + <xsd:extension base="ConnectionParameterServerAuthType"> + <xsd:sequence> + <xsd:element name="ClientKeyStore" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>URL zu einem KeyStore, der den privaten + Schlüssel, der für die TLS-Client-Authentisierung verwendet + wird, enthält + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:simpleContent> + <xsd:extension base="xsd:anyURI"> + <xsd:attribute name="password" type="xsd:string" use="optional"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + </xsd:element> + </xsd:sequence> + </xsd:extension> + </xsd:complexContent> + </xsd:complexType> + <xsd:element name="TrustProfileID" type="xsd:string"/> + <xsd:simpleType name="ChainingModeType"> + <xsd:restriction base="xsd:string"> + <xsd:enumeration value="chaining"/> + <xsd:enumeration value="pkix"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:simpleType name="BKUSelectionType"> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="HTMLComplete"/> + <xsd:enumeration value="HTMLSelect"/> + </xsd:restriction> + </xsd:simpleType> + <xsd:element name="CompatibilityMode" default="false"> + <xsd:simpleType> + <xsd:restriction base="xsd:boolean"/> + </xsd:simpleType> + </xsd:element> + <xsd:element name="EnableInfoboxValidator" default="true"> + <xsd:simpleType> + <xsd:restriction base="xsd:boolean"/> + </xsd:simpleType> + </xsd:element> + <xsd:element name="AlwaysShowForm" default="false"> + <xsd:annotation> + <xsd:documentation>Soll nicht nur bei leerer oder standardisierter + Vollmacht mit unvollständigen Daten, sondern beispielsweise zu + Kontrollzwecken das Eingabeformular immer angezeigt werden, wenn ein + Einschreiten durch berufliche Parteienvertretung geschieht so kann + dies mittels dieses Schalters veranlasst werden + </xsd:documentation> + </xsd:annotation> + <xsd:simpleType> + <xsd:restriction base="xsd:boolean"/> + </xsd:simpleType> + </xsd:element> + <xsd:complexType name="InputProcessorType"> + <xsd:simpleContent> + <xsd:extension base="xsd:string"> + <xsd:attribute name="template" type="xsd:anyURI" use="optional"> + <xsd:annotation> + <xsd:documentation>Das Attribut spezifiziert die Lage des + Templates, welches der InputProcessor zur Darstellung des + Eingabeformulars nutzen soll + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + <xsd:complexType name="PartyRepresentationType"> + <xsd:sequence> + <xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Default InputProcessor. Konfiguration eines vom + Standardprozess abweichenden Verarbeitungsvorgangs bei der + beruflichen Parteienvertretung. Der Wert dieses Elements ist der + vollständige Klassenname des InputProzessors + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element ref="AlwaysShowForm" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Default Wert fuer Formularanzeige. Soll nicht nur + bei leerer oder standardisierter Vollmacht mit unvollstaendigen + Daten, sondern beispielsweise zu Kontrollzwecken das + Eingabeformular zur vervollstaendigung der Vertretenendaten immer + angezeigt werden, wenn ein Einschreiten durch berufliche + Parteienvertretung geschieht so kann dies mittels dieses Schalters + veranlasst werden + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Default Verbindungsparameter zum SZR-Gateway + (für den EGIZ-Demonstrator im internen Netzwerk: + https://129.27.142.5:8443/szr-gateway/services/MandateCreation) + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element name="PartyRepresentative" type="PartyRepresentativeType" minOccurs="0" maxOccurs="unbounded"> + <xsd:annotation> + <xsd:documentation>Falls keine speziellen beruflichen + ParteienvertreterInnen definiert sind (Element kommt nicht vor), + werden ausschließlich standardisierte Vollmachten mit einer + MandateID="*" akzeptiert + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="PartyRepresentativeType"> + <xsd:sequence> + <xsd:element name="InputProcessor" type="InputProcessorType" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Konfiguration eines vom Standardprozess + abweichenden Verarbeitungsvorgangs bei der beruflichen + Parteienvertretung. Der Wert dieses Elements ist der vollständige + Klassenname des InputProzessors + </xsd:documentation> + </xsd:annotation> + </xsd:element> + <xsd:element ref="AlwaysShowForm" minOccurs="0"/> + <xsd:element name="ConnectionParameter" type="ConnectionParameterClientAuthType" minOccurs="0"> + <xsd:annotation> + <xsd:documentation>Optionale Verbindungsparameter zu speziellem + (SZR-)Gateway + </xsd:documentation> + </xsd:annotation> + </xsd:element> + </xsd:sequence> + <xsd:attribute name="oid" use="required"> + <xsd:annotation> + <xsd:documentation>OID der Parteienvertretung lt. "Object Identifier + der öffentlichen Verwaltung" - Konvention, Empfehlung. Diese ID + muss mit der MandateID der übermittelten standardisierten Vollmacht + übereinstimmen. Eine Parteienvertretung für standardisierte + Vollmachten mit der MandateID "*" muss nicht definiert werden und + erlaubt eine allgemeine berufliche Parteienvertretung mit + Standardtexten. In anderen Fällen ist eine erlaubte OID mitttels + dieses Attributs zu definieren + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + <xsd:attribute name="representPhysicalParty" use="optional" default="false"> + <xsd:annotation> + <xsd:documentation>Legt fest, ob berufliche Parteienvertretung für + natürliche Personen erlaubt ist + </xsd:documentation> + </xsd:annotation> + <xsd:simpleType> + <xsd:restriction base="xsd:boolean"/> + </xsd:simpleType> + </xsd:attribute> + <xsd:attribute name="representCorporateParty" use="optional" default="false"> + <xsd:annotation> + <xsd:documentation>Legt fest, ob berufliche Parteienvertretung für + juristische Personen erlaubt ist (welche z.B. ein Organwalter nicht + vertreten darf und dieser Wert aus diesem Grund dort false sein + muss) + </xsd:documentation> + </xsd:annotation> + <xsd:simpleType> + <xsd:restriction base="xsd:boolean"/> + </xsd:simpleType> + </xsd:attribute> + <xsd:attribute name="representationText" use="optional"> + <xsd:annotation> + <xsd:documentation>Beschreibender Text, der an Stelle des + Standardtexts bei der Signatur der Anmeldedaten im Falle einer + vorliegenden beruflichen Parteienvertretung zur Signatur vorgelegt + wird + </xsd:documentation> + </xsd:annotation> + </xsd:attribute> + </xsd:complexType> + <xsd:complexType name="SignatureCreationParameterType"> + <xsd:annotation> + <xsd:documentation>Enthaelt Informationen zu einem KeyStore bzw. Key + zur STORK SAML AuthnRequest Signaturerstellung + </xsd:documentation> + </xsd:annotation> + <xsd:sequence> + <xsd:element ref="KeyStore"/> + <xsd:element ref="KeyName"/> + </xsd:sequence> + </xsd:complexType> + <xsd:complexType name="SignatureVerificationParameterType"> + <xsd:annotation> + <xsd:documentation>Enthaelt Informationen zur Verfikation von + Signaturen einer STORK SAML Response + </xsd:documentation> + </xsd:annotation> + <xsd:sequence> + <xsd:element ref="TrustProfileID"/> + </xsd:sequence> + </xsd:complexType> + <xsd:element name="SAMLSigningParameter"> + <xsd:annotation> + <xsd:documentation>Enthält Informationen zur Erstellung und + Verifikation von STORK SAML Messages + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="SignatureCreationParameter" type="SignatureCreationParameterType"/> + <xsd:element name="SignatureVerificationParameter" type="SignatureVerificationParameterType"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="KeyStore"> + <xsd:annotation> + <xsd:documentation>URL zu einem KeyStore, der den privaten Schlüssel + zum Erstellen einer Signatur enthält + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:simpleContent> + <xsd:extension base="xsd:anyURI"> + <xsd:attribute name="password" type="xsd:string" use="optional"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + </xsd:element> + <xsd:element name="KeyName"> + <xsd:annotation> + <xsd:documentation>Name zum Key eines KeyStores, der den privaten + Schlüssel zum Erstellen einer Signatur darstellt + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:simpleContent> + <xsd:extension base="xsd:string"> + <xsd:attribute name="password" type="xsd:string" use="optional"/> + </xsd:extension> + </xsd:simpleContent> + </xsd:complexType> + </xsd:element> + <xsd:element name="C-PEPS"> + <xsd:annotation> + <xsd:documentation>Enthält Informationen zu einem Citizen Country + PEPS (C-PEPS) + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="AttributeValue" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + <xsd:attribute name="countryCode" type="CountryCodeType" use="required"/> + <xsd:attribute name="URL" type="xsd:anyURI" use="required"/> + </xsd:complexType> + </xsd:element> + <xsd:element name="STORK"> + <xsd:annotation> + <xsd:documentation>Contains STORK related information + </xsd:documentation> + </xsd:annotation> + <xsd:complexType> + <xsd:choice> + <xsd:sequence> + <xsd:element ref="C-PEPS" maxOccurs="unbounded"/> + <xsd:element ref="SAMLSigningParameter"/> + </xsd:sequence> + <xsd:sequence> + <xsd:element ref="QualityAuthenticationAssuranceLevel" minOccurs="0"/> + <xsd:element ref="RequestedAttributes"/> + </xsd:sequence> + </xsd:choice> + </xsd:complexType> + </xsd:element> + <xsd:element name="OA_SAML1"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="provideStammzahl" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> + <xsd:element name="provideAUTHBlock" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> + <xsd:element name="provideIdentityLink" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> + <xsd:element name="provideCertificate" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> + <xsd:element name="provideFullMandatorData" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> + <xsd:element name="useCondition" type="xsd:boolean" minOccurs="0" maxOccurs="1"/> + <xsd:element name="conditionLength" type="xsd:integer" minOccurs="0" maxOccurs="1"/> + <xsd:element name="sourceID" type="xsd:string" minOccurs="0" maxOccurs="1"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="OA_PVP2"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="metadataURL" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/> + <xsd:element name="certificate" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="GeneralConfiguration"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="TimeOuts"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="Assertion" type="xsd:integer" minOccurs="1" maxOccurs="1"/> + <xsd:element name="MOASessionCreated" type="xsd:integer" minOccurs="1" maxOccurs="1"/> + <xsd:element name="MOASessionUpdated" type="xsd:integer" minOccurs="1" maxOccurs="1"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="AlternativeSourceID" type="xsd:string"/> + <xsd:element name="CertStoreDirectory" type="xsd:anyURI"/> + <xsd:element name="TrustManagerRevocationChecking" type="xsd:boolean" default="true"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="IdentificationNumber"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="Type" type="xsd:string"/> + <xsd:element name="Value" type="xsd:string"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:element name="Contact"> + <xsd:complexType> + <xsd:sequence> + <xsd:element name="SurName" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="GivenName" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="Mail" type="xsd:string" minOccurs="1" maxOccurs="unbounded"/> + <xsd:element name="Type" minOccurs="1" maxOccurs="1"> + <xsd:simpleType> + <xsd:restriction base="xsd:token"> + <xsd:enumeration value="technical"/> + <xsd:enumeration value="support"/> + <xsd:enumeration value="administrative"/> + <xsd:enumeration value="billing"/> + <xsd:enumeration value="other"/> + </xsd:restriction> + </xsd:simpleType> + </xsd:element> + <xsd:element name="Company" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="Phone" type="xsd:string" minOccurs="1" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> + </xsd:element> + <xsd:complexType name="UserDatabase"> + <xsd:sequence> + <xsd:element name="bpk" type="xsd:string" minOccurs="0" maxOccurs="1"/> + <xsd:element name="familyname" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="givenname" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="institut" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="mail" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="phone" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="username" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="password" type="xsd:string" minOccurs="1" maxOccurs="1"/> + <xsd:element name="isActive" type="xsd:boolean" default="true" minOccurs="1" maxOccurs="1"/> + <xsd:element name="isAdmin" type="xsd:boolean" default="true" minOccurs="1" maxOccurs="1"/> + <xsd:element name="lastLogin" type="xsd:date" minOccurs="1" maxOccurs="1"/> + <xsd:element name="OnlineApplication" type="OnlineApplication" minOccurs="0" maxOccurs="unbounded"/> + </xsd:sequence> + </xsd:complexType> +</xsd:schema> diff --git a/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml new file mode 100644 index 000000000..25092ff58 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/config/persistence_template.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<persistence version="1.0" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_1_0.xsd +http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_1_0.xsd" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:orm="http://java.sun.com/xml/ns/persistence/orm" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <persistence-unit name="##generated"> + <!-- <class>at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase</class> --> + +<!-- <properties> + C3p0 connection pooling configuration + <property name="hibernate.connection.provider_class" value="org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider"/> + <property name="hibernate.connection.provider_class" value="org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider"/> + <property name="acquireRetryDelay" value="5000"/> + <property name="breakAfterAcquireFailure" value="true"/> + <property name="checkoutTimeout" value="1"/> + <property name="testConnectionOnCheckin" value="1" /> + </properties> --> + </persistence-unit> +</persistence> diff --git a/id/server/pom.xml b/id/server/pom.xml index 386f38ed6..777715c3b 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -19,6 +19,7 @@ <module>proxy</module>
<module>auth</module>
<module>stork-saml-engine</module>
+ <module>moa-id-commons</module>
</modules>
<properties>
diff --git a/id/server/proxy/.settings/org.eclipse.wst.common.component b/id/server/proxy/.settings/org.eclipse.wst.common.component index eeb0e2248..6570beb50 100644 --- a/id/server/proxy/.settings/org.eclipse.wst.common.component +++ b/id/server/proxy/.settings/org.eclipse.wst.common.component @@ -1,16 +1,287 @@ -<?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="2.0">
<wb-module deploy-name="moa-id-proxy">
- <dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
- <dependency-type>uses</dependency-type>
- </dependent-module>
- <dependent-module archiveName="stork-saml-engine-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
- <dependency-type>uses</dependency-type>
- </dependent-module>
<property name="context-root" value="moa-id-proxy"/>
<wb-resource deploy-path="/" source-path="src/main/webapp"/>
<property name="java-output-path" value="/target/classes"/>
+ <dependent-module archiveName="axis-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis/1.1/axis-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-spss-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-jaxrpc-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-saaj-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="axis-wsdl4j-1.5.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-discovery-0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-logging-1.0.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="activation-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="mail-1.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="log4j-1.2.14.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="postgresql-7.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_moa-1.32.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_ixsil-1.2.2.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_cms-4.1_MOA.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-common.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jaxen-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="saxpath-1.0-FCS.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="joda-time-1.6.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/joda-time/joda-time/1.6.2/joda-time-1.6.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_tsl-0.0.2-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_tsl/0.0.2-SNAPSHOT/iaik_tsl-0.0.2-SNAPSHOT.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_util-0.23.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_util/0.23/iaik_util-0.23.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_xsect-1.1709142.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_xsect/1.1709142/iaik_xsect-1.1709142.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jaxb-api-2.2.6.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/javax/xml/bind/jaxb-api/2.2.6/jaxb-api-2.2.6.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jaxb-impl-2.2.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/com/sun/xml/bind/jaxb-impl/2.2.5/jaxb-impl-2.2.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="sqlite-jdbc-3.7.8-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/xerial/sqlite-jdbc/3.7.8-SNAPSHOT/sqlite-jdbc-3.7.8-SNAPSHOT.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_jsse-4.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_jsse/4.4/iaik_jsse-4.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-id-lib.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-lib/moa-id-lib">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-fileupload-1.1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-fileupload/commons-fileupload/1.1.1/commons-fileupload-1.1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-io-1.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-io/commons-io/1.1/commons-io-1.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-httpclient-3.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-httpclient/commons-httpclient/3.1/commons-httpclient-3.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-codec-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-codec/commons-codec/1.2/commons-codec-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="dav4j-0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/dav4j/dav4j/0.1/dav4j-0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="httpsclient-JSSE-1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/httpsclient/httpsclient/JSSE-1.0/httpsclient-JSSE-1.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="iaik_X509TrustManager-0.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/iaik/prod/iaik_X509TrustManager/0.3/iaik_X509TrustManager-0.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="shibboleth-common-1.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/edu/internet2/middleware/shibboleth-common/1.4.0/shibboleth-common-1.4.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="opensaml-2.6.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/opensaml/2.6.0/opensaml-2.6.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="openws-1.4.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/openws/1.4.4/openws-1.4.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmltooling-1.3.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/opensaml/xmltooling/1.3.4/xmltooling-1.3.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="bcprov-jdk15-1.46.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/bouncycastle/bcprov-jdk15/1.46/bcprov-jdk15-1.46.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="not-yet-commons-ssl-0.3.9.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ca/juliusdavies/not-yet-commons-ssl/0.3.9/not-yet-commons-ssl-0.3.9.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xmlsec-1.4.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/santuario/xmlsec/1.4.5/xmlsec-1.4.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-apis-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xml-apis/2.10.0/xml-apis-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xercesImpl-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/xercesImpl/2.10.0/xercesImpl-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="serializer-2.10.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/xerces/serializer/2.10.0/serializer-2.10.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xml-resolver-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xml-resolver/xml-resolver/1.2/xml-resolver-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="xalan-2.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/xalan/xalan/2.7.1/xalan-2.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jcl-over-slf4j-1.7.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/jcl-over-slf4j/1.7.5/jcl-over-slf4j-1.7.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-api-1.7.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-api/1.7.5/slf4j-api-1.7.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jul-to-slf4j-1.7.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/jul-to-slf4j/1.7.5/jul-to-slf4j-1.7.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="log4j-over-slf4j-1.7.5.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/log4j-over-slf4j/1.7.5/log4j-over-slf4j-1.7.5.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-collections-3.2.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-collections/commons-collections/3.2.1/commons-collections-3.2.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-lang-2.6.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-lang/commons-lang/2.6/commons-lang-2.6.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="velocity-1.7.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/velocity/velocity/1.7/velocity-1.7.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="esapi-2.0.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/owasp/esapi/esapi/2.0.1/esapi-2.0.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jgrapht-0.8.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/net/sf/jgrapht/jgrapht/0.8.3/jgrapht-0.8.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="ehcache-core-1.7.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/net/sf/ehcache/ehcache-core/1.7.2/ehcache-core-1.7.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="c3p0-0.9.1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/c3p0/c3p0/0.9.1.2/c3p0-0.9.1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="vt-ldap-3.3.6.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/edu/vt/middleware/vt-ldap/3.3.6/vt-ldap-3.3.6.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-cli-1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/commons-cli/commons-cli/1.2/commons-cli-1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="dom4j-1.6.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/dom4j/dom4j/1.6.1/dom4j-1.6.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="spring-context-support-2.5.6.SEC03.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-context-support/2.5.6.SEC03/spring-context-support-2.5.6.SEC03.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="spring-beans-2.5.6.SEC03.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-beans/2.5.6.SEC03/spring-beans-2.5.6.SEC03.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="spring-core-2.5.6.SEC03.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-core/2.5.6.SEC03/spring-core-2.5.6.SEC03.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="spring-context-2.5.6.SEC03.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-context/2.5.6.SEC03/spring-context-2.5.6.SEC03.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="spring-web-2.5.6.SEC03.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/springframework/spring-web/2.5.6.SEC03/spring-web-2.5.6.SEC03.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="svnkit-1.3.8.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/tmatesoft/svnkit/svnkit/1.3.8/svnkit-1.3.8.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="sequence-library-1.0.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/de/regnis/q/sequence/sequence-library/1.0.2/sequence-library-1.0.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jna-3.4.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/net/java/dev/jna/jna/3.4.0/jna-3.4.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="trilead-ssh2-1.0.0-build215.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/com/trilead/trilead-ssh2/1.0.0-build215/trilead-ssh2-1.0.0-build215.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="sqljet-1.1.2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/tmatesoft/sqljet/sqljet/1.1.2/sqljet-1.1.2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="antlr-runtime-3.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/antlr/antlr-runtime/3.4/antlr-runtime-3.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jargs-1.0.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/jargs/jargs/1.0/jargs-1.0.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="logback-classic-1.0.11.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ch/qos/logback/logback-classic/1.0.11/logback-classic-1.0.11.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="logback-core-1.0.11.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ch/qos/logback/logback-core/1.0.11/logback-core-1.0.11.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="janino-2.6.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/codehaus/janino/janino/2.6.1/janino-2.6.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-compiler-2.6.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/codehaus/janino/commons-compiler/2.6.1/commons-compiler-2.6.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="ant-nodeps-1.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/ant/ant-nodeps/1.7.1/ant-nodeps-1.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="ant-1.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/ant/ant/1.7.1/ant-1.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="ant-launcher-1.7.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/ant/ant-launcher/1.7.1/ant-launcher-1.7.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="ant-contrib-1.0b2.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/ant-contrib/ant-contrib/1.0b2/ant-contrib-1.0b2.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="regexp-1.3.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/regexp/regexp/1.3/regexp-1.3.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="stork-saml-engine.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/stork-saml-engine/stork-saml-engine">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="slf4j-log4j12-1.6.4.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/slf4j/slf4j-log4j12/1.6.4/slf4j-log4j12-1.6.4.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="moa-id-commons.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-id-commons/moa-id-commons">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="hibernate-core-4.2.1.Final.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/hibernate/hibernate-core/4.2.1.Final/hibernate-core-4.2.1.Final.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="antlr-2.7.7.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/antlr/antlr/2.7.7/antlr-2.7.7.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jboss-logging-3.1.0.GA.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/jboss/logging/jboss-logging/3.1.0.GA/jboss-logging-3.1.0.GA.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="jboss-transaction-api_1.1_spec-1.0.1.Final.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/jboss/spec/javax/transaction/jboss-transaction-api_1.1_spec/1.0.1.Final/jboss-transaction-api_1.1_spec-1.0.1.Final.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="hibernate-jpa-2.0-api-1.0.1.Final.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/hibernate/javax/persistence/hibernate-jpa-2.0-api/1.0.1.Final/hibernate-jpa-2.0-api-1.0.1.Final.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="javassist-3.15.0-GA.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/javassist/javassist/3.15.0-GA/javassist-3.15.0-GA.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="hibernate-commons-annotations-4.0.1.Final.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/hibernate/common/hibernate-commons-annotations/4.0.1.Final/hibernate-commons-annotations-4.0.1.Final.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="commons-lang3-3.1.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/apache/commons/commons-lang3/3.1/commons-lang3-3.1.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="hibernate-c3p0-4.2.1.Final.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/org/hibernate/hibernate-c3p0/4.2.1.Final/hibernate-c3p0-4.2.1.Final.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
+ <dependent-module archiveName="mysql-connector-java-5.1.25.jar" deploy-path="/WEB-INF/lib" handle="module:/classpath/var/M2_REPO/mysql/mysql-connector-java/5.1.25/mysql-connector-java-5.1.25.jar">
+ <dependency-type>uses</dependency-type>
+ </dependent-module>
</wb-module>
-</project-modules>
+</project-modules>
\ No newline at end of file diff --git a/id/server/proxy/.settings/org.maven.ide.eclipse.prefs b/id/server/proxy/.settings/org.maven.ide.eclipse.prefs new file mode 100644 index 000000000..7f28ca3cd --- /dev/null +++ b/id/server/proxy/.settings/org.maven.ide.eclipse.prefs @@ -0,0 +1,8 @@ +activeProfiles=
+eclipse.preferences.version=1
+fullBuildGoals=process-test-resources
+includeModules=false
+resolveWorkspaceProjects=true
+resourceFilterGoals=process-resources resources\:testResources
+skipCompilerPlugin=true
+version=1
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java index 80556cfa5..953affdf8 100644 --- a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/common/STORKBootstrap.java @@ -45,13 +45,15 @@ public class STORKBootstrap extends DefaultBootstrap { * @throws ConfigurationException */
public static synchronized void bootstrap() throws ConfigurationException {
+ + DefaultBootstrap.bootstrap(); SAMLSchemaBuilder.addExtensionSchema("stork-schema-assertion-1.0.xsd");
SAMLSchemaBuilder.addExtensionSchema("stork-schema-protocol-1.0.xsd");
- DefaultBootstrap.bootstrap();
+
- initStorkConfig("saml2-stork-config.xml");
+ initStorkConfig("saml2-stork-config.xml");
}
diff --git a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java index a3ab2fb1b..faff5e7bd 100644 --- a/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java +++ b/id/server/stork-saml-engine/src/main/java/eu/stork/vidp/messages/util/SAMLUtil.java @@ -397,8 +397,6 @@ public class SAMLUtil { }
}
-
-
return reqAttrList;
}
diff --git a/spss/server/.settings/org.maven.ide.eclipse.prefs b/spss/server/.settings/org.maven.ide.eclipse.prefs index c76587513..7f28ca3cd 100644 --- a/spss/server/.settings/org.maven.ide.eclipse.prefs +++ b/spss/server/.settings/org.maven.ide.eclipse.prefs @@ -1,4 +1,3 @@ -#Tue Jul 07 16:06:49 CEST 2009
activeProfiles=
eclipse.preferences.version=1
fullBuildGoals=process-test-resources
diff --git a/spss/server/serverlib/.settings/org.eclipse.wst.common.component b/spss/server/serverlib/.settings/org.eclipse.wst.common.component index ee24ef8ba..fe4fd3290 100644 --- a/spss/server/serverlib/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverlib/.settings/org.eclipse.wst.common.component @@ -2,5 +2,7 @@ <wb-module deploy-name="moa-spss-lib">
<wb-resource deploy-path="/" source-path="src/main/java"/>
<wb-resource deploy-path="/" source-path="src/main/resources"/>
+ <wb-resource deploy-path="/" source-path="/src/main/java"/>
+ <wb-resource deploy-path="/" source-path="/src/main/resources"/>
</wb-module>
</project-modules>
diff --git a/spss/server/serverlib/.settings/org.maven.ide.eclipse.prefs b/spss/server/serverlib/.settings/org.maven.ide.eclipse.prefs index 373d31d5c..7f28ca3cd 100644 --- a/spss/server/serverlib/.settings/org.maven.ide.eclipse.prefs +++ b/spss/server/serverlib/.settings/org.maven.ide.eclipse.prefs @@ -1,4 +1,3 @@ -#Tue Jul 07 16:06:50 CEST 2009
activeProfiles=
eclipse.preferences.version=1
fullBuildGoals=process-test-resources
diff --git a/spss/server/serverws/.classpath b/spss/server/serverws/.classpath index 767a2a2de..330efc0e1 100644 --- a/spss/server/serverws/.classpath +++ b/spss/server/serverws/.classpath @@ -1,25 +1,120 @@ <?xml version="1.0" encoding="UTF-8"?>
<classpath>
- <classpathentry kind="src" output="target/classes" path="src/main/java">
+ <classpathentry kind="var" path="M2_REPO/javax/activation/activation/1.1/activation-1.1.jar">
<attributes>
- <attribute name="optional" value="true"/>
- <attribute name="maven.pomderived" value="true"/>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/javax/mail/mail/1.4/mail-1.4.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5"/>
+ <classpathentry kind="src" path="/moa-spss-lib"/>
+ <classpathentry kind="var" path="M2_REPO/axis/axis/1.0_IAIK/axis-1.0_IAIK.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-jaxrpc/1.4/axis-jaxrpc-1.4.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/org/apache/axis/axis-saaj/1.4/axis-saaj-1.4.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/axis/axis-wsdl4j/1.5.1/axis-wsdl4j-1.5.1.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/commons-discovery/commons-discovery/0.2/commons-discovery-0.2.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/commons-logging/commons-logging/1.0.4/commons-logging-1.0.4.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/log4j/log4j/1.2.14/log4j-1.2.14.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/postgresql/postgresql/7.2/postgresql-7.2.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
</attributes>
</classpathentry>
- <classpathentry kind="src" output="target/test-classes" path="src/test/java">
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xalan/2.7.0/xalan-2.7.0.jar">
<attributes>
- <attribute name="optional" value="true"/>
- <attribute name="maven.pomderived" value="true"/>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
</attributes>
</classpathentry>
- <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/J2SE-1.5">
+ <classpathentry kind="var" path="M2_REPO/xerces/xercesImpl/2.7.1/xercesImpl-2.7.1.jar">
<attributes>
- <attribute name="maven.pomderived" value="true"/>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/xml-apis/2.7.0/xml-apis-2.7.0.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/xalan-bin-dist/serializer/2.7.0/serializer-2.7.0.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_moa/1.32/iaik_moa-1.32.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ixsil/1.2.2.5/iaik_ixsil-1.2.2.5.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_jce_full/4.0_MOA/iaik_jce_full-4.0_MOA.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_ecc/2.19/iaik_ecc-2.19.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_cms/4.1_MOA/iaik_cms-4.1_MOA.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Provider/1.2.4/iaik_Pkcs11Provider-1.2.4.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="var" path="M2_REPO/iaik/prod/iaik_Pkcs11Wrapper/1.2.17/iaik_Pkcs11Wrapper-1.2.17.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+ </attributes>
+ </classpathentry>
+ <classpathentry kind="src" path="/moa-common"/>
+ <classpathentry kind="var" path="M2_REPO/jaxen/jaxen/1.0-FCS/jaxen-1.0-FCS.jar">
+ <attributes>
+ <attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
</attributes>
</classpathentry>
- <classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+ <classpathentry kind="var" path="M2_REPO/saxpath/saxpath/1.0-FCS/saxpath-1.0-FCS.jar">
<attributes>
- <attribute name="maven.pomderived" value="true"/>
<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
</attributes>
</classpathentry>
diff --git a/spss/server/serverws/.project b/spss/server/serverws/.project index 7b8e89662..ddf2e7061 100644 --- a/spss/server/serverws/.project +++ b/spss/server/serverws/.project @@ -5,6 +5,15 @@ <projects>
<project>moa-spss-lib</project>
<project>moa-common</project>
+ <project>moa-spss-tools</project>
+ <project>MOA</project>
+ <project>TestTimerTask</project>
+ <project>moa-spss-handbook-apiClient</project>
+ <project>stork-saml-engine</project>
+ <project>moa-spss</project>
+ <project>spss</project>
+ <project>moa-spss-handbook-webserviceClient</project>
+ <project>moa-id-lib</project>
</projects>
<buildSpec>
<buildCommand>
@@ -27,12 +36,19 @@ <arguments>
</arguments>
</buildCommand>
+ <buildCommand>
+ <name>org.maven.ide.eclipse.maven2Builder</name>
+ <arguments>
+ </arguments>
+ </buildCommand>
</buildSpec>
<natures>
<nature>org.eclipse.m2e.core.maven2Nature</nature>
- <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
<nature>org.eclipse.jdt.core.javanature</nature>
+ <nature>org.maven.ide.eclipse.maven2Nature</nature>
+ <nature>org.eclipse.wst.common.project.facet.core.nature</nature>
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+ <nature>org.eclipse.wst.jsdt.core.jsNature</nature>
</natures>
</projectDescription>
diff --git a/spss/server/serverws/.settings/org.eclipse.wst.common.component b/spss/server/serverws/.settings/org.eclipse.wst.common.component index c325a5007..0ebba2a3d 100644 --- a/spss/server/serverws/.settings/org.eclipse.wst.common.component +++ b/spss/server/serverws/.settings/org.eclipse.wst.common.component @@ -1,14 +1,13 @@ <?xml version="1.0" encoding="UTF-8"?><project-modules id="moduleCoreId" project-version="1.5.0">
<wb-module deploy-name="moa-spss-ws">
+ <wb-resource deploy-path="/" source-path="/src/main/webapp"/>
<dependent-module archiveName="moa-spss-lib-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-spss-lib/moa-spss-lib">
<dependency-type>uses</dependency-type>
</dependent-module>
<dependent-module archiveName="moa-common-1.5.2.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/moa-common/moa-common">
<dependency-type>uses</dependency-type>
</dependent-module>
- <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
- <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
+ <property name="context-root" value="moa-spss-ws"/>
<property name="java-output-path" value="/target/classes"/>
- <property name="context-root" value="moa-spss"/>
</wb-module>
</project-modules>
|