aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java48
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java25
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java17
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cerbin0 -> 1029 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cerbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cerbin0 -> 1167 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cerbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cerbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cerbin0 -> 1029 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cerbin0 -> 1167 bytes
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cerbin0 -> 1167 bytes
-rw-r--r--id/server/idserverlib/.gitignore1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java52
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java80
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java103
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java1
-rw-r--r--id/server/idserverlib/src/test/java/test/tlenz/simpletest.java22
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java2
-rw-r--r--pom.xml4
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cerbin0 -> 1029 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cerbin0 -> 1159 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer23
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cerbin0 -> 1167 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cerbin0 -> 1159 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cerbin0 -> 1159 bytes
-rw-r--r--spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crtbin0 -> 1185 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crtbin0 -> 1167 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crtbin0 -> 1167 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cerbin0 -> 1159 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crtbin0 -> 1167 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cerbin0 -> 1159 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cerbin0 -> 1159 bytes
-rw-r--r--spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cerbin0 -> 1029 bytes
41 files changed, 376 insertions, 47 deletions
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
index 332adaa80..7bf2cf93f 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/MetaDataVerificationFilter.java
@@ -46,7 +46,6 @@ public class MetaDataVerificationFilter implements MetadataFilter {
public void doFilter(XMLObject metadata) throws FilterException {
if (metadata instanceof EntitiesDescriptor) {
EntitiesDescriptor entitiesDescriptor = (EntitiesDescriptor) metadata;
-
if(entitiesDescriptor.getSignature() == null) {
throw new FilterException("Root element of metadata file has to be signed", null);
}
@@ -57,7 +56,7 @@ public class MetaDataVerificationFilter implements MetadataFilter {
throw new FilterException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
}
- } if (metadata instanceof EntityDescriptor) {
+ } if (metadata instanceof EntityDescriptor) {
try {
EntityDescriptor entity = (EntityDescriptor) metadata;
if (entity.getSignature() != null)
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
index 0e65b7dca..a9c914f74 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java
@@ -30,6 +30,7 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
@@ -40,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentialsCredentialOIDItem;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.configuration.Constants;
import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
@@ -207,8 +209,9 @@ public class OAAuthenticationData implements IOnlineApplicationData {
}
if (oaauth.getTestCredentials() != null) {
- enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials();
- testCredentialOIDs = oaauth.getTestCredentials().getCredentialOID();
+ enableTestCredentials = oaauth.getTestCredentials().isEnableTestCredentials();
+ testCredentialOIDs = new ArrayList<String>();
+ testCredentialOIDs.addAll(oaauth.getTestCredentials().getCredentialOID());
}
@@ -315,12 +318,20 @@ public class OAAuthenticationData implements IOnlineApplicationData {
if (enableTestCredentials) {
TestCredentials testing = authoa.getTestCredentials();
- if (testing == null)
- testing = new TestCredentials();
-
- testing.setEnableTestCredentials(enableTestCredentials);
+ if (testing != null)
+ ConfigurationDBUtils.delete(testing);
+
+ testing = new TestCredentials();
+ authoa.setTestCredentials(testing);
+ testing.setEnableTestCredentials(enableTestCredentials);
testing.setCredentialOID(testCredentialOIDs);
+ } else {
+ TestCredentials testing = authoa.getTestCredentials();
+ if (testing != null) {
+ testing.setEnableTestCredentials(false);
+ }
+
}
return null;
@@ -576,12 +587,14 @@ public class OAAuthenticationData implements IOnlineApplicationData {
*/
public String getTestCredentialOIDs() {
String value = null;
- for (String el : testCredentialOIDs) {
- if (value == null)
- value = el;
- else
- value += "," + el;
+ if (testCredentialOIDs != null) {
+ for (String el : testCredentialOIDs) {
+ if (value == null)
+ value = el;
+ else
+ value += "," + el;
+ }
}
return value;
@@ -595,12 +608,13 @@ public class OAAuthenticationData implements IOnlineApplicationData {
* @param testCredentialOIDs the testCredentialOIDs to set
*/
public void setTestCredentialOIDs(String testCredentialOIDs) {
- String[] oidList = testCredentialOIDs.split(",");
+ if (MiscUtil.isNotEmpty(testCredentialOIDs)) {
+ String[] oidList = testCredentialOIDs.split(",");
- this.testCredentialOIDs = new ArrayList<String>();
- for (int i=0; i<oidList.length; i++)
- this.testCredentialOIDs.add(oidList[i].trim());
+ this.testCredentialOIDs = new ArrayList<String>();
+ for (int i=0; i<oidList.length; i++)
+ this.testCredentialOIDs.add(oidList[i].trim());
+ }
}
-
-
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
index b66bf878a..e5ee5ac09 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -64,7 +64,8 @@ public class FormDataHelper {
(dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway()) ||
(dboa.getAuthComponentOA().getOASTORK() != null
&& dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null
- && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) {
+ && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) ||
+ (dboa.isIsInterfederationGateway() != null && dboa.isIsInterfederationGateway() ))) {
formOAs.add(addOAFormListElement(dboa, ServiceType.OA));
}
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
index 5a9787069..26d97484b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java
@@ -291,8 +291,17 @@ public class BasicOAAction extends BasicAction {
} else {
- if (oaid == -1) {
- onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+ if (oaid == -1) {
+ List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications();
+ for (OnlineApplication el : oaList) {
+ if (el.getPublicURLPrefix().startsWith(oaidentifier) )
+ onlineapplication = el;
+
+ }
+ if (onlineapplication == null) {
+ onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+
+ }
setNewOA(true);
if (onlineapplication != null) {
log.info("The OAIdentifier is not unique");
@@ -306,7 +315,17 @@ public class BasicOAAction extends BasicAction {
onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid);
if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) {
- if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) {
+ OnlineApplication dbOA = null;
+ List<OnlineApplication> oaList = ConfigurationDBRead.getAllOnlineApplications();
+ for (OnlineApplication el : oaList) {
+ if (el.getPublicURLPrefix().startsWith(oaidentifier) )
+ dbOA = el;
+
+ }
+ if (dbOA == null)
+ dbOA = ConfigurationDBRead.getOnlineApplication(oaidentifier);
+
+ if ( (dbOA != null && !dbOA.getHjid().equals(oaid))) {
log.info("The OAIdentifier is not unique");
throw new BasicOAActionException(
LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request),
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 31c29aef0..4236c0d13 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -241,6 +241,9 @@ public class EditGeneralConfigAction extends BasicAction {
}
MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ if (dbconfig == null)
+ dbconfig = new MOAIDConfiguration();
+
AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral();
if (dbauth == null) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
index 7f7f083c9..335dbc91e 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java
@@ -133,7 +133,7 @@ public class ListOAsAction extends BasicAction {
} else {
if (ValidationHelper.containsPotentialCSSCharacter(friendlyname, false)) {
log.warn("SearchOA textfield contains potential XSS characters");
- addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname",
+ addActionError(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid",
new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request));
return Constants.STRUTS_SUCCESS;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
index fd40bd447..fd4226c5b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java
@@ -147,12 +147,14 @@ public class OAAuthenticationDataValidation {
}
}
- if (form.isEnableTestCredentials()) {
+ if (form.isEnableTestCredentials()
+ && form.getTestCredialOIDList() != null && !form.getTestCredialOIDList().isEmpty()) {
for (String el : form.getTestCredialOIDList()) {
- if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID))
+ if (!el.startsWith(MOAIDAuthConstants.TESTCREDENTIALROOTOID)) {
log.warn("Test credential OID does not start with test credential root OID");
errors.add(LanguageHelper.getErrorString("validation.general.testcredentials.oid.valid",
new Object[] {el}, request ));
+ }
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
index d122b6bde..8e1dd6e64 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java
@@ -36,8 +36,10 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.httpclient.MOAHttpClient;
import org.apache.log4j.Logger;
import org.opensaml.Configuration;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataFilterChain;
import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallerFactory;
@@ -58,6 +60,7 @@ import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.util.MiscUtil;
public class OAPVP2ConfigValidation {
@@ -127,16 +130,28 @@ public class OAPVP2ConfigValidation {
log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore.", e);
}
+
+ List<MetadataFilter> filterList = new ArrayList<MetadataFilter>();
+ filterList.add(new MetaDataVerificationFilter(credential));
+ filterList.add(new SchemaValidationFilter());
+ MetadataFilterChain filter = new MetadataFilterChain();
+ filter.setFilters(filterList);
httpProvider =
new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL());
httpProvider.setParserPool(new BasicParserPool());
httpProvider.setRequireValidMetadata(true);
- httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential));
+ httpProvider.setMetadataFilter(filter);
httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+
+ httpProvider.setRequireValidMetadata(true);
+
httpProvider.initialize();
+
+
+
if (httpProvider.getMetadata() == null) {
log.info("Metadata could be received but validation FAILED.");
errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request));
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
new file mode 100644
index 000000000..6c0c042b4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
new file mode 100644
index 000000000..74c4ce3b8
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
new file mode 100644
index 000000000..6c50ec079
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
Binary files differ
diff --git a/id/server/idserverlib/.gitignore b/id/server/idserverlib/.gitignore
index ea8c4bf7f..19f2e002c 100644
--- a/id/server/idserverlib/.gitignore
+++ b/id/server/idserverlib/.gitignore
@@ -1 +1,2 @@
/target
+/target
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
new file mode 100644
index 000000000..fc4ed1f28
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SchemaValidationException.java
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SchemaValidationException extends PVP2Exception {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SchemaValidationException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+
+ /**
+ * @param messageId
+ * @param parameters
+ */
+ public SchemaValidationException(String messageId, Object[] parameters, Throwable e) {
+ super(messageId, parameters, e);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index cba64e080..12afa14bc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -324,6 +325,7 @@ public class MOAMetadataProvider implements MetadataProvider {
private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException {
MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate);
+ filterChain.getFilters().add(new SchemaValidationFilter());
if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) {
Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies");
@@ -374,6 +376,8 @@ public class MOAMetadataProvider implements MetadataProvider {
httpProvider.setMetadataFilter(filter);
httpProvider.initialize();
+ httpProvider.setRequireValidMetadata(true);
+
return httpProvider;
} catch (Throwable e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 2247ad227..257f9dac4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -25,14 +25,20 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import java.util.ArrayList;
import java.util.List;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
+
import org.joda.time.DateTime;
import org.opensaml.common.xml.SAMLConstants;
+import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.core.validator.AuthnRequestSchemaValidator;
import org.opensaml.saml2.encryption.Decrypter;
import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver;
import org.opensaml.saml2.metadata.IDPSSODescriptor;
@@ -51,11 +57,14 @@ import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver;
import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.validation.ValidationException;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SchemaValidationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse;
@@ -81,9 +90,15 @@ public class SAMLVerificationEngine {
SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
try {
profileValidator.validate(samlObj.getSignature());
+ performSchemaValidation(samlObj.getDOM());
+
} catch (ValidationException e) {
- // Indicates signature did not conform to SAML Signature profile
- e.printStackTrace();
+ Logger.warn("Signature is not conform to SAML signature profile", e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (SchemaValidationException e) {
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
}
CriteriaSet criteriaSet = new CriteriaSet();
@@ -103,12 +118,17 @@ public class SAMLVerificationEngine {
public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
-
try {
- profileValidator.validate(samlObj.getSignature());
+ profileValidator.validate(samlObj.getSignature());
+ performSchemaValidation(samlObj.getDOM());
+
} catch (ValidationException e) {
- // Indicates signature did not conform to SAML Signature profile
- e.printStackTrace();
+ Logger.warn("Signature is not conform to SAML signature profile", e);
+ throw new InvalidProtocolRequestException("pvp2.21", new Object[] {});
+
+ } catch (SchemaValidationException e) {
+ throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()});
+
}
CriteriaSet criteriaSet = new CriteriaSet();
@@ -173,7 +193,10 @@ public class SAMLVerificationEngine {
List<org.opensaml.saml2.core.Assertion> validatedassertions = new ArrayList<org.opensaml.saml2.core.Assertion>();
for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) {
- Conditions conditions = saml2assertion.getConditions();
+ try {
+ performSchemaValidation(saml2assertion.getDOM());
+
+ Conditions conditions = saml2assertion.getConditions();
DateTime notbefore = conditions.getNotBefore().minusMinutes(5);
DateTime notafter = conditions.getNotOnOrAfter();
if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) {
@@ -181,12 +204,16 @@ public class SAMLVerificationEngine {
+ "{ Current : " + new DateTime()
+ " NotBefore: " + notbefore
+ " NotAfter : " + notafter
- + " }");
+ + " }");;
- } else {
- validatedassertions.add(saml2assertion);
+ } else {
+ validatedassertions.add(saml2assertion);
+
+ }
+
+ } catch (SchemaValidationException e) {
- }
+ }
}
if (validatedassertions.isEmpty()) {
@@ -217,4 +244,35 @@ public class SAMLVerificationEngine {
throw new AssertionValidationExeption("pvp.12", null, e);
}
}
+
+ private static void performSchemaValidation(Element source) throws SchemaValidationException {
+
+ String err = null;
+ try {
+ Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ Validator val = test.newValidator();
+ val.validate(new DOMSource(source));
+ Logger.debug("Schema validation check done OK");
+ return;
+
+ } catch (SAXException e) {
+ err = e.getMessage();
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
+
+ } catch (Exception e) {
+ err = e.getMessage();
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Schema validation FAILED with message: "+ e.getMessage());
+
+ }
+
+ throw new SchemaValidationException("pvp2.22", new Object[]{err});
+
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
index 3d608fd6d..4d9b97a52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java
@@ -26,7 +26,6 @@ import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
-import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType;
import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
new file mode 100644
index 000000000..403b68524
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java
@@ -0,0 +1,103 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata;
+
+import java.io.IOException;
+
+import org.opensaml.saml2.metadata.provider.FilterException;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.xml.XMLObject;
+
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.Validator;
+
+import org.opensaml.common.xml.SAMLSchemaBuilder;
+
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class SchemaValidationFilter implements MetadataFilter {
+
+ private boolean isActive = true;
+
+ public SchemaValidationFilter() {
+
+ }
+
+ /**
+ *
+ */
+ public SchemaValidationFilter(boolean useSchemaValidation) {
+ this.isActive = useSchemaValidation;
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject)
+ */
+ @Override
+ public void doFilter(XMLObject arg0) throws FilterException {
+
+ String errString = null;
+
+ if (isActive) {
+ try {
+ Schema test = SAMLSchemaBuilder.getSAML11Schema();
+ Validator val = test.newValidator();
+ DOMSource source = new DOMSource(arg0.getDOM());
+ val.validate(source);
+ Logger.info("Metadata Schema validation check done OK");
+ return;
+
+ } catch (SAXException e) {
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Metadata Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
+
+ errString = e.getMessage();
+
+ } catch (Exception e) {
+ if (Logger.isDebugEnabled() || Logger.isTraceEnabled())
+ Logger.warn("Metadata Schema validation FAILED with exception:", e);
+ else
+ Logger.warn("Metadata Schema validation FAILED with message: "+ e.getMessage());
+
+ errString = e.getMessage();
+
+ }
+
+ throw new FilterException("Metadata Schema validation FAILED with message: "+ errString);
+
+ } else
+ Logger.info("Metadata Schema validation check is DEACTIVATED!");
+
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 15b2a89b5..ab8d19803 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -56,6 +56,7 @@ import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.methods.PostMethod;
import org.apache.commons.httpclient.methods.StringRequestEntity;
diff --git a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
index ec908f78b..549eb4f2b 100644
--- a/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
+++ b/id/server/idserverlib/src/test/java/test/tlenz/simpletest.java
@@ -1,3 +1,8 @@
+package test.tlenz;
+
+import at.gv.egovernment.moa.id.data.AuthenticationRole;
+import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory;
+
/*******************************************************************************
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -38,12 +43,19 @@
//import at.gv.egovernment.moa.id.storage.AssertionStorage;
//import at.gv.egovernment.moa.util.MiscUtil;
//
-//public class simpletest {
+public class simpletest {
//
-// public static void main(String[] args) {
+ public static void main(String[] args) {
+
+ AuthenticationRole test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A\\,B)");
+
+ test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION");
+ test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(key=A)");
+ test = AuthenticationRoleFactory.buildFormPVPole("ecas-demo-EUROPEAN_COMMISSION(keyA=A,keyB=B)");
+
//
// System.setProperty("mandates.configuration", "D:/Projekte/svn/moa-id/moa-id.properties");
-// String propertiesFileLocation = System.getProperty("mandates.configuration");
+// String propertiesFileLocation = Systm.getProperty("mandates.configuration");
//
// MiscUtil.assertNotNull(propertiesFileLocation, "propertiesFileName");
// File propertiesFile = new File(propertiesFileLocation);
@@ -95,5 +107,5 @@
//
//
//
-// }
-//}
+ }
+}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
index a3f445fcf..6efdd6223 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
@@ -152,7 +152,7 @@ public class ConfigurationDBRead {
if (result.size() == 0) {
Logger.trace("No entries found. Create fresh instance.");
- return new MOAIDConfiguration();
+ return null;
}
return (MOAIDConfiguration) result.get(0);
diff --git a/pom.xml b/pom.xml
index 280c1c012..d783ebc95 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,10 +12,10 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<moa-commons-version>2.0.1</moa-commons-version>
- <moa-id-version>2.1.2.1</moa-id-version>
+ <moa-id-version>2.1.2.2</moa-id-version>
<moa-id-proxy-version>2.0.0</moa-id-proxy-version>
<moa-spss-version>2.0.3</moa-spss-version>
- <configtool-version>1.1.4</configtool-version>
+ <configtool-version>1.1.5</configtool-version>
<demo-oa-version>2.0.2</demo-oa-version>
</properties>
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
new file mode 100644
index 000000000..6c0c042b4
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
new file mode 100644
index 000000000..74c4ce3b8
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
new file mode 100644
index 000000000..6c50ec079
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt b/spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
new file mode 100644
index 000000000..ebfbce9a0
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/identityLink+Test/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt b/spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/identityLink/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
new file mode 100644
index 000000000..6c0c042b4
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-Premium-enc-02.20140701-20240701.SerNo144dfd.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-corporate-light-02.20140905-20240905.SrN153B49.crt
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
new file mode 100644
index 000000000..74c4ce3b8
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-02.20140701-20240701.SerNo144e10.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
new file mode 100644
index 000000000..6c50ec079
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/officialSignature/a-sign-premium-sig-03.20140701-20240701.SerNo144e13.cer
Binary files differ
diff --git a/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
--- /dev/null
+++ b/spss/handbook/conf/moa-spss/trustProfiles/secureSignature+Test/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
Binary files differ