diff options
491 files changed, 21672 insertions, 5716 deletions
diff --git a/common/pom.xml b/common/pom.xml index fffb1a460..cde0c6ed8 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -3,11 +3,11 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>moa-common</artifactId> - <!-- <version>2.0.0</version> --> + <version>${moa-commons-version}</version> <packaging>jar</packaging> <name>MOA common library</name> @@ -74,21 +74,26 @@ <artifactId>slf4j-api</artifactId> <version>1.7.6</version> </dependency> - <dependency> +<!-- <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-simple</artifactId> <version>1.7.6</version> - </dependency> + </dependency> --> <dependency> <groupId>org.slf4j</groupId> <artifactId>jcl-over-slf4j</artifactId> <version>1.7.6</version> </dependency> - <dependency> +<!-- <dependency> <groupId>org.slf4j</groupId> <artifactId>log4j-over-slf4j</artifactId> <version>1.7.6</version> - </dependency> + </dependency> --> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-log4j12</artifactId> + <version>1.7.6</version> + </dependency> <dependency> <groupId>org.slf4j</groupId> <artifactId>jul-to-slf4j</artifactId> @@ -98,6 +103,25 @@ <build> <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jar-plugin</artifactId> diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java index 1e219b784..dbc9faba6 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java @@ -107,6 +107,20 @@ public class DateTimeUtils { } /** + * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value. + * @param cal the <code>Calendar</code> value + * @return the <code>dateTime</code> value + */ + public static String buildDateTimeUTC(Date cal) { + + SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); + f.setTimeZone(TimeZone.getTimeZone("UTC")); + + return f.format(cal); + + } + + /** * Builds a <code>dateTime</code> value from a <code>Calendar</code> value. * @param cal the <code>Calendar</code> value * @return the <code>dateTime</code> value diff --git a/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java index ff22c7313..a70d62e1e 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/FileUtils.java @@ -133,7 +133,12 @@ public class FileUtils { keyFile = new File(url); if (!keyFile.isAbsolute()) { keyFile = new File(root, url); - newURL = keyFile.toURI().toString(); + + if (keyFile.toString().startsWith("file:")) + newURL = keyFile.toString(); + + else + newURL = keyFile.toURI().toString(); } return newURL; diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml index 57aa5c794..89ec121c2 100644 --- a/id/ConfigWebTool/pom.xml +++ b/id/ConfigWebTool/pom.xml @@ -3,13 +3,13 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id</groupId> <artifactId>moa-id-configuration</artifactId> - <version>1.0.1</version> + <version>${configtool-version}</version> <packaging>war</packaging> <name>MOA-ID 2.0 Configuration Tool</name> <description>Web based Configuration Tool for MOA-ID 2.x</description> @@ -73,7 +73,6 @@ <dependency> <groupId>MOA.id.server</groupId> <artifactId>moa-id-lib</artifactId> - <!-- <version>1.9.98-SNAPSHOT</version> --> <exclusions> <exclusion> <groupId>*</groupId> @@ -97,11 +96,11 @@ </exclusion> </exclusions> </dependency> - <dependency> +<!-- <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-simple</artifactId> <version>1.7.5</version> - </dependency> + </dependency> --> <dependency> <groupId>org.opensaml</groupId> @@ -143,19 +142,39 @@ <build> <plugins> - <plugin> + + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.4</version> <configuration> <archive> <manifestEntries> - <version>${project.version}</version> + <version>${configtool-version}</version> </manifestEntries> - </archive> - </configuration> -</plugin> - </plugins> + </archive> + </configuration> + </plugin> + </plugins> + </build> </project> diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java index 69ac58d15..df1faa7c0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java @@ -56,6 +56,7 @@ public class Constants { public static final String SESSION_OAUTH20SECRET = "oauth20secret"; public static final String SESSION_BKUSELECTIONTEMPLATE = "bkuSelectionTemplate"; public static final String SESSION_SENDASSERTIONTEMPLATE = "sendAssertionTemplate"; + public static final String SESSION_SLTRANSFORMATION = "slTransformation"; public static final String SESSION_I18n = "WW_TRANS_I18N_LOCALE"; @@ -81,9 +82,7 @@ public class Constants { public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request"; public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx"; - - public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; - + public static final String IDENIFICATIONTYPE_FN = "FN"; public static final String IDENIFICATIONTYPE_ERSB = "ERSB"; public static final String IDENIFICATIONTYPE_ZVR = "ZVR"; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java index b7da86db7..330ed7036 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java @@ -24,6 +24,9 @@ package at.gv.egovernment.moa.id.configuration.auth; import java.util.Date; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; public class AuthenticatedUser { @@ -39,27 +42,89 @@ public class AuthenticatedUser { private String institute; private String userName; private Date lastLogin; - - public AuthenticatedUser() { + + private boolean onlyBusinessService = false; + private String businessServiceType; + private String businessServiceNumber; + + private AuthenticatedUser() { } - public AuthenticatedUser(long userID, String givenName, String familyName, String institute, - String userName, boolean isAuthenticated, boolean isAdmin, boolean isMandateUser, + public static AuthenticatedUser generateDefaultUser() { + + AuthenticatedUser user = new AuthenticatedUser(); + user.familyName = "TestUser"; + user.givenName = "Max"; + user.userName = "maxtestuser"; + user.userID = 0; + user.institute = new String(); + user.isAdmin = true; + user.isAuthenticated = true; + user.isMandateUser = false; + user.isPVP2Login = false; + user.lastLogin = new Date(); + + return user; + } + + public static AuthenticatedUser generateUserRequestUser(UserDatabaseFrom form) { + + AuthenticatedUser user = new AuthenticatedUser(); + user.familyName = form.getFamilyName(); + user.givenName = form.getGivenName(); + user.userName = form.getUsername(); + user.userID = 0; + user.institute = form.getInstitut(); + user.isAdmin = false; + user.isAuthenticated = false; + user.isMandateUser = form.isIsmandateuser(); + user.isPVP2Login = form.isPVPGenerated(); + user.lastLogin = new Date(); + + return user; + } + + public AuthenticatedUser(UserDatabase userdb, boolean isAuthenticated, boolean isMandateUser, boolean isPVP2Login) { - this.familyName = familyName; - this.givenName = givenName; - this.userName = userName; - this.userID = userID; - this.institute = institute; - this.isAdmin = isAdmin; + this.familyName = userdb.getFamilyname(); + this.givenName = userdb.getGivenname(); + this.userName = userdb.getUsername(); + this.userID = userdb.getHjid(); + this.institute = userdb.getInstitut(); + this.isAdmin = userdb.isIsAdmin(); this.isAuthenticated = isAuthenticated; this.isMandateUser = isMandateUser; this.isPVP2Login = isPVP2Login; this.lastLogin = new Date(); + + if (!this.isAdmin) generateUserSpecificConfigurationOptions(userdb); } + + private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { + + if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { + String bpk = userdb.getBpk(); + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR) || bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) { + onlyBusinessService = true; + + String[] split = bpk.split("\\+"); + this.businessServiceType = split[1].substring(1); + + if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) + this.businessServiceNumber = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2]); + else + this.businessServiceNumber = split[2]; + + } else + onlyBusinessService = false; + + } + + } + public String getFormatedLastLogin() { return DateTimeHelper.getDateTime(lastLogin); } @@ -72,13 +137,6 @@ public class AuthenticatedUser { } /** - * @param isAuthenticated the isAuthenticated to set - */ - public void setAuthenticated(boolean isAuthenticated) { - this.isAuthenticated = isAuthenticated; - } - - /** * @return the isAdmin */ public boolean isAdmin() { @@ -86,13 +144,6 @@ public class AuthenticatedUser { } /** - * @param isAdmin the isAdmin to set - */ - public void setAdmin(boolean isAdmin) { - this.isAdmin = isAdmin; - } - - /** * @return the userID */ public long getUserID() { @@ -100,13 +151,6 @@ public class AuthenticatedUser { } /** - * @param userID the userID to set - */ - public void setUserID(long userID) { - this.userID = userID; - } - - /** * @return the givenName */ public String getGivenName() { @@ -114,13 +158,6 @@ public class AuthenticatedUser { } /** - * @param givenName the givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** * @return the familyName */ public String getFamilyName() { @@ -128,25 +165,11 @@ public class AuthenticatedUser { } /** - * @param familyName the familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** * @return the lastLogin */ public Date getLastLogin() { return lastLogin; } - - /** - * @param lastLogin the lastLogin to set - */ - public void setLastLogin(Date lastLogin) { - this.lastLogin = lastLogin; - } /** * @return the userName @@ -156,54 +179,57 @@ public class AuthenticatedUser { } /** - * @param userName the userName to set + * @return the institute */ - public void setUserName(String userName) { - this.userName = userName; + public String getInstitute() { + return institute; } /** - * @return the institute + * @return the isPVP2Login */ - public String getInstitute() { - return institute; + public boolean isPVP2Login() { + return isPVP2Login; } /** - * @param institute the institute to set + * @return the isMandateUser */ - public void setInstitute(String institute) { - this.institute = institute; + public boolean isMandateUser() { + return isMandateUser; } /** - * @return the isPVP2Login + * @return the onlyBusinessService */ - public boolean isPVP2Login() { - return isPVP2Login; + public boolean isOnlyBusinessService() { + return onlyBusinessService; } /** - * @param isPVP2Login the isPVP2Login to set + * @return the businessServiceType */ - public void setPVP2Login(boolean isPVP2Login) { - this.isPVP2Login = isPVP2Login; + public String getBusinessServiceType() { + return businessServiceType; } /** - * @return the isMandateUser + * @return the businessServiceNumber */ - public boolean isMandateUser() { - return isMandateUser; + public String getBusinessServiceNumber() { + return businessServiceNumber; } /** - * @param isMandateUser the isMandateUser to set + * @param lastLogin the lastLogin to set */ - public void setMandateUser(boolean isMandateUser) { - this.isMandateUser = isMandateUser; + public void setLastLogin(Date lastLogin) { + this.lastLogin = lastLogin; } + + + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java index e65163946..a2aa2a8a4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java @@ -41,7 +41,7 @@ import java.util.jar.Manifest; import javax.servlet.http.HttpServletRequest; -import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; @@ -49,12 +49,17 @@ import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.utils.UserRequestCleaner; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -190,14 +195,15 @@ public class ConfigurationProvider { } - String file = getPVP2MetadataKeystoreURL(); - log.debug("Load KeyStore from URL " + file); - if (MiscUtil.isEmpty(file)) { + String fileURL = getPVP2MetadataKeystoreURL(); + log.debug("Load KeyStore from URL " + fileURL); + if (MiscUtil.isEmpty(fileURL)) { log.info("Metadata KeyStoreURL is empty"); throw new ConfigurationException("Metadata KeyStoreURL is empty"); } - - FileInputStream inputStream = new FileInputStream(file); + + URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(fileURL, getConfigRootDir()))); + InputStream inputStream = keystoreURL.openStream(); keyStore.load(inputStream, getPVP2MetadataKeystorePassword().toCharArray()); inputStream.close(); } @@ -344,11 +350,7 @@ public class ConfigurationProvider { String url = props.getProperty("general.mail.useraccountrequest.verification.template"); if (MiscUtil.isNotEmpty(url)) { - if (url.startsWith(Constants.FILEPREFIX)) - return url; - - else - return configRootDir + "/" + url; + return url; } else { log.warn("MailUserAcountVerificationTemplate is empty"); @@ -363,19 +365,15 @@ public class ConfigurationProvider { public String getMailUserAcountActivationTemplate() throws ConfigurationException { String url = props.getProperty("general.mail.useraccountrequest.isactive.template"); - if (MiscUtil.isNotEmpty(url)) { - if (url.startsWith(Constants.FILEPREFIX)) - return url; - - else - return configRootDir + "/" + url; - + return url; + } else { - log.warn("MailUserAcountVerificationTemplate is empty"); + log.warn("MailUserAcountActivationTemplate is empty"); throw new ConfigurationException("MailUserAcountActivationTemplate is empty"); - + } + } public String getMailOAActivationSubject() { @@ -394,29 +392,22 @@ public class ConfigurationProvider { String url = props.getProperty("general.mail.createOArequest.isactive.template"); if (MiscUtil.isNotEmpty(url)) { - if (url.startsWith(Constants.FILEPREFIX)) - return url; - - else - return configRootDir + "/" + url; - + return url; + } else { log.warn("MailOAActivationTemplate is empty"); throw new ConfigurationException("MailOAActivationTemplate is empty"); - + } + } public String getMailUserAcountRevocationTemplate() throws ConfigurationException { String url = props.getProperty("general.mail.useraccountrequest.rejected.template"); if (MiscUtil.isNotEmpty(url)) { - if (url.startsWith(Constants.FILEPREFIX)) return url; - - else - return configRootDir + "/" + url; - + } else { log.warn("MailUserAcountVerificationTemplate is empty"); throw new ConfigurationException("MailUserAcountRevocationTemplate is empty"); @@ -432,11 +423,7 @@ public class ConfigurationProvider { String url = props.getProperty("general.mail.admin.adresses.template"); if (MiscUtil.isNotEmpty(url)) { - if (url.startsWith(Constants.FILEPREFIX)) - return url; - - else - return configRootDir + "/" + url; + return url; } else { log.warn("MailUserAcountVerificationTemplate is empty"); @@ -453,6 +440,26 @@ public class ConfigurationProvider { return parseVersionFromManifest(); } + public String getCertStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.certstore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLCertStore configured use default JAVA TrustStore."); + + } + + public String getTrustStoreDirectory() throws CertificateException { + String dir = props.getProperty("general.ssl.truststore"); + if (MiscUtil.isNotEmpty(dir)) + return FileUtils.makeAbsoluteURL(dir, configRootDir); + + else + throw new CertificateException("No SSLTrustStore configured use default JAVA TrustStore."); + + } + private void initalPVP2Login() throws ConfigurationException { try { @@ -462,7 +469,8 @@ public class ConfigurationProvider { throw new ConfigurationException("NO IDP Certificate to verify IDP Metadata"); } - InputStream certstream = new FileInputStream(metadataCert); + URL keystoreURL = new URL((FileUtils.makeAbsoluteURL(metadataCert, getConfigRootDir()))); + InputStream certstream = keystoreURL.openStream(); X509Certificate cert = new X509Certificate(certstream); BasicX509Credential idpCredential = new BasicX509Credential(); idpCredential.setEntityCertificate(cert); @@ -474,8 +482,28 @@ public class ConfigurationProvider { log.info("NO IDP Metadata URL."); throw new ConfigurationException("NO IDP Metadata URL."); } - - idpMetadataProvider = new HTTPMetadataProvider(new Timer(), new HttpClient(), metadataurl); + + MOAHttpClient httpClient = new MOAHttpClient(); + + if (metadataurl.startsWith("https:")) { + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + ChainingModeType.PKIX, + true); + + httpClient.setCustomSSLTrustStore(metadataurl, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + + idpMetadataProvider = new HTTPMetadataProvider(new Timer(), httpClient, metadataurl); idpMetadataProvider.setRequireValidMetadata(true); idpMetadataProvider.setParserPool(new BasicParserPool()); idpMetadataProvider.setMetadataFilter(new MetaDataVerificationFilter(idpCredential)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java index 687925c18..25f20372a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/FormularCustomization.java @@ -22,20 +22,40 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data; +import java.io.File; +import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; +import java.util.HashMap; +import java.util.Iterator; import java.util.List; import java.util.Map; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; + +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.util.MiscUtil; -public class FormularCustomization { +public class FormularCustomization implements IOnlineApplicationData { + private static final Logger log = Logger.getLogger(FormularCustomization.class); + private boolean showMandateLoginButton = true; private boolean onlyMandateAllowed = false; @@ -52,25 +72,79 @@ public class FormularCustomization { private String applet_height = null; private String applet_width = null; + private Map<String, String> map = null; private String appletRedirectTarget = null; public static List<String> appletRedirectTargetList = null; - + public static List<String> fontTypeList = null; public String fontTypeListValue = null; + private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>(); + private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>(); + + private List<File> bkuSelectionFileUpload = null; + private List<String> bkuSelectionFileUploadContentType = null; + private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>(); + private boolean deleteBKUTemplate = false; + + private List<File> sendAssertionFileUpload = null; + private List<String> sendAssertionFileUploadContentType = null; + private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();; + private boolean deleteSendAssertionTemplate = false; + + private String aditionalAuthBlockText = null; + private boolean isHideBPKAuthBlock = false; + public FormularCustomization() { + new FormularCustomization(null); + } + + public FormularCustomization(Map<String, String> map) { appletRedirectTargetList = Arrays.asList("","_blank","_self","_parent","_top"); fontTypeList = Arrays.asList("","Verdana","Geneva","Arial","Helvetica","sans-serif","Times New Roman"); Collections.sort(fontTypeList); + + if (map == null) + this.map = new HashMap<String, String>(); + else + this.map = map; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAFormularCustomization"; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA auth = dbOA.getAuthComponentOA(); + + if (dbOA.getAuthComponentOA() != null) + isHideBPKAuthBlock = dbOA.isRemoveBPKFromAuthBlock(); - public void parse(OnlineApplication dbOAConfig, Map<String, String> map) { - AuthComponentOA auth = dbOAConfig.getAuthComponentOA(); - if (auth != null) { TemplatesType templates = auth.getTemplates(); - if (templates != null) { + + if (templates != null) { + aditionalAuthBlockText = templates.getAditionalAuthBlockText(); + + TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); + if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) { + bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); + } + + TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); + if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) { + sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); + } + BKUSelectionCustomizationType formcustom = templates.getBKUSelectionCustomization(); if (formcustom != null) { @@ -140,8 +214,179 @@ public class FormularCustomization { } } } + + request.getSession().setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + dbOA.setRemoveBPKFromAuthBlock(isHideBPKAuthBlock()); + + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + + templates.setAditionalAuthBlockText(getAditionalAuthBlockText()); + + //store BKU-selection and send-assertion templates + if (authUser.isAdmin()) { + + if (isDeleteBKUTemplate()) + templates.setBKUSelectionTemplate(null); + + if (isDeleteSendAssertionTemplate()) + templates.setSendAssertionTemplate(null); + + + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator<String> interator = bkuSelectionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(bkuSelectionForm.get( + template.getFilename())); + + templates.setBKUSelectionTemplate(template); + } + + if (sendAssertionForm != null && sendAssertionForm.size() > 0) { + TransformsInfoType template = new TransformsInfoType(); + + Iterator<String> interator = sendAssertionForm.keySet().iterator(); + template.setFilename(interator.next()); + template.setTransformation(sendAssertionForm.get( + template.getFilename())); + + templates.setSendAssertionTemplate(template); + } + } + + BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); + if (bkuselectioncustom == null) { + bkuselectioncustom = new BKUSelectionCustomizationType(); + templates.setBKUSelectionCustomization(bkuselectioncustom); + } + + if (authoa.getMandates() != null && + (authoa.getMandates().getProfileName() != null + && authoa.getMandates().getProfileName().size() > 0) + || MiscUtil.isNotEmpty(authoa.getMandates().getProfiles())) + + bkuselectioncustom.setMandateLoginButton(true); + else + bkuselectioncustom.setMandateLoginButton(false); + + bkuselectioncustom.setOnlyMandateLoginAllowed(isOnlyMandateAllowed()); + + bkuselectioncustom.setBackGroundColor(parseColor(getBackGroundColor())); + bkuselectioncustom.setFrontColor(parseColor(getFrontColor())); + + bkuselectioncustom.setHeaderBackGroundColor(parseColor(getHeader_BackGroundColor())); + bkuselectioncustom.setHeaderFrontColor(parseColor(getHeader_FrontColor())); + bkuselectioncustom.setHeaderText(getHeader_text()); + + bkuselectioncustom.setButtonBackGroundColor(parseColor(getButton_BackGroundColor())); + bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(getButton_BackGroundColorFocus())); + bkuselectioncustom.setButtonFontColor(parseColor(getButton_FrontColor())); + + if (MiscUtil.isNotEmpty(getAppletRedirectTarget())) + bkuselectioncustom.setAppletRedirectTarget(getAppletRedirectTarget()); + + bkuselectioncustom.setFontType(getFontType()); + + bkuselectioncustom.setAppletHeight(getApplet_height()); + bkuselectioncustom.setAppletWidth(getApplet_width()); + + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + HttpSession session = request.getSession(); + List<String> errors = new ArrayList<String>(); + + String check = null; + if (authUser.isAdmin()) { + //validate aditionalAuthBlockText + check = getAditionalAuthBlockText(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + } + } + + OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); + //validate BKU-selection template + List<String> templateError = valiator_fileUpload.validate(getBkuSelectionFileUploadFileName() + , getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); + if (templateError != null && templateError.size() == 0) { + if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) + session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); + + else + bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + //validate send-assertion template + templateError = valiator_fileUpload.validate(getSendAssertionFileUploadFileName() + , getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); + if (templateError != null && templateError.size() == 0) { + if (sendAssertionForm != null && sendAssertionForm.size() > 0) + session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); + + else + sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); + + } else { + errors.addAll(templateError); + + } + + //validate BKUFormCustomization + errors.addAll(new FormularCustomizationValitator().validate(this, request)); + + return errors; } + private String parseColor(String color) { + String value = ""; + + if (MiscUtil.isNotEmpty(color)) { + if (!color.startsWith("#")) + value = "#" + color; + else + value = color; + } + return value; + } /** * @return the showMandateLoginButton @@ -389,9 +634,165 @@ public class FormularCustomization { public void setApplet_width(String applet_width) { this.applet_width = applet_width; } - - - - + + + /** + * @return the bkuSelectionFileUpload + */ + public List<File> getBkuSelectionFileUpload() { + return bkuSelectionFileUpload; + } + + + /** + * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set + */ + public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) { + this.bkuSelectionFileUpload = bkuSelectionFileUpload; + } + + + /** + * @return the bkuSelectionFileUploadContentType + */ + public List<String> getBkuSelectionFileUploadContentType() { + return bkuSelectionFileUploadContentType; + } + + + /** + * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set + */ + public void setBkuSelectionFileUploadContentType( + List<String> bkuSelectionFileUploadContentType) { + this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; + } + + + /** + * @return the bkuSelectionFileUploadFileName + */ + public List<String> getBkuSelectionFileUploadFileName() { + return bkuSelectionFileUploadFileName; + } + + + /** + * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set + */ + public void setBkuSelectionFileUploadFileName( + List<String> bkuSelectionFileUploadFileName) { + this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; + } + + + /** + * @return the sendAssertionFileUpload + */ + public List<File> getSendAssertionFileUpload() { + return sendAssertionFileUpload; + } + + + /** + * @param sendAssertionFileUpload the sendAssertionFileUpload to set + */ + public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) { + this.sendAssertionFileUpload = sendAssertionFileUpload; + } + + + /** + * @return the sendAssertionFileUploadContentType + */ + public List<String> getSendAssertionFileUploadContentType() { + return sendAssertionFileUploadContentType; + } + + + /** + * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set + */ + public void setSendAssertionFileUploadContentType( + List<String> sendAssertionFileUploadContentType) { + this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; + } + + + /** + * @return the sendAssertionFileUploadFileName + */ + public List<String> getSendAssertionFileUploadFileName() { + return sendAssertionFileUploadFileName; + } + + + /** + * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set + */ + public void setSendAssertionFileUploadFileName( + List<String> sendAssertionFileUploadFileName) { + this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; + } + + + /** + * @return the deleteBKUTemplate + */ + public boolean isDeleteBKUTemplate() { + return deleteBKUTemplate; + } + + + /** + * @param deleteBKUTemplate the deleteBKUTemplate to set + */ + public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { + this.deleteBKUTemplate = deleteBKUTemplate; + } + + + /** + * @return the deleteSendAssertionTemplate + */ + public boolean isDeleteSendAssertionTemplate() { + return deleteSendAssertionTemplate; + } + + + /** + * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set + */ + public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { + this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; + } + + /** + * @return the aditionalAuthBlockText + */ + public String getAditionalAuthBlockText() { + return aditionalAuthBlockText; + } + + /** + * @param aditionalAuthBlockText the aditionalAuthBlockText to set + */ + public void setAditionalAuthBlockText(String aditionalAuthBlockText) { + this.aditionalAuthBlockText = aditionalAuthBlockText; + } + + /** + * @return the isHideBPKAuthBlock + */ + public boolean isHideBPKAuthBlock() { + return isHideBPKAuthBlock; + } + + /** + * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set + */ + public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { + this.isHideBPKAuthBlock = isHideBPKAuthBlock; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java index 69bf5dc0c..c4a825589 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/OAListElement.java @@ -24,11 +24,21 @@ package at.gv.egovernment.moa.id.configuration.data; public class OAListElement { + public enum ServiceType {OA, VIDP, IDP} + private long dataBaseID; private String oaIdentifier; private String oaFriendlyName; private String oaType; private boolean isActive; + private ServiceType serviceType; + + /** + * + */ + public OAListElement(ServiceType type) { + this.serviceType = type; + } /** @@ -95,5 +105,10 @@ public class OAListElement { public String getIsActive(){ return String.valueOf(isActive); } - + /** + * @return the serviceType + */ + public String getServiceType() { + return serviceType.name(); + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java new file mode 100644 index 000000000..37f8fbc07 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/IOnlineApplicationData.java @@ -0,0 +1,64 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; + +/** + * @author tlenz + * + */ +public interface IOnlineApplicationData { + + public String getName(); + + /** + * Parse OnlineApplication database object to formData + * @param dbOAConfig + * @return List of Errors + */ + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Store formData to OnlineApplication database object + * @param dboa: Database data object + * @param authUser + * @param request: + * @return Error description + */ + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request); + + /** + * Validate formData + * @param general + * @param request + * @return + */ + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, HttpServletRequest request); + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java new file mode 100644 index 000000000..cb60a21a0 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -0,0 +1,542 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; +import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; +import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; +import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; +import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAAuthenticationDataValidation; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OAAuthenticationData implements IOnlineApplicationData { + + private String bkuOnlineURL = null; + private String bkuHandyURL = null; + private String bkuLocalURL = null; + + private String mandateProfiles = null; + private boolean useMandates = false; + + private boolean calculateHPI = false; + + private String keyBoxIdentifier = null; + private static Map<String, String> keyBoxIdentifierList; + + private boolean legacy = false; + List<String> SLTemplates = null; + + private Map<String, byte[]> transformations; + + /** + * + */ + public OAAuthenticationData() { + keyBoxIdentifierList = new HashMap<String, String>(); + MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); + for (int i=0; i<values.length; i++) { + keyBoxIdentifierList.put(values[i].value(), values[i].value()); + } + + keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); + + bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; + bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; + + MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (moaidconfig != null) { + DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); + if (defaultbkus != null) { + setBkuHandyURL(defaultbkus.getHandyBKU()); + setBkuLocalURL(defaultbkus.getLocalBKU()); + setBkuOnlineURL(defaultbkus.getOnlineBKU()); + } + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAAuthenticationData"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + keyBoxIdentifier = dbOA.getKeyBoxIdentifier().value(); + + AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + BKUURLS bkuurls = oaauth.getBKUURLS(); + + String defaulthandy = ""; + String defaultlocal = ""; + String defaultonline = ""; + + MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); + if (dbconfig != null) { + DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); + if (defaultbkus != null) { + defaulthandy = defaultbkus.getHandyBKU(); + defaultlocal = defaultbkus.getLocalBKU(); + defaultonline = defaultbkus.getOnlineBKU(); + } + } + + if (bkuurls != null) { + + if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) + bkuHandyURL = defaulthandy; + else + bkuHandyURL = bkuurls.getHandyBKU(); + + if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) + bkuLocalURL = defaultlocal; + else + bkuLocalURL = bkuurls.getLocalBKU(); + + if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) + bkuOnlineURL = defaultonline; + else + bkuOnlineURL = bkuurls.getOnlineBKU(); + } + + Mandates mandates = oaauth.getMandates(); + if (mandates != null) { + + mandateProfiles = null; + + List<String> profileList = mandates.getProfileName(); + for (String el : profileList) { + if (mandateProfiles == null) + mandateProfiles = el; + + else + mandateProfiles += "," + el; + } + + //TODO: only for RC1 + if (MiscUtil.isNotEmpty(mandates.getProfiles())) { + if (mandateProfiles == null) + mandateProfiles = mandates.getProfiles(); + + else + mandateProfiles += "," + mandates.getProfiles(); + + } + + if (mandateProfiles != null) + useMandates = true; + + else + useMandates = false; + + } + + TemplatesType templates = oaauth.getTemplates(); + if (templates != null) { + List<TemplateType> templatetype = templates.getTemplate(); + + if (templatetype != null) { + if (SLTemplates == null) { + SLTemplates = new ArrayList<String>(); + } + + for (TemplateType el : templatetype) { + SLTemplates.add(el.getURL()); + } + } + } + + if (SLTemplates != null && SLTemplates.size() > 0) + legacy = true; + + List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo(); + transformations = new HashMap<String, byte[]>(); + for (TransformsInfoType el : transforminfos) { + transformations.put(el.getFilename(), el.getTransformation()); + } + } + + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + dbOA.setCalculateHPI(isCalculateHPI()); + + if (authUser.isAdmin()) { + + //store BKU-URLs + BKUURLS bkuruls = new BKUURLS(); + authoa.setBKUURLS(bkuruls); + bkuruls.setHandyBKU(getBkuHandyURL()); + bkuruls.setLocalBKU(getBkuLocalURL()); + bkuruls.setOnlineBKU(getBkuOnlineURL()); + + //store SecurtiyLayerTemplates + TemplatesType templates = authoa.getTemplates(); + if (templates == null) { + templates = new TemplatesType(); + authoa.setTemplates(templates); + } + List<TemplateType> template = templates.getTemplate(); + if (isLegacy()) { + + if (template == null) + template = new ArrayList<TemplateType>(); + else + template.clear(); + + if (MiscUtil.isNotEmpty(getSLTemplateURL1())) { + TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL1()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(getSLTemplateURL2())) { + TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL2()); + template.add(el); + } else + template.add(new TemplateType()); + if (MiscUtil.isNotEmpty(getSLTemplateURL3())) { + TemplateType el = new TemplateType(); + el.setURL(getSLTemplateURL3()); + template.add(el); + } else + template.add(new TemplateType()); + + } else { + if (template != null && template.size() > 0) template.clear(); + } + + + //store keyBox Identifier + dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(getKeyBoxIdentifier())); + } else { + if (dbOA.isIsNew()) dbOA.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); + } + + Mandates mandates = new Mandates(); + if (isUseMandates()) { + + String[] profileList = getMandateProfiles().split(","); + + List<String> dbProfiles = mandates.getProfileName(); + if (dbProfiles == null) { + dbProfiles = new ArrayList<String>(); + mandates.setProfileName(dbProfiles); + + } + + for (String el: profileList) + dbProfiles.add(el.trim()); + + mandates.setProfiles(null); + + } else { + mandates.setProfiles(null); + mandates.getProfileName().clear(); + } + authoa.setMandates(mandates); + + // set default transformation if it is empty + List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); + if (transformsInfo == null) { + // TODO: set OA specific transformation if it is required + + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAAuthenticationDataValidation().validate(this, authUser.isAdmin(), request); + } + + + /** + * @return the bkuOnlineURL + */ + public String getBkuOnlineURL() { + return bkuOnlineURL; + } + + + /** + * @param bkuOnlineURL the bkuOnlineURL to set + */ + public void setBkuOnlineURL(String bkuOnlineURL) { + this.bkuOnlineURL = bkuOnlineURL; + } + + + /** + * @return the bkuHandyURL + */ + public String getBkuHandyURL() { + return bkuHandyURL; + } + + + /** + * @param bkuHandyURL the bkuHandyURL to set + */ + public void setBkuHandyURL(String bkuHandyURL) { + this.bkuHandyURL = bkuHandyURL; + } + + + /** + * @return the bkuLocalURL + */ + public String getBkuLocalURL() { + return bkuLocalURL; + } + + + /** + * @param bkuLocalURL the bkuLocalURL to set + */ + public void setBkuLocalURL(String bkuLocalURL) { + this.bkuLocalURL = bkuLocalURL; + } + + + /** + * @return the mandateProfiles + */ + public String getMandateProfiles() { + return mandateProfiles; + } + + + /** + * @param mandateProfiles the mandateProfiles to set + */ + public void setMandateProfiles(String mandateProfiles) { + this.mandateProfiles = mandateProfiles; + } + + + /** + * @return the useMandates + */ + public boolean isUseMandates() { + return useMandates; + } + + + /** + * @param useMandates the useMandates to set + */ + public void setUseMandates(boolean useMandates) { + this.useMandates = useMandates; + } + + + /** + * @return the calculateHPI + */ + public boolean isCalculateHPI() { + return calculateHPI; + } + + + /** + * @param calculateHPI the calculateHPI to set + */ + public void setCalculateHPI(boolean calculateHPI) { + this.calculateHPI = calculateHPI; + } + + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier() { + return keyBoxIdentifier; + } + + + /** + * @param keyBoxIdentifier the keyBoxIdentifier to set + */ + public void setKeyBoxIdentifier(String keyBoxIdentifier) { + this.keyBoxIdentifier = keyBoxIdentifier; + } + + + /** + * @return the keyBoxIdentifierList + */ + public Map<String, String> getKeyBoxIdentifierList() { + return keyBoxIdentifierList; + } + + + /** + * @return the legacy + */ + public boolean isLegacy() { + return legacy; + } + + + /** + * @param legacy the legacy to set + */ + public void setLegacy(boolean legacy) { + this.legacy = legacy; + } + + + /** + * @return the transformations + */ + public Map<String, byte[]> getTransformations() { + return transformations; + } + + + /** + * @param transformations the transformations to set + */ + public void setTransformations(Map<String, byte[]> transformations) { + this.transformations = transformations; + } + + + /** + * @return the sLTemplates + */ + public List<String> getSLTemplates() { + return SLTemplates; + } + + /** + * @return the sLTemplateURL1 + */ + public String getSLTemplateURL1() { + if (SLTemplates != null && SLTemplates.size() > 0) + return SLTemplates.get(0); + else + return null; + } + + + /** + * @param sLTemplateURL1 the sLTemplateURL1 to set + */ + public void setSLTemplateURL1(String sLTemplateURL1) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL1); + } + + + /** + * @return the sLTemplateURL2 + */ + public String getSLTemplateURL2() { + if (SLTemplates != null && SLTemplates.size() > 1) + return SLTemplates.get(1); + else + return null; + } + + + /** + * @param sLTemplateURL2 the sLTemplateURL2 to set + */ + public void setSLTemplateURL2(String sLTemplateURL2) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL2); + } + + + /** + * @return the sLTemplateURL3 + */ + public String getSLTemplateURL3() { + if (SLTemplates != null && SLTemplates.size() > 2) + return SLTemplates.get(2); + else + return null; + } + + + /** + * @param sLTemplateURL3 the sLTemplateURL3 to set + */ + public void setSLTemplateURL3(String sLTemplateURL3) { + if (SLTemplates == null) + SLTemplates = new ArrayList<String>(); + SLTemplates.add(sLTemplateURL3); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java index d43c97aed..05e163c23 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java @@ -22,273 +22,125 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; -import java.io.File; import java.util.ArrayList; -import java.util.Arrays; -import java.util.HashMap; import java.util.List; -import java.util.Map; -import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; -import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; -import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs; -import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; -import at.gv.egovernment.moa.id.commons.db.dao.config.MOAKeyBoxSelector; -import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; -import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType; -import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; -public class OAGeneralConfig { - +public class OAGeneralConfig implements IOnlineApplicationData{ + private static final Logger log = Logger.getLogger(OAGeneralConfig.class); + + private boolean isActive = false; + private String dbID = null; - private String bkuOnlineURL = null; - private String bkuHandyURL = null; - private String bkuLocalURL = null; - private String identifier = null; private String friendlyName = null; + private boolean businessService = false; - private boolean businessService = false; - - private String target = null; - private String target_subsector = null; - private String target_admin = null; - private static List<String> targetList = null; - private String targetFriendlyName = null; - private boolean isAdminTarget = false; - - private String identificationNumber = null; - private String identificationType = null; - private static List<String> identificationTypeList = null; - - private String aditionalAuthBlockText = null; - - private String mandateProfiles = null; - private boolean useMandates = false; - - private boolean isActive = false; - private boolean calculateHPI = false; - - private String keyBoxIdentifier = null; - private static Map<String, String> keyBoxIdentifierList; - - private boolean legacy = false; - List<String> SLTemplates = null; - - private boolean isHideBPKAuthBlock = false; - - private Map<String, byte[]> transformations; - - private List<File> bkuSelectionFileUpload = null; - private List<String> bkuSelectionFileUploadContentType = null; - private List<String> bkuSelectionFileUploadFileName = new ArrayList<String>(); - - private List<File> sendAssertionFileUpload = null; - private List<String> sendAssertionFileUploadContentType = null; - private List<String> sendAssertionFileUploadFileName = new ArrayList<String>();; - - private boolean deleteBKUTemplate = false; - private boolean deleteSendAssertionTemplate = false; - - public OAGeneralConfig() { - keyBoxIdentifierList = new HashMap<String, String>(); - MOAKeyBoxSelector[] values = MOAKeyBoxSelector.values(); - for (int i=0; i<values.length; i++) { - keyBoxIdentifierList.put(values[i].value(), values[i].value()); - } - - keyBoxIdentifier = MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR.value(); - - bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL; - bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL; - - targetList = TargetValidator.getListOfTargets(); - target = ""; - - identificationTypeList = Arrays.asList( - Constants.IDENIFICATIONTYPE_FN, - Constants.IDENIFICATIONTYPE_ZVR, - Constants.IDENIFICATIONTYPE_ERSB, - Constants.IDENIFICATIONTYPE_STORK); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAGeneralInformation"; } - - public void parse(OnlineApplication dbOAConfig) { - + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { isActive = dbOAConfig.isIsActive(); - friendlyName = dbOAConfig.getFriendlyName(); - - keyBoxIdentifier = dbOAConfig.getKeyBoxIdentifier().value(); - + friendlyName = dbOAConfig.getFriendlyName(); identifier = dbOAConfig.getPublicURLPrefix(); - String target_full = dbOAConfig.getTarget(); - if (MiscUtil.isNotEmpty(target_full)) { - if (TargetValidator.isValidTarget(target_full)) { - target = target_full; - - } else { - String[] target_split = target_full.split("-"); - - if (TargetValidator.isValidTarget(target_split[0])) { - target = target_split[0]; - if (target_split.length > 1) - target_subsector = target_split[1]; - - } else { - target = ""; - target_subsector = null; - target_admin = target_full; - isAdminTarget = true; - } - } - targetFriendlyName = dbOAConfig.getTargetFriendlyName(); - } - if (dbOAConfig.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) businessService = true; else businessService = false; + + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + if (authUser.isAdmin()) dbOA.setIsActive(isActive()); + + dbOA.setPublicURLPrefix(getIdentifier()); + dbOA.setFriendlyName(getFriendlyName()); + + if (isBusinessService() || authUser.isOnlyBusinessService()) { + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + } else { + dbOA.setType(null); + } + + return null; + + } - AuthComponentOA oaauth = dbOAConfig.getAuthComponentOA(); - if (oaauth != null) { - BKUURLS bkuurls = oaauth.getBKUURLS(); - - String defaulthandy = ""; - String defaultlocal = ""; - String defaultonline = ""; - - MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (dbconfig != null) { - DefaultBKUs defaultbkus = dbconfig.getDefaultBKUs(); - if (defaultbkus != null) { - defaulthandy = defaultbkus.getHandyBKU(); - defaultlocal = defaultbkus.getLocalBKU(); - defaultonline = defaultbkus.getOnlineBKU(); - } - } - - if (bkuurls != null) { - - if (MiscUtil.isEmpty(bkuurls.getHandyBKU())) - bkuHandyURL = defaulthandy; - else - bkuHandyURL = bkuurls.getHandyBKU(); - - if (MiscUtil.isEmpty(bkuurls.getLocalBKU())) - bkuLocalURL = defaultlocal; - else - bkuLocalURL = bkuurls.getLocalBKU(); - - if (MiscUtil.isEmpty(bkuurls.getOnlineBKU())) - bkuOnlineURL = defaultonline; - else - bkuOnlineURL = bkuurls.getOnlineBKU(); - } - - IdentificationNumber idnumber = oaauth.getIdentificationNumber(); - if (idnumber != null) { - String number = idnumber.getValue(); - if (MiscUtil.isNotEmpty(number)) { - String[] split = number.split("\\+"); - - if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { - identificationType = split[1]; - identificationNumber = split[2]; - } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { - //identificationType = split[1]; // setting at as iden category ? - identificationType = Constants.IDENIFICATIONTYPE_STORK; - identificationNumber = split[2]; // setting sp country as ident type -> sp ident - } - } - } - - Mandates mandates = oaauth.getMandates(); - if (mandates != null) { - - mandateProfiles = null; - - List<MandatesProfileNameItem> profileList = mandates.getProfileNameItems(); - for (MandatesProfileNameItem el : profileList) { - if (mandateProfiles == null) - mandateProfiles = el.getItem(); - - else - mandateProfiles += "," + el.getItem(); - } - - //TODO: only for RC1 - if (MiscUtil.isNotEmpty(mandates.getProfiles())) { - if (mandateProfiles == null) - mandateProfiles = mandates.getProfiles(); - - else - mandateProfiles += "," + mandates.getProfiles(); - - } - - if (mandateProfiles != null) - useMandates = true; - - else - useMandates = false; - - } - - TemplatesType templates = oaauth.getTemplates(); - if (templates != null) { - aditionalAuthBlockText = templates.getAditionalAuthBlockText(); - List<TemplateType> templatetype = templates.getTemplate(); - - if (templatetype != null) { - if (SLTemplates == null) { - SLTemplates = new ArrayList<String>(); - } - - for (TemplateType el : templatetype) { - SLTemplates.add(el.getURL()); - } - } - - TransformsInfoType bkuSelectTemplate = templates.getBKUSelectionTemplate(); - if (bkuSelectTemplate != null && MiscUtil.isNotEmpty(bkuSelectTemplate.getFilename())) { - bkuSelectionFileUploadFileName.add(bkuSelectTemplate.getFilename()); - } - - TransformsInfoType sendAssertionTemplate = templates.getSendAssertionTemplate(); - if (sendAssertionTemplate != null && MiscUtil.isNotEmpty(sendAssertionTemplate.getFilename())) { - sendAssertionFileUploadFileName.add(sendAssertionTemplate.getFilename()); - } - } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { - if (SLTemplates != null && SLTemplates.size() > 0) - legacy = true; + List<String> errors = new ArrayList<String>(); + String check; - List<TransformsInfoType> transforminfos = oaauth.getTransformsInfo(); - transformations = new HashMap<String, byte[]>(); - for (TransformsInfoType el : transforminfos) { - transformations.put(el.getFilename(), el.getTransformation()); + //check OA FriendlyName + check = getFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("OAFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); } - + } else { + log.info("OA friendlyName is empty"); + errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); } - isHideBPKAuthBlock = dbOAConfig.isRemoveBPKFromAuthBlock(); + return errors; } + public boolean isBusinessService() { + return businessService; + } + + public void setBusinessService(boolean businessService) { + this.businessService = businessService; + } + public String getIdentifier() { return identifier; } @@ -305,54 +157,6 @@ public class OAGeneralConfig { this.friendlyName = friendlyName; } - public String getTarget() { - return target; - } - - public void setTarget(String target) { - this.target = target; - } - - public String getTargetFriendlyName() { - return targetFriendlyName; - } - - public void setTargetFriendlyName(String targetFriendlyName) { - this.targetFriendlyName = targetFriendlyName; - } - - public String getIdentificationNumber() { - return identificationNumber; - } - - public void setIdentificationNumber(String identificationNumber) { - this.identificationNumber = identificationNumber; - } - - public String getIdentificationType() { - return identificationType; - } - - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - public String getAditionalAuthBlockText() { - return aditionalAuthBlockText; - } - - public void setAditionalAuthBlockText(String aditionalAuthBlockText) { - this.aditionalAuthBlockText = aditionalAuthBlockText; - } - - public String getMandateProfiles() { - return mandateProfiles; - } - - public void setMandateProfiles(String mandateProfiles) { - this.mandateProfiles = mandateProfiles; - } - public boolean isActive() { return isActive; } @@ -361,67 +165,6 @@ public class OAGeneralConfig { this.isActive = isActive; } - public boolean isBusinessService() { - return businessService; - } - - public void setBusinessService(boolean businessService) { - this.businessService = businessService; - } - - public String getBkuOnlineURL() { - return bkuOnlineURL; - } - - public void setBkuOnlineURL(String bkuOnlineURL) { - this.bkuOnlineURL = bkuOnlineURL; - } - - public String getBkuHandyURL() { - return bkuHandyURL; - } - - public void setBkuHandyURL(String bkuHandyURL) { - this.bkuHandyURL = bkuHandyURL; - } - - public String getBkuLocalURL() { - return bkuLocalURL; - } - - public void setBkuLocalURL(String bkuLocalURL) { - this.bkuLocalURL = bkuLocalURL; - } - - /** - * @return the keyBoxIdentifier - */ - public String getKeyBoxIdentifier() { - return keyBoxIdentifier; - } - - /** - * @param keyBoxIdentifier the keyBoxIdentifier to set - */ - public void setKeyBoxIdentifier(String keyBoxIdentifier) { - this.keyBoxIdentifier = keyBoxIdentifier; - } - - /** - * @return the transformations - */ - public Map<String, byte[]> getTransformations() { - return transformations; - } - - /** - * @param transformations the transformations to set - */ - public void setTransformations(Map<String, byte[]> transformations) { - this.transformations = transformations; - } - - /** * @return the dbID */ @@ -443,346 +186,4 @@ public class OAGeneralConfig { public void setDbID(String dbID) { this.dbID = dbID; } - - - /** - * @return the calculateHPI - */ - public boolean isCalculateHPI() { - return calculateHPI; - } - - - /** - * @param calculateHPI the calculateHPI to set - */ - public void setCalculateHPI(boolean calculateHPI) { - this.calculateHPI = calculateHPI; - } - - - /** - * @return the keyBoxIdentifierList - */ - public Map<String, String> getKeyBoxIdentifierList() { - return keyBoxIdentifierList; - } - - - /** - * @param keyBoxIdentifierList the keyBoxIdentifierList to set - */ - public void setKeyBoxIdentifierList(Map<String, String> list) { - keyBoxIdentifierList = list; - } - - - /** - * @return the legacy - */ - public boolean isLegacy() { - return legacy; - } - - - /** - * @param legacy the legacy to set - */ - public void setLegacy(boolean legacy) { - this.legacy = legacy; - } - - - /** - * @return the sLTemplateURL1 - */ - public String getSLTemplateURL1() { - if (SLTemplates != null && SLTemplates.size() > 0) - return SLTemplates.get(0); - else - return null; - } - - - /** - * @param sLTemplateURL1 the sLTemplateURL1 to set - */ - public void setSLTemplateURL1(String sLTemplateURL1) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL1); - } - - - /** - * @return the sLTemplateURL2 - */ - public String getSLTemplateURL2() { - if (SLTemplates != null && SLTemplates.size() > 1) - return SLTemplates.get(1); - else - return null; - } - - - /** - * @param sLTemplateURL2 the sLTemplateURL2 to set - */ - public void setSLTemplateURL2(String sLTemplateURL2) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL2); - } - - - /** - * @return the sLTemplateURL3 - */ - public String getSLTemplateURL3() { - if (SLTemplates != null && SLTemplates.size() > 2) - return SLTemplates.get(2); - else - return null; - } - - - /** - * @param sLTemplateURL3 the sLTemplateURL3 to set - */ - public void setSLTemplateURL3(String sLTemplateURL3) { - if (SLTemplates == null) - SLTemplates = new ArrayList<String>(); - SLTemplates.add(sLTemplateURL3); - } - - - /** - * @return the target_subsector - */ - public String getTarget_subsector() { - return target_subsector; - } - - - /** - * @param target_subsector the target_subsector to set - */ - public void setTarget_subsector(String target_subsector) { - this.target_subsector = target_subsector; - } - - - /** - * @return the target_admin - */ - public String getTarget_admin() { - return target_admin; - } - - - /** - * @param target_admin the target_admin to set - */ - public void setTarget_admin(String target_admin) { - this.target_admin = target_admin; - } - - - /** - * @return the targetList - */ - public List<String> getTargetList() { - return targetList; - } - - - /** - * @return the identificationTypeList - */ - public List<String> getIdentificationTypeList() { - return identificationTypeList; - } - - - /** - * @return the isAdminTarget - */ - public boolean isAdminTarget() { - return isAdminTarget; - } - - - /** - * @param isAdminTarget the isAdminTarget to set - */ - public void setAdminTarget(boolean isAdminTarget) { - this.isAdminTarget = isAdminTarget; - } - - - /** - * @return the isHideBPKAuthBlock - */ - public boolean isHideBPKAuthBlock() { - return isHideBPKAuthBlock; - } - - - /** - * @param isHideBPKAuthBlock the isHideBPKAuthBlock to set - */ - public void setHideBPKAuthBlock(boolean isHideBPKAuthBlock) { - this.isHideBPKAuthBlock = isHideBPKAuthBlock; - } - - - /** - * @return the useMandates - */ - public boolean isUseMandates() { - return useMandates; - } - - - /** - * @param useMandates the useMandates to set - */ - public void setUseMandates(boolean useMandates) { - this.useMandates = useMandates; - } - - - /** - * @return the bkuSelectionFileUpload - */ - public List<File> getBkuSelectionFileUpload() { - return bkuSelectionFileUpload; - } - - - /** - * @param bkuSelectionFileUpload the bkuSelectionFileUpload to set - */ - public void setBkuSelectionFileUpload(List<File> bkuSelectionFileUpload) { - this.bkuSelectionFileUpload = bkuSelectionFileUpload; - } - - - /** - * @return the bkuSelectionFileUploadContentType - */ - public List<String> getBkuSelectionFileUploadContentType() { - return bkuSelectionFileUploadContentType; - } - - - /** - * @param bkuSelectionFileUploadContentType the bkuSelectionFileUploadContentType to set - */ - public void setBkuSelectionFileUploadContentType( - List<String> bkuSelectionFileUploadContentType) { - this.bkuSelectionFileUploadContentType = bkuSelectionFileUploadContentType; - } - - - /** - * @return the bkuSelectionFileUploadFileName - */ - public List<String> getBkuSelectionFileUploadFileName() { - return bkuSelectionFileUploadFileName; - } - - - /** - * @param bkuSelectionFileUploadFileName the bkuSelectionFileUploadFileName to set - */ - public void setBkuSelectionFileUploadFileName( - List<String> bkuSelectionFileUploadFileName) { - this.bkuSelectionFileUploadFileName = bkuSelectionFileUploadFileName; - } - - - /** - * @return the sendAssertionFileUpload - */ - public List<File> getSendAssertionFileUpload() { - return sendAssertionFileUpload; - } - - - /** - * @param sendAssertionFileUpload the sendAssertionFileUpload to set - */ - public void setSendAssertionFileUpload(List<File> sendAssertionFileUpload) { - this.sendAssertionFileUpload = sendAssertionFileUpload; - } - - - /** - * @return the sendAssertionFileUploadContentType - */ - public List<String> getSendAssertionFileUploadContentType() { - return sendAssertionFileUploadContentType; - } - - - /** - * @param sendAssertionFileUploadContentType the sendAssertionFileUploadContentType to set - */ - public void setSendAssertionFileUploadContentType( - List<String> sendAssertionFileUploadContentType) { - this.sendAssertionFileUploadContentType = sendAssertionFileUploadContentType; - } - - - /** - * @return the sendAssertionFileUploadFileName - */ - public List<String> getSendAssertionFileUploadFileName() { - return sendAssertionFileUploadFileName; - } - - - /** - * @param sendAssertionFileUploadFileName the sendAssertionFileUploadFileName to set - */ - public void setSendAssertionFileUploadFileName( - List<String> sendAssertionFileUploadFileName) { - this.sendAssertionFileUploadFileName = sendAssertionFileUploadFileName; - } - - - /** - * @return the deleteBKUTemplate - */ - public boolean isDeleteBKUTemplate() { - return deleteBKUTemplate; - } - - - /** - * @param deleteBKUTemplate the deleteBKUTemplate to set - */ - public void setDeleteBKUTemplate(boolean deleteBKUTemplate) { - this.deleteBKUTemplate = deleteBKUTemplate; - } - - - /** - * @return the deleteSendAssertionTemplate - */ - public boolean isDeleteSendAssertionTemplate() { - return deleteSendAssertionTemplate; - } - - - /** - * @param deleteSendAssertionTemplate the deleteSendAssertionTemplate to set - */ - public void setDeleteSendAssertionTemplate(boolean deleteSendAssertionTemplate) { - this.deleteSendAssertionTemplate = deleteSendAssertionTemplate; - } - - - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java new file mode 100644 index 000000000..5db9029bd --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java @@ -0,0 +1,186 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData { + + private static final Logger log = Logger.getLogger(OAMOAIDPInterfederationConfig.class); + + private String queryURL; + private boolean inboundSSO = true; + private boolean outboundSSO = true; + private boolean storeSSOSession = true; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "MOAIDPInterfederation"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + + InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP != null) { + this.queryURL = moaIDP.getAttributeQueryURL(); + this.inboundSSO = moaIDP.isInboundSSO(); + this.outboundSSO = moaIDP.isOutboundSSO(); + this.storeSSOSession = moaIDP.isStoreSSOSession(); + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + if (authUser.isAdmin()) { + dbOA.setIsInterfederationIDP(true); + + InterfederationIDPType moaIDP = dbOA.getInterfederationIDP(); + if (moaIDP == null) { + moaIDP = new InterfederationIDPType(); + dbOA.setInterfederationIDP(moaIDP); + } + + moaIDP.setAttributeQueryURL(queryURL); + moaIDP.setInboundSSO(inboundSSO); + moaIDP.setOutboundSSO(outboundSSO); + moaIDP.setStoreSSOSession(storeSSOSession); + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + + List<String> errors = new ArrayList<String>(); + + if (MiscUtil.isNotEmpty(queryURL)) { + if (!ValidationHelper.validateURL(queryURL)) { + log.info("AttributeQuery URL is not valid"); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.valid", request)); + + } + } + + if (inboundSSO && MiscUtil.isEmpty(queryURL)) { + log.info("Inbound Single Sign-On requires AttributQueryURL configuration."); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request)); + } + + return errors; + } + + /** + * @return the queryURL + */ + public String getQueryURL() { + return queryURL; + } + + /** + * @param queryURL the queryURL to set + */ + public void setQueryURL(String queryURL) { + this.queryURL = queryURL; + } + + /** + * @return the inboundSSO + */ + public boolean isInboundSSO() { + return inboundSSO; + } + + /** + * @param inboundSSO the inboundSSO to set + */ + public void setInboundSSO(boolean inboundSSO) { + this.inboundSSO = inboundSSO; + } + + /** + * @return the outboundSSO + */ + public boolean isOutboundSSO() { + return outboundSSO; + } + + /** + * @param outboundSSO the outboundSSO to set + */ + public void setOutboundSSO(boolean outboundSSO) { + this.outboundSSO = outboundSSO; + } + + /** + * @return the storeSSOSession + */ + public boolean isStoreSSOSession() { + return storeSSOSession; + } + + /** + * @param storeSSOSession the storeSSOSession to set + */ + public void setStoreSSOSession(boolean storeSSOSession) { + this.storeSSOSession = storeSSOSession; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java index 3617c192e..b95090a55 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAOAuth20Config.java @@ -27,6 +27,7 @@ import java.util.List; import java.util.UUID; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; @@ -34,10 +35,13 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAOAUTH20ConfigValidation; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; -public class OAOAuth20Config { +public class OAOAuth20Config implements IOnlineApplicationData{ private final Logger log = Logger.getLogger(OAOAuth20Config.class); @@ -45,12 +49,24 @@ public class OAOAuth20Config { private String clientSecret = null; private String redirectUri = null; - public OAOAuth20Config() { + public OAOAuth20Config() { + this.generateClientSecret(); + } - public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAOpenIDConnect"; + } + + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); + HttpSession session = request.getSession(); + AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); if (authdata != null) { // set client id to public url prefix @@ -77,7 +93,52 @@ public class OAOAuth20Config { } } - return errors; + session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.getClientSecret()); + + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAOAUTH20ConfigValidation().validate(this, request); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + log.debug("Saving OAuth 2.0 configuration:"); + OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); + if (oaOAuth20 == null) { + oaOAuth20 = new OAOAUTH20(); + authoa.setOAOAUTH20(oaOAuth20); + } + + oaOAuth20.setOAuthClientId(dbOA.getPublicURLPrefix()); + // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); + oaOAuth20.setOAuthRedirectUri(getRedirectUri()); + log.debug("client id: " + getClientId()); + log.debug("client secret: " + getClientSecret()); + log.debug("redirect uri:" + getRedirectUri()); + + oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); + request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); + + return null; } public String getClientId() { @@ -106,6 +167,5 @@ public class OAOAuth20Config { public void generateClientSecret() { this.clientSecret = UUID.randomUUID().toString(); - } - + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java index a61e1ea96..bcac63a5f 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAPVP2Config.java @@ -27,6 +27,7 @@ import java.io.FileInputStream; import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; +import java.util.Date; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -37,10 +38,12 @@ import iaik.x509.X509Certificate; import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.oa.OAPVP2ConfigValidation; import at.gv.egovernment.moa.util.MiscUtil; -public class OAPVP2Config { +public class OAPVP2Config implements IOnlineApplicationData{ private final Logger log = Logger.getLogger(OAPVP2Config.class); @@ -56,7 +59,72 @@ public class OAPVP2Config { public OAPVP2Config() { } - public List<String> parse(OnlineApplication dbOAConfig, HttpServletRequest request) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OAPVP2"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser) + */ + @Override + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + OAPVP2 pvp2 = authoa.getOAPVP2(); + if (pvp2 == null) { + pvp2 = new OAPVP2(); + authoa.setOAPVP2(pvp2); + } + + try { + + if (getFileUpload() != null) { + pvp2.setCertificate(getCertificate()); + setReLoad(true); + } + + } catch (CertificateException e) { + log.info("Uploaded Certificate can not be found", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); + } catch (IOException e) { + log.info("Uploaded Certificate can not be parsed", e); + return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); + } + + if (getMetaDataURL() != null && + !getMetaDataURL().equals(pvp2.getMetadataURL())) + setReLoad(true); + pvp2.setMetadataURL(getMetaDataURL()); + + if (isReLoad()) + pvp2.setUpdateRequiredItem(new Date()); + + return null; + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OAPVP2ConfigValidation().validate(this, general.getIdentifier(), request); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication) + */ + @Override + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); @@ -158,7 +226,6 @@ public class OAPVP2Config { this.reLoad = reLoad; } - } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java index bb5baf53e..8d7d02048 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASAML1Config.java @@ -22,11 +22,18 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; +import java.math.BigInteger; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASAML1ConfigValidation; -public class OASAML1Config { +public class OASAML1Config implements IOnlineApplicationData{ private Boolean isActive = false; private Boolean provideStammZahl = false; @@ -41,8 +48,20 @@ public class OASAML1Config { public OASAML1Config() { } - public void parse(OnlineApplication dbOAConfig) { - AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OASAML1"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authdata = dbOA.getAuthComponentOA(); if (authdata != null) { OASAML1 saml1 = authdata.getOASAML1(); if (saml1 != null) { @@ -62,8 +81,55 @@ public class OASAML1Config { isActive = saml1.isIsActive(); } } + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OASAML1ConfigValidation().validate(this, general, request); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + OASAML1 saml1 = authoa.getOASAML1(); + if (saml1 == null) { + saml1 = new OASAML1(); + authoa.setOASAML1(saml1); + saml1.setIsActive(false); + } + + if (authUser.isAdmin()) { + saml1.setIsActive(isActive()); + } + + if (saml1.isIsActive() != null && saml1.isIsActive()) { + saml1.setProvideAUTHBlock(isProvideAuthBlock()); + saml1.setProvideCertificate(isProvideCertificate()); + saml1.setProvideFullMandatorData(isProvideFullMandateData()); + saml1.setProvideIdentityLink(isProvideIdentityLink()); + saml1.setProvideStammzahl(isProvideStammZahl()); + saml1.setUseCondition(isUseCondition()); + saml1.setConditionLength(BigInteger.valueOf(getConditionLength())); + // TODO: set sourceID + // saml1.setSourceID(""); + } + + return null; + } + public boolean isProvideStammZahl() { return provideStammZahl; } @@ -119,8 +185,5 @@ public class OASAML1Config { */ public void setActive(boolean isActive) { this.isActive = isActive; - } - - - + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java index 593c2291f..28144666b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASSOConfig.java @@ -22,11 +22,17 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.data.oa; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.OASSO; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASSOConfigValidation; -public class OASSOConfig { +public class OASSOConfig implements IOnlineApplicationData{ private boolean useSSO = false; private boolean showAuthDataFrame = true; @@ -36,7 +42,15 @@ public class OASSOConfig { } - public void parse(OnlineApplication dbOAConfig) { + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OASingleSignOn"; + } + + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); if (authdata != null) { OASSO ssoconfig = authdata.getOASSO(); @@ -46,6 +60,42 @@ public class OASSOConfig { singleLogOutURL = ssoconfig.getSingleLogOutURL(); } } + + return null; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASSOConfigValidation().validate(this, authUser.isAdmin(), request); + } + + public String store(OnlineApplication dboa, AuthenticatedUser authUser, HttpServletRequest request) { + + AuthComponentOA authoa = dboa.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dboa.setAuthComponentOA(authoa); + } + + OASSO sso = authoa.getOASSO(); + if (sso == null) { + sso = new OASSO(); + authoa.setOASSO(sso); + sso.setAuthDataFrame(true); + } + sso.setUseSSO(this.useSSO); + + if (authUser.isAdmin()) + sso.setAuthDataFrame(this.showAuthDataFrame); + + sso.setSingleLogOutURL(this.singleLogOutURL); + + return null; } public boolean isUseSSO() { @@ -65,7 +115,5 @@ public class OASSOConfig { } public void setSingleLogOutURL(String singleLogOutURL) { this.singleLogOutURL = singleLogOutURL; - } - - + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java index 03d2d6d1e..f5c92fec9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OASTORKConfig.java @@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.configuration.data.oa; import java.util.ArrayList; import java.util.List; +import javax.servlet.http.HttpServletRequest; + import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; @@ -35,10 +37,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OASTORK; import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; -import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OASTORKConfigValidation; import at.gv.egovernment.moa.id.protocols.stork2.AttributeProviderFactory; -public class OASTORKConfig { +public class OASTORKConfig implements IOnlineApplicationData{ private static final Logger log = Logger.getLogger(OASTORKConfig.class); @@ -62,15 +65,24 @@ public class OASTORKConfig { for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { citizenCountries.add(current.getCountryCode()); } + } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OASTORK2"; + } + /** * Parses the OA config for stork entities. * * @param dbOAConfig * the db oa config */ - public void parse(OnlineApplication dbOAConfig) { + public List<String> parse(OnlineApplication dbOAConfig, AuthenticatedUser authUser, HttpServletRequest request) { AuthComponentOA authdata = dbOAConfig.getAuthComponentOA(); if (authdata != null) { OASTORK config = authdata.getOASTORK(); @@ -106,8 +118,15 @@ public class OASTORKConfig { } // fetch vidp config - setVidpEnabled(config.isVidpEnabled()); - setRequireConsent(config.isRequireConsent()); + if (config.isVidpEnabled() != null) + setVidpEnabled(config.isVidpEnabled()); + else + setVidpEnabled(false); + + if (config.isRequireConsent() != null) + setRequireConsent(config.isRequireConsent()); + else + setRequireConsent(false); attributeProviderPlugins = config.getAttributeProviders(); // - if no attribute providers are configured, add a dummy @@ -121,8 +140,53 @@ public class OASTORKConfig { } } } + + return null; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, AuthenticatedUser authUser, + HttpServletRequest request) { + return new OASTORKConfigValidation().validate(this, request); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + // fetch stork configuration from database model + OASTORK stork = authoa.getOASTORK(); + if (stork == null) { + // if there is none, create a new one with default values. + stork = new OASTORK(); + authoa.setOASTORK(stork); + stork.setStorkLogonEnabled(false); + } + // transfer the incoming data to the database model + stork.setStorkLogonEnabled(isStorkLogonEnabled()); + stork.setQaa(getQaa()); + stork.setOAAttributes(getAttributes()); + stork.setVidpEnabled(isVidpEnabled()); + stork.setRequireConsent(isRequireConsent()); + stork.setAttributeProviders(getAttributeProviderPlugins()); + stork.setCPEPS(getEnabledCPEPS()); + + return null; + + } + public boolean isStorkLogonEnabled() { return isStorkLogonEnabled; } @@ -182,12 +246,17 @@ public class OASTORKConfig { } public List<CPEPS> getEnabledCPEPS() { - List<CPEPS> result = new ArrayList<CPEPS>(); - for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { - if(enabledCitizenCountries.contains(current.getCountryCode())) - result.add(current); + if (enabledCitizenCountries != null) { + List<CPEPS> result = new ArrayList<CPEPS>(); + for(CPEPS current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS()) { + if(enabledCitizenCountries.contains(current.getCountryCode())) + result.add(current); + } + return result; } - return result; + + return null; + } public List<String> getAvailableAttributeProviderPlugins() { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java new file mode 100644 index 000000000..4036bc25f --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -0,0 +1,368 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.data.oa; + +import java.util.Arrays; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.validation.TargetValidator; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; +import at.gv.egovernment.moa.id.configuration.validation.oa.OATargetConfigValidation; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class OATargetConfiguration implements IOnlineApplicationData { + + private boolean deaktivededBusinessService = false; + + private boolean subTargetSet = false; + + private String target = null; + private String target_subsector = null; + private String target_admin = null; + private static List<String> targetList = null; + private String targetFriendlyName = null; + private boolean isAdminTarget = false; + + private String identificationNumber = null; + private String identificationType = null; + private static List<String> identificationTypeList = null; + + public OATargetConfiguration() { + targetList = TargetValidator.getListOfTargets(); + target = ""; + + identificationTypeList = Arrays.asList( + Constants.IDENIFICATIONTYPE_FN, + Constants.IDENIFICATIONTYPE_ZVR, + Constants.IDENIFICATIONTYPE_ERSB, + Constants.IDENIFICATIONTYPE_STORK); + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName() + */ + @Override + public String getName() { + return "OATargetConfig"; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> parse(OnlineApplication dbOA, + AuthenticatedUser authUser, HttpServletRequest request) { + subTargetSet = MiscUtil.isNotEmpty(getTarget_subsector()); + + String target_full = dbOA.getTarget(); + if (MiscUtil.isNotEmpty(target_full)) { + if (TargetValidator.isValidTarget(target_full)) { + target = target_full; + + } else { + String[] target_split = target_full.split("-"); + + if (TargetValidator.isValidTarget(target_split[0])) { + target = target_split[0]; + if (target_split.length > 1) + target_subsector = target_split[1]; + + } else { + target = ""; + target_subsector = null; + target_admin = target_full; + isAdminTarget = true; + } + } + targetFriendlyName = dbOA.getTargetFriendlyName(); + } + + AuthComponentOA oaauth = dbOA.getAuthComponentOA(); + if (oaauth != null) { + + IdentificationNumber idnumber = oaauth.getIdentificationNumber(); + if (idnumber != null) { + String number = idnumber.getValue(); + if (MiscUtil.isNotEmpty(number)) { + String[] split = number.split("\\+"); + + if (Constants.PREFIX_WPBK.startsWith(split[0]) && split.length >= 2) { + identificationType = split[1]; + identificationNumber = split[2]; + } else if (Constants.PREFIX_STORK.startsWith(split[0]) && split.length >= 2) { + //identificationType = split[1]; // setting at as iden category ? + identificationType = Constants.IDENIFICATIONTYPE_STORK; + identificationNumber = split[2]; // setting sp country as ident type -> sp ident + } + } + + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + + identificationType = authUser.getBusinessServiceType(); + identificationNumber = authUser.getBusinessServiceNumber(); + + } + + } + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public String store(OnlineApplication dbOA, AuthenticatedUser authUser, + HttpServletRequest request) { + + AuthComponentOA authoa = dbOA.getAuthComponentOA(); + if (authoa == null) { + authoa = new AuthComponentOA(); + dbOA.setAuthComponentOA(authoa); + } + + if (isBusinessService(dbOA) || authUser.isOnlyBusinessService()) { + + dbOA.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); + + String num = null; + if (authUser.isOnlyBusinessService()) { + deaktivededBusinessService = authUser.isOnlyBusinessService(); + num = authUser.getBusinessServiceType() + authUser.getBusinessServiceNumber(); + + } else { + + num = getIdentificationNumber().replaceAll(" ", ""); + if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { + num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); + + num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); + + // num = StringUtils.leftPad(num, 7, '0'); + } + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) + num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); + + if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) + num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); + } + + IdentificationNumber idnumber = new IdentificationNumber(); + + if (getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { + idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } else { + idnumber.setValue(Constants.PREFIX_WPBK + getIdentificationType() + "+" + num); + idnumber.setType(Constants.BUSINESSSERVICENAMES.get(getIdentificationType())); + } + + authoa.setIdentificationNumber(idnumber); + + } else { + dbOA.setType(null); + + if (authUser.isAdmin()) { + if (MiscUtil.isNotEmpty(getTarget_admin()) && isAdminTarget()) { + dbOA.setTarget(getTarget_admin()); + dbOA.setTargetFriendlyName(getTargetFriendlyName()); + + } else { + + String target = getTarget(); + + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) + dbOA.setTarget(target + "-" + getTarget_subsector()); + else + dbOA.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + + } + + } else { + + if (MiscUtil.isNotEmpty(getTarget())) { + + String target = getTarget(); + + if (MiscUtil.isNotEmpty(getTarget_subsector()) && subTargetSet) + dbOA.setTarget(target + "-" + getTarget_subsector()); + + else + dbOA.setTarget(target); + + String targetname = TargetValidator.getTargetFriendlyName(target); + if (MiscUtil.isNotEmpty(targetname)) dbOA.setTargetFriendlyName(targetname); + + } + } + } + return null; + } + + /** + * @return + */ + private boolean isBusinessService(OnlineApplication dbOA) { + if (dbOA.getType().equals(Constants.MOA_CONFIG_BUSINESSSERVICE)) + return true; + else + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest) + */ + @Override + public List<String> validate(OAGeneralConfig general, + AuthenticatedUser authUser, HttpServletRequest request) { + return new OATargetConfigValidation().validate(this, authUser.isAdmin(), general, request); + } + + public String getTarget() { + return target; + } + + public void setTarget(String target) { + this.target = target; + } + + public String getTargetFriendlyName() { + return targetFriendlyName; + } + + public void setTargetFriendlyName(String targetFriendlyName) { + this.targetFriendlyName = targetFriendlyName; + } + + public String getIdentificationNumber() { + return identificationNumber; + } + + public void setIdentificationNumber(String identificationNumber) { + this.identificationNumber = identificationNumber; + } + + public String getIdentificationType() { + return identificationType; + } + + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * @return the target_subsector + */ + public String getTarget_subsector() { + return target_subsector; + } + + + /** + * @param target_subsector the target_subsector to set + */ + public void setTarget_subsector(String target_subsector) { + this.target_subsector = target_subsector; + } + + + /** + * @return the target_admin + */ + public String getTarget_admin() { + return target_admin; + } + + + /** + * @param target_admin the target_admin to set + */ + public void setTarget_admin(String target_admin) { + this.target_admin = target_admin; + } + + + /** + * @return the targetList + */ + public List<String> getTargetList() { + return targetList; + } + + + /** + * @return the identificationTypeList + */ + public List<String> getIdentificationTypeList() { + return identificationTypeList; + } + + + /** + * @return the isAdminTarget + */ + public boolean isAdminTarget() { + return isAdminTarget; + } + + + /** + * @param isAdminTarget the isAdminTarget to set + */ + public void setAdminTarget(boolean isAdminTarget) { + this.isAdminTarget = isAdminTarget; + } + + /** + * @return the deaktivededBusinessService + */ + public boolean isDeaktivededBusinessService() { + return deaktivededBusinessService; + } + + + /** + * @param deaktivededBusinessService the deaktivededBusinessService to set + */ + public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { + this.deaktivededBusinessService = deaktivededBusinessService; + } +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java new file mode 100644 index 000000000..0bca3be0d --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/exception/BasicOAActionException.java @@ -0,0 +1,61 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.exception; + +/** + * @author tlenz + * + */ +public class BasicOAActionException extends Exception { + + private String strutsError; + private String strutsReturnValue; + + private static final long serialVersionUID = -7989218660771842780L; + + /** + * + */ + public BasicOAActionException(String strutsError, String strutsReturnValue) { + this.strutsError = strutsError; + this.strutsReturnValue = strutsReturnValue; + } + + /** + * @return the strutsError + */ + public String getStrutsError() { + return strutsError; + } + + /** + * @return the strutsReturnValue + */ + public String getStrutsReturnValue() { + return strutsReturnValue; + } + + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java index 0d52234bc..190773bf0 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java @@ -150,7 +150,7 @@ public class AuthenticationFilter implements Filter{ if (authuser == null) { - authuser = new AuthenticatedUser(0, "Max", "TestUser", null, "maxtestuser", true, true, false, false); + authuser = AuthenticatedUser.generateDefaultUser(); //authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false); httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java index d3a9ffcd4..24ee653f3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java @@ -29,26 +29,53 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType; public class FormDataHelper { - public static ArrayList<OAListElement> addFormOAs(List<OnlineApplication> dbOAs) { + public static ArrayList<OAListElement> populateFormWithInderfederationIDPs(List<OnlineApplication> dbOAs) { ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); for (OnlineApplication dboa : dbOAs) { - OAListElement listoa = new OAListElement(); - listoa.setActive(dboa.isIsActive()); - listoa.setDataBaseID(dboa.getHjid()); - listoa.setOaFriendlyName(dboa.getFriendlyName()); - listoa.setOaIdentifier(dboa.getPublicURLPrefix()); - listoa.setOaType(dboa.getType()); - formOAs.add(listoa); - } + + if (dboa.isIsInterfederationIDP()!= null && dboa.isIsInterfederationIDP()) + formOAs.add(addOAFormListElement(dboa, ServiceType.IDP)); + + else if (dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()) + formOAs.add(addOAFormListElement(dboa, ServiceType.VIDP)); + } + return formOAs; + } + + public static ArrayList<OAListElement> populateFormWithOAs(List<OnlineApplication> dbOAs) { + ArrayList<OAListElement> formOAs = new ArrayList<OAListElement>(); + + for (OnlineApplication dboa : dbOAs) { + + if ( !((dboa.isIsInterfederationIDP() != null && dboa.isIsInterfederationIDP()) || + (dboa.getAuthComponentOA().getOASTORK() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && dboa.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { + formOAs.add(addOAFormListElement(dboa, ServiceType.OA)); + } + } return formOAs; } + private static OAListElement addOAFormListElement(OnlineApplication dboa, ServiceType type) { + OAListElement listoa = new OAListElement(type); + listoa.setActive(dboa.isIsActive()); + listoa.setDataBaseID(dboa.getHjid()); + listoa.setOaFriendlyName(dboa.getFriendlyName()); + listoa.setOaIdentifier(dboa.getPublicURLPrefix()); + listoa.setOaType(dboa.getType()); + return listoa; + } + public static ArrayList<AuthenticatedUser> addFormUsers(List<UserDatabase> dbuserlist) { ArrayList<AuthenticatedUser> userlist = new ArrayList<AuthenticatedUser>(); @@ -57,16 +84,9 @@ public class FormDataHelper { boolean ismandate = false; if (dbuser.isIsMandateUser() != null) ismandate = dbuser.isIsMandateUser(); - - - userlist.add(new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), + + userlist.add(new AuthenticatedUser(dbuser, dbuser.isIsActive(), - dbuser.isIsAdmin(), ismandate, false)); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java index 0aeed8cb5..caed3e469 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java @@ -27,6 +27,7 @@ import java.io.FileInputStream; import java.io.InputStream; import java.io.StringWriter; import java.io.UnsupportedEncodingException; +import java.net.URL; import java.text.SimpleDateFormat; import java.util.Date; import java.util.Properties; @@ -48,6 +49,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class MailHelper { @@ -67,7 +69,7 @@ public class MailHelper { ConfigurationProvider config = ConfigurationProvider.getInstance(); String templateurl = config.getMailUserAcountVerificationTemplate(); - String template = readTemplateFromURL(templateurl); + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); @@ -100,7 +102,7 @@ public class MailHelper { ConfigurationProvider config = ConfigurationProvider.getInstance(); String templateurl = config.getMailAdminTemplate(); - String template = readTemplateFromURL(templateurl); + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); template = template.replace(PATTERN_OPENOAS, String.valueOf(numOpenOAs)); template = template.replace(PATTERN_OPENUSERS, String.valueOf(numOpenUsers)); @@ -115,7 +117,7 @@ public class MailHelper { ConfigurationProvider config = ConfigurationProvider.getInstance(); String templateurl = config.getMailUserAcountActivationTemplate(); - String template = readTemplateFromURL(templateurl); + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); if (MiscUtil.isNotEmpty(institut)) { template = template.replace(PATTERN_GIVENNAME, institut); template = template.replace(PATTERN_FAMILYNAME, ""); @@ -143,7 +145,7 @@ public class MailHelper { ConfigurationProvider config = ConfigurationProvider.getInstance(); String templateurl = config.getMailOAActivationTemplate(); - String template = readTemplateFromURL(templateurl); + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); if (MiscUtil.isNotEmpty(institut)) { template = template.replace(PATTERN_GIVENNAME, institut); template = template.replace(PATTERN_FAMILYNAME, ""); @@ -172,7 +174,7 @@ public class MailHelper { ConfigurationProvider config = ConfigurationProvider.getInstance(); String templateurl = config.getMailUserAcountRevocationTemplate(); - String template = readTemplateFromURL(templateurl); + String template = readTemplateFromURL(templateurl, config.getConfigRootDir()); if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { template = template.replace(PATTERN_GIVENNAME, userdb.getInstitut()); @@ -190,11 +192,12 @@ public class MailHelper { userdb.getMail(), template); } - private static String readTemplateFromURL(String templateurl) throws ConfigurationException { + private static String readTemplateFromURL(String templateurl, String rootDir) throws ConfigurationException { InputStream input; try { - File file = new File(templateurl); - input = new FileInputStream(file); + + URL keystoreURL = new URL(FileUtils.makeAbsoluteURL(templateurl, rootDir)); + input = keystoreURL.openStream(); StringWriter writer = new StringWriter(); IOUtils.copy(input, writer); input.close(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java index 67bd13dd2..9630bc232 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicAction.java @@ -54,6 +54,7 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, protected ConfigurationProvider configuration = null; protected AuthenticatedUser authUser = null; protected HttpSession session = null; + protected String formID; protected void populateBasicInformations() throws BasicActionException { try { @@ -101,6 +102,19 @@ public class BasicAction extends ActionSupport implements ServletRequestAware, } + /** + * @return the formID + */ + public String getFormID() { + return formID; + } + + /** + * @param formID the formID to set + */ + public void setFormID(String formID) { + this.formID = formID; + } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java new file mode 100644 index 000000000..43954828c --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/BasicOAAction.java @@ -0,0 +1,452 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.ArrayList; +import java.util.Date; +import java.util.LinkedHashMap; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.helper.MailHelper; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class BasicOAAction extends BasicAction { + + private static final long serialVersionUID = 5676123696807646246L; + private final Logger log = Logger.getLogger(BasicOAAction.class); + + protected LinkedHashMap<String, IOnlineApplicationData> formList; + protected long oaid = -1; + + private String oaidobj; + private boolean newOA; + private boolean isMetaDataRefreshRequired = false; + + /** + * + */ + public BasicOAAction() { + formList = new LinkedHashMap<String, IOnlineApplicationData>(); + + OAGeneralConfig generalOA = new OAGeneralConfig(); + formList.put(generalOA.getName(), generalOA); + + } + + protected OnlineApplication populateOnlineApplicationFromRequest() throws BasicOAActionException{ + if (!ValidationHelper.validateOAID(oaidobj)) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + + } + oaid = Long.valueOf(oaidobj); + + UserDatabase userdb = null; + OnlineApplication onlineapplication = null; + + if (authUser.isAdmin()) + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + + else { + userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + // TODO: change to direct Database operation + List<OnlineApplication> oas = userdb.getOnlineApplication(); + for (OnlineApplication oa : oas) { + if (oa.getHjid() == oaid) { + onlineapplication = oa; + break; + } + } + if (onlineapplication == null) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } + + return onlineapplication; + + } + + protected void populateBasicNewOnlineApplicationInformation() { + session.setAttribute(Constants.SESSION_OAID, null); + + setNewOA(true); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); + } + + protected OnlineApplication postProcessSaveOnlineApplication(OnlineApplication onlineapplication ) throws BasicOAActionException { + if (onlineapplication == null) { + onlineapplication = new OnlineApplication(); + onlineapplication.setIsNew(true); + onlineapplication.setIsActive(false); + + if (!authUser.isAdmin()) { + onlineapplication.setIsAdminRequired(true); + + } else + isMetaDataRefreshRequired = true; + + } else { + onlineapplication.setIsNew(false); + if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(getGeneralOA().getIdentifier())) { + + onlineapplication.setIsAdminRequired(true); + onlineapplication.setIsActive(false); + log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); + } + + } + + if ((onlineapplication.isIsAdminRequired() == null) + || (authUser.isAdmin() && getGeneralOA().isActive() && onlineapplication.isIsAdminRequired())) { + + onlineapplication.setIsAdminRequired(false); + isMetaDataRefreshRequired = true; + + UserDatabase userdb = null; + if (onlineapplication.getHjid() != null) + userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); + + if (userdb != null && !userdb.isIsAdmin()) { + try { + MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), + userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); + } catch (ConfigurationException e) { + log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); + } + } + } + + //save OA configuration + String error = saveOAConfigToDatabase(onlineapplication); + if (MiscUtil.isNotEmpty(error)) { + log.warn("OA configuration can not be stored!"); + addActionError(error); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException(error, Constants.STRUTS_ERROR_VALIDATION); + } + + //set metadata reload flag if reload is required + + if (getPvp2OA() != null && getPvp2OA().getMetaDataURL() != null) { + + try { + if (isMetaDataRefreshRequired + || !getPvp2OA().getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) + || getPvp2OA().getFileUpload() != null + || getPvp2OA().isReLoad()) { + + log.debug("Set PVP2 Metadata refresh flag."); + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + } + + return onlineapplication; + } + + protected OnlineApplication preProcessSaveOnlineApplication() throws BasicOAActionException { + try { + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + } else { + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + } + + OnlineApplication onlineapplication = null; + + Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); + Long oaid = (long) -1; + + if (oadbid != null) { + try { + oaid = (Long) oadbid; + if (oaid < 0 || oaid > Long.MAX_VALUE) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + + } catch (Throwable t) { + throw new BasicOAActionException( + LanguageHelper.getErrorString("errors.edit.oa.oaid", request), + Constants.STRUTS_ERROR); + } + } + + // valid DBID and check entry + OAGeneralConfig oaGeneralForm = ((OAGeneralConfig)formList.get(new OAGeneralConfig().getName())); + String oaidentifier = oaGeneralForm.getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (!ValidationHelper.validateURL(oaidentifier)) { + log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + + if (oaid == -1) { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + setNewOA(true); + if (onlineapplication != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), + Constants.STRUTS_ERROR_VALIDATION); + + } + + } else { + onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); + if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { + + if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { + log.info("The OAIdentifier is not unique"); + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request), + Constants.STRUTS_ERROR_VALIDATION); + + } + } + } + } + } + + return onlineapplication; + + } catch (BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + + } + + protected String preProcessDeleteOnlineApplication() throws BasicOAActionException { + try { + Object formidobj = session.getAttribute(Constants.SESSION_FORMID); + if (formidobj != null && formidobj instanceof String) { + String formid = (String) formidobj; + if (!formid.equals(formID)) { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + + } + } else { + log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID()); + throw new BasicOAActionException( + "FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() + + authUser.getGivenName() + authUser.getUserID(), + Constants.STRUTS_ERROR); + } + session.setAttribute(Constants.SESSION_FORMID, null); + + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { + log.info("Online-Applikation managemant disabled. Mail address is not verified."); + throw new BasicOAActionException( + LanguageHelper.getErrorString("error.editoa.mailverification", request), + Constants.STRUTS_SUCCESS); + + } + + String oaidentifier = getGeneralOA().getIdentifier(); + if (MiscUtil.isEmpty(oaidentifier)) { + log.info("Empty OA identifier"); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request), + Constants.STRUTS_ERROR_VALIDATION); + + } else { + if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw new BasicOAActionException( + LanguageHelper.getErrorString("validation.general.oaidentifier.valid", + new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request), + Constants.STRUTS_ERROR_VALIDATION); + } + } + + return oaidentifier; + + } catch (BasicOAActionException e) { + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + + throw e; + } + } + + private String saveOAConfigToDatabase(OnlineApplication dboa) { + + for (IOnlineApplicationData form : formList.values()) + form.store(dboa, authUser, request); + + try { + if (dboa.isIsNew()) { + ConfigurationDBUtils.save(dboa); + + if (!authUser.isAdmin()) { + UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); + + List<OnlineApplication> useroas = user.getOnlineApplication(); + if (useroas == null) useroas = new ArrayList<OnlineApplication>(); + + useroas.add(dboa); + ConfigurationDBUtils.saveOrUpdate(user); + } + } else + ConfigurationDBUtils.saveOrUpdate(dboa); + + } catch (MOADatabaseException e) { + log.warn("Online-Application can not be stored.", e); + return LanguageHelper.getErrorString("error.db.oa.store", request); + } + + return null; + } + + /** + * @param oaidobj the oaidobj to set + */ + public void setOaidobj(String oaidobj) { + this.oaidobj = oaidobj; + } + + /** + * @return the newOA + */ + public boolean isNewOA() { + return newOA; + } + + /** + * @param newOA the newOA to set + */ + public void setNewOA(boolean newOA) { + this.newOA = newOA; + } + + public OAGeneralConfig getGeneralOA() { + return (OAGeneralConfig) formList.get(new OAGeneralConfig().getName()); + } + + public void setGeneralOA(OAGeneralConfig generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + + public OAPVP2Config getPvp2OA() { + return (OAPVP2Config) formList.get(new OAPVP2Config().getName()); + } + + public void setPvp2OA(OAPVP2Config pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java index cb3a2a1ff..0a308a354 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java @@ -65,6 +65,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TrustAnchor; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock; import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; @@ -72,7 +73,6 @@ import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.MOAConfigValidator; import at.gv.egovernment.moa.id.configuration.validation.moaconfig.StorkConfigValidator; import at.gv.egovernment.moa.id.util.Random; @@ -165,13 +165,31 @@ public class EditGeneralConfigAction extends BasicAction { log.info("General MOA-ID configuration has some errors."); for (String el : errors) addActionError(el); + + if (moaconfig.getSecLayerTransformation() != null) { + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, moaconfig.getSecLayerTransformation()); + } formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + if (moaconfig.getSecLayerTransformation() == null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) != null && + session.getAttribute(Constants.SESSION_SLTRANSFORMATION) instanceof Map<?, ?> ) { + moaconfig.setSecLayerTransformation((Map<String, byte[]>) + session.getAttribute(Constants.SESSION_SLTRANSFORMATION)); + + } } + + String error = saveFormToDatabase(); + + session.setAttribute(Constants.SESSION_SLTRANSFORMATION, null); if (error != null) { log.warn("General MOA-ID config can not be stored in Database"); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java index cc2cf3bf0..e15d1e958 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java @@ -28,147 +28,103 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.*; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.data.oa.*; import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; +import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.configuration.helper.StringHelper; -import at.gv.egovernment.moa.id.configuration.validation.FormularCustomizationValitator; -import at.gv.egovernment.moa.id.configuration.validation.TargetValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.id.configuration.validation.oa.*; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; -import com.opensymphony.xwork2.ActionSupport; import iaik.utils.URLDecoder; import org.apache.log4j.Logger; -import org.apache.struts2.interceptor.ServletRequestAware; -import org.apache.struts2.interceptor.ServletResponseAware; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import java.io.*; -import java.math.BigInteger; -import java.security.cert.CertificateException; import java.util.*; -public class EditOAAction extends BasicAction { +public class EditOAAction extends BasicOAAction { private final Logger log = Logger.getLogger(EditOAAction.class); private static final long serialVersionUID = 1L; - - private String oaidobj; - private boolean newOA; - private String formID; - - private boolean onlyBusinessService = false; - private boolean subTargetSet = false; - private boolean deaktivededBusinessService = false; - private boolean isMetaDataRefreshRequired = false; - + private String nextPage; - - private OAGeneralConfig generalOA = new OAGeneralConfig(); - private OAPVP2Config pvp2OA = new OAPVP2Config(); - private OASAML1Config saml1OA = new OASAML1Config(); - private OASSOConfig ssoOA = new OASSOConfig(); - private OAOAuth20Config oauth20OA = new OAOAuth20Config(); - private OASTORKConfig storkOA = new OASTORKConfig(); - private FormularCustomization formOA = new FormularCustomization(); - private InputStream stream; - - private Map<String, byte[]> sendAssertionForm = new HashMap<String, byte[]>(); - private Map<String, byte[]> bkuSelectionForm = new HashMap<String, byte[]>(); + + public EditOAAction() { + super(); + + OATargetConfiguration oaTarget = new OATargetConfiguration(); + formList.put(oaTarget.getName(), oaTarget); + + OAAuthenticationData authOA = new OAAuthenticationData(); + formList.put(authOA.getName(), authOA); + + OASSOConfig ssoOA = new OASSOConfig(); + formList.put(ssoOA.getName(), ssoOA); + + OASAML1Config saml1OA = new OASAML1Config(); + formList.put(saml1OA.getName(), saml1OA); + + OAPVP2Config pvp2OA = new OAPVP2Config(); + formList.put(pvp2OA.getName(), pvp2OA); + + OAOAuth20Config oauth20OA = new OAOAuth20Config(); + formList.put(oauth20OA.getName(), oauth20OA); + + OASTORKConfig storkOA = new OASTORKConfig(); + formList.put(storkOA.getName(), storkOA); + + Map<String, String> map = new HashMap<String, String>(); + map.putAll(FormBuildUtils.getDefaultMap()); + FormularCustomization formOA = new FormularCustomization(map); + formList.put(formOA.getName(), formOA); + + } + // STRUTS actions public String inital() { try { populateBasicInformations(); + + OnlineApplication onlineapplication = populateOnlineApplicationFromRequest(); + if (onlineapplication == null) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + return Constants.STRUTS_SUCCESS; + } + + List<String> errors = new ArrayList<String>(); + for (IOnlineApplicationData form : formList.values()) { + List<String> error = form.parse(onlineapplication, authUser, request); + if (error != null) + errors.addAll(error); + } + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + setNewOA(false); + + ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + + return Constants.STRUTS_OA_EDIT; + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); } - - long oaid = -1; - - if (!ValidationHelper.validateOAID(oaidobj)) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - oaid = Long.valueOf(oaidobj); - - UserDatabase userdb = null; - OnlineApplication onlineapplication = null; - - if (authUser.isAdmin()) - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - - else { - userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - // TODO: change to direct Database operation - List<OnlineApplication> oas = userdb.getOnlineApplication(); - for (OnlineApplication oa : oas) { - if (oa.getHjid() == oaid) { - onlineapplication = oa; - break; - } - } - if (onlineapplication == null) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - generalOA.parse(onlineapplication); - ssoOA.parse(onlineapplication); - saml1OA.parse(onlineapplication); - oauth20OA.parse(onlineapplication, request); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - - storkOA.parse(onlineapplication); - - Map<String, String> map = new HashMap<String, String>(); - map.putAll(FormBuildUtils.getDefaultMap()); - formOA.parse(onlineapplication, map); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, map); - - List<String> errors = pvp2OA.parse(onlineapplication, request); - - if (errors.size() > 0) { - for (String el : errors) - addActionError(el); - } - - subTargetSet = MiscUtil.isNotEmpty(generalOA.getTarget_subsector()); - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - ConfigurationDBUtils.closeSession(); - session.setAttribute(Constants.SESSION_OAID, oaid); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - newOA = false; - - return Constants.STRUTS_OA_EDIT; } public String newOA() { @@ -177,14 +133,19 @@ public class EditOAAction extends BasicAction { try { populateBasicInformations(); + populateBasicNewOnlineApplicationInformation(); + + // prepare attribute helper list + ArrayList<AttributeHelper> attributes = new ArrayList<AttributeHelper>(); + for(StorkAttribute current : ConfigurationDBRead.getMOAIDConfiguration().getAuthComponentGeneral().getForeignIdentities().getSTORK().getAttributes()) + attributes.add(new AttributeHelper(current)); + getStorkOA().setHelperAttributes(attributes); + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; } - - session.setAttribute(Constants.SESSION_OAID, null); - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - + UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { @@ -193,183 +154,45 @@ public class EditOAAction extends BasicAction { return Constants.STRUTS_SUCCESS; } - MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration(); - if (moaidconfig != null) { - DefaultBKUs defaultbkus = moaidconfig.getDefaultBKUs(); - if (defaultbkus != null) { - generalOA.setBkuHandyURL(defaultbkus.getHandyBKU()); - generalOA.setBkuLocalURL(defaultbkus.getLocalBKU()); - generalOA.setBkuOnlineURL(defaultbkus.getOnlineBKU()); - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - ConfigurationDBUtils.closeSession(); - - //VIDP attribute provider configuration - storkOA = new OASTORKConfig(); - storkOA.getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + session.setAttribute(Constants.SESSION_OAUTH20SECRET, ((OAOAuth20Config)formList.get(new OAOAuth20Config().getName())).getClientSecret()); + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - newOA = true; - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - - session.setAttribute(Constants.SESSION_BKUFORMPREVIEW, null); - - this.oauth20OA.generateClientSecret(); - session.setAttribute(Constants.SESSION_OAUTH20SECRET, this.oauth20OA.getClientSecret()); - return Constants.STRUTS_OA_EDIT; } public String saveOA() { + + OnlineApplication onlineapplication= null; + try { populateBasicInformations(); + onlineapplication = preProcessSaveOnlineApplication(); + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - OnlineApplication onlineapplication = null; List<String> errors = new ArrayList<String>(); - - Object oadbid = request.getSession().getAttribute(Constants.SESSION_OAID); - Long oaid = (long) -1; - - if (oadbid != null) { - try { - oaid = (Long) oadbid; - if (oaid < 0 || oaid > Long.MAX_VALUE) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - - } catch (Throwable t) { - addActionError(LanguageHelper.getErrorString("errors.edit.oa.oaid", request)); - return Constants.STRUTS_ERROR; - } - } - - // valid DBID and check entry - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request)); - - } else { - - if (!ValidationHelper.validateURL(oaidentifier)) { - log.warn("OnlineapplikationIdentifier is not a valid URL: " + oaidentifier); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request)); - } else { - - if (oaid == -1) { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); - newOA = true; - if (onlineapplication != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request)); - } - - } else { - onlineapplication = ConfigurationDBRead.getOnlineApplication(oaid); - if (!oaidentifier.equals(onlineapplication.getPublicURLPrefix())) { - - if (ConfigurationDBRead.getOnlineApplication(oaidentifier) != null) { - log.info("The OAIdentifier is not unique"); - errors.add(LanguageHelper.getErrorString("validation.general.oaidentifier.notunique", request)); - } - } - } - } - } - - // set UserSpezific OA Parameters - if (!authUser.isAdmin()) generateUserSpecificConfigurationOptions(userdb); - - // check form - OAGeneralConfigValidation validatior_general = new OAGeneralConfigValidation(); - OAPVP2ConfigValidation validatior_pvp2 = new OAPVP2ConfigValidation(); - OASAML1ConfigValidation validatior_saml1 = new OASAML1ConfigValidation(); - OASSOConfigValidation validatior_sso = new OASSOConfigValidation(); - OASTORKConfigValidation validator_stork = new OASTORKConfigValidation(); - FormularCustomizationValitator validator_form = new FormularCustomizationValitator(); - OAOAUTH20ConfigValidation validatior_oauth20 = new OAOAUTH20ConfigValidation(); - OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation(); - - errors.addAll(validatior_general.validate(generalOA, authUser.isAdmin(), request)); - errors.addAll(validatior_pvp2.validate(pvp2OA, request)); - errors.addAll(validatior_saml1.validate(saml1OA, generalOA, request)); - errors.addAll(validatior_sso.validate(ssoOA, authUser.isAdmin(), request)); - errors.addAll(validator_stork.validate(storkOA, request)); - errors.addAll(validator_form.validate(formOA, request)); - errors.addAll(validatior_oauth20.validate(oauth20OA, request)); - - //validate BKU-selection template - List<String> templateError = valiator_fileUpload.validate(generalOA.getBkuSelectionFileUploadFileName() - , generalOA.getBkuSelectionFileUpload(), "validation.general.bkuselection", bkuSelectionForm, request); - if (templateError != null && templateError.size() == 0) { - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) - session.setAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE, bkuSelectionForm); - - else - bkuSelectionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BKUSELECTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - - //validate send-assertion template - templateError = valiator_fileUpload.validate(generalOA.getSendAssertionFileUploadFileName() - , generalOA.getSendAssertionFileUpload(), "validation.general.sendassertion", sendAssertionForm, request); - if (templateError != null && templateError.size() == 0) { - if (sendAssertionForm != null && sendAssertionForm.size() > 0) - session.setAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE, sendAssertionForm); - - else - sendAssertionForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_SENDASSERTIONTEMPLATE); - - } else { - errors.addAll(templateError); - - } - + + //validate forms + for (IOnlineApplicationData form : formList.values()) + errors.addAll(form.validate(getGeneralOA(), authUser, request)); // Do not allow SSO in combination with special BKUSelection features - if (ssoOA.isUseSSO() && (formOA.isOnlyMandateAllowed() || !formOA.isShowMandateLoginButton())) { + if (getSsoOA().isUseSSO() && (getFormOA().isOnlyMandateAllowed() || !getFormOA().isShowMandateLoginButton())) { log.warn("Special BKUSelection features can not be used in combination with SSO"); errors.add(LanguageHelper.getErrorString("validation.general.bkuselection.specialfeatures.valid", request)); } if (errors.size() > 0) { - log.info("OAConfiguration with ID " + generalOA.getIdentifier() + " has some errors."); + log.info("OAConfiguration with ID " + getGeneralOA().getIdentifier() + " has some errors."); for (String el : errors) addActionError(el); @@ -378,80 +201,14 @@ public class EditOAAction extends BasicAction { return Constants.STRUTS_ERROR_VALIDATION; } else { - - boolean newentry = false; - - if (onlineapplication == null) { - onlineapplication = new OnlineApplication(); - newentry = true; - onlineapplication.setIsActive(false); - - if (!authUser.isAdmin()) { - onlineapplication.setIsAdminRequired(true); - - } else - isMetaDataRefreshRequired = true; - - } else { - if (!authUser.isAdmin() && !onlineapplication.getPublicURLPrefix().equals(generalOA.getIdentifier())) { - - onlineapplication.setIsAdminRequired(true); - onlineapplication.setIsActive(false); - log.info("User with ID " + authUser.getUserID() + " change OA-PublicURLPrefix. Reaktivation is required."); - } - - } - - if ((onlineapplication.isIsAdminRequired() == null) - || (authUser.isAdmin() && generalOA.isActive() && onlineapplication.isIsAdminRequired())) { - - onlineapplication.setIsAdminRequired(false); - isMetaDataRefreshRequired = true; - - if (onlineapplication.getHjid() != null) - userdb = ConfigurationDBRead.getUsersWithOADBID(onlineapplication.getHjid()); - - if (userdb != null && !userdb.isIsAdmin()) { - try { - MailHelper.sendUserOnlineApplicationActivationMail(userdb.getGivenname(), userdb.getFamilyname(), - userdb.getInstitut(), onlineapplication.getPublicURLPrefix(), userdb.getMail()); - } catch (ConfigurationException e) { - log.warn("Sending Mail to User " + userdb.getMail() + " failed", e); - } - } - } - - //save OA configuration - String error = saveOAConfigToDatabase(onlineapplication, newentry); - if (MiscUtil.isNotEmpty(error)) { - log.warn("OA configuration can not be stored!"); - addActionError(error); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - - //set metadata reload flag if reload is required - if (pvp2OA.getMetaDataURL() != null) { - - try { - if (isMetaDataRefreshRequired - || !pvp2OA.getMetaDataURL().equals(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL()) - || pvp2OA.getFileUpload() != null - || pvp2OA.isReLoad()) { - - log.debug("Set PVP2 Metadata refresh flag."); - MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); - moaconfig.setPvp2RefreshItem(new Date()); - ConfigurationDBUtils.saveOrUpdate(moaconfig); - - } - } catch (Throwable e) { - log.info("Found no MetadataURL in OA-Databaseconfig!", e); - } - - } + try { + onlineapplication = postProcessSaveOnlineApplication(onlineapplication); + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } + } Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); @@ -474,7 +231,7 @@ public class EditOAAction extends BasicAction { if (openUsers != null) numusers = openUsers.size(); try { - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success.admin", getGeneralOA().getIdentifier(), request)); if (numusers > 0 || numoas > 0) MailHelper.sendAdminMail(numoas, numusers); @@ -483,7 +240,7 @@ public class EditOAAction extends BasicAction { } } else - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.success", getGeneralOA().getIdentifier(), request)); //remove session attributes session.setAttribute(Constants.SESSION_OAID, null); @@ -514,7 +271,7 @@ public class EditOAAction extends BasicAction { session.setAttribute(Constants.SESSION_OAID, null); - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.cancle", getGeneralOA().getIdentifier(), request)); ConfigurationDBUtils.closeSession(); @@ -522,65 +279,30 @@ public class EditOAAction extends BasicAction { } public String deleteOA() { + String oaidentifier = null; try { populateBasicInformations(); + + Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); + if (nextPageAttr != null && nextPageAttr instanceof String) { + nextPage = (String) nextPageAttr; + + } else { + nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); + } + + oaidentifier = preProcessDeleteOnlineApplication(); + } catch (BasicActionException e) { return Constants.STRUTS_ERROR; + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + } - Object formidobj = session.getAttribute(Constants.SESSION_FORMID); - if (formidobj != null && formidobj instanceof String) { - String formid = (String) formidobj; - if (!formid.equals(formID)) { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - } else { - log.warn("FormIDs does not match. Some suspect Form is received from user " + authUser.getFamilyName() - + authUser.getGivenName() + authUser.getUserID()); - return Constants.STRUTS_ERROR; - } - session.setAttribute(Constants.SESSION_FORMID, null); - - Object nextPageAttr = session.getAttribute(Constants.SESSION_RETURNAREA); - if (nextPageAttr != null && nextPageAttr instanceof String) { - nextPage = (String) nextPageAttr; - - } else { - nextPage = Constants.STRUTS_RETURNAREA_VALUES.main.name(); - } - - UserDatabase userdb = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - if (!authUser.isAdmin() && userdb.isIsMailAddressVerified() != null && !userdb.isIsMailAddressVerified()) { - log.info("Online-Applikation managemant disabled. Mail address is not verified."); - addActionError(LanguageHelper.getErrorString("error.editoa.mailverification", request)); - return Constants.STRUTS_SUCCESS; - } - - String oaidentifier = generalOA.getIdentifier(); - if (MiscUtil.isEmpty(oaidentifier)) { - log.info("Empty OA identifier"); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.empty", request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - - } else { - if (ValidationHelper.isValidOAIdentifier(oaidentifier)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + oaidentifier); - addActionError(LanguageHelper.getErrorString("validation.general.oaidentifier.valid", - new Object[]{ValidationHelper.getNotValidOAIdentifierCharacters()}, request)); - - formID = Random.nextRandom(); - session.setAttribute(Constants.SESSION_FORMID, formID); - return Constants.STRUTS_ERROR_VALIDATION; - } - } - OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); request.getSession().setAttribute(Constants.SESSION_OAID, null); @@ -620,13 +342,13 @@ public class EditOAAction extends BasicAction { ConfigurationDBUtils.closeSession(); - addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", generalOA.getIdentifier(), request)); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request)); return Constants.STRUTS_SUCCESS; } else { ConfigurationDBUtils.closeSession(); - addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", generalOA.getIdentifier(), request)); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); return Constants.STRUTS_SUCCESS; } @@ -711,467 +433,37 @@ public class EditOAAction extends BasicAction { return Constants.STRUTS_SUCCESS; } - - private String saveOAConfigToDatabase(OnlineApplication dboa, boolean newentry) { - - AuthComponentOA authoa = dboa.getAuthComponentOA(); - if (authoa == null) { - authoa = new AuthComponentOA(); - dboa.setAuthComponentOA(authoa); - } - - if (authUser.isAdmin()) dboa.setIsActive(generalOA.isActive()); - - dboa.setFriendlyName(generalOA.getFriendlyName()); - dboa.setCalculateHPI(generalOA.isCalculateHPI()); - dboa.setRemoveBPKFromAuthBlock(generalOA.isHideBPKAuthBlock()); - - if (authUser.isAdmin()) - dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(generalOA.getKeyBoxIdentifier())); - else { - if (newentry) dboa.setKeyBoxIdentifier(MOAKeyBoxSelector.SECURE_SIGNATURE_KEYPAIR); - } - - dboa.setPublicURLPrefix(generalOA.getIdentifier()); - - if (generalOA.isBusinessService() || onlyBusinessService) { - - dboa.setType(Constants.MOA_CONFIG_BUSINESSSERVICE); - - String num = generalOA.getIdentificationNumber().replaceAll(" ", ""); - if (num.startsWith(Constants.IDENIFICATIONTYPE_FN)) { - num = num.substring(Constants.IDENIFICATIONTYPE_FN.length()); - - num = at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(num); - - // num = StringUtils.leftPad(num, 7, '0'); - } - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ZVR)) - num = num.substring(Constants.IDENIFICATIONTYPE_ZVR.length()); - - if (num.startsWith(Constants.IDENIFICATIONTYPE_ERSB)) - num = num.substring(Constants.IDENIFICATIONTYPE_ERSB.length()); - - IdentificationNumber idnumber = new IdentificationNumber(); - - if (generalOA.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_STORK)) { - idnumber.setValue(Constants.PREFIX_STORK + "AT" + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); - } else { - idnumber.setValue(Constants.PREFIX_WPBK + generalOA.getIdentificationType() + "+" + num); - idnumber.setType(Constants.BUSINESSSERVICENAMES.get(generalOA.getIdentificationType())); - } - - - authoa.setIdentificationNumber(idnumber); - - } else { - dboa.setType(null); - - if (authUser.isAdmin()) { - if (MiscUtil.isNotEmpty(generalOA.getTarget_admin()) && generalOA.isAdminTarget()) { - dboa.setTarget(generalOA.getTarget_admin()); - dboa.setTargetFriendlyName(generalOA.getTargetFriendlyName()); - - } else { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - - } else { - - if (MiscUtil.isNotEmpty(generalOA.getTarget())) { - - String target = generalOA.getTarget(); - - if (MiscUtil.isNotEmpty(generalOA.getTarget_subsector()) && subTargetSet) - dboa.setTarget(target + "-" + generalOA.getTarget_subsector()); - - else - dboa.setTarget(target); - - String targetname = TargetValidator.getTargetFriendlyName(target); - if (MiscUtil.isNotEmpty(targetname)) dboa.setTargetFriendlyName(targetname); - - } - } - } - - //store BKU-URLs - BKUURLS bkuruls = new BKUURLS(); - authoa.setBKUURLS(bkuruls); - if (authUser.isAdmin()) { - bkuruls.setHandyBKU(generalOA.getBkuHandyURL()); - bkuruls.setLocalBKU(generalOA.getBkuLocalURL()); - bkuruls.setOnlineBKU(generalOA.getBkuOnlineURL()); - } - - TemplatesType templates = authoa.getTemplates(); - if (templates == null) { - templates = new TemplatesType(); - authoa.setTemplates(templates); - } - - //store BKU-selection and send-assertion templates - if (authUser.isAdmin()) { - - if (generalOA.isDeleteBKUTemplate()) - templates.setBKUSelectionTemplate(null); - - if (generalOA.isDeleteSendAssertionTemplate()) - templates.setSendAssertionTemplate(null); - - - if (bkuSelectionForm != null && bkuSelectionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator<String> interator = bkuSelectionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(bkuSelectionForm.get( - template.getFilename())); - - templates.setBKUSelectionTemplate(template); - } - - if (sendAssertionForm != null && sendAssertionForm.size() > 0) { - TransformsInfoType template = new TransformsInfoType(); - - Iterator<String> interator = sendAssertionForm.keySet().iterator(); - template.setFilename(interator.next()); - template.setTransformation(sendAssertionForm.get( - template.getFilename())); - - templates.setSendAssertionTemplate(template); - } - } - - - //store BKU-selection customization - BKUSelectionCustomizationType bkuselectioncustom = templates.getBKUSelectionCustomization(); - if (bkuselectioncustom == null) { - bkuselectioncustom = new BKUSelectionCustomizationType(); - templates.setBKUSelectionCustomization(bkuselectioncustom); - } - - Mandates mandates = new Mandates(); - if (generalOA.isUseMandates()) { - mandates.setProfiles(generalOA.getMandateProfiles()); - - } else { - mandates.setProfiles(new String()); - } - - authoa.setMandates(mandates); - bkuselectioncustom.setMandateLoginButton(MiscUtil.isNotEmpty(generalOA.getMandateProfiles())); - bkuselectioncustom.setOnlyMandateLoginAllowed(formOA.isOnlyMandateAllowed()); - - if (authUser.isAdmin()) { - templates.setAditionalAuthBlockText(generalOA.getAditionalAuthBlockText()); - - List<TemplateType> template = templates.getTemplate(); - if (generalOA.isLegacy()) { - - if (template == null) - template = new ArrayList<TemplateType>(); - else - template.clear(); - - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL1())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL1()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL2())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL2()); - template.add(el); - } else - template.add(new TemplateType()); - if (MiscUtil.isNotEmpty(generalOA.getSLTemplateURL3())) { - TemplateType el = new TemplateType(); - el.setURL(generalOA.getSLTemplateURL3()); - template.add(el); - } else - template.add(new TemplateType()); - - } else { - if (template != null && template.size() > 0) template.clear(); - } - - bkuselectioncustom.setBackGroundColor(parseColor(formOA.getBackGroundColor())); - bkuselectioncustom.setFrontColor(parseColor(formOA.getFrontColor())); - - bkuselectioncustom.setHeaderBackGroundColor(parseColor(formOA.getHeader_BackGroundColor())); - bkuselectioncustom.setHeaderFrontColor(parseColor(formOA.getHeader_FrontColor())); - bkuselectioncustom.setHeaderText(formOA.getHeader_text()); - - bkuselectioncustom.setButtonBackGroundColor(parseColor(formOA.getButton_BackGroundColor())); - bkuselectioncustom.setButtonBackGroundColorFocus(parseColor(formOA.getButton_BackGroundColorFocus())); - bkuselectioncustom.setButtonFontColor(parseColor(formOA.getButton_FrontColor())); - - if (MiscUtil.isNotEmpty(formOA.getAppletRedirectTarget())) - bkuselectioncustom.setAppletRedirectTarget(formOA.getAppletRedirectTarget()); - - bkuselectioncustom.setFontType(formOA.getFontType()); - - bkuselectioncustom.setAppletHeight(formOA.getApplet_height()); - bkuselectioncustom.setAppletWidth(formOA.getApplet_width()); - - } - - // set default transformation if it is empty - List<TransformsInfoType> transformsInfo = authoa.getTransformsInfo(); - if (transformsInfo == null) { - // TODO: set OA specific transformation if it is required - - } - - OAPVP2 pvp2 = authoa.getOAPVP2(); - if (pvp2 == null) { - pvp2 = new OAPVP2(); - authoa.setOAPVP2(pvp2); - } - - pvp2.setMetadataURL(pvp2OA.getMetaDataURL()); - try { - - if (pvp2OA.getFileUpload() != null) pvp2.setCertificate(pvp2OA.getCertificate()); - - } catch (CertificateException e) { - log.info("Uploaded Certificate can not be found", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request); - } catch (IOException e) { - log.info("Uploaded Certificate can not be parsed", e); - return LanguageHelper.getErrorString("validation.pvp2.certificate.format", request); - } - - OASAML1 saml1 = authoa.getOASAML1(); - if (saml1 == null) { - saml1 = new OASAML1(); - authoa.setOASAML1(saml1); - saml1.setIsActive(false); - } - - if (authUser.isAdmin()) { - saml1.setIsActive(saml1OA.isActive()); - } - - if (saml1.isIsActive() != null && saml1.isIsActive()) { - saml1.setProvideAUTHBlock(saml1OA.isProvideAuthBlock()); - saml1.setProvideCertificate(saml1OA.isProvideCertificate()); - saml1.setProvideFullMandatorData(saml1OA.isProvideFullMandateData()); - saml1.setProvideIdentityLink(saml1OA.isProvideIdentityLink()); - saml1.setProvideStammzahl(saml1OA.isProvideStammZahl()); - saml1.setUseCondition(saml1OA.isUseCondition()); - saml1.setConditionLength(BigInteger.valueOf(saml1OA.getConditionLength())); - // TODO: set sourceID - // saml1.setSourceID(""); - } - - OASSO sso = authoa.getOASSO(); - if (sso == null) { - sso = new OASSO(); - authoa.setOASSO(sso); - sso.setAuthDataFrame(true); - } - sso.setUseSSO(ssoOA.isUseSSO()); - - if (authUser.isAdmin()) sso.setAuthDataFrame(ssoOA.isShowAuthDataFrame()); - - sso.setSingleLogOutURL(ssoOA.getSingleLogOutURL()); - - if (oauth20OA != null) { - log.debug("Saving OAuth 2.0 configuration:"); - OAOAUTH20 oaOAuth20 = authoa.getOAOAUTH20(); - if (oaOAuth20 == null) { - oaOAuth20 = new OAOAUTH20(); - authoa.setOAOAUTH20(oaOAuth20); - } - - oaOAuth20.setOAuthClientId(generalOA.getIdentifier()); - // oaOAuth20.setOAuthClientSecret(oauth20OA.getClientSecret()); - oaOAuth20.setOAuthRedirectUri(oauth20OA.getRedirectUri()); - log.debug("client id: " + oauth20OA.getClientId()); - log.debug("client secret: " + oauth20OA.getClientSecret()); - log.debug("redirect uri:" + oauth20OA.getRedirectUri()); - - oaOAuth20.setOAuthClientSecret((String) request.getSession().getAttribute(Constants.SESSION_OAUTH20SECRET)); - request.getSession().setAttribute(Constants.SESSION_OAUTH20SECRET, null); - - } - - - // fetch stork configuration from database model - OASTORK stork = authoa.getOASTORK(); - if (stork == null) { - // if there is none, create a new one with default values. - stork = new OASTORK(); - authoa.setOASTORK(stork); - stork.setStorkLogonEnabled(false); - } - // transfer the incoming data to the database model - stork.setStorkLogonEnabled(storkOA.isStorkLogonEnabled()); - stork.setQaa(storkOA.getQaa()); - stork.setOAAttributes(storkOA.getAttributes()); - stork.setVidpEnabled(storkOA.isVidpEnabled()); - stork.setRequireConsent(storkOA.isRequireConsent()); - stork.setAttributeProviders(storkOA.getAttributeProviderPlugins()); - stork.setCPEPS(storkOA.getEnabledCPEPS()); - - try { - if (newentry) { - ConfigurationDBUtils.save(dboa); - - if (!authUser.isAdmin()) { - UserDatabase user = ConfigurationDBRead.getUserWithID(authUser.getUserID()); - - List<OnlineApplication> useroas = user.getOnlineApplication(); - if (useroas == null) useroas = new ArrayList<OnlineApplication>(); - - useroas.add(dboa); - ConfigurationDBUtils.saveOrUpdate(user); - } - } else - ConfigurationDBUtils.saveOrUpdate(dboa); - - } catch (MOADatabaseException e) { - log.warn("Online-Application can not be stored.", e); - return LanguageHelper.getErrorString("error.db.oa.store", request); - } - - return null; - } - - private String parseColor(String color) { - String value = ""; - - if (MiscUtil.isNotEmpty(color)) { - if (!color.startsWith("#")) - value = "#" + color; - else - value = color; - } - return value; - } - - private void generateUserSpecificConfigurationOptions(UserDatabase userdb) { - - if (userdb.isIsMandateUser() != null && userdb.isIsMandateUser()) { - String bpk = userdb.getBpk(); - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN) || bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_ZVR) || bpk.startsWith(Constants.IDENIFICATIONTYPE_STORK)) { - onlyBusinessService = true; - generalOA.setBusinessService(true); - } - - deaktivededBusinessService = true; - - String[] split = bpk.split("\\+"); - generalOA.setIdentificationType(split[1].substring(1)); - - if (bpk.startsWith(Constants.IDENIFICATIONTYPE_BASEID_FN)) - generalOA.setIdentificationNumber(at.gv.egovernment.moa.util.StringUtils.deleteLeadingZeros(split[2])); - else - generalOA.setIdentificationNumber(split[2]); - - } - - } - - public String setGeneralOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSAML1OAConfig() { - - return Constants.STRUTS_SUCCESS; + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); } - public String setPVP2OAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSSOOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public String setSTORKOAConfig() { - - return Constants.STRUTS_SUCCESS; - } - - public OAGeneralConfig getGeneralOA() { - return generalOA; - } - - public void setGeneralOA(OAGeneralConfig generalOA) { - this.generalOA = generalOA; - } - - public OAPVP2Config getPvp2OA() { - return pvp2OA; - } - - public void setPvp2OA(OAPVP2Config pvp2oa) { - pvp2OA = pvp2oa; + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); } public OASAML1Config getSaml1OA() { - return saml1OA; + return (OASAML1Config) formList.get(new OASAML1Config().getName()); } public void setSaml1OA(OASAML1Config saml1oa) { - saml1OA = saml1oa; + formList.put(saml1oa.getName(), saml1oa); } public OASSOConfig getSsoOA() { - return ssoOA; + return (OASSOConfig) formList.get(new OASSOConfig().getName()); } public void setSsoOA(OASSOConfig ssoOA) { - this.ssoOA = ssoOA; + formList.put(ssoOA.getName(), ssoOA); } public OASTORKConfig getStorkOA() { - return storkOA; + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); } public void setStorkOA(OASTORKConfig storkOA) { - this.storkOA = storkOA; - } - - /** - * @param oaidobj the oaidobj to set - */ - public void setOaidobj(String oaidobj) { - this.oaidobj = oaidobj; - } - - /** - * @return the newOA - */ - public boolean isNewOA() { - return newOA; - } - - /** - * @param newOA the newOA to set - */ - public void setNewOA(boolean newOA) { - this.newOA = newOA; + formList.put(storkOA.getName(), storkOA); } /** @@ -1182,75 +474,17 @@ public class EditOAAction extends BasicAction { } /** - * @return the formID - */ - public String getFormID() { - return formID; - } - - /** - * @param formID the formID to set - */ - public void setFormID(String formID) { - this.formID = formID; - } - - /** - * @return the onlyBusinessService - */ - public boolean isOnlyBusinessService() { - return onlyBusinessService; - } - - /** - * @param onlyBusinessService the onlyBusinessService to set - */ - public void setOnlyBusinessService(boolean onlyBusinessService) { - this.onlyBusinessService = onlyBusinessService; - } - - - /** - * @return the subTargetSet - */ - public boolean isSubTargetSet() { - return subTargetSet; - } - - /** - * @param subTargetSet the subTargetSet to set - */ - public void setSubTargetSet(boolean subTargetSet) { - this.subTargetSet = subTargetSet; - } - - /** - * @return the deaktivededBusinessService - */ - public boolean isDeaktivededBusinessService() { - return deaktivededBusinessService; - } - - - /** - * @param deaktivededBusinessService the deaktivededBusinessService to set - */ - public void setDeaktivededBusinessService(boolean deaktivededBusinessService) { - this.deaktivededBusinessService = deaktivededBusinessService; - } - - /** * @return the formOA */ public FormularCustomization getFormOA() { - return formOA; + return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); } /** * @param formOA the formOA to set */ public void setFormOA(FormularCustomization formOA) { - this.formOA = formOA; + formList.put(formOA.getName(), formOA); } /** @@ -1261,11 +495,25 @@ public class EditOAAction extends BasicAction { } public OAOAuth20Config getOauth20OA() { - return oauth20OA; + return (OAOAuth20Config) formList.get(new OAOAuth20Config().getName()); } public void setOauth20OA(OAOAuth20Config oauth20OA) { - this.oauth20OA = oauth20OA; + formList.put(oauth20OA.getName(), oauth20OA); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java index d04592aa3..e019b70bb 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java @@ -77,13 +77,12 @@ import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine; -import com.opensymphony.xwork2.ActionSupport; - import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; @@ -94,7 +93,6 @@ import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; @@ -215,14 +213,8 @@ public class IndexAction extends BasicAction { if (dbuser.isIsMandateUser() != null) ismandateuser = dbuser.isIsMandateUser(); - AuthenticatedUser authuser = new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), + AuthenticatedUser authuser = new AuthenticatedUser(dbuser, true, - dbuser.isIsAdmin(), ismandateuser, false); @@ -424,16 +416,7 @@ public class IndexAction extends BasicAction { user.setIsusernamepasswordallowed(false); user.setIsmandateuser(false); user.setPVPGenerated(true); - - authUser = new AuthenticatedUser(); - authUser.setAdmin(false); - authUser.setAuthenticated(false); - authUser.setLastLogin(null); - authUser.setUserID(-1); - authUser.setUserName(null); - authUser.setPVP2Login(true); - authUser.setMandateUser(false); - + //loop through the nodes to get what we want List<AttributeStatement> attributeStatements = saml2assertion.getAttributeStatements(); for (int i = 0; i < attributeStatements.size(); i++) @@ -445,26 +428,24 @@ public class IndexAction extends BasicAction { if (strAttributeName.equals(PVPConstants.PRINCIPAL_NAME_NAME)) { user.setFamilyName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); - authUser.setFamilyName(user.getFamilyName()); } if (strAttributeName.equals(PVPConstants.GIVEN_NAME_NAME)) { user.setGivenName(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); - authUser.setGivenName(user.getGivenName()); } if (strAttributeName.equals(PVPConstants.MANDATE_TYPE_NAME)) { - authUser.setMandateUser(true); user.setIsmandateuser(true); } if (strAttributeName.equals(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME)) { user.setInstitut(attributes.get(x).getAttributeValues().get(0).getDOM().getTextContent()); - authUser.setInstitute(user.getInstitut()); } } } + authUser = AuthenticatedUser.generateUserRequestUser(user); + //set Random value formID = Random.nextRandom(); session.setAttribute(Constants.SESSION_FORMID, formID); @@ -484,14 +465,8 @@ public class IndexAction extends BasicAction { session.setAttribute(Constants.SESSION_FORMID, formID); user = new UserDatabaseFrom(dbuser); - authUser = new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), + authUser = new AuthenticatedUser(dbuser, false, - false, dbuser.isIsMandateUser(), true); session.setAttribute(Constants.SESSION_FORM, user); @@ -511,14 +486,7 @@ public class IndexAction extends BasicAction { if (dbuser.isIsMandateUser() != null) ismandateuser = dbuser.isIsMandateUser(); - authUser = new AuthenticatedUser( - dbuser.getHjid(), - dbuser.getGivenname(), - dbuser.getFamilyname(), - dbuser.getInstitut(), - dbuser.getUsername(), - true, - dbuser.isIsAdmin(), + authUser = new AuthenticatedUser(dbuser, true, ismandateuser, true); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java new file mode 100644 index 000000000..215fd9a17 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/InterfederationIDPAction.java @@ -0,0 +1,455 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; +import at.gv.egovernment.moa.id.configuration.data.OAListElement; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAOAuth20Config; +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; +import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; +import at.gv.egovernment.moa.id.configuration.exception.BasicOAActionException; +import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class InterfederationIDPAction extends BasicOAAction { + private static final Logger log = Logger.getLogger(InterfederationIDPAction.class); + private static final long serialVersionUID = 2879192135387083131L; + + public static final String STRUTS_IDP_VIDP = "-VIDP"; + public static final String STRUTS_IDP_MOA = "-MOAIDP"; + + private List<OAListElement> formOAs; + + private String interfederationType; + + public InterfederationIDPAction() { + super(); + + } + + public String listAllIDPs() { + try { + populateBasicInformations(); + + if (authUser.isAdmin()) { + List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllOnlineApplications(); + + if (dbOAs == null || dbOAs.size() == 0) { + addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); + + } else { + formOAs = FormDataHelper.populateFormWithInderfederationIDPs(dbOAs); + } + + session.setAttribute(Constants.SESSION_RETURNAREA, + Constants.STRUTS_RETURNAREA_VALUES.main.name()); + + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + + } else { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + } + + public String newIDP() { + log.debug("insert new interfederation IDP"); + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + if (STRUTS_IDP_MOA.equals(interfederationType)) { + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + + } else if (STRUTS_IDP_VIDP.equals(interfederationType)) { + formList.putAll(VIDPAction.buildVIDPFormList()); + getStorkOA().setVidpEnabled(true); + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + + } else { + log.warn("Unkown interfederation IDP type"); + addActionError("Unkown interfederation IDP type"); + return Constants.STRUTS_ERROR; + } + + populateBasicNewOnlineApplicationInformation(); + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + return Constants.STRUTS_OA_EDIT + interfederationType; + + } + + public String loadIDPInformation() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + OnlineApplication oa = populateOnlineApplicationFromRequest(); + + if (oa.isIsInterfederationIDP() != null + && oa.isIsInterfederationIDP()) { + + formList.putAll(MOAIDPAction.buildMOAIDPFormList()); + interfederationType = STRUTS_IDP_MOA; + + } else if (oa.getAuthComponentOA().getOASTORK() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && oa.getAuthComponentOA().getOASTORK().isVidpEnabled()) { + + formList.putAll(VIDPAction.buildVIDPFormList()); + if (getStorkOA().getAttributeProviderPlugins() == null || + getStorkOA().getAttributeProviderPlugins().size() == 0) + getStorkOA().getAttributeProviderPlugins().add(new AttributeProviderPlugin()); + interfederationType = STRUTS_IDP_VIDP; + + } else { + log.warn("Requested application is not an interfederation IDP."); + return Constants.STRUTS_NOTALLOWED; + } + + parseOAToForm(oa); + return Constants.STRUTS_SUCCESS + interfederationType; + + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } + } + + public String saveIDP() { + + OnlineApplication onlineapplication= null; + + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + onlineapplication = preProcessSaveOnlineApplication(); + + if ( onlineapplication != null && + !((onlineapplication.isIsInterfederationIDP() != null && onlineapplication.isIsInterfederationIDP()) || + (onlineapplication.getAuthComponentOA().getOASTORK() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled() != null + && onlineapplication.getAuthComponentOA().getOASTORK().isVidpEnabled()))) { + log.warn("IDP which should be stored is not of type interfederation IDP."); + addActionError("IDP which should be stored is not of type MOA-ID interfederation IDP."); + return Constants.STRUTS_ERROR; + + } + + List<String> errors = new ArrayList<String>(); + + //validate forms + for (IOnlineApplicationData form : formList.values()) + errors.addAll(form.validate(getGeneralOA(), authUser, request)); + + + boolean publicServiceAllowed = ValidationHelper.isPublicServiceAllowed(getPvp2OA().getMetaDataURL()); + if (!publicServiceAllowed && !getGeneralOA().isBusinessService()) { + log.info("Metadata URL " + getPvp2OA().getMetaDataURL() + " does not allow PublicService."); + errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.metadataurl.publicservice", + new Object[] {getPvp2OA().getMetaDataURL()}, request )); + getGeneralOA().setBusinessService(true); + + } + + + if (errors.size() > 0) { + log.info("IDP-Configuration with ID " + getGeneralOA().getIdentifier() + " has some errors."); + for (String el : errors) + addActionError(el); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + return Constants.STRUTS_ERROR_VALIDATION; + + } else { + + //set default Target interfederated nameID caluclation + if (getGeneralOA().isBusinessService()) { + IdentificationNumber businessID = onlineapplication.getAuthComponentOA().getIdentificationNumber(); + if (businessID == null) { + businessID = new IdentificationNumber(); + onlineapplication.getAuthComponentOA().setIdentificationNumber(businessID); + } + businessID.setValue(Constants.PREFIX_WPBK + "MOA-IDP"); + + } else + onlineapplication.setTarget("MOA-IDP"); + + postProcessSaveOnlineApplication(onlineapplication); + + } + + //remove session attributes + session.setAttribute(Constants.SESSION_OAID, null); + ConfigurationDBUtils.closeSession(); + + addActionMessage(LanguageHelper.getGUIString("webpages.idp.success", getGeneralOA().getIdentifier(), request)); + return Constants.STRUTS_SUCCESS; + + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } + } + + public String cancleAndBackIDP() { + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } + + session.setAttribute(Constants.SESSION_OAID, null); + addActionMessage(LanguageHelper.getGUIString("webpages.idp.cancle", getGeneralOA().getIdentifier(), request)); + ConfigurationDBUtils.closeSession(); + + return Constants.STRUTS_SUCCESS; + } + + public String deleteIDP() { + String oaidentifier = null; + try { + populateBasicInformations(); + + if (!authUser.isAdmin()) { + log.warn("User with ID " + authUser.getUserID() + " not allowed to manage interfederation IDPs."); + addActionError(LanguageHelper.getErrorString("errors.notallowed", request)); + return Constants.STRUTS_NOTALLOWED; + } + + oaidentifier = preProcessDeleteOnlineApplication(); + + + } catch (BasicActionException e) { + return Constants.STRUTS_ERROR; + + } catch (BasicOAActionException e) { + addActionError(e.getStrutsError()); + return e.getStrutsReturnValue(); + + } + + session.setAttribute(Constants.SESSION_OAID, null); + OnlineApplication onlineapplication = ConfigurationDBRead.getOnlineApplication(oaidentifier); + + try { + if (MiscUtil.isNotEmpty(onlineapplication.getAuthComponentOA().getOAPVP2().getMetadataURL())) { + + MOAIDConfiguration moaconfig = ConfigurationDBRead.getMOAIDConfiguration(); + moaconfig.setPvp2RefreshItem(new Date()); + ConfigurationDBUtils.saveOrUpdate(moaconfig); + + } + } catch (Throwable e) { + log.info("Found no MetadataURL in OA-Databaseconfig!", e); + } + + if (ConfigurationDBUtils.delete(onlineapplication)) { + + ConfigurationDBUtils.closeSession(); + addActionMessage(LanguageHelper.getGUIString("webpages.oaconfig.delete.message", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + + } else { + ConfigurationDBUtils.closeSession(); + addActionError(LanguageHelper.getGUIString("webpages.oaconfig.delete.error", oaidentifier, request)); + return Constants.STRUTS_SUCCESS; + } + + } + + /** + * @param oa + */ + private void parseOAToForm(OnlineApplication oa) { + List<String> errors = new ArrayList<String>(); + for (IOnlineApplicationData form : formList.values()) { + List<String> error = form.parse(oa, authUser, request); + if (error != null) + errors.addAll(error); + } + if (errors.size() > 0) { + for (String el : errors) + addActionError(el); + } + + setNewOA(false); + + ConfigurationDBUtils.closeSession(); + + formID = Random.nextRandom(); + session.setAttribute(Constants.SESSION_FORMID, formID); + session.setAttribute(Constants.SESSION_OAID, oaid); + } + + /** + * @return the formOAs + */ + public List<OAListElement> getFormOAs() { + return formOAs; + } + + public OAMOAIDPInterfederationConfig getMoaIDP() { + return (OAMOAIDPInterfederationConfig) formList.get(new OAMOAIDPInterfederationConfig().getName()); + } + + public void setMoaIDP(OAMOAIDPInterfederationConfig pvp2oa) { + formList.put(pvp2oa.getName(), pvp2oa); + } + + /** + * @return the formOA + */ + public OATargetConfiguration getTargetConfig() { + return (OATargetConfiguration) formList.get(new OATargetConfiguration().getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setTargetConfig(OATargetConfiguration formOA) { + formList.put(formOA.getName(), formOA); + } + + /** + * @return the formOA + */ + public FormularCustomization getFormOA() { + return (FormularCustomization) formList.get(new FormularCustomization(null).getName()); + } + + /** + * @param formOA the formOA to set + */ + public void setFormOA(FormularCustomization formOA) { + formList.put(formOA.getName(), formOA); + } + + public OASTORKConfig getStorkOA() { + return (OASTORKConfig) formList.get(new OASTORKConfig().getName()); + } + + public void setStorkOA(OASTORKConfig storkOA) { + formList.put(storkOA.getName(), storkOA); + } + + + public OAAuthenticationData getAuthOA() { + return (OAAuthenticationData) formList.get(new OAAuthenticationData().getName()); + } + + public void setAuthOA(OAAuthenticationData generalOA) { + formList.put(generalOA.getName(), generalOA); + } + + + /** + * @return the interfederationType + */ + public String getInterfederationType() { + return interfederationType; + } + + /** + * @param interfederationType the interfederationType to set + */ + public void setInterfederationType(String interfederationType) { + this.interfederationType = interfederationType; + } + + + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java index e51ee7ca6..7f7f083c9 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ListOAsAction.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.OAListElement; @@ -46,7 +47,6 @@ import at.gv.egovernment.moa.id.configuration.exception.BasicActionException; import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class ListOAsAction extends BasicAction { @@ -88,7 +88,7 @@ public class ListOAsAction extends BasicAction { addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); } else { - formOAs = FormDataHelper.addFormOAs(dbOAs); + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); } session.setAttribute(Constants.SESSION_RETURNAREA, @@ -160,14 +160,11 @@ public class ListOAsAction extends BasicAction { } if (dbOAs == null || dbOAs.size() == 0) { - log.debug("No OAs found with Identifier " + friendlyname); + log.debug("No IDPs found with Identifier " + friendlyname); addActionError(LanguageHelper.getErrorString("errors.listOAs.noOA", request)); - } else { - - formOAs = FormDataHelper.addFormOAs(dbOAs); - session.setAttribute(Constants.SESSION_RETURNAREA, - Constants.STRUTS_RETURNAREA_VALUES.main.name()); + } else { + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java new file mode 100644 index 000000000..8c04a382a --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/MOAIDPAction.java @@ -0,0 +1,59 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.LinkedHashMap; + +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAMOAIDPInterfederationConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; + +/** + * @author tlenz + * + */ +public class MOAIDPAction extends InterfederationIDPAction { + + private static final long serialVersionUID = -2047128481980413334L; + + public MOAIDPAction() { + super(); + formList.putAll(buildMOAIDPFormList()); + } + + public static LinkedHashMap<String, IOnlineApplicationData> buildMOAIDPFormList() { + + LinkedHashMap<String, IOnlineApplicationData> forms = + new LinkedHashMap<String, IOnlineApplicationData>(); + + + OAPVP2Config pvp2OA = new OAPVP2Config(); + forms.put(pvp2OA.getName(), pvp2OA); + + OAMOAIDPInterfederationConfig moaidp = new OAMOAIDPInterfederationConfig(); + forms.put(moaidp.getName(), moaidp); + + return forms; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java index a4c768eda..283b3604a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/OpenAdminRequestsAction.java @@ -67,7 +67,7 @@ public class OpenAdminRequestsAction extends BasicAction { List<OnlineApplication> dbOAs = ConfigurationDBRead.getAllNewOnlineApplications(); if (dbOAs != null) { - formOAs = FormDataHelper.addFormOAs(dbOAs); + formOAs = FormDataHelper.populateFormWithOAs(dbOAs); } List<UserDatabase> dbUsers = ConfigurationDBRead.getAllNewUsers(); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java index 382dc6372..5799c88b2 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java @@ -38,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; @@ -48,7 +49,6 @@ import at.gv.egovernment.moa.id.configuration.helper.FormDataHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.MailHelper; import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java new file mode 100644 index 000000000..8588dd286 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/VIDPAction.java @@ -0,0 +1,75 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.configuration.struts.action; + +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.Map; + +import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; +import at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; +import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; +import at.gv.egovernment.moa.id.util.FormBuildUtils; + +/** + * @author tlenz + * + */ +public class VIDPAction extends InterfederationIDPAction { + + private static final long serialVersionUID = 1981465294474566533L; + + + public VIDPAction() { + super(); + formList.putAll(buildVIDPFormList()); + } + + /** + * @return + * + */ + public static LinkedHashMap<String, IOnlineApplicationData> buildVIDPFormList() { + LinkedHashMap<String, IOnlineApplicationData> forms = + new LinkedHashMap<String, IOnlineApplicationData>(); + + OATargetConfiguration oaTarget = new OATargetConfiguration(); + forms.put(oaTarget.getName(), oaTarget); + + OAAuthenticationData authOA = new OAAuthenticationData(); + forms.put(authOA.getName(), authOA); + + OASTORKConfig storkOA = new OASTORKConfig(); + forms.put(storkOA.getName(), storkOA); + + Map<String, String> map = new HashMap<String, String>(); + map.putAll(FormBuildUtils.getDefaultMap()); + FormularCustomization formOA = new FormularCustomization(map); + forms.put(formOA.getName(), formOA); + + return forms; + } + +} diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java index ae7ee3c8e..c9a174813 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/FormularCustomizationValitator.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.FormularCustomization; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java index 3ed0157da..662694ce7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java @@ -31,6 +31,7 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom; import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java index cfa00f0e1..c64ae35d3 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/MOAConfigValidator.java @@ -34,13 +34,13 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.data.GeneralMOAIDConfig; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; import at.gv.egovernment.moa.id.configuration.helper.StringHelper; import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java index f7adc1a67..e4a091c7e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/PVP2ContactValidator.java @@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.pvp2.ContactForm; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java index a63b3a7b1..8bc916e5a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java @@ -9,9 +9,9 @@ import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.GeneralStorkConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class StorkConfigValidator { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index 7b68f04d8..0bbf2116d 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAGeneralConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -30,33 +30,21 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; -import at.gv.egovernment.moa.id.configuration.Constants; -import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; -public class OAGeneralConfigValidation { +public class OAAuthenticationDataValidation { private static final Logger log = Logger.getLogger(OASSOConfigValidation.class); - public List<String> validate(OAGeneralConfig form, boolean isAdmin, HttpServletRequest request) { + public List<String> validate(OAAuthenticationData form, boolean isAdmin, HttpServletRequest request) { List<String> errors = new ArrayList<String>(); String check; - if (isAdmin) { - //validate aditionalAuthBlockText - check = form.getAditionalAuthBlockText(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("AditionalAuthBlockText contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.aditionalauthblocktext", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } - } + //Check BKU URLs if (isAdmin) { @@ -97,19 +85,6 @@ public class OAGeneralConfigValidation { } } - //check OA FriendlyName - check = form.getFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("OAFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } else { - log.info("OA friendlyName is empty"); - errors.add(LanguageHelper.getErrorString("validation.general.oafriendlyname.empty", request)); - } - if (isAdmin) { //check KeyBoxIdentifier check = form.getKeyBoxIdentifier(); @@ -170,114 +145,7 @@ public class OAGeneralConfigValidation { new Object[] {ValidationHelper.getPotentialCSSCharacter(true)}, request )); } } - - - - boolean businessservice = form.isBusinessService(); - - if (businessservice) { - - //check identification type - check = form.getIdentificationType(); - if (!form.getIdentificationTypeList().contains(check)) { - log.info("IdentificationType is not known."); - errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); - } - - //check identification number - check = form.getIdentificationNumber(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty IdentificationNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); - - } else { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("IdentificationNumber contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - - if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { - CompanyNumberValidator val = new CompanyNumberValidator(); - if (!val.validate(check)) { - log.info("Not valid CompanyNumber"); - errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); - } - } - } - - } else { - - check = form.getTarget_subsector(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target-Subsector"); - errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); - } - } - - - if (!isAdmin) { - //check PublicURL Prefix allows PublicService - if (!ValidationHelper.isPublicServiceAllowed(form.getIdentifier())) { - log.warn("PublicURLPrefix does not allow PublicService: " + form.getIdentifier()); - errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", - new Object[] {form.getIdentifier()}, request )); - form.setBusinessService(true); - return errors; - - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isEmpty(check)) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - - } else { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - } else { - //check targetFrindlyName(); - check = form.getTargetFriendlyName(); - if (MiscUtil.isNotEmpty(check)) { - if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { - log.warn("TargetFriendlyName contains potentail XSS characters: " + check); - errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", - new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); - } - } - - if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { - log.info("Empty Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); - } - - //check Target - check = form.getTarget(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); - } - } - - //check Admin Target - check = form.getTarget_admin(); - if (MiscUtil.isNotEmpty(check)) { - if (!ValidationHelper.isValidAdminTarget(check)) { - log.info("Not valid Target"); - errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); - } - } - } - } - return errors; } } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java index bee2ba06c..de32d31c7 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAFileUploadValidation.java @@ -36,9 +36,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.io.IOUtils; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java index b26f2d9d5..345d25cda 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAPVP2ConfigValidation.java @@ -22,70 +22,131 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.configuration.validation.oa; +import iaik.x509.X509Certificate; + import java.io.IOException; import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.List; +import java.util.Timer; +import javax.net.ssl.SSLHandshakeException; import javax.servlet.http.HttpServletRequest; +import org.apache.commons.httpclient.MOAHttpClient; import org.apache.log4j.Logger; +import org.opensaml.Configuration; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallerFactory; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.auth.pvp2.MetaDataVerificationFilter; +import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider; import at.gv.egovernment.moa.id.configuration.data.oa.OAPVP2Config; +import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class OAPVP2ConfigValidation { private static final Logger log = Logger.getLogger(OAPVP2ConfigValidation.class); - public List<String> validate(OAPVP2Config form, HttpServletRequest request) { + public List<String> validate(OAPVP2Config form, String oaID, HttpServletRequest request) { + + Timer timer = null; + MOAHttpClient httpClient = null; + HTTPMetadataProvider httpProvider = null; List<String> errors = new ArrayList<String>(); try { - byte[] metadata = null; -// byte[] cert = null; - + byte[] certSerialized = null; + if (form.getFileUpload() != null) + certSerialized = form.getCertificate(); + else { + OnlineApplication oa = ConfigurationDBRead.getOnlineApplication(oaID); + if (oa != null && + oa.getAuthComponentOA() != null && + oa.getAuthComponentOA().getOAPVP2() != null) { + certSerialized = oa.getAuthComponentOA().getOAPVP2().getCertificate(); + } + } + String check = form.getMetaDataURL(); if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.validateURL(check)) { log.info("MetaDataURL has no valid form."); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.valid", request)); } else { - metadata = FileUtils.readURL(check); - if (MiscUtil.isEmpty(metadata)) { - log.info("Filecontent can not be read form MetaDataURL."); - errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); + + if (certSerialized == null) { + log.info("No certificate for metadata validation"); + errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); + + } else { + + X509Certificate cert = new X509Certificate(certSerialized); + BasicX509Credential credential = new BasicX509Credential(); + credential.setEntityCertificate(cert); + + timer = new Timer(); + httpClient = new MOAHttpClient(); + + if (form.getMetaDataURL().startsWith("https:")) + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + "MOAMetaDataProvider", + ConfigurationProvider.getInstance().getCertStoreDirectory(), + ConfigurationProvider.getInstance().getTrustStoreDirectory(), + null, + ChainingModeType.PKIX, + true); + + httpClient.setCustomSSLTrustStore( + form.getMetaDataURL(), + protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + log.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } catch (ConfigurationException e) { + log.info("No MOA specific SSL-TrustStore configured. Use default Java TrustStore."); + + } + + httpProvider = + new HTTPMetadataProvider(timer, httpClient, form.getMetaDataURL()); + httpProvider.setParserPool(new BasicParserPool()); + httpProvider.setRequireValidMetadata(true); + httpProvider.setMetadataFilter(new MetaDataVerificationFilter(credential)); + httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes + httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours + httpProvider.initialize(); + + if (httpProvider.getMetadata() == null) { + log.info("Metadata could be received but validation FAILED."); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.validation", request)); + } + + } } } - - if (form.getFileUpload() != null) - form.getCertificate(); - -// else { -// if (metadata != null) { -// log.info("No certificate to verify the Metadata defined."); -// errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound")); -// } -// } - -// if (cert != null && metadata != null) { -// HTTPMetadataProvider httpProvider = new HTTPMetadataProvider( -// check, 20000); -// httpProvider.setParserPool(new BasicParserPool()); -// httpProvider.setRequireValidMetadata(true); -// MetadataFilter filter = new MetadataSignatureFilter( -// check, cert); -// httpProvider.setMetadataFilter(filter); -// httpProvider.initialize(); -// -// } - - + } catch (CertificateException e) { log.info("Uploaded Certificate can not be found", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.certificate.notfound", request)); @@ -94,9 +155,24 @@ public class OAPVP2ConfigValidation { log.info("Metadata can not be loaded from URL", e); errors.add(LanguageHelper.getErrorString("validation.pvp2.metadataurl.read", request)); -// } catch (MetadataProviderException e) { -// log.info("MetaDate verification failed"); -// errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify")); + } catch (MetadataProviderException e) { + + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + log.info("SSL Server certificate not trusted.", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.ssl", request)); + + } else { + log.info("MetaDate verification failed", e); + errors.add(LanguageHelper.getErrorString("validation.pvp2.metadata.verify", request)); + } + + } finally { + if (httpProvider != null) + httpProvider.destroy(); + + if (timer != null) + timer.cancel(); + } return errors; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java index 6de966b8d..971e11cc4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASSOConfigValidation.java @@ -29,9 +29,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASSOConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class OASSOConfigValidation { diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java index 7bdcb65cf..60209542b 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OASTORKConfigValidation.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.configuration.validation.oa; import java.util.ArrayList; +import java.util.Iterator; import java.util.List; import javax.servlet.http.HttpServletRequest; @@ -30,9 +31,9 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OASTORKConfig; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; -import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper; import at.gv.egovernment.moa.util.MiscUtil; public class OASTORKConfigValidation { @@ -52,7 +53,9 @@ public class OASTORKConfigValidation { } if (oageneral.isVidpEnabled()) { - for(AttributeProviderPlugin current : oageneral.getAttributeProviderPlugins()) { + Iterator<AttributeProviderPlugin> interator = oageneral.getAttributeProviderPlugins().iterator(); + while (interator.hasNext()) { + AttributeProviderPlugin current = interator.next(); if (MiscUtil.isEmpty(current.getUrl()) || !ValidationHelper.validateURL(current.getUrl())) { log.info("AttributeProviderPlugin URL has no valid form."); errors.add(LanguageHelper.getErrorString("validation.stork.ap.url.valid", request)); diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java new file mode 100644 index 000000000..650553ab3 --- /dev/null +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -0,0 +1,154 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.configuration.validation.oa; + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.apache.log4j.Logger; + +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.id.configuration.Constants; +import at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig; +import at.gv.egovernment.moa.id.configuration.data.oa.OATargetConfiguration; +import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; +import at.gv.egovernment.moa.id.configuration.validation.CompanyNumberValidator; +import at.gv.egovernment.moa.util.MiscUtil; + +public class OATargetConfigValidation { + + private static final Logger log = Logger.getLogger(OATargetConfigValidation.class); + + public List<String> validate(OATargetConfiguration form, boolean isAdmin, OAGeneralConfig general, HttpServletRequest request) { + + List<String> errors = new ArrayList<String>(); + String check; + + if (general.isBusinessService()) { + + //check identification type + check = form.getIdentificationType(); + if (!form.getIdentificationTypeList().contains(check)) { + log.info("IdentificationType is not known."); + errors.add(LanguageHelper.getErrorString("validation.general.stork.sptarget", request)); + } + + //check identification number + check = form.getIdentificationNumber(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty IdentificationNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.empty", request)); + + } else { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("IdentificationNumber contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.valid", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + + if (form.getIdentificationType().equals(Constants.IDENIFICATIONTYPE_FN)) { + CompanyNumberValidator val = new CompanyNumberValidator(); + if (!val.validate(check)) { + log.info("Not valid CompanyNumber"); + errors.add(LanguageHelper.getErrorString("validation.general.identificationnumber.fn.valid", request)); + } + } + } + + } else { + + check = form.getTarget_subsector(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target-Subsector"); + errors.add(LanguageHelper.getErrorString("validation.general.target.subsector.valid", request)); + } + } + + + if (!isAdmin) { + //check PublicURL Prefix allows PublicService + if (!ValidationHelper.isPublicServiceAllowed(general.getIdentifier())) { + log.warn("PublicURLPrefix does not allow PublicService: " + general.getIdentifier()); + errors.add(LanguageHelper.getErrorString("validation.general.target.publicserviceurl", + new Object[] {general.getIdentifier()}, request )); + general.setBusinessService(true); + return errors; + + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isEmpty(check)) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + + } else { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + } else { + + //check targetFrindlyName(); + check = form.getTargetFriendlyName(); + if (MiscUtil.isNotEmpty(check)) { + if (ValidationHelper.containsPotentialCSSCharacter(check, false)) { + log.warn("TargetFriendlyName contains potentail XSS characters: " + check); + errors.add(LanguageHelper.getErrorString("validation.general.targetfriendlyname", + new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request )); + } + } + + if (MiscUtil.isEmpty(form.getTarget()) && MiscUtil.isEmpty(form.getTarget_admin())) { + log.info("Empty Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.empty", request)); + } + + //check Target + check = form.getTarget(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.valid", request)); + } + } + + //check Admin Target + check = form.getTarget_admin(); + if (MiscUtil.isNotEmpty(check)) { + if (!ValidationHelper.isValidAdminTarget(check)) { + log.info("Not valid Target"); + errors.add(LanguageHelper.getErrorString("validation.general.target.admin.valid", request)); + } + } + } + } + + return errors; + } +} diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 916206cf1..1f0819edf 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -11,6 +11,7 @@ error.title=Fehler: error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator. errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden. +errors.listIDPs.noIDP=Es wurden kein IdentityProvider f\u00FCr Interfederation in der Datenbank gefunden. errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben. errors.edit.oa.oaid.allowed=Sie besitzen nicht die ben\u00F6tigen Rechte um auf diese Online-Applikation zuzugreifen. error.oa.pvp2.certificate=Das hinterlegte PVP2 Zertifikat konnte nicht gelesen werden. @@ -94,6 +95,21 @@ webpages.mainpage.menu.general.importexport=Importieren/Exportieren webpages.mainpage.menu.general.config.moaid=Allgemeine Konfiguration webpages.mainpage.menu.general.usermanagement=Benutzerverwaltung webpages.mainpage.menu.general.adminrequests=Offene Anfragen +webpages.mainpage.menu.interfederation=Interfederation + +webpages.interfederation.header=IDP Interfederation Konfiguration +webpages.interfederation.list.header=Liste aller konfiguerierten IDPs +webpages.inderfederation.moaid.header=Interfederation +webpages.inderfederation.moaid.businessServiceIDP=Privatwirtschaftlicher IDP +webpages.inderfederation.moaid.inboundSSO=Eingehendes SSO erlauben +webpages.inderfederation.moaid.outboundSSO=Ausgehendes SSO erlauben +webpages.inderfederation.moaid.storeSSOSession=SSO Session speichern +webpages.inderfederation.moaid.attributQueryURL=AttributQuery Service URL +webpages.interfederation.new.header=Neuen Identity Provider hinzuf\u00FCgen +webpages.interfederation.new.vidp=STORK VIDP +webpages.interfederation.new.moaid=MOA-ID IDP + + webpages.moaconfig.save.success=Die MOA-ID Konfiguration wurde erfolgreich gespeichert. webpages.moaconfig.header=Allgemeine Konfiguration @@ -152,6 +168,7 @@ webpages.moaconfig.sl.transormations.header=SecurityLayer Transformationen webpages.moaconfig.sl.transormations.filename=Dateiname webpages.moaconfig.sl.transormations.upload=Neue Transformation hochladen +webpages.listOAs.list.elInfo=Type webpages.listOAs.list.first=Eindeutige Kennung webpages.listOAs.list.second=Name der Online-Applikation @@ -294,6 +311,8 @@ message.title=Meldung: webpages.oaconfig.success=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. webpages.oaconfig.success.admin=Die Online-Applikation {0} konnte erfolgreich gespeichert werden. Es ist jedoch eine Aktivierung durch den Administrator erforderlich. webpages.oaconfig.cancle=Die Bearbeitung der Online-Applikation {0} wurde abgebrochen. +webpages.idp.success=Der IdentityProvider {0} konnte erfolgreich gespeichert werden. +webpages.idp.cancle=Die Bearbeitung des IdentityProvider {0} wurde abgebrochen. webpages.oaconfig.delete.message=Die Online-Applikation {0} wurde erfolgreich gel\u00F6scht. webpages.oaconfig.delete.error=Die Online-Applikation {0} konnte nicht gel\u00F6scht werden. @@ -439,10 +458,16 @@ validation.pvp2.metadataurl.read=Unter der angegebenen Metadaten URL konnten kei validation.pvp2.metadata.verify=Die Metadaten konnten nicht mit dem angegebenen Zertifikat verifziert werden. validation.pvp2.certificate.format=Das angegebene PVP2 Zertifikat wei\u00DFt kein g\u00FCltiges Format auf. validation.pvp2.certificate.notfound=Kein PVP2 Zertifikat eingef\u00FCgt. +validation.pvp2.metadata.ssl=Das SSL Serverzertifikat des Metadaten Service ist nicht vertrauensw\u00FCrdig. +validation.pvp2.metadata.validation=Die Metadaten konnten von der angegebenen URL geladen werden, jedoch schlug die Validierung der Metadaten fehl. validation.sso.logouturl.empty=Eine URL zum Single Log-Out Service ist erforderlich. validation.sso.logouturl.valid=Die URL zum Single Log-Out Service wei\u00DFt kein g\u00FCltiges Format auf. +validation.interfederation.moaidp.queryurl.valid=Die URL zum zum AttributQuery Service wei\u00DFt kein g\u00FCltiges Format auf. +validation.interfederation.moaidp.queryurl.empty=Die URL zum zum AttributQuery Service muss f\u00FCr eingehende Single Sign-On Interfederation konfiguriert werden. +validation.interfederation.moaidp.metadataurl.publicservice=Die Domain des Metadaten Services f\u00FCr diesen IDP erlaubt nur Applikationen aus dem privatwirtschaftlichen Bereich. + validation.saml1.providestammzahl=ProvideStammZahl kann nicht mit Applikationen aus dem privatwirtschaftlichen Bereich kombiniert werden. validation.general.bkuselection.specialfeatures.valid=Die speziellen Einstellungen f\u00FCr die BKU Auswahl (Vollmachtsanmeldung ausblenden / zwingend voraussetzen) k\u00F6nnen nicht in Kombination mit SSO verwendet werden. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 4d76ec1ac..7733be5d0 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -11,6 +11,7 @@ error.title=Error: error.login.internal=The error occurred during the processing. Please try again or contact Administrator. error.general.text=During the processing the error condition occured. Please try again or contact the administrator. errors.listOAs.noOA=There is no Online-Application found in the database. +errors.listIDPs.noIDP=There is no interfederation IdentityProvider found in the database. errors.edit.oa.oaid=There is no valid Online-Application ID transfered. errors.edit.oa.oaid.allowed=You do not possess the necessary rights in order to access this Online-Application. error.oa.pvp2.certificate=Provided PVP2 certificate could not be read. @@ -95,6 +96,19 @@ webpages.mainpage.menu.general.config.moaid=General configuration webpages.mainpage.menu.general.usermanagement=User management webpages.mainpage.menu.general.adminrequests=Open requests +webpages.mainpage.menu.interfederation=Interfederation +webpages.interfederation.header=IDP Interfederation Configuration +webpages.interfederation.list.header=List of all interfederation IDPs +webpages.inderfederation.moaid.businessServiceIDP=BusinessService IDP +webpages.inderfederation.moaid.header=Interfederation +webpages.inderfederation.moaid.inboundSSO=Allow inbound SSO +webpages.inderfederation.moaid.outboundSSO=Allow outbound SSO +webpages.inderfederation.moaid.storeSSOSession=Store SSO session +webpages.inderfederation.moaid.attributQueryURL=AttributQuery service URL +webpages.interfederation.new.header=Add new Identity Provider +webpages.interfederation.new.vidp=STORK VIDP +webpages.interfederation.new.moaid=MOA-ID IDP + webpages.moaconfig.save.success=MOA-ID has been successfully saved. webpages.moaconfig.header=General configuration webpages.oaconfig.general.publicURLPreFix=Public URL Prefix @@ -152,6 +166,7 @@ webpages.moaconfig.sl.transormations.header=SecurityLayer Transformations webpages.moaconfig.sl.transormations.filename=File name webpages.moaconfig.sl.transormations.upload=Upload new transformations +webpages.listOAs.list.elInfo=Type webpages.listOAs.list.first=Unique identifier webpages.listOAs.list.second=Name of the Online-Application @@ -294,6 +309,8 @@ message.title=Announcement: webpages.oaconfig.success=The Online-Application {0} could be saved. webpages.oaconfig.success.admin=Online-Applikation {0} could be saved. The activation by the Administrator is necessary. webpages.oaconfig.cancle=The processing of Online-Applikation {0} was interrupted. +webpages.idp.success=IdentityProvider {0} could be saved. +webpages.idp.cancle=The processing of IdentityProvider {0} was interrupted. webpages.oaconfig.delete.message=Online-Application {0} was succesfully removed. webpages.oaconfig.delete.error=Online-Application {0} could not be removed. @@ -439,14 +456,19 @@ validation.pvp2.metadataurl.read=No information could be found under provided UR validation.pvp2.metadata.verify=The metadata could not be verified with the provided certificate. validation.pvp2.certificate.format=The provided PVP2 certificate has invalid format. validation.pvp2.certificate.notfound=There is no PVP2 inserted. +validation.pvp2.metadata.ssl=The SSL server certificate is not trusted. validation.sso.logouturl.empty=URL for Single Log-Out Service is necessary. validation.sso.logouturl.valid=URL for Single Log-Out Service has incorrect format. +validation.interfederation.moaidp.queryurl.valid=URL for AttributQuery Service has incorrect format. +validation.interfederation.moaidp.queryurl.empty=URL for AttributQuery Service is necessary for inbound Single Sign-On interfederation. +validation.interfederation.moaidp.metadataurl.publicservice=The domain of Metadata service for that IDP permits private sector only. + validation.saml1.providestammzahl=ProvideSourcePIN cannot be combined with applications from private sector. validation.general.bkuselection.specialfeatures.valid=The special settings for the selection of CCE (Hide mandate login / compulsory required) could not be used in combination with SSO. -validation.general.bkuselection.specialfeatures.combination=Required mandate based in combination with hidden checkfbox for selection of mandating is not possible. +validation.general.bkuselection.specialfeatures.combination=Required mandate based in combination with hidden checkbox for selection of mandating is not possible. validation.general.form.color.background=Background color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF) validation.general.form.color.front=Foreground color for CCE selection contains invalid hexadecimal value. (e.g. \\\#FFFFFF) validation.general.form.header.color.back=Background color for the caption of CCE selection contains no valid hexadecimal value. (e.g. \\\#FFFFFF) diff --git a/id/ConfigWebTool/src/main/resources/struts.xml b/id/ConfigWebTool/src/main/resources/struts.xml index 4b006ffd9..3fc82f83f 100644 --- a/id/ConfigWebTool/src/main/resources/struts.xml +++ b/id/ConfigWebTool/src/main/resources/struts.xml @@ -365,6 +365,83 @@ <interceptor-ref name="OwnStack"/> </action> + <action name="listallinterfederationidps" method="listAllIDPs" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="success">/jsp/interfederation/idplist.jsp</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="loadIDP" method="loadIDPInformation" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="success-VIDP">/jsp/interfederation/vidp.jsp</result> + <result name="success-MOAIDP">/jsp/interfederation/moa_idp.jsp</result> + <result name="notallowed" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="newIDP" method="newIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="editOA-VIDP">/jsp/interfederation/vidp.jsp</result> + <result name="editOA-MOAIDP">/jsp/interfederation/moa_idp.jsp</result> + <result name="success" type="chain">main</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + + <action name="saveMOAIDP" method="saveIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.MOAIDPAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/interfederation/moa_idp.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="saveVIDP" method="saveIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.VIDPAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/interfederation/vidp.jsp</result> + <result name="error">/error.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="cancleandbackIDP" method="cancleAndBackIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result type="chain">main</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + + <action name="deleteIDP" method="deleteIDP" class="at.gv.egovernment.moa.id.configuration.struts.action.InterfederationIDPAction"> + <result name="success" type="chain">main</result> + <result name="error_validation">/jsp/editOAGeneral.jsp</result> + <result name="reauthentication" type="redirectAction"> + <param name="actionName">logout</param> + <param name="namespace">/</param> + </result> + <interceptor-ref name="OwnStack"/> + </action> + </package> </struts>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/css/index.css b/id/ConfigWebTool/src/main/webapp/css/index.css index eb984a896..2c7a880f0 100644 --- a/id/ConfigWebTool/src/main/webapp/css/index.css +++ b/id/ConfigWebTool/src/main/webapp/css/index.css @@ -356,6 +356,12 @@ div .wwgrp br { font-size: 1.1em; } +.listElInfo { + position: relative; + width: 50px; + float: left; +} + .listFirst { position: relative; width: 450px; diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js index 18c755f4b..32e79bb66 100644 --- a/id/ConfigWebTool/src/main/webapp/js/common.js +++ b/id/ConfigWebTool/src/main/webapp/js/common.js @@ -204,7 +204,7 @@ function oaOnLoad() { AdminTarget(); oaTargetSubSector(); - oaVIDP(); +// oaVIDP(); $(".colorfield").each( function() { diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp index 20a5ad1ea..a3541c9a7 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp @@ -34,352 +34,16 @@ <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> - - <div class="oa_config_block"> - - <s:if test="authUser.isAdmin()"> - <s:checkbox name="generalOA.Active" - value="%{generalOA.Active}" - labelposition="left" - key="webpages.oaconfig.general.isActive" - cssClass="checkbox"> - </s:checkbox> - </s:if> + <s:include value="snippets/OA/generalInformation.jsp"></s:include> + + <s:include value="snippets/OA/targetConfiguration.jsp"></s:include> + + <s:include value="snippets/OA/authentication.jsp"></s:include> - <s:textfield name="generalOA.identifier" - value="%{generalOA.identifier}" - labelposition="left" - key="webpages.oaconfig.general.identification" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.friendlyName" - value="%{generalOA.friendlyName}" - labelposition="left" - key="webpages.oaconfig.general.friendlyname" - cssClass="textfield_long"> - </s:textfield> - - <s:checkbox name="generalOA.businessService" - value="%{generalOA.businessService}" - labelposition="left" - key="webpages.oaconfig.general.isbusinessservice" - cssClass="checkbox" - onclick="oaBusinessService();" - id="OAisbusinessservice" - > - </s:checkbox> - - - </div> + <s:include value="snippets/OA/sso.jsp"></s:include> - <div id="oa_config_businessservice" class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3> - - <s:select list="generalOA.identificationTypeList" - key="webpages.oaconfig.general.business.value" - labelposition="left" - cssClass="selectfield" - value="%{generalOA.identificationType}" - name="generalOA.identificationType" - disabled="%{isDeaktivededBusinessService()}"> - </s:select> - - <s:textfield name="generalOA.identificationNumber" - value="%{generalOA.identificationNumber}" - cssClass="textfield_middle" - disabled="%{isDeaktivededBusinessService()}"> - </s:textfield> - </div> - - <s:if test="!isOnlyBusinessService()"> - <div id="oa_config_publicservice" class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3> - - <s:if test="authUser.isAdmin()"> - <s:select list="generalOA.targetList" - key="webpages.oaconfig.general.target" - labelposition="left" - cssClass="selectfield" - value="%{generalOA.target}" - name="generalOA.target" - onchange="HideAdminTarget();"> - </s:select> - </s:if> - <s:else> - <s:select list="generalOA.targetList" - key="webpages.oaconfig.general.target" - labelposition="left" - cssClass="selectfield" - value="%{generalOA.target}" - name="generalOA.target"> - </s:select> - </s:else> + <s:include value="snippets/OA/stork.jsp"></s:include> - <s:checkbox name="subTargetSet" - value="%{subTargetSet}" - labelposition="left" - key="webpages.oaconfig.general.target.subsector.checkbox" - cssClass="checkbox" - onclick="oaTargetSubSector();" - id="OAisTargetSubSector"> - </s:checkbox> - - <s:textfield name="generalOA.target_subsector" - value="%{generalOA.target_subsector}" - labelposition="left" - key="webpages.oaconfig.general.target.subsector" - cssClass="selectfield" - id="OAtarget_subsector"> - </s:textfield> - - - <s:if test="authUser.isAdmin()"> - <s:checkbox - name="generalOA.AdminTarget" - value="%{generalOA.AdminTarget}" - cssClass="checkbox" - onclick="AdminTarget();" - labelposition="left" - key="webpages.oaconfig.general.target.admin.checkbox" - id="adminTarget"> - </s:checkbox> - - <div id="admin_target_area"> - <s:textfield name="generalOA.target_admin" - value="%{generalOA.target_admin}" - labelposition="left" - key="webpages.oaconfig.general.target.admin" - cssClass="textfield_short"> - </s:textfield> - <s:textfield name="generalOA.targetFriendlyName" - value="%{generalOA.targetFriendlyName}" - labelposition="left" - key="webpages.oaconfig.general.target.friendlyname" - cssClass="textfield_long"> - </s:textfield> - </div> - </s:if> - <s:else> - <s:if test="generalOA.target_admin neq null"> - <s:textfield name="generalOA.target_admin" - value="%{generalOA.target_admin}" - labelposition="left" - key="webpages.oaconfig.general.target.admin.disabled" - cssClass="textfield_short" - disabled="true"> - </s:textfield> - </s:if> - <%-- <s:if test="generalOA.targetFriendlyName neq null"> - <s:textfield name="generalOA.targetFriendlyName" - value="%{generalOA.targetFriendlyName}" - labelposition="left" - key="webpages.oaconfig.general.target.friendlyname.disabled" - cssClass="textfield_long"> - </s:textfield> - </s:if> --%> - </s:else> - </div> - </s:if> - - <s:if test="authUser.isAdmin()"> - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3> - - <s:textfield name="generalOA.bkuOnlineURL" - value="%{generalOA.bkuOnlineURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.online" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.bkuHandyURL" - value="%{generalOA.bkuHandyURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.handy" - cssClass="textfield_long"> - </s:textfield> - - <s:textfield name="generalOA.bkuLocalURL" - value="%{generalOA.bkuLocalURL}" - labelposition="left" - key="webpages.oaconfig.general.bku.local" - cssClass="textfield_long"> - </s:textfield> - - <s:radio list="generalOA.keyBoxIdentifierList" - name="generalOA.keyBoxIdentifier" - value="%{generalOA.keyBoxIdentifier}" - labelposition="left" - key="webpages.oaconfig.general.bku.keyboxidentifier" - cssClass="radio"> - </s:radio> - <s:checkbox name="generalOA.legacy" - value="%{generalOA.legacy}" - labelposition="left" - key="webpages.oaconfig.general.bku.legacy" - cssClass="checkbox" - onclick="oaLegacyService();" - id="OAislegacy"> - </s:checkbox> - <div id="oa_config_sltemplates"> - <s:textfield name="generalOA.SLTemplateURL1" - value="%{generalOA.SLTemplateURL1}" - labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.first" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="generalOA.SLTemplateURL2" - value="%{generalOA.SLTemplateURL2}" - labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.second" - cssClass="textfield_long"> - </s:textfield> - <s:textfield name="generalOA.SLTemplateURL3" - value="%{generalOA.SLTemplateURL3}" - labelposition="left" - key="webpages.oaconfig.general.bku.sltemplate.third" - cssClass="textfield_long"> - </s:textfield> - </div> - - <div class="oa_protocol_area"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4> - <s:iterator value="%{generalOA.bkuSelectionFileUploadFileName}" var="fileNameBKU"> - <div class="floatClass"> - <s:label key="webpages.oaconfig.general.bku.bkuselection.filename" value="%{fileNameBKU}"/> - <s:checkbox key="webpages.oaconfig.general.bku.delete" - labelposition="left" - cssClass="checkbox" - name="generalOA.deleteBKUTemplate"></s:checkbox> - </div> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> - </div> - </s:iterator> - <s:if test="generalOA.bkuSelectionFileUploadFileName.size() == 0"> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> - </div> - </s:if> - </div> - <div class="oa_protocol_area"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %></h4> - <s:iterator value="%{generalOA.sendAssertionFileUploadFileName}" var="fileNameBKU"> - <div class="floatClass"> - <s:label key="webpages.oaconfig.general.bku.sendassertion.filename" - value="%{fileNameBKU}"/> - <s:checkbox key="webpages.oaconfig.general.bku.delete" - labelposition="left" - cssClass="checkbox" - name="generalOA.deleteSendAssertionTemplate"></s:checkbox> - </div> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> - </div> - </s:iterator> - <s:if test="generalOA.sendAssertionFileUploadFileName.size() == 0"> - <div id="pvp2_certificate_upload"> - <s:file name="generalOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> - </div> - </s:if> - </div> - - </div> - </s:if> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3> - - - <s:checkbox name="generalOA.useMandates" - value="%{generalOA.useMandates}" - labelposition="left" - key="webpages.oaconfig.general.mandate.usemandate" - cssClass="checkbox"> - </s:checkbox> - - <s:textfield name="generalOA.mandateProfiles" - value="%{generalOA.mandateProfiles}" - labelposition="left" - key="webpages.oaconfig.general.mandate.profiles" - cssClass="textfield_long"> - </s:textfield> - - <s:checkbox name="formOA.onlyMandateAllowed" - value="%{formOA.onlyMandateAllowed}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed" - cssClass="checkbox"> - </s:checkbox> - - </div> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3> - - <s:checkbox name="ssoOA.useSSO" - value="%{ssoOA.useSSO}" - labelposition="left" - key="webpages.oaconfig.sso.usesso" - cssClass="checkbox" - onclick="oaSSOService();" - id="OAuseSSO"> - </s:checkbox> - - <div id="sso_bock"> - <s:if test="authUser.isAdmin()"> - <s:checkbox name="ssoOA.showAuthDataFrame" - value="%{ssoOA.showAuthDataFrame}" - labelposition="left" - key="webpages.oaconfig.sso.useauthdataframe" - cssClass="checkbox" - onclick="oaBusinessService();"> - </s:checkbox> - </s:if> - -<%--TODO: insert if SLO is implemented!!!--%> -<%-- <s:textfield name="ssoOA.singleLogOutURL" - value="%{ssoOA.singleLogOutURL}" - labelposition="left" - key="webpages.oaconfig.sso.singlelogouturl" - cssClass="textfield_long"> - </s:textfield> --%> - </div> - </div> - - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3> - - <s:checkbox name="storkOA.storkLogonEnabled" - value="%{storkOA.storkLogonEnabled}" - labelposition="left" - key="webpages.oaconfig.stork.usestork" - cssClass="checkbox" - onclick="oaStork();" - id="OAuseSTORKLogon" /> - <div id="stork_block"> - <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}" - value="#{storkOA.qaa}" - name="storkOA.qaa" - key="webpages.moaconfig.stork.qaa" - labelposition="left" /> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4> - <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" /> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4> - <table> - <tr><th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.used", request) %></th> - <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.name", request) %></th> - <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.mandatory", request) %></th></tr> - <s:iterator value="storkOA.helperAttributes" status="stat"> - <tr><td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].used" value="%{used}" disabled="%{readOnly}" /></td> - <td><s:property value="%{name}" /><s:hidden name="storkOA.helperAttributes[%{#stat.index}].name" value="%{name}" /></td> - <td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td></tr> - </s:iterator> - </table> - </div> - </div> - <div class="oa_config_block"> <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.header", request) %></h3> @@ -390,13 +54,6 @@ <button type="button" class="oa_buttons" onclick="oaSAML1();" id="button_saml1_hidden"> <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.saml1.hidden", request) %> </button> - - <button type="button" class="oa_buttons" onclick="oaVIDP();" id="button_vidp_show"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.vidp.show", request) %> - </button> - <button type="button" style="display:none" class="oa_buttons" onclick="oaVIDP();" id="button_vidp_hidden"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.vidp.hidden", request) %> - </button> </s:if> <button type="button" class="oa_buttons" onclick="oaPVP2();" id="button_pvp2_show"> @@ -412,297 +69,19 @@ <button type="button" style="display:none" class="oa_buttons" onclick="oaOAuth20();" id="button_oauth20_hidden"> <%=LanguageHelper.getGUIString("webpages.oaconfig.menu.oauth20.hidden", request) %> </button> - - <div id="oa_saml1_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4> - - <s:if test="authUser.isAdmin()"> - <s:checkbox name="saml1OA.Active" - value="%{saml1OA.Active}" - labelposition="left" - key="webpages.oaconfig.saml1.isActice" - cssClass="checkbox"> - </s:checkbox> - </s:if> - <s:checkbox name="saml1OA.provideStammZahl" - value="%{saml1OA.provideStammZahl}" - labelposition="left" - key="webpages.oaconfig.saml1.provideStammZahl" - cssClass="checkbox"> - </s:checkbox> - <s:checkbox name="saml1OA.provideAuthBlock" - value="%{saml1OA.provideAuthBlock}" - labelposition="left" - key="webpages.oaconfig.saml1.provideAuthBlock" - cssClass="checkbox"> - </s:checkbox> - <br> - <s:checkbox name="saml1OA.provideIdentityLink" - value="%{saml1OA.provideIdentityLink}" - labelposition="left" - key="webpages.oaconfig.saml1.provideIdentityLink" - cssClass="checkbox"> - </s:checkbox> - <s:checkbox name="saml1OA.provideCertificate" - value="%{saml1OA.provideCertificate}" - labelposition="left" - key="webpages.oaconfig.saml1.provideCertificate" - cssClass="checkbox"> - </s:checkbox> - <s:checkbox name="saml1OA.provideFullMandateData" - value="%{saml1OA.provideFullMandateData}" - labelposition="left" - key="webpages.oaconfig.saml1.provideFullMandateData" - cssClass="checkbox"> - </s:checkbox> -<%-- <br> - <br> - <br> - <s:checkbox name="saml1OA.useCondition" - value="%{saml1OA.useCondition}" - labelposition="left" - key="webpages.oaconfig.saml1.useCondition" - cssClass="checkbox"> - </s:checkbox> - <s:textfield name="saml1OA.conditionLength" - value="%{saml1OA.conditionLength}" - labelposition="left" - key="webpages.oaconfig.saml1.conditionLength" - cssClass="textfield_short"> - </s:textfield> --%> - - </div> - - <div id="oa_pvp2_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4> - - <s:checkbox key="webpages.oaconfig.pvp2.reload" - labelposition="left" - cssClass="checkbox" - name="pvp2OA.reLoad"></s:checkbox> - - <s:textfield name="pvp2OA.metaDataURL" - value="%{pvp2OA.metaDataURL}" - labelposition="left" - key="webpages.oaconfig.pvp2.metaDataURL" - cssClass="textfield_long"> - </s:textfield> - - <s:label key="webpages.oaconfig.pvp2.certifcate.info" value="%{pvp2OA.certificateDN}"/> - - <div id="pvp2_certificate_upload"> - <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file> - </div> - </div> - - <div id="oa_oauth20_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4> - - <s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/> - - <s:label key="webpages.oaconfig.oauth20.clientSecret" value="%{oauth20OA.clientSecret}"/> - - <s:textfield name="oauth20OA.redirectUri" - value="%{oauth20OA.redirectUri}" - labelposition="left" - key="webpages.oaconfig.oauth20.redirectUri" - cssClass="textfield_long"> - </s:textfield> - </div> - - - <div id="oa_vidp_area" class="oa_protocol_area"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h4> - - <p><s:checkbox name="storkOA.vidpEnabled" - value="%{storkOA.vidpEnabled}" - labelposition="left" - key="webpages.oaconfig.vidp.enabled" - cssClass="checkbox" - id="OAuseVidp" /></p> - - <p><s:checkbox name="storkOA.requireConsent" - value="%{storkOA.requireConsent}" - labelposition="left" - key="webpages.oaconfig.vidp.requireconsent" - cssClass="checkbox" - id="OArequireConsent" /></p> - <h5><%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %></h5> - <table id="stork_aplist"> - <tr><th>AP Plugin</th><th>URL</th><th>Attribute (CSV)</th></tr> - <s:iterator value="storkOA.attributeProviderPlugins" status="stat"> - <tr><td><s:select name="storkOA.attributeProviderPlugins[%{#stat.index}].name" value="%{name}" list="%{storkOA.availableAttributeProviderPlugins}"/></td> - <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].url" value="%{url}" cssClass="textfield_mail"/></td> - <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].attributes" value="%{attributes}" cssClass="textfield_mail"/></td> - <td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr> - </s:iterator> - </table> - <input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.new", request) %>" onclick='newAp();' /> - - </div> - </div> - <div class="oa_config_block"> - <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3> - -<%-- <s:checkbox name="generalOA.calculateHPI" - value="%{generalOA.calculateHPI}" - labelposition="left" - key="webpages.oaconfig.general.aditional.calculateHPI" - cssClass="textfield_long"> - </s:checkbox> --%> - - <s:checkbox name="generalOA.HideBPKAuthBlock" - value="%{generalOA.HideBPKAuthBlock}" - labelposition="left" - key="webpages.oaconfig.general.isHideBPKAuthBlock" - cssClass="checkbox"> - </s:checkbox> + <s:include value="snippets/OA/saml1.jsp"></s:include> + + <s:include value="snippets/OA/pvp2.jsp"> + <s:param name="hideBlock">hidden</s:param> + </s:include> - <s:if test="authUser.isAdmin()"> - <s:textarea name="generalOA.aditionalAuthBlockText" - value="%{generalOA.aditionalAuthBlockText}" - labelposition="left" - key="webpages.oaconfig.general.aditional.authblocktext" - cssClass="textfield_large"> - </s:textarea> - - - <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_show"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.show", request) %> - </button> - <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_hidden"> - <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %> - </button> - - <div id="formcustom_area" class="oa_protocol_area hidden"> - <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4> - - <div id="formCustomValues"> - <s:textfield name="formOA.backGroundColor" - value="%{formOA.backGroundColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.backgroundcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("MAIN_BACKGOUNDCOLOR")' - id="MAIN_BACKGOUNDCOLOR"> - </s:textfield> - <s:textfield name="formOA.frontColor" - value="%{formOA.frontColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.frontcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("MAIN_COLOR")' - id="MAIN_COLOR"> - </s:textfield> - - <s:textfield name="formOA.header_BackGroundColor" - value="%{formOA.header_BackGroundColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.backgroundcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("HEADER_BACKGROUNDCOLOR")' - id="HEADER_BACKGROUNDCOLOR"> - </s:textfield> - <s:textfield name="formOA.header_FrontColor" - value="%{formOA.header_FrontColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.frontcolor" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("HEADER_COLOR")' - id="HEADER_COLOR"> - </s:textfield> - <s:textfield name="formOA.header_text" - value="%{formOA.header_text}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.text" - cssClass="textfield_middle" - onchange='updateBKUFormPreview("HEADER_TEXT")' - id="HEADER_TEXT"> - </s:textfield> - - <%-- <s:textfield name="formOA.button_BackGroundColor" - value="%{formOA.button_BackGroundColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.button.background" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR")' - id="BUTTON_BACKGROUNDCOLOR"> - </s:textfield> - <s:textfield name="formOA.button_BackGroundColorFocus" - value="%{formOA.button_BackGroundColorFocus}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.button.background.focus" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR_FOCUS")' - id="BUTTON_BACKGROUNDCOLOR_FOCUS"> - </s:textfield> - <s:textfield name="formOA.button_FrontColor" - value="%{formOA.button_FrontColor}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.button.front" - cssClass="textfield_middle colorfield" - onchange='updateBKUFormPreview("BUTTON_COLOR")' - id="BUTTON_COLOR"> - </s:textfield> --%> - - <s:select list="formOA.appletRedirectTargetList" - key="webpages.oaconfig.general.BKUSelection.redirectTarget" - labelposition="left" - cssClass="selectfield" - value="%{formOA.appletRedirectTarget}" - name="formOA.appletRedirectTarget"> - </s:select> - - <s:textfield name="formOA.applet_height" - value="%{formOA.applet_height}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.applet.height" - cssClass="textfield_middle" - id="HEADER_HEIGHT"> - </s:textfield> - - <s:textfield name="formOA.applet_width" - value="%{formOA.applet_width}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.header.applet.width" - cssClass="textfield_middle" - id="HEADER_WIDTH"> - </s:textfield> - - <s:select list="formOA.fontTypeList" - key="webpages.oaconfig.general.BKUSelection.fonttype.list" - labelposition="left" - cssClass="selectfield" - value="%{formOA.fontType}" - name="formOA.fontTypeListValue" - id="fontTypeList" - onchange='$("#FONTTYPE").val($("#fontTypeList").val());updateBKUFormPreview("FONTTYPE");'> - </s:select> - - <s:textfield name="formOA.fontType" - value="%{formOA.fontType}" - labelposition="left" - key="webpages.oaconfig.general.BKUSelection.fonttype" - cssClass="textfield_mail" - onchange='updateBKUFormPreview("FONTTYPE")' - id="FONTTYPE"> - </s:textfield> - </div> - - <div id="formCustomPreview"> - <iframe scrolling="none" - title="BKUForm Preview" - height="260" - width="250"> - </iframe> - </div> - - </div> - </s:if> + <s:include value="snippets/OA/openIDConnect.jsp"></s:include> </div> + + <s:include value="snippets/OA/formCustomization.jsp"></s:include> <s:hidden name="formID" value="%{formID}"></s:hidden> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp new file mode 100644 index 000000000..3e7404dfc --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/idplist.jsp @@ -0,0 +1,60 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="../snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <s:if test="authUser.isAdmin()"> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.interfederation.list.header", request) %></h3> + <s:include value="../snippets/oas_list.jsp"> + <s:param name="editAction">loadIDP</s:param> + </s:include> + </div> + <br> + <br> + <div id="button_area"> + <h3><%=LanguageHelper.getGUIString("webpages.interfederation.new.header", request) %></h3> + <s:form action="newIDP" namespace="/secure" method="POST" > + <s:hidden name="interfederationType" value="-MOAIDP"></s:hidden> + <s:submit key="webpages.interfederation.new.moaid"/> + </s:form> + <s:form action="newIDP" namespace="/secure" method="POST" > + <s:hidden name="interfederationType" value="-VIDP"></s:hidden> + <s:submit key="webpages.interfederation.new.vidp"/> + </s:form> + </div> + + + </s:if> + + </div> + + <jsp:include page="../snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp new file mode 100644 index 000000000..f0d0671bf --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/moa_idp.jsp @@ -0,0 +1,66 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body> + + <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="../snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <s:if test="authUser.isAdmin()"> + <div id="list_area"> + <h2><%=LanguageHelper.getGUIString("webpages.interfederation.header", request) %></h2> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + <s:include value="../snippets/OA/generalInformation.jsp"></s:include> + + <s:include value="../snippets/OA/interfederation.jsp"></s:include> + + <s:include value="../snippets/OA/pvp2.jsp"> + <s:param name="hideBlock">""</s:param> + </s:include> + + <s:hidden name="formID" value="%{formID}"></s:hidden> + <s:hidden name="interfederationType" value="%{interfederationType}"></s:hidden> + + + <div id="button_area"> + <s:submit key="webpages.edit.back" action="cancleandbackIDP"/> + <s:submit key="webpages.edit.save" action="saveMOAIDP"/> + <s:if test="!isNewOA()"> + <s:submit key="webpages.edit.delete" action="deleteIDP"/> + </s:if> + </div> + + </s:form> + + </div> + </s:if> + + </div> + + <jsp:include page="../snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp new file mode 100644 index 000000000..3a5dd68c9 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/interfederation/vidp.jsp @@ -0,0 +1,70 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> + +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <link rel="stylesheet" type="text/css" href="../css/index.css"> + <title><%=LanguageHelper.getGUIString("title", request) %></title> + <script type="text/javascript" src="../js/common.js"></script> + <script src="../js/jquery.js"></script> + </head> + + <body onload="oaOnLoad()"> + + <jsp:include page="../snippets/header_userinfos.jsp"></jsp:include> + + <jsp:include page="../snippets/main_menu.jsp"></jsp:include> + + <div id="information_area"> + <s:if test="hasActionErrors()"> + <div id="error_area"> + <label><%=LanguageHelper.getGUIString("error.title", request) %></label> + <s:actionerror/> + </div> + </s:if> + + <s:if test="authUser.isAdmin()"> + <div id="list_area"> + <h2><%=LanguageHelper.getGUIString("webpages.interfederation.header", request) %></h2> + + <s:form namespace="/secure" method="POST" enctype="multipart/form-data"> + + <s:include value="../snippets/OA/generalInformation.jsp"></s:include> + + <s:include value="../snippets/OA/targetConfiguration.jsp"></s:include> + + <s:include value="../snippets/OA/authentication.jsp"></s:include> + + <s:include value="../snippets/OA/vidp.jsp"> + <s:param name="hideBlock"></s:param> + </s:include> + + <s:include value="../snippets/OA/formCustomization.jsp"></s:include> + + <s:hidden name="formID" value="%{formID}"></s:hidden> + <s:hidden name="interfederationType" value="%{interfederationType}"></s:hidden> + + + <div id="button_area"> + <s:submit key="webpages.edit.back" action="cancleandbackIDP"/> + <s:submit key="webpages.edit.save" action="saveVIDP"/> + <s:if test="!isNewOA()"> + <s:submit key="webpages.edit.delete" action="deleteIDP"/> + </s:if> + </div> + + </s:form> + + </div> + </s:if> + + </div> + + <jsp:include page="../snippets/footer.jsp"></jsp:include> + + </body> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp index 11953ec86..bad50262d 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/listOAs.jsp @@ -27,7 +27,9 @@ </div> </s:if> - <jsp:include page="snippets/oas_list.jsp"></jsp:include> + <s:include value="snippets/oas_list.jsp"> + <s:param name="editAction">loadOA</s:param> + </s:include> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp new file mode 100644 index 000000000..a659104ed --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp @@ -0,0 +1,97 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + + <s:if test="authUser.isAdmin()"> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.header", request) %></h3> + + <s:textfield name="authOA.bkuOnlineURL" + value="%{authOA.bkuOnlineURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.online" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="authOA.bkuHandyURL" + value="%{authOA.bkuHandyURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.handy" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="authOA.bkuLocalURL" + value="%{authOA.bkuLocalURL}" + labelposition="left" + key="webpages.oaconfig.general.bku.local" + cssClass="textfield_long"> + </s:textfield> + + <s:radio list="authOA.keyBoxIdentifierList" + name="authOA.keyBoxIdentifier" + value="%{authOA.keyBoxIdentifier}" + labelposition="left" + key="webpages.oaconfig.general.bku.keyboxidentifier" + cssClass="radio"> + </s:radio> + <s:checkbox name="authOA.legacy" + value="%{authOA.legacy}" + labelposition="left" + key="webpages.oaconfig.general.bku.legacy" + cssClass="checkbox" + onclick="oaLegacyService();" + id="OAislegacy"> + </s:checkbox> + <div id="oa_config_sltemplates"> + <s:textfield name="authOA.SLTemplateURL1" + value="%{authOA.SLTemplateURL1}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.first" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="authOA.SLTemplateURL2" + value="%{authOA.SLTemplateURL2}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.second" + cssClass="textfield_long"> + </s:textfield> + <s:textfield name="authOA.SLTemplateURL3" + value="%{authOA.SLTemplateURL3}" + labelposition="left" + key="webpages.oaconfig.general.bku.sltemplate.third" + cssClass="textfield_long"> + </s:textfield> + </div> + </div> + </s:if> + + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.mandate.header", request) %></h3> + + + <s:checkbox name="authOA.useMandates" + value="%{authOA.useMandates}" + labelposition="left" + key="webpages.oaconfig.general.mandate.usemandate" + cssClass="checkbox"> + </s:checkbox> + + <s:textfield name="authOA.mandateProfiles" + value="%{authOA.mandateProfiles}" + labelposition="left" + key="webpages.oaconfig.general.mandate.profiles" + cssClass="textfield_long"> + </s:textfield> + + <s:checkbox name="formOA.onlyMandateAllowed" + value="%{formOA.onlyMandateAllowed}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.isOnlyMandateLoginAllowed" + cssClass="checkbox"> + </s:checkbox> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp new file mode 100644 index 000000000..ba7dc2cc4 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/blank.jsp @@ -0,0 +1,8 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp new file mode 100644 index 000000000..008a8b521 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/formCustomization.jsp @@ -0,0 +1,209 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.aditional.header", request) %></h3> + +<%-- <s:checkbox name="generalOA.calculateHPI" + value="%{generalOA.calculateHPI}" + labelposition="left" + key="webpages.oaconfig.general.aditional.calculateHPI" + cssClass="textfield_long"> + </s:checkbox> --%> + + <s:checkbox name="formOA.HideBPKAuthBlock" + value="%{formOA.HideBPKAuthBlock}" + labelposition="left" + key="webpages.oaconfig.general.isHideBPKAuthBlock" + cssClass="checkbox"> + </s:checkbox> + + <s:if test="authUser.isAdmin()"> + <s:textarea name="formOA.aditionalAuthBlockText" + value="%{formOA.aditionalAuthBlockText}" + labelposition="left" + key="webpages.oaconfig.general.aditional.authblocktext" + cssClass="textfield_large"> + </s:textarea> + + <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_show"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.show", request) %> + </button> + <button type="button" class="oa_buttons" onclick="oaFormCustom();" id="formcustom_button_hidden"> + <%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.button.hidden", request) %> + </button> + + <div id="formcustom_area" class="oa_protocol_area hidden"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.BKUSelection.header", request) %></h4> + + <div id="formCustomValues"> + <s:textfield name="formOA.backGroundColor" + value="%{formOA.backGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.backgroundcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("MAIN_BACKGOUNDCOLOR")' + id="MAIN_BACKGOUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.frontColor" + value="%{formOA.frontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.frontcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("MAIN_COLOR")' + id="MAIN_COLOR"> + </s:textfield> + + <s:textfield name="formOA.header_BackGroundColor" + value="%{formOA.header_BackGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.backgroundcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("HEADER_BACKGROUNDCOLOR")' + id="HEADER_BACKGROUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.header_FrontColor" + value="%{formOA.header_FrontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.frontcolor" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("HEADER_COLOR")' + id="HEADER_COLOR"> + </s:textfield> + <s:textfield name="formOA.header_text" + value="%{formOA.header_text}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.text" + cssClass="textfield_middle" + onchange='updateBKUFormPreview("HEADER_TEXT")' + id="HEADER_TEXT"> + </s:textfield> + + <%-- <s:textfield name="formOA.button_BackGroundColor" + value="%{formOA.button_BackGroundColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.background" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR")' + id="BUTTON_BACKGROUNDCOLOR"> + </s:textfield> + <s:textfield name="formOA.button_BackGroundColorFocus" + value="%{formOA.button_BackGroundColorFocus}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.background.focus" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_BACKGROUNDCOLOR_FOCUS")' + id="BUTTON_BACKGROUNDCOLOR_FOCUS"> + </s:textfield> + <s:textfield name="formOA.button_FrontColor" + value="%{formOA.button_FrontColor}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.button.front" + cssClass="textfield_middle colorfield" + onchange='updateBKUFormPreview("BUTTON_COLOR")' + id="BUTTON_COLOR"> + </s:textfield> --%> + + <s:select list="formOA.appletRedirectTargetList" + key="webpages.oaconfig.general.BKUSelection.redirectTarget" + labelposition="left" + cssClass="selectfield" + value="%{formOA.appletRedirectTarget}" + name="formOA.appletRedirectTarget"> + </s:select> + + <s:textfield name="formOA.applet_height" + value="%{formOA.applet_height}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.applet.height" + cssClass="textfield_middle" + id="HEADER_HEIGHT"> + </s:textfield> + + <s:textfield name="formOA.applet_width" + value="%{formOA.applet_width}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.header.applet.width" + cssClass="textfield_middle" + id="HEADER_WIDTH"> + </s:textfield> + + <s:select list="formOA.fontTypeList" + key="webpages.oaconfig.general.BKUSelection.fonttype.list" + labelposition="left" + cssClass="selectfield" + value="%{formOA.fontType}" + name="formOA.fontTypeListValue" + id="fontTypeList" + onchange='$("#FONTTYPE").val($("#fontTypeList").val());updateBKUFormPreview("FONTTYPE");'> + </s:select> + + <s:textfield name="formOA.fontType" + value="%{formOA.fontType}" + labelposition="left" + key="webpages.oaconfig.general.BKUSelection.fonttype" + cssClass="textfield_mail" + onchange='updateBKUFormPreview("FONTTYPE")' + id="FONTTYPE"> + </s:textfield> + </div> + + <div id="formCustomPreview"> + <iframe scrolling="none" + title="BKUForm Preview" + height="260" + width="250"> + </iframe> + </div> + + </div> + + <div class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.bkuselection.header", request) %></h4> + <s:iterator value="%{formOA.bkuSelectionFileUploadFileName}" var="fileNameBKU"> + <div class="floatClass"> + <s:label key="webpages.oaconfig.general.bku.bkuselection.filename" value="%{fileNameBKU}"/> + <s:checkbox key="webpages.oaconfig.general.bku.delete" + labelposition="left" + cssClass="checkbox" + name="formOA.deleteBKUTemplate"></s:checkbox> + </div> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> + </div> + </s:iterator> + <s:if test="formOA.bkuSelectionFileUploadFileName.size() == 0"> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.bkuSelectionFileUpload" key="webpages.oaconfig.general.bku.bkuselection.upload" cssClass="textfield_long"></s:file> + </div> + </s:if> + </div> + <div class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.general.bku.sendassertion.header", request) %></h4> + <s:iterator value="%{formOA.sendAssertionFileUploadFileName}" var="fileNameBKU"> + <div class="floatClass"> + <s:label key="webpages.oaconfig.general.bku.sendassertion.filename" + value="%{fileNameBKU}"/> + <s:checkbox key="webpages.oaconfig.general.bku.delete" + labelposition="left" + cssClass="checkbox" + name="formOA.deleteSendAssertionTemplate"></s:checkbox> + </div> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> + </div> + </s:iterator> + <s:if test="formOA.sendAssertionFileUploadFileName.size() == 0"> + <div id="pvp2_certificate_upload"> + <s:file name="formOA.sendAssertionFileUpload" key="webpages.oaconfig.general.bku.sendassertion.upload" cssClass="textfield_long"></s:file> + </div> + </s:if> + </div> + + </s:if> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp new file mode 100644 index 000000000..ade5bb185 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/generalInformation.jsp @@ -0,0 +1,43 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + + <div class="oa_config_block"> + + <s:if test="authUser.isAdmin()"> + <s:checkbox name="generalOA.Active" + value="%{generalOA.Active}" + labelposition="left" + key="webpages.oaconfig.general.isActive" + cssClass="checkbox"> + </s:checkbox> + </s:if> + + <s:textfield name="generalOA.identifier" + value="%{generalOA.identifier}" + labelposition="left" + key="webpages.oaconfig.general.identification" + cssClass="textfield_long"> + </s:textfield> + + <s:textfield name="generalOA.friendlyName" + value="%{generalOA.friendlyName}" + labelposition="left" + key="webpages.oaconfig.general.friendlyname" + cssClass="textfield_long"> + </s:textfield> + + <s:checkbox name="generalOA.businessService" + value="%{generalOA.businessService}" + labelposition="left" + key="webpages.oaconfig.general.isbusinessservice" + cssClass="checkbox" + onclick="oaBusinessService();" + id="OAisbusinessservice" + > + </s:checkbox> + + </div> +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp new file mode 100644 index 000000000..97d21bcb4 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/interfederation.jsp @@ -0,0 +1,33 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_pvp2_area" class="oa_protocol_area"> + <h4><%=LanguageHelper.getGUIString("webpages.inderfederation.moaid.header", request) %></h4> + + <s:checkbox key="webpages.inderfederation.moaid.inboundSSO" + labelposition="left" + cssClass="checkbox" + name="moaIDP.inboundSSO"></s:checkbox> + + <s:checkbox key="webpages.inderfederation.moaid.outboundSSO" + labelposition="left" + cssClass="checkbox" + name="moaIDP.outboundSSO"></s:checkbox> + + <s:checkbox key="webpages.inderfederation.moaid.storeSSOSession" + labelposition="left" + cssClass="checkbox" + name="moaIDP.storeSSOSession"></s:checkbox> + + <s:textfield name="moaIDP.queryURL" + value="%{moaIDP.queryURL}" + labelposition="left" + key="webpages.inderfederation.moaid.attributQueryURL" + cssClass="textfield_long"> + </s:textfield> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp new file mode 100644 index 000000000..a9b1f88a2 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/openIDConnect.jsp @@ -0,0 +1,21 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_oauth20_area" class="oa_protocol_area hidden"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.oauth20.header", request) %></h4> + + <s:label key="webpages.oaconfig.oauth20.clientId" value="%{oauth20OA.clientId}"/> + + <s:label key="webpages.oaconfig.oauth20.clientSecret" value="%{oauth20OA.clientSecret}"/> + + <s:textfield name="oauth20OA.redirectUri" + value="%{oauth20OA.redirectUri}" + labelposition="left" + key="webpages.oaconfig.oauth20.redirectUri" + cssClass="textfield_long"> + </s:textfield> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp new file mode 100644 index 000000000..398e6d110 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/pvp2.jsp @@ -0,0 +1,28 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_pvp2_area" class="oa_protocol_area ${param.hideBlock}"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.pvp2.header", request) %></h4> + + <s:checkbox key="webpages.oaconfig.pvp2.reload" + labelposition="left" + cssClass="checkbox" + name="pvp2OA.reLoad"></s:checkbox> + + <s:textfield name="pvp2OA.metaDataURL" + value="%{pvp2OA.metaDataURL}" + labelposition="left" + key="webpages.oaconfig.pvp2.metaDataURL" + cssClass="textfield_long"> + </s:textfield> + + <s:label key="webpages.oaconfig.pvp2.certifcate.info" value="%{pvp2OA.certificateDN}"/> + + <div id="pvp2_certificate_upload"> + <s:file name="pvp2OA.fileUpload" key="webpages.oaconfig.pvp2.certifcate" cssClass="textfield_long"></s:file> + </div> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp new file mode 100644 index 000000000..4fd02aa61 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/saml1.jsp @@ -0,0 +1,66 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_saml1_area" class="oa_protocol_area hidden"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.protocols.saml1.header", request) %></h4> + + <s:if test="authUser.isAdmin()"> + <s:checkbox name="saml1OA.Active" + value="%{saml1OA.Active}" + labelposition="left" + key="webpages.oaconfig.saml1.isActice" + cssClass="checkbox"> + </s:checkbox> + </s:if> + <s:checkbox name="saml1OA.provideStammZahl" + value="%{saml1OA.provideStammZahl}" + labelposition="left" + key="webpages.oaconfig.saml1.provideStammZahl" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideAuthBlock" + value="%{saml1OA.provideAuthBlock}" + labelposition="left" + key="webpages.oaconfig.saml1.provideAuthBlock" + cssClass="checkbox"> + </s:checkbox> + <br> + <s:checkbox name="saml1OA.provideIdentityLink" + value="%{saml1OA.provideIdentityLink}" + labelposition="left" + key="webpages.oaconfig.saml1.provideIdentityLink" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideCertificate" + value="%{saml1OA.provideCertificate}" + labelposition="left" + key="webpages.oaconfig.saml1.provideCertificate" + cssClass="checkbox"> + </s:checkbox> + <s:checkbox name="saml1OA.provideFullMandateData" + value="%{saml1OA.provideFullMandateData}" + labelposition="left" + key="webpages.oaconfig.saml1.provideFullMandateData" + cssClass="checkbox"> + </s:checkbox> +<%-- <br> + <br> + <br> + <s:checkbox name="saml1OA.useCondition" + value="%{saml1OA.useCondition}" + labelposition="left" + key="webpages.oaconfig.saml1.useCondition" + cssClass="checkbox"> + </s:checkbox> + <s:textfield name="saml1OA.conditionLength" + value="%{saml1OA.conditionLength}" + labelposition="left" + key="webpages.oaconfig.saml1.conditionLength" + cssClass="textfield_short"> + </s:textfield> --%> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp new file mode 100644 index 000000000..f39668bd5 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/sso.jsp @@ -0,0 +1,39 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.sso.header", request) %></h3> + + <s:checkbox name="ssoOA.useSSO" + value="%{ssoOA.useSSO}" + labelposition="left" + key="webpages.oaconfig.sso.usesso" + cssClass="checkbox" + onclick="oaSSOService();" + id="OAuseSSO"> + </s:checkbox> + + <div id="sso_bock"> + <s:if test="authUser.isAdmin()"> + <s:checkbox name="ssoOA.showAuthDataFrame" + value="%{ssoOA.showAuthDataFrame}" + labelposition="left" + key="webpages.oaconfig.sso.useauthdataframe" + cssClass="checkbox" + onclick="oaBusinessService();"> + </s:checkbox> + </s:if> + +<%--TODO: insert if SLO is implemented!!!--%> +<%-- <s:textfield name="ssoOA.singleLogOutURL" + value="%{ssoOA.singleLogOutURL}" + labelposition="left" + key="webpages.oaconfig.sso.singlelogouturl" + cssClass="textfield_long"> + </s:textfield> --%> + </div> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp new file mode 100644 index 000000000..f1853dbeb --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/stork.jsp @@ -0,0 +1,38 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h3> + + <s:checkbox name="storkOA.storkLogonEnabled" + value="%{storkOA.storkLogonEnabled}" + labelposition="left" + key="webpages.oaconfig.stork.usestork" + cssClass="checkbox" + onclick="oaStork();" + id="OAuseSTORKLogon" /> + <div id="stork_block"> + <s:select list="#{1:'1', 2:'2', 3:'3', 4:'4'}" + value="#{storkOA.qaa}" + name="storkOA.qaa" + key="webpages.moaconfig.stork.qaa" + labelposition="left" /> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.enabledcpeps", request) %></h4> + <s:checkboxlist name="storkOA.enabledCitizenCountries" list="storkOA.availableCitizenCountries" value="storkOA.enabledCitizenCountries" /> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.header", request) %></h4> + <table> + <tr><th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.used", request) %></th> + <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.name", request) %></th> + <th><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.attributes.mandatory", request) %></th></tr> + <s:iterator value="storkOA.helperAttributes" status="stat"> + <tr><td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].used" value="%{used}" disabled="%{readOnly}" /></td> + <td><s:property value="%{name}" /><s:hidden name="storkOA.helperAttributes[%{#stat.index}].name" value="%{name}" /></td> + <td><s:checkbox name="storkOA.helperAttributes[%{#stat.index}].mandatory" value="%{mandatory}" /></td></tr> + </s:iterator> + </table> + </div> + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp new file mode 100644 index 000000000..261966a86 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -0,0 +1,115 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_config_businessservice" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.business.header", request) %></h3> + + <s:select list="targetConfig.identificationTypeList" + key="webpages.oaconfig.general.business.value" + labelposition="left" + cssClass="selectfield" + value="%{targetConfig.identificationType}" + name="targetConfig.identificationType" + disabled="%{isDeaktivededBusinessService()}"> + </s:select> + + <s:textfield name="targetConfig.identificationNumber" + value="%{targetConfig.identificationNumber}" + cssClass="textfield_middle" + disabled="%{isDeaktivededBusinessService()}"> + </s:textfield> + </div> + + <s:if test="!isOnlyBusinessService()"> + <div id="oa_config_publicservice" class="oa_config_block"> + <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.general.public.header", request) %></h3> + + <s:if test="authUser.isAdmin()"> + <s:select list="targetConfig.targetList" + key="webpages.oaconfig.general.target" + labelposition="left" + cssClass="selectfield" + value="%{targetConfig.target}" + name="targetConfig.target" + onchange="HideAdminTarget();"> + </s:select> + </s:if> + <s:else> + <s:select list="targetConfig.targetList" + key="webpages.oaconfig.general.target" + labelposition="left" + cssClass="selectfield" + value="%{targetConfig.target}" + name="targetConfig.target"> + </s:select> + </s:else> + + <s:checkbox name="subTargetSet" + value="%{subTargetSet}" + labelposition="left" + key="webpages.oaconfig.general.target.subsector.checkbox" + cssClass="checkbox" + onclick="oaTargetSubSector();" + id="OAisTargetSubSector"> + </s:checkbox> + + <s:textfield name="targetConfig.target_subsector" + value="%{targetConfig.target_subsector}" + labelposition="left" + key="webpages.oaconfig.general.target.subsector" + cssClass="selectfield" + id="OAtarget_subsector"> + </s:textfield> + + + <s:if test="authUser.isAdmin()"> + <s:checkbox + name="targetConfig.AdminTarget" + value="%{targetConfig.AdminTarget}" + cssClass="checkbox" + onclick="AdminTarget();" + labelposition="left" + key="webpages.oaconfig.general.target.admin.checkbox" + id="adminTarget"> + </s:checkbox> + + <div id="admin_target_area"> + <s:textfield name="targetConfig.target_admin" + value="%{targetConfig.target_admin}" + labelposition="left" + key="webpages.oaconfig.general.target.admin" + cssClass="textfield_short"> + </s:textfield> + <s:textfield name="targetConfig.targetFriendlyName" + value="%{targetConfig.targetFriendlyName}" + labelposition="left" + key="webpages.oaconfig.general.target.friendlyname" + cssClass="textfield_long"> + </s:textfield> + </div> + </s:if> + <s:else> + <s:if test="targetConfig.target_admin neq null"> + <s:textfield name="targetConfig.target_admin" + value="%{targetConfig.target_admin}" + labelposition="left" + key="webpages.oaconfig.general.target.admin.disabled" + cssClass="textfield_short" + disabled="true"> + </s:textfield> + </s:if> + <%-- <s:if test="targetConfig.targetFriendlyName neq null"> + <s:textfield name="targetConfig.targetFriendlyName" + value="%{targetConfig.targetFriendlyName}" + labelposition="left" + key="webpages.oaconfig.general.target.friendlyname.disabled" + cssClass="textfield_long"> + </s:textfield> + </s:if> --%> + </s:else> + </div> + </s:if> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp new file mode 100644 index 000000000..e8f1c86d3 --- /dev/null +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/vidp.jsp @@ -0,0 +1,36 @@ +<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> +<%@ taglib prefix="s" uri="/struts-tags" %> + +<html> + <div id="oa_vidp_area" class="oa_protocol_area ${param.hideBlock}"> + <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.stork.header", request) %></h4> + + <p><s:checkbox name="storkOA.vidpEnabled" + value="%{storkOA.vidpEnabled}" + labelposition="left" + key="webpages.oaconfig.vidp.enabled" + cssClass="checkbox" + id="OAuseVidp" /></p> + + <p><s:checkbox name="storkOA.requireConsent" + value="%{storkOA.requireConsent}" + labelposition="left" + key="webpages.oaconfig.vidp.requireconsent" + cssClass="checkbox" + id="OArequireConsent" /></p> + <h5><%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.list", request) %></h5> + <table id="stork_aplist"> + <tr><th>AP Plugin</th><th>URL</th><th>Attribute (CSV)</th></tr> + <s:iterator value="storkOA.attributeProviderPlugins" status="stat"> + <tr><td><s:select name="storkOA.attributeProviderPlugins[%{#stat.index}].name" value="%{name}" list="%{storkOA.availableAttributeProviderPlugins}"/></td> + <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].url" value="%{url}" cssClass="textfield_mail"/></td> + <td><s:textfield name="storkOA.attributeProviderPlugins[%{#stat.index}].attributes" value="%{attributes}" cssClass="textfield_mail"/></td> + <td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.remove", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr> + </s:iterator> + </table> + <input type="button" value="<%=LanguageHelper.getGUIString("webpages.oaconfig.vidp.ap.new", request) %>" onclick='newAp();' /> + + </div> + +</html>
\ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp index 4d02f4bda..95d6de912 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/main_menu.jsp @@ -19,6 +19,10 @@ <s:if test="authUser.isAdmin()"> <div class="menu_element"> + <s:url action="listallinterfederationidps" var="interfederationConfig" namespace="/secure"/> + <a href="<s:property value="#interfederationConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.interfederation", request) %></a> + </div> + <div class="menu_element"> <s:url action="loadGeneralConfig" var="generalConfig" namespace="/secure"/> <a href="<s:property value="#generalConfig" />"><%=LanguageHelper.getGUIString("webpages.mainpage.menu.general.config.moaid", request) %></a> </div> diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp index 113e822f8..e2af292d7 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/oas_list.jsp @@ -1,4 +1,5 @@ <%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%> +<%@page import="at.gv.egovernment.moa.id.configuration.data.OAListElement.ServiceType"%> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <%@ taglib prefix="s" uri="/struts-tags" %> @@ -6,6 +7,11 @@ <s:if test="formOAs && formOAs.size > 0"> <div id="list_area"> <div id="listHeader" class="listElement"> + <s:if test="formOAs[0].serviceType != 'OA'"> + <div class="listElInfo"> + <%=LanguageHelper.getGUIString("webpages.listOAs.list.elInfo", request) %> + </div> + </s:if> <div class="listFirst"> <%=LanguageHelper.getGUIString("webpages.listOAs.list.first", request) %> </div> @@ -17,6 +23,11 @@ <s:iterator var="OAelement" value="formOAs"> <div class="listElement" onclick="editOA(<s:property value='dataBaseID'/>);"> + <s:if test="serviceType != 'OA'"> + <div class="listElInfo"> + <s:property value="serviceType"/> + </div> + </s:if> <div class="listFirst"> <s:property value="oaIdentifier"/> </div> @@ -28,7 +39,8 @@ </s:iterator> </div> - <s:form method="POST" id="selectOAForm" action="loadOA" namespace="/secure"> + <s:set var="myUrl">${param.editAction}</s:set> + <s:form method="POST" id="selectOAForm" action="%{#myUrl}" namespace="/secure"> <s:hidden id="selectOAForm_OAID" name="oaidobj"></s:hidden> </s:form> </s:if> diff --git a/id/assembly-auth.xml b/id/assembly-auth.xml index 87a5b6495..370fbc32b 100644 --- a/id/assembly-auth.xml +++ b/id/assembly-auth.xml @@ -1,5 +1,5 @@ <assembly>
- <id>id-auth-${project.version}</id>
+ <id>id-auth-${moa-id-version}</id>
<formats>
<format>dir</format>
@@ -7,7 +7,7 @@ <!-- <format>tar.gz</format> -->
</formats>
- <baseDirectory>moa-id-auth-${project.version}</baseDirectory>
+ <baseDirectory>moa-id-auth-${moa-id-version}</baseDirectory>
<fileSets>
<fileSet>
@@ -43,7 +43,7 @@ <outputDirectory>/</outputDirectory>
<includes>
<include>history.txt</include>
- <include>readme_${project.version}.txt</include>
+ <include>readme_${moa-id-version}.txt</include>
</includes>
</fileSet>
<fileSet>
diff --git a/id/assembly-proxy.xml b/id/assembly-proxy.xml index e9d070f45..d43783e69 100644 --- a/id/assembly-proxy.xml +++ b/id/assembly-proxy.xml @@ -1,5 +1,5 @@ <assembly>
- <id>id-proxy-${project.version}</id>
+ <id>id-proxy-${moa-id-proxy-version}</id>
<formats>
<format>dir</format>
@@ -7,7 +7,7 @@ <!-- <format>tar.gz</format> -->
</formats>
- <baseDirectory>moa-id-proxy-${project.version}</baseDirectory>
+ <baseDirectory>moa-id-proxy-${moa-id-proxy-version}</baseDirectory>
<fileSets>
<fileSet>
@@ -27,7 +27,7 @@ <outputDirectory>/</outputDirectory>
<includes>
<include>history.txt</include>
- <include>readme_${project.version}.txt</include>
+ <include>readme_${moa-id-proxy-version}.txt</include>
</includes>
</fileSet>
<fileSet>
diff --git a/id/oa/pom.xml b/id/oa/pom.xml index b88f560fb..d015d5c83 100644 --- a/id/oa/pom.xml +++ b/id/oa/pom.xml @@ -4,14 +4,14 @@ <parent> <groupId>MOA</groupId> <artifactId>id</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id</groupId> <artifactId>moa-id-oa</artifactId> <packaging>war</packaging> - <version>2.0.1</version> + <version>${demo-oa-version}</version> <name>MOA Sample OA</name> <properties> @@ -34,6 +34,24 @@ <build> <finalName>oa</finalName> <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> @@ -80,12 +98,12 @@ <dependency> <groupId>org.slf4j</groupId> <artifactId>slf4j-api</artifactId> - <version>1.7.5</version> + <version>1.7.6</version> </dependency> <dependency> <groupId>org.slf4j</groupId> - <artifactId>slf4j-simple</artifactId> - <version>1.7.5</version> + <artifactId>slf4j-log4j12</artifactId> + <version>1.7.6</version> </dependency> <dependency> diff --git a/id/pom.xml b/id/pom.xml index 7bf09edfa..78ee829ba 100644 --- a/id/pom.xml +++ b/id/pom.xml @@ -3,13 +3,12 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>id</artifactId> <packaging>pom</packaging> - <version>2.0.1</version> <name>MOA ID</name> <modules> @@ -26,6 +25,24 @@ <build> <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> <plugin> <artifactId>maven-enforcer-plugin</artifactId> <version>1.1.1</version> @@ -58,7 +75,7 @@ </execution> </executions> </plugin> - </plugins> + </plugins> </build> </project> diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml index 618429a8e..cbc147c0a 100644 --- a/id/server/auth/pom.xml +++ b/id/server/auth/pom.xml @@ -2,12 +2,13 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>MOA.id.server</groupId> <artifactId>moa-id-auth</artifactId> + <version>${moa-id-version}</version> <packaging>war</packaging> <name>MOA ID-Auth WebService</name> @@ -27,7 +28,26 @@ <!--sourceDirectory>${basedir}/../idserverlib/src/main/java</sourceDirectory--> <!--testSourceDirectory>${basedir}/../idserverlib/src/test/java</testSourceDirectory--> <plugins> - <plugin> + + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../../../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-war-plugin</artifactId> <version>2.1.1</version> diff --git a/id/server/auth/src/main/resources/log4j.properties b/id/server/auth/src/main/resources/log4j.properties new file mode 100644 index 000000000..ecdfad165 --- /dev/null +++ b/id/server/auth/src/main/resources/log4j.properties @@ -0,0 +1,27 @@ +# commons-logging setup +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory + +# define log4j root loggers +log4j.rootLogger=info, stdout, R +log4j.logger.at.gv.egovernment.moa=info, R +log4j.logger.at.gv.egovernment.moa.spss=info, R +log4j.logger.iaik.server=info, R +log4j.logger.at.gv.egovernment.moa.id=info, R +log4j.logger.at.gv.egovernment.moa.id.proxy=info, R +log4j.logger.eu.stork=info, R +log4j.logger.org.hibernate=warn, R + +# configure the stdout appender +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n + +# configure the rolling file appender (R) +log4j.appender.R=org.apache.log4j.RollingFileAppender +log4j.appender.R.File=${catalina.base}/logs/moa-id.log +log4j.appender.R.MaxFileSize=10000KB +log4j.appender.R.MaxBackupIndex=1 +log4j.appender.R.layout=org.apache.log4j.PatternLayout +log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + diff --git a/id/server/auth/src/main/webapp/Blockdiagramm.png b/id/server/auth/src/main/webapp/Blockdiagramm.png Binary files differindex f5bdb9e3a..1490530ea 100644 --- a/id/server/auth/src/main/webapp/Blockdiagramm.png +++ b/id/server/auth/src/main/webapp/Blockdiagramm.png diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml index 6f451ec79..6da7396a1 100644 --- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml +++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml @@ -48,9 +48,13 @@ <to type="forward">/dispatcher?mod=id_pvp2x&action=Post&%{query-string}</to> </rule> <rule match-type="regex"> - <from>^/PVP2Soap$</from> + <from>^/pvp2/Soap$</from> <to type="forward">/dispatcher?mod=id_pvp2x&action=Soap</to> </rule> + <rule match-type="regex"> + <from>^/pvp2/attributequery$</from> + <to type="forward">/dispatcher?mod=id_pvp2x&action=AttributeQuery</to> + </rule> <rule match-type="regex"> <from>^/stork2/StartAuthentication$</from> diff --git a/id/server/auth/src/main/webapp/anmeldeablauf.png b/id/server/auth/src/main/webapp/anmeldeablauf.png Binary files differindex a6af21c5f..59bdefe62 100644 --- a/id/server/auth/src/main/webapp/anmeldeablauf.png +++ b/id/server/auth/src/main/webapp/anmeldeablauf.png diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html index 32e2eea23..4faff7746 100644 --- a/id/server/auth/src/main/webapp/index.html +++ b/id/server/auth/src/main/webapp/index.html @@ -2,7 +2,7 @@ <html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" >
- <title>MOA-ID 2.0 RC1</title>
+ <title>MOA-ID 2.1.x</title>
<link rel="stylesheet" href="./common/MOA.css" type="text/css">
</head>
<body link="#990000">
@@ -14,7 +14,7 @@ </tr>
</table>
<hr/>
- <p class="title">MOA-ID 2.0.1</p>
+ <p class="title">MOA-ID 2.1.0-RC1</p>
<hr/>
<h1>Inhalt</h1>
<ol>
@@ -40,7 +40,7 @@ <ol>
<li><u>CORE LOGIC</u>: Diese Komponente ist die zentrale Logik zur Steuerung der einzelnen Prozesse innerhalb MOA-ID 2.x.</li>
<li><u>Protocol Adapter</u>: Stellt die in MOA-ID 2.x unterstützten Authentifizierungsprotokolle für die Anbindung von Service Providern zur Verfügung.</li>
- <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterstützte Identifikationsmechanismen zur Verfügung. Dies sind die österreichische Bürgerkarte oder Handy-Signatur sowie die Anmeldung ausländischer Personen mit Hilfe des STORK Protokoll.</li>
+ <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterstützte Identifikationsmechanismen zur Verfügung. Dies sind die österreichische Bürgerkarte oder Handy-Signatur, die Anmeldung ausländischer Personen mit Hilfe des STORK Protokoll oder mittels Single Sign-On von einem weiteren vertrauenswürdigen Identity Provider (Interfederation).</li>
<li><u>Template Generator</u>: Der Template Generator erzeugt für Service Provider die entsprechenden Login-Masken für die Integration in die eigene Web-Applikation.</li>
<li><u>SSO Module</u>: Das Single Sign-On (SSO) Modul verwaltet die zusätzlichen Operationen die sich aus der Umsetzung von SSO ergeben. Dies umfasst im Besonderen das SSO Session-Management.</li>
<li><u>Statistic Module</u>: Dieses Modul dient zur Generierung von anonymisierten Statistikdaten aus den Anmeldeinformationen. </li>
diff --git a/id/server/auth/src/main/webapp/moa_errorcodes.html b/id/server/auth/src/main/webapp/moa_errorcodes.html new file mode 100644 index 000000000..927ad167c --- /dev/null +++ b/id/server/auth/src/main/webapp/moa_errorcodes.html @@ -0,0 +1,329 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> +<head> + <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" > + <title>MOA-ID 2.0.x</title> + <link rel="stylesheet" href="./common/MOA.css" type="text/css"> +</head> +<body> +<h2>Übersicht der möglichen MOA-ID spezifischen Statuscodes +</h2> +<h3><a name="statuscodes_1xxxx" id="allgemeines_zugangspunkte7"></a>1.3.1 Statuscodes 1xxxx</h3> +<p>Alle Statuscodes beginnent mit der Zahl eins beschreiben Fehler welche während des Identifizerungs- und Authentifizierungsvorgangs aufgetreten sind.</p> +<h4><a name="statuscodes_10xxx" id="allgemeines_zugangspunkte11"></a>1.3.1.1 Authentifizierung (10xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="1000" id="allgemeines_zugangspunkte"></a>1000</td> + <td>Anmeldung an der angeforderten Online-Applikation wird nicht unterstützt.</td> + </tr> + <tr> + <td><a name="1001" id="allgemeines_zugangspunkte2"></a>1001</td> + <td>Es ist bereits eine Anmeldung im Gange.</td> + </tr> + <tr> + <td><a name="1002" id="allgemeines_zugangspunkte3"></a>1002</td> + <td>Fehlerhafter Parameter</td> + </tr> + <tr> + <td><a name="1003" id="allgemeines_zugangspunkte4"></a>1003</td> + <td>Anfrage nur über https möglich</td> + </tr> + <tr> + <td><a name="1004" id="allgemeines_zugangspunkte5"></a>1004</td> + <td>Zertifikat konnte nicht ausgelesen werden</td> + </tr> + <tr> + <td><a name="1005" id="allgemeines_zugangspunkte6"></a>1005</td> + <td>Die Authentifizierung wurde durch den Benutzer abgebrochen</td> + </tr> + <tr> + <td><a name="1006" id="allgemeines_zugangspunkte25"></a>1006</td> + <td>Vollmachtsmodus für nicht-öffentlichen Bereich wird nicht unterstützt.</td> + </tr> + <tr> + <td><a name="1007" id="allgemeines_zugangspunkte26"></a>1007</td> + <td>Vollmachtsmodus für ausländische Personen wird nicht unterstützt.</td> + </tr> +</table> +<h4><a name="statuscodes_11xxx" id="allgemeines_zugangspunkte12"></a>1.3.1.2 Validierung (11xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="1100" id="allgemeines_zugangspunkte27"></a>1100</td> + <td>Ungültige MOA SessionID</td> + </tr> + <tr> + <td><a name="1101" id="allgemeines_zugangspunkte28"></a>1101</td> + <td>Fehler beim Parsen eines Parameters</td> + </tr> + <tr> + <td><a name="1102" id="allgemeines_zugangspunkte29"></a>1102</td> + <td>Fehler beim Validieren der Personenbindung</td> + </tr> + <tr> + <td><a name="1103" id="allgemeines_zugangspunkte30"></a>1103</td> + <td>Signatur ungültig</td> + </tr> + <tr> + <td><a name="1104" id="allgemeines_zugangspunkte31"></a>1104</td> + <td>Zertifikat der Personenbindung ungültig</td> + </tr> + <tr> + <td><a name="1105" id="allgemeines_zugangspunkte32"></a>1105</td> + <td>Zertifikat der Signature ungültig</td> + </tr> + <tr> + <td><a name="1106" id="allgemeines_zugangspunkte33"></a>1106</td> + <td>Fehler beim Validieren des AuthBlocks</td> + </tr> + <tr> + <td><a name="1107" id="allgemeines_zugangspunkte34"></a>1107</td> + <td>Fehler beim Validieren eines SSL-Server-Endzertifikates</td> + </tr> + <tr> + <td><a name="1108" id="allgemeines_zugangspunkte35"></a>1108</td> + <td>Fehler beim Validieren der Online Vollmacht.</td> + </tr> + <tr> + <td><a name="1109" id="allgemeines_zugangspunkte36"></a>1109</td> + <td>Fehler beim validieren der SZR-Gateway Response</td> + </tr> +</table> +<h4><a name="statuscodes_12xxx" id="allgemeines_zugangspunkte13"></a>1.3.1.3 STORK (12xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="1200" id="allgemeines_zugangspunkte37"></a>1200</td> + <td>Fehler beim erstellen des STORK Authentifizierungsrequests</td> + </tr> + <tr> + <td><a name="1201" id="allgemeines_zugangspunkte38"></a>1201</td> + <td>Fehler beim validieren der STORK Authentifizierungsresponse</td> + </tr> + <tr> + <td><a name="1202" id="allgemeines_zugangspunkte39"></a>1202</td> + <td>STORK Authentifizierungsresponse antwortet mit einem Fehler</td> + </tr> + <tr> + <td><a name="1203" id="allgemeines_zugangspunkte40"></a>1203</td> + <td>Fehler beim Sammeln von STORK Attributen</td> + </tr> +</table> +<h3><a name="statuscodes_4xxxx" id="allgemeines_zugangspunkte8"></a>1.3.2 Statuscodes 4xxxx</h3> +<p>Alles Statuscodes beginnent mit der Zahl vier beschreiben Fehler die während der Kommunikation mit externen Services aufgetreten sind.</p> +<h4><a name="statuscodes_40xxx" id="allgemeines_zugangspunkte19"></a>1.3.2.1 BKU (40xxxx)</h4> +<p>Tritt während des Anmeldevorgangs in der Bürgerkartenumgebung ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode für Bürgerkartenumgebungsfehler weißt das folgende zweiteilige Format auf. Der erste Teil, bestehend aus zwei Dezimalstellen, kennzeichnet den Fehler als Fehler als Bürgerkartenumgebungsfehler. Der zweite Teil, bestehend aus vier Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehers aus der Bürgerkartenumgebung (<a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/">siehe SecurityLayer Spezifikation</a>). </p> +<p align="right"><em><a name="40" id="allgemeines_zugangspunkte41"></a>{40}{xxxxx}</em></p> +<blockquote> + <p>{40} ... MOA-ID Statuscode für Fehler aus der Bürgerkartenumgebung</p> + <p>{xxxx} .... Fehlercode der Bürgerkartenumgebung.</p> +</blockquote> +<h4><a name="statuscodes_41xxx" id="allgemeines_zugangspunkte20"></a>1.3.2.2 MIS (41xxxx)</h4> +<p>Tritt während der Kommunikation mit dem Online-Vollmachten Service oder der Vollmachtsauswahl ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode für Fehler aus dem Online-Vollmachten Service weißt das folgende zweiteilige Format auf. Der erste Teil, bestehend aus drei Dezimalstellen, kennzeichnet den Fehler als Fehler als Online-Vollmachten Service Fehler. Der zweite Teil, bestehend aus drei Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehlers aus dem Online-Vollmachten Service (<a href="http://reference.e-government.gv.at/AG-II-Architektur-mis-1-1-0.2890.0.html">siehe Online-Vollmachten Spezifikation</a>). </p> +<p><em><a name="41" id="allgemeines_zugangspunkte42"></a>{411}{xxxx}</em></p> +<blockquote> + <p>{411} ... MOA-ID Statuscode für Fehler aus dem Online-Vollmachten Service.</p> + <p>{xxx} .... Fehlercode des Online-Vollmachten Service.</p> +</blockquote> +<p>Zusätzlich zu den gemappeden Fehlern aus dem Online-Vollmachen Service werden zusätzliche weitere Fehlercodes definiert.</p> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>41000</td> + <td>Das Online-Vollmachten Service ist nicht erreichbar</td> + </tr> + <tr> + <td>41001</td> + <td>Allgemeiner Fehler bei der Kommunikation mit dem Online-Vollmachten Service</td> + </tr> +</table> +<h4><a name="statuscodes_42xxx" id="allgemeines_zugangspunkte21"></a>1.3.2.3 SZR-Gateway (42xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="4200" id="allgemeines_zugangspunkte43"></a>4200</td> + <td>Das SZR-Gateway Service ist nicht erreichbar</td> + </tr> + <tr> + <td><a name="4201" id="allgemeines_zugangspunkte44"></a>4201</td> + <td>Die Antragung in das SZR ist fehlgeschlagen</td> + </tr> +</table> +<h4><a name="statuscodes_43xxx" id="allgemeines_zugangspunkte22"></a>1.3.2.4 MOA SP/SS(43xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="4300" id="allgemeines_zugangspunkte45"></a>4300</td> + <td>Fehler beim Aufruf von MOA SP/SS</td> + </tr> +</table> +<h4><a name="statuscodes_44xxx" id="allgemeines_zugangspunkte23"></a>1.3.2.5 Interfederation (44xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="4400" id="allgemeines_zugangspunkte46"></a>4400</td> + <td>Fehler beim generieren der Anmeldedaten</td> + </tr> +</table> +<h3><a name="statuscodes_6xxxx" id="allgemeines_zugangspunkte9"></a>1.3.3 Statuscodes 6xxxx</h3> +<p>Alles Statuscodes beginnent mit der Zahl sechs beschreiben protokolspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.</p> +<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte24"></a>1.3.3.1 Allgemein (61xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="6000" id="allgemeines_zugangspunkte47"></a>6000</td> + <td>Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterstüzt</td> + </tr> + <tr> + <td><a name="6001" id="allgemeines_zugangspunkte48"></a>6001</td> + <td>Der STORK Request wurde nicht erkannt oder wird nicht unterstüzt</td> + </tr> +</table> +<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte16"></a>1.3.3.2 PVP 2.1 (61xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="6100" id="allgemeines_zugangspunkte49"></a>6100</td> + <td>Fehler beim erstellen der PVP 2.1 Response</td> + </tr> + <tr> + <td><a name="6101" id="allgemeines_zugangspunkte50"></a>6101</td> + <td>Fehler beim verschlüsseln der PVP 2.1 Assertion</td> + </tr> + <tr> + <td><a name="6102" id="allgemeines_zugangspunkte51"></a>6102</td> + <td>Authentifizierung entspricht nicht dem geforderten QAA Level</td> + </tr> + <tr> + <td><a name="6103" id="allgemeines_zugangspunkte52"></a>6103</td> + <td>Für die im Requst angegebene EnityID konnten keine gültigen Metadaten gefunden werden</td> + </tr> + <tr> + <td><a name="6104" id="allgemeines_zugangspunkte53"></a>6104</td> + <td>Die Signatur des Requests konnte nicht gültig validiert werden. Entweder ist die Signatur ungültig oder das Signaturzertifikat stimmt nicht mit dem in den Metadaten hinterlegten Zertifikat überein.</td> + </tr> + <tr> + <td><a name="6105" id="allgemeines_zugangspunkte54"></a>6105</td> + <td>Der Request konnte nicht gültig validiert werden.</td> + </tr> +</table> +<h4><a name="statuscodes_62xxx" id="allgemeines_zugangspunkte17"></a>1.3.3.3 OpenID Connect (62xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="6200" id="allgemeines_zugangspunkte55"></a>6200</td> + <td>Fehlerhafte redirect url</td> + </tr> +</table> +<h4><a name="statuscodes_63xxx" id="allgemeines_zugangspunkte18"></a>1.3.3.4 SAML 1(63xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="6300" id="allgemeines_zugangspunkte56"></a>6300</td> + <td>Fehlerhaftes SAML Artifact Format</td> + </tr> +</table> +<h3><a name="statuscodes_9xxxx" id="allgemeines_zugangspunkte10"></a>1.3.4 Statuscodes 9xxxx</h3> +<p>Alles Statuscodes beginnent mit der Zahl neun beschreiben interne Serverfehler.</p> +<h4><a name="statuscodes_90xxx" id="allgemeines_zugangspunkte14"></a>1.3.4.1 Konfigurationsfehler (90xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="9000" id="allgemeines_zugangspunkte57"></a>9000</td> + <td>Fehlerhaftes BKU-Selection Template</td> + </tr> + <tr> + <td><a name="9001" id="allgemeines_zugangspunkte58"></a>9001</td> + <td>Fehlerhaftes Send-Assertion Template</td> + </tr> + <tr> + <td><a name="9002" id="allgemeines_zugangspunkte59"></a>9002</td> + <td>Fehlerhaftes SecurityLayer Template.</td> + </tr> + <tr> + <td><a name="9003" id="allgemeines_zugangspunkte60"></a>9003</td> + <td>Fehlerhafte STORK VIDP Konfiguration</td> + </tr> + <tr> + <td><a name="9004" id="allgemeines_zugangspunkte61"></a>9004</td> + <td>Fehlerhafte STORK Konfiguration</td> + </tr> + <tr> + <td><a name="9005" id="allgemeines_zugangspunkte62"></a>9005</td> + <td>Fehlerhafte OpenID Connect Konfiguration</td> + </tr> + <tr> + <td><a name="9006" id="allgemeines_zugangspunkte63"></a>9006</td> + <td>Es sind keine Vollmachtsprofile konfiguriert.</td> + </tr> + <tr> + <td><a name="9007" id="allgemeines_zugangspunkte64"></a>9007</td> + <td>Der SZR-Gateway Client konnte nicht initialisiert werden.</td> + </tr> +</table> +<h4><a name="statuscodes_91xxx" id="allgemeines_zugangspunkte15"></a>1.3.4.2 Interne Fehler (91xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td><a name="9100" id="allgemeines_zugangspunkte65"></a>9100</td> + <td>Fehler beim einlesen einer externen Resource.</td> + </tr> + <tr> + <td><a name="9101" id="allgemeines_zugangspunkte66"></a>9101</td> + <td>Datenbankzugriffsfehler</td> + </tr> + <tr> + <td><a name="9102" id="allgemeines_zugangspunkte67"></a>9102</td> + <td>Fehler beim Erzeugen einer internen Datenstruktur</td> + </tr> + <tr> + <td><a name="9103" id="allgemeines_zugangspunkte68"></a>9103</td> + <td>Fehler bei der Verarbeitung eines Templates</td> + </tr> + <tr> + <td><a name="9199" id="allgemeines_zugangspunkte69"></a>9199</td> + <td>Allgemeiner interner Fehler</td> + </tr> +</table> +</body> +</html>
\ No newline at end of file diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6 Binary files differnew file mode 100644 index 000000000..dfe7072c1 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6 diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 Binary files differnew file mode 100644 index 000000000..38c2de589 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98 Binary files differnew file mode 100644 index 000000000..e13546c72 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98 diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E Binary files differnew file mode 100644 index 000000000..c3363a922 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt new file mode 100644 index 000000000..23ddad0bd --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw +MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM +EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj +lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ +znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH +2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 +k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs +2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG +KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+ +8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R +FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS +mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE +DNuxUCAKGkq6ahq97BvIxYSazQ== +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt new file mode 100644 index 000000000..765d61e8e --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMRowGAYDVQQDExFJQUlL +IFRlc3QgUm9vdCBDQTENMAsGA1UEChMESUFJSzENMAsGA1UEBxMER3JhejELMAkG +A1UEBhMCQVQwHhcNMDgwMTE0MTc1MzA3WhcNMTgwMTE0MTc1MzA3WjBHMRowGAYD +VQQDExFJQUlLIFRlc3QgUm9vdCBDQTENMAsGA1UEChMESUFJSzENMAsGA1UEBxME +R3JhejELMAkGA1UEBhMCQVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQC6KO6ltDC+smJsFFYz8cjB3BwFg97ZSi/xplSPYRAc/UJfWmXMUksIQ/74mMtr +XvZCykYckiZTU19pFPf+GzHesp8PgQPScfEHVpLbXAeMrg5zZLInz0dhwBRkeZUb +4wFcn4kaQODoGqi9gxpCqDQEc/lZp2rULgxwZWu9WYTmXps+wl7EPAUkCF3vI6jp +8ZvEZ3uUtZycee5biRbzSs25/vtUyumrPKBGNiK1nSIoHmWpXWUZvRP44Wxmen6k +AT9UV3SVUt1mPDb2ofsVbUtUoUE6QgiMNfhr66cXL6fZpS8/+h6T9oZncsEXz7ii +4ZiezsSS/8ZwYelsjMoZOyhnAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBxjAPBgNV +HRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQlsST3+0l+oqAodh9XJCXAonZdDAfBgNV +HSMEGDAWgBSQlsST3+0l+oqAodh9XJCXAonZdDANBgkqhkiG9w0BAQUFAAOCAQEA +hjb8n4zLRS8KVANvTj5P0RfzFsXHsJFWoHv5lH5HETi5tkX/YD1AdDTLfV6GihmL +Wn5hDT4owhw6moz8Q1H1X1N+3FZyzIrP96T1hoXbUTxcmc3Vt7wl+IsUA4fg5kfn +WXn+93NFYQMd/iZOz/ByhEIiG022eRsSYkzm+Fl674k/eukPZCeCETlIMjpUGkEO +ASws3KB98GyLG8SJ+7nssdol6rlL8agnz8iqTxGrqgYjkzb8uTKPMrxZ8tCUskSP +uJHuDXdUJXACgOdZqTU6hdV+S/m2BeIj7+q8B7XWaivnsla5q/RWA1EoyAfWW54x +iBGgBJ14RnNU0QKr0o9m8A== +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.p12 b/id/server/data/deploy/conf/moa-id-configuration/keys/application[password].p12 Binary files differindex 78cab1e89..78cab1e89 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.p12 +++ b/id/server/data/deploy/conf/moa-id-configuration/keys/application[password].p12 diff --git a/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.crt b/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.crt new file mode 100644 index 000000000..bd9640b37 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-configuration/keys/moa_idp.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw +MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE +CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk +MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD +ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x +tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY +O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh +zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS +ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW +BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw +ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh +dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ +TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M ++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0 +p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA +oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv +tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/ +Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI= +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-id-configuration/keys/assertion.crt b/id/server/data/deploy/conf/moa-id-configuration/keys/request.crt index aa4e23cb1..aa4e23cb1 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/keys/assertion.crt +++ b/id/server/data/deploy/conf/moa-id-configuration/keys/request.crt diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties index 05b5fbdef..c7bc6600e 100644 --- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties +++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties @@ -1,8 +1,16 @@ +******** +* +*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden! +* +****** + #General config general.login.deaktivate=false general.publicURLContext=https://localhost:8443/moa-id-configuration general.defaultlanguage=de +general.ssl.certstore=certs/certstore +general.ssl.truststore=certs/truststore ##Mail general.mail.host=smtp.localhost... @@ -39,7 +47,7 @@ general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth general.login.pvp2.idp.sso.logout.url=https://localhost:8443/moa-id-auth/LogOut?redirect= general.login.pvp2.metadata.entities.name=MOA-ID 2.x Configuration Tool -general.login.pvp2.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/application.p12 +general.login.pvp2.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/application[password].p12 general.login.pvp2.keystore.password=password general.login.pvp2.keystore.type=PKCS12 diff --git a/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.p12 b/id/server/data/deploy/conf/moa-id-oa/keys/application[password].p12 Binary files differindex 78cab1e89..78cab1e89 100644 --- a/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.p12 +++ b/id/server/data/deploy/conf/moa-id-oa/keys/application[password].p12 diff --git a/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.crt b/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.crt new file mode 100644 index 000000000..bd9640b37 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id-oa/keys/moa_idp.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw +MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE +CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk +MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD +ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x +tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY +O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh +zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS +ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW +BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw +ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh +dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ +TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M ++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0 +p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA +oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv +tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/ +Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI= +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-id-oa/oa.properties b/id/server/data/deploy/conf/moa-id-oa/oa.properties index 1a3684fcb..f247dcea6 100644 --- a/id/server/data/deploy/conf/moa-id-oa/oa.properties +++ b/id/server/data/deploy/conf/moa-id-oa/oa.properties @@ -1,11 +1,18 @@ +******** +* +*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden! +* +****** + +general.publicURLContext=https://localhost:8443/moa-id-oa + general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/moa_idp.crt general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth general.login.pvp2.OA.metadata.entities.name=MOA-ID 2.x Demo-Application -general.login.pvp2.OA.metadata.entity.name=https://localhost:8443/oa -general.login.pvp2.OA.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/application.p12 +general.login.pvp2.OA.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/application[password].p12 general.login.pvp2.OA.keystore.password=password general.login.pvp2.OA.keystore.type=PKCS12 diff --git a/id/server/data/deploy/conf/moa-id/keys/moa_idp[password].p12 b/id/server/data/deploy/conf/moa-id/keys/moa_idp[password].p12 Binary files differnew file mode 100644 index 000000000..25f585be5 --- /dev/null +++ b/id/server/data/deploy/conf/moa-id/keys/moa_idp[password].p12 diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties index bf9cf84d0..e8a75c348 100644 --- a/id/server/data/deploy/conf/moa-id/moa-id.properties +++ b/id/server/data/deploy/conf/moa-id/moa-id.properties @@ -1,3 +1,10 @@ +******** +* +*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden! +* +****** + + ##General MOA-ID 2.0 Configuration #MOA-ID 2.0 XML configuration files (necessary, if inmemory database is used) @@ -38,15 +45,17 @@ service.foreignidentities.clientKeyStorePassword= ##Protocol configuration## #PVP2 -protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12 +protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 protocols.pvp2.idp.ks.kspassword=password protocols.pvp2.idp.ks.metadata.alias=pvp_metadata protocols.pvp2.idp.ks.metadata.keypassword=password protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion protocols.pvp2.idp.ks.assertion.sign.keypassword=password +protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion +protocols.pvp2.idp.ks.assertion.encryption.keypassword=password #OpenID connect (OAuth) -protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12 +protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12 protocols.oauth20.jwt.ks.password=password protocols.oauth20.jwt.ks.key.name=oauth protocols.oauth20.jwt.ks.key.password=password diff --git a/id/server/doc/conf/Catalina/localhost/proxy.xml b/id/server/doc/conf/Catalina/localhost/proxy.xml new file mode 100644 index 000000000..eef60b953 --- /dev/null +++ b/id/server/doc/conf/Catalina/localhost/proxy.xml @@ -0,0 +1,25 @@ +<!-- + + Context configuration file for the MOA-Proxy App + + aus einer Tomcat 4.x.xx server.xml Datei: + <Context path="" docBase="../moa-id-proxy.war" debug="0"/> + +--> +<Context path="" docBase="${catalina.base}/webappsProxy/moa-id-proxy.war" privileged="true" + + antiResourceLocking="false" antiJARLocking="false"> + +<!-- +<ResourceLink name="users" global="UserDatabase" + type="org.apache.catalina.UserDatabase"/> +--> + + <!-- Uncomment this Valve to limit access to the Admin app to localhost + for obvious security reasons. Allow may be a comma-separated list of + hosts (or even regular expressions). + <Valve className="org.apache.catalina.valves.RemoteAddrValve" + allow="127.0.0.1"/> + --> + +</Context> diff --git a/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html new file mode 100644 index 000000000..ef070b8eb --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html @@ -0,0 +1,846 @@ +<!DOCTYPE html> +<html> +<head> +<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + + <!-- MOA-ID 2.x BKUSelection Layout CSS --> + <style type="text/css"> + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.7em; + /*border-radius: 5px;*/ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /*border-radius: 7px;*/ + margin-bottom: 25px; + min-width: 80px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 460px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + /*float:left; */ + width:250px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + #stork h2 { + font-size: 1.0em; + margin-bottom: 2%; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 100px; + height: 30px + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 75px; + margin-bottom: 10px; + } + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + + #localBKU input { + font-size: 0.6em; + min-width: 60px; + /* max-width: 65px; */ + min-height: 1.0em; + /* border-radius: 5px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.7em; + min-width: 55px; + /*min-height: 1.1em; + border-radius: 5px;*/ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2 { + font-size: 0.8em; + margin-top: -0.4em; + padding-top: 0.4em; + } + + #bkulogin { + min-height: 150px; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + /* max-width: 75px; */ + min-height: 0.95em; + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.75em; + min-width: 60px; + /* min-height: 0.95em; + border-radius: 6px; */ + margin-bottom: 5% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2 { + font-size: 0.9em; + margin-top: -0.45em; + padding-top: 0.45em; + } + + #bkulogin { + min-height: 180px; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /* min-height: 1.05em; + border-radius: 7px; */ + margin-bottom: 10%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.0em; + margin-top: -0.50em; + padding-top: 0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.9em; + /* min-height: 1.2em; + border-radius: 8px; */ + margin-bottom: 10%; + max-width: 80px; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.1em; + margin-top: -0.55em; + padding-top: 0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 80px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 1.0em; + /* min-height: 1.3em; + border-radius: 10px; */ + margin-bottom: 10%; + max-width: 85px; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2 { + font-size: 1.3em; + margin-top: -0.65em; + padding-top: 0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: #MAIN_BACKGOUNDCOLOR#; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + vertical-align: middle; + min-height: 173px; + min-width: 204px; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + position: relative; + top: 50%; + } + + #stork h2 { + font-size: 0.9em; + margin-bottom: 2%; + } + + #bkulogin { + min-width: 190px; + min-height: 155px; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + input[type=button] { +/* height: 11%; */ + width: 70%; + } + } + + * { + margin: 0; + padding: 0; + font-family: #FONTTYPE#; + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + /*margin-bottom: 10px;*/ + /* margin-top: 5px; */ + } + + #mandateLogin { + padding-bottom: 4%; + padding-top: 4%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-left: 5%; + padding-right: 2%; + padding-bottom: 4%; + /*padding-top: 4%;*/ + position: relative; + clear: both; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + +/* input[type=button], .sendButton { + background: #BUTTON_BACKGROUNDCOLOR#; + color: #BUTTON_COLOR#; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: 3px 3px 3px #222222; */ +/* } + +/* button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { + background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; + color: #BUTTON_COLOR#; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: -1px -1px 3px #222222; */ +/* } + +*/ + input { + /*border:1px solid #000;*/ + cursor: pointer; + } + + #localBKU input { +/* color: #BUTTON_COLOR#; */ + border: 0px; + display: inline-block; + + } + + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + text-decoration: underline; + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + .sendButton { + width: 30%; + margin-bottom: 1%; + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + </style> +<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> +<script type="text/javascript"> + function isIE() { + return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); + } + function isFullscreen() { + try { + return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); + } catch (e) { + return false; + } + } + function isActivexEnabled() { + var supported = null; + try { + supported = !!new ActiveXObject("htmlfile"); + } catch (e) { + supported = false; + } + return supported; + } + function isMetro() { + if (!isIE()) + return false; + return !isActivexEnabled() && isFullscreen(); + } + window.onload=function() { + document.getElementById("localBKU").style.display="block"; + return; + } + function bkuLocalClicked() { + setMandateSelection(); + } + + function bkuOnlineClicked() { + if (isMetro()) + document.getElementById("metroDetected").style.display="block"; + document.getElementById("localBKU").style.display="block"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "#ONLINE#"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; +/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + generateIFrame(iFrameURL); + } + function bkuHandyClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "#HANDY#"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; +/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + generateIFrame(iFrameURL); + } + function storkClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var ccc = "AT"; + var countrySelection = document.getElementById("cccSelection"); + if (countrySelection != null) { + ccc = document.getElementById("cccSelection").value; + } + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "#ONLINE#"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + iFrameURL += "&CCC=" + ccc; +/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + generateIFrame(iFrameURL); + } + function generateIFrame(iFrameURL) { + var el = document.getElementById("bkulogin"); + var width = el.clientWidth; + var heigth = el.clientHeight - 20; + var parent = el.parentNode; + + iFrameURL += "&heigth=" + heigth; + iFrameURL += "&width=" + width; + + var iframe = document.createElement("iframe"); + iframe.setAttribute("src", iFrameURL); + iframe.setAttribute("width", el.clientWidth - 1); + iframe.setAttribute("height", el.clientHeight - 1); + iframe.setAttribute("frameborder", "0"); + iframe.setAttribute("scrolling", "no"); + iframe.setAttribute("title", "Login"); + parent.replaceChild(iframe, el); + } + function setMandateSelection() { + document.getElementById("moaidform").action = "#AUTH_URL#"; + document.getElementById("useMandate").value = "false"; + var checkbox = document.getElementById("mandateCheckBox"); + if (checkbox != null) { + if (document.getElementById("mandateCheckBox").checked) { + document.getElementById("useMandate").value = "true"; + } + } + } + function onChangeChecks() { + if (top.innerWidth < 650) { + document.getElementById("moaidform").setAttribute("target","_parent"); + } else { + document.getElementById("moaidform").removeAttribute("target"); + } + + } +/* function setSSOSelection() { + document.getElementById("useSSO").value = "false"; + var checkbox = document.getElementById("SSOCheckBox"); + if (checkbox != null) { + if (document.getElementById("SSOCheckBox").checked) { + document.getElementById("useSSO").value = "true"; + } + } + } */ + +/* function checkMandateSSO() { + var sso = document.getElementById("SSOCheckBox"); + var mandate = document.getElementById("mandateCheckBox"); + + + if (sso.checked && mandate.checked) { + alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") + mandate.checked = false; + sso.checked = false; + return true; + } else { + return false; + } + } */ + </script> +<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title> +</head> +<body onload="onChangeChecks();" onresize="onChangeChecks();"> + <div id="page"> + <div id="page1" class="case selected-case" role="main"> + <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2> + <div id="main"> + <div id="leftcontent" class="hell" role="application"> + <div id="bku_header" class="dunkel"> + <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> + </div> + <div id="bkulogin" class="hell" role="form"> + <div id="mandateLogin" style=""> + <div> + <input tabindex="1" type="checkbox" name="Mandate" + id="mandateCheckBox" class="verticalcenter" role="checkbox" + onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#> + <label for="mandateCheckBox" class="verticalcenter">in + Vertretung anmelden</label> + <!--a href="info_mandates.html" + target="_blank" + class="infobutton verticalcenter" + tabindex="5">i</a--> + </div> + </div> + <div id="bkuselectionarea"> + <div id="bkukarte"> + <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png" + alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button" + onClick="bkuOnlineClicked();" tabindex="2" role="button" + value="Karte" /> + </div> + <div id="bkuhandy"> + <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png" + alt="HandyBKU" /> <input name="bkuButtonHandy" type="button" + onClick="bkuHandyClicked();" tabindex="3" role="button" + value="HANDY" /> + </div> + </div> + <div id="localBKU"> + <form method="get" id="moaidform" action="#AUTH_URL#" + class="verticalcenter" target="_parent"> + <input type="hidden" name="bkuURI" value="#LOCAL#"> <input + type="hidden" name="useMandate" id="useMandate"> <input + type="hidden" name="SSO" id="useSSO"> <input + type="hidden" name="CCC" id="ccc"> <input type="hidden" + name="MODUL" value="#MODUL#"> <input type="hidden" + name="ACTION" value="#ACTION#"> <input type="hidden" + name="MOASessionID" value="#SESSIONID#"> + <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4" + role="button" class="hell" + onclick="setMandateSelection();" + > + <!--p> + <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> + </p--> + </form> + </div> + + <div id="stork" align="center" style="#STORKVISIBLE#"> + <h2 id="tabheader" class="dunkel">Home Country Selection</h2> + <p> + <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > + #PEPSLIST# + </select> + <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button> + <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> + </p> + </div> + + <div id="metroDetected" style="display: none"> + <p>Anscheinend verwenden Sie Internet Explorer im + Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den + Optionen um die Karten-Anmeldung starten zu können.</p> + </div> + </div> + </div> + </div> + </div> + <div id="validation"> + <a href="http://validator.w3.org/check?uri="> <img + style="border: 0; width: 88px; height: 31px" + src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> + </a> <a href="http://jigsaw.w3.org/css-validator/"> <img + style="border: 0; width: 88px; height: 31px" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" + alt="CSS ist valide!" /> + </a> + </div> + </div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html new file mode 100644 index 000000000..b80d654cc --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html @@ -0,0 +1,617 @@ +<!DOCTYPE html> +<html> +<head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <!-- MOA-ID 2.x BKUSelection Layout CSS --> + <style type="text/css"> + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.7em; + border-radius: 5px; + } + + #bkuselectionarea button { + font-size: 0.85em; + border-radius: 7px; + margin-bottom: 25px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 440px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + padding-bottom: 15px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #selectArea h3 { + margin-bottom: 25px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 100px; + height: 30px; + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px;*/ + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 90px; + margin-bottom: 10px; + } + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + min-height: 1.2em; + border-radius: 5px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.8em; + min-width: 65px; + min-height: 1.3em; + /* border-radius: 5px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.8em; + margin-top: -0.4em; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + + #localBKU input { + font-size: 0.85em; + min-width: 80px; + min-height: 0.95em; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.85em; + min-width: 70px; + min-height: 0.95em; + /* border-radius: 6px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.9em; + margin-top: -0.45em; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.0em; + min-height: 1.05em; + /* border-radius: 7px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.0em; + margin-top: -0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.1em; + min-height: 1.2em; + /* border-radius: 8px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.1em; + margin-top: -0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.3em; + margin-top: -0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: #MAIN_BACKGOUNDCOLOR#; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + min-width: 190px; +/* min-height: 190px; */ + vertical-align: middle; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + padding-top: 1%; + position: relative; + top: 50%; + } + + #bkulogin { + min-width: 190px; + min-height: 150px; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 70%; + height: 11%; + min-width: 60px; + min-height: 25px; + } + + #selectArea h3 { + margin-top: 2%; + } + + button { + height: 11%; + width: 70%; + } + } + + * { + margin: 0; + padding: 0; +/* border: 0; */ + font-family: #FONTTYPE#; + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + margin-bottom: 10px; + margin-top: 5px; + } + + #mandateLogin { + padding-bottom: 2%; + padding-top: 2%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin > div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-left: 5%; + padding-right: 2%; + padding-bottom: 2%; + position: relative; + clear: both; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + + button, .sendButton { +/* background: #BUTTON_BACKGROUNDCOLOR#; + color: #BUTTON_COLOR#; */ + cursor: pointer; + +/* border:1px solid #000; + box-shadow: 3px 3px 3px #222222; */ + } + + button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { +/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; + color: #BUTTON_COLOR#; */ + cursor: pointer; + +/* border:1px solid #000; + box-shadow: -1px -1px 3px #222222; */ + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + </style> + + + <title>Anmeldung an Online-Applikation</title> +</head> + + +<body> + <div id="page"> + + <div id="page1" class="case selected-case" role="main"> + +<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> + + <div id="main"> + <div id="leftcontent" class="hell"> + <div id="bku_header" class="dunkel"> + <h2 id="tabheader" class="dunkel" role="heading"> + Anmeldeinformationen: + </h2> + </div> + + <div id="selectArea" class="hell" role="application"> + <h3>Anmeldung an: #OAName#</h3> + +<!-- <div class="hell"> --> + <div id="leftbutton"> + <form method="post" id="moaidform_yes" action="#URL#"> + <input type="hidden" name="value" value="true"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + <div id="rightbutton"> + <form method="post" id="moaidform_no" action="#URL#"> + <input type="hidden" name="value" value="false"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + + </div> + </div> + </div> + </div> + <div id="validation"> + <a href="http://validator.w3.org/check?uri="> + <img style="border:0;width:88px;height:31px" + src="#CONTEXTPATH#/img/valid-html5-blue.png" + alt="HTML5 ist valide!" /> + </a> + <a href="http://jigsaw.w3.org/css-validator/"> + <img style="border:0;width:88px;height:31px" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" + alt="CSS ist valide!" /> + </a> + </div> + </div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id-configuration/keys/assertion.crt b/id/server/doc/conf/moa-id-configuration/keys/assertion.crt new file mode 100644 index 000000000..aa4e23cb1 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/keys/assertion.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0 +MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV +BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts +2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y ++4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8 +upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn +SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9 +8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O +BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3 +EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD +ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl +DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b +crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60 +LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3 +0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5 +ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo= +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-id/keys/encryption.crt b/id/server/doc/conf/moa-id-configuration/keys/encryption.crt index c9d94f9b6..c9d94f9b6 100644 --- a/id/server/data/deploy/conf/moa-id/keys/encryption.crt +++ b/id/server/doc/conf/moa-id-configuration/keys/encryption.crt diff --git a/id/server/doc/conf/moa-id-configuration/keys/metadata.crt b/id/server/doc/conf/moa-id-configuration/keys/metadata.crt new file mode 100644 index 000000000..bd9640b37 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/keys/metadata.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw +MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE +CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk +MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD +ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x +tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY +O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh +zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS +ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW +BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw +ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh +dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ +TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M ++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0 +p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA +oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv +tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/ +Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI= +-----END CERTIFICATE----- diff --git a/id/server/data/deploy/conf/moa-id/keys/moa_idp.p12 b/id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12 Binary files differindex 78cab1e89..78cab1e89 100644 --- a/id/server/data/deploy/conf/moa-id/keys/moa_idp.p12 +++ b/id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12 diff --git a/id/server/doc/conf/moa-id-configuration/mail/activation_template.html b/id/server/doc/conf/moa-id-configuration/mail/activation_template.html new file mode 100644 index 000000000..adac14f56 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/mail/activation_template.html @@ -0,0 +1,39 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" /> +<title>Benachrichtigung</title> +<style type="text/css"> +body { + line-height: 1; + color: black; + background: white; + min-height: 101%; + font-size: 0.8em; + font-family: Verdana, Arial, Helvetica, sans-serif; +} +</style> + +</head> + +<body> +<div style="width: 708px; border: 1px solid #bbbbbb"> + <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p> + <p> </p> + <p>Ihr Benutzeraccount für das MOA-ID 2.x Verwaltungs- und Konfigurationstool wurde soeben durch den Administrator freigegeben.</p> + <p>Sie können Sich ab nun unter folgendem Link am Konfigurationstool anmelden und Ihre Online-Applikationen verwalten. + <a href="#MANDATE_SERVICE_LINK#">#MANDATE_SERVICE_LINK#</a>.</p> + + <p> </p> + <p>Graz, #TODAY_DATE#</p> + <p align="right">E-Government Innovationszentrum <br /> + Inffeldgasse 16a<br /> + 8010 Graz<br /> + <br /> + Telefon: +43 (316) 873-5514 <br /> + Fax: +43 (316) 873-5520 <br /> + E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a> + </p> +</div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id-configuration/mail/admin_template.html b/id/server/doc/conf/moa-id-configuration/mail/admin_template.html new file mode 100644 index 000000000..dd5872514 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/mail/admin_template.html @@ -0,0 +1,40 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" /> +<title>Benachrichtigung</title> +<style type="text/css"> +body { + line-height: 1; + color: black; + background: white; + min-height: 101%; + font-size: 0.8em; + font-family: Verdana, Arial, Helvetica, sans-serif; +} +</style> + +</head> + +<body> +<div style="width: 708px; border: 1px solid #bbbbbb"> + <p>Sehr geehrte(r) Administrator(in),</p> + <p> </p> + <p>Am MOA-ID 2.x Verwaltungs- und Konfigurationstool liegen offene Anträge vor.</p> + + <p>Aktuell warten #NUMBER_USERSS# neue Benutzeraccount(s) und #NUMBER_OAS# neue Online-Applikation(en) + auf eine Freigabe durch einen Administrator.</p> + + <p> </p> + <p>Graz, #TODAY_DATE#</p> + <p align="right">E-Government Innovationszentrum <br /> + Inffeldgasse 16a<br /> + 8010 Graz<br /> + <br /> + Telefon: +43 (316) 873-5514 <br /> + Fax: +43 (316) 873-5520 <br /> + E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a> + </p> +</div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html b/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html new file mode 100644 index 000000000..e809de743 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html @@ -0,0 +1,37 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" /> +<title>Benachrichtigung</title> +<style type="text/css"> +body { + line-height: 1; + color: black; + background: white; + min-height: 101%; + font-size: 0.8em; + font-family: Verdana, Arial, Helvetica, sans-serif; +} +</style> + +</head> + +<body> +<div style="width: 708px; border: 1px solid #bbbbbb"> + <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p> + <p> </p> + <p>Ihre Online-Applikation mit der ID #OANAME# wurde soeben durch den Administrator freigegeben.</p> + + <p> </p> + <p>Graz, #TODAY_DATE#</p> + <p align="right">E-Government Innovationszentrum <br /> + Inffeldgasse 16a<br /> + 8010 Graz<br /> + <br /> + Telefon: +43 (316) 873-5514 <br /> + Fax: +43 (316) 873-5520 <br /> + E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a> + </p> +</div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html b/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html new file mode 100644 index 000000000..b5abff125 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html @@ -0,0 +1,37 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" /> +<title>Benachrichtigung</title> +<style type="text/css"> +body { + line-height: 1; + color: black; + background: white; + min-height: 101%; + font-size: 0.8em; + font-family: Verdana, Arial, Helvetica, sans-serif; +} +</style> + +</head> + +<body> +<div style="width: 708px; border: 1px solid #bbbbbb"> + <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p> + <p> </p> + <p>Ihr Benutzeraccount für das MOA-ID 2.x Verwaltungs- und Konfigurationstool wurde soeben durch einen Administrator gelöscht.</p> + + <p> </p> + <p>Graz, #TODAY_DATE#</p> + <p align="right">E-Government Innovationszentrum <br /> + Inffeldgasse 16a<br /> + 8010 Graz<br /> + <br /> + Telefon: +43 (316) 873-5514 <br /> + Fax: +43 (316) 873-5520 <br /> + E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a> + </p> +</div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id-configuration/mail/verification_template.html b/id/server/doc/conf/moa-id-configuration/mail/verification_template.html new file mode 100644 index 000000000..fb4a3f2c4 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/mail/verification_template.html @@ -0,0 +1,43 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> +<html xmlns="http://www.w3.org/1999/xhtml"> +<head> +<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" /> +<title>Benachrichtigung</title> +<style type="text/css"> +body { + line-height: 1; + color: black; + background: white; + min-height: 101%; + font-size: 0.8em; + font-family: Verdana, Arial, Helvetica, sans-serif; +} +</style> + +</head> + +<body> +<div style="width: 708px; border: 1px solid #bbbbbb"> + <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p> + <p> </p> + <p>Sie haben einen Benutzeraccount für das MOA-ID 2.x Verwaltungs- und Konfigurationstool beantragt.</p> + <p>Um Ihren Antrag abzuschließen öffnen Sie bitte den folgenden Link in Ihrem Browser.<br> + <a href="#MANDATE_SERVICE_LINK#">#MANDATE_SERVICE_LINK#</a>.<br> + Anschließend wird Ihre Antrag an den zuständigen Administrator weitergeleitet. + Sie erhalten danach eine weitere Bestätigung sobald Ihr Benutzeraccount freigeschalten wurde.</p> + + <p>Sollten Sie keinen Account beantragt haben können Sie dieses Mail ignorieren.</p> + + <p> </p> + <p>Graz, #TODAY_DATE#</p> + <p align="right">E-Government Innovationszentrum <br /> + Inffeldgasse 16a<br /> + 8010 Graz<br /> + <br /> + Telefon: +43 (316) 873-5514 <br /> + Fax: +43 (316) 873-5520 <br /> + E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a> + </p> +</div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties new file mode 100644 index 000000000..05b5fbdef --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties @@ -0,0 +1,77 @@ +#General config +general.login.deaktivate=false +general.publicURLContext=https://localhost:8443/moa-id-configuration + +general.defaultlanguage=de + +##Mail +general.mail.host=smtp.localhost... +#general.mail.host.port= +#general.mail.host.username= +#general.mail.host.password= + +general.mail.from.name=MOA-ID 2.x Konfigurationstool +general.mail.from.address=no-reply@localhost + +general.mail.useraccountrequest.verification.subject=MOA-ID 2.x - Benutzerverifikation +general.mail.useraccountrequest.verification.template=mail/verification_template.html + +general.mail.useraccountrequest.isactive.subject=MOA-ID 2.x - Benutzeraktivierung +general.mail.useraccountrequest.isactive.template=mail/activation_template.html +general.mail.useraccountrequest.rejected.template=mail/rejected_template.html + +general.mail.createOArequest.isactive.subject=MOA-ID 2.x - Online-Applikationsaktivierung +general.mail.createOArequest.isactive.template=mail/oa_activation_template.html + +general.mail.admin.adress=admin@localhost +general.mail.admin.subject=MOA-ID 2.x - Statusmeldung +general.mail.admin.adresses.template=mail/admin_template.html + + +general.moaid.instance.url=https://localhost:8443/moa-id-auth/ + +##PVP2 Authentication +general.login.pvp2.isactive=true + +general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata +general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/moa_idp.crt +general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth +general.login.pvp2.idp.sso.logout.url=https://localhost:8443/moa-id-auth/LogOut?redirect= + +general.login.pvp2.metadata.entities.name=MOA-ID 2.x Configuration Tool +general.login.pvp2.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/application.p12 +general.login.pvp2.keystore.password=password +general.login.pvp2.keystore.type=PKCS12 + +general.login.pvp2.keystore.metadata.key.alias=pvp_metadata +general.login.pvp2.keystore.metadata.key.password=password + +general.login.pvp2.keystore.authrequest.encryption.key.alias=pvp_encryption +general.login.pvp2.keystore.authrequest.encryption.key.password=password + +general.login.pvp2.keystore.authrequest.key.alias=pvp_request +general.login.pvp2.keystore.authrequest.key.password=password + +#UserRequestCleanUP time in hours +general.userrequests.cleanup.delay=18 + +##Hibnerate configuration for MOA-ID 2.0 configuration +hibernate.dialect=org.hibernate.dialect.MySQLDialect +hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true +hibernate.connection.charSet=utf-8 +hibernate.connection.driver_class=com.mysql.jdbc.Driver +hibernate.connection.username= +hibernate.connection.password= + +hibernate.hbm2ddl.auto=update +hibernate.current_session_context_class=thread +hibernate.transaction.flush_before_completion=true +hibernate.transaction.auto_close_session=true +hibernate.show_sql=false +hibernate.format_sql=true +hibernate.c3p0.acquire_increment=3 +hibernate.c3p0.idle_test_period=300 +hibernate.c3p0.timeout=300 +hibernate.c3p0.max_size=20 +hibernate.c3p0.max_statements=0 +hibernate.c3p0.min_size=3
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml new file mode 100644 index 000000000..e225ca6e0 --- /dev/null +++ b/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml @@ -0,0 +1,7 @@ +<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style{ font-size: large; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle"> + Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id-oa/keys/application[password].p12 b/id/server/doc/conf/moa-id-oa/keys/application[password].p12 Binary files differnew file mode 100644 index 000000000..78cab1e89 --- /dev/null +++ b/id/server/doc/conf/moa-id-oa/keys/application[password].p12 diff --git a/id/server/doc/conf/moa-id-oa/keys/assertion.crt b/id/server/doc/conf/moa-id-oa/keys/assertion.crt new file mode 100644 index 000000000..aa4e23cb1 --- /dev/null +++ b/id/server/doc/conf/moa-id-oa/keys/assertion.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0 +MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV +BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts +2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y ++4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8 +upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn +SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9 +8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O +BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3 +EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD +ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl +DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b +crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60 +LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3 +0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5 +ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo= +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id-oa/keys/encryption.crt b/id/server/doc/conf/moa-id-oa/keys/encryption.crt new file mode 100644 index 000000000..c9d94f9b6 --- /dev/null +++ b/id/server/doc/conf/moa-id-oa/keys/encryption.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID9zCCAt+gAwIBAgIJAMC/5DRgVin3MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCkVuY3J5cHRpb24wHhcNMTQwMjA0MTA0 +MjA2WhcNMjQwMjAyMTA0MjA2WjBaMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDEwpFbmNyeXB0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +qgKWs3IW4giGsbAUm/wRH+lcggVpOPkNqqtNA48Qfwkq/lSWdeHp0+xXOwR1Oull +TpmfbqJouUoHf6jCt1EXqlQR2oQ1oYYjLncVMhZ9ajXVFJEBl6tw9Em4aCzkkTdL +HfWoh21iDnYOXTgP23/59xpuvy85O39hKnysXIcniqeb1uHthMiN25R8g4bPOQNb +OfoMXpXdVbHxM77ZDSbk88BMRsq8SnlPdelaf8HsZomtnLKXvSDLivTZloxtHjBa +aJNS/H1zr3HI+lq4S4VH+8ilj53OeWHjstGCFiTRtZy2hZvG2PegNIL7shMN/h4i +h+OCn/ImAW9Kf599wve5iQIDAQABo4G/MIG8MB0GA1UdDgQWBBQzMzOrGfjN+Tnz +zbFTyLPgHS4FkjCBjAYDVR0jBIGEMIGBgBQzMzOrGfjN+TnzzbFTyLPgHS4FkqFe +pFwwWjELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKRW5jcnlwdGlvboIJ +AMC/5DRgVin3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADZoknf +lcG0O9sL8CALO6UmPy1+ZlOXndoqqNu3uvzj7hvjT5RPY4hTyfrkUn5EqlHwLSCf +C7rOxcGvRHT3/REwOef8H3MGdSV81esa5EbrRfGWjLOXoQFrIOhz5bxqoU0B7Obh +3IUA2yCGz4SlXjMdMWN670ETglnthdY4z2Ot8n4E2YNXlRSubowat7ylkqjKvyaB +Iz/RVgDxblkOK+bqPSKaNWvadItnMyh7Y8C3LD3tQpwYViJ0QOJ9BMujULma7Tb8 +lVIhmx3y2cU8nCqG0VPSTE6AMnuONuQjJTGFsRdDREFrALtjUpsUOXU6+19ywYSi +LYiLYskPglktuck= +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id-oa/keys/metadata.crt b/id/server/doc/conf/moa-id-oa/keys/metadata.crt new file mode 100644 index 000000000..bd9640b37 --- /dev/null +++ b/id/server/doc/conf/moa-id-oa/keys/metadata.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw +MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE +CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk +MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD +ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x +tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY +O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh +zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS +ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW +BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw +ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh +dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ +TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M ++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0 +p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA +oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv +tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/ +Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI= +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id-oa/oa.properties b/id/server/doc/conf/moa-id-oa/oa.properties new file mode 100644 index 000000000..a24f800f2 --- /dev/null +++ b/id/server/doc/conf/moa-id-oa/oa.properties @@ -0,0 +1,21 @@ +general.publicURLContext=https://localhost:8443/oa + +general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata +general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/moa_idp.crt +general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth + +general.login.pvp2.OA.metadata.entities.name=MOA-ID 2.x Demo-Application + +general.login.pvp2.OA.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/application.p12 +general.login.pvp2.OA.keystore.password=password +general.login.pvp2.OA.keystore.type=PKCS12 + +general.login.pvp2.OA.keystore.metadata.sign.key.alias=pvp_metadata +general.login.pvp2.OA.keystore.metadata.sign.key.password=password + +general.login.pvp2.keystore.authrequest.sign.key.alias=pvp_request +general.login.pvp2.keystore.authrequest.sign.key.password=password + +general.login.pvp2.keystore.assertion.encryption.key.alias=pvp_encryption +general.login.pvp2.keystore.assertion.encryption.key.password=password + diff --git a/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml b/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml new file mode 100644 index 000000000..51b36a1da --- /dev/null +++ b/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Beispielkonfiguration fuer MOA-ID --> +<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#"> + <!-- Konfiguration fuer MOA-ID-PROXY --> + <ProxyComponent> + <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service --> + <AuthComponent> + <ConnectionParameter URL="http://labda.iaik.tugraz.at:8080/moa-id-auth/services/GetAuthenticationData"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </AuthComponent> + </ProxyComponent> + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication type="businessService" publicURLPrefix="https://proxy.gv.at" friendlyName="Test Application"> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/BasicOAConfiguration.xml" sessionTimeOut="600" + loginParameterResolverImpl="at.gv.egiz.moa.id.proxy.MySQLLoginParameterResolver" + loginParameterResolverConfiguration="/var/lib/tomcat6/webapps/moa-id-proxy-umgmt/WEB-INF/classes/hibernate.cfg.xml" + connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.EnhancedConnectionBuilder" + errorRedirectURL="https://proxy.gv.at/oa2"> + + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="https://proxy.gv.at/oa"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- Eintragung fuer jede Online-Applikation --> + <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY --> + <OnlineApplication type="businessService" publicURLPrefix="https://proxy.gv.at" friendlyName="Test Application"> + <!-- fuer MOA-ID-PROXY --> + <ProxyComponent configFileURL="oa/BasicOAConfiguration.xml" sessionTimeOut="600" + errorRedirectURL="https://proxy.gv.at/oa2"> + + <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation --> + <ConnectionParameter URL="https://proxy.gv.at/oa"> + <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates> + <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> --> + </ConnectionParameter> + </ProxyComponent> + </OnlineApplication> + + <!-- ChainingModes fuer die Zertifikatspfadueberpruefug der TLS-Zertifikate --> + <ChainingModes systemDefaultMode="pkix"> + </ChainingModes> + <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird + fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird + zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden --> + <TrustedCACertificates>certs/ca-certs</TrustedCACertificates> + <!-- Cache-Verzeichnis fuer-Zertifikate --> + <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden --> + <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="/etc/tomcat6/moa-id/certs/certstore"/> + <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/> + <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden --> + <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/> + <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) --> + <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ --> + <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) --> + <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ --> + <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen --> +</MOA-IDConfiguration> diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp new file mode 100644 index 000000000..0cb4e8fea --- /dev/null +++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp @@ -0,0 +1,53 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<%@ page contentType="text/html; charset=UTF-8" %> +<html> +<head> +<title>Ein Fehler ist aufgetreten</title> +</head> +<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown"); + String errorMessage = (String)request.getAttribute("ErrorMessage"); + String wrongParameters = (String)request.getAttribute("WrongParameters"); + String logLevel = (String)request.getAttribute("LogLevel"); +%> + +<body> +<h1>Fehler bei der Anmeldung</h1> +<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p> + +<% if (logLevel != null) { %> +<% if (errorMessage != null) { %> +<p> +<%= errorMessage%><br> +</p> +<% } %> +<% if (exceptionThrown != null) { %> +<p> +<%= exceptionThrown.getMessage()%> +</p> +<% } %> +<% if (wrongParameters != null) { %> +<p>Die Angabe der Parameter ist unvollständig.<br></p> +<b> <%= wrongParameters %> </b><br> +<p> + Beispiele für korrekte Links zur MOA-ID Authentisierung sind: +</p> +<p> +<tt><a href="https://<MOA-URL>/StartAuthentication?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>"></tt> +</p> +<p> +<tt><a href="https://<MOA-URL>/SelectBKU?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt> +</p> +<p> +Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entfällt die Angabe des <i>Target</i> Parameters: +</p> +<p> +<tt><a href="https://<MOA-URL>/StartAuthentication?OA=<OA-URL>&Template=<Template-URL>"></tt> +</p> +<p> +<tt><a href="https://<MOA-URL>/SelectBKU?OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt> +</p> +<p>Die Angabe der Parameter <tt>"Template"</tt> und <tt>"BKUSelectionTemplate"</tt> ist optional.</p> +<% } %> +<% } %> +</body> +</html>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp new file mode 100644 index 000000000..0b3992bfd --- /dev/null +++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp @@ -0,0 +1,13 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<%@ page contentType="text/html; charset=UTF-8" %> +<html> +<head> +<title>Ein Fehler ist aufgetreten</title> +</head> + +<body> +<h1>Fehler bei der Anmeldung</h1> +<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p> + +</body> +</html>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp new file mode 100644 index 000000000..0cb4e8fea --- /dev/null +++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp @@ -0,0 +1,53 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<%@ page contentType="text/html; charset=UTF-8" %> +<html> +<head> +<title>Ein Fehler ist aufgetreten</title> +</head> +<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown"); + String errorMessage = (String)request.getAttribute("ErrorMessage"); + String wrongParameters = (String)request.getAttribute("WrongParameters"); + String logLevel = (String)request.getAttribute("LogLevel"); +%> + +<body> +<h1>Fehler bei der Anmeldung</h1> +<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p> + +<% if (logLevel != null) { %> +<% if (errorMessage != null) { %> +<p> +<%= errorMessage%><br> +</p> +<% } %> +<% if (exceptionThrown != null) { %> +<p> +<%= exceptionThrown.getMessage()%> +</p> +<% } %> +<% if (wrongParameters != null) { %> +<p>Die Angabe der Parameter ist unvollständig.<br></p> +<b> <%= wrongParameters %> </b><br> +<p> + Beispiele für korrekte Links zur MOA-ID Authentisierung sind: +</p> +<p> +<tt><a href="https://<MOA-URL>/StartAuthentication?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>"></tt> +</p> +<p> +<tt><a href="https://<MOA-URL>/SelectBKU?Target=<Geschäftsbereich>&OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt> +</p> +<p> +Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entfällt die Angabe des <i>Target</i> Parameters: +</p> +<p> +<tt><a href="https://<MOA-URL>/StartAuthentication?OA=<OA-URL>&Template=<Template-URL>"></tt> +</p> +<p> +<tt><a href="https://<MOA-URL>/SelectBKU?OA=<OA-URL>&Template=<Template-URL>&BKUSelectionTemplate=<BKU-Template-URL>"></tt> +</p> +<p>Die Angabe der Parameter <tt>"Template"</tt> und <tt>"BKUSelectionTemplate"</tt> ist optional.</p> +<% } %> +<% } %> +</body> +</html>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp new file mode 100644 index 000000000..0b3992bfd --- /dev/null +++ b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp @@ -0,0 +1,13 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<%@ page contentType="text/html; charset=UTF-8" %> +<html> +<head> +<title>Ein Fehler ist aufgetreten</title> +</head> + +<body> +<h1>Fehler bei der Anmeldung</h1> +<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p> + +</body> +</html>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id/MOAIdentities.xsd b/id/server/doc/conf/moa-id/MOAIdentities.xsd new file mode 100644 index 000000000..e075ead5e --- /dev/null +++ b/id/server/doc/conf/moa-id/MOAIdentities.xsd @@ -0,0 +1,59 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) --> +<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" elementFormDefault="qualified" attributeFormDefault="unqualified"> + <xs:element name="MOAIdentities"> + <xs:annotation> + <xs:documentation>MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID</xs:documentation> + </xs:annotation> + <xs:complexType> + <xs:sequence maxOccurs="unbounded"> + <xs:element name="Mapping"> + <xs:complexType> + <xs:sequence> + <xs:element name="Identity"> + <xs:complexType> + <xs:choice> + <xs:element name="NamedIdentity" type="tns:NamedIdentityType"/> + <xs:element name="bPKIdentity" type="tns:bPKIdentitiyType"/> + <xs:element name="wbPKIdentity" type="tns:wbPKIdentitiyType"/> + </xs:choice> + </xs:complexType> + </xs:element> + <xs:element name="Parameters" type="tns:ParametersType"/> + </xs:sequence> + </xs:complexType> + </xs:element> + </xs:sequence> + </xs:complexType> + </xs:element> + <xs:complexType name="wbPKIdentitiyType"> + <xs:simpleContent> + <xs:extension base="xs:boolean"> + <xs:attribute name="wbPK" type="xs:string" use="required"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + <xs:complexType name="bPKIdentitiyType"> + <xs:simpleContent> + <xs:extension base="xs:boolean"> + <xs:attribute name="bPK" type="xs:string" use="required"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + <xs:complexType name="NamedIdentityType"> + <xs:simpleContent> + <xs:extension base="xs:boolean"> + <xs:attribute name="SurName" type="xs:string" use="required"/> + <xs:attribute name="GivenName" type="xs:string" use="required"/> + <xs:attribute name="BirthDate" type="xs:string" use="optional"/> + </xs:extension> + </xs:simpleContent> + </xs:complexType> + <xs:complexType name="ParametersType"> + <xs:attribute name="UN" type="xs:string" use="optional"/> + <xs:attribute name="PW" type="xs:string" use="optional"/> + <xs:attribute name="Param1" type="xs:string" use="optional"/> + <xs:attribute name="Param2" type="xs:string" use="optional"/> + <xs:attribute name="Param3" type="xs:string" use="optional"/> + </xs:complexType> +</xs:schema> diff --git a/id/server/doc/conf/moa-id/SampleIdentities.xml b/id/server/doc/conf/moa-id/SampleIdentities.xml new file mode 100644 index 000000000..abda0bf64 --- /dev/null +++ b/id/server/doc/conf/moa-id/SampleIdentities.xml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Beispielkonfiguration für den Einsatz der MOA-ID Proxy-Komponenten unter Einsatz eines speziellen XMLLoginParameterResolver + Damit kann unter Einsatz des XMLLoginParameterResolverPlainData (s.u.) eine Einschränkung von Benutzer für OA erfolgen. --> +<!-- Beispiel für ein Element ProxyComponent in der MOA-ID Konfigurationsdatei welches den XMLLoginParameterResolverPlainData + mit der Benutzerdatei Identities.xml verwendet um sich über Basic Authentication (401) an einer Webseite anzumeldne --> + + +<!-- + <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600" + loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.XMLLoginParameterResolverPlainData" + loginParameterResolverConfiguration="Identities.xml"> + <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/"> + </ConnectionParameter> + </ProxyComponent> +--> +<MOAIdentities xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814 MOAIdentities.xsd"> + <!-- Eintrag aller Benutzer mit Berechtigung --> + <!-- Die Daten müssen in der Schreibweise wie in der Personenbindung (= Schreibweise des ZMRs) eingegeben werden --> + + <!-- Benutzerin Kunz --> + <Mapping> + <Identity> + <NamedIdentity SurName="Kunz" GivenName="Karin Stella" BirthDate="1900-01-01">1</NamedIdentity> + </Identity> + <Parameters UN="KunzKS" PW="geheim"/> + </Mapping> + <!-- Benutzer Mustermann --> + <Mapping> + <Identity> + <NamedIdentity SurName="Mustermann-Fall" GivenName="Max Moriz" BirthDate="1900-01-01">1</NamedIdentity> + </Identity> + <Parameters UN="MustMM" PW="höchst?Geheim"/> + </Mapping> +</MOAIdentities> diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer b/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer b/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer b/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer Binary files differnew file mode 100644 index 000000000..ff90e35f5 --- /dev/null +++ b/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt b/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt new file mode 100644 index 000000000..0780bc44f --- /dev/null +++ b/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFsDCCBJigAwIBAgIHASBxw0JY9jANBgkqhkiG9w0BAQUFADCBrDEcMBoGA1UE +AxMTRXVyb1BLSSBJQUlLIFNTTCBDQTEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczENMAsGA1UE +BxMER3JhejELMAkGA1UEBhMCQVQwHhcNMTMxMjAzMTYzODUyWhcNMTUxMjAzMTYz +ODUyWjCBqTELMAkGA1UEBhMCQVQxDTALBgNVBAcTBEdyYXoxJjAkBgNVBAoTHUdy +YXogVW5pdmVyc2l0eSBvZiBUZWNobm9sb2d5MUgwRgYDVQQLEz9JbnN0aXR1dGUg +Zm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNh +dGlvbnMxGTAXBgNVBAMTEHN6cmd3LmVnaXouZ3YuYXQwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDPDRBxrsDziPzz+GAcdJ2m6kOkJcr4REzMzP9dULRv +R6EbVvvwQgPpAEcuqH+101ZwcIHNSCSQF30HnkJVF9hQ+4jIKjvUQ96hkZUC8OyI +9WfJfPjCtMea9Mk4YsI2DVc6xoiuNKSeZt6ER0b3YDRFX6x4QqQpgt3uIMKjHxBf +ESB9ehKLEPnQTgIzblvVrPWRAjVd+nZq40ZW1Im9Kq2pRk1gt5xiGh0q5qCV17Yj +mzTcO4tcgW7iFJ8Tj1Cdog7AOBkhGXGtndfhH/EwGo08PZ1PEYwA5wTVHEhq/Nom +zBKhDBRdDBhWOuxMeX8zSffuBYf9Oa9RGZBPErUi9HgHAgMBAAGjggHWMIIB0jAO +BgNVHQ8BAf8EBAMCBLAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/ +BAIwADBQBgNVHSAESTBHMEUGDCsGAQQBlRIBAgMBATA1MDMGCCsGAQUFBwIBFido +dHRwOi8vZXVyb3BraS5pYWlrLmF0L2NhL2lhaWsvY3BzLzEuMy8wHQYDVR0OBBYE +FFi1nfsT7YEJ9PKNzMHBtXbl574ZMEgGA1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9j +YS5pYWlrLnR1Z3Jhei5hdC9jYXBzby9jcmxzL0V1cm9QS0lJQUlLX1NTTC5jcmww +gZoGCCsGAQUFBwEBBIGNMIGKMEIGCCsGAQUFBzABhjZodHRwOi8vY2EuaWFpay50 +dWdyYXouYXQvY2Fwc28vT0NTUD9jYT1FdXJvUEtJSUFJS19TU0wwRAYIKwYBBQUH +MAKGOGh0dHA6Ly9jYS5pYWlrLnR1Z3Jhei5hdC9jYXBzby9jZXJ0cy9FdXJvUEtJ +SUFJS19TU0wuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56QGVnaXouZ3YuYXQw +HwYDVR0jBBgwFoAUFZk0u+CXsy4oNl3WeM9osRQzuEkwDQYJKoZIhvcNAQEFBQAD +ggEBAItlnRWi7nFbd9oahK06YNgkI6c3zPfWp3anaYOxZt+AakjI7IoV2YprNVWJ +2RZ2KA7rM3xNO1i1/H6TcWpjIJy+zsejvyXjQbC9e+wy3hD7iqtCt4oWqzIg61NE +u1j1u/r9/yozDEkOYv7XY+X5xNBCZ1YfbOwKltLdCWhk6MSK9xDUoeub0DyD3OIS +4VBVfftsVaJA9vY9e62aSpysEU6VoJpoXVLv1pGeCMajF9d7umCs+daguugbUNMM +FIfAll/9kcEG7FmpLaWA1qRpfTb8XZ6j/J0YrWAzyyCmLiQJRmhDDipi7PqAJBz6 +9aau5Lhfs4OYoKxgiw7WxOJldFo= +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html new file mode 100644 index 000000000..ef070b8eb --- /dev/null +++ b/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html @@ -0,0 +1,846 @@ +<!DOCTYPE html> +<html> +<head> +<meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + + <!-- MOA-ID 2.x BKUSelection Layout CSS --> + <style type="text/css"> + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.7em; + /*border-radius: 5px;*/ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /*border-radius: 7px;*/ + margin-bottom: 25px; + min-width: 80px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 460px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + /*float:left; */ + width:250px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + #stork h2 { + font-size: 1.0em; + margin-bottom: 2%; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 100px; + height: 30px + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 75px; + margin-bottom: 10px; + } + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + + #localBKU input { + font-size: 0.6em; + min-width: 60px; + /* max-width: 65px; */ + min-height: 1.0em; + /* border-radius: 5px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.7em; + min-width: 55px; + /*min-height: 1.1em; + border-radius: 5px;*/ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2 { + font-size: 0.8em; + margin-top: -0.4em; + padding-top: 0.4em; + } + + #bkulogin { + min-height: 150px; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + /* max-width: 75px; */ + min-height: 0.95em; + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.75em; + min-width: 60px; + /* min-height: 0.95em; + border-radius: 6px; */ + margin-bottom: 5% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2 { + font-size: 0.9em; + margin-top: -0.45em; + padding-top: 0.45em; + } + + #bkulogin { + min-height: 180px; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.85em; + /* min-height: 1.05em; + border-radius: 7px; */ + margin-bottom: 10%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.0em; + margin-top: -0.50em; + padding-top: 0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 75px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 0.9em; + /* min-height: 1.2em; + border-radius: 8px; */ + margin-bottom: 10%; + max-width: 80px; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2 { + font-size: 1.1em; + margin-top: -0.55em; + padding-top: 0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.8em; + min-width: 70px; + /* max-width: 80px; */ + /* border-radius: 6px; */ + } + + #bkuselectionarea input[type=button] { + font-size: 1.0em; + /* min-height: 1.3em; + border-radius: 10px; */ + margin-bottom: 10%; + max-width: 85px; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2 { + font-size: 1.3em; + margin-top: -0.65em; + padding-top: 0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: #MAIN_BACKGOUNDCOLOR#; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + vertical-align: middle; + min-height: 173px; + min-width: 204px; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + position: relative; + top: 50%; + } + + #stork h2 { + font-size: 0.9em; + margin-bottom: 2%; + } + + #bkulogin { + min-width: 190px; + min-height: 155px; + } + + .setAssertionButton_full { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + input[type=button] { +/* height: 11%; */ + width: 70%; + } + } + + * { + margin: 0; + padding: 0; + font-family: #FONTTYPE#; + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + /*margin-bottom: 10px;*/ + /* margin-top: 5px; */ + } + + #mandateLogin { + padding-bottom: 4%; + padding-top: 4%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-left: 5%; + padding-right: 2%; + padding-bottom: 4%; + /*padding-top: 4%;*/ + position: relative; + clear: both; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + +/* input[type=button], .sendButton { + background: #BUTTON_BACKGROUNDCOLOR#; + color: #BUTTON_COLOR#; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: 3px 3px 3px #222222; */ +/* } + +/* button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { + background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; + color: #BUTTON_COLOR#; +/* border:1px solid #000; */ +/* cursor: pointer; +/* box-shadow: -1px -1px 3px #222222; */ +/* } + +*/ + input { + /*border:1px solid #000;*/ + cursor: pointer; + } + + #localBKU input { +/* color: #BUTTON_COLOR#; */ + border: 0px; + display: inline-block; + + } + + #localBKU input:hover, #localBKU input:focus, #localBKU input:active { + text-decoration: underline; + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + .sendButton { + width: 30%; + margin-bottom: 1%; + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + </style> +<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions--> +<script type="text/javascript"> + function isIE() { + return (/MSIE (\d+\.\d+);/.test(navigator.userAgent)); + } + function isFullscreen() { + try { + return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height)); + } catch (e) { + return false; + } + } + function isActivexEnabled() { + var supported = null; + try { + supported = !!new ActiveXObject("htmlfile"); + } catch (e) { + supported = false; + } + return supported; + } + function isMetro() { + if (!isIE()) + return false; + return !isActivexEnabled() && isFullscreen(); + } + window.onload=function() { + document.getElementById("localBKU").style.display="block"; + return; + } + function bkuLocalClicked() { + setMandateSelection(); + } + + function bkuOnlineClicked() { + if (isMetro()) + document.getElementById("metroDetected").style.display="block"; + document.getElementById("localBKU").style.display="block"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "#ONLINE#"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; +/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + generateIFrame(iFrameURL); + } + function bkuHandyClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "#HANDY#"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; +/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + generateIFrame(iFrameURL); + } + function storkClicked() { + document.getElementById("localBKU").style.display="none"; +/* if (checkMandateSSO()) + return; */ + + setMandateSelection(); +/* setSSOSelection(); */ + + var ccc = "AT"; + var countrySelection = document.getElementById("cccSelection"); + if (countrySelection != null) { + ccc = document.getElementById("cccSelection").value; + } + var iFrameURL = "#AUTH_URL#" + "?"; + iFrameURL += "bkuURI=" + "#ONLINE#"; + iFrameURL += "&useMandate=" + document.getElementById("useMandate").value; + iFrameURL += "&CCC=" + ccc; +/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */ + iFrameURL += "&MODUL=" + "#MODUL#"; + iFrameURL += "&ACTION=" + "#ACTION#"; + iFrameURL += "&MOASessionID=" + "#SESSIONID#"; + generateIFrame(iFrameURL); + } + function generateIFrame(iFrameURL) { + var el = document.getElementById("bkulogin"); + var width = el.clientWidth; + var heigth = el.clientHeight - 20; + var parent = el.parentNode; + + iFrameURL += "&heigth=" + heigth; + iFrameURL += "&width=" + width; + + var iframe = document.createElement("iframe"); + iframe.setAttribute("src", iFrameURL); + iframe.setAttribute("width", el.clientWidth - 1); + iframe.setAttribute("height", el.clientHeight - 1); + iframe.setAttribute("frameborder", "0"); + iframe.setAttribute("scrolling", "no"); + iframe.setAttribute("title", "Login"); + parent.replaceChild(iframe, el); + } + function setMandateSelection() { + document.getElementById("moaidform").action = "#AUTH_URL#"; + document.getElementById("useMandate").value = "false"; + var checkbox = document.getElementById("mandateCheckBox"); + if (checkbox != null) { + if (document.getElementById("mandateCheckBox").checked) { + document.getElementById("useMandate").value = "true"; + } + } + } + function onChangeChecks() { + if (top.innerWidth < 650) { + document.getElementById("moaidform").setAttribute("target","_parent"); + } else { + document.getElementById("moaidform").removeAttribute("target"); + } + + } +/* function setSSOSelection() { + document.getElementById("useSSO").value = "false"; + var checkbox = document.getElementById("SSOCheckBox"); + if (checkbox != null) { + if (document.getElementById("SSOCheckBox").checked) { + document.getElementById("useSSO").value = "true"; + } + } + } */ + +/* function checkMandateSSO() { + var sso = document.getElementById("SSOCheckBox"); + var mandate = document.getElementById("mandateCheckBox"); + + + if (sso.checked && mandate.checked) { + alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!") + mandate.checked = false; + sso.checked = false; + return true; + } else { + return false; + } + } */ + </script> +<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title> +</head> +<body onload="onChangeChecks();" onresize="onChangeChecks();"> + <div id="page"> + <div id="page1" class="case selected-case" role="main"> + <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2> + <div id="main"> + <div id="leftcontent" class="hell" role="application"> + <div id="bku_header" class="dunkel"> + <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2> + </div> + <div id="bkulogin" class="hell" role="form"> + <div id="mandateLogin" style=""> + <div> + <input tabindex="1" type="checkbox" name="Mandate" + id="mandateCheckBox" class="verticalcenter" role="checkbox" + onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#> + <label for="mandateCheckBox" class="verticalcenter">in + Vertretung anmelden</label> + <!--a href="info_mandates.html" + target="_blank" + class="infobutton verticalcenter" + tabindex="5">i</a--> + </div> + </div> + <div id="bkuselectionarea"> + <div id="bkukarte"> + <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png" + alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button" + onClick="bkuOnlineClicked();" tabindex="2" role="button" + value="Karte" /> + </div> + <div id="bkuhandy"> + <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png" + alt="HandyBKU" /> <input name="bkuButtonHandy" type="button" + onClick="bkuHandyClicked();" tabindex="3" role="button" + value="HANDY" /> + </div> + </div> + <div id="localBKU"> + <form method="get" id="moaidform" action="#AUTH_URL#" + class="verticalcenter" target="_parent"> + <input type="hidden" name="bkuURI" value="#LOCAL#"> <input + type="hidden" name="useMandate" id="useMandate"> <input + type="hidden" name="SSO" id="useSSO"> <input + type="hidden" name="CCC" id="ccc"> <input type="hidden" + name="MODUL" value="#MODUL#"> <input type="hidden" + name="ACTION" value="#ACTION#"> <input type="hidden" + name="MOASessionID" value="#SESSIONID#"> + <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4" + role="button" class="hell" + onclick="setMandateSelection();" + > + <!--p> + <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small> + </p--> + </form> + </div> + + <div id="stork" align="center" style="#STORKVISIBLE#"> + <h2 id="tabheader" class="dunkel">Home Country Selection</h2> + <p> + <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" > + #PEPSLIST# + </select> + <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button> + <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a> + </p> + </div> + + <div id="metroDetected" style="display: none"> + <p>Anscheinend verwenden Sie Internet Explorer im + Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den + Optionen um die Karten-Anmeldung starten zu können.</p> + </div> + </div> + </div> + </div> + </div> + <div id="validation"> + <a href="http://validator.w3.org/check?uri="> <img + style="border: 0; width: 88px; height: 31px" + src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" /> + </a> <a href="http://jigsaw.w3.org/css-validator/"> <img + style="border: 0; width: 88px; height: 31px" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" + alt="CSS ist valide!" /> + </a> + </div> + </div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html new file mode 100644 index 000000000..b80d654cc --- /dev/null +++ b/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html @@ -0,0 +1,617 @@ +<!DOCTYPE html> +<html> +<head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + <!-- MOA-ID 2.x BKUSelection Layout CSS --> + <style type="text/css"> + @media screen and (min-width: 650px) { + + body { + margin:0; + padding:0; + color : #000; + background-color : #fff; + text-align: center; + background-color: #6B7B8B; + } + + #localBKU p { + font-size: 0.7em; + } + + #localBKU input{ + font-size: 0.7em; + border-radius: 5px; + } + + #bkuselectionarea button { + font-size: 0.85em; + border-radius: 7px; + margin-bottom: 25px; + } + + #mandateLogin { + font-size: 0.85em; + } + + #bku_header h2 { + font-size: 0.8em; + } + + + #page { + display: block; + border: 2px solid rgb(0,0,0); + width: 650px; + height: 440px; + margin: 0 auto; + margin-top: 5%; + position: relative; + border-radius: 25px; + background: rgb(255,255,255); + } + + #page1 { + text-align: center; + } + + #main { + /* clear:both; */ + position:relative; + margin: 0 auto; + width: 250px; + text-align: center; + } + + .OA_header { + /* background-color: white;*/ + font-size: 20pt; + margin-bottom: 25px; + margin-top: 25px; + } + + #leftcontent { + width: 300px; + margin-top: 30px; + padding-bottom: 15px; + margin-bottom: 25px; + text-align: left; + border: 1px solid rgb(0,0,0); + } + + #selectArea { + font-size: 15px; + padding-bottom: 65px; + } + + #selectArea h3 { + margin-bottom: 25px; + } + + #bku_header { + height: 5%; + padding-bottom: 3px; + padding-top: 3px; + } + + #bkulogin { + overflow:hidden; + min-width: 190px; + min-height: 180px; + /*height: 260px;*/ + } + + h2#tabheader{ + font-size: 1.1em; + padding-left: 2%; + padding-right: 2%; + position: relative; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 100px; + height: 30px; + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px;*/ + } + + #leftbutton { + width: 30%; + float:left; + margin-left: 40px; + } + + #rightbutton { + width: 30%; + float:right; + margin-right: 45px; + text-align: right; + } + + button { + height: 25px; + width: 90px; + margin-bottom: 10px; + } + + #validation { + position: absolute; + bottom: 0px; + margin-left: 270px; + padding-bottom: 10px; + } + + } + + @media screen and (max-width: 205px) { + #localBKU p { + font-size: 0.6em; + } + + #localBKU input { + font-size: 0.7em; + min-width: 70px; + min-height: 1.2em; + border-radius: 5px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.8em; + min-width: 65px; + min-height: 1.3em; + /* border-radius: 5px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.65em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.8em; + margin-top: -0.4em; + } + } + + @media screen and (max-width: 249px) and (min-width: 206px) { + #localBKU p { + font-size: 0.7em; + } + + #localBKU input { + font-size: 0.85em; + min-width: 80px; + min-height: 0.95em; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 0.85em; + min-width: 70px; + min-height: 0.95em; + /* border-radius: 6px; */ + margin-bottom: 2% + } + + #mandateLogin { + font-size: 0.75em; + } + + #bku_header h2, #selectArea h3 { + font-size: 0.9em; + margin-top: -0.45em; + } + } + + @media screen and (max-width: 299px) and (min-width: 250px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.0em; + min-height: 1.05em; + /* border-radius: 7px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.0em; + margin-top: -0.50em; + } + } + + @media screen and (max-width: 399px) and (min-width: 300px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.1em; + min-height: 1.2em; + /* border-radius: 8px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.1em; + margin-top: -0.55em; + } + } + + @media screen and (max-width: 649px) and (min-width: 400px) { + #localBKU p { + font-size: 0.9em; + } + + #localBKU input { + font-size: 0.9em; + min-width: 100px; + border-radius: 6px; + } + + #bkuselectionarea button, .setAssertionButton_full { + font-size: 1.3em; + min-height: 1.3em; +/* border-radius: 10px; */ + margin-bottom: 5%; + } + + #mandateLogin { + font-size: 1.2em; + } + + #bku_header h2, #selectArea h3 { + font-size: 1.3em; + margin-top: -0.65em; + } + } + + + + @media screen and (max-width: 649px) { + + body { + margin:0; + padding:0; + color : #000; + text-align: center; + font-size: 100%; + background-color: #MAIN_BACKGOUNDCOLOR#; + } + + #page { + visibility: hidden; + margin-top: 0%; + } + + #page1 { + visibility: hidden; + } + + #main { + visibility: hidden; + } + + #validation { + visibility: hidden; + display: none; + } + + .OA_header { + margin-bottom: 0px; + margin-top: 0px; + font-size: 0pt; + visibility: hidden; + } + + #leftcontent { + visibility: visible; + margin-bottom: 0px; + text-align: left; + border:none; + min-width: 190px; +/* min-height: 190px; */ + vertical-align: middle; + + } + + #bku_header { + height: 10%; + min-height: 1.2em; + margin-top: 1%; + } + + h2#tabheader{ + padding-left: 2%; + padding-right: 2%; + padding-top: 1%; + position: relative; + top: 50%; + } + + #bkulogin { + min-width: 190px; + min-height: 150px; + } + + .setAssertionButton_full { + margin-top: 15px; + width: 70%; + height: 11%; + min-width: 60px; + min-height: 25px; + } + + #selectArea h3 { + margin-top: 2%; + } + + button { + height: 11%; + width: 70%; + } + } + + * { + margin: 0; + padding: 0; +/* border: 0; */ + font-family: #FONTTYPE#; + } + + #selectArea { + padding-top: 10px; + padding-bottom: 55px; + padding-left: 10px; + } + + .setAssertionButton { + background: #efefef; + cursor: pointer; + margin-top: 15px; + width: 70px; + height: 25px; + } + + #leftbutton { + width: 35%; + float:left; + margin-left: 15px; + } + + #rightbutton { + width: 35%; + float:right; + margin-right: 25px; + text-align: right; + } + + #stork { + margin-bottom: 10px; + margin-top: 5px; + } + + #mandateLogin { + padding-bottom: 2%; + padding-top: 2%; + height: 10%; + position: relative; + text-align: center; + } + + .verticalcenter { + vertical-align: middle; + } + + #mandateLogin > div { + clear: both; + margin-top: -1%; + position: relative; + top: 50%; + } + + #bkuselectionarea { + position: relative; + display: block; + } + + #localBKU { + padding-left: 5%; + padding-right: 2%; + padding-bottom: 2%; + position: relative; + clear: both; + } + + #bkukarte { + float:left; + text-align:center; + width:40%; + min-height: 70px; + padding-left: 5%; + padding-top: 2%; + } + + #bkuhandy { + float:right; + text-align:center; + width:40%; + min-height: 90px; + padding-right: 5%; + padding-top: 2%; + } + + .bkuimage { + width: 90%; + height: auto; + } + + #mandate{ + text-align:center; + padding : 5px 5px 5px 5px; + } + + button, .sendButton { +/* background: #BUTTON_BACKGROUNDCOLOR#; + color: #BUTTON_COLOR#; */ + cursor: pointer; + +/* border:1px solid #000; + box-shadow: 3px 3px 3px #222222; */ + } + + button:hover, button:focus, button:active, + .sendButton:hover , .sendButton:focus, .sendButton:active, + #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active { +/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#; + color: #BUTTON_COLOR#; */ + cursor: pointer; + +/* border:1px solid #000; + box-shadow: -1px -1px 3px #222222; */ + } + + #installJava, #BrowserNOK { + clear:both; + font-size:0.8em; + padding:4px; + } + + .selectText{ + + } + + .selectTextHeader{ + + } + + #leftcontent a { + text-decoration:none; + color: #000; + /* display:block;*/ + padding:4px; + } + + #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active { + text-decoration:underline; + color: #000; + } + + .infobutton { + background-color: #005a00; + color: white; + font-family: serif; + text-decoration: none; + padding-top: 2px; + padding-right: 4px; + padding-bottom: 2px; + padding-left: 4px; + font-weight: bold; + } + + .hell { + background-color : #MAIN_BACKGOUNDCOLOR#; + color: #MAIN_COLOR#; + } + + .dunkel { + background-color: #HEADER_BACKGROUNDCOLOR#; + color: #HEADER_COLOR#; + } + + .main_header { + color: black; + font-size: 32pt; + position: absolute; + right: 10%; + top: 40px; + + } + + </style> + + + <title>Anmeldung an Online-Applikation</title> +</head> + + +<body> + <div id="page"> + + <div id="page1" class="case selected-case" role="main"> + +<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> --> + + <div id="main"> + <div id="leftcontent" class="hell"> + <div id="bku_header" class="dunkel"> + <h2 id="tabheader" class="dunkel" role="heading"> + Anmeldeinformationen: + </h2> + </div> + + <div id="selectArea" class="hell" role="application"> + <h3>Anmeldung an: #OAName#</h3> + +<!-- <div class="hell"> --> + <div id="leftbutton"> + <form method="post" id="moaidform_yes" action="#URL#"> + <input type="hidden" name="value" value="true"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + <div id="rightbutton"> + <form method="post" id="moaidform_no" action="#URL#"> + <input type="hidden" name="value" value="false"> + <input type="hidden" name="mod" value="#MODUL#"> + <input type="hidden" name="action" value="#ACTION#"> + <input type="hidden" name="identifier" value="#ID#"> + <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button"> + </form> + </div> + + </div> + </div> + </div> + </div> + <div id="validation"> + <a href="http://validator.w3.org/check?uri="> + <img style="border:0;width:88px;height:31px" + src="#CONTEXTPATH#/img/valid-html5-blue.png" + alt="HTML5 ist valide!" /> + </a> + <a href="http://jigsaw.w3.org/css-validator/"> + <img style="border:0;width:88px;height:31px" + src="http://jigsaw.w3.org/css-validator/images/vcss-blue" + alt="CSS ist valide!" /> + </a> + </div> + </div> +</body> +</html> diff --git a/id/server/doc/conf/moa-id/keys/assertion.crt b/id/server/doc/conf/moa-id/keys/assertion.crt new file mode 100644 index 000000000..aa4e23cb1 --- /dev/null +++ b/id/server/doc/conf/moa-id/keys/assertion.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0 +MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV +BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0 +ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts +2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y ++4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8 +upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn +SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9 +8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O +BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3 +EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T +dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD +ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ +KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl +DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b +crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60 +LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3 +0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5 +ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo= +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id/keys/encryption.crt b/id/server/doc/conf/moa-id/keys/encryption.crt new file mode 100644 index 000000000..c9d94f9b6 --- /dev/null +++ b/id/server/doc/conf/moa-id/keys/encryption.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID9zCCAt+gAwIBAgIJAMC/5DRgVin3MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCkVuY3J5cHRpb24wHhcNMTQwMjA0MTA0 +MjA2WhcNMjQwMjAyMTA0MjA2WjBaMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29t +ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD +VQQDEwpFbmNyeXB0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA +qgKWs3IW4giGsbAUm/wRH+lcggVpOPkNqqtNA48Qfwkq/lSWdeHp0+xXOwR1Oull +TpmfbqJouUoHf6jCt1EXqlQR2oQ1oYYjLncVMhZ9ajXVFJEBl6tw9Em4aCzkkTdL +HfWoh21iDnYOXTgP23/59xpuvy85O39hKnysXIcniqeb1uHthMiN25R8g4bPOQNb +OfoMXpXdVbHxM77ZDSbk88BMRsq8SnlPdelaf8HsZomtnLKXvSDLivTZloxtHjBa +aJNS/H1zr3HI+lq4S4VH+8ilj53OeWHjstGCFiTRtZy2hZvG2PegNIL7shMN/h4i +h+OCn/ImAW9Kf599wve5iQIDAQABo4G/MIG8MB0GA1UdDgQWBBQzMzOrGfjN+Tnz +zbFTyLPgHS4FkjCBjAYDVR0jBIGEMIGBgBQzMzOrGfjN+TnzzbFTyLPgHS4FkqFe +pFwwWjELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT +GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKRW5jcnlwdGlvboIJ +AMC/5DRgVin3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADZoknf +lcG0O9sL8CALO6UmPy1+ZlOXndoqqNu3uvzj7hvjT5RPY4hTyfrkUn5EqlHwLSCf +C7rOxcGvRHT3/REwOef8H3MGdSV81esa5EbrRfGWjLOXoQFrIOhz5bxqoU0B7Obh +3IUA2yCGz4SlXjMdMWN670ETglnthdY4z2Ot8n4E2YNXlRSubowat7ylkqjKvyaB +Iz/RVgDxblkOK+bqPSKaNWvadItnMyh7Y8C3LD3tQpwYViJ0QOJ9BMujULma7Tb8 +lVIhmx3y2cU8nCqG0VPSTE6AMnuONuQjJTGFsRdDREFrALtjUpsUOXU6+19ywYSi +LYiLYskPglktuck= +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id/keys/metadata.crt b/id/server/doc/conf/moa-id/keys/metadata.crt new file mode 100644 index 000000000..bd9640b37 --- /dev/null +++ b/id/server/doc/conf/moa-id/keys/metadata.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV +BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw +MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE +CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk +MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD +ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x +tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY +O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh +zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS +ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW +BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw +ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh +dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ +TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M ++uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0 +p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA +oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv +tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/ +Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI= +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id/keys/moa_idp[password].p12 b/id/server/doc/conf/moa-id/keys/moa_idp[password].p12 Binary files differnew file mode 100644 index 000000000..78cab1e89 --- /dev/null +++ b/id/server/doc/conf/moa-id/keys/moa_idp[password].p12 diff --git a/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks b/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks Binary files differnew file mode 100644 index 000000000..8196ab319 --- /dev/null +++ b/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks diff --git a/id/server/doc/conf/moa-id/log4j.properties b/id/server/doc/conf/moa-id/log4j.properties new file mode 100644 index 000000000..310b58a3d --- /dev/null +++ b/id/server/doc/conf/moa-id/log4j.properties @@ -0,0 +1,27 @@ +# commons-logging setup +org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory + +# define log4j root loggers +log4j.rootLogger=info, stdout, R +log4j.logger.at.gv.egovernment.moa=info +log4j.logger.at.gv.egovernment.moa.spss=info +log4j.logger.iaik.server=info +log4j.logger.at.gv.egovernment.moa.id=info +log4j.logger.at.gv.egovernment.moa.id.proxy=info +log4j.logger.eu.stork=info +log4j.logger.org.hibernate=warn + +# configure the stdout appender +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n +log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n + +# configure the rolling file appender (R) +log4j.appender.R=org.apache.log4j.RollingFileAppender +log4j.appender.R.File=${catalina.base}/logs/moa-id.log +log4j.appender.R.MaxFileSize=10000KB +log4j.appender.R.MaxBackupIndex=1 +log4j.appender.R.layout=org.apache.log4j.PatternLayout +log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n + diff --git a/id/server/doc/conf/moa-id/moa-id.properties b/id/server/doc/conf/moa-id/moa-id.properties new file mode 100644 index 000000000..bf9cf84d0 --- /dev/null +++ b/id/server/doc/conf/moa-id/moa-id.properties @@ -0,0 +1,117 @@ +##General MOA-ID 2.0 Configuration + +#MOA-ID 2.0 XML configuration files (necessary, if inmemory database is used) +#configuration.xml=$PATH_TO_CONFIG$/conf/moa-id/MOAIDConfiguration-2.0.xml + +##For Testing +configuration.validation.certificate.QC.ignore=false +protocols.pvp2.assertion.encryption.active=false + +##General MOA-ID 2.0 operations +#MOA-ID 2.0 session information encryption key (PassPhrase) +configuration.moasession.key=SessionEncryptionKey + +#MOA-ID 2.0 Monitoring Servlet +configuration.monitoring.active=false +configuration.monitoring.message.success=All Tests passed! +configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/monitoring/monitoring_idl.xml + +#MOA-ID 2.0 Advanced Logging +configuration.advancedlogging.active=false + +##Webservice Client Configuration +#MOA-SP webservice +#service.moasp.acceptedServerCertificates= +#service.moasp.clientKeyStore= +#service.moasp.clientKeyStorePassword= + +#Online mandates webservice (MIS) +service.onlinemandates.acceptedServerCertificates= +service.onlinemandates.clientKeyStore=keys/.... +service.onlinemandates.clientKeyStorePassword= + +#Foreign Identities (SZRGW) +service.foreignidentities.acceptedServerCertificates= +service.foreignidentities.clientKeyStore=keys/.... +service.foreignidentities.clientKeyStorePassword= + + +##Protocol configuration## +#PVP2 +protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12 +protocols.pvp2.idp.ks.kspassword=password +protocols.pvp2.idp.ks.metadata.alias=pvp_metadata +protocols.pvp2.idp.ks.metadata.keypassword=password +protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion +protocols.pvp2.idp.ks.assertion.sign.keypassword=password + +#OpenID connect (OAuth) +protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp.p12 +protocols.oauth20.jwt.ks.password=password +protocols.oauth20.jwt.ks.key.name=oauth +protocols.oauth20.jwt.ks.key.password=password + +##Database configuration## +#Hibnerate configuration for MOA-ID 2.0 session store +moasession.hibernate.dialect=org.hibernate.dialect.MySQLDialect +moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8 +moasession.hibernate.connection.charSet=utf-8 +moasession.hibernate.connection.driver_class=com.mysql.jdbc.Driver +moasession.hibernate.connection.username= +moasession.hibernate.connection.password= + +moasession.hibernate.hbm2ddl.auto=update +moasession.hibernate.current_session_context_class=thread +moasession.hibernate.transaction.flush_before_completion=true +moasession.hibernate.transaction.auto_close_session=true +moasession.hibernate.show_sql=false +moasession.hibernate.format_sql=true +moasession.hibernate.c3p0.acquire_increment=3 +moasession.hibernate.c3p0.idle_test_period=60 +moasession.hibernate.c3p0.timeout=60 +moasession.hibernate.c3p0.max_size=20 +moasession.hibernate.c3p0.max_statements=0 +moasession.hibernate.c3p0.min_size=3 + +#Hibnerate configuration for MOA-ID 2.0 configuration +configuration.hibernate.dialect=org.hibernate.dialect.MySQLDialect +configuration.hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true +configuration.hibernate.connection.charSet=utf-8 +configuration.hibernate.connection.driver_class=com.mysql.jdbc.Driver +configuration.hibernate.connection.username= +configuration.hibernate.connection.password= + +configuration.hibernate.hbm2ddl.auto=update +configuration.hibernate.current_session_context_class=thread +configuration.hibernate.transaction.auto_close_session=true +configuration.hibernate.show_sql=false +configuration.hibernate.format_sql=true +configuration.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider +configuration.hibernate.c3p0.acquire_increment=3 +configuration.hibernate.c3p0.idle_test_period=60 +configuration.hibernate.c3p0.timeout=300 +configuration.hibernate.c3p0.max_size=20 +configuration.hibernate.c3p0.max_statements=0 +configuration.hibernate.c3p0.min_size=3 + +# +#Hibnerate configuration for MOA-ID 2.0 advanced statistic logging +advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQLDialect +advancedlogging.hibernate.connection.url=jdbc:mysql://localhost/moa-id-statistic?charSet=utf-8&autoReconnect=true +advancedlogging.hibernate.connection.charSet=utf-8 +advancedlogging.hibernate.connection.driver_class=com.mysql.jdbc.Driver +advancedlogging.hibernate.connection.username= +advancedlogging.hibernate.connection.password= + +advancedlogging.hibernate.hbm2ddl.auto=update +advancedlogging.hibernate.current_session_context_class=thread +advancedlogging.hibernate.transaction.auto_close_session=true +advancedlogging.hibernate.show_sql=false +advancedlogging.hibernate.format_sql=true +advancedlogging.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider +advancedlogging.hibernate.c3p0.acquire_increment=3 +advancedlogging.hibernate.c3p0.idle_test_period=60 +advancedlogging.hibernate.c3p0.timeout=300 +advancedlogging.hibernate.c3p0.max_size=20 +advancedlogging.hibernate.c3p0.max_statements=0 +advancedlogging.hibernate.c3p0.min_size=3 diff --git a/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt b/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt new file mode 100644 index 000000000..7c3252dcb --- /dev/null +++ b/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8TCCAdkCBFM0RyYwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UEBhMCQVQxDTAL +BgNVBAoMBEVHSVoxHzAdBgNVBAMMFk1PQS1JRC1BdXRoX01vbml0b3JpbmcwHhcN +MTQwMzI3MTU0MzM0WhcNMTYwOTEyMTU0MzM0WjA9MQswCQYDVQQGEwJBVDENMAsG +A1UECgwERUdJWjEfMB0GA1UEAwwWTU9BLUlELUF1dGhfTW9uaXRvcmluZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSQBR+b3KmRUklO9lmQzVtWCY4Y +/mI3FR5Jma5hjosmKaFfLrExwpXMZIpDFljULtF1+pOaln66rlqRBOvzkhJvY5xD +31GEG1XRi6rWxLGObmTuG2ZeSh3KpPOReUyrkrQ2UFQEo5Ytc/C/Ad3vQJdw3hPa +Koi0Uszgyf3a1RD8b2EewqYXxPHMortSzbpg9cZ7BYg2+iAF2WbgAmUx0Kp7GvfN +QnPMWZtu0E/pBEn5QKc6UZm1F0KR/Vq/ymDdEPlX+4261Ak26lyJJcn0BRRgrkK5 +bced+/SvxzXNae03ePSx4q9g4VLZw+j28lIpk1ngH8V8EAjzQDOBzvQQ6jsCAwEA +ATANBgkqhkiG9w0BAQUFAAOCAQEAPis2r4hI6ld6KDnHs+f8wC3Vr/atFqeryqlj +COIoX6HoxSczvGY7uimek43ezD+PDUntohrlukZO6YfqKrlgKBWg1kiBxK0ISZkS +QgIraHexuT6eZ4558I43eGEiATzEkb+h60aO4YI7IyVbS5T9Rwb8fv9LzUgDtTtZ +ALtVVr9c3ZG+O7bYEFNA0jkHU3n8gzLNsR5TVB8S693VDv8OMn8oef0EXRCuTW9V +GUQyNpAO/gtlSW43NOc/ZL4lPdl0qzYtil5mKUTvuMvec37lhlpbzywSHq8boGBA +RDjfEDR8ObgjGU7ik9nBkNMgeB6rEOAYZmiCZVMMUxPuIF9Nzw== +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml b/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml new file mode 100644 index 000000000..6a0602c04 --- /dev/null +++ b/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml @@ -0,0 +1,87 @@ +<?xml version="1.0" encoding="UTF-8"?> +<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <saml:AttributeStatement> + <saml:Subject> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> + <saml:SubjectConfirmationData> + <pr:Person si:type="pr:PhysicalPersonType"> + <pr:Identification> + <pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value> + <pr:Type>urn:publicid:gv.at:baseid</pr:Type> + </pr:Identification> + <pr:Name> + <pr:GivenName>XXXRúùd</pr:GivenName> + <pr:FamilyName primary="undefined">XXXVà n Nisteĺrooy</pr:FamilyName> + </pr:Name> + <pr:DateOfBirth>1969-02-13</pr:DateOfBirth> + </pr:Person> + </saml:SubjectConfirmationData> + </saml:SubjectConfirmation> + </saml:Subject> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"> + <saml:AttributeValue> + <ecdsa:ECDSAKeyValue> + <ecdsa:DomainParameters> + <ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/> + </ecdsa:DomainParameters> + <ecdsa:PublicKey> + <ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/> + <ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/> + </ecdsa:PublicKey> + </ecdsa:ECDSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2"> + <saml:AttributeValue> + <dsig:RSAKeyValue> + <dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/ +t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm +P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg +gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus> + <dsig:Exponent>AQAB</dsig:Exponent> + </dsig:RSAKeyValue> + </saml:AttributeValue> + </saml:Attribute> + </saml:AttributeStatement> + <dsig:Signature> + <dsig:SignedInfo> + <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> + <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> + <dsig:Reference URI=""> + <dsig:Transforms> + <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> + </dsig:Transforms> + <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> + <dsig:DigestValue>s/7GYPVfkHIvy5RcB5QRnXVSWwo=</dsig:DigestValue> + </dsig:Reference> + </dsig:SignedInfo> + <dsig:SignatureValue>LSsx2zO/XyJ9RCEcChmQ2+251PtaFz07sBw1DBw0Eui4mjRRMSaKXxD0GoQDRzvQQNYusLNqpGiixscBIb4XcR8ipSjZVPnH2E19o/O2fz2uFDWnlCHEhhG8OMNT2XzS6lZtMSSzVcAJINLBlz6DKG63+NhClb+1lUHoLa5CpwYDW/guVKLng8PNElBY5mw3GOSL8PskFsYK+bnRUAvvgGigm3XLtlZ4QQWDsGBNgJxW0boAm5vei+YVHVxrkL2YDkdvGUmD+RjzwZx8fxlfN4ajR00Q5mNc0xQtaL/g+vKdL6EeegZAKPZ/jrEpN0RZfuxPaAmt4t0Jav51mTKa4w==</dsig:SignatureValue> + <dsig:KeyInfo> + <dsig:KeyValue> + <dsig:RSAKeyValue> + <dsig:Modulus>lJAFH5vcqZFSSU72WZDNW1YJjhj+YjcVHkmZrmGOiyYpoV8usTHClcxkikMWWNQu0XX6k5qWfrquWpEE6/OSEm9jnEPfUYQbVdGLqtbEsY5uZO4bZl5KHcqk85F5TKuStDZQVASjli1z8L8B3e9Al3DeE9oqiLRSzODJ/drVEPxvYR7CphfE8cyiu1LNumD1xnsFiDb6IAXZZuACZTHQqnsa981Cc8xZm27QT+kESflApzpRmbUXQpH9Wr/KYN0Q+Vf7jbrUCTbqXIklyfQFFGCuQrltx5379K/HNc1p7Td49LHir2DhUtnD6PbyUimTWeAfxXwQCPNAM4HO9BDqOw==</dsig:Modulus> + <dsig:Exponent>AAEAAQ==</dsig:Exponent> + </dsig:RSAKeyValue> + </dsig:KeyValue> + <dsig:X509Data> + <dsig:X509Certificate>MIIC8TCCAdkCBFM0RyYwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UEBhMCQVQxDTAL +BgNVBAoMBEVHSVoxHzAdBgNVBAMMFk1PQS1JRC1BdXRoX01vbml0b3JpbmcwHhcN +MTQwMzI3MTU0MzM0WhcNMTYwOTEyMTU0MzM0WjA9MQswCQYDVQQGEwJBVDENMAsG +A1UECgwERUdJWjEfMB0GA1UEAwwWTU9BLUlELUF1dGhfTW9uaXRvcmluZzCCASIw +DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSQBR+b3KmRUklO9lmQzVtWCY4Y +/mI3FR5Jma5hjosmKaFfLrExwpXMZIpDFljULtF1+pOaln66rlqRBOvzkhJvY5xD +31GEG1XRi6rWxLGObmTuG2ZeSh3KpPOReUyrkrQ2UFQEo5Ytc/C/Ad3vQJdw3hPa +Koi0Uszgyf3a1RD8b2EewqYXxPHMortSzbpg9cZ7BYg2+iAF2WbgAmUx0Kp7GvfN +QnPMWZtu0E/pBEn5QKc6UZm1F0KR/Vq/ymDdEPlX+4261Ak26lyJJcn0BRRgrkK5 +bced+/SvxzXNae03ePSx4q9g4VLZw+j28lIpk1ngH8V8EAjzQDOBzvQQ6jsCAwEA +ATANBgkqhkiG9w0BAQUFAAOCAQEAPis2r4hI6ld6KDnHs+f8wC3Vr/atFqeryqlj +COIoX6HoxSczvGY7uimek43ezD+PDUntohrlukZO6YfqKrlgKBWg1kiBxK0ISZkS +QgIraHexuT6eZ4558I43eGEiATzEkb+h60aO4YI7IyVbS5T9Rwb8fv9LzUgDtTtZ +ALtVVr9c3ZG+O7bYEFNA0jkHU3n8gzLNsR5TVB8S693VDv8OMn8oef0EXRCuTW9V +GUQyNpAO/gtlSW43NOc/ZL4lPdl0qzYtil5mKUTvuMvec37lhlpbzywSHq8boGBA +RDjfEDR8ObgjGU7ik9nBkNMgeB6rEOAYZmiCZVMMUxPuIF9Nzw==</dsig:X509Certificate> + </dsig:X509Data> + </dsig:KeyInfo> + </dsig:Signature> +</saml:Assertion> diff --git a/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml new file mode 100644 index 000000000..fc99cea79 --- /dev/null +++ b/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet --> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateless</LoginType> + <BasicAuth> + <UserID>MOAFamilyName</UserID> + <Password>MOAGivenName</Password> + </BasicAuth> +</Configuration> diff --git a/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml new file mode 100644 index 000000000..4d34c3646 --- /dev/null +++ b/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet --> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateless</LoginType> + <HeaderAuth> + <!-- zusaetzlicher Header GivenName --> + <Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header> + <Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header> + </HeaderAuth> +</Configuration> diff --git a/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml new file mode 100644 index 000000000..979faca95 --- /dev/null +++ b/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet --> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateless</LoginType> + <ParamAuth> + <!-- URL Parameter GivenName und FamilyName --> + <Parameter Name="GivenName" Value="MOAGivenName"></Parameter> + <Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter> + </ParamAuth> +</Configuration> diff --git a/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml new file mode 100644 index 000000000..edbfe7aa5 --- /dev/null +++ b/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Demokonfiguration fuer Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet --> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateless</LoginType> + <BasicAuth> + <UserID>MOAFamilyName</UserID> + <Password>MOAGivenName</Password> + </BasicAuth> +</Configuration> diff --git a/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml new file mode 100644 index 000000000..2cff3bd67 --- /dev/null +++ b/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml @@ -0,0 +1,9 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet --> +<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <LoginType>stateless</LoginType> + <BasicAuth> + <UserID>MOAWBPK</UserID> + <Password>MOAGivenName</Password> + </BasicAuth> +</Configuration> diff --git a/id/server/doc/conf/moa-id/stork/SamlEngine.xml b/id/server/doc/conf/moa-id/stork/SamlEngine.xml new file mode 100644 index 000000000..166a48ff8 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/SamlEngine.xml @@ -0,0 +1,70 @@ +<?xml version="1.0" encoding="UTF-8"?> +<instances> + + + <!-- Configuration name--> + <instance name="outgoing"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_outgoing.xml" /> + </configuration> + + <!-- Settings module signature--> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_outgoing.xml" /> + </configuration> + </instance> + + <instance name="incoming"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_incoming.xml" /> + </configuration> + + <!-- Settings module signature--> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_incoming.xml" /> + </configuration> + </instance> + + + <instance name="incoming_attr"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" /> + </configuration> + + <!-- Settings module signature--> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" /> + </configuration> + </instance> + + + <instance name="VIDP"> + <!-- Configurations parameters StorkSamlEngine --> + <configuration name="SamlEngineConf"> + <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" /> + </configuration> + + <!-- Settings module signature--> + <configuration name="SignatureConf"> + <!-- Specific signature module --> + <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" /> + <!-- Settings specific module --> + <parameter name="fileConfiguration" value="SignModule_incoming.xml" /> + </configuration> + </instance> + + + +</instances> diff --git a/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml b/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml new file mode 100644 index 000000000..68b15e667 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> +</properties> diff --git a/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml new file mode 100644 index 000000000..68b15e667 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> +</properties> diff --git a/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml b/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml new file mode 100644 index 000000000..7139c5a41 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SWModule sign with JKS.</comment> + <entry key="keystorePath">projects/stork2/code/moa-idspss/id/server/stork2-saml-engine/src/test/resources/storkDemoKeys.jks</entry> + <entry key="keyStorePassword">local-demo</entry> + <entry key="keyPassword">local-demo</entry> + <entry key="issuer">CN=local-demo-cert, O=Indra, L=Madrid, ST=Spain, C=ES</entry> + <entry key="serialNumber">4BA89DB2</entry> + <entry key="keystoreType">JKS</entry> +</properties>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml new file mode 100644 index 000000000..83e69ac23 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SAML constants for AuthnRequests and Responses.</comment> + + <!-- + Types of consent obtained from the user for this authentication and + data transfer. + Allow values: 'unspecified'. + --> + <entry key="consentAuthnRequest">unspecified</entry> + + <!-- + Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'. + --> + <entry key="consentAuthnResponse">obtained</entry> + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + --> + <entry key="formatEntity">entity</entry> + + <!--Only HTTP-POST binding is only supported for inter PEPS--> + <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP--> + <entry key="protocolBinding">HTTP-POST</entry> + + + + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + <entry key="eIDSectorShare">true</entry> + <entry key="eIDCrossSectorShare">true</entry> + <entry key="eIDCrossBorderShare">true</entry> + --> + + + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="friendlyName">false</entry> + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="isRequired">true</entry> + + <!--PEPS in the Service Provider's country--> + <entry key="requester">http://S-PEPS.gov.xx</entry> + + <!--PEPS in the citizen's origin country--> + <entry key="responder">http://C-PEPS.gov.xx</entry> + + <!--Subject cannot be confirmed on or after this seconds time (positive number)--> + <entry key="timeNotOnOrAfter">300</entry> + + <!--Validation IP of the response--> + <entry key="ipAddrValidation">false</entry> + + + <!--Subject Attribute Definitions--> + <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry> + <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry> + <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry> + <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry> + <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry> + <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry> + <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry> + <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry> + <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry> + <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry> + <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry> + <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry> + <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry> + <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry> + <entry key="age">http://www.stork.gov.eu/1.0/age</entry> + <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry> + <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry> + + <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry> + <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry> + + <entry key="title">http://www.stork.gov.eu/1.0/title</entry> + <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry> + + <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry> + <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry> + + <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry> + <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry> + <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry> + <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry> + <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry> + <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry> + +</properties> diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml new file mode 100644 index 000000000..83e69ac23 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SAML constants for AuthnRequests and Responses.</comment> + + <!-- + Types of consent obtained from the user for this authentication and + data transfer. + Allow values: 'unspecified'. + --> + <entry key="consentAuthnRequest">unspecified</entry> + + <!-- + Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'. + --> + <entry key="consentAuthnResponse">obtained</entry> + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + --> + <entry key="formatEntity">entity</entry> + + <!--Only HTTP-POST binding is only supported for inter PEPS--> + <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP--> + <entry key="protocolBinding">HTTP-POST</entry> + + + + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + <entry key="eIDSectorShare">true</entry> + <entry key="eIDCrossSectorShare">true</entry> + <entry key="eIDCrossBorderShare">true</entry> + --> + + + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="friendlyName">false</entry> + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="isRequired">true</entry> + + <!--PEPS in the Service Provider's country--> + <entry key="requester">http://S-PEPS.gov.xx</entry> + + <!--PEPS in the citizen's origin country--> + <entry key="responder">http://C-PEPS.gov.xx</entry> + + <!--Subject cannot be confirmed on or after this seconds time (positive number)--> + <entry key="timeNotOnOrAfter">300</entry> + + <!--Validation IP of the response--> + <entry key="ipAddrValidation">false</entry> + + + <!--Subject Attribute Definitions--> + <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry> + <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry> + <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry> + <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry> + <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry> + <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry> + <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry> + <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry> + <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry> + <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry> + <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry> + <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry> + <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry> + <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry> + <entry key="age">http://www.stork.gov.eu/1.0/age</entry> + <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry> + <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry> + + <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry> + <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry> + + <entry key="title">http://www.stork.gov.eu/1.0/title</entry> + <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry> + + <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry> + <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry> + + <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry> + <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry> + <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry> + <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry> + <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry> + <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry> + +</properties> diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml new file mode 100644 index 000000000..83e69ac23 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SAML constants for AuthnRequests and Responses.</comment> + + <!-- + Types of consent obtained from the user for this authentication and + data transfer. + Allow values: 'unspecified'. + --> + <entry key="consentAuthnRequest">unspecified</entry> + + <!-- + Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'. + --> + <entry key="consentAuthnResponse">obtained</entry> + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + --> + <entry key="formatEntity">entity</entry> + + <!--Only HTTP-POST binding is only supported for inter PEPS--> + <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP--> + <entry key="protocolBinding">HTTP-POST</entry> + + + + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + <entry key="eIDSectorShare">true</entry> + <entry key="eIDCrossSectorShare">true</entry> + <entry key="eIDCrossBorderShare">true</entry> + --> + + + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="friendlyName">false</entry> + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="isRequired">true</entry> + + <!--PEPS in the Service Provider's country--> + <entry key="requester">http://S-PEPS.gov.xx</entry> + + <!--PEPS in the citizen's origin country--> + <entry key="responder">http://C-PEPS.gov.xx</entry> + + <!--Subject cannot be confirmed on or after this seconds time (positive number)--> + <entry key="timeNotOnOrAfter">300</entry> + + <!--Validation IP of the response--> + <entry key="ipAddrValidation">false</entry> + + + <!--Subject Attribute Definitions--> + <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry> + <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry> + <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry> + <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry> + <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry> + <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry> + <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry> + <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry> + <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry> + <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry> + <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry> + <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry> + <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry> + <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry> + <entry key="age">http://www.stork.gov.eu/1.0/age</entry> + <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry> + <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry> + + <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry> + <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry> + + <entry key="title">http://www.stork.gov.eu/1.0/title</entry> + <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry> + + <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry> + <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry> + + <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry> + <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry> + <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry> + <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry> + <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry> + <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry> + +</properties> diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml new file mode 100644 index 000000000..b095b9e7e --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd"> + +<properties> + <comment>SAML constants for AuthnRequests and Responses.</comment> + + <!-- + Types of consent obtained from the user for this authentication and + data transfer. + Allow values: 'unspecified'. + --> + <entry key="consentAuthnRequest">unspecified</entry> + + <!-- + Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'. + --> + <entry key="consentAuthnResponse">obtained</entry> + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + --> + <entry key="formatEntity">entity</entry> + + <!--Only HTTP-POST binding is only supported for inter PEPS--> + <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP--> + <entry key="protocolBinding">HTTP-POST</entry> + + + + + <!--URI representing the classification of the identifier + Allow values: 'entity'. + <entry key="eIDSectorShare">true</entry> + <entry key="eIDCrossSectorShare">true</entry> + <entry key="eIDCrossBorderShare">true</entry> + --> + + + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="friendlyName">false</entry> + + <!-- A friendly name for the attribute that can be displayed to a user --> + <entry key="isRequired">true</entry> + + <!--PEPS in the Service Provider's country--> + <entry key="requester">http://S-PEPS.gov.xx</entry> + + <!--PEPS in the citizen's origin country--> + <entry key="responder">http://C-PEPS.gov.xx</entry> + + <!--Subject cannot be confirmed on or after this seconds time (positive number)--> + <entry key="timeNotOnOrAfter">300</entry> + + <!--Validation IP of the response--> + <entry key="ipAddrValidation">false</entry> + + + <!--Subject Attribute Definitions--> + <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry> + <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry> + <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry> + <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry> + <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry> + <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry> + <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry> + <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry> + <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry> + <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry> + <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry> + <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry> + <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry> + <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry> + <entry key="age">http://www.stork.gov.eu/1.0/age</entry> + <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry> + <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry> + + <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry> + <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry> + + <entry key="title">http://www.stork.gov.eu/1.0/title</entry> + <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry> + + <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry> + <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry> + + <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry> + <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry> + <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry> + <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry> + <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry> + <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry> + +</properties>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks b/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks Binary files differnew file mode 100644 index 000000000..f9baad202 --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks diff --git a/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks b/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks Binary files differnew file mode 100644 index 000000000..efaeac86c --- /dev/null +++ b/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml new file mode 100644 index 000000000..1165d8b32 --- /dev/null +++ b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml @@ -0,0 +1,161 @@ +<sl10:TransformsInfo> + <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"> + <xsl:output method="xml" xml:space="default"/> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <head> + <title>Signatur der Anmeldedaten</title> + <style type="text/css" media="screen"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style{ font-size: large; } + </style> + </head> + <body> + <h4 class="h4style">Anmeldedaten:</h4> + <p class="titlestyle">Daten zur Person</p> + <table class="parameters"> + <xsl:if test="normalize-space(//@Issuer)"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + </xsl:if> + <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"> + <tr> + <td class="italicstyle">Geburtsdatum:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">Rolle:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle">Vollmacht:</td> + <td class="normalstyle"> + <xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text> + </td> + </tr> + </xsl:if> + </table> + <p class="titlestyle">Daten zur Anwendung</p> + <table class="parameters"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td class="italicstyle">Staat:</td> + <td class="normalstyle">Österreich</td> + </tr> + </table> + <p class="titlestyle">Technische Parameter</p> + <table class="parameters"> + <tr> + <td class="italicstyle">URL:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"> + <tr> + <td class="italicstyle">Bereich:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle"> + Vollmachten-Referenz:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"> + <tr> + <td class="italicstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"> + <tr> + <td class="italicstyle">Identifikator:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">OID:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="italicstyle">HPI:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <tr> + <td class="italicstyle">Datum:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> + </td> + </tr> + <tr> + <td class="italicstyle">Uhrzeit:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,15,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>application/xhtml+xml</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml new file mode 100644 index 000000000..e225ca6e0 --- /dev/null +++ b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml @@ -0,0 +1,7 @@ +<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style{ font-size: large; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle"> + Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml new file mode 100644 index 000000000..e220b8f82 --- /dev/null +++ b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml @@ -0,0 +1,161 @@ +<sl10:TransformsInfo> + <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"> + <xsl:output method="xml" xml:space="default"/> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <head> + <title>Signing the authentication data</title> + <style type="text/css" media="screen"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style{ font-size: large; } + </style> + </head> + <body> + <h4 class="h4style">Authentication Data:</h4> + <p class="titlestyle">Personal Data</p> + <table class="parameters"> + <xsl:if test="normalize-space(//@Issuer)"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + </xsl:if> + <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"> + <tr> + <td class="italicstyle">Date of Birth:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">Role:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle">Mandate:</td> + <td class="normalstyle"> + <xsl:text>I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate.</xsl:text> + </td> + </tr> + </xsl:if> + </table> + <p class="titlestyle">Application Data</p> + <table class="parameters"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td class="italicstyle">Country:</td> + <td class="normalstyle">Austria</td> + </tr> + </table> + <p class="titlestyle">Technical Parameters</p> + <table class="parameters"> + <tr> + <td class="italicstyle">URL:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"> + <tr> + <td class="italicstyle">Sector:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle"> + Mandate Reference:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"> + <tr> + <td class="italicstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"> + <tr> + <td class="italicstyle">Identifier:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">OID:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="italicstyle">HPI:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <tr> + <td class="italicstyle">Date:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> + </td> + </tr> + <tr> + <td class="italicstyle">Time:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,15,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> + <sl10:FinalDataMetaInfo> + <sl10:MimeType>application/xhtml+xml</sl10:MimeType> + </sl10:FinalDataMetaInfo> +</sl10:TransformsInfo> diff --git a/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml new file mode 100644 index 000000000..14acd54f2 --- /dev/null +++ b/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -0,0 +1,83 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>C-PEPS-Test</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS-Test</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>C-PEPS</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>true</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>MOAIDTransformAuthBlockTable_DE_2.0</cfg:Id> + <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id> + <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id> + <cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 diff --git a/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 diff --git a/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 diff --git a/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 diff --git a/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03 Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03 diff --git a/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 Binary files differnew file mode 100644 index 000000000..73553b996 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 diff --git a/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27 Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27 diff --git a/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E Binary files differnew file mode 100644 index 000000000..3be7b6a06 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E diff --git a/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C Binary files differnew file mode 100644 index 000000000..277b6083a --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C diff --git a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A diff --git a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B diff --git a/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 diff --git a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6 Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6 diff --git a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 diff --git a/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374 Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374 diff --git a/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 diff --git a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA diff --git a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8 Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8 diff --git a/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29 Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29 diff --git a/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6 Binary files differnew file mode 100644 index 000000000..ebfbce9a0 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6 diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt b/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt Binary files differnew file mode 100644 index 000000000..ebfbce9a0 --- /dev/null +++ b/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml new file mode 100644 index 000000000..afeccd25f --- /dev/null +++ b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml @@ -0,0 +1,159 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"> + <xsl:output method="xml" xml:space="default"/> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <head> + <title>Signatur der Anmeldedaten</title> + <style type="text/css" media="screen"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style{ font-size: large; } + </style> + </head> + <body> + <h4 class="h4style">Anmeldedaten:</h4> + <p class="titlestyle">Daten zur Person</p> + <table class="parameters"> + <xsl:if test="normalize-space(//@Issuer)"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + </xsl:if> + <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"> + <tr> + <td class="italicstyle">Geburtsdatum:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">Rolle:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle">Vollmacht:</td> + <td class="normalstyle"> + <xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text> + </td> + </tr> + </xsl:if> + </table> + <p class="titlestyle">Daten zur Anwendung</p> + <table class="parameters"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td class="italicstyle">Staat:</td> + <td class="normalstyle">Österreich</td> + </tr> + </table> + <p class="titlestyle">Technische Parameter</p> + <table class="parameters"> + <tr> + <td class="italicstyle">URL:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"> + <tr> + <td class="italicstyle">Bereich:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle"> + Vollmachten-Referenz:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"> + <tr> + <td class="italicstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"> + <tr> + <td class="italicstyle">Identifikator:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">OID:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="italicstyle">HPI:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <tr> + <td class="italicstyle">Datum:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> + </td> + </tr> + <tr> + <td class="italicstyle">Uhrzeit:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,15,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> +</VerifyTransformsInfoProfile> diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml new file mode 100644 index 000000000..dc472efcb --- /dev/null +++ b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style{ font-size: large; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle"> + Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile>
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml new file mode 100644 index 000000000..1665254fd --- /dev/null +++ b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml @@ -0,0 +1,159 @@ +<?xml version="1.0" encoding="UTF-8"?> +<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"> + <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> + <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"> + <xsl:output method="xml" xml:space="default"/> + <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"> + <html> + <head> + <title>Signing the authentication data</title> + <style type="text/css" media="screen"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style{ font-size: large; } + </style> + </head> + <body> + <h4 class="h4style">Authentication Data:</h4> + <p class="titlestyle">Personal Data</p> + <table class="parameters"> + <xsl:if test="normalize-space(//@Issuer)"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//@Issuer"/> + </td> + </tr> + </xsl:if> + <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"> + <tr> + <td class="italicstyle">Date of Birth:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">Role:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle">Mandate:</td> + <td class="normalstyle"> + <xsl:text>I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate.</xsl:text> + </td> + </tr> + </xsl:if> + </table> + <p class="titlestyle">Application Data</p> + <table class="parameters"> + <tr> + <td class="italicstyle">Name:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/> + </td> + </tr> + <tr> + <td class="italicstyle">Country:</td> + <td class="normalstyle">Austria</td> + </tr> + </table> + <p class="titlestyle">Technical Parameters</p> + <table class="parameters"> + <tr> + <td class="italicstyle">URL:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/> + </td> + </tr> + <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"> + <tr> + <td class="italicstyle">Sector:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"> + <tr> + <td class="italicstyle"> + Mandate Reference:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"> + <tr> + <td class="italicstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"> + <tr> + <td class="italicstyle">Identifier:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"> + <tr> + <td class="italicstyle">OID:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <xsl:if test="//saml:Attribute[@AttributeName='HPI']"> + <tr> + <td class="italicstyle">HPI:</td> + <td class="normalstyle"> + <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/> + </td> + </tr> + </xsl:if> + <tr> + <td class="italicstyle">Date:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,9,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,6,2)"/> + <xsl:text>.</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,1,4)"/> + </td> + </tr> + <tr> + <td class="italicstyle">Time:</td> + <td class="normalstyle"> + <xsl:value-of select="substring(//@IssueInstant,12,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,15,2)"/> + <xsl:text>:</xsl:text> + <xsl:value-of select="substring(//@IssueInstant,18,2)"/> + </td> + </tr> + </table> + </body> + </html> + </xsl:template> + </xsl:stylesheet> + </dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms> +</VerifyTransformsInfoProfile> diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der Binary files differnew file mode 100644 index 000000000..1851527de --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12 b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12 Binary files differnew file mode 100644 index 000000000..314cbc862 --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12 diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore b/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore Binary files differnew file mode 100644 index 000000000..bd9765a4c --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der Binary files differnew file mode 100644 index 000000000..f50aa4d68 --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12 b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12 Binary files differnew file mode 100644 index 000000000..e5820fdf2 --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12 diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore b/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore Binary files differnew file mode 100644 index 000000000..bd9765a4c --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore diff --git a/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der b/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der Binary files differnew file mode 100644 index 000000000..e0f78a82c --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der diff --git a/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore b/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore Binary files differnew file mode 100644 index 000000000..da42549d4 --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore diff --git a/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore b/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore Binary files differnew file mode 100644 index 000000000..bdc296cf4 --- /dev/null +++ b/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer new file mode 100644 index 000000000..af1f5f4a3 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer @@ -0,0 +1,16 @@ +MIIDWDCCAkCgAwIBAAIETgGmXDANBgkqhkiG9w0BAQUFADBuMSYwJAYJKoZIhvcNAQkBFhdqYWxj +YWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UEBhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNV +BAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQuOTQuMjQwHhcNMTEwNjIyMDgyMjUyWhcNMTQwMzE4 +MDgyMjUyWjBuMSYwJAYJKoZIhvcNAQkBFhdqYWxjYWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UE +BhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNVBAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQu +OTQuMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSNeKJi+dOYTy4s/7aL1AXRBj0 +BlPRgHUYknGMU/Aog09AqKz5WZ95926NpufBHVZ5XVKW42Fxfrpk2fnSaAORrk6affYgdfm8HXcd +dCD9i4yQkLADKpe3Gi29YeBUNC+j+E+iJaxP2whuXsLCpkYcmfbvx6yQkiPa3VFtw7omfEgGe1LQ +9+ZvNh36Z895rUP/vgoOKi6AjXed4OgOmtyKx9k7AwnG2w040pt1I6LErlbmxoxtk0/11ecaEjzU +RhxKdCXTuV9jSH7hsnbM9qehLnZSoZqdTYJgxVGyzqpo3SUta13oTn/8ugpRAneoC86m+AA0xmNn +XZRY4pPgqLjxAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABwRU7MLJcbm51fPQHtT+mypYslA4xFy +zve7SyC2zCowFVZhnIwW19Cd0izGjfKPZZYS28N5EHmIQgxSNgJZi6693HINr0K5NPZd/jWRK46I +uLK7je/K3oDUHnQXJ9xDkgRSDPZj/Wf0ZN+CDEAadhKopF5aJi8QyoYIsPxzn0p8SSgy5UsuKko6 +ov12x3B9O9mwM9HprO8FqzXbKdTaBgrZWVYOHPlD+cl9xSdrcZH347iwI6xEMtkASpXmxN9xLueE +jI4eTuH148+Pzyr4iNIvfRQLY9iNJSmjoTJm0oKdGzKN0orSw/Ni53vpInziuR2FjYtQ4Zpf2why +Ht0CXp0=
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer new file mode 100644 index 000000000..e754cad52 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN +AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO +MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt +c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow +ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL +MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD +VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv +z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+ ++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT +OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE +WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au +zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF +AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o +/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu +WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W +VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7 +M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ +QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA== +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer new file mode 100644 index 000000000..e05727d0a --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer @@ -0,0 +1,32 @@ +-----BEGIN CERTIFICATE----- +MIIFjTCCBHWgAwIBAgIEQm3h+zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw +dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg +MDIwHhcNMTEwNzIxMTU0NjMxWhcNMTIwODE3MTU0MTE3WjCBwTELMAkGA1UEBhMC +UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS +QTESMBAGA1UECxMJQ29ycG9yYXRlMTMwMQYDVQQLEypBZ2VuY2lhIHBhcmEgYSBN +b2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmExGDAWBgNVBAsTD1dlYiBBcHBsaWNh +dGlvbjEgMB4GA1UEAxMXUEVQUyBQb3J0dWd1ZXMgZGUgVGVzdGUwgZ8wDQYJKoZI +hvcNAQEBBQADgY0AMIGJAoGBALo91gnq+SQj8yPx8ssFEKuPvAfagO8f+EagEs+u +XJhLx41GpFZesMuolxf86n3TdxJHcLSXI224HqZu3BtXExUiD1LCAvtGCjzOr6Rg +oySwhIQrgMEsKRRpkQN0jQHIMze11EXqVAJ2+MDX9V4cABuIEd9LOOl0PcQmc7m8 +jcKXAgMBAAGjggKRMIICjTALBgNVHQ8EBAMCA/gwOAYIKwYBBQUHAQEELDAqMCgG +CCsGAQUFBzABhhxodHRwOi8vb2NzcC5tdWx0aWNlcnQuY29tL2NhMIHgBgNVHSAE +gdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYBBQUHAgEWMmh0dHA6Ly93d3cubXVs +dGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNhLWNwcy5odG1sMIGDBgsrBgEEAbA8 +CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQAdABwADoALwAvAHcAdwB3AC4AbQB1 +AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMAcAAvAG0AdQBsAHQAaQBjAGUAcgB0 +AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGwwEQYJYIZIAYb4QgEBBAQDAgSwMIIB +AQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRwOi8vd3d3Lm11bHRpY2VydC5jb20v +Y2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRhcDovL2xkYXAubXVsdGljZXJ0LmNv +bS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1VTFRJQ0VSVC1DQSxjPVBUP2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBXoFWgU6RRME8xCzAJBgNVBAYTAnB0 +MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAWBgNVBAMTD01VTFRJQ0VSVC1DQSAw +MjEPMA0GA1UEAxMGQ1JMMjI4MB8GA1UdIwQYMBaAFB3DuYilGL5gpyymY8pmKvwM +J8G9MB0GA1UdDgQWBBRH/+uES4Jsr1UV5WeSoN3v1vUaPDAJBgNVHRMEAjAAMA0G +CSqGSIb3DQEBBQUAA4IBAQAOFAxM2U6HyZgWl5h6UB1MUUL4j9VTQQOs6nw4hm22 +QK3SF+DPL6oXS1j+RKDHYNlpAfQ5r5ObcaxhEkaXOUZJ4q/3z1qScMVaZ1fjU0FB +hRyAUE2qfiHp/0Ql4V2IrQqcBZ+mEQD5DFwNgx/UDr22lO0idjHnmxRed83/Mrm0 +03v+2eAujlsE9NfayP8oo9HkYNh5KvFjveCpUNv4IW18xEJLNDFd3dUEeb9UO+Bv +eEkrxmo6k/k7usuRUfGrXBaFuxcL71l3lFD4k66CB3m7atcbohmbiAYhfHnLegpR +EVKVolR6O3ljt3ou+Y79oI4U7bhn0U256R9hoobnX9Un +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer new file mode 100644 index 000000000..a131767fb --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFbDCCBFSgAwIBAgIEQLK59zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz +aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt +Y2EwHhcNMTAwMzMwMTMwOTIzWhcNMTUwMzMwMTMzOTIzWjCBhjELMAkGA1UEBhMC +c2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0aW9uczESMBAGA1UECxMJU0lURVNU +LUNBMRkwFwYDVQQLExBjZXJ0aWZpY2F0ZXMtd2ViMSswEwYDVQQDEwxURVNUIFBF +UFMgU0kwFAYDVQQFEw0zMDAzMjAxMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOC +AQ8AMIIBCgKCAQEA4h6L9Pv1TK7fz5K6Uur0Rli6EKzZwTtv9xXhSt2xlI4wFWzz +FiCy5/O/Q5GPRa10YoMc8s7WmMdM5yI/bU0BF2t5SYtEH7MwbGaFZFKJt17OtbpZ +AaCSoh6fm1yO0HtVVkG9UdH4mswS3wHp/d1C91lQNba2enVc2p9Nd4gYop/zbroE +toFeDyHxTl0mYN/cUHQFT4H24hzAfWXh2FOBfNSnvNl2HnPJOT6HnrUBsdyzkSzL +N0Eis2R1G5+mQkzAwW6UOroojvMclEJK3z1oekj2OWj1FhalTNmA5D9dkDymTRn4 +o3BW2S7ovmWPmxYUW9s26bkPhz/CbCQwIF9yPQIDAQABo4ICJzCCAiMwDgYDVR0P +AQH/BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwMzMwMTMwOTIzWoEPMjAxNTAzMzAx +MzM5MjNaMEsGA1UdIAREMEIwNgYLKwYBBAGvWQIBAQIwJzAlBggrBgEFBQcCARYZ +aHR0cDovL3d3dy5jYS5nb3Yuc2kvY3BzLzAIBgYEAIswAQIwGAYIKwYBBQUHAQME +DDAKMAgGBgQAjkYBATAeBgNVHREEFzAVgRN0ZXN0LnNpLXBlcHNAZ292LnNpMIH2 +BgNVHR8Ege4wgeswVaBToFGkTzBNMQswCQYDVQQGEwJzaTEbMBkGA1UEChMSc3Rh +dGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3QtY2ExDTALBgNVBAMTBENS +TDMwgZGggY6ggYuGWGxkYXA6Ly94NTAwLmdvdi5zaS9vdT1zaXRlc3QtY2Esbz1z +dGF0ZS1pbnN0aXR1dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0 +P2Jhc2WGL2h0dHA6Ly93d3cuc2lnZW4tY2Euc2kvY3JsL3NpdGVzdC9zaXRlc3Qt +Y2EuY3JsMB8GA1UdIwQYMBaAFFRJB0aHzx2JncqucqeooKBptyHnMB0GA1UdDgQW +BBQySemeDi10DbeTYj1tkGZ5Zo4mwjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQM +MAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQASQ4l1Vd+MRDLFo2A6qYYW +LVqTvtPLIk7v7Bswmq2SFAL2XmPoL5xbQFeDW+LiWhQBmrlgWyI7gbi/1/rs1E00 +Z4Skn8l97tuIyuxvCKTFhJDx9pzgUQGowoCYo9IzcMNQpxx6lkepreCDuc+e0fAb +vTNGEpvQ7DkgrwJdcsUAElQ4OJ0ifELoah1DH8wpU31zr7D3YsizZgpu5TEIGP54 +AOhbFeZEmZlTU6gwNw4iTf6nVQkGaxsJt6gGGsyL8RUuvwpVRR3WmplCtjXryGCe +4B/agAe3EKUh15IaPvWqdixSjySxjBI1bN8IEFHYPZmuwh7Y1FQuOYQGjuSLsJy9 +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer new file mode 100644 index 000000000..d79ad8385 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer @@ -0,0 +1,43 @@ +-----BEGIN CERTIFICATE----- +MIIHrDCCBpSgAwIBAgIIZFwvd8biuV0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE +AxMIQUNDVi1DQTIxDzANBgNVBAsTBlBLSUdWQTEfMB0GA1UEChMWR2VuZXJhbGl0 +YXQgVmFsZW5jaWFuYTELMAkGA1UEBhMCRVMwHhcNMTAwNTI3MTYxNTA2WhcNMTMw +NTI2MTYyNTA2WjCBgTEaMBgGA1UEAwwRUGxhdGFmb3JtYSBAZmlybWExEjAQBgNV +BAUTCVMyODExMDAxQzEbMBkGA1UECwwSc2VsbG8gZWxlY3Ryw7NuaWNvMSUwIwYD +VQQKExxNaW5pc3RlcmlvIGRlIGxhIFByZXNpZGVuY2lhMQswCQYDVQQGEwJFUzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3IaIrzYOjbUYmS2nK7/GpD +R6N3sVbBNxF5s/bCCQ44tL5MIz7I889GCMD8vrCd//5pAezPO8vZLpdh78QUZrCl +k+E79ENYjVmjP4g0KlqlI0b5AOVc+dcE27/V6D6pCYDkVdn7puFDgzzSqksTNdL5 +uZZMM1L7Dkq0DfCjumYrfulp5i5PrYqrOh7wkXB1G+FGP0plN8at0tm5Q8EPXT7n +/ogV9glWXG+vLkfIe2SKkdyU/08fecQH3f/jhrc5Bm0+uFvHP9DcS8usWpZojJWW +iQb96B5bdPXqUsKnZVDj+b7HRkx3UjvvEipMV3Kr5E+E0sg1K4jLgj5+atyoRcEC +AwEAAaOCBFQwggRQMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud +JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUhAkD/z9ux2qjm4l+ +FheI6+F3CfwwHwYDVR0jBBgwFoAUs3jtBaV5QTrC9MBSKP9jQz+/44EwggEyBgNV +HREEggEpMIIBJYEWc29wb3J0ZS5hZmlybWE1QG1wci5lc6SCAQkwggEFMSEwHwYJ +YIVUAQMFAgIBDBJzZWxsbyBlbGVjdHLDs25pY28xKzApBglghVQBAwUCAgITHE1p +bmlzdGVyaW8gZGUgbGEgUHJlc2lkZW5jaWExGDAWBglghVQBAwUCAgMTCVMyODEx +MDAxQzEPMA0GCWCFVAEDBQICBBMAMUQwQgYJYIVUAQMFAgIFDDVQbGF0YWZvcm1h +IGRlIHZhbGlkYWNpw7NuIHkgZmlybWEgZWxlY3Ryw7NuaWNhIEBmaXJtYTEPMA0G +CWCFVAEDBQICBhMAMQ8wDQYJYIVUAQMFAgIHEwAxDzANBglghVQBAwUCAggTADEP +MA0GCWCFVAEDBQICCRMAMIIB8AYDVR0gBIIB5zCCAeMwggHfBgsrBgEEAb9VAxEC +ADCCAc4wggGYBggrBgEFBQcCAjCCAYoeggGGAEMAZQByAHQAaQBmAGkAYwBhAGQA +bwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABwAGEAcgBhACAAcwBlAGwAbABvACAA +ZABlACAA8wByAGcAYQBuAG8AIABlAG4AIABzAG8AcABvAHIAdABlACAAcwBvAGYA +dAB3AGEAcgBlACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUA +dABvAHIAaQB0AGEAdAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzACAA +ZABlACAAbABhACAAQwBvAG0AdQBuAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEA +bgBhACAAKABQAGwALgAgAE0AYQBuAGkAcwBlAHMAIAAxAC4AIABDAEkARgAgAFMA +NAA2ADEAMQAwADAAMQBBACkALgAgAEMAUABTACAAeQAgAEMAUAAgAGUAbgAgAGgA +dAB0AHAAOgAvAC8AdwB3AHcALgBhAGMAYwB2AC4AZQBzMDAGCCsGAQUFBwIBFiRo +dHRwOi8vd3d3LmFjY3YuZXMvbGVnaXNsYWNpb25fYy5odG0wOQYDVR0fBDIwMDAu +oCygKoYoaHR0cDovL3d3dy5hY2N2LmVzL2dlc3RjZXJ0L2FjY3YtY2EyLmNybDAv +BggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmFjY3YuZXMw +OwYIKwYBBQUHAQMELzAtMBQGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQEw +CwYGBACORgEDAgEPMA0GCSqGSIb3DQEBBQUAA4IBAQCknVr82ZpMROTkrk/OwC7e +fccNqbmKEwM4peAUG4tLWnYaDh2hav/3Y7auXkd2CW9XID6C/6E8EqG6wGNwplyq +LyfrkYmbppJN2/LDr+ZHFoul030o/KzbVRrzZ5zAS5vUnOG42TzpP3sgtMV5V2vg +V3ZygZbm55+2JDH1RBlCZuJzOPSwLk2rfGcMecHduUN8AxuLN52VKs1LMdmuPhe0 +ZvcVabvmmqzBJGRC8VJ0fwJKB/c6b4rl5WZTYUnQ7+SIoI/+RxJCITnO2SrxRh0Z +rXLaE62aJ6W/Jnu+lfqIVoQSyauSlybpbL1iS/o0IFFbQvnY6RoCAOqsg3ee+4Om +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer new file mode 100644 index 000000000..e754cad52 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN +AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO +MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt +c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow +ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL +MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD +VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv +z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+ ++v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT +OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE +WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au +zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF +AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o +/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu +WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W +VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7 +M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ +QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA== +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer new file mode 100644 index 000000000..950aaab0d --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFojCCBIqgAwIBAgIEQmx+HTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw +dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg +MDIwHhcNMTAwNTE3MTAyMjMyWhcNMTMwNTE3MTAyMzM4WjCB1jELMAkGA1UEBhMC +UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS +QTESMBAGA1UECxMJQ29ycG9yYXRlMT4wPAYDVQQLEzVBTUEgLSBBZ2VuY2lhIHBh +cmEgYSBNb2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmEgSS5QLjEYMBYGA1UECxMP +V2ViIEFwcGxpY2F0aW9uMSowKAYDVQQDEyFzYW1sLmV1LWlkLmNhcnRhb2RlY2lk +YWRhby5nb3YucHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe2B9O1xCJp +CmT2/AuypD1q9kbwge1Y0VjY5FOkhYPfki/XuuFpEdUa7KrurbcoDuuAmgjIxCIn +v8vYAK5axY8hlPg9fp+vtRlmo1it5Y9IGY2mMvtN6OwoBzJOqKJypNexyAgIIR/u +PqhVZjQAwGkTe1JrcDswKOKGbv21M1+pAgMBAAGjggKRMIICjTALBgNVHQ8EBAMC +A/gwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABgRxodHRwOi8vb2NzcC5tdWx0 +aWNlcnQuY29tL2NhMIHgBgNVHSAEgdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYB +BQUHAgEWMmh0dHA6Ly93d3cubXVsdGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNh +LWNwcy5odG1sMIGDBgsrBgEEAbA8CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQA +dABwADoALwAvAHcAdwB3AC4AbQB1AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMA +cAAvAG0AdQBsAHQAaQBjAGUAcgB0AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGww +EQYJYIZIAYb4QgEBBAQDAgSwMIIBAQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRw +Oi8vd3d3Lm11bHRpY2VydC5jb20vY2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRh +cDovL2xkYXAubXVsdGljZXJ0LmNvbS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1V +TFRJQ0VSVC1DQSxjPVBUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBX +oFWgU6RRME8xCzAJBgNVBAYTAnB0MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAW +BgNVBAMTD01VTFRJQ0VSVC1DQSAwMjEPMA0GA1UEAxMGQ1JMMTczMB8GA1UdIwQY +MBaAFB3DuYilGL5gpyymY8pmKvwMJ8G9MB0GA1UdDgQWBBT+DvK0cR8Qa3uUWWYV +rUfVGZeUTDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBiXYB/Nst7hDnV +RS9D6VjifN1F+JaxtwSLZBoxkij2mi/1kXRugKjkpo6e8Kwb24Wv7G+/ZAFjm3zN +WK9v0ziR192l+4lWke8wRVwHW4Ecsp3nOwOxCiCYkX4uVPDZQT5+cPeNYJbOwYyd +4jbHTPrPT7T2CmtgdqOIu2Dc+1aHyg9ZnhCGgwEwDbvq+grUr9RcHqmWqfdR3Eou +TvLugaM54N4Bur8rolFatHzETbKjvXfWzpHoTTFEekyHgQXWdnmVny8JajBFUmE5 +TkONB+V+Jj/R2YPfF++9tRKwc4ifNeduWzSD6ohx+OFimdx2gKHIdkkAMfK09z1M +vz83eaDr +-----END CERTIFICATE----- diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer new file mode 100644 index 000000000..2051a22c2 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFXDCCBESgAwIBAgIEOl3pnzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz +aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdvdi1j +YTAeFw0xMDA2MTAxMDUwMTVaFw0xNTA2MTAxMTIwMTVaMIGEMQswCQYDVQQGEwJz +aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRkwFwYDVQQLExB3ZWItY2Vy +dGlmaWNhdGVzMRMwEQYDVQQLEwpHb3Zlcm5tZW50MSgwEAYDVQQDEwlQRVBTIFNB +TUwwFAYDVQQFEw0xMjM1ODU3NTE4MDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A +MIIBCgKCAQEAw9gh7flrQC1UUc0Dw1jFXQ5sDVwSjjO/QqUsvIysAGELNJTxs3/j +vFOsokBOWlZEbocZXDqeLJtzO4zmpblc7c9okyZIi0sj+dEqKiMF7XbFfjo1NZ2c +xJdQ4ENR1jLkiHSb5Z345dQ7VY6wju0ezMMA5O9cIywGWcSyH9h007tezhTWJeL5 +aN2gMvFs3tGx7Uv9JH9geIOopWlcQANSDkvAnCf/iu1YhbUmx+jYtcxlywtJ8Tri +ON3GlFLr4ew4O8SrVxeQQ28yKKDEP/Y3399KWdQDwK/CeFy6flW3kYTiGDPnUH5T +u9yEATomwnujhPHJZN6d46JFiTWFsll4aQIDAQABo4ICGjCCAhYwDgYDVR0PAQH/ +BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwNjEwMTA1MDE1WoEPMjAxNTA2MTAxMTIw +MTVaMEoGA1UdIARDMEEwNQYKKwYBBAGvWQEBBTAnMCUGCCsGAQUFBwIBFhlodHRw +Oi8vd3d3LmNhLmdvdi5zaS9jcHMvMAgGBgQAizABAjAYBggrBgEFBQcBAwQMMAow +CAYGBACORgEBMBcGA1UdEQQQMA6BDHN0b3JrQGdvdi5zaTCB8QYDVR0fBIHpMIHm +MFWgU6BRpE8wTTELMAkGA1UEBhMCc2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0 +aW9uczERMA8GA1UECxMIc2lnb3YtY2ExDjAMBgNVBAMTBUNSTDI3MIGMoIGJoIGG +hldsZGFwOi8veDUwMC5nb3Yuc2kvb3U9c2lnb3YtY2Esbz1zdGF0ZS1pbnN0aXR1 +dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2WGK2h0dHA6 +Ly93d3cuc2lnb3YtY2EuZ292LnNpL2NybC9zaWdvdi1jYS5jcmwwHwYDVR0jBBgw +FoAUHvjUU2uzgwbpBAZXAvmlv8ZYPHIwHQYDVR0OBBYEFDY0NJgPdteoK8mw3FG7 +lde6PRboMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJ +KoZIhvcNAQEFBQADggEBAInmtHMCOob3469jLaA/WvRXFUv0QelW4cS9Zr1QrZzW +Wp1YUiwkWfILHkDJgvbo6qn8iUDyKSNPhgXFVKfWbBlbuUds9F2FCJ41g5n2jXZc +Lz0IOpae4a9LHmNLdT0UKEGbUJ5a4wRaZEWLVfwrkN2GJPeWeeigbunYKtdVlceP +4DZg8T1c/vpi8lrbTxSLUAzn0ie8FRod6k19y49QG5sudvwjeQgp309dUze0ULun +YYTFkkc5d2uzqEa2WYcxHYz4+hKPHejbGGKC1OZz+zH7ZGGr0mtLYjSvXv+5VKTj +85/a/sdD+vzNneKEGbLk7iupk0On5BIkJdWqnz/IeDk= +-----END CERTIFICATE-----
\ No newline at end of file diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der Binary files differnew file mode 100644 index 000000000..3be7b6a06 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer Binary files differnew file mode 100644 index 000000000..73553b996 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der Binary files differnew file mode 100644 index 000000000..3be7b6a06 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer Binary files differnew file mode 100644 index 000000000..277b6083a --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer diff --git a/id/server/doc/handbook/application/application.html b/id/server/doc/handbook/application/application.html index 83e301089..7fd729683 100644 --- a/id/server/doc/handbook/application/application.html +++ b/id/server/doc/handbook/application/application.html @@ -110,6 +110,12 @@ https://<host>:<port>/moa-id-oa/ <th width="559" scope="col">Beschreibung</th> </tr> <tr> + <td>general.publicURLContext</td> + <td>https://localhost:8443/moa-id-oa</td> + <td><p>URL unter der das Modul MOA-ID-OA erreichbar ist.</p> + <p><strong>Hinweis:</strong> Ist dieser Parameter nicht vorhanden wird die URL aus dem ersten Request generiert.</p></td> + </tr> + <tr> <td>general.login.pvp2.idp.metadata.url</td> <td>https://demo.egiz.gv.at/moa-id-auth/<br> pvp2/metadata</td> @@ -117,7 +123,7 @@ https://<host>:<port>/moa-id-oa/ </tr> <tr> <td>general.login.pvp2.idp.metadata.certificate</td> - <td>keys/metadata.crt</td> + <td>keys/moa_idp.crt</td> <td>Zertifikat mit dem die PVP2.1 Metadaten des IDP signiert sind. Dieser Zertifikat wird zur Prüfung der IDP Metadaten verwendet.</td> </tr> <tr> @@ -138,12 +144,12 @@ https://<host>:<port>/moa-id-oa/ </tr> <tr> <td>general.login.pvp2.keystore.url</td> - <td>keys/moa_idp.p12</td> + <td>keys/application[password].p12</td> <td>Keystore mit Schlüssel und Zertifikaten welche für das signieren und verschlüsseln der PVP2.1 Nachrichten verwendet werden sollen.</td> </tr> <tr> <td>general.login.pvp2.keystore.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Keystores</td> </tr> <tr> @@ -157,32 +163,32 @@ https://<host>:<port>/moa-id-oa/ </tr> <tr> <td>general.login.pvp2.keystore.metadata.key.alias</td> - <td>metadata</td> + <td>pvp_metadata</td> <td>Name des Schlüssels der zum Signieren der Metadaten des Modules MOA-ID-Configuration verwendet werden soll</td> </tr> <tr> <td>general.login.pvp2.keystore.metadata.key.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Schlüssels der zum Signieren der Metadaten verwendet werden soll.</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.encryption.key.alias</td> - <td>encryption</td> + <td>pvp_encryption</td> <td>Name des Schlüssels der zum Verschlüsseln der Anmeldeinformation, welche vom IDP an das Konfigurationstool übermittelt, verwendet werden soll</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.encryption.key.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Schlüssels zum Verschlüsseln der Anmeldeinformation.</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.key.alias</td> - <td>authrequest</td> + <td>pvp_request</td> <td>Name des Schlüssels zum Signieren des Authentifizierungsrequests der an den IDP gestellt wird.</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.key.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Schlüssels zum Signieren des Authentifizierungsrequests.</td> </tr> </table> diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html index ddbe1ac37..6a54d61c0 100644 --- a/id/server/doc/handbook/config/config.html +++ b/id/server/doc/handbook/config/config.html @@ -6,6 +6,7 @@ <link rel="stylesheet" href="../common/MOA.css" type="text/css"> </head> <body link="#990000"> + X <table class="logoTable" width="100%" border="0" cellspacing="0" cellpadding="10"> <tr> <td align="center" class="logoTitle" width="267"><img src="../common/LogoBKA.png" alt="Logo BKA" width="267" height="37" align="left"></td> @@ -167,7 +168,8 @@ </ol> <p>Optional kann nach dem Schritt 3 Basiskonfiguration des Modules MOA-ID-Auth eine <a href="#import_export_legacy">bestehende MOA-ID 1.5.1 Konfiguration importiert</a> werden. Für bestehende Konfigurationen < 1.5.1 wird eine vollständige Neukonfiguration empfohlen.</p> <h1><a name="uebersicht_zentraledatei" id="uebersicht_zentraledatei"></a>2 Basiskonfiguration</h1> -<p>Die Basiskonfiguration für die Module MOA-ID-Auth und MOA-ID-Configuration erfolgt mit Hilfe textueller propertie Dateien. Diese Propertie Dateien beinhalten alle Konfigurationsparameter welche für den Start der Module erforderlich sind und müssen der Java Virtual Machine durch eine System Property mitgeteilt werden. Alle Änderungen die an der Basiskonfiguration vorgenommen werden erfordern einen Neustart der jeweiligen Java Virtual Machine. </p> +<p>Die Basiskonfiguration für die Module MOA-ID-Auth und MOA-ID-Configuration erfolgt mit Hilfe textueller propertie Dateien. Diese Propertie Dateien beinhalten alle Konfigurationsparameter welche für den Start der Module erforderlich sind und müssen der Java Virtual Machine durch eine System Property mitgeteilt werden. Alle Änderungen die an der Basiskonfiguration vorgenommen werden erfordern einen Neustart der jeweiligen Java Virtual Machine.</p> +<p><strong>Hinweis:</strong> Alle URL Konfigurationsparameter auf Dateien ohne den Prefix <em>file:/</em> werden als relative Pfadangaben zum Konfigurationsbasisverzeichnis des jeweiligen Modules interpretiert.</p> <h2><a name="uebersicht_zentraledatei_aktualisierung" id="uebersicht_zentraledatei_aktualisierung"></a>2.1 MOA-ID-Configuration</h2> <p>Dieser Abschnitt behandelt die Basiskonfiguration des Modules MOA-ID-Configuration. Der erste Teilabschnitt behandelt die Bekanntmachung der Konfigurationsdatei mittels einer System Property und der zweite Teilabschnitt beschreibt die einzelnen Konfigurationsparameter im Detail. Eine Konfiguration die als Ausgangspunkt für die individuelle Konfiguration verwendet werden kann finden Sie <a href="../../conf/moa-id-configuration/moa-id-configtool.properties">hier</a>.</p> <h3><a name="moa_id_config_property" id="uebersicht_zentraledatei_aktualisierung7"></a>2.1.1 Bekanntmachung der Konfigurationsdatei</h3> @@ -206,28 +208,22 @@ <p><strong>Hinweis</strong>: Aktuell wird nur Deutsch (de) oder Englisch (en) unterstützt.</p></td> </tr> <tr> - <td>general.userrequests.cleanup.delay</td> - <td>18</td> - <td>Innerhalb dieses Zeitraums muss ein neuer Benutzer die im Benutzerprofil hinterlegte eMail Adresse validieren. </td> + <td>general.ssl.certstore</td> + <td>certs/certstore</td> + <td>Gibt den Pfadnamen zu einem Verzeichnis an, das als Zertifikatsspeicher im Zuge der TLS-Server-Zertifikatsüberprüfung verwendet wird.</td> </tr> -</table> -<h4> -<a name="moa_id_config_parameters_sprache" id="uebersicht_zentraledatei_aktualisierung30"></a>2.1.2.2 Sprachauswahl</h4> -<p>Der folgende Konfigurationsparameter ist optional.</p> -<table width="1247" border="1"> <tr> - <th width="176" scope="col">Name</th> - <th width="222" scope="col">Beispielwert</th> - <th width="827" scope="col">Beschreibung</th> + <td>general.ssl.truststore</td> + <td>certs/truststore</td> + <td>TrustedCACertificates enthält das Verzeichnis (relativ zur MOA-ID-Auth Basiskonfigurationsdatei), das jene Zertifikate enthält, die als vertrauenswürdig betrachtet werden. Im Zuge der Überprüfung der TLS-Serverzertifikate wird die Zertifikatspfaderstellung an einem dieser Zertifikate beendet. Dieses Verzeichnis wird zur Prüfung der SSL Serverzertifikate beim Download von PVP 2.1 Metadaten verwendet.</td> </tr> <tr> - <td>general.defaultlanguage</td> - <td>en</td> - <td>Die Sprache von der Benutzeroberfläche. Derzeit nur <i>en</i> oder <i>de</i> unterstützt.</td> + <td>general.userrequests.cleanup.delay</td> + <td>18</td> + <td>Innerhalb dieses Zeitraums muss ein neuer Benutzer die im Benutzerprofil hinterlegte eMail Adresse validieren. </td> </tr> </table> -</h4> -<h4><a name="moa_id_config_parameters_database" id="uebersicht_zentraledatei_aktualisierung10"></a>2.1.2.3 Datenbankzugriff</h4> +<h4>2.1.2.3 Datenbankzugriff</h4> <p>Diese Konfigurationsparameter sind nicht optional und müssen in der Konfigurationsdatei enthalten sein und individuell angepasst werden. Für die Beispielkonfiguration wurde mySQL als Datenbank verwendet wodurch sich die Konfigurationsparameter auf mySQL beziehen. Das Modul MOA-ID-Configuration kann jedoch auch mit Datenbanken anderer Hersteller betrieben werden. Hierfür wird jedoch auf die <a href="http://docs.jboss.org/hibernate/core/4.2/manual/en-US/html/">Hibernate Dokumention</a> verwiesen, welches im Module MOA-ID-Configuration für den Datenbankzugriff verwendet wird. </p> <table width="1247" border="1"> <tr> @@ -284,7 +280,7 @@ </tr> <tr> <td>general.login.pvp2.idp.metadata.certificate</td> - <td>keys/metadata.crt</td> + <td>keys/moa_idp.crt</td> <td>Zertifikat mit dem die PVP2.1 Metadaten des IDP signiert sind. Dieser Zertifikat wird zur Prüfung der IDP Metadaten verwendet.</td> </tr> <tr> @@ -305,12 +301,12 @@ </tr> <tr> <td>general.login.pvp2.keystore.url</td> - <td>keys/moa_idp.p12</td> + <td>keys/application[password].p12</td> <td>Keystore mit Schlüssel und Zertifikaten welche für das signieren und verschlüsseln der PVP2.1 Nachrichten verwendet werden sollen.</td> </tr> <tr> <td>general.login.pvp2.keystore.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Keystores</td> </tr> <tr> @@ -324,32 +320,32 @@ </tr> <tr> <td>general.login.pvp2.keystore.metadata.key.alias</td> - <td>metadata</td> + <td>pvp_metadata</td> <td>Name des Schlüssels der zum Signieren der Metadaten des Modules MOA-ID-Configuration verwendet werden soll</td> </tr> <tr> <td>general.login.pvp2.keystore.metadata.key.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Schlüssels der zum Signieren der Metadaten verwendet werden soll.</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.encryption.key.alias</td> - <td>encryption</td> + <td>pvp_encryption</td> <td>Name des Schlüssels der zum Verschlüsseln der Anmeldeinformation, welche vom IDP an das Konfigurationstool übermittelt, verwendet werden soll</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.encryption.key.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Schlüssels zum Verschlüsseln der Anmeldeinformation.</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.key.alias</td> - <td>authrequest</td> + <td>pvp_request</td> <td>Name des Schlüssels zum Signieren des Authentifizierungsrequests der an den IDP gestellt wird.</td> </tr> <tr> <td>general.login.pvp2.keystore.authrequest.key.password</td> - <td>123456</td> + <td>password</td> <td>Passwort des Schlüssels zum Signieren des Authentifizierungsrequests.</td> </tr> </table> @@ -699,34 +695,44 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> </tr> <tr> <td>protocols.pvp2.idp.ks.file</td> - <td>keys/pvp.p12</td> + <td>keys/moa_idp[password].p12</td> <td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung von PVP 2.1 spezifischen Inhalten. (PVP 2.1 Metadaten, PVP 2.1 Assertion)</td> </tr> <tr> <td>protocols.pvp2.idp.ks.kspassword</td> - <td>pass1234</td> + <td>password</td> <td>Passwort zum Keystore</td> </tr> <tr> <td>protocols.pvp2.idp.ks.metadata.alias</td> - <td>metadata</td> + <td>pvp_metadata</td> <td>Name des Schlüssels der zur Signierung der PVP 2.1 Metadaten </td> </tr> <tr> <td>protocols.pvp2.idp.ks.metadata.keypassword</td> - <td>pass1234</td> + <td>password</td> <td>Passwort des Schlüssels der zur Signierung der PVP 2.1 Metadaten </td> </tr> <tr> <td>protocols.pvp2.idp.ks.assertion.sign.alias</td> - <td>signing</td> + <td>pvp_assertion</td> <td>Name des Schlüssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td> </tr> <tr> <td>protocols.pvp2.idp.ks.assertion.sign.keypassword</td> - <td>pass1234</td> + <td>password</td> <td>Passwort des Schlüssels mit dem die PVP 2.1 Assertion durch MOA-ID-Auth unterschieben wird</td> </tr> + <tr> + <td>protocols.pvp2.sp.ks.assertion.encryption.alias</td> + <td>pvp_encryption</td> + <td>Name des Schlüssels mit dem PVP 2.1 Assertion für MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschlüsselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td> + </tr> + <tr> + <td>protocols.pvp2.sp.ks.assertion.encryption.keypassword</td> + <td>password</td> + <td>Passwort des Schlüssels mit dem PVP 2.1 Assertion für MOA-ID-Auth als Service Provider durch einen weiteren IDP Verschlüsselt werden sollen (siehe Kapitel <a href="./../interfederation/interfederation.html">Interfederation</a>)</td> + </tr> </table> <p> </p> <h5><a name="basisconfig_moa_id_auth_param_protocol_openid" id="uebersicht_bekanntmachung11"></a>2.2.2.3.2 OpenID Connect</h5> @@ -738,22 +744,22 @@ https://<host>:<port>/moa-id-auth/MonitoringServlet</pre> </tr> <tr> <td>protocols.oauth20.jwt.ks.file</td> - <td>keys/openID.p12</td> + <td>keys/moa_idp[password].p12</td> <td>Dateiname des Java Keystore oder PKCS12 Keystore zur Signierung des OpenID Connect <em>id_token</em></td> </tr> <tr> <td>protocols.oauth20.jwt.ks.password=</td> - <td>pass1234</td> + <td>passsword</td> <td>Passwort zum Keystore</td> </tr> <tr> <td>protocols.oauth20.jwt.ks.key.name</td> - <td>openID</td> + <td>pvp_assertion</td> <td>Name des Schlüssels der zum Signieren des <em>id_tokens</em> verwendet wird</td> </tr> <tr> <td>protocols.oauth20.jwt.ks.key.password</td> - <td>pass1234</td> + <td>pasword</td> <td>Password des Schlüssels der zum Signieren des <em>id_tokens</em> verwendet wird</td> </tr> </table> @@ -1076,7 +1082,7 @@ Checking</td> <tr> <td><p>TrustedCACertificates</p></td> <td>certs/ca-certs</td> - <td>TrustedCACertificates enthält das Verzeichnis (relativ zur MOA-ID-Auth Basiskonfigurationsdatei), das jene Zertifikate enthält, die als vertrauenswürdig betrachtet werden. Im Zuge der Überprüfung der TLS-Serverzertifikate wird die Zertifikatspfaderstellung an einem dieser Zertifikate beendet.</td> + <td>TrustedCACertificates enthält das Verzeichnis (relativ zur MOA-ID-Auth Basiskonfigurationsdatei), das jene Zertifikate enthält, die als vertrauenswürdig betrachtet werden. Im Zuge der Überprüfung der TLS-Serverzertifikate wird die Zertifikatspfaderstellung an einem dieser Zertifikate beendet. Dieses Verzeichnis wird zur Prüfung der SSL Serverzertifikate für den Zugriff auf das Online-Vollmachten Service, den Stammzahlenregister Gateway und das abholen von PVP 2.1 Metadaten via SSL verwendet.</td> </tr> <tr> <td>ChainingMode</td> @@ -1216,15 +1222,16 @@ Checking</td> </tr> <tr> <td><span id="wwlbl_loadGeneralConfig_moaconfig_ssoSpecialText">SSO AuthBlockText</span></td> - <td>Ich #NAME# stimme am #DATE# um #TIME# einer Anmeldung mittels Single Sign-On zu.</td> + <td>Ich #NAME#, geboren am #BIRTHDAY# stimme am #DATE# um #TIME# einer Anmeldung mittels Single Sign-On zu.</td> <td><p>Zusätzlicher Text der in den AuthBlock eingetragen und von der BenutzerIn oder dem Benutzer signiert wird. Dieser Text, darf aus Buchstaben, Zahlen und Satzzeichen bestehen und wird als direkt nach der Überschrift "Anmeldeinformationen" in den Aufblock eingeblendet. Die folgenden Schlüsselwörter können zusätzlich verwendet werden und werden während des Anmeldevorgangs durch die entsprechenden Anmeldedaten ersetzt.</p> <ul> <li>#NAME# wird ersetzt durch Vor- und Familienname (z.B. Max Mustermann)</li> + <li>#BIRTHDAY# wird durch das Geburtsdatum ersetzt (z.B. 01.01.1978)</li> <li>#DATE# wird ersetzt durch das aktuelle Datum (z.B. 05.02.2014)</li> <li>#TIME# wird ersetzt durch die aktuelle Uhrzeit (z.B. 10:35)</li> </ul> <p>Der nebenstehende Beispielwert würde somit zu folgendem Anmeldetext im AuthBlock führen:</p> - <p><em>Ich Max Mustermann stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td> + <p><em>Ich Max Mustermann, geboren am 01.01.1978 stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td> </tr> </table> <h3><a name="konfigurationsparameter_allgemein_stork" id="konfigurationsparameter_allgemein_bku8"></a>3.1.8 Secure idenTity acrOss boRders linKed (STORK)</h3> @@ -1529,13 +1536,6 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td align="center"> </td> <td>Definiert ob die Online-Applikation dem öffentlichen Bereich oder dem privatwirtschaftlichen Bereich (Business Service) zugeordnet ist. Ja nach Bereich sind unterschiedliche Konfigurationsparameter erforderlich.</td> </tr> - <tr> - <td>STORK Applikation</td> - <td> </td> - <td align="center">X</td> - <td align="center">X</td> - <td>Definiert ob die Applikation eine STORK VIDP Applikation ist. Detailinformationen hierzu finden Sie im Kapitel <a href="#konfigurationsparameter_oa_stork">STORK</a>.</td> - </tr> </table> <h4><a name="konfigurationsparameter_oa_general_public" id="uebersicht_zentraledatei_aktualisierung18"></a>3.2.1.1 Öffentlicher Bereich</h4> <p>Wurde die Online-Applikation einem öffentlichen Bereich zugeordnet muss in weiterer Folge der zugeordnete Bereich definiert werden. Hierfür stehen folgende Parameter zur Verfügung.</p> @@ -1585,8 +1585,8 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <ul> <li>FN: Die Stammzahl ist eine Firmenbuchnummer. (Beispiel: <em>FN468924i</em>)</li> <li>ZVR: Die Stammzahl ist eine Vereinsnummer. (Beispiel: ZVR124572)</li> - <li>ERSB: Die Stammzahl ist einer Kennzahl aus dem Ergänzungsregister für sonstige Betroffene (ERsB) (Beispiel: ERSB1425367879 - </li> + <li>ERSB: Die Stammzahl ist einer Kennzahl aus dem Ergänzungsregister für sonstige Betroffene (ERsB) (Beispiel: ERSB1425367879)</li> + <li>STORK: Ländercode dem der Service Provider zugeordnet werden kann. Wird für die Ableitung des STORK-eIdentifiers verwendet.</li> </ul> <table width="1250" border="1"> <tr> @@ -1598,11 +1598,13 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der </tr> <tr> <td><span id="wwlbl_loadOA_generalOA_identificationType">Identifikationsnummer</span></td> - <td><em>FN 468924i<br> - ZVR124572</em></td> + <td><p><em>FN 468924i<br> + ZVR 124572<br> + STORK SI + </em></p></td> <td align="center"> </td> <td align="center"> </td> - <td>Stammzahl eines privatwirtschaftlichen Unternehmens. Die Angabe erfolgt durch den Prefix des Bereichs aus dem die Stammzahl stammt und der eigentlichen Stammzahl.</td> + <td>Stammzahl eines privatwirtschaftlichen Unternehmens oder Ländercode des STORK Service-Providers bei Verwendung des Modules MOA-ID als <a href="#konfigurationsparameter_oa_protocol_vidp">STORK VIDP</a>. Die Angabe erfolgt durch den Prefix des Bereichs aus dem die Stammzahl stammt und der eigentlichen Stammzahl oder des Ländercodes im Falle von STORK.</td> </tr> </table> @@ -1902,10 +1904,10 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <p>Dieser Abschnitt dient zur Konfiguration des VIDP Modus des Modules MOA-ID-Auth. Die Konfiguration der nachfolgenden Parameter ist somit nur nötig wenn die MOA-ID-Auth Instanz als STORK2 VIDP betrieben werden soll.</p> <table width="1250" border="1"> <tr> - <th scope="col">Name</th> - <th scope="col">Beispielwert</th> - <th scope="col">Optional</th> - <th scope="col">Beschreibung</th> + <th width="185" scope="col">Name</th> + <th width="85" scope="col">Beispielwert</th> + <th width="66" scope="col">Optional</th> + <th width="886" scope="col">Beschreibung</th> </tr> <tr> <td><p>VIDP Interface aktiv</p></td> @@ -1914,12 +1916,6 @@ Soll die Bürgerkartenauswahl weiterhin, wie in MOA-ID 1.5.1 im Kontext der <td><p>Stellt fest, ob das VIDP Interface aktiviert wird.</p></td> </tr> <tr> - <td width="185"><p>Landesvorwahl</p></td> - <td width="85">ES</td> - <td width="66" align="center">X</td> - <td width="886"><p>Ländercode in dem der Service Provider zugeordnet werden kann. Wird für die Ableitung des STORK-eIdentifiers verwendet.</p></td> - </tr> - <tr> <td><p>Zustimmung für das Ausliefern der Attribute</p></td> <td> </td> <td align="center">X</td> @@ -1983,20 +1979,18 @@ wenn die individuelle Security-Layer Transformation den Formvorschriften der Sp </tr> <tr> <td>AuthblockText</td> - <td>Mit meiner Anmeldung bestätige ich #NAME# am #DATE# um #TIME# die Übernahme aller meiner Zustellstücke.</td> + <td>Ich #NAME#, geboren am #BIRTHDAY# stimme am #DATE# um #TIME# einer Anmeldung mittels Single Sign-On zu.</td> <td align="center">X</td> - <td align="center">X</td> - <td><p>Zusätzlicher online-applikationsspezifischer Text der in den AuthBlock eingetragen und somit von der BenutzerIn oder dem Benutzer signiert wird. Dieser Text, darf aus Buchstaben, Zahlen und Satzzeichen bestehen und wird direkt nach der Überschrift "Anmeldeinformationen" in den Aufblock eingeblendet. Die folgenden Schlüsselwörter können zusätzlich verwendet werden und werden während des Anmeldevorgangs durch die entsprechenden Anmeldedaten ersetzt.</p> + <td align="center" valign="middle">X</td> + <td><p>Zusätzlicher Text der in den AuthBlock eingetragen und von der BenutzerIn oder dem Benutzer signiert wird. Dieser Text, darf aus Buchstaben, Zahlen und Satzzeichen bestehen und wird als direkt nach der Überschrift "Anmeldeinformationen" in den Aufblock eingeblendet. Die folgenden Schlüsselwörter können zusätzlich verwendet werden und werden während des Anmeldevorgangs durch die entsprechenden Anmeldedaten ersetzt.</p> <ul> - <li>#NAME# wird ersetzt durch Vor- und Familienname (z.B. Max Mustermann)</li> + <li>#NAME# wird ersetzt durch Vor- und Familienname (z.B. Max Mustermann)</li> + <li>#BIRTHDAY# wird durch das Geburtsdatum ersetzt (z.B. 01.01.1978)</li> <li>#DATE# wird ersetzt durch das aktuelle Datum (z.B. 05.02.2014)</li> <li>#TIME# wird ersetzt durch die aktuelle Uhrzeit (z.B. 10:35)</li> </ul> - <p>Der nebenstehende Beispielwert würde somit zu folgendem Anmeldetext im AuthBlock führen:</p> - <p><em>Mit meiner Anmeldung bestätige ich Max Mustermann am 05.02.2014 um 10:35 die Übernahme aller meiner Zustellstücke.</em></p> - <p><strong>Hinweis:</strong> Diese Option steht in Kombination mit Single Sign-On nicht zur Verfügung, da bei Verwendung von Single Sign-On ein - spezieller Single Sign-On AuthBlock verwendet wird (siehe <a href="#konfigurationsparameter_allgemein_sso">Kapitel 3.1.8</a>).</p> - </td> + <p>Der nebenstehende Beispielwert würde somit zu folgendem Anmeldetext im AuthBlock führen:</p> + <p><em>Ich Max Mustermann, geboren am 01.01.1978 stimme am 05.02.2014 um 10:35 einer Anmeldung mittels Single Sign-On zu.</em></p></td> </tr> <tr> <td>bPk/wbPk ausblenden</td> diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html index 345c3af70..acab7517a 100644 --- a/id/server/doc/handbook/index.html +++ b/id/server/doc/handbook/index.html @@ -15,7 +15,7 @@ </table> <hr/> <p class="title">MOA-ID (Identifikation) </p> - <p class="subtitle">Übersicht zur Dokumentation der Version 2.0.1 </p> + <p class="subtitle">Übersicht zur Dokumentation der Version 2.1.0 </p> <hr/> <dl> <dt><a href="./intro/intro.html">Einführung</a></dt> @@ -26,6 +26,8 @@ <dd>Erläuterung aller Konfigurationsoptionen sowie Leitfaden für häufige Konfigurationsaufgaben.</dd> <dt><a href="./protocol/protocol.html">Protokolle</a></dt> <dd>Erläuterung der unterstützen Authentifizierungsprotokolle.</dd> + <dt><a href="./interfederation/interfederation.html">Interfederation</a><a href="./interfederation/interfederation.html"></a></dt> + <dd>Dieser Abschnitt die Interfederation zwischen MOA-ID-Auth Services.</dd> <dt><a href="./application/application.html">Anwendungen</a></dt> <dd>Erläutert die Integration in bestehende Online-Applikationen und beschreibt die beigelegten Demo Applikationen</dd> <dt><a href="./additional/additional.html">Zusatzinformationen</a></dt> diff --git a/id/server/doc/handbook/install/install.html b/id/server/doc/handbook/install/install.html index 3db04c197..ffd700a55 100644 --- a/id/server/doc/handbook/install/install.html +++ b/id/server/doc/handbook/install/install.html @@ -112,7 +112,7 @@ <dd> Entpacken Sie die Datei <code>moa-id-auth-2.0.0.zip</code> in ein beliebiges Verzeichnis. Dieses Verzeichnis wird im weiteren Verlauf als <code>$MOA_ID_AUTH_INST</code> bezeichnet. </dd> <dt>Installation der Kryptographiebibliotheken von SIC/IAIK</dt> <dd> - <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_SPSS_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength + <p>Kopieren Sie alle Dateien aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/ext</code> in das Verzeichnis <code>$JAVA_HOME/jre/lib/ext</code>. Zusätzlich müssen Sie die Rechtedateien Ihrer Java SE austauschen. Laden Sie dazu die passenden <span class="term">Unlimited Strength Jurisdiction Policy Files</span> von der <a href="http://java.com/download" target="_blank">Java SE Downloadseite </a>und achten Sie darauf die für ihre verwendete Java SE Installation richtige Version zu nehmen. Anschließend folgen Sie der darin enthaltenen Installationsanweisung. </p> @@ -138,12 +138,12 @@ <p> Um die Module MOA-ID-Auth und MOA-ID-Configuratuion in Tomcat für den Einsatz vorzubereiten, sind folgende Schritte notwendig:</p> <ul> <li>Die Datei <code>$MOA_ID_AUTH_INST/moa-id_auth.war</code> enthält das einsatzfertige MOA-ID-Auth Webarchiv und muss ins Verzeichnis <code>$CATALINA_HOME/webapps</code> kopiert werden. Dort wird sie beim ersten Start von Tomcat automatisch ins Verzeichnis <code>$CATALINA_HOME/webapps/moa-id-auth</code> entpackt. </li> - <li>Die Konfigurationsdatei mit der Basiskonfiguration für MOA-ID-Auth und die zugehörigen Verzeichnisse müssen in ein beliebiges Verzeichnis im Dateisystem kopiert werden (z.B. <code>$CATALINA_HOME/conf/moa-id</code>). Eine funktionsfähige Konfiguration, die als Ausgangspunkt für die Basiskonfiguration des MOA-ID-Auth Modules dienen kann, finden Sie <a href="../../../conf/moa-id/moa-id.properties">hier</a>. <br> + <li>Die Konfigurationsdatei mit der Basiskonfiguration für MOA-ID-Auth und die zugehörigen Verzeichnisse müssen in ein beliebiges Verzeichnis im Dateisystem kopiert werden (z.B. <code>$CATALINA_HOME/conf/moa-id</code>). Eine funktionsfähige Konfiguration, die als Ausgangspunkt für die Konfiguration des MOA-ID-Auth Modules dienen kann, finden Sie <a href="../../../conf/moa-id/moa-id.properties">hier</a>. Diese funktionsfähige Konfiguration enthält auch eine MOA-SPSS Konfiguration, da das Modul MOA-SPSS zurSignaturprüfung im Modul MOA-ID-Auth verwendet wird.<br> </li> <li> Die Dateien <code>xalan.jar</code>, <code>xercesImpl.jar, serializer.jar </code> und <code>xml-apis.jar</code> aus dem Verzeichnis <code>$MOA_ID_AUTH_INST/endorsed</code> müssen in das Tomcat-Verzeichnis <code>$CATALINA_HOME/endorsed</code> (bzw. <code>$CATALINA_HOME/common/endorsed</code> bis Apache Tomcat Version 5.5) kopiert werden. Sind gleichnamige Dateien dort bereits vorhanden, müssen sie überschrieben werden. Die ggf. in diesem Verzeichnis vorhandene Datei <code>xmlParserAPIs.jar</code> muss gelöscht werden. Sollte das Verzeichnis <code>endorsed</code> nicht vorhanden sein, dann muss dieses zuerst erstellt werden.</li> - <li>Folgende <span class="term">System Properties</span> können gesetzt werden (wird beim Starten von Tomcat der <span class="term">Java Virtual Machine</span> in der Umgebungsvariablen <code>CATALINA_OPTS</code> in der Form <code>-D<name>=<wert></code> übergeben): - <ul> - <li id="klein"><code>moa.id.configuration</code>: Pfad und Name der Basiskonfigurationsdatei für MOA-ID-Auth. Eine beispielhafte Konfigurationsdatei fnden Sie <a href="../../../conf/moa-id/moa-id.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li> + <li>Folgende <span class="term">System Properties</span> können gesetzt werden (wird beim Starten von Tomcat der <span class="term">Java Virtual Machine</span> in der Umgebungsvariablen <code>CATALINA_OPTS</code> in der Form <code>-D<name>=<wert></code> übergeben). Eine Beispielkonfiguration in welcher diese Umgebungsvariablen gesetzt werden finden Sie <a href="../../../deploy/tomcat/">hier</a>. +<ul> + <li id="klein"><code>moa.id.configuration</code>: Pfad und Name der Basiskonfigurationsdatei für MOA-ID-Auth. Eine beispielhafte Konfigurationsdatei fnden Sie <a href="../../../deploy/conf/moa-id/moa-id.properties">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert.</li> <li><code>moa.spss.server.configuration</code>: Pfad und Name der zentralen Konfigurationsdatei für MOA SP/SS. Eine beispielhafte Konfigurationsdatei finden Sie <a href="../../../conf/moa-spss/SampleMOASPSSConfiguration.xml">hier</a>. Wird ein relativer Pfad angegeben, wird dieser relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/conf</code> enthaltene Default-Konfiguration herangezogen.</li> <li><code>eu.stork.samlengine.config.location</code>: Pfad auf den Ordner mit den zentralen Konfigurationsdateien für STORK. Die Beispielkonfiguration für das Modul MOA-ID-Auth enthält bereits den<a href="../../../conf/moa-id/stork/"> Ordner für die STORK Konfiguration</a>. </li> <li id="klein"><code>log4j.configuration</code>: URL der Log4j Konfigurationsdatei. Eine beispielhafte Log4j-Konfiguration finden Sie <a href="../../../conf/moa-id/log4j.properties">hier</a>. Wird eine relative URL angegeben, wird diese als File-URL relativ zum Startverzeichnis der <span class="term">Java Virtual Machine</span> interpretiert. Ist diese <span class="term">System Property</span> nicht gesetzt, wird automatisch eine im Webarchiv unter <code>WEB-INF/classes</code> enthaltene Default-Konfiguration herangezogen.</li> diff --git a/id/server/doc/handbook/interfederation/interfederation.html b/id/server/doc/handbook/interfederation/interfederation.html new file mode 100644 index 000000000..b67124806 --- /dev/null +++ b/id/server/doc/handbook/interfederation/interfederation.html @@ -0,0 +1,73 @@ +<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<html> +<head> + <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1" > + <title>MOA-ID - Protokolle</title> + <link rel="stylesheet" href="../common/MOA.css" type="text/css"> +</head> +<body link="#990000"> + <table class="logoTable" width="100%" border="0" cellspacing="0" cellpadding="10"> + <tr> + <td align="center" class="logoTitle" width="267"><img src="../common/LogoBKA.png" alt="Logo BKA" width="267" height="37" align="left"></td> + <td align="center" class="logoTitle">Dokumentation</td> + <td align="center" class="logoTitle" width="123"><img src="../common/LogoEGIZ.png" alt="Logo EGIZ" width="230" height="81" align="right"></td> + </tr> + </table> + <hr/> + <p class="title"><a href="../index.html">MOA-ID (Identifikation) </a></p> +<p class="subtitle">Interfederation</p> + <hr/> +<h1>Inhalt</h1> + <ol> + <li><a href="#allgemeines">Allgemeines</a> + <ol> + <li>. </li> + </ol> + </li> +</ol> + <p> </p> + <h1>Allgemeines</h1> + <p>Ab der Version 2.0.2 des Modulepackets MOA-ID unterstützt das Modul MOA-ID-Auth Single Sign-On Interfederation zwischen Instanzen des Modules MOA-ID-Auth, welche bei unterschiedlichen Service Providern betrieben werden. Die nachfolgende Abbildung zeigt das Blockdiagramm einer solchen Systemkonfiguration und beschreibt die Funktionalität auf einer abstrakten Ebene.</p> + <p> </p> + <p> </p> + <p> </p> + <p> </p> +<h1><a name="referenzierte_spezifikation" id="uebersicht_zentraledatei_aktualisierung30"></a>A Referenzierte Spezifikation</h1> +<table class="fixedWidth" border="1" cellpadding="2"> + <tbody> + <tr> + <th>Spezifikation</th> + <th>Link</th> + </tr> + <tr id="sl"> + <td><p>Security Layer Spezifikation V1.2.0</p></td> + <td><a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/</a></td> + </tr> + <tr> + <td>PVP 2.1 S-Profil Spezifikation</td> + <td><a href="http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf">http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf</a></td> + </tr> + <tr> + <td>OpenID Connect</td> + <td><a href="http://openid.net/connect/">http://openid.net/connect/</a></td> + </tr> + <tr> + <td>STORK 2</td> + <td>@TODO Link</td> + </tr> + <tr> + <td>Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0</td> + <td><a href="#http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf">http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf</a></td> + </tr> + <tr> + <td>Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0</td> + <td><a href="http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf">http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf</a></td> + </tr> + <tr> + <td>Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V1.1</td> + <td><a href="https://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf">https://www.oasis-open.org/committees/download.php/3406/oasis-sstc-saml-core-1.1.pdf</a></td> + </tr> + </tbody> +</table> +</body> +</html> diff --git a/id/server/doc/handbook/intro/Blockdiagramm.png b/id/server/doc/handbook/intro/Blockdiagramm.png Binary files differindex f5bdb9e3a..1490530ea 100644 --- a/id/server/doc/handbook/intro/Blockdiagramm.png +++ b/id/server/doc/handbook/intro/Blockdiagramm.png diff --git a/id/server/doc/handbook/intro/anmeldeablauf.png b/id/server/doc/handbook/intro/anmeldeablauf.png Binary files differindex a6af21c5f..59bdefe62 100644 --- a/id/server/doc/handbook/intro/anmeldeablauf.png +++ b/id/server/doc/handbook/intro/anmeldeablauf.png diff --git a/id/server/doc/handbook/intro/intro.html b/id/server/doc/handbook/intro/intro.html index ffa3c37a4..9b42c9e7a 100644 --- a/id/server/doc/handbook/intro/intro.html +++ b/id/server/doc/handbook/intro/intro.html @@ -41,7 +41,7 @@ <ol> <li><u>CORE LOGIC</u>: Diese Komponente ist die zentrale Logik zur Steuerung der einzelnen Prozesse innerhalb MOA-ID 2.x.</li> <li><u>Protocol Adapter</u>: Stellt die in MOA-ID 2.x unterstützten <a href="../protocol/protocol.html">Authentifizierungsprotokolle</a> für die Anbindung von Service Providern zur Verfügung.</li> - <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterstützte Identifikationsmechanismen zur Verfügung. Dies sind die österreichische Bürgerkarte oder Handy-Signatur sowie die Anmeldung ausländischer Personen mit Hilfe des STORK Protokoll.</li> + <li><u>Auth Sources</u>: Stellt die von MOA-ID 2.x unterstützte Identifikationsmechanismen zur Verfügung. Dies sind die österreichische Bürgerkarte oder Handy-Signatur, die Anmeldung ausländischer Personen mit Hilfe des STORK Protokoll oder mittels Single Sign-On von einem weiteren vertrauenswürdigen Identity Provider (Interfederation).</li> <li><u>Template Generator</u>: Der Template Generator erzeugt für Service Provider die entsprechenden Login-Masken für die Integration in die eigene Web-Applikation.</li> <li><u>SSO Module</u>: Das Single Sign-On (SSO) Modul verwaltet die zusätzlichen Operationen die sich aus der Umsetzung von SSO ergeben. Dies umfasst im Besonderen das SSO Session-Management.</li> <li><u>Statistic Module</u>: Dieses Modul dient zur Generierung von anonymisierten Statistikdaten aus den Anmeldeinformationen. </li> @@ -56,8 +56,8 @@ <h3><a name="allgemeines_service_szrgw" id="allgemeines_service3"></a>1.1.2 Ausländische Bürger</h3> <p> Ab der MOA-ID Release 1.4.7 ist es möglich, dass sich auch ausländische Bürger mittels MOA-ID einloggen können. Hierzu wird eine Verbindung zu einem sogenannten Stammzahlenregister-Gateway aufgebaut, dass basierend auf den Zertifikatsdaten des ausländischen Bürgers eine Eintragung im Ergänzungsregister für natürliche Personen gemäß E-Government Gesetz §6(5) vornimmt. Somit ist es möglich, dass eine Personenbindung ausgestellt werden kann, die in weitere Folge an MOA-ID weitergeleitet wird. Der Zugang zu diesem Stammzahlenregister-Gateway ist über eine Client-Server Authentifizierung abgesichert. Als Client-Zertifikate werden Zertifikate der Firmen A-Trust bzw. A-CERT, die mit der Verwaltungs- oder Dienstleistereigenschaft versehen sind, akzeptiert. </p> <h1><a name="moaidauth" id="moaidauth"></a>2 MOA-ID-Auth</h1> -<p>Das Modul MOA-ID-Auth dient der Identifizierung und Authentifizierung im Rahmen eines Anmeldevorgangs an einer Online-Applikation. Die Identifizierung und Authentifizierung erfolgt mit Bürgerkartem, Handy-Signatur oder für ausändische Personen mittels STORK.</p> -<p>Die Funktionalität und der Aufbau der Schnittstellen des Modules MOA-ID-Auth in Richtung Online-Applikation wird im Kapitel <a href="../protocol/protocol.html">Protokolle</a> beschriebe. +<p>Das Modul MOA-ID-Auth dient der Identifizierung und Authentifizierung im Rahmen eines Anmeldevorgangs an einer Online-Applikation. Die Identifizierung und Authentifizierung erfolgt mit Bürgerkartem, Handy-Signatur oder für ausländische Personen mittels STORK.</p> +<p>Die Funktionalität und der Aufbau der Schnittstellen des Modules MOA-ID-Auth in Richtung Online-Applikation wird im Kapitel <a href="../protocol/protocol.html">Protokolle</a> beschrieben. <p>Für den Betrieb von MOA-ID-Auth ist der Einsatz von MOA-Signaturprüfung (MOA-SP) erforderlich.</p> <h2><a name="ablauf" id="ablauf"></a> 2.1 Ablauf einer Anmeldung</h2> <p>Die nachfolgende Grafik beschreibt den Ablauf eines Abmeldevorgangs an einer Online-Applikation mit Hilfe von MOA-ID-Auth unter Verwendung der Bürgerkarte oder der Handy-Signatur.</p> diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 5055a4325..40277aa6b 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -23,6 +23,14 @@ <ol> <li><a href="#allgemeines_zugangspunkte">Übersicht der Zugangspunkte</a></li> <li><a href="#allgemeines_attribute">Übersicht der möglichen Attribute</a></li> + <li><a href="#statuscodes">Übersicht der möglichen MOA-ID spezifischen Statuscodes</a> +<ol> + <li><a href="#statuscodes_1xxxx">Statuscodes 1xxxx</a></li> + <li><a href="#statuscodes_4xxxx">Statuscodes 4xxxx</a></li> + <li><a href="#statuscodes_6xxxx">Statuscodes 6xxxx</a></li> + <li><a href="#statuscodes_9xxxx">Statuscodes 9xxxx</a></li> + </ol> + </li> <li><a href="#allgemeines_sso">Single Sign-On</a></li> <li><a href="#allgemeines_ssologout">SSO Logout </a></li> <li><a href="#allgemeines_legacy">Legacy Request (Bürgerkartenauswahl beim Service Provider)</a></li> @@ -35,7 +43,7 @@ <li><a href="#pvp21_binding">Zugangspunkte</a> <ol> <li><a href="#2.3.1 Authentifizierungsrequest">Authentifizierungsrequest</a></li> - <li><a href="#pvp21_binding_response">Authentifizierungsrespon</a></li> + <li><a href="#pvp21_binding_response">Authentifizierungsresponse</a></li> </ol> </li> </ol> @@ -50,6 +58,7 @@ <li><a href="#openid_req_authnresp">AuthCode Response</a></li> <li><a href="#openid_req_tokenreq">AccessToken Request</a></li> <li><a href="#openid_req_tokenresp">AccessToken Response</a></li> + <li><a href="#openid_req_errorresponse">Error Response</a></li> </ol> </li> </ol> @@ -486,7 +495,328 @@ Redirect Binding</td> <p><strong>Hinweis:</strong> Dieses Attribut steht nur bei einer Anmeldung mittels STORK zur Verfügung.</p></td> </tr> </table> -<h2><a name="allgemeines_sso" id="allgemeines_zugangspunkte3"></a>1.3 Single Sign-On</h2> +<h2><a name="statuscodes" id="allgemeines_zugangspunkte6"></a>1.3 Übersicht der möglichen MOA-ID spezifischen Statuscodes</h2> +<p>Vom Modul MOA-ID-Auth werden verschiedene Authentifizierungsprotololle wobei diese Protokolle die Fehlerrückgabe unterschiedlich spezifizieren. Zusätzlich zu den protokolabhängigen Statuscodes (<a href="#referenzierte_spezifikation">siehe Spezifikation des jeweiligen Protokolls</a>) werden zusätzliche protokollunabhängige Statuscodes an den Service Provider zurückgeliefert, wobei sich das Format der Fehlerrückgabe jedoch weiterhin protokolspezifisch ist.</p> +<p>Die nachfolgende Tabelle zeigt alle protokollunabhängigen Statuscodes welche vom Modul MOA-ID-Auth zurückgeliefert werden können.</p> +<h3><a name="statuscodes_1xxxx" id="allgemeines_zugangspunkte7"></a>1.3.1 Statuscodes 1xxxx</h3> +<p>Alle Statuscodes beginnent mit der Zahl eins beschreiben Fehler welche während des Identifizerungs- und Authentifizierungsvorgangs aufgetreten sind.</p> +<h4><a name="statuscodes_10xxx" id="allgemeines_zugangspunkte11"></a>1.3.1.1 Authentifizierung (10xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>1000</td> + <td>Anmeldung an der angeforderten Online-Applikation wird nicht unterstützt.</td> + </tr> + <tr> + <td>1001</td> + <td>Es ist bereits eine Anmeldung im Gange.</td> + </tr> + <tr> + <td>1002</td> + <td>Fehlerhafter Parameter</td> + </tr> + <tr> + <td>1003</td> + <td>Anfrage nur über https möglich</td> + </tr> + <tr> + <td>1004</td> + <td>Zertifikat konnte nicht ausgelesen werden</td> + </tr> + <tr> + <td>1005</td> + <td>Die Authentifizierung wurde durch den Benutzer abgebrochen</td> + </tr> + <tr> + <td>1006</td> + <td>Vollmachtsmodus für nicht-öffentlichen Bereich wird nicht unterstützt.</td> + </tr> + <tr> + <td>1007</td> + <td>Vollmachtsmodus für ausländische Personen wird nicht unterstützt.</td> + </tr> +</table> +<h4><a name="statuscodes_11xxx" id="allgemeines_zugangspunkte12"></a>1.3.1.2 Validierung (11xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>1100</td> + <td>Ungültige MOA SessionID</td> + </tr> + <tr> + <td>1101</td> + <td>Fehler beim Parsen eines Parameters</td> + </tr> + <tr> + <td>1102</td> + <td>Fehler beim Validieren der Personenbindung</td> + </tr> + <tr> + <td>1103</td> + <td>Signatur ungültig</td> + </tr> + <tr> + <td>1104</td> + <td>Zertifikat der Personenbindung ungültig</td> + </tr> + <tr> + <td>1105</td> + <td>Zertifikat der Signature ungültig</td> + </tr> + <tr> + <td>1106</td> + <td>Fehler beim Validieren des AuthBlocks</td> + </tr> + <tr> + <td>1107</td> + <td>Fehler beim Validieren eines SSL-Server-Endzertifikates</td> + </tr> + <tr> + <td>1108</td> + <td>Fehler beim Validieren der Online Vollmacht.</td> + </tr> + <tr> + <td>1109</td> + <td>Fehler beim validieren der SZR-Gateway Response</td> + </tr> +</table> +<h4><a name="statuscodes_12xxx" id="allgemeines_zugangspunkte13"></a>1.3.1.3 STORK (12xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>1200</td> + <td>Fehler beim erstellen des STORK Authentifizierungsrequests</td> + </tr> + <tr> + <td>1201</td> + <td>Fehler beim validieren der STORK Authentifizierungsresponse</td> + </tr> + <tr> + <td>1202</td> + <td>STORK Authentifizierungsresponse antwortet mit einem Fehler</td> + </tr> + <tr> + <td>1203</td> + <td>Fehler beim Sammeln von STORK Attributen</td> + </tr> +</table> +<h3><a name="statuscodes_4xxxx" id="allgemeines_zugangspunkte8"></a>1.3.2 Statuscodes 4xxxx</h3> +<p>Alles Statuscodes beginnent mit der Zahl vier beschreiben Fehler die während der Kommunikation mit externen Services aufgetreten sind.</p> +<h4><a name="statuscodes_40xxx" id="allgemeines_zugangspunkte19"></a>1.3.2.1 BKU (40xxxx)</h4> +<p>Tritt während des Anmeldevorgangs in der Bürgerkartenumgebung ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode für Bürgerkartenumgebungsfehler weißt das folgende zweiteilige Format auf. Der erste Teil, bestehend aus zwei Dezimalstellen, kennzeichnet den Fehler als Fehler als Bürgerkartenumgebungsfehler. Der zweite Teil, bestehend aus vier Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehers aus der Bürgerkartenumgebung (<a href="#referenzierte_spezifikation">siehe SecurityLayer Spezifikation</a>). </p> +<p align="right"><em>{40}{xxxxx}</em></p> +<blockquote> + <p>{40} ... MOA-ID Statuscode für Fehler aus der Bürgerkartenumgebung</p> + <p>{xxxx} .... Fehlercode der Bürgerkartenumgebung.</p> +</blockquote> +<h4><a name="statuscodes_41xxx" id="allgemeines_zugangspunkte20"></a>1.3.2.2 MIS (41xxxx)</h4> +<p>Tritt während der Kommunikation mit dem Online-Vollmachten Service oder der Vollmachtsauswahl ein Fehler auf so wird der entsprechende Fehlercode an den Service Provider weitergereicht. Der der durch das Modul MOA-ID-Auth weitergereichte Statuscode für Fehler aus dem Online-Vollmachten Service weißt das folgende zweiteilige Format auf. Der erste Teil, bestehend aus drei Dezimalstellen, kennzeichnet den Fehler als Fehler als Online-Vollmachten Service Fehler. Der zweite Teil, bestehend aus drei Dezimalstellen bezeichnet den eindeutigen Identifikator des Fehlers aus dem Online-Vollmachten Service (<a href="#referenzierte_spezifikation">siehe Online-Vollmachten Spezifikation</a>). </p> +<p><em>{411}{xxxx}</em></p> +<blockquote> + <p>{411} ... MOA-ID Statuscode für Fehler aus dem Online-Vollmachten Service.</p> + <p>{xxx} .... Fehlercode des Online-Vollmachten Service.</p> +</blockquote> +<p>Zusätzlich zu den gemappeden Fehlern aus dem Online-Vollmachen Service werden zusätzliche weitere Fehlercodes definiert.</p> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>41000</td> + <td>Das Online-Vollmachten Service ist nicht erreichbar</td> + </tr> + <tr> + <td>41001</td> + <td>Allgemeiner Fehler bei der Kommunikation mit dem Online-Vollmachten Service</td> + </tr> +</table> +<h4><a name="statuscodes_42xxx" id="allgemeines_zugangspunkte21"></a>1.3.2.3 SZR-Gateway (42xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>4200</td> + <td>Das SZR-Gateway Service ist nicht erreichbar</td> + </tr> + <tr> + <td>4201</td> + <td>Die Antragung in das SZR ist fehlgeschlagen</td> + </tr> +</table> +<h4><a name="statuscodes_43xxx" id="allgemeines_zugangspunkte22"></a>1.3.2.4 MOA SP/SS(43xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>4300</td> + <td>Fehler beim Aufruf von MOA SP/SS</td> + </tr> +</table> +<h4><a name="statuscodes_44xxx" id="allgemeines_zugangspunkte23"></a>1.3.2.5 Interfederation (44xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>4400</td> + <td>Fehler beim generieren der Anmeldedaten</td> + </tr> +</table> +<h3><a name="statuscodes_6xxxx" id="allgemeines_zugangspunkte9"></a>1.3.3 Statuscodes 6xxxx</h3> +<p>Alles Statuscodes beginnent mit der Zahl sechs beschreiben protokolspezifische Fehler die nicht durch das jeweilige Authentifizierungsprotokoll abgebildet werden.</p> +<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte24"></a>1.3.3.1 Allgemein (61xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>6000</td> + <td>Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterstüzt</td> + </tr> + <tr> + <td>6001</td> + <td>Der STORK Request wurde nicht erkannt oder wird nicht unterstüzt</td> + </tr> +</table> +<h4><a name="statuscodes_61xxx" id="allgemeines_zugangspunkte16"></a>1.3.3.2 PVP 2.1 (61xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>6100</td> + <td>Fehler beim erstellen der PVP 2.1 Response</td> + </tr> + <tr> + <td>6101</td> + <td>Fehler beim verschlüsseln der PVP 2.1 Assertion</td> + </tr> + <tr> + <td>6102</td> + <td>Authentifizierung entspricht nicht dem geforderten QAA Level</td> + </tr> + <tr> + <td>6103</td> + <td>Für die im Requst angegebene EnityID konnten keine gültigen Metadaten gefunden werden</td> + </tr> + <tr> + <td>6104</td> + <td>Die Signatur des Requests konnte nicht gültig validiert werden. Entweder ist die Signatur ungültig oder das Signaturzertifikat stimmt nicht mit dem in den Metadaten hinterlegten Zertifikat überein.</td> + </tr> + <tr> + <td>6105</td> + <td>Der Request konnte nicht gültig validiert werden.</td> + </tr> +</table> +<h4><a name="statuscodes_62xxx" id="allgemeines_zugangspunkte17"></a>1.3.3.3 OpenID Connect (62xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>6200</td> + <td>Fehlerhafte redirect url</td> + </tr> +</table> +<h4><a name="statuscodes_63xxx" id="allgemeines_zugangspunkte18"></a>1.3.3.4 SAML 1(63xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>6300</td> + <td>Fehlerhaftes SAML Artifact Format</td> + </tr> +</table> +<h3><a name="statuscodes_9xxxx" id="allgemeines_zugangspunkte10"></a>1.3.4 Statuscodes 9xxxx</h3> +<p>Alles Statuscodes beginnent mit der Zahl neun beschreiben interne Serverfehler.</p> +<h4><a name="statuscodes_90xxx" id="allgemeines_zugangspunkte14"></a>1.3.4.1 Konfigurationsfehler (90xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>9000</td> + <td>Fehlerhaftes BKU-Selection Template</td> + </tr> + <tr> + <td>9001</td> + <td>Fehlerhaftes Send-Assertion Template</td> + </tr> + <tr> + <td>9002</td> + <td>Fehlerhaftes SecurityLayer Template.</td> + </tr> + <tr> + <td>9003</td> + <td>Fehlerhafte STORK VIDP Konfiguration</td> + </tr> + <tr> + <td>9004</td> + <td>Fehlerhafte STORK Konfiguration</td> + </tr> + <tr> + <td>9005</td> + <td>Fehlerhafte OpenID Connect Konfiguration</td> + </tr> + <tr> + <td>9006</td> + <td>Es sind keine Vollmachtsprofile konfiguriert.</td> + </tr> + <tr> + <td>9007</td> + <td>Der SZR-Gateway Client konnte nicht initialisiert werden.</td> + </tr> +</table> +<h4><a name="statuscodes_91xxx" id="allgemeines_zugangspunkte15"></a>1.3.4.2 Interne Fehler (91xxx)</h4> +<table width="1237" border="1"> + <tr> + <th width="214" scope="col">Statuscode</th> + <th width="1007" scope="col">Beschreibung</th> + </tr> + <tr> + <td>9100</td> + <td>Fehler beim einlesen einer externen Resource.</td> + </tr> + <tr> + <td>9101</td> + <td>Datenbankzugriffsfehler</td> + </tr> + <tr> + <td>9102</td> + <td>Fehler beim Erzeugen einer internen Datenstruktur</td> + </tr> + <tr> + <td>9103</td> + <td>Fehler bei der Verarbeitung eines Templates</td> + </tr> + <tr> + <td>9199</td> + <td>Allgemeiner interner Fehler</td> + </tr> +</table> +<p> </p> +<h2><a name="allgemeines_sso" id="allgemeines_zugangspunkte3"></a>1.4 Single Sign-On</h2> <p>Das Modul MOA-ID-Auth unterstützt ab der Version 2.0 Single Sign-On (SSO), wobei diese Funktionalität unabhängig vom verwendeten Protokoll ist. Bei Verwendung von SSO muss sich der Benutzer nur ein Mal bei MOA-ID-Auth authentifizieren und danach steht die authentifizierte Session für die BenutzerIn oder den Benutzer für weitere Anmeldevorgänge ohne weitere Authentifizierung mittels Bürgerkarte, Handy-Signatur oder STORK zur Verfügung. Die SSO Session kann danach durch <a href="#allgemeines_ssologout">die BenutzerIn oder den Benutzer beendet</a> werden, oder sie wird von MOA-ID-Auth nach der <a href="./../config/config.html#konfigurationsparameter_allgemein_timeouts">maximal erlaubten Sessionzeit</a> serverseitig beendet. </p> <p>Das nachfolgende Sequenzdiagramm zeigt eine Anmeldung mittels Single Sign-On an zwei Online-Applikationen unter Verwendung von PVP 2.1. Aus Gründen der Übersichtlichkeit wurden die Teile welche die Kommunikation mit der Bürgerkartenumgebung, die Vollmachten-Auswahl oder den Metadatenaustausch betreffen bewusst nicht berücksichtigt.</p> <p><img src="sso_sequence.png" width="1095" height="978" alt="Sequenzdiagramm einer Anmeldung mittels Single Sign-On"></p> @@ -515,7 +845,7 @@ Redirect Binding</td> <li>Ist die Validierung der Assertion erfolgreich wird die BenutzerIn oder der Benutzer an der Online-Applikation 2 angemeldet</li> </ol> <p>Zusätzliche Informationen zur Konfiguration und die sich daraus ergebenden Anforderungen oder Einschränkungen finden sie <a href="./../config/config.html#konfigurationsparameter_allgemein_sso">hier</a>.</p> -<h2><a name="allgemeines_ssologout" id="allgemeines_zugangspunkte5"></a>1.4 SSO Logout </h2> +<h2><a name="allgemeines_ssologout" id="allgemeines_zugangspunkte5"></a>1.5 SSO Logout </h2> <p>Das Modul MOA-ID-Auth stellt ein einfaches Service zur Beendigung einer bestehenden Single Sign-On Session zur Verfügung. Nach dem Aufruf dieses Service aus dem Browser des Users wird eine bestehende SSO Session beendet und anschließend wird die BenutzerIn oder der Benutzer an eine im LogOut Request angegebene URL weitergeleitet. </p> <p>Das SSO Logout Service steht unter folgender URL zur Verfügung und benötigt einen http GET Parameter:</p> <pre>http://<host>:<port>/moa-id-auth/LogOut @@ -543,7 +873,7 @@ https://<host>:<port>/moa-id-auth/LogOut <pre>https://demo.egiz.gv.at/moa-id-auth/LogOut?redirect=https://demo.egiz.gv.at/demoportal-openID_demo </pre> <p><strong>Hinweis:</strong> Dieses Service bietet jedoch NICHT eine vollständige Single Log-Out Funktionalität wie sie im SAML 2 Protokoll vorgesehen ist, sondern beendet ausschließlich die SSO Session in der MOA-ID-Auth Instanz.</p> -<h2><a name="allgemeines_legacy" id="allgemeines_zugangspunkte4"></a>1.5 Legacy Request (Bürgerkartenauswahl beim Service Provider)</h2> +<h2><a name="allgemeines_legacy" id="allgemeines_zugangspunkte4"></a>1.6 Legacy Request (Bürgerkartenauswahl beim Service Provider)</h2> <p>Soll die Bürgerkartenauswahl jedoch weiterhin, wie aus MOA-ID 1.5.1 bekannt direkt in der Online-Applikation des Service Providers erfolgen muss für das jeweilige Protokoll der <a href="./../config/config.html#konfigurationsparameter_allgemein_protocol_legacy">Legacy Modus aktiviert</a> werden. Wird der Legacy Modus verwendet muss jedoch zusätzlich zu den protokollspezifischen Parametern mindestens der Parameter <em>bkuURI</em>, welcher die gewählte Bürgerkartenumgebung enthält, im Authentifizierungsrequest an MOA-ID-Auth übergeben werden (siehe <a href="#saml1_startauth">Protokoll SAML 1</a>). Die folgenden Parameter stehen bei Verwendung des Legacy Modus unabhängig vom verwendeten Protokoll zur Verfügung und bilden den gesamten Umfang der Bürgerkartenauswahl, wie aus MOA-ID 1.5.1 bekannt, ab.</p> <table border="1" width="1247"> <tbody> @@ -713,10 +1043,11 @@ https://<host>:<port>/moa-id-auth/pvp2/metadata <td><p>Dieses Element beinhaltet als Attribut den Status Code des Anmeldevorgangs. Nochfolgend die wichtigsten Statuscodes und eine kurze Beschreibung.</p> <ul> <li><em>urn:oasis:names:tc:SAML:2.0:status:Success</em>: Der Anmeldevorgang konnte Erfolgreich durchgeführt werden. </li> - <li><em>MOA-ID-Auth Fehlercode</em>: Währenddes Anmeldevorgangs ist ein Fehler aufgetreten wobei für diesen Fehler in Fehlercode existiert. Zusätzlich beinhaltet der Wert dieses Elements eine kurze Fehlerbeschreibung.</li> - <li><em>urn:oasis:names:tc:SAML:2.0:status:Responder</em>: Während des Anmeldevorgangs ist ein Fehler aufgetreten wobei diesem Fehler kein Fehlercode zugeordnet ist (Allgemeiner Fehler). Zusätzlich beinhaltet der Wert dieses Elements jedoch eine kurze Fehlerbeschreibung.</li> + <li><em>urn:oasis:names:tc:SAML:2.0:status:Responder</em>: Während des Anmeldevorgangs ist ein Fehler aufgetreten. Das Element <code>/saml2p:Response/saml2p:Status/saml2p:StatusCode</code><code>/saml2p:StatusCode</code> beinhaltet einen MOA-ID-Auth Fehlercode (siehe <a href="#statuscodes">Kapitel 1.3</a>). Zusätzlich beinhaltet der Wert dieses Elements jedoch eine kurze Fehlerbeschreibung.</li> <li><em>urn:oasis:names:tc:SAML:2.0:status:NoPassive</em>: Die BenutzerIn oder der Benutzer ist aktuell keine aktive und gültige Single Sign-On Session mit MOA-ID-Auth. Nähere Details zum <em>isPassiv</em> Authentifizierungsrequest finden Sie in der PVP 2.1 oder der SAML2 Spezifikation.</li> - </ul></td> + <li><em>urn:oasis:names:tc:SAML:2.0:status:Requester</em>: Der Authentifizierungsrequest konnte nicht erfolgreich validiert werden.</li> + </ul> + <p><strong>Hinweis:</strong> Eine vollständige Aufstellung aller mögtlichen SAML2 spezifischen Statuscodes fnden Sie in der SAML2 Spezifikation.</p></td> </tr> </table> <table border="1" cellpadding="2" class="fixedWidth"> @@ -1002,6 +1333,31 @@ Folgende Parameter müssen mit dem AuthCode-Request mitgesendet werden, wobei für XUVrWOLrLl0nx7RkKU8NXNHq-rvKMzqg" } </pre> +<h3><a name="openid_req_errorresponse" id="openid_req_errorresponse"></a>3.2.5 Error Response</h3> +<p>Sollte während des Authentifizierungsvorgangs ein Fehler auftreten antwortet das Modul MOA-ID-Auth mit einer Error Response. Diese beinhaltet folgende Parameter</p> +<table width="1247" border="1"> + <tr> + <th width="115" scope="col">Name</th> + <th width="262" scope="col">Beispielwert</th> + <th width="848" scope="col">Beschreibung</th> + </tr> + <tr> + <td>error</td> + <td>invalid_request_object</td> + <td><p>Fehlercode laut OpenID Connect Spezifikation</p></td> + </tr> + <tr> + <td>error_description</td> + <td>Der Request ist ungültig</td> + <td><p>Kurze textuelle Fehlerbeschreibung</p></td> + </tr> + <tr> + <td>error_uri</td> + <td>https://demo.egiz.gv.at/demoportal_moaid-2.0/moa_errorcodes.html#1000</td> + <td>URL auf eine Seite mit zusätzlicher Fehlerbeschreibung</td> + </tr> +</table> +<p> </p> <h1><a name="saml1"></a>3 SAML 1</h1> <p>SAML 1 wird durch MOA-ID-Auth 2.0 auch weiterhin, aus Gründen der Abwärtskompatibilität, als Authentifizierungsprotokoll unterstützt. Es wird jedoch der Umstieg auf ein aktuelles Authentifizierungsprotokoll wie PVP 2.1 oder OpenID Connect empfohlen.</p> <p>Die nachfolgenden Abschnitte beschreiben den Anmeldevorgang unter Verwendung von SAML1 wobei die Funktionalität, wie sie aus MOA-ID <= 1.5.1 bekannt ist, auch weiterhin unterstützt wird (Bürgerkartenauswahl auf Seiten des Service Provider). Zusätzlich steht für SAML 1 jedoch auch die Funktionalität der automatischen Generierung der Bürgerkartenauswahl durch das Modul MOA-ID-Auth zur Verfügung.</p> @@ -1116,13 +1472,14 @@ In diesem Redirect werden der Geschäftsbereich und ein SAML-Artifact als Pa <p>Der Service Provider kann anschließend die Assertion, welche die Anmeldedaten oder eine Fehlermeldung beinhaltet, unter Verwendung des SAMLArtifact, am Modul MOA-ID-Auth abholen.</p> <p>Das MOA-ID-AUTH Web Service wird über einen <samlp:Request> aufgerufen. Der <samlp:Request> enthält in einem <samlp:AssertionArtifact> das von MOA-ID-AUTH übergebene SAML-Artifact. <br> <br> -MOA-ID-AUTH liefert als Antwort einen <samlp:Response>. Die Anmeldedaten sind im <samlp:Response> in Form einer <saml:Assertion> enthalten. </p> +MOA-ID-AUTH liefert als Antwort einen <samlp:Response>. Die Anmeldedaten sind im <samlp:Response> in Form einer <saml:Assertion> enthalten. <br> +Sollte während des Anmeldevorgangs ein Fehler aufgetreten sein, antworted das Modul MOA-ID-Auth mit einer Fehlerbeschreibung in der SAML Response. Das Element <code>/samlp:Response/samlp:Status/samlp:StatusCode</code><code>/</code> beinhaltet auf jeden Fall einen allgemeinen Fehlercode laut SAML1 Spezifikation. Zusätzlich kann das Element <code>/samlp:Response/samlp:Status/samlp:StatusCode</code><code>/</code><code>samlp:StatusCode</code><code>/</code>einen MOA-ID-Auth Fehlercode (siehe <a href="#statuscodes">Kapitel 1.3</a>) beinhalten. Außerdem erfolgt eine kurze textuelle Fehlerbeschreibung im Element <code>/samlp:Response/samlp:Status/</code><code>samlp:StatusMessage/</code>.</p> <ul> <li> <a href="file:///D:/Projekte/svn/moa-id/moa-idspss/id/server/doc/cs-sstc-schema-protocol-01.xsd">SAML 1.0 Protocol Schema</a> <br> </li> <li> <a href="file:///D:/Projekte/svn/moa-id/moa-idspss/id/server/doc/cs-sstc-schema-assertion-01.xsd">SAML 1.0 Assertion Schema</a></li> </ul> -<p>Der detaillierte Aufbau der <saml:Assertion> zu den Anmeldedaten ist in der <a href="file:///D:/Projekte/svn/moa-id/moa-idspss/id/server/doc/MOA_ID_1.4_20070306.pdf">Spezifikation MOA-ID 1.4</a> beschrieben. </p> +<p>Der detaillierte Aufbau der <saml:Assertion> zu den Anmeldedaten ist in der <a href="./../spec/MOA_ID_1.4_20070802.pdf">Spezifikation MOA-ID 1.4</a> beschrieben.</p> <h1><a name="referenzierte_spezifikation" id="uebersicht_zentraledatei_aktualisierung30"></a>A Referenzierte Spezifikation</h1> <table class="fixedWidth" border="1" cellpadding="2"> <tbody> @@ -1135,6 +1492,10 @@ MOA-ID-AUTH liefert als Antwort einen <samlp:Response>. Die Anmeldedaten <td><a href="http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/">http://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/</a></td> </tr> <tr> + <td>Online-Vollmachten Spezifikation </td> + <td><a href="http://reference.e-government.gv.at/AG-II-Architektur-mis-1-1-0.2890.0.html">http://reference.e-government.gv.at/AG-II-Architektur-mis-1-1-0.2890.0.html</a></td> + </tr> + <tr> <td>PVP 2.1 S-Profil Spezifikation</td> <td><a href="http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf">http://reference.e-government.gv.at/uploads/media/PVP2-S-Profil_2_0_0_a-2011-08-31.pdf</a></td> </tr> diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml index 285a5da9c..f1518951f 100644 --- a/id/server/idserverlib/pom.xml +++ b/id/server/idserverlib/pom.xml @@ -3,12 +3,13 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
+ <version>${moa-id-version}</version>
<packaging>jar</packaging>
<name>MOA ID API</name>
@@ -131,21 +132,21 @@ <artifactId>slf4j-api</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
@@ -271,6 +272,25 @@ <build>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -279,25 +299,8 @@ <target>1.6</target>
</configuration>
</plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <configuration>
- <skip>true</skip>
- <skipTests>true</skipTests>
- <archive>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
- </configuration>
- <executions>
- <execution>
- <goals>
- <goal>test-jar</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
- <plugin>
+
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.9.1</version>
@@ -338,6 +341,24 @@ </execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-jar-plugin</artifactId>
+ <configuration>
+ <skip>true</skip>
+ <skipTests>true</skipTests>
+ <archive>
+ <addMavenDescriptor>false</addMavenDescriptor>
+ </archive>
+ </configuration>
+ <executions>
+ <execution>
+ <goals>
+ <goal>test-jar</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java index d4b5d1c05..f20339506 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; +import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils; @@ -51,7 +52,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; @@ -73,6 +75,7 @@ public class StatisticLogger { private static final String ERRORTYPE_MOASP = "moa-sp"; private static final String ERRORTYPE_MANDATE = "mandate"; private static final String ERRORTYPE_MOAID = "moa-id"; + private static final String ERRORTYPE_SZRGW = "szrgw"; private static StatisticLogger instance; @@ -97,9 +100,9 @@ public class StatisticLogger { } } - public void logSuccessOperation(IRequest protocolRequest, AuthenticationSession moasession, boolean isSSOSession) { + public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSSOSession) { - if ( isAktive && protocolRequest != null && moasession != null) { + if ( isAktive && protocolRequest != null && authData != null) { OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(protocolRequest.getOAURL()); @@ -128,9 +131,18 @@ public class StatisticLogger { dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue()); else dblog.setOatarget(dbOA.getTarget()); + + dblog.setInterfederatedSSOSession(authData.isInterfederatedSSOSession()); - dblog.setBkuurl(moasession.getBkuURL()); - dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA)); + if (authData.isInterfederatedSSOSession()) { + dblog.setBkutype(IOAAuthParameters.INDERFEDERATEDIDP); + dblog.setBkuurl(authData.getInterfederatedIDP()); + + } else { + dblog.setBkuurl(authData.getBkuURL()); + dblog.setBkutype(findBKUType(authData.getBkuURL(), dbOA)); + + } dblog.setProtocoltype(protocolRequest.requestedModule()); dblog.setProtocolsubtype(protocolRequest.requestedAction()); @@ -138,10 +150,10 @@ public class StatisticLogger { //log MandateInforamtion - if (moasession.getUseMandate()) { - dblog.setMandatelogin(moasession.getUseMandate()); + if (authData.isUseMandate()) { + dblog.setMandatelogin(authData.isUseMandate()); - MISMandate mandate = moasession.getMISMandate(); + MISMandate mandate = authData.getMISMandate(); if (mandate != null) { if (MiscUtil.isNotEmpty(mandate.getProfRep())) { @@ -297,7 +309,13 @@ public class StatisticLogger { dblog.setErrorcode(error.getBkuErrorCode()); dblog.setErrormessage(getErrorMessageWithMaxLength(error.getBkuErrorMessage(), MAXERRORLENGTH)); - }else if (throwable instanceof MISSimpleClientException) { + } else if (throwable instanceof SZRGWClientException) { + SZRGWClientException error = (SZRGWClientException) throwable; + dblog.setErrortype(ERRORTYPE_SZRGW); + dblog.setErrorcode(error.getSzrErrorCode()); + dblog.setErrormessage(getErrorMessageWithMaxLength(error.getSzrErrorMessage(), MAXERRORLENGTH)); + + } else if (throwable instanceof MISSimpleClientException) { MISSimpleClientException error = (MISSimpleClientException) throwable; dblog.setErrortype(ERRORTYPE_MANDATE); dblog.setErrorcode(error.getMISErrorCode()); @@ -333,13 +351,13 @@ public class StatisticLogger { BKUURLS bkuurls = oaAuth.getBKUURLS(); if (bkuurls != null) { if (bkuURL.equals(bkuurls.getHandyBKU())) - return OAAuthParameter.HANDYBKU; + return IOAAuthParameters.HANDYBKU; if (bkuURL.equals(bkuurls.getLocalBKU())) - return OAAuthParameter.LOCALBKU; + return IOAAuthParameters.LOCALBKU; if (bkuURL.equals(bkuurls.getOnlineBKU())) - return OAAuthParameter.ONLINEBKU; + return IOAAuthParameters.ONLINEBKU; } } } @@ -348,14 +366,14 @@ public class StatisticLogger { try { AuthConfigurationProvider authconfig = AuthConfigurationProvider.getInstance(); - if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.ONLINEBKU))) - return OAAuthParameter.ONLINEBKU; + if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.ONLINEBKU))) + return IOAAuthParameters.ONLINEBKU; - if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.LOCALBKU))) - return OAAuthParameter.LOCALBKU; + if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.LOCALBKU))) + return IOAAuthParameters.LOCALBKU; - if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.HANDYBKU))) - return OAAuthParameter.HANDYBKU; + if (bkuURL.equals(authconfig.getDefaultBKUURL(IOAAuthParameters.HANDYBKU))) + return IOAAuthParameters.HANDYBKU; } catch (ConfigurationException e) { Logger.info("Advanced Logging: Default BKUs read failed"); @@ -364,17 +382,17 @@ public class StatisticLogger { Logger.debug("Staticic Log search BKUType from generneric Parameters"); if (bkuURL.endsWith(GENERIC_LOCALBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.LOCALBKU); - return OAAuthParameter.LOCALBKU; + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.LOCALBKU); + return IOAAuthParameters.LOCALBKU; } if (bkuURL.startsWith(GENERIC_HANDYBKU)) { - Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.HANDYBKU); - return OAAuthParameter.HANDYBKU; + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.HANDYBKU); + return IOAAuthParameters.HANDYBKU; } - Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.ONLINEBKU); - return OAAuthParameter.ONLINEBKU; + Logger.debug("BKUURL " + bkuURL + " is mapped to " + IOAAuthParameters.ONLINEBKU); + return IOAAuthParameters.ONLINEBKU; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d7083ec81..4709f8c68 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.auth; import iaik.asn1.ObjectID; +import iaik.pki.PKIRuntimeException; import iaik.util.logging.Log; import iaik.x509.X509Certificate; import iaik.x509.X509ExtensionInitException; @@ -314,12 +315,18 @@ public class AuthenticationServer implements MOAIDAuthConstants { appletwidth = StringEscapeUtils.escapeHtml(appletwidth); - //TODO: cleanup before MOA-ID 2.1 release - String htmlForm = new GetIdentityLinkFormBuilder().build(template, - session.getBkuURL(), infoboxReadRequest, dataURL, null, - null, pushInfobox, oaParam, appletheigth, appletwidth); - - return htmlForm; + //TODO: cleanup before MOA-ID 2.1 release + try { + String htmlForm = new GetIdentityLinkFormBuilder().build(template, + session.getBkuURL(), infoboxReadRequest, dataURL, null, + null, pushInfobox, oaParam, appletheigth, appletwidth); + + return htmlForm; + + } catch (BuildException e) { + throw new BuildException("builder.07", null, e); + + } } /** @@ -524,16 +531,16 @@ public class AuthenticationServer implements MOAIDAuthConstants { } catch (SAXException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } catch (IOException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } catch (ParserConfigurationException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } catch (TransformerException e) { - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[]{GET_MIS_SESSIONID}, e); } @@ -553,9 +560,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam) throws ConfigurationException, BuildException, ValidateException { - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; +// // check for intermediate processing of the infoboxes +// if (session.isValidatorInputPending()) +// return "Redirect to Input Processor"; if (authConf == null) authConf = AuthConfigurationProvider.getInstance(); @@ -611,9 +618,9 @@ public class AuthenticationServer implements MOAIDAuthConstants { OAAuthParameter oaParam, X509Certificate cert) throws ConfigurationException { - // check for intermediate processing of the infoboxes - if (session.isValidatorInputPending()) - return "Redirect to Input Processor"; +// // check for intermediate processing of the infoboxes +// if (session.isValidatorInputPending()) +// return "Redirect to Input Processor"; if (authConf == null) authConf = AuthConfigurationProvider.getInstance(); @@ -1164,11 +1171,31 @@ public class AuthenticationServer implements MOAIDAuthConstants { vtids, tpid); // debug output - // invokes the call - Element domVsresp = new SignatureVerificationInvoker() - .verifyXMLSignature(domVsreq); - // debug output + Element domVsresp = null; + +// try { + // invokes the call + domVsresp = new SignatureVerificationInvoker() + .verifyXMLSignature(domVsreq); + // debug output + +// } catch ( ServiceException e) { +// Logger.error("Signature verification error. ", e); +// Logger.error("Signed Data: " + session.getAuthBlock()); +// try { +// Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq)); +// } catch (TransformerException e1) { +// e1.printStackTrace(); +// +// } catch (IOException e1) { +// e1.printStackTrace(); +// +// } +// +// throw e; +// } + // parses the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser( domVsresp).parseData(); @@ -1196,48 +1223,66 @@ public class AuthenticationServer implements MOAIDAuthConstants { // date and time CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp); - // compares the public keys from the identityLink with the AuthBlock - VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( - vsresp, session.getIdentityLink()); - - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(csresp - .getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[]{friendlyName}); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[]{ - friendlyName, - infoboxValidationResult.getErrorMessage()}); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } + try { + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate( + vsresp, session.getIdentityLink()); + + } catch ( ValidateException e) { + Logger.error("Signature verification error. ", e); + Logger.error("Signed Data: " + session.getAuthBlock()); + try { + Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq)); + Logger.error("VerifyResponse: " + DOMUtils.serializeNode(domVsresp)); + } catch (TransformerException e1) { + e1.printStackTrace(); + + } catch (IOException e1) { + e1.printStackTrace(); + + } + + throw e; + } + +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// boolean formpending = false; +// if (iter != null) { +// while (!formpending && iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector.get(1); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator.validate(csresp +// .getSamlAssertion()); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier + " infobox:" +// + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[]{friendlyName}); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", new Object[]{ +// friendlyName, +// infoboxValidationResult.getErrorMessage()}); +// } +// String form = infoboxvalidator.getForm(); +// if (ParepUtils.isEmpty(form)) { +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } else { +// return "Redirect to Input Processor"; +// } +// } +// } session.setXMLVerifySignatureResponse(vsresp); session.setSignerCertificate(vsresp.getX509certificate()); @@ -1358,44 +1403,44 @@ public class AuthenticationServer implements MOAIDAuthConstants { throw new AuthenticationException("auth.10", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID}); - // post processing of the infoboxes - Iterator iter = session.getInfoboxValidatorIterator(); - boolean formpending = false; - if (iter != null) { - while (!formpending && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - String identifier = (String) infoboxValidatorVector.get(0); - String friendlyName = (String) infoboxValidatorVector.get(1); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector - .get(2); - InfoboxValidationResult infoboxValidationResult = null; - try { - infoboxValidationResult = infoboxvalidator.validate(session - .getIdentityLink().getSamlAssertion()); - } catch (ValidateException e) { - Logger.error("Error validating " + identifier + " infobox:" - + e.getMessage()); - throw new ValidateException("validator.44", - new Object[]{friendlyName}); - } - if (!infoboxValidationResult.isValid()) { - Logger.info("Validation of " + identifier - + " infobox failed."); - throw new ValidateException("validator.40", new Object[]{ - friendlyName, - infoboxValidationResult.getErrorMessage()}); - } - String form = infoboxvalidator.getForm(); - if (ParepUtils.isEmpty(form)) { - AddAdditionalSAMLAttributes( - session, - infoboxValidationResult.getExtendedSamlAttributes(), - identifier, friendlyName); - } else { - return "Redirect to Input Processor"; - } - } - } +// // post processing of the infoboxes +// Iterator iter = session.getInfoboxValidatorIterator(); +// boolean formpending = false; +// if (iter != null) { +// while (!formpending && iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// String identifier = (String) infoboxValidatorVector.get(0); +// String friendlyName = (String) infoboxValidatorVector.get(1); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector +// .get(2); +// InfoboxValidationResult infoboxValidationResult = null; +// try { +// infoboxValidationResult = infoboxvalidator.validate(session +// .getIdentityLink().getSamlAssertion()); +// } catch (ValidateException e) { +// Logger.error("Error validating " + identifier + " infobox:" +// + e.getMessage()); +// throw new ValidateException("validator.44", +// new Object[]{friendlyName}); +// } +// if (!infoboxValidationResult.isValid()) { +// Logger.info("Validation of " + identifier +// + " infobox failed."); +// throw new ValidateException("validator.40", new Object[]{ +// friendlyName, +// infoboxValidationResult.getErrorMessage()}); +// } +// String form = infoboxvalidator.getForm(); +// if (ParepUtils.isEmpty(form)) { +// AddAdditionalSAMLAttributes( +// session, +// infoboxValidationResult.getExtendedSamlAttributes(), +// identifier, friendlyName); +// } else { +// return "Redirect to Input Processor"; +// } +// } +// } VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); X509Certificate cert = session.getSignerCertificate(); @@ -1415,127 +1460,6 @@ public class AuthenticationServer implements MOAIDAuthConstants { } /** - * Builds the AuthenticationData object together with the corresponding - * <code><saml:Assertion></code> - * - * @param session authentication session - * @param verifyXMLSigResp VerifyXMLSignatureResponse from MOA-SP - * @param useUTC uses correct UTC time format - * @param useUTC indicates that authenticated citizen is a foreigner - * @param isForeigner indicates whether Austrian (false) or foreigner (true) authenticates - * @return AuthenticationData object - * @throws ConfigurationException while accessing configuration data - * @throws BuildException while building the <code><saml:Assertion></code> - */ - public static AuthenticationData buildAuthenticationData( - AuthenticationSession session, OAAuthParameter oaParam, String target) - throws ConfigurationException, BuildException { - - IdentityLink identityLink = session.getIdentityLink(); - AuthenticationData authData = new AuthenticationData(); - - VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); - - boolean businessService = oaParam.getBusinessService(); - - authData.setMajorVersion(1); - authData.setMinorVersion(0); - authData.setAssertionID(Random.nextRandom()); - authData.setIssuer(session.getAuthURL()); - - authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar - .getInstance())); - - //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO - authData.setIdentificationValue(identityLink.getIdentificationValue()); - authData.setIdentificationType(identityLink.getIdentificationType()); - - authData.setGivenName(identityLink.getGivenName()); - authData.setFamilyName(identityLink.getFamilyName()); - authData.setDateOfBirth(identityLink.getDateOfBirth()); - authData.setQualifiedCertificate(verifyXMLSigResp - .isQualifiedCertificate()); - authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); - authData.setPublicAuthorityCode(verifyXMLSigResp - .getPublicAuthorityCode()); - authData.setBkuURL(session.getBkuURL()); - - try { - - MISMandate mandate = session.getMISMandate(); - - if (session.getUseMandate() && session.isOW() - && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) { - authData.setBPK(mandate.getOWbPK()); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); - authData.setIdentityLink(identityLink); - Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); - - } else { - - if (businessService) { - //since we have foreigner, wbPK is not calculated in BKU - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - - String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); - - if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { - // If domainIdentifier starts with prefix - // "urn:publicid:gv.at:wbpk+"; remove this prefix - registerAndOrdNr = registerAndOrdNr - .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); - Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " - + registerAndOrdNr); - } - - String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); - authData.setBPK(wbpkBase64); - authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); - - } else { - authData.setBPK(identityLink.getIdentificationValue()); - authData.setBPKType(identityLink.getIdentificationType()); - - } - - Logger.trace("Authenticate user with wbPK " + authData.getBPK()); - - Element idlassertion = session.getIdentityLink().getSamlAssertion(); - //set bpk/wpbk; - Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); - prIdentification.getFirstChild().setNodeValue(authData.getBPK()); - //set bkp/wpbk type - Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); - prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); - - IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); - IdentityLink idl = idlparser.parseIdentityLink(); - authData.setIdentityLink(idl); - - } else { - - if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { - // only compute bPK if online application is a public service and we have the Stammzahl - String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); - authData.setBPK(bpkBase64); - authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); - } - - Logger.trace("Authenticate user with bPK " + authData.getBPK()); - - authData.setIdentityLink(identityLink); - } - } - - return authData; - - } catch (Throwable ex) { - throw new BuildException("builder.00", new Object[]{ - "AuthenticationData", ex.toString()}, ex); - } - } - - /** * Retrieves a session from the session store. * * @param id session ID @@ -1773,6 +1697,11 @@ public class AuthenticationServer implements MOAIDAuthConstants { request.setMIS(mis); } + if (MiscUtil.isEmpty(connectionParameters.getUrl())) { + Logger.warn("SZR-Gateway Service URL is empty"); + throw new SZRGWClientException("service.07"); + } + Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")..."); CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl()); return response; @@ -1826,11 +1755,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { String destination = cpeps.getPepsURL().toExternalForm(); Logger.debug("C-PEPS URL: " + destination); - String acsURL = HTTPUtils.getBaseURL(req) + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN; + + String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix(); + String acsURL = new DataURLBuilder().buildDataURL(issuerValue, + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID()); Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL); String providerName = oaParam.getFriendlyName(); - String issuerValue = HTTPUtils.getBaseURL(req); Logger.debug("Issuer value: " + issuerValue); // prepare collection of required attributes @@ -1903,6 +1834,13 @@ public class AuthenticationServer implements MOAIDAuthConstants { Logger.debug("STORK AuthnRequest succesfully assembled."); STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing"); + + if (samlEngine == null) { + Logger.error("Could not initalize STORK SAML engine."); + throw new MOAIDException("stork.00", null); + + } + try { authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest); } catch (STORKSAMLEngineException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 0173c67a1..6f83da367 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -31,6 +31,8 @@ public interface MOAIDAuthConstants { public static final String PARAM_MODUL = "MODUL"; public static final String PARAM_ACTION = "ACTION"; public static final String PARAM_SSO = "SSO"; + public static final String INTERFEDERATION_IDP = "interIDP"; + /** servlet parameter "sourceID" */ public static final String PARAM_SOURCEID = "sourceID"; /** servlet parameter "BKUSelectionTemplate" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index db9bc588f..a6c2cde05 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -51,6 +51,7 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -272,7 +273,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, - new Object[] { generateSpecialText(text, issuer, issueInstant) }); + new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) }); //generate unique AuthBlock tokken String uniquetokken = Random.nextRandom(); @@ -424,7 +425,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, - new Object[] { generateSpecialText(text, issuer, issueInstant) }); + new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) }); //generate unique AuthBlock tokken String uniquetokken = Random.nextRandom(); @@ -454,12 +455,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion } - public static String generateSpecialText(String inputtext, String issuer, String issueInstant) { + public static String generateSpecialText(String inputtext, String issuer, String gebDat, String issueInstant) { Calendar datetime = DatatypeConverter.parseDateTime(issueInstant); SimpleDateFormat dateformat = new SimpleDateFormat("dd.MM.yyyy"); SimpleDateFormat timeformat = new SimpleDateFormat("HH:mm:ss"); String text = inputtext.replaceAll("#NAME#", issuer); + text = text.replaceAll("#BIRTHDAY#", gebDat); text = text.replaceAll("#DATE#", dateformat.format(datetime.getTime())); text = text.replaceAll("#TIME#", timeformat.format(datetime.getTime())); @@ -495,7 +497,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion String gebDat, List<ExtendedSAMLAttribute> extendedSAMLAttributes, AuthenticationSession session, - OAAuthParameter oaParam) + IOAAuthParameters oaParam) throws BuildException { session.setSAMLAttributeGebeORwbpk(true); @@ -536,7 +538,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion if (MiscUtil.isEmpty(text)) text=""; String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE, - new Object[] { generateSpecialText(text, issuer, issueInstant) }); + new Object[] { generateSpecialText(text, issuer, gebDat, issueInstant) }); //generate unique AuthBlock tokken String uniquetokken = Random.nextRandom(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 531303300..ba4440bf8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -224,7 +225,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB * @throws BuildException if an error occurs during the build process */ public String build( - AuthenticationData authData, + SAML1AuthenticationData authData, String xmlPersonData, String xmlAuthBlock, String xmlIdentityLink, @@ -238,6 +239,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB { String isQualifiedCertificate = authData.isQualifiedCertificate() ? "true" : "false"; + String publicAuthorityAttribute = ""; if (authData.isPublicAuthority()) { String publicAuthorityIdentification = authData.getPublicAuthorityCode(); @@ -344,7 +346,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB * @throws BuildException if an error occurs during the build process */ public String buildMandate( - AuthenticationData authData, + SAML1AuthenticationData authData, String xmlPersonData, String xmlMandateData, String xmlAuthBlock, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java new file mode 100644 index 000000000..792b6cdd7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -0,0 +1,628 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.builder; + +import iaik.x509.X509Certificate; + +import java.io.IOException; +import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; + +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; + +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; +import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Response; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.SecurityException; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import eu.stork.peps.auth.commons.PersonalAttribute; +import eu.stork.peps.auth.commons.PersonalAttributeList; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1RequestImpl; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * @author tlenz + * + */ +public class AuthenticationDataBuilder implements MOAIDAuthConstants { + + public static IAuthData buildAuthenticationData(IRequest protocolRequest, + AuthenticationSession session, List<Attribute> reqAttributes) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { + + + String oaID = protocolRequest.getOAURL(); + if (oaID == null) { + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + } + + // check parameter + if (!ParamValidatorUtils.isValidOA(oaID)) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + AuthenticationData authdata = null; + + if (protocolRequest instanceof SAML1RequestImpl) { + //request is SAML1 + SAML1AuthenticationData saml1authdata = new SAML1AuthenticationData(); + saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA()); + + authdata = saml1authdata; + + } else { + authdata = new AuthenticationData(); + + } + + //reuse some parameters if it is a reauthentication + OASessionStore activeOA = AuthenticationSessionStoreage.searchActiveOASSOSession(session, oaID, protocolRequest.requestedModule()); + if (activeOA != null) { + authdata.setSessionIndex(activeOA.getAssertionSessionID()); + authdata.setNameID(activeOA.getUserNameID()); + authdata.setNameIDFormat(activeOA.getUserNameIDFormat()); + + //mark AttributeQuery as used + if ( protocolRequest instanceof PVPTargetConfiguration && + ((PVPTargetConfiguration) protocolRequest).getRequest() instanceof MOARequest && + ((PVPTargetConfiguration) protocolRequest).getRequest().getInboundMessage() instanceof AttributeQuery) { + try { + activeOA.setAttributeQueryUsed(true); + MOASessionDBUtils.saveOrUpdate(activeOA); + + } catch (MOADatabaseException e) { + Logger.error("MOASession interfederation information can not stored to database.", e); + + } + } + + } + + InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session); + + IOAAuthParameters oaParam = null; + if (reqAttributes == null) { + //get OnlineApplication from MOA-ID-Auth configuration + oaParam = AuthConfigurationProvider.getInstance() + .getOnlineApplicationParameter(oaID); + + } else { + //build OnlineApplication dynamic from requested attributes + oaParam = DynamicOAAuthParameterBuilder.buildFromAttributeQuery(reqAttributes, interfIDP); + + } + + if (interfIDP != null ) { + //IDP is a chained interfederated IDP and Authentication is requested + if (oaParam.isInderfederationIDP() && protocolRequest instanceof PVPTargetConfiguration && + !(((PVPTargetConfiguration)protocolRequest).getRequest() instanceof AttributeQuery)) { + //only set minimal response attributes + authdata.setQAALevel(interfIDP.getQAALevel()); + authdata.setBPK(interfIDP.getUserNameID()); + + } else { + //get attributes from interfederated IDP + OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + getAuthDataFromInterfederation(authdata, session, oaParam, protocolRequest, interfIDP, idp, reqAttributes); + + //mark attribute request as used + try { + if (idp.isInterfederationSSOStorageAllowed()) { + interfIDP.setAttributesRequested(true); + MOASessionDBUtils.saveOrUpdate(interfIDP); + + } else { + MOASessionDBUtils.delete(interfIDP); + } + + } catch (MOADatabaseException e) { + Logger.error("MOASession interfederation information can not stored to database.", e); + + } + } + + } else { + //build AuthenticationData from MOASession + buildAuthDataFormMOASession(authdata, session, oaParam); + + } + + return authdata; + } + + /** + * @param req + * @param session + * @param reqAttributes + * @return + * @throws WrongParametersException + * @throws ConfigurationException + * @throws BuildException + * @throws DynamicOABuildException + */ + public static IAuthData buildAuthenticationData(IRequest req, + AuthenticationSession session) throws WrongParametersException, ConfigurationException, BuildException, DynamicOABuildException { + return buildAuthenticationData(req, session, null); + } + + /** + * @param authdata + * @param session + * @param oaParam + * @param protocolRequest + * @param interfIDP + * @param idp + * @param reqQueryAttr + * @throws ConfigurationException + */ + private static void getAuthDataFromInterfederation( + AuthenticationData authdata, AuthenticationSession session, + IOAAuthParameters oaParam, IRequest req, + InterfederationSessionStore interfIDP, OAAuthParameter idp, List<Attribute> reqQueryAttr) throws BuildException, ConfigurationException{ + + try { + List<Attribute> attributs = null; + + //IDP is a chained interfederated IDP and request is of type AttributQuery + if (oaParam.isInderfederationIDP() && req instanceof PVPTargetConfiguration && + (((PVPTargetConfiguration)req).getRequest() instanceof AttributeQuery) && + reqQueryAttr != null) { + attributs = reqQueryAttr; + + //IDP is a service provider IDP and request interfederated IDP to collect attributes + } else { + + //TODO: check if response include attributes and map this attributes to requested attributes + + //get PVP 2.1 attributes from protocol specific requested attributes + attributs = req.getRequestedAttributes(); + + } + + //collect attributes by using BackChannel communication + String endpoint = idp.getIDPAttributQueryServiceURL(); + if (MiscUtil.isEmpty(endpoint)) { + Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix()); + throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null); + } + + //build attributQuery request + AttributeQuery query = + AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs); + + //build SOAP request + List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query); + + if (xmlObjects.size() == 0) { + Logger.error("Receive emptry AttributeQuery response-body."); + throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null); + + } + + if (xmlObjects.get(0) instanceof Response) { + Response intfResp = (Response) xmlObjects.get(0); + + //validate PVP 2.1 response + try { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + + SAMLVerificationEngine.validateAssertion(intfResp, false); + + } catch (Exception e) { + Logger.warn("PVP 2.1 assertion validation FAILED.", e); + throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e); + } + + //parse response information to authData + buildAuthDataFormInterfederationResponse(authdata, session, intfResp); + + } else { + Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response"); + throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null); + + } + + } catch (SOAPException e) { + throw new BuildException("builder.06", null, e); + + } catch (SecurityException e) { + throw new BuildException("builder.06", null, e); + + } catch (AttributQueryException e) { + throw new BuildException("builder.06", null, e); + + } catch (BuildException e) { + throw new BuildException("builder.06", null, e); + + } catch (AssertionValidationExeption e) { + throw new BuildException("builder.06", null, e); + + } catch (AssertionAttributeExtractorExeption e) { + throw new BuildException("builder.06", null, e); + + } + } + + private static void buildAuthDataFormInterfederationResponse(AuthenticationData authData, AuthenticationSession session, + Response intfResp) throws BuildException, AssertionAttributeExtractorExeption { + + Logger.debug("Build AuthData from assertion starts ...."); + + Assertion assertion = intfResp.getAssertions().get(0); + + if (assertion.getAttributeStatements().size() == 0) { + Logger.warn("Can not build AuthData from Assertion. NO Attributes included."); + throw new AssertionAttributeExtractorExeption("Can not build AuthData from Assertion. NO Attributes included.", null); + + } + + AttributeStatement attrStat = assertion.getAttributeStatements().get(0); + for (Attribute attr : attrStat.getAttributes()) { + + if (attr.getName().equals(PVPConstants.PRINCIPAL_NAME_NAME)) + authData.setFamilyName(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.GIVEN_NAME_NAME)) + authData.setGivenName(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.BIRTHDATE_NAME)) + authData.setDateOfBirth(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.BPK_NAME)) { + String pvpbPK = attr.getAttributeValues().get(0).getDOM().getTextContent(); + authData.setBPK(pvpbPK.split(":")[1]); + } + + if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) + authData.setBPKType(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) + authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX + + attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_ISSUING_NATION_NAME)) + authData.setCcc(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_CCS_URL_NAME)) + authData.setBkuURL(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_AUTH_BLOCK_NAME)) { + try { + byte[] authBlock = Base64Utils.decode(attr.getAttributeValues().get(0).getDOM().getTextContent(), false); + authData.setAuthBlock(new String(authBlock, "UTF-8")); + + } catch (IOException e) { + Logger.error("Received AuthBlock is not valid", e); + + } + } + + if (attr.getName().equals(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) { + try { + authData.setSignerCertificate(Base64Utils.decode( + attr.getAttributeValues().get(0).getDOM().getTextContent(), false)); + + } catch (IOException e) { + Logger.error("Received SignerCertificate is not valid", e); + + } + } + + if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_NAME)) + authData.setIdentificationValue(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_TYPE_NAME)) + authData.setIdentificationType(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + if (attr.getName().equals(PVPConstants.EID_IDENTITY_LINK_NAME)) { + try { + InputStream idlStream = Base64Utils.decodeToStream(attr.getAttributeValues().get(0).getDOM().getTextContent(), false); + IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink(); + authData.setIdentityLink(idl); + + } catch (ParseException e) { + Logger.error("Received IdentityLink is not valid", e); + + } catch (Exception e) { + Logger.error("Received IdentityLink is not valid", e); + + } + } + + if (attr.getName().equals(PVPConstants.MANDATE_REFERENCE_VALUE_NAME)) + authData.setMandateReferenceValue(attr.getAttributeValues().get(0).getDOM().getTextContent()); + + + if (attr.getName().equals(PVPConstants.MANDATE_FULL_MANDATE_NAME)) { + try { + byte[] mandate = Base64Utils.decode( + attr.getAttributeValues().get(0).getDOM().getTextContent(), false); + + if (authData.getMISMandate() == null) + authData.setMISMandate(new MISMandate()); + authData.getMISMandate().setMandate(mandate); + + authData.setUseMandate(true); + + } catch (Exception e) { + Logger.error("Received Mandate is not valid", e); + throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME); + + } + } + + if (attr.getName().equals(PVPConstants.MANDATE_PROF_REP_OID_NAME)) { + if (authData.getMISMandate() == null) + authData.setMISMandate(new MISMandate()); + authData.getMISMandate().setProfRep( + attr.getAttributeValues().get(0).getDOM().getTextContent()); + + } + + if (attr.getName().equals(PVPConstants.EID_STORK_TOKEN_NAME)) { + authData.setStorkAuthnResponse(attr.getAttributeValues().get(0).getDOM().getTextContent()); + authData.setForeigner(true); + } + + if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { + + if (authData.getStorkAttributes() == null) + authData.setStorkAttributes(new PersonalAttributeList()); + + List<String> storkAttrValues = new ArrayList<String>(); + storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent()); + PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), + false, storkAttrValues , "Available"); + authData.getStorkAttributes().put(attr.getName(), storkAttr ); + authData.setForeigner(true); + } + + } + + authData.setSsoSession(true); + + //only for SAML1 + if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel())) + authData.setQualifiedCertificate(true); + else + authData.setQualifiedCertificate(false); + authData.setPublicAuthority(false); + } + + private static void buildAuthDataFormMOASession(AuthenticationData authData, AuthenticationSession session, + IOAAuthParameters oaParam) throws BuildException { + + String target = oaParam.getTarget(); + + IdentityLink identityLink = session.getIdentityLink(); + + VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse(); + + boolean businessService = oaParam.getBusinessService(); + + authData.setIssuer(session.getAuthURL()); + + //baseID or wbpk in case of BusinessService without SSO or BusinessService SSO + authData.setIdentificationValue(identityLink.getIdentificationValue()); + authData.setIdentificationType(identityLink.getIdentificationType()); + + authData.setGivenName(identityLink.getGivenName()); + authData.setFamilyName(identityLink.getFamilyName()); + authData.setDateOfBirth(identityLink.getDateOfBirth()); + authData.setQualifiedCertificate(verifyXMLSigResp + .isQualifiedCertificate()); + authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); + authData.setPublicAuthorityCode(verifyXMLSigResp + .getPublicAuthorityCode()); + authData.setBkuURL(session.getBkuURL()); + + authData.setStorkAttributes(session.getStorkAttributes()); + authData.setStorkAuthnResponse(session.getStorkAuthnResponse()); + authData.setStorkRequest(session.getStorkAuthnRequest()); + + authData.setSignerCertificate(session.getEncodedSignerCertificate()); + authData.setAuthBlock(session.getAuthBlock()); + + authData.setForeigner(session.isForeigner()); + authData.setQAALevel(session.getQAALevel()); + + if (session.isForeigner()) { + if (authData.getStorkAuthnRequest() != null) { + authData.setCcc(authData.getStorkAuthnRequest() + .getCitizenCountryCode()); + + } else { + + try { + //TODO: replace with TSL lookup when TSL is ready! + X509Certificate certificate = new X509Certificate(authData.getSignerCertificate()); + + if (certificate != null) { + + LdapName ln = new LdapName(certificate.getIssuerDN() + .getName()); + for (Rdn rdn : ln.getRdns()) { + if (rdn.getType().equalsIgnoreCase("C")) { + Logger.info("C is: " + rdn.getValue()); + authData.setCcc(rdn.getValue().toString()); + break; + } + } + } + + } catch (Exception e) { + Logger.error("Failed to extract country code from certificate", e); + + } + } + + } else { + authData.setCcc("AT"); + + } + + try { + + authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID())); + + + /* TODO: Support SSO Mandate MODE! + * Insert functionality to translate mandates in case of SSO + */ + + + MISMandate mandate = session.getMISMandate(); + authData.setMISMandate(mandate); + authData.setUseMandate(session.getUseMandate()); + authData.setMandateReferenceValue(session.getMandateReferenceValue()); + + if (session.getUseMandate() && session.isOW() + && mandate != null && MiscUtil.isNotEmpty(mandate.getOWbPK())) { + authData.setBPK(mandate.getOWbPK()); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW"); + + //TODO: check in case of mandates for business services + authData.setIdentityLink(identityLink); + Logger.trace("Authenticated User is OW: " + mandate.getOWbPK()); + + } else { + + if (businessService) { + //since we have foreigner, wbPK is not calculated in BKU + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + + String registerAndOrdNr = oaParam.getIdentityLinkDomainIdentifier(); + + if (registerAndOrdNr.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) { + // If domainIdentifier starts with prefix + // "urn:publicid:gv.at:wbpk+"; remove this prefix + registerAndOrdNr = registerAndOrdNr + .substring(AuthenticationSession.REGISTERANDORDNR_PREFIX_.length()); + Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + + registerAndOrdNr); + } + + String wbpkBase64 = new BPKBuilder().buildWBPK(identityLink.getIdentificationValue(), registerAndOrdNr); + authData.setBPK(wbpkBase64); + authData.setBPKType(Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr); + + } else { + authData.setBPK(identityLink.getIdentificationValue()); + authData.setBPKType(identityLink.getIdentificationType()); + + } + + Logger.trace("Authenticate user with wbPK " + authData.getBPK()); + + Element idlassertion = session.getIdentityLink().getSamlAssertion(); + //set bpk/wpbk; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + prIdentification.getFirstChild().setNodeValue(authData.getBPK()); + //set bkp/wpbk type + Node prIdentificationType = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_TYPE_XPATH); + prIdentificationType.getFirstChild().setNodeValue(authData.getBPKType()); + + IdentityLinkAssertionParser idlparser = new IdentityLinkAssertionParser(idlassertion); + IdentityLink idl = idlparser.parseIdentityLink(); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion; + resignedilAssertion = identitylinkresigner.resignIdentityLink(idl.getSamlAssertion()); + IdentityLinkAssertionParser resignedIDLParser = new IdentityLinkAssertionParser(resignedilAssertion); + IdentityLink resignedIDL = resignedIDLParser.parseIdentityLink(); + + authData.setIdentityLink(resignedIDL); + + } else { + + if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) { + // only compute bPK if online application is a public service and we have the Stammzahl + String bpkBase64 = new BPKBuilder().buildBPK(identityLink.getIdentificationValue(), target); + authData.setBPK(bpkBase64); + authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget()); + } + + Logger.trace("Authenticate user with bPK " + authData.getBPK()); + + authData.setIdentityLink(identityLink); + } + } + + + } catch (Throwable ex) { + throw new BuildException("builder.00", new Object[]{ + "AuthenticationData", ex.toString()}, ex); + } + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java new file mode 100644 index 000000000..132b6af01 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DynamicOAAuthParameterBuilder.java @@ -0,0 +1,109 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.builder; + +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.auth.exception.DynamicOABuildException; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * @author tlenz + * + */ +public class DynamicOAAuthParameterBuilder { + + public static IOAAuthParameters buildFromAttributeQuery(List<Attribute> reqAttributes, InterfederationSessionStore interfIDP) throws DynamicOABuildException { + + Logger.debug("Build dynamic OAConfiguration from AttributeQuery and interfederation information"); + + try { + DynamicOAAuthParameters dynamicOA = new DynamicOAAuthParameters(); + + for (Attribute attr : reqAttributes) { + //get Target or BusinessService from request + if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + String attrValue = attr.getAttributeValues().get(0).getDOM().getTextContent(); + if (attrValue.startsWith(Constants.URN_PREFIX_CDID)) { + dynamicOA.setBusinessService(false); + dynamicOA.setTarget(attrValue.substring((Constants.URN_PREFIX_CDID + "+").length())); + + } else if( attrValue.startsWith(Constants.URN_PREFIX_WBPK) || + attrValue.startsWith(Constants.URN_PREFIX_STORK) ) { + dynamicOA.setBusinessService(true); + dynamicOA.setTarget(attrValue); + + } else { + Logger.error("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea"); + throw new DynamicOABuildException("Sector identification " + attrValue + " is not a valid Target or BusinessServiceArea", null); + + } + + } + + } + + if (interfIDP != null) { + //load interfederated IDP informations + OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(interfIDP.getIdpurlprefix()); + if (idp == null) { + Logger.warn("Interfederated IDP configuration is not loadable."); + throw new DynamicOABuildException("Interfederated IDP configuration is not loadable.", null); + + } + + dynamicOA.setApplicationID(idp.getPublicURLPrefix()); + dynamicOA.setInderfederatedIDP(idp.isInderfederationIDP()); + dynamicOA.setIDPQueryURL(idp.getIDPAttributQueryServiceURL()); + + //check if IDP service area policy. BusinessService IDPs can only request wbPKs + if (!dynamicOA.getBusinessService() && !idp.isIDPPublicService()) { + Logger.error("Interfederated IDP " + idp.getPublicURLPrefix() + + " has a BusinessService-IDP but requests PublicService attributes."); + throw new DynamicOABuildException("Interfederated IDP " + idp.getPublicURLPrefix() + + " has a BusinessService-IDP but requests PublicService attributes.", null); + + } + } + + return dynamicOA; + + } catch (ConfigurationException e) { + Logger.warn("Internel server errror. Basic configuration load failed.", e); + throw new DynamicOABuildException("Basic configuration load failed.", null); + } + + + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index ab93f509c..dc981ba33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -52,7 +52,7 @@ import java.io.StringWriter; import java.util.Map; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.util.FormBuildUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -153,7 +153,7 @@ public class GetIdentityLinkFormBuilder extends Builder { String dataURL, String certInfoXMLRequest, String certInfoDataURL, - String pushInfobox, OAAuthParameter oaParam, + String pushInfobox, IOAAuthParameters oaParam, String appletheigth, String appletwidth) throws BuildException diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java index 4d80be1e8..54196427e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol; import at.gv.egovernment.moa.id.util.FormBuildUtils; @@ -105,9 +106,9 @@ public class LoginFormBuilder { IOUtils.copy(input, writer); template = writer.toString(); template = template.replace(AUTH_URL, SERVLET); - template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU); - template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU); - template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU); + template = template.replace(BKU_ONLINE, IOAAuthParameters.ONLINEBKU); + template = template.replace(BKU_HANDY, IOAAuthParameters.HANDYBKU); + template = template.replace(BKU_LOCAL, IOAAuthParameters.LOCALBKU); } catch (Exception e) { Logger.error("Failed to read template", e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 4bae0300b..c5ba49b2e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -203,10 +203,10 @@ public class AuthenticationSession implements Serializable { */ private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH; - /** - * If infobox validators are needed after signing, they can be stored in this list. - */ - private List infoboxValidators; +// /** +// * If infobox validators are needed after signing, they can be stored in this list. +// */ +// private List infoboxValidators; /** * The register and number in the register parameter in case of a business service application. @@ -347,7 +347,7 @@ public class AuthenticationSession implements Serializable { public AuthenticationSession(String id) { sessionID = id; // setTimestampStart(); - infoboxValidators = new ArrayList(); +// infoboxValidators = new ArrayList(); } public X509Certificate getSignerCertificate() { @@ -712,15 +712,15 @@ public class AuthenticationSession implements Serializable { this.issueInstant = issueInstant; } - /** - * Returns the iterator to the stored infobox validators. - * - * @return Iterator - */ - public Iterator getInfoboxValidatorIterator() { - if (infoboxValidators == null) return null; - return infoboxValidators.iterator(); - } +// /** +// * Returns the iterator to the stored infobox validators. +// * +// * @return Iterator +// */ +// public Iterator getInfoboxValidatorIterator() { +// if (infoboxValidators == null) return null; +// return infoboxValidators.iterator(); +// } // /** // * Adds an infobox validator class to the stored infobox validators. @@ -744,23 +744,23 @@ public class AuthenticationSession implements Serializable { // return infoboxValidators.iterator(); // } - /** - * Tests for pending input events of the infobox validators. - * - * @return true if a validator has a form to show - */ - public boolean isValidatorInputPending() { - boolean result = false; - Iterator iter = getInfoboxValidatorIterator(); - if (iter != null) { - while (!result && iter.hasNext()) { - Vector infoboxValidatorVector = (Vector) iter.next(); - InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); - if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true; - } - } - return result; - } +// /** +// * Tests for pending input events of the infobox validators. +// * +// * @return true if a validator has a form to show +// */ +// public boolean isValidatorInputPending() { +// boolean result = false; +// Iterator iter = getInfoboxValidatorIterator(); +// if (iter != null) { +// while (!result && iter.hasNext()) { +// Vector infoboxValidatorVector = (Vector) iter.next(); +// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2); +// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true; +// } +// } +// return result; +// } // /** // * Returns the first pending infobox validator. @@ -956,20 +956,7 @@ public class AuthenticationSession implements Serializable { public void setMISMandate(MISMandate mandate) { this.mandate = mandate; } - - public Element getMandate() { - try { - byte[] byteMandate = mandate.getMandate(); - String stringMandate = new String(byteMandate); - return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); - - } - catch (Throwable e) { - Logger.warn("Mandate content could not be generated from MISMandate."); - return null; - } - } - + /** * @return the ssoRequested */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java index f1d3b078e..9c2960c4c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java @@ -29,16 +29,6 @@ public class BKUException extends MOAIDException { private String bkuErrorCode; private String bkuErrorMessage; - public BKUException(String messageId, Object[] parameters) { - super(messageId, parameters); - - } - - - public BKUException(String messageId, Object[] parameters, Throwable wrapped) { - super(messageId, parameters, wrapped); - } - public BKUException(String messageId, Object[] parameters, String bkuErrorCode, String bkuErrorMessage) { super(messageId, parameters); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java new file mode 100644 index 000000000..554cf7370 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DynamicOABuildException.java @@ -0,0 +1,40 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class DynamicOABuildException extends MOAIDException { + + + private static final long serialVersionUID = 3756862942519706809L; + + + public DynamicOABuildException(String messageId, Object[] parameters) { + super(messageId, parameters); + // TODO Auto-generated constructor stub + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java new file mode 100644 index 000000000..4f68bbac0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/InvalidProtocolRequestException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.exception; + +/** + * @author tlenz + * + */ +public class InvalidProtocolRequestException extends MOAIDException { + + /** + * + */ + private static final long serialVersionUID = -7866198705324084601L; + + /** + * @param messageId + * @param parameters + */ + public InvalidProtocolRequestException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java index e26ab6597..c80cbea26 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java @@ -46,6 +46,7 @@ package at.gv.egovernment.moa.id.auth.exception;
+
public class MISSimpleClientException extends MOAIDException {
private static final long serialVersionUID = 1L;
@@ -59,22 +60,16 @@ public class MISSimpleClientException extends MOAIDException { public MISSimpleClientException(String message) {
super(message, null);
- this.misErrorMessage = message;
}
public MISSimpleClientException(String message, String code, String text) {
- super(message, null);
+ super(message, new Object[] { code , text });
this.misErrorMessage = text;
this.misErrorCode = code;
}
- public MISSimpleClientException(Throwable cause) {
- super("UNDEFINED ERROR", null, cause);
- }
-
public MISSimpleClientException(String message, Throwable cause) {
super(message, null, cause);
- this.misErrorMessage = message;
}
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java index ab4a91df9..e2802c1d2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java @@ -241,7 +241,7 @@ public class IdentityLinkAssertionParser { * @param xmlAssertion <code><saml:Assertion></code> as InputStream * @throws ParseException on any parsing error */ - public IdentityLinkAssertionParser(InputStream xmlAssertion) throws Exception { + public IdentityLinkAssertionParser(InputStream xmlAssertion) throws ParseException { try { assertionElem = DOMUtils.parseXmlValidating(xmlAssertion); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java index f6cd2b776..175aeeab7 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java @@ -75,6 +75,7 @@ import org.apache.commons.fileupload.servlet.ServletFileUpload; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet; @@ -193,6 +194,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants { req.setAttribute("LogLevel", "debug"); } + if (!(exceptionThrown instanceof MOAIDException)) { + Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown); + + } + IExceptionStore store = DBExceptionStoreImpl.getStore(); String id = store.storeException(exceptionThrown); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java index 17dd9e343..f11489dd2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java @@ -208,7 +208,8 @@ public class GetForeignIDServlet extends AuthServlet { if (null != response.getErrorResponse()){ // TODO fix exception parameter
- throw new SZRGWClientException(response.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException("service.08", (String)response.getErrorResponse().getErrorCode(),
+ (String)response.getErrorResponse().getInfo());
}
else {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(response.getIdentityLink()));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java index a776bbe9a..9e2e845b5 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java @@ -65,7 +65,6 @@ import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; @@ -190,13 +189,9 @@ public class GetMISSessionIDServlet extends AuthServlet { List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest( connectionParameters.getUrl(), misSessionID, sslFactory); - if (list == null) { + if (list == null || list.size() == 0) { Logger.error("Keine Vollmacht gefunden."); - throw new MISSimpleClientException("Keine Vollmacht gefunden"); - } - if (list.size() == 0) { - Logger.error("Keine Vollmacht gefunden."); - throw new MISSimpleClientException("Keine Vollmacht gefunden"); + throw new AuthenticationException("auth.15", null); } // for now: list contains only one element @@ -205,7 +200,7 @@ public class GetMISSessionIDServlet extends AuthServlet { String sMandate = new String(mandate.getMandate()); if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) { Logger.error("Mandate is empty."); - throw new AuthenticationException("auth.16", + throw new AuthenticationException("auth.15", new Object[] { GET_MIS_SESSIONID }); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java index fc4ec305d..9b300578a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java @@ -53,7 +53,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; @@ -62,7 +61,6 @@ import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.RequestStorage; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -101,13 +99,13 @@ public class LogOutServlet extends AuthServlet { } - if (ssomanager.isValidSSOSession(ssoid, req)) { + if (ssomanager.isValidSSOSession(ssoid, null)) { //TODO: Single LogOut Implementation //delete SSO session and MOA session AuthenticationManager authmanager = AuthenticationManager.getInstance(); - String moasessionid = AuthenticationSessionStoreage.getMOASessionID(ssoid); + String moasessionid = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid); RequestStorage.removePendingRequest(AuthenticationSessionStoreage.getPendingRequestID(moasessionid)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java index 00acdc540..57755ca9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java @@ -33,6 +33,7 @@ import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -53,8 +54,10 @@ public class RedirectServlet extends AuthServlet{ String url = req.getParameter(REDIRCT_PARAM_URL); String target = req.getParameter(PARAM_TARGET); String artifact = req.getParameter(PARAM_SAMLARTIFACT); + String interIDP = req.getParameter(INTERFEDERATION_IDP); - if (MiscUtil.isEmpty(artifact)) { + + if (MiscUtil.isEmpty(artifact) && MiscUtil.isEmpty(interIDP)) { resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; } @@ -68,14 +71,57 @@ public class RedirectServlet extends AuthServlet{ resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); return; - } else { - try { - String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); - if (MiscUtil.isNotEmpty(test)) - redirectTarget = test; + } else { + //Redirect is a SAML1 send Artifact redirct + if (MiscUtil.isNotEmpty(artifact)) { + try { + String test = oa.getAuthComponentOA().getTemplates().getBKUSelectionCustomization().getAppletRedirectTarget(); + if (MiscUtil.isNotEmpty(test)) + redirectTarget = test; + + } catch (Exception e) { + Logger.debug("Use default redirectTarget."); + } + + Logger.info("Redirect to " + url); + + if (MiscUtil.isNotEmpty(target)) { +// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, +// URLEncoder.encode(session.getTarget(), "UTF-8")); + url = addURLParameter(url, PARAM_TARGET, + URLEncoder.encode(target, "UTF-8")); + + + } + url = addURLParameter(url, PARAM_SAMLARTIFACT, + URLEncoder.encode(artifact, "UTF-8")); + url = resp.encodeRedirectURL(url); + + String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget); + + resp.setContentType("text/html;charset=UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + PrintWriter out = new PrintWriter(resp.getOutputStream()); + out.write(redirect_form); + out.flush(); + + } else if (MiscUtil.isNotEmpty(interIDP)) { + //store IDP identifier and redirect to generate AuthRequst service + Logger.info("Receive an interfederation redirect request for IDP " + interIDP); + SSOManager sso = SSOManager.getInstance(); + sso.setInterfederationIDPCookie(req, resp, interIDP); + + Logger.debug("Redirect to " + url); + url = resp.encodeRedirectURL(url); + resp.setContentType("text/html"); + resp.setStatus(HttpServletResponse.SC_FOUND); + resp.addHeader("Location", url); + + + } else { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "Parameters not valid"); + return; - } catch (Exception e) { - Logger.debug("Use default redirectTarget."); } } @@ -88,29 +134,6 @@ public class RedirectServlet extends AuthServlet{ ConfigurationDBUtils.closeSession(); } - - Logger.info("Redirect to " + url); - - if (MiscUtil.isNotEmpty(target)) { -// redirectURL = addURLParameter(redirectURL, PARAM_TARGET, -// URLEncoder.encode(session.getTarget(), "UTF-8")); - url = addURLParameter(url, PARAM_TARGET, - URLEncoder.encode(target, "UTF-8")); - - - } - url = addURLParameter(url, PARAM_SAMLARTIFACT, - URLEncoder.encode(artifact, "UTF-8")); - url = resp.encodeRedirectURL(url); - - String redirect_form = RedirectFormBuilder.buildLoginForm(url, redirectTarget); - - resp.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(resp.getOutputStream()); - out.write(redirect_form); - out.flush(); - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java index 997241822..495c4ca5b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java @@ -108,7 +108,7 @@ public class SSOSendAssertionServlet extends AuthServlet{ } } - boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); + boolean isValidSSOSession = ssomanager.isValidSSOSession(ssoId, null); String moaSessionID = null; @@ -124,7 +124,7 @@ public class SSOSendAssertionServlet extends AuthServlet{ } if (valueString.compareToIgnoreCase("true") == 0) { - moaSessionID = AuthenticationSessionStoreage.getMOASessionID(ssoId); + moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoId); AuthenticationSession moasession = AuthenticationSessionStoreage.getSession(moaSessionID); AuthenticationSessionStoreage.setAuthenticated(moaSessionID, true); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index 787dc6f10..98edf1fe4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -227,7 +227,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { if (profiles == null) { Logger.error("No Mandate/Profile for OA configured."); - throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); + throw new AuthenticationException("config.21", new Object[] { GET_MIS_SESSIONID}); } // String profilesArray[] = profiles.split(","); @@ -238,6 +238,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { String oaFriendlyName = oaParam.getFriendlyName(); String mandateReferenceValue = session.getMandateReferenceValue(); byte[] cert = session.getEncodedSignerCertificate(); + byte[] authBlock = session.getAuthBlock().getBytes(); //TODO: check in case of SSO!!! String targetType = null; @@ -252,7 +253,17 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); } - MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profiles, targetType, sslFactory); + MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( + connectionParameters.getUrl(), + idl, + cert, + oaFriendlyName, + redirectURL, + mandateReferenceValue, + profiles, + targetType, + authBlock, + sslFactory); if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); @@ -323,78 +334,5 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet { } } - - /** - * Calls the MIS Service - * @param session - * @throws IOException - */ -// private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException { -// -// try { -// AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); -// ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter(); -// SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); -// -// // get identitity link as byte[] -// Element elem = session.getIdentityLink().getSamlAssertion(); -// String s = DOMUtils.serializeNode(elem); -// -// System.out.println("IDL: " + s); -// -// byte[] idl = s.getBytes(); -// -// // redirect url -// // build redirect(to the GetMISSessionIdSerlvet) -// String redirectURL = -// new DataURLBuilder().buildDataURL( -// session.getAuthURL(), -// GET_MIS_SESSIONID, -// session.getSessionID()); -// -// String oaURL = session.getOAURLRequested(); -// OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); -// String profiles = oaParam.getMandateProfiles(); -// -// if (profiles == null) { -// Logger.error("No Mandate/Profile for OA configured."); -// throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); -// } -// -// String profilesArray[] = profiles.split(","); -// for(int i = 0; i < profilesArray.length; i++) { -// profilesArray[i] = profilesArray[i].trim(); -// } -// -// String oaFriendlyName = oaParam.getFriendlyName(); -// String mandateReferenceValue = session.getMandateReferenceValue(); -// X509Certificate cert = session.getSignerCertificate(); -// MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); -// String redirectMISGUI = misSessionID.getRedirectURL(); -// -// if (misSessionID == null) { -// Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); -// throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); -// } -// -// session.setMISSessionID(misSessionID.getSessiondId()); -// -// resp.setStatus(302); -// resp.addHeader("Location", redirectMISGUI); -// Logger.debug("REDIRECT TO: " + redirectURL); -// } -// catch (MOAIDException ex) { -// handleError(null, ex, req, resp); -// } catch (GeneralSecurityException ex) { -// handleError(null, ex, req, resp); -// } catch (PKIException e) { -// handleError(null, e, req, resp); -// } catch (MISSimpleClientException e) { -// handleError(null, e, req, resp); -// } catch (TransformerException e) { -// handleError(null, e, req, resp); -// } -// } - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java index c3b45f165..2c8b44404 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java @@ -53,6 +53,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
@@ -124,8 +125,9 @@ public class STORKResponseProcessor { * @param filters the filters
* @return Identity Link
* @throws STORKException the sTORK exception
+ * @throws MOAIDException
*/
- public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException, MOAIDException {
Logger.trace("Calling SZR Gateway with the following attributes:");
CreateIdentityLinkResponse identityLinkResponse = null;
@@ -209,8 +211,8 @@ public class STORKResponseProcessor { }
if (null != identityLinkResponse.getErrorResponse()){
- // TODO fix exception parameter
- throw new SZRGWClientException(identityLinkResponse.getErrorResponse().getErrorCode().toString(), null);
+ throw new SZRGWClientException("service.08", (String)identityLinkResponse.getErrorResponse().getErrorCode(),
+ (String)identityLinkResponse.getErrorResponse().getInfo());
}
else {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(identityLinkResponse.getIdentityLink()));
@@ -223,19 +225,13 @@ public class STORKResponseProcessor { // }
}
- } catch (SZRGWClientException e) {
- Logger.error("Error connecting SZR-Gateway: ", e);
- throw new STORKException("Error connecting SZR-Gateway: ", e);
+
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
- throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
- } catch(STORKException e) {
- throw e;
- } catch (Exception e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- }
-
+ throw new MOAIDException("auth.25", null, e);
+
+ }
+
return identityLink;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index b2c47fac0..762d9af2c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -299,7 +299,7 @@ public class CreateXMLSignatureResponseValidator { } - String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant); if (!samlSpecialText.equals(specialText)) { throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); } @@ -528,7 +528,7 @@ public class CreateXMLSignatureResponseValidator { } - String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, issueInstant); + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, issuer, identityLink.getDateOfBirth(), issueInstant); if (!samlSpecialText.equals(specialText)) { throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index b69fdd9ab..4fd7fa965 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -229,10 +229,17 @@ public class VerifyXMLSignatureResponseValidator { if(ecdsakey.equals(ecdsaPubKeySignature)) found = true; } + +// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName() +// + " Resp-Pubkey=" + pubKeySignature.getClass().getName()); + } - if (!found) + if (!found) { + throw new ValidateException("validator.09", null); + + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 5483b865e..0e2251f21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -113,27 +113,27 @@ public class ParepUtils { }
}
- /*
- *
- */
- public static String extractRepresentativeID(Element mandate) throws ValidateException {
- try {
- Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
- Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
- if (resultNode != null) {
- // because following line is not ready for JDK 1.4.x we need to get the childnode;
- // return resultNode.getTextContent();
- Node textNode = resultNode.getFirstChild();
- if (textNode != null) {
- return textNode.getNodeValue();
- }
- }
- return null;
- } catch (Exception e) {
- throw new ValidateException("validator.62", null);
- }
- }
+// /*
+// *
+// */
+// public static String extractRepresentativeID(Element mandate) throws ValidateException {
+// try {
+// Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+// Node resultNode = XPathAPI.selectSingleNode(mandate, "//md:Mandate/attribute::MandateID", nameSpaceNode);
+// if (resultNode != null) {
+// // because following line is not ready for JDK 1.4.x we need to get the childnode;
+// // return resultNode.getTextContent();
+// Node textNode = resultNode.getFirstChild();
+// if (textNode != null) {
+// return textNode.getNodeValue();
+// }
+// }
+// return null;
+// } catch (Exception e) {
+// throw new ValidateException("validator.62", null);
+// }
+// }
/**
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java index a9f41819d..c675885c9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java @@ -69,7 +69,7 @@ public class SZRGWClient { if (serviceUrl.toLowerCase().startsWith("https")) { Logger.trace("Using ssl for SZRGW client request."); if (sslContext == null) { - throw new SZRGWClientException("SSL context from configuration is empty. Please configure an SSL context in the configuration first.", null); + throw new SZRGWClientException(); } requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext); @@ -95,7 +95,7 @@ public class SZRGWClient { } catch (Exception e) { Logger.warn("SZRGW Client initialization FAILED.", e); - throw new SZRGWClientException("SZRGW Client initialization FAILED.", null); + throw new SZRGWClientException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java index d15ded8a8..2038e3f18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java @@ -28,12 +28,47 @@ public class SZRGWClientException extends MOAIDException{ private static final long serialVersionUID = 1L; + private String szrErrorCode = null; + private String szrErrorMessage = null; + public SZRGWClientException(String messageId, Object[] parameters) { super(messageId, parameters); } - public SZRGWClientException(SZRGWClientException e1) { - super("", null, e1); + public SZRGWClientException(String messageId) { + super(messageId, null); + } + + public SZRGWClientException(String messageId, Throwable e1) { + super(messageId, null, e1); + } + + public SZRGWClientException(String messageId, String szrErrorCode, String szrErrorMessage) { + super(messageId, null); + this.szrErrorCode = szrErrorCode; + this.szrErrorMessage = szrErrorMessage; + } + + /** + * + */ + public SZRGWClientException() { + super("service.09", null); + } + + /** + * @return the szrErrorCode + */ + public String getSzrErrorCode() { + return szrErrorCode; + } + + /** + * @return the szrErrorMessage + */ + public String getSzrErrorMessage() { + return szrErrorMessage; } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java index dc5ec430e..88ed7885f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java @@ -135,23 +135,11 @@ public class ConfigurationProvider { return rootConfigFileDir; } - /** - * Return the chaining mode for a given trust anchor. - * - * @param trustAnchor The trust anchor for which the chaining mode should be - * returned. - * @return The chaining mode for the given trust anchor. If the trust anchor - * has not been configured separately, the system default will be returned. - */ - public String getChainingMode(X509Certificate trustAnchor) { - Principal issuer = trustAnchor.getIssuerDN(); - BigInteger serial = trustAnchor.getSerialNumber(); - IssuerAndSerial issuerAndSerial = new IssuerAndSerial(issuer, serial); - - String mode = (String) chainingModes.get(issuerAndSerial); - return mode != null ? mode : defaultChainingMode; + public String getDefaultChainingMode() { + return defaultChainingMode; } - + + /** * Returns the trustedCACertificates. * @return String diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java index 31b88263b..b2bcd443f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java @@ -68,6 +68,7 @@ public class OAParameter { this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20(); + this.isInderfederationIDP = oa.isIsInterfederationIDP(); } @@ -104,6 +105,8 @@ public class OAParameter { private boolean removePBKFromAuthblock; + private Boolean isInderfederationIDP; + /** * Contains the oAuth 2.0 configuration (client id, secret and redirect uri) */ @@ -141,4 +144,16 @@ public class OAParameter { return oAuth20Config; } + /** + * @return the isInderfederationIDP + */ + public boolean isInderfederationIDP() { + if (isInderfederationIDP == null) + return false; + + return isInderfederationIDP; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java index 8b5c8d796..dca0958f3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java @@ -63,7 +63,6 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.Unmarshaller; import org.hibernate.cfg.Configuration; -import org.opensaml.DefaultBootstrap; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; @@ -96,6 +95,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog; @@ -339,6 +339,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { config.addAnnotatedClass(OASessionStore.class); config.addAnnotatedClass(OldSSOSessionIDStore.class); config.addAnnotatedClass(ExceptionStore.class); + config.addAnnotatedClass(InterfederationSessionStore.class); config.addProperties(moaSessionProp); MOASessionDBUtils.initHibernate(config, moaSessionProp); @@ -695,17 +696,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider { Logger.warn("Error in MOA-ID Configuration. No SLRequestTemplates found"); throw new ConfigurationException("config.02", null); } else { - SLRequestTemplates.put(OAAuthParameter.ONLINEBKU, templ.getOnlineBKU()); - SLRequestTemplates.put(OAAuthParameter.LOCALBKU, templ.getLocalBKU()); - SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU()); + SLRequestTemplates.put(IOAAuthParameters.ONLINEBKU, templ.getOnlineBKU()); + SLRequestTemplates.put(IOAAuthParameters.LOCALBKU, templ.getLocalBKU()); + SLRequestTemplates.put(IOAAuthParameters.HANDYBKU, templ.getHandyBKU()); } //set Default BKU URLS DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs(); if (bkuuls != null) { - DefaultBKUURLs.put(OAAuthParameter.ONLINEBKU, bkuuls.getOnlineBKU()); - DefaultBKUURLs.put(OAAuthParameter.LOCALBKU, bkuuls.getLocalBKU()); - DefaultBKUURLs.put(OAAuthParameter.HANDYBKU, bkuuls.getHandyBKU()); + DefaultBKUURLs.put(IOAAuthParameters.ONLINEBKU, bkuuls.getOnlineBKU()); + DefaultBKUURLs.put(IOAAuthParameters.LOCALBKU, bkuuls.getLocalBKU()); + DefaultBKUURLs.put(IOAAuthParameters.HANDYBKU, bkuuls.getHandyBKU()); } //set SSO Config @@ -884,7 +885,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return el; else { Logger.warn("getSLRequestTemplates: BKU Type does not match: " - + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); return null; } } @@ -899,7 +900,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider { return el; else { Logger.warn("getSLRequestTemplates: BKU Type does not match: " - + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU); + + IOAAuthParameters.ONLINEBKU + " or " + IOAAuthParameters.HANDYBKU + " or " + IOAAuthParameters.LOCALBKU); return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java new file mode 100644 index 000000000..a59cc10e0 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java @@ -0,0 +1,148 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth; + +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; + +/** + * @author tlenz + * + */ +public interface IOAAuthParameters { + + public static final String ONLINEBKU = "online"; + public static final String HANDYBKU = "handy"; + public static final String LOCALBKU = "local"; + public static final String INDERFEDERATEDIDP = "interfederated"; + + + public String getPublicURLPrefix(); + + public boolean getBusinessService(); + + public String getTarget(); + + public boolean isInderfederationIDP(); + + /** + * @return the identityLinkDomainIdentifier + */ + public String getIdentityLinkDomainIdentifier(); + + /** + * @return the keyBoxIdentifier + */ + public String getKeyBoxIdentifier(); + + /** + * @return the transformsInfos + */ + public List<String> getTransformsInfos(); + + public OASAML1 getSAML1Parameter(); + + public OAPVP2 getPVP2Parameter(); + + /** + * @return the templateURL + */ + public List<TemplateType> getTemplateURL(); + + public String getAditionalAuthBlockText(); + + public String getBKUURL(String bkutype); + + public List<String> getBKUURL(); + + public boolean useSSO(); + + public boolean useSSOQuestion(); + + public String getSingleLogOutURL(); + + /** + * @return the mandateProfiles + */ + public List<String> getMandateProfiles(); + + /** + * @return the identityLinkDomainIdentifierType + */ + public String getIdentityLinkDomainIdentifierType(); + + public boolean isShowMandateCheckBox(); + + public boolean isOnlyMandateAllowed(); + + /** + * Shall we show the stork login in the bku selection frontend? + * + * @return true, if is we should show stork login + */ + public boolean isShowStorkLogin(); + + public Map<String, String> getFormCustomizaten(); + + public Integer getQaaLevel(); + + /** + * @return the requestedAttributes + */ + public List<OAStorkAttribute> getRequestedAttributes(); + + public boolean isRequireConsentForStorkAttributes(); + + public List<AttributeProviderPlugin> getStorkAPs(); + + public byte[] getBKUSelectionTemplate(); + + public byte[] getSendAssertionTemplate(); + + public List<CPEPS> getPepsList(); + + public String getIDPAttributQueryServiceURL(); + + /** + * @return + */ + boolean isInboundSSOInterfederationAllowed(); + + /** + * @return + */ + boolean isInterfederationSSOStorageAllowed(); + + /** + * @return + */ + boolean isOutboundSSOInterfederationAllowed(); + +}
\ No newline at end of file diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 492770aad..7fc5746ee 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationT import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS; import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber; +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates; import at.gv.egovernment.moa.id.commons.db.dao.config.MandatesProfileNameItem; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; @@ -85,13 +86,11 @@ import at.gv.egovernment.moa.util.MiscUtil; * * @author Harald Bratko */ -public class OAAuthParameter extends OAParameter { +public class OAAuthParameter extends OAParameter implements IOAAuthParameters { - public static final String ONLINEBKU = "online"; - public static final String HANDYBKU = "handy"; - public static final String LOCALBKU = "local"; - private AuthComponentOA oa_auth; + private String keyBoxIdentifier; + private InterfederationIDPType inderfederatedIDP = null; public OAAuthParameter(OnlineApplication oa) { super(oa); @@ -99,13 +98,15 @@ public class OAAuthParameter extends OAParameter { this.oa_auth = oa.getAuthComponentOA(); this.keyBoxIdentifier = oa.getKeyBoxIdentifier().value(); -} + + this.inderfederatedIDP = oa.getInterfederationIDP(); + } - private String keyBoxIdentifier; -/** - * @return the identityLinkDomainIdentifier +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() */ +@Override public String getIdentityLinkDomainIdentifier() { IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); @@ -115,34 +116,45 @@ public String getIdentityLinkDomainIdentifier() { return null; } -/** - * @return the keyBoxIdentifier +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() */ +@Override public String getKeyBoxIdentifier() { return keyBoxIdentifier; } -/** - * @return the transformsInfos +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos() */ +@Override public List<String> getTransformsInfos() { List<TransformsInfoType> transformations = oa_auth.getTransformsInfo(); return ConfigurationUtils.getTransformInfos(transformations); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() + */ + @Override public OASAML1 getSAML1Parameter() { return oa_auth.getOASAML1(); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter() + */ + @Override public OAPVP2 getPVP2Parameter() { return oa_auth.getOAPVP2(); } - /** - * @return the templateURL + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() */ + @Override public List<TemplateType> getTemplateURL() { TemplatesType templates = oa_auth.getTemplates(); @@ -154,6 +166,10 @@ public List<String> getTransformsInfos() { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() + */ + @Override public String getAditionalAuthBlockText() { TemplatesType templates = oa_auth.getTemplates(); @@ -163,6 +179,10 @@ public List<String> getTransformsInfos() { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) + */ + @Override public String getBKUURL(String bkutype) { BKUURLS bkuurls = oa_auth.getBKUURLS(); if (bkuurls != null) { @@ -179,6 +199,10 @@ public List<String> getTransformsInfos() { return null; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() + */ + @Override public List<String> getBKUURL() { BKUURLS bkuurls = oa_auth.getBKUURLS(); @@ -196,6 +220,10 @@ public List<String> getTransformsInfos() { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() + */ + @Override public boolean useSSO() { OASSO sso = oa_auth.getOASSO(); if (sso != null) @@ -204,6 +232,10 @@ public List<String> getTransformsInfos() { return false; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() + */ + @Override public boolean useSSOQuestion() { OASSO sso = oa_auth.getOASSO(); if (sso != null) @@ -213,6 +245,10 @@ public List<String> getTransformsInfos() { } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL() + */ + @Override public String getSingleLogOutURL() { OASSO sso = oa_auth.getOASSO(); if (sso != null) @@ -221,9 +257,10 @@ public List<String> getTransformsInfos() { return null; } -/** - * @return the mandateProfiles +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() */ +@Override public List<String> getMandateProfiles() { Mandates mandates = oa_auth.getMandates(); @@ -253,9 +290,10 @@ public List<String> getMandateProfiles() { return null; } -/** - * @return the identityLinkDomainIdentifierType +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() */ +@Override public String getIdentityLinkDomainIdentifierType() { IdentificationNumber idnumber = oa_auth.getIdentificationNumber(); if (idnumber != null) @@ -265,6 +303,10 @@ public String getIdentityLinkDomainIdentifierType() { } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() + */ +@Override public boolean isShowMandateCheckBox() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { @@ -277,6 +319,10 @@ public boolean isShowMandateCheckBox() { return true; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() + */ +@Override public boolean isOnlyMandateAllowed() { TemplatesType templates = oa_auth.getTemplates(); if (templates != null) { @@ -289,11 +335,10 @@ public boolean isOnlyMandateAllowed() { return false; } - /** - * Shall we show the stork login in the bku selection frontend? - * - * @return true, if is we should show stork login + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() */ + @Override public boolean isShowStorkLogin() { try { return oa_auth.getOASTORK().isStorkLogonEnabled(); @@ -303,6 +348,10 @@ public boolean isOnlyMandateAllowed() { } } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() + */ +@Override public Map<String, String> getFormCustomizaten() { TemplatesType templates = oa_auth.getTemplates(); @@ -354,6 +403,10 @@ public Map<String, String> getFormCustomizaten() { return map; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() + */ +@Override public Integer getQaaLevel() { if (oa_auth.getOASTORK() != null && oa_auth.getOASTORK().getQaa() != null) @@ -363,21 +416,34 @@ public Integer getQaaLevel() { return 4; } -/** - * @return the requestedAttributes +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() */ +@Override public List<OAStorkAttribute> getRequestedAttributes() { return oa_auth.getOASTORK().getOAAttributes(); } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() + */ +@Override public boolean isRequireConsentForStorkAttributes() { return oa_auth.getOASTORK().isRequireConsent(); } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() + */ +@Override public List<AttributeProviderPlugin> getStorkAPs() { return oa_auth.getOASTORK().getAttributeProviders(); } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() + */ +@Override public byte[] getBKUSelectionTemplate() { TemplatesType templates = oa_auth.getTemplates(); @@ -389,6 +455,10 @@ public byte[] getBKUSelectionTemplate() { return null; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() + */ +@Override public byte[] getSendAssertionTemplate() { TemplatesType templates = oa_auth.getTemplates(); @@ -400,8 +470,54 @@ public byte[] getSendAssertionTemplate() { return null; } +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() + */ +@Override public List<CPEPS> getPepsList() { return new ArrayList<CPEPS>(oa_auth.getOASTORK().getCPEPS()); } + +/* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() + */ +@Override +public String getIDPAttributQueryServiceURL() { + if (inderfederatedIDP != null) + return inderfederatedIDP.getAttributeQueryURL(); + + else + return null; + +} + +@Override +public boolean isInboundSSOInterfederationAllowed() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isInboundSSO(); + else + return false; +} + +@Override +public boolean isOutboundSSOInterfederationAllowed() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isOutboundSSO(); + else + return false; +} + +@Override +public boolean isInterfederationSSOStorageAllowed() { + if (inderfederatedIDP != null) + return inderfederatedIDP.isStoreSSOSession(); + else + return false; +} + +public boolean isIDPPublicService() { + return !getBusinessService(); } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java new file mode 100644 index 000000000..02ac09d70 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -0,0 +1,386 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute; +import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; + +/** + * @author tlenz + * + */ +public class DynamicOAAuthParameters implements IOAAuthParameters { + + private String applicationID = null; + + private boolean isBusinessService; + private String target; + private String businessTarget; + + private boolean inderfederatedIDP; + private String IDPQueryURL; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBusinessService() + */ + @Override + public boolean getBusinessService() { + return this.isBusinessService; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTarget() + */ + @Override + public String getTarget() { + return this.target; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifier() + */ + @Override + public String getIdentityLinkDomainIdentifier() { + return this.businessTarget; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInderfederationIDP() + */ + @Override + public boolean isInderfederationIDP() { + return this.inderfederatedIDP; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIDPAttributQueryServiceURL() + */ + @Override + public String getIDPAttributQueryServiceURL() { + return this.IDPQueryURL; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getKeyBoxIdentifier() + */ + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTransformsInfos() + */ + @Override + public List<String> getTransformsInfos() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSAML1Parameter() + */ + @Override + public OASAML1 getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPVP2Parameter() + */ + @Override + public OAPVP2 getPVP2Parameter() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getTemplateURL() + */ + @Override + public List<TemplateType> getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getAditionalAuthBlockText() + */ + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL(java.lang.String) + */ + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUURL() + */ + @Override + public List<String> getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSO() + */ + @Override + public boolean useSSO() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#useSSOQuestion() + */ + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSingleLogOutURL() + */ + @Override + public String getSingleLogOutURL() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getMandateProfiles() + */ + @Override + public List<String> getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getIdentityLinkDomainIdentifierType() + */ + @Override + public String getIdentityLinkDomainIdentifierType() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowMandateCheckBox() + */ + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOnlyMandateAllowed() + */ + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isShowStorkLogin() + */ + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getFormCustomizaten() + */ + @Override + public Map<String, String> getFormCustomizaten() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getQaaLevel() + */ + @Override + public Integer getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getRequestedAttributes() + */ + @Override + public List<OAStorkAttribute> getRequestedAttributes() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isRequireConsentForStorkAttributes() + */ + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getStorkAPs() + */ + @Override + public List<AttributeProviderPlugin> getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBKUSelectionTemplate() + */ + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getSendAssertionTemplate() + */ + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPepsList() + */ + @Override + public List<CPEPS> getPepsList() { + // TODO Auto-generated method stub + return null; + } + + /** + * @param isBusinessService the isBusinessService to set + */ + public void setBusinessService(boolean isBusinessService) { + this.isBusinessService = isBusinessService; + } + + /** + * @param target the target to set + */ + public void setTarget(String target) { + this.target = target; + } + + /** + * @param businessTarget the businessTarget to set + */ + public void setBusinessTarget(String businessTarget) { + this.businessTarget = businessTarget; + } + + /** + * @param inderfederatedIDP the inderfederatedIDP to set + */ + public void setInderfederatedIDP(boolean inderfederatedIDP) { + this.inderfederatedIDP = inderfederatedIDP; + } + + /** + * @param iDPQueryURL the iDPQueryURL to set + */ + public void setIDPQueryURL(String iDPQueryURL) { + IDPQueryURL = iDPQueryURL; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getPublicURLPrefix() + */ + @Override + public String getPublicURLPrefix() { + return this.applicationID; + } + + /** + * @param applicationID the applicationID to set + */ + public void setApplicationID(String applicationID) { + this.applicationID = applicationID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInboundSSOInterfederationAllowed() + */ + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isInterfederationSSOStorageAllowed() + */ + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#isOutboundSSOInterfederationAllowed() + */ + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index f9d3986d7..33e62d3d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -1,27 +1,5 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ /* - * Copyright 2003 Federal Chancellery Austria + * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. * @@ -42,455 +20,643 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. */ - - package at.gv.egovernment.moa.id.data; import java.io.Serializable; +import java.text.DateFormat; +import java.text.ParseException; +import java.text.SimpleDateFormat; import java.util.Date; +import org.w3c.dom.Element; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.MiscUtil; /** - * Encapsulates authentication data contained in a <code><saml:Assertion></code>. + * @author tlenz * - * @author Paul Ivancsics - * @version $Id$ */ +public class AuthenticationData implements IAuthData, Serializable { -public class AuthenticationData implements Serializable { - /** - * - */ private static final long serialVersionUID = -1042697056735596866L; -/** - * major version number of the SAML assertion - */ - private int majorVersion; - /** - * minor version number of the SAML assertion - */ - private int minorVersion; - /** - * identifier for this assertion - */ - private String assertionID; - /** - * URL of the MOA-ID Auth component issueing this assertion - */ - private String issuer; - /** - * time instant of issue of this assertion - */ - private String issueInstant; - /** - * user identification value (Stammzahl); <code>null</code>, - * if the authentication module is configured not to return this data - */ - private String identificationValue; - /** - * user identification type - */ - private String identificationType; + public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; + /** + * URL of the MOA-ID Auth component issueing this assertion + */ + private String issuer; + /** + * time instant of issue of this assertion + */ + private Date issueInstant; + /** + * user identification value (Stammzahl); <code>null</code>, + * if the authentication module is configured not to return this data + */ + private String identificationValue; + /** + * user identification type + */ + private String identificationType; + + /** + * user identityLink specialized to OAParamter + */ + private IdentityLink identityLink; + + /** + * application specific user identifier (bPK/wbPK) + */ + private String bPK; + + /** + * application specific user identifier type + */ + private String bPKType; + + /** + * given name of the user + */ + private String givenName; + /** + * family name of the user + */ + private String familyName; + /** + * date of birth of the user + */ + private Date dateOfBirth; + /** + * says whether the certificate is a qualified certificate or not + */ + private boolean qualifiedCertificate; + /** + * says whether the certificate is a public authority or not + */ + private boolean publicAuthority; + /** + * public authority code (Behördenkennzeichen - BKZ) + */ + private String publicAuthorityCode; + + /** + * URL of the BKU + */ + private String bkuURL; + /** + * the corresponding <code>lt;saml:Assertion></code> + */ + + /** + * STORK attributes from response + */ + private String ccc = null; + private IPersonalAttributeList storkAttributes = null; + private String storkAuthnResponse; + private STORKAuthnRequest storkRequest = null; + + private byte[] signerCertificate = null; + + private String authBlock = null; + + private boolean useMandate = false; + private MISMandate mandate = null; + private String mandateReferenceValue = null; + + private boolean foreigner =false; + private String QAALevel = null; + + private boolean ssoSession = false; + + private boolean interfederatedSSOSession = false; + private String interfederatedIDP = null; + + private String sessionIndex = null; + private String nameID = null; + private String nameIDFormat = null; + + public AuthenticationData() { + issueInstant = new Date(); + } + + /** + * Returns the publicAuthority. + * @return boolean + */ + public boolean isPublicAuthority() { + return publicAuthority; + } + + /** + * Returns the publicAuthorityCode. + * @return String + */ + public String getPublicAuthorityCode() { + return publicAuthorityCode; + } + + /** + * Returns the qualifiedCertificate. + * @return boolean + */ + public boolean isQualifiedCertificate() { + return qualifiedCertificate; + } + + /** + * Returns the bPK. + * @return String + */ + public String getBPK() { + return bPK; + } + + /** + * Sets the publicAuthority. + * @param publicAuthority The publicAuthority to set + */ + public void setPublicAuthority(boolean publicAuthority) { + this.publicAuthority = publicAuthority; + } + + /** + * Sets the publicAuthorityCode. + * @param publicAuthorityIdentification The publicAuthorityCode to set + */ + public void setPublicAuthorityCode(String publicAuthorityIdentification) { + this.publicAuthorityCode = publicAuthorityIdentification; + } + + /** + * Sets the qualifiedCertificate. + * @param qualifiedCertificate The qualifiedCertificate to set + */ + public void setQualifiedCertificate(boolean qualifiedCertificate) { + this.qualifiedCertificate = qualifiedCertificate; + } + + /** + * Sets the bPK. + * @param bPK The bPK to set + */ + public void setBPK(String bPK) { + this.bPK = bPK; + } + + /** + * Returns the dateOfBirth. + * @return String + */ + public Date getDateOfBirth() { + return dateOfBirth; + } + + public String getFormatedDateOfBirth() { + DateFormat pvpDateFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + if (getDateOfBirth() != null) + return pvpDateFormat.format(getDateOfBirth()); + else + return "1900-01-01"; + } + + /** + * Returns the familyName. + * @return String + */ + public String getFamilyName() { + return familyName; + } + + /** + * Returns the givenName. + * @return String + */ + public String getGivenName() { + return givenName; + } + + /** + * Returns the identificationValue. + * @return String + */ + public String getIdentificationValue() { + return identificationValue; + } + + /** + * Returns the identificationType + * @return String + */ + public String getIdentificationType() { + return identificationType; + } + + /** + * Returns the issueInstant. + * @return String + */ + public String getIssueInstantString() { + return DateTimeUtils.buildDateTimeUTC(issueInstant); + + } + + /** + * Returns the issueInstant. + * @return String + */ + public Date getIssueInstant() { + return issueInstant; + + } + + public void setIssueInstant(Date date) { + this.issueInstant = date; + } + + /** + * Returns the issuer. + * @return String + */ + public String getIssuer() { + return issuer; + } + + /** + * Returns the BKU URL. + * @return String + */ + public String getBkuURL() { + return bkuURL; + } + + /** + * Sets the dateOfBirth. + * @param dateOfBirth The dateOfBirth to set + */ + public void setDateOfBirth(Date dateOfBirth) { + this.dateOfBirth = dateOfBirth; + } + + public void setDateOfBirth(String dateOfBirth) { + try { + if (MiscUtil.isNotEmpty(dateOfBirth)) { + DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + this.dateOfBirth = identityLinkFormat.parse(dateOfBirth); + } + + } catch (ParseException e) { + Logger.warn("Parse dateOfBirht from IdentityLink FAILED", e); + + } + } + + /** + * Sets the familyName. + * @param familyName The familyName to set + */ + public void setFamilyName(String familyName) { + this.familyName = familyName; + } + + /** + * Sets the givenName. + * @param givenName The givenName to set + */ + public void setGivenName(String givenName) { + this.givenName = givenName; + } + + /** + * Sets the identificationValue. + * @param identificationValue The identificationValue to set + */ + public void setIdentificationValue(String identificationValue) { + this.identificationValue = identificationValue; + } + + /** + * Sets the identificationType. + * @param identificationType The identificationType to set + */ + public void setIdentificationType(String identificationType) { + this.identificationType = identificationType; + } + + /** + * Sets the issuer. + * @param issuer The issuer to set + */ + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + /** + * Sets the bkuURL + * @param url The BKU URL to set + */ + public void setBkuURL(String url) { + this.bkuURL = url; + } + + public String getBPKType() { + return bPKType; + } + + public void setBPKType(String bPKType) { + this.bPKType = bPKType; + } + + /** + * @return the identityLink + */ + public IdentityLink getIdentityLink() { + return identityLink; + } + + /** + * @param identityLink the identityLink to set + */ + public void setIdentityLink(IdentityLink identityLink) { + this.identityLink = identityLink; + } + + + /** + * @return the storkAttributes + */ + public IPersonalAttributeList getStorkAttributes() { + return storkAttributes; + } + + /** - * user identityLink specialized to OAParamter + * @param storkAttributes the storkAttributes to set */ - private IdentityLink identityLink; + public void setStorkAttributes(IPersonalAttributeList storkAttributes) { + this.storkAttributes = storkAttributes; + } + + + /** + * @return the signerCertificate + */ + public byte[] getSignerCertificate() { + return signerCertificate; + } + + + /** + * @param signerCertificate the signerCertificate to set + */ + public void setSignerCertificate(byte[] signerCertificate) { + this.signerCertificate = signerCertificate; + } + + + /** + * @return the authBlock + */ + public String getAuthBlock() { + return authBlock; + } + + + /** + * @param authBlock the authBlock to set + */ + public void setAuthBlock(String authBlock) { + this.authBlock = authBlock; + } + + + /** + * @return the mandate + */ + public MISMandate getMISMandate() { + return mandate; + } + + public Element getMandate() { + try { + byte[] byteMandate = mandate.getMandate(); + String stringMandate = new String(byteMandate); + return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement(); + + } + catch (Throwable e) { + Logger.warn("Mandate content could not be generated from MISMandate."); + return null; + } + } - /** - * application specific user identifier (bPK/wbPK) - */ - private String bPK; - - /** - * application specific user identifier type - */ - private String bPKType; - - /** - * given name of the user - */ - private String givenName; - /** - * family name of the user - */ - private String familyName; - /** - * date of birth of the user - */ - private String dateOfBirth; - /** - * says whether the certificate is a qualified certificate or not - */ - private boolean qualifiedCertificate; - /** - * says whether the certificate is a public authority or not - */ - private boolean publicAuthority; - /** - * public authority code (Behördenkennzeichen - BKZ) - */ - private String publicAuthorityCode; - /** - * The base64 encoded signer certificate. - */ - private String signerCertificate; - /** - * URL of the BKU - */ - private String bkuURL; - /** - * the corresponding <code>lt;saml:Assertion></code> - */ - private String samlAssertion; - - /** useUTC */ -// private boolean useUTC; - /** - * creation timestamp - */ - Date timestamp; - - - - //this method is only required for MOA-ID Proxy 2.0 Release. - //TODO: remove it, if MOA-ID Proxy is not supported anymore. - public String getWBPK() { - return bPK; - } - - - /** - * Constructor for AuthenticationData. - */ - public AuthenticationData() { - timestamp = new Date(); - } - - /** - * Returns the minorVersion. - * @return int - */ - public int getMinorVersion() { - return minorVersion; - } - - /** - * Returns the publicAuthority. - * @return boolean - */ - public boolean isPublicAuthority() { - return publicAuthority; - } - - /** - * Returns the publicAuthorityCode. - * @return String - */ - public String getPublicAuthorityCode() { - return publicAuthorityCode; - } - - /** - * Returns the qualifiedCertificate. - * @return boolean - */ - public boolean isQualifiedCertificate() { - return qualifiedCertificate; - } - - /** - * Returns the bPK. - * @return String - */ - public String getBPK() { - return bPK; - } - -// /** -// * Returns useUTC -// * @return useUTC -// */ -// public boolean getUseUTC() { -// return useUTC; -// } - - /** - * Sets the minorVersion. - * @param minorVersion The minorVersion to set - */ - public void setMinorVersion(int minorVersion) { - this.minorVersion = minorVersion; - } - - /** - * Sets the publicAuthority. - * @param publicAuthority The publicAuthority to set - */ - public void setPublicAuthority(boolean publicAuthority) { - this.publicAuthority = publicAuthority; - } - - /** - * Sets the publicAuthorityCode. - * @param publicAuthorityIdentification The publicAuthorityCode to set - */ - public void setPublicAuthorityCode(String publicAuthorityIdentification) { - this.publicAuthorityCode = publicAuthorityIdentification; - } - - /** - * Sets the qualifiedCertificate. - * @param qualifiedCertificate The qualifiedCertificate to set - */ - public void setQualifiedCertificate(boolean qualifiedCertificate) { - this.qualifiedCertificate = qualifiedCertificate; - } - - /** - * Sets the bPK. - * @param bPK The bPK to set - */ - public void setBPK(String bPK) { - this.bPK = bPK; - } - -// /** -// * Sets the wbPK. -// * @param wbPK The wbPK to set -// */ -// public void setWBPK(String wbPK) { -// this.wbPK = wbPK; -// } - -// public void setUseUTC(boolean useUTC) { -// this.useUTC = useUTC; -// } - - /** - * Returns the assertionID. - * @return String - */ - public String getAssertionID() { - return assertionID; - } - - /** - * Returns the dateOfBirth. - * @return String - */ - public String getDateOfBirth() { - return dateOfBirth; - } - - /** - * Returns the familyName. - * @return String - */ - public String getFamilyName() { - return familyName; - } - - /** - * Returns the givenName. - * @return String - */ - public String getGivenName() { - return givenName; - } - - /** - * Returns the identificationValue. - * @return String - */ - public String getIdentificationValue() { - return identificationValue; - } - - /** - * Returns the identificationType - * @return String - */ - public String getIdentificationType() { - return identificationType; - } - - /** - * Returns the issueInstant. - * @return String - */ - public String getIssueInstant() { - return issueInstant; - } - - /** - * Returns the issuer. - * @return String - */ - public String getIssuer() { - return issuer; - } - - /** - * Returns the majorVersion. - * @return int - */ - public int getMajorVersion() { - return majorVersion; - } - - /** - * Returns the BKU URL. - * @return String - */ - public String getBkuURL() { - return bkuURL; - } - - /** - * Returns the signer certificate. - * @return String - */ - public String getSignerCertificate() { - return signerCertificate; - } - - /** - * Sets the assertionID. - * @param assertionID The assertionID to set - */ - public void setAssertionID(String assertionID) { - this.assertionID = assertionID; - } - - /** - * Sets the dateOfBirth. - * @param dateOfBirth The dateOfBirth to set - */ - public void setDateOfBirth(String dateOfBirth) { - this.dateOfBirth = dateOfBirth; - } - - /** - * Sets the familyName. - * @param familyName The familyName to set - */ - public void setFamilyName(String familyName) { - this.familyName = familyName; - } - - /** - * Sets the givenName. - * @param givenName The givenName to set - */ - public void setGivenName(String givenName) { - this.givenName = givenName; - } - - /** - * Sets the identificationValue. - * @param identificationValue The identificationValue to set - */ - public void setIdentificationValue(String identificationValue) { - this.identificationValue = identificationValue; - } - - /** - * Sets the identificationType. - * @param identificationType The identificationType to set - */ - public void setIdentificationType(String identificationType) { - this.identificationType = identificationType; - } - - /** - * Sets the issueInstant. - * @param issueInstant The issueInstant to set - */ - public void setIssueInstant(String issueInstant) { - this.issueInstant = issueInstant; - } - - /** - * Sets the issuer. - * @param issuer The issuer to set - */ - public void setIssuer(String issuer) { - this.issuer = issuer; - } - - /** - * Sets the majorVersion. - * @param majorVersion The majorVersion to set - */ - public void setMajorVersion(int majorVersion) { - this.majorVersion = majorVersion; - } - - /** - * Sets the bkuURL - * @param url The BKU URL to set - */ - public void setBkuURL(String url) { - this.bkuURL = url; - } - - /** - * Sets the signer certificate - * @param signerCertificate The signer certificate - */ - public void setSignerCertificate(String signerCertificate) { - this.signerCertificate = signerCertificate; - } - - /** - * Returns the samlAssertion. - * @return String - */ - public String getSamlAssertion() { - return samlAssertion; - } - - /** - * Sets the samlAssertion. - * @param samlAssertion The samlAssertion to set - */ - public void setSamlAssertion(String samlAssertion) { - this.samlAssertion = samlAssertion; - } - - /** - * Returns the timestamp. - * @return Date - */ - public Date getTimestamp() { - return timestamp; - } - -public String getBPKType() { - return bPKType; -} -public void setBPKType(String bPKType) { - this.bPKType = bPKType; -} + /** + * @param mandate the mandate to set + */ + public void setMISMandate(MISMandate mandate) { + this.mandate = mandate; + } -/** - * @return the identityLink - */ -public IdentityLink getIdentityLink() { - return identityLink; -} -/** - * @param identityLink the identityLink to set - */ -public void setIdentityLink(IdentityLink identityLink) { - this.identityLink = identityLink; -} + /** + * @return the useMandate + */ + public boolean isUseMandate() { + return useMandate; + } + /** + * @param useMandate the useMandate to set + */ + public void setUseMandate(boolean useMandate) { + this.useMandate = useMandate; + } - + + /** + * @return + */ + public String getQAALevel() { + return this.QAALevel; + } + + + /** + * @return + */ + public boolean isForeigner() { + return this.foreigner; + } + + + /** + * @param foreigner the foreigner to set + */ + public void setForeigner(boolean foreigner) { + this.foreigner = foreigner; + } + + + /** + * @param qAALevel the qAALevel to set + */ + public void setQAALevel(String qAALevel) { + QAALevel = qAALevel; + } + + + /** + * @return the ssoSession + */ + public boolean isSsoSession() { + return ssoSession; + } + + + /** + * @param ssoSession the ssoSession to set + */ + public void setSsoSession(boolean ssoSession) { + this.ssoSession = ssoSession; + } + + /** + * @param storkRequest the storkRequest to set + */ + public void setStorkRequest(STORKAuthnRequest storkRequest) { + this.storkRequest = storkRequest; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getStorkAuthnRequest() + */ + @Override + public STORKAuthnRequest getStorkAuthnRequest() { + return this.storkRequest; + } + + /** + * @return the storkAuthnResponse + */ + public String getStorkAuthnResponse() { + return storkAuthnResponse; + } + + /** + * @param storkAuthnResponse the storkAuthnResponse to set + */ + public void setStorkAuthnResponse(String storkAuthnResponse) { + this.storkAuthnResponse = storkAuthnResponse; + } + + /** + * @return the mandateReferenceValue + */ + public String getMandateReferenceValue() { + return mandateReferenceValue; + } + + /** + * @param mandateReferenceValue the mandateReferenceValue to set + */ + public void setMandateReferenceValue(String mandateReferenceValue) { + this.mandateReferenceValue = mandateReferenceValue; + } + + /** + * @return the ccc + */ + public String getCcc() { + return ccc; + } + + /** + * @param ccc the ccc to set + */ + public void setCcc(String ccc) { + this.ccc = ccc; + } + + /** + * @return the sessionIndex + */ + public String getSessionIndex() { + return sessionIndex; + } + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.IAuthData#getNameID() + */ + @Override + public String getNameID() { + return this.nameID; + } + + /** + * @param nameID the nameID to set + */ + public void setNameID(String nameID) { + this.nameID = nameID; + } + + /** + * @return the nameIDFormat + */ + public String getNameIDFormat() { + return nameIDFormat; + } + + /** + * @param nameIDFormat the nameIDFormat to set + */ + public void setNameIDFormat(String nameIDFormat) { + this.nameIDFormat = nameIDFormat; + } + + /** + * @return the interfederatedSSOSession + */ + public boolean isInterfederatedSSOSession() { + return interfederatedSSOSession; + } + + /** + * @param interfederatedSSOSession the interfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { + this.interfederatedSSOSession = interfederatedSSOSession; + } + + /** + * @return the interfederatedIDP + */ + public String getInterfederatedIDP() { + return interfederatedIDP; + } + + /** + * @param interfederatedIDP the interfederatedIDP to set + */ + public void setInterfederatedIDP(String interfederatedIDP) { + this.interfederatedIDP = interfederatedIDP; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java new file mode 100644 index 000000000..4ea81f134 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java @@ -0,0 +1,86 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.util.Date; + +import org.w3c.dom.Element; + +import eu.stork.peps.auth.commons.IPersonalAttributeList; +import eu.stork.peps.auth.commons.STORKAuthnRequest; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; + +/** + * @author tlenz + * + */ +public interface IAuthData { + + Date getIssueInstant(); + String getIssuer(); + + boolean isSsoSession(); + boolean isInterfederatedSSOSession(); + boolean isUseMandate(); + + String getFamilyName(); + String getGivenName(); + Date getDateOfBirth(); + String getFormatedDateOfBirth(); + + String getBPK(); + String getBPKType(); + + String getInterfederatedIDP(); + + String getIdentificationValue(); + String getIdentificationType(); + + String getBkuURL(); + + IdentityLink getIdentityLink(); + byte[] getSignerCertificate(); + String getAuthBlock(); + + boolean isPublicAuthority(); + String getPublicAuthorityCode(); + boolean isQualifiedCertificate(); + + MISMandate getMISMandate(); + Element getMandate(); + String getMandateReferenceValue(); + + String getQAALevel(); + + String getSessionIndex(); + String getNameID(); + String getNameIDFormat(); + + boolean isForeigner(); + String getCcc(); + STORKAuthnRequest getStorkAuthnRequest(); + String getStorkAuthnResponse(); + IPersonalAttributeList getStorkAttributes(); +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java new file mode 100644 index 000000000..a0f3dd309 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationContainer.java @@ -0,0 +1,155 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.LinkedHashMap; +import java.util.List; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.metadata.SingleLogoutService; + +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; + +/** + * @author tlenz + * + */ +public class SLOInformationContainer implements Serializable { + + private static final long serialVersionUID = 7148730740582881862L; + + private PVPTargetConfiguration sloRequest = null; + private LinkedHashMap<String, SLOInformationImpl> activeFrontChannalOAs = null; + private LinkedHashMap<String, SLOInformationImpl> activeBackChannelOAs = null; + private List<String> sloFailedOAs = null; + + + public void parseActiveOAs(List<OASessionStore> dbOAs, String removeOAID) { + activeFrontChannalOAs = new LinkedHashMap<String, SLOInformationImpl>(); + activeBackChannelOAs = new LinkedHashMap<String, SLOInformationImpl>(); + + if (dbOAs != null) { + for (OASessionStore oa : dbOAs) { + //Actually only PVP 2.1 support Single LogOut + if (PVP2XProtocol.NAME.equals(oa.getProtocolType()) && + !oa.getOaurlprefix().equals(removeOAID)) { + SingleLogoutService sloDesc; + try { + sloDesc = SingleLogOutBuilder.getRequestSLODescriptor(oa.getOaurlprefix()); + + if (sloDesc.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) + activeBackChannelOAs.put(oa.getOaurlprefix(), + new SLOInformationImpl( + oa.getAssertionSessionID(), + oa.getUserNameID(), + oa.getUserNameIDFormat(), + oa.getProtocolType(), + sloDesc)); + + else + activeFrontChannalOAs.put(oa.getOaurlprefix(), + new SLOInformationImpl( + oa.getAssertionSessionID(), + oa.getUserNameID(), + oa.getUserNameIDFormat(), + oa.getProtocolType(), + sloDesc)); + + } catch (NOSLOServiceDescriptorException e) { + putFailedOA(oa.getOaurlprefix()); + + } + + } else + putFailedOA(oa.getOaurlprefix()); + } + } + } + + public String getNextFrontChannelOA() { + Iterator<String> interator = activeFrontChannalOAs.keySet().iterator(); + if (interator.hasNext()) + return interator.next(); + + else + return null; + } + + public SLOInformationImpl getFrontChannelOASessionDescripten(String oaID) { + return activeFrontChannalOAs.get(oaID); + } + + public void removeFrontChannelOA(String oaID) { + activeFrontChannalOAs.remove(oaID); + } + + public Iterator<String> getNextBackChannelOA() { + return activeBackChannelOAs.keySet().iterator(); + } + + public SLOInformationImpl getBackChannelOASessionDescripten(String oaID) { + return activeBackChannelOAs.get(oaID); + } + + public void removeBackChannelOA(String oaID) { + activeBackChannelOAs.remove(oaID); + } + + /** + * @return the sloRequest + */ + public PVPTargetConfiguration getSloRequest() { + return sloRequest; + } + + /** + * @param sloRequest the sloRequest to set + */ + public void setSloRequest(PVPTargetConfiguration sloRequest) { + this.sloRequest = sloRequest; + } + + /** + * @return the sloFailedOAs + */ + public List<String> getSloFailedOAs() { + return sloFailedOAs; + } + + public void putFailedOA(String oaID) { + if (sloFailedOAs == null) + sloFailedOAs = new ArrayList<String>(); + sloFailedOAs.add(oaID); + } + + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java new file mode 100644 index 000000000..55b213702 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationImpl.java @@ -0,0 +1,156 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +import java.io.Serializable; + +import org.opensaml.saml2.metadata.SingleLogoutService; + +/** + * @author tlenz + * + */ +public class SLOInformationImpl implements SLOInformationInterface, Serializable { + + private static final long serialVersionUID = 295577931870512387L; + private String sessionIndex = null; + private String nameID = null; + private String protocolType = null; + private String nameIDFormat = null; + private String binding = null; + private String serviceURL = null; + + public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType) { + new SLOInformationImpl(sessionID, nameID, nameIDFormat, protocolType, null); + } + + public SLOInformationImpl(String sessionID, String nameID, String nameIDFormat, String protocolType, SingleLogoutService sloService) { + this.sessionIndex = sessionID; + this.nameID = nameID; + this.nameIDFormat = nameIDFormat; + this.protocolType = protocolType; + + if (sloService != null) { + this.binding = sloService.getBinding(); + this.serviceURL = sloService.getLocation(); + + } + } + + + /** + * + */ + public SLOInformationImpl() { + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getSessionIndex() + */ + @Override + public String getSessionIndex() { + return sessionIndex; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIdentifier() + */ + @Override + public String getUserNameIdentifier() { + return nameID; + + } + + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + + /** + * @param nameID the nameID to set + */ + public void setUserNameIdentifier(String nameID) { + this.nameID = nameID; + } + + + + /** + * @param protocolType the protocolType to set + */ + public void setProtocolType(String protocolType) { + this.protocolType = protocolType; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getProtocolType() + */ + @Override + public String getProtocolType() { + return protocolType; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.data.SLOInformationInterface#getUserNameIDFormat() + */ + @Override + public String getUserNameIDFormat() { + return this.nameIDFormat; + } + + + /** + * @param nameIDFormat the nameIDFormat to set + */ + public void setNameIDFormat(String nameIDFormat) { + this.nameIDFormat = nameIDFormat; + } + + /** + * @return the binding + */ + public String getBinding() { + return binding; + } + + /** + * @return the serviceURL + */ + public String getServiceURL() { + return serviceURL; + } + + + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java new file mode 100644 index 000000000..b2241f8ed --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SLOInformationInterface.java @@ -0,0 +1,63 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.data; + +/** + * @author tlenz + * + */ +public interface SLOInformationInterface{ + + + /** + * get AssertionID which was used for Service Provider Single LogOut request + * + * @return + * SessionID (SessionIndex in case of SAML2) + */ + public String getSessionIndex(); + + /** + * get user identifier which was used + * + * @return + * bPK / wbPK (nameID in case of SAML2) + */ + public String getUserNameIdentifier(); + + + /** + * get protocol type which was used for authentication + * + * @return + * return authentication protocol type + */ + public String getProtocolType(); + + /** + * @return + */ + public String getUserNameIDFormat(); + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java index 480deb867..a3827ab73 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java @@ -25,20 +25,18 @@ package at.gv.egovernment.moa.id.entrypoints; import java.io.IOException; import java.util.Iterator; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger; import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -46,6 +44,8 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; @@ -57,6 +57,7 @@ import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.legacy.LegacyHelper; @@ -223,8 +224,10 @@ public class DispatcherServlet extends AuthServlet{ } } - //HttpSession httpSession = req.getSession(); - //Map<String, IRequest> protocolRequests = null; + //get SSO Cookie for Request + SSOManager ssomanager = SSOManager.getInstance(); + String ssoId = ssomanager.getSSOSessionID(req); + IRequest protocolRequest = null; try { @@ -249,18 +252,47 @@ public class DispatcherServlet extends AuthServlet{ try { protocolRequest = info.preProcess(req, resp, action); - if (protocolRequest != null) { - + //request is a valid interfederation response + if (protocolRequest != null && + protocolRequest.getInterfederationResponse() != null ) { + Logger.debug("Create new interfederated MOA-Session and add to HTTPRequest"); + + //reload SP protocol implementation + info = ModulStorage.getModuleByPath(protocolRequest.requestedModule()); + moduleAction = info.getAction(protocolRequest.requestedAction()); + + //create interfederated mOASession + String sessionID = + AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId); + req.getParameterMap().put(PARAM_SESSIONID, sessionID); + + Logger.info("PreProcessing of SSO interfederation response complete. "); + + //request is a not valid interfederation response -> Restart local authentication + } else if (protocolRequest != null && + MiscUtil.isNotEmpty(protocolRequest.getRequestID())) { + Logger.info("Restart authentication with stored " + protocolRequest.requestedModule() + + " AuthnRequest for OnlineApplication " + protocolRequest.getOAURL()); + + //request is a new authentication request + } else if (protocolRequest != null && + MiscUtil.isEmpty(protocolRequest.getRequestID())) { //Start new Authentication - protocolRequest.setAction(action); protocolRequest.setModule(module); - protocolRequestID = Random.nextRandom(); - protocolRequest.setRequestID(protocolRequestID); - RequestStorage.setPendingRequest(protocolRequest); + //if preProcessing has not set a specific action from decoded request + // then set the default action + if (MiscUtil.isEmpty(protocolRequest.requestedAction())) + protocolRequest.setAction(action); + else + moduleAction = info.getAction(protocolRequest.requestedAction()); + protocolRequestID = Random.nextRandom(); + protocolRequest.setRequestID(protocolRequestID); + RequestStorage.setPendingRequest(protocolRequest); Logger.debug(DispatcherServlet.class.getName()+": Create PendingRequest with ID " + protocolRequestID + "."); - + + } else { Logger.error("Failed to generate a valid protocol request!"); resp.setContentType("text/html;charset=UTF-8"); @@ -280,30 +312,42 @@ public class DispatcherServlet extends AuthServlet{ StatisticLogger logger = StatisticLogger.getInstance(); logger.logErrorOperation(e, e.getErrorRequest()); return; - - } catch (MOAIDException e) { + + }catch (InvalidProtocolRequestException e) { + ErrorResponseUtils utils = ErrorResponseUtils.getInstance(); + String code = utils.mapInternalErrorToExternalError(e.getMessageId()); + String descr = e.getMessage(); + Logger.error("Protocol validation FAILED!"); + resp.setContentType("text/html;charset=UTF-8"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" + + "(Errorcode=" + code + + " | Description=" + descr + ")"); + return; + } catch (MOAIDException e) { Logger.error("Failed to generate a valid protocol request!"); resp.setContentType("text/html;charset=UTF-8"); - resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!"); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "NO valid protocol request received!" + + "(Errorcode=6000" + +" | Description=Das Authentifizierungsprotokoll wurde nicht erkannt oder wird nicht unterst\u00FCzt" + ")"); return; } } AuthenticationManager authmanager = AuthenticationManager.getInstance(); - SSOManager ssomanager = SSOManager.getInstance(); String moasessionID = null; String newSSOSessionId = null; AuthenticationSession moasession = null; - - //get SSO Cookie for Request - String ssoId = ssomanager.getSSOSessionID(req); - - boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); + IAuthData authData = null; + + boolean needAuthentication = moduleAction.needAuthentication(protocolRequest, req, resp); if (needAuthentication) { - + + //check if interfederation IDP is requested + ssomanager.checkInterfederationIsRequested(req, resp, protocolRequest); + //check SSO session if (ssoId != null) { String correspondingMOASession = ssomanager.existsOldSSOSession(ssoId); @@ -326,8 +370,8 @@ public class DispatcherServlet extends AuthServlet{ } - isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req); - useSSOOA = oaParam.useSSO(); + isValidSSOSession = ssomanager.isValidSSOSession(ssoId, protocolRequest); + useSSOOA = oaParam.useSSO() || oaParam.isInderfederationIDP(); //if a legacy request is used SSO should not be allowed, actually @@ -377,38 +421,36 @@ public class DispatcherServlet extends AuthServlet{ if (oaParam.useSSOQuestion() && !AuthenticationSessionStoreage.isAuthenticated(moasessionID)) { authmanager.sendTransmitAssertionQuestion(req, resp, protocolRequest, oaParam); return; - } - } - else { + } - moasessionID = (String) req.getParameter(PARAM_SESSIONID); - + } else { + moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); - } - + + } //save SSO session usage in Database newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL()); - if (newSSOSessionId != null) { + if (MiscUtil.isNotEmpty(newSSOSessionId)) { ssomanager.setSSOSessionID(req, resp, newSSOSessionId); } else { ssomanager.deleteSSOSessionID(req, resp); + } - } else { - - moasessionID = (String) req.getParameter(PARAM_SESSIONID); - + } else { + moasessionID = (String) req.getParameter(PARAM_SESSIONID); moasession = AuthenticationSessionStoreage.getSession(moasessionID); moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession); + } - - + //build authenticationdata from session information and OA configuration + authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession); } - - String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession); + + SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData); RequestStorage.removePendingRequest(protocolRequestID); @@ -436,7 +478,7 @@ public class DispatcherServlet extends AuthServlet{ //Advanced statistic logging StatisticLogger logger = StatisticLogger.getInstance(); - logger.logSuccessOperation(protocolRequest, moasession, isSSOSession); + logger.logSuccessOperation(protocolRequest, authData, isSSOSession); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index 03a61d08f..5a06b3ecd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -24,12 +24,37 @@ package at.gv.egovernment.moa.id.moduls; import java.io.IOException; import java.io.PrintWriter; +import java.security.NoSuchAlgorithmException; import java.util.List; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.joda.time.DateTime; +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.NameIDPolicy; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.core.RequestedAuthnContext; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.IDPSSODescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCredentialResolverFactory; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.criteria.EntityIDCriteria; + import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder; import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder; import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder; @@ -42,9 +67,17 @@ import at.gv.egovernment.moa.id.auth.servlet.AuthServlet; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; public class AuthenticationManager extends AuthServlet { @@ -65,7 +98,6 @@ public class AuthenticationManager extends AuthServlet { return instance; } - /** * Checks if this request can authenticate a MOA Session * @@ -82,9 +114,7 @@ public class AuthenticationManager extends AuthServlet { AuthenticationSession authSession; try { authSession = AuthenticationSessionStoreage.getSession(sessionID); - - - + if (authSession != null) { Logger.info("MOASession found! A: " + authSession.isAuthenticated() + ", AU " @@ -148,16 +178,168 @@ public class AuthenticationManager extends AuthServlet { public void doAuthentication(HttpServletRequest request, HttpServletResponse response, IRequest target) throws ServletException, IOException, MOAIDException { + Logger.info("Starting authentication ..."); + + if (MiscUtil.isEmpty(target.getRequestedIDP())) { + perfomLocalAuthentication(request, response, target); + + } else { + Logger.info("Use IDP " + target.getRequestedIDP() + " for authentication ..."); + buildPVP21AuthenticationRequest(request, response, target); + + } + } + + public void sendTransmitAssertionQuestion(HttpServletRequest request, + HttpServletResponse response, IRequest target, OAAuthParameter oaParam) + throws ServletException, IOException, MOAIDException { + + String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), + target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath()); + + response.setContentType("text/html;charset=UTF-8"); + PrintWriter out = new PrintWriter(response.getOutputStream()); + out.print(form); + out.flush(); + } + + private void buildPVP21AuthenticationRequest(HttpServletRequest request, + HttpServletResponse response, IRequest target) + throws ServletException, IOException, MOAIDException { + + boolean requiredLocalAuthentication = true; + + Logger.debug("Build PVP 2.1 authentication request"); + + //get IDP metadata + try { + OAAuthParameter idp = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(target.getRequestedIDP()); + if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) { + Logger.info("Requested interfederation IDP " + target.getRequestedIDP() + " is not valid for interfederation."); + Logger.info("Switch to local authentication on this IDP ... "); + perfomLocalAuthentication(request, response, target); + return; + + } + + EntityDescriptor idpEntity = MOAMetadataProvider.getInstance(). + getEntityDescriptor(target.getRequestedIDP()); + + if (idpEntity != null ) { + + //fetch endpoint from IDP metadata + SingleSignOnService redirectEndpoint = null; + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + // use POST binding as default if it exists + //TODO: maybe use RedirectBinding as default + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { + redirectEndpoint = sss; + + } else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) && + redirectEndpoint == null ) + redirectEndpoint = sss; + } + + if (redirectEndpoint != null) { + + AuthnRequest authReq = SAML2Utils + .createSAMLObject(AuthnRequest.class); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authReq.setID(gen.generateIdentifier()); -// if (!ParamValidatorUtils.isValidOA(target.getOAURL())) -// throw new WrongParametersException("StartAuthentication", PARAM_OA, -// "auth.12"); -// -// if (target.getOAURL() == null) { -// throw new WrongParametersException("StartAuthentication", PARAM_OA, -// "auth.12"); -// } + //send passive AuthnRequest + authReq.setIsPassive(true); + + authReq.setAssertionConsumerServiceIndex(0); + authReq.setIssueInstant(new DateTime()); + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID name = SAML2Utils.createSAMLObject(NameID.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + + String serviceURL = PVPConfiguration.getInstance().getIDPPublicPath(); + name.setValue(serviceURL); + issuer.setValue(serviceURL); + + subject.setNameID(name); + authReq.setSubject(subject); + issuer.setFormat(NameIDType.ENTITY); + authReq.setIssuer(issuer); + NameIDPolicy policy = SAML2Utils + .createSAMLObject(NameIDPolicy.class); + policy.setAllowCreate(true); + policy.setFormat(NameID.TRANSIENT); + authReq.setNameIDPolicy(policy); + + authReq.setDestination(redirectEndpoint.getLocation()); + + RequestedAuthnContext reqAuthContext = + SAML2Utils.createSAMLObject(RequestedAuthnContext.class); + + AuthnContextClassRef authnClassRef = + SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + authnClassRef.setAuthnContextClassRef("http://www.stork.gov.eu/1.0/citizenQAALevel/4"); + reqAuthContext.setComparison(AuthnContextComparisonTypeEnumeration.MINIMUM); + reqAuthContext.getAuthnContextClassRefs().add(authnClassRef); + authReq.setRequestedAuthnContext(reqAuthContext); + + + IEncoder binding = null; + if (redirectEndpoint.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + + } else if (redirectEndpoint.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + + } + + binding.encodeRequest(request, response, authReq, + redirectEndpoint.getLocation(), target.getRequestID()); + + //build and send request without an error + requiredLocalAuthentication = false; + + } else { + Logger.warn("Requested IDP " + target.getRequestedIDP() + + " does not support POST or Redirect Binding."); + + } + + } else { + Logger.warn("Requested IDP " + target.getRequestedIDP() + + " is not found in InterFederation configuration"); + + } + + } catch (MetadataProviderException e) { + Logger.error("IDP metadata error." , e); + + } catch (NoSuchAlgorithmException e) { + Logger.error("Build IDP authentication request FAILED.", e); + + } catch (MessageEncodingException e) { + Logger.error("Build IDP authentication request FAILED.", e); + + } catch (SecurityException e) { + Logger.error("Build IDP authentication request FAILED.", e); + + } + + if (requiredLocalAuthentication) { + Logger.info("Switch to local authentication on this IDP ... "); + perfomLocalAuthentication(request, response, target); + } + } + + + private void perfomLocalAuthentication(HttpServletRequest request, + HttpServletResponse response, IRequest target) + throws ServletException, IOException, MOAIDException { + Logger.debug("Starting authentication on this IDP ..."); setNoCachingHeadersInHttpRespone(request, response); @@ -183,17 +365,12 @@ public class AuthenticationManager extends AuthServlet { if (legacyallowed && legacyparamavail) { - //parse request parameter into MOASession - + //parse request parameter into MOASession StartAuthentificationParameterParser.parse(request, response, moasession, target); Logger.info("Start Authentication Module: " + moasession.getModul() + " Action: " + moasession.getAction()); - - //start authentication process -// session.getServletContext().getNamedDispatcher("StartAuthentication") -// .forward(request, response); - + StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance(); String getIdentityLinkForm = startauth.build(moasession, request, response); @@ -260,17 +437,4 @@ public class AuthenticationManager extends AuthServlet { out.flush(); } } - - public void sendTransmitAssertionQuestion(HttpServletRequest request, - HttpServletResponse response, IRequest target, OAAuthParameter oaParam) - throws ServletException, IOException, MOAIDException { - - String form = SendAssertionFormBuilder.buildForm(target.requestedModule(), - target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath()); - - response.setContentType("text/html;charset=UTF-8"); - PrintWriter out = new PrintWriter(response.getOutputStream()); - out.print(form); - out.flush(); - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java index 9a3d3986b..529e2ab81 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java @@ -26,11 +26,13 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; public interface IAction extends MOAIDAuthConstants { - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException; public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java index 2ef24c084..aaeb84f92 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java @@ -22,6 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.moduls; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; + public interface IRequest { public String getOAURL(); public boolean isPassiv(); @@ -33,7 +39,10 @@ public interface IRequest { public void setAction(String action); public String getTarget(); public void setRequestID(String id); - public String getRequestID(); + public String getRequestID(); + public String getRequestedIDP(); + public MOAResponse getInterfederationResponse(); + public List<Attribute> getRequestedAttributes(); //public void setTarget(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java index b9b1742e4..4a54a516b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java @@ -23,8 +23,13 @@ package at.gv.egovernment.moa.id.moduls; import java.io.Serializable; +import java.util.List; -public class RequestImpl implements IRequest, Serializable{ +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; + +public abstract class RequestImpl implements IRequest, Serializable{ private static final long serialVersionUID = 1L; @@ -37,6 +42,16 @@ public class RequestImpl implements IRequest, Serializable{ private String target = null; private String requestID; + //MOA-ID interfederation + private String requestedIDP = null; + private MOAResponse response = null; + + /** + * This method map the protocol specific requested attributes to PVP 2.1 attributes. + * + * @return List of PVP 2.1 attributes with maps all protocol specific attributes + */ + public abstract List<Attribute> getRequestedAttributes(); public void setOAURL(String value) { oaURL = value; @@ -102,4 +117,36 @@ public class RequestImpl implements IRequest, Serializable{ public String getRequestID() { return requestID; } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() + */ + @Override + public String getRequestedIDP() { + return requestedIDP; + } + + /** + * @param requestedIDP the requestedIDP to set + */ + public void setRequestedIDP(String requestedIDP) { + this.requestedIDP = requestedIDP; + } + + /** + * @return the response + */ + public MOAResponse getInterfederationResponse() { + return response; + } + + /** + * @param response the response to set + */ + public void setInterfederationResponse(MOAResponse response) { + this.response = response; + } + + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java index 684c6630a..f4f89a4ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java @@ -31,11 +31,15 @@ import javax.servlet.http.HttpServletResponse; import org.hibernate.Query; import org.hibernate.Session; +import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @@ -44,9 +48,12 @@ import at.gv.egovernment.moa.util.MiscUtil; public class SSOManager { private static final String SSOCOOKIE = "MOA_ID_SSO"; + private static final String SSOINTERFEDERATION = "MOA_INTERFEDERATION_SSO"; private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec + private static final int INTERFEDERATIONCOOKIEMAXAGE = 5 * 60;// sec + private static SSOManager instance = null; private static int sso_timeout; @@ -68,7 +75,46 @@ public class SSOManager { return instance; } - public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) { + public void checkInterfederationIsRequested(HttpServletRequest httpReq, HttpServletResponse httpResp, + IRequest protocolRequest) { + String interIDP = httpReq.getParameter(MOAIDAuthConstants.INTERFEDERATION_IDP); + + if (MiscUtil.isNotEmpty(protocolRequest.getRequestedIDP())) { + Logger.info("Protocolspecific preprocessing already set interfederation IDP " + protocolRequest.getRequestedIDP()); + + } + + if (protocolRequest instanceof RequestImpl) { + //check if IDP is requested + RequestImpl moaReq = (RequestImpl) protocolRequest; + if (MiscUtil.isNotEmpty(interIDP)) { + Logger.info("Receive SSO request for interfederation IDP " + interIDP); + moaReq.setRequestedIDP(interIDP); + + } else { + //check if IDP cookie is set + String cookie = getValueFromCookie(httpReq, SSOINTERFEDERATION); + if (MiscUtil.isNotEmpty(cookie)) { + Logger.info("Receive SSO request for interfederated IDP from Cookie " + cookie); + moaReq.setRequestedIDP(cookie); + + deleteCookie(httpReq, httpResp, SSOINTERFEDERATION); + } + } + + } else { + Logger.warn("Request is not of type RequestImpl"); + + } + } + + public void setInterfederationIDPCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String value) { + setCookie(httpReq, httpResp, SSOINTERFEDERATION, value, INTERFEDERATIONCOOKIEMAXAGE); + + } + + + public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) { // search SSO Session if (ssoSessionID == null) { @@ -76,15 +122,43 @@ public class SSOManager { return false; } - // String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(), - // AuthenticationManager.MOA_SESSION, null); + AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); - return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + if (storedSession == null) + return false; + + else { + if (protocolRequest != null && + protocolRequest instanceof RequestImpl && + storedSession.isInterfederatedSSOSession() && + !storedSession.isAuthenticated()) { + + if (MiscUtil.isEmpty(((RequestImpl) protocolRequest).getRequestedIDP())) { + InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASession(storedSession.getSessionid()); + + if (selectedIDP != null) { + //no local SSO session exist -> request interfederated IDP + ((RequestImpl) protocolRequest).setRequestedIDP(selectedIDP.getIdpurlprefix()); + + } else { + Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); + MOASessionDBUtils.delete(storedSession); + + } + } + + return false; + + } + + return true; + } } public String getMOASession(String ssoSessionID) { - return AuthenticationSessionStoreage.getMOASessionID(ssoSessionID); + return AuthenticationSessionStoreage.getMOASessionSSOID(ssoSessionID); + } public String existsOldSSOSession(String ssoId) { @@ -95,24 +169,10 @@ public class SSOManager { List<OldSSOSessionIDStore> result; synchronized (session) { - -// try { -// session.getTransaction().rollback(); -// } -// catch (Exception e) { -// e.printStackTrace(); -// } -// try { -// session.getSessionFactory().openSession(); -// } -// catch (Exception e) { -// e.printStackTrace(); -// } - // session.getTransaction().begin(); - + session.beginTransaction(); Query query = session.getNamedQuery("getSSOSessionWithOldSessionID"); - query.setString("sessionid", ssoId); + query.setParameter("sessionid", ssoId); result = query.list(); // send transaction @@ -156,22 +216,58 @@ public class SSOManager { return newSSOId; } - + public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) { - Cookie[] cookies = httpReq.getCookies(); + setCookie(httpReq, httpResp, SSOCOOKIE, ssoId, sso_timeout); - if (cookies != null) { - deleteSSOSessionID(httpReq, httpResp); - } + } - Cookie cookie = new Cookie(SSOCOOKIE, ssoId); - cookie.setMaxAge(sso_timeout); - cookie.setSecure(true); - cookie.setPath(httpReq.getContextPath()); - httpResp.addCookie(cookie); + public String getSSOSessionID(HttpServletRequest httpReq) { + return getValueFromCookie(httpReq, SSOCOOKIE); + + } + + public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { + deleteCookie(httpReq, httpResp, SSOCOOKIE); } - public String getSSOSessionID(HttpServletRequest httpReq) { + /** + * @param entityID + * @param request + */ + public boolean removeInterfederatedSSOIDP(String entityID, + HttpServletRequest request) { + + String ssoSessionID = getSSOSessionID(request); + + if (MiscUtil.isNotEmpty(ssoSessionID)) { + + AuthenticatedSessionStore storedSession = AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null); + + if (storedSession == null) + return false; + + InterfederationSessionStore selectedIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORSSOWithMOASessionIDPID(storedSession.getSessionid(), entityID); + + if (selectedIDP != null) { + //no local SSO session exist -> request interfederated IDP + Logger.info("Delete interfederated IDP " + selectedIDP.getIdpurlprefix() + + " from MOASession " + storedSession.getSessionid()); + MOASessionDBUtils.delete(selectedIDP); + + } else { + Logger.warn("MOASession is marked as interfederated SSO session but no interfederated IDP is found. Switch to local authentication ..."); + + } + + return true; + + } else + return false; + + } + + private String getValueFromCookie(HttpServletRequest httpReq, String cookieName) { Cookie[] cookies = httpReq.getCookies(); if (cookies != null) { @@ -181,7 +277,7 @@ public class SSOManager { // (firefox) // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) { - if (cookie.getName().equals(SSOCOOKIE)) { + if (cookie.getName().equals(cookieName)) { return cookie.getValue(); } } @@ -189,13 +285,21 @@ public class SSOManager { return null; } - public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) { - Cookie[] cookies = httpReq.getCookies(); + private void setCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, + String cookieName, String cookieValue, int maxAge) { - if (cookies != null) { - for (Cookie cookie : cookies) { - if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie); - } - } + Cookie cookie = new Cookie(cookieName, cookieValue); + cookie.setMaxAge(maxAge); + cookie.setSecure(true); + + //TODO: could be a problem if the IDP is accessible from different contextPaths or Domains + cookie.setPath(httpReq.getContextPath()); + + httpResp.addCookie(cookie); + } + + private void deleteCookie(HttpServletRequest httpReq, HttpServletResponse httpResp, String cookieName) { + setCookie(httpReq, httpResp, cookieName, "", 1); } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index b95c08044..6c2f3e75a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.monitoring; -import java.io.File; -import java.io.FileInputStream; import java.io.InputStream; +import java.net.URL; import java.util.List; import org.w3c.dom.Element; @@ -49,8 +48,9 @@ public class IdentityLinkTestModule implements TestModuleInterface { public void initializeTest(long delayParam, String url) throws Exception{ if (MiscUtil.isNotEmpty(url)) { - File idlfile = new File(url); - InputStream idlstream = new FileInputStream(idlfile); + + URL keystoreURL = new URL(url); + InputStream idlstream = keystoreURL.openStream(); identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index ccfa6d5d1..84581abe8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -30,6 +30,7 @@ import java.util.Map; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; public class TestManager { @@ -54,7 +55,7 @@ public class TestManager { //add IdentityLink verification test IdentityLinkTestModule test2 = new IdentityLinkTestModule(); - String idlurl = config.getMonitoringTestIdentityLinkURL(); + String idlurl = FileUtils.makeAbsoluteURL(config.getMonitoringTestIdentityLinkURL(), config.getRootConfigFileDir()); try { test2.initializeTest(0, idlurl); tests.put(test2.getName(), test2);; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 8d45a5d86..93a2f7d6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -26,6 +26,7 @@ import java.util.Properties; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { @@ -44,10 +45,12 @@ public class OAuth20Configuration { public static final String JWT_KEY_PASSWORD = "jwt.ks.key.password"; private Properties props; + private String rootDir = null; private OAuth20Configuration() { try { props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig(); + rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); } catch (ConfigurationException e) { e.printStackTrace(); @@ -55,7 +58,7 @@ public class OAuth20Configuration { } public String getJWTKeyStore() { - return props.getProperty(JWT_KEYSTORE); + return FileUtils.makeAbsoluteURL(props.getProperty(JWT_KEYSTORE), rootDir); } public String getJWTKeyStorePassword() { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java index 677b5e7ab..75501d812 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java @@ -28,6 +28,8 @@ public final class OAuth20Constants { throw new InstantiationError(); } + public static final String ERRORPAGE = "moa_errorcodes.html"; + // error parameters and error codes public static final String PARAM_ERROR = "error"; public static final String PARAM_ERROR_DESCRIPTION = "error_description"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 394fd1430..3b0d07ce1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -27,9 +27,8 @@ import java.util.List; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.oauth20.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; @@ -173,10 +172,10 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData) { + final OAAuthParameter oaParam, final IAuthData authData) { for (IAttributeBuilder b : builders) { try { - Pair<String, JsonPrimitive> attribute = b.build(authSession, oaParam, authData, generator); + Pair<String, JsonPrimitive> attribute = b.build(oaParam, authData, generator); if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } @@ -187,33 +186,70 @@ public final class OAuth20AttributeBuilder { } } - public static void addScopeOpenId(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersOpenId, jsonObject, authSession, oaParam, authData); + public static void addScopeOpenId(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersOpenId, jsonObject, oaParam, authData); } - public static void addScopeProfile(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersProfile, jsonObject, authSession, oaParam, authData); + public static void addScopeProfile(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersProfile, jsonObject, oaParam, authData); } - public static void addScopeEID(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersEID, jsonObject, authSession, oaParam, authData); + public static void addScopeEID(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersEID, jsonObject, oaParam, authData); } - public static void addScopeEIDGov(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersEIDGov, jsonObject, authSession, oaParam, authData); + public static void addScopeEIDGov(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersEIDGov, jsonObject, oaParam, authData); } - public static void addScopeMandate(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersMandate, jsonObject, authSession, oaParam, authData); + public static void addScopeMandate(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersMandate, jsonObject, oaParam, authData); } - public static void addScopeSTORK(final JsonObject jsonObject, final AuthenticationSession authSession, - final OAAuthParameter oaParam, final AuthenticationData authData) { - addAttibutes(buildersSTORK, jsonObject, authSession, oaParam, authData); + public static void addScopeSTORK(final JsonObject jsonObject, + final OAAuthParameter oaParam, final IAuthData authData) { + addAttibutes(buildersSTORK, jsonObject, oaParam, authData); } + + /** + * @return the buildersprofile + */ + public static List<IAttributeBuilder> getBuildersprofile() { + return buildersProfile; + } + + /** + * @return the builderseid + */ + public static List<IAttributeBuilder> getBuilderseid() { + return buildersEID; + } + + /** + * @return the builderseidgov + */ + public static List<IAttributeBuilder> getBuilderseidgov() { + return buildersEIDGov; + } + + /** + * @return the buildersmandate + */ + public static List<IAttributeBuilder> getBuildersmandate() { + return buildersMandate; + } + + /** + * @return the buildersstork + */ + public static List<IAttributeBuilder> getBuildersstork() { + return buildersSTORK; + } + + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index da1980896..121648499 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { return "auth_time"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildLongAttribute(this.getName(), "", ((long) (authData.getTimestamp().getTime() / 1000))); + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000))); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index e7a85705a..9230c0105 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -39,7 +38,7 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { return "exp"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index a75dfd029..3bdda5c2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,9 +24,8 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -37,7 +36,7 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder { return "iat"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index d21f1a5bb..85c46d5b2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder { return "iss"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index bc48ce915..d5bda0dba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { return "sub"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getBPK()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index a92b0c12d..dd84536ed 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,9 +34,9 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder { return "birthdate"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", authData.getDateOfBirth()); + return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 5ce22a6c6..02cc66e4b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder { return "family_name"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 047bfa9a9..302ce8105 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; @@ -35,7 +34,7 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder { return "given_name"; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java new file mode 100644 index 000000000..0edeb89bc --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20OANotSupportedException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.oauth20.exceptions; + +import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; + +/** + * @author tlenz + * + */ +public class OAuth20OANotSupportedException extends OAuth20Exception { + + private static final long serialVersionUID = -8713091674236329339L; + + /** + * @param errorCode + * @param messageId + * @param parameters + */ + public OAuth20OANotSupportedException() { + super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java index d560e46f0..470507f08 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java @@ -28,7 +28,7 @@ public class OAuth20ServerErrorException extends OAuth20Exception { private static final long serialVersionUID = 1L; public OAuth20ServerErrorException() { - super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {}); + super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.10", new Object[] {}); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index d60b8c230..4c70ce995 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -30,13 +30,12 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; @@ -51,14 +50,13 @@ import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; class OAuth20AuthAction implements IAction { - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, - AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; String responseType = oAuthRequest.getResponseType(); @@ -76,7 +74,7 @@ class OAuth20AuthAction implements IAction { o.setCode(code); //generate idToken from MOASession - Map<String, Object> idToken = generateIDToken(o, oAuthRequest, moasession, accessToken); + Map<String, Object> idToken = generateIDToken(o, oAuthRequest, authData, accessToken); o.setAuthDataSession(idToken); } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) { @@ -100,7 +98,11 @@ class OAuth20AuthAction implements IAction { httpResp.addHeader("Location", finalUrl); Logger.debug("REDIRECT TO: " + finalUrl.toString()); - return accessToken; + + //TODO: maybe add bPK / wbPK to SLO information + SLOInformationInterface sloInformation = new SLOInformationImpl(accessToken, null, null, req.requestedModule()); + + return sloInformation; } catch (Exception e) { @@ -118,7 +120,7 @@ class OAuth20AuthAction implements IAction { } private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject, - OAuth20AuthRequest oAuthRequest, AuthenticationSession moasession, String accessToken) throws SignatureException, MOAIDException { + OAuth20AuthRequest oAuthRequest, IAuthData authData, String accessToken) throws SignatureException, MOAIDException { // create response Map<String, Object> params = new HashMap<String, Object>(); @@ -128,7 +130,7 @@ class OAuth20AuthAction implements IAction { // build id token and scope Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest, - moasession); + authData); Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst()); params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst()); Logger.debug("RESPONSE SCOPE: " + pair.getSecond()); @@ -138,34 +140,33 @@ class OAuth20AuthAction implements IAction { } - private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, AuthenticationSession session) + private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL()); - AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget()); OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); // always fill with open id - OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append("openId"); for (String s : scope.split(" ")) { if (s.equalsIgnoreCase("profile")) { - OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" profile"); } else if (s.equalsIgnoreCase("eID")) { - OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" eID"); } else if (s.equalsIgnoreCase("eID_gov")) { - OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" eID_gov"); } else if (s.equalsIgnoreCase("mandate")) { - OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" mandate"); } else if (s.equalsIgnoreCase("stork")) { - OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), session, oaParam, authData); + OAuth20AttributeBuilder.addScopeSTORK(token.getPayloadAsJsonObject(), oaParam, authData); resultScopes.append(" stork"); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index dc3335631..c47e366a1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,17 +22,29 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + import javax.servlet.http.HttpServletRequest; +import org.opensaml.saml2.core.Attribute; + import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; +import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder; +import at.gv.egovernment.moa.logging.Logger; class OAuth20AuthRequest extends OAuth20BaseRequest { @@ -153,4 +165,48 @@ class OAuth20AuthRequest extends OAuth20BaseRequest { } } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + Map<String, String> reqAttr = new HashMap<String, String>(); + for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) + reqAttr.put(el, ""); + + try { + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + + for (String s : scope.split(" ")) { + if (s.equalsIgnoreCase("profile")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("eID")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("eID_gov")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("mandate")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) + reqAttr.put(el.getName(), ""); + + } else if (s.equalsIgnoreCase("stork")) { + for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) + reqAttr.put(el.getName(), ""); + + } + } + + return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); + + } catch (ConfigurationException e) { + Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); + return null; + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index d0b43d25a..d08bd593a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; @@ -89,7 +90,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { } if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId()) || StringUtils.isEmpty(config.getOAuthRedirectUri())) { - throw new OAuth20ServerErrorException(); + throw new OAuth20OANotSupportedException(); } } catch (ConfigurationException e) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 00b7a83f0..9dac8d5a0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -2,6 +2,7 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import java.net.URLEncoder; import java.util.HashMap; +import java.util.List; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -10,17 +11,22 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import com.google.gson.JsonObject; +import edu.emory.mathcs.backport.java.util.Arrays; + public class OAuth20Protocol implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); @@ -29,6 +35,13 @@ public class OAuth20Protocol implements IModulInfo { public static final String AUTH_ACTION = "AUTH"; public static final String TOKEN_ACTION = "TOKEN"; + @SuppressWarnings("unchecked") + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, + PVPConstants.BPK_NAME + }); + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); static { @@ -87,20 +100,27 @@ public class OAuth20Protocol implements IModulInfo { */ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable { - + // get error code and description String errorCode; String errorDescription; - // String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11"; + String errorUri = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + +"/" + OAuth20Constants.ERRORPAGE; + String moaError = null; + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); + moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); + moaError = errorUtils.getResponseErrorCode(e); } - + String paramRedirect = null; String state = null; boolean isAuthRequest = false; @@ -144,7 +164,8 @@ public class OAuth20Protocol implements IModulInfo { OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode); OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription); - // OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri); + if (MiscUtil.isNotEmpty(moaError)) + OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError); OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state); response.setContentType("text/html"); @@ -159,7 +180,7 @@ public class OAuth20Protocol implements IModulInfo { Map<String, Object> params = new HashMap<String, Object>(); params.put(OAuth20Constants.PARAM_ERROR, errorCode); params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION, errorDescription); - // params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri); + params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri + "#" + moaError); // create response JsonObject jsonObject = new JsonObject(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 3f6c148eb..944da38d0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -26,9 +26,10 @@ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; @@ -42,8 +43,8 @@ import com.google.gson.JsonObject; class OAuth20TokenAction implements IAction { - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, - AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { OAuth20SessionObject auth20SessionObject = null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 0f1ba23b3..3c90a5773 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,8 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; +import java.util.List; + import javax.servlet.http.HttpServletRequest; +import org.opensaml.saml2.core.Attribute; + import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; @@ -137,4 +141,12 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE); this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java new file mode 100644 index 000000000..71d1c26d4 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AttributQueryAction.java @@ -0,0 +1,178 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x; + + +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; +import org.opensaml.saml2.core.Response; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; + +import edu.emory.mathcs.backport.java.util.Arrays; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AttributQueryAction implements IAction { + + @SuppressWarnings("unchecked") + private final static List<String> DEFAULTSTORKATTRIBUTES = Arrays.asList( + new String[]{PVPConstants.EID_STORK_TOKEN_NAME}); + + @SuppressWarnings("unchecked") + private final static List<String> DEFAULTMANDATEATTRIBUTES = Arrays.asList( + new String[]{ PVPConstants.MANDATE_FULL_MANDATE_NAME, + PVPConstants.MANDATE_PROF_REP_OID_NAME}); + + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public SLOInformationInterface processRequest(IRequest req, + HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { + + if (req instanceof PVPTargetConfiguration && + ((PVPTargetConfiguration) req).getRequest() instanceof MOARequest && + ((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest() instanceof AttributeQuery) { + + AttributeQuery attrQuery = (AttributeQuery)((MOARequest)((PVPTargetConfiguration) req).getRequest()).getSamlRequest(); + + //load moaSession + String nameID = attrQuery.getSubject().getNameID().getValue(); + + AuthenticationSession session = AuthenticationSessionStoreage.getSessionWithUserNameID(nameID); + if (session == null) { + Logger.warn("AttributeQuery nameID does not match to an active single sign-on session."); + throw new AttributQueryException("AttributeQuery nameID does not match to an active single sign-on session.", null); + + } + + DateTime date = new DateTime(); + + //generate authData + authData = AuthenticationDataBuilder.buildAuthenticationData(req, session, attrQuery.getAttributes()); + + //add default attributes in case of mandates or STORK is in use + List<String> attrList = addDefaultAttributes(attrQuery, authData); + + //build PVP 2.1 assertion + Assertion assertion = PVP2AssertionBuilder.buildAssertion(attrQuery, attrList, authData, date, authData.getSessionIndex()); + + //build PVP 2.1 response + Response authResponse = AuthResponseBuilder.buildResponse(attrQuery, date, assertion); + + try { + SoapBinding decoder = new SoapBinding(); + decoder.encodeRespone(httpReq, httpResp, authResponse, null, null); + return null; + + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } + + } else { + Logger.error("Process AttributeQueryAction but request is NOT of type AttributQuery."); + throw new MOAIDException("pvp2.13", null); + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return PVP2XProtocol.ATTRIBUTEQUERY; + } + + private List<String> addDefaultAttributes(AttributeQuery query, IAuthData authData) { + + List<String> reqAttributs = new ArrayList<String>(); + + for (Attribute attr : query.getAttributes()) { + reqAttributs.add(attr.getName()); + + } + + //add default STORK attributes if it is a STORK authentication + if (authData.isForeigner() && !reqAttributs.containsAll(DEFAULTSTORKATTRIBUTES)) { + for (String el : DEFAULTSTORKATTRIBUTES) { + if (!reqAttributs.contains(el)) + reqAttributs.add(el); + } + } + + //add default mandate attributes if it is a authentication with mandates + if (authData.isUseMandate() && !reqAttributs.containsAll(DEFAULTMANDATEATTRIBUTES)) { + for (String el : DEFAULTMANDATEATTRIBUTES) { + if (!reqAttributs.contains(el)) + reqAttributs.add(el); + } + } + + return reqAttributs; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java index 10618071a..70db9cc23 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java @@ -25,19 +25,27 @@ package at.gv.egovernment.moa.id.protocols.pvp2x; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager; public class AuthenticationAction implements IAction { - public String processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req; - return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession); + + SLOInformationImpl sloInformation = (SLOInformationImpl) RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, authData); + + //set protocol type + sloInformation.setProtocolType(req.requestedModule()); + + return sloInformation; } public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java index 99cba3277..01f7e18ba 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java @@ -38,30 +38,42 @@ import org.joda.time.DateTime; import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.AssertionConsumerService; +import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.ContactPerson; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.KeyDescriptor; +import org.opensaml.saml2.metadata.LocalizedString; import org.opensaml.saml2.metadata.NameIDFormat; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.ServiceName; +import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.SecurityHelper; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.keyinfo.KeyInfoGenerator; +import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory; import org.opensaml.xml.signature.Signature; import org.opensaml.xml.signature.Signer; import org.w3c.dom.Document; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -69,8 +81,8 @@ public class MetadataAction implements IAction { private static final int VALIDUNTIL_IN_HOURS = 24; - public String processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { try { EntitiesDescriptor idpEntitiesDescriptor = @@ -110,6 +122,7 @@ public class MetadataAction implements IAction { //keyInfoFactory.setEmitPublicKeyValue(true); keyInfoFactory.setEmitEntityIDAsKeyName(true); keyInfoFactory.setEmitEntityCertificate(true); + KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance(); Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential(); @@ -120,106 +133,12 @@ public class MetadataAction implements IAction { SecurityHelper.prepareSignatureParams(signature, metadataSigningCredential, null, null); idpEntitiesDescriptor.setSignature(signature); - -// //set SignatureMethode -// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE); -// -// //set DigestMethode -// List<ContentReference> contentList = signature.getContentReferences(); -// for (ContentReference content : contentList) { -// -// if (content instanceof SAMLObjectContentReference) { -// -// SAMLObjectContentReference el = (SAMLObjectContentReference) content; -// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE); -// -// } -// } - - -// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder(); -// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject(); -// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.); -// signature.setKeyInfo(metadataKeyInfo ); - - - - IDPSSODescriptor idpSSODescriptor = SAML2Utils - .createSAMLObject(IDPSSODescriptor.class); - idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); - - idpSSODescriptor.setWantAuthnRequestsSigned(true); - - if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { - SingleSignOnService postSingleSignOnService = SAML2Utils - .createSAMLObject(SingleSignOnService.class); - - postSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSOPostService()); - postSingleSignOnService - .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); - - idpSSODescriptor.getSingleSignOnServices().add( - postSingleSignOnService); - } - - if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { - SingleSignOnService redirectSingleSignOnService = SAML2Utils - .createSAMLObject(SingleSignOnService.class); - - redirectSingleSignOnService.setLocation(PVPConfiguration - .getInstance().getIDPSSORedirectService()); - redirectSingleSignOnService - .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); - - idpSSODescriptor.getSingleSignOnServices().add( - redirectSingleSignOnService); - } - - /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { - ArtifactResolutionService artifactResolutionService = SAML2Utils - .createSAMLObject(ArtifactResolutionService.class); - - artifactResolutionService - .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); - artifactResolutionService.setLocation(PVPConfiguration - .getInstance().getIDPResolveSOAPService()); - - artifactResolutionService.setIndex(0); - - idpSSODescriptor.getArtifactResolutionServices().add( - artifactResolutionService); - }*/ - - //set assertion signing key - Credential assertionSigingCredential = CredentialProvider - .getIDPAssertionSigningCredential(); - - KeyDescriptor signKeyDescriptor = SAML2Utils - .createSAMLObject(KeyDescriptor.class); - signKeyDescriptor.setUse(UsageType.SIGNING); - signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential)); - idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); - - idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); - - NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); - - idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); - - NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + //set IDP metadata + idpEntityDescriptor.getRoleDescriptors().add(generateIDPMetadata(keyInfoGenerator)); - idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); - - NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); - unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); - - idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); - - idpEntityDescriptor.getRoleDescriptors().add(idpSSODescriptor); + //set SP metadata for interfederation + idpEntityDescriptor.getRoleDescriptors().add(generateSPMetadata(keyInfoGenerator)); DocumentBuilder builder; DocumentBuilderFactory factory = DocumentBuilderFactory @@ -243,9 +162,8 @@ public class MetadataAction implements IAction { sw.close(); String metadataXML = sw.toString(); - - System.out.println("METADATA: " + metadataXML); - + Logger.debug("METADATA: " + metadataXML); + httpResp.setContentType("text/xml"); httpResp.getOutputStream().write(metadataXML.getBytes()); @@ -268,4 +186,228 @@ public class MetadataAction implements IAction { return (PVP2XProtocol.METADATA); } + private RoleDescriptor generateSPMetadata(KeyInfoGenerator keyInfoGenerator) throws CredentialsNotAvailableException, SecurityException, ConfigurationException { + + Logger.debug("Set SP Metadata key information"); + + SPSSODescriptor spSSODescriptor = SAML2Utils + .createSAMLObject(SPSSODescriptor.class); + + spSSODescriptor.setAuthnRequestsSigned(true); + spSSODescriptor.setWantAssertionsSigned(true); + + + //Set AuthRequest Signing certificate + X509Credential authcredential = CredentialProvider.getIDPAssertionSigningCredential(); + + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authcredential)); + spSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + + //set AuthRequest encryption certificate + + X509Credential authEncCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); + + if (authEncCredential != null) { + KeyDescriptor encryKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + encryKeyDescriptor.setUse(UsageType.ENCRYPTION); + encryKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(authEncCredential)); + spSSODescriptor.getKeyDescriptors().add(encryKeyDescriptor); + + } else { + Logger.warn("No Assertion Encryption-Key defined. This setting is not recommended!"); + + } + + NameIDFormat persistentnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistentnameIDFormat.setFormat(NameIDType.PERSISTENT); + + spSSODescriptor.getNameIDFormats().add(persistentnameIDFormat); + + NameIDFormat transientnameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientnameIDFormat.setFormat(NameIDType.TRANSIENT); + + spSSODescriptor.getNameIDFormats().add(transientnameIDFormat); + + NameIDFormat unspecifiednameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiednameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + spSSODescriptor.getNameIDFormats().add(unspecifiednameIDFormat); + + //add assertion consumer services + AssertionConsumerService postassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + postassertionConsumerService.setIndex(0); + postassertionConsumerService.setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + postassertionConsumerService.setLocation(PVPConfiguration + .getInstance().getIDPSSOPostService()); + postassertionConsumerService.setIsDefault(true); + spSSODescriptor.getAssertionConsumerServices().add(postassertionConsumerService); + + AssertionConsumerService redirectassertionConsumerService = + SAML2Utils.createSAMLObject(AssertionConsumerService.class); + redirectassertionConsumerService.setIndex(1); + redirectassertionConsumerService.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + redirectassertionConsumerService.setLocation(PVPConfiguration + .getInstance().getIDPSSORedirectService()); + spSSODescriptor.getAssertionConsumerServices().add(redirectassertionConsumerService); + + + //add SLO descriptor +// SingleLogoutService postSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// postSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// postSLOService +// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +// spSSODescriptor.getSingleLogoutServices().add(postSLOService); +// +// SingleLogoutService redirectSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// redirectSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// redirectSLOService +// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +// spSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + + + spSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + AttributeConsumingService attributeService = + SAML2Utils.createSAMLObject(AttributeConsumingService.class); + + attributeService.setIndex(0); + attributeService.setIsDefault(true); + ServiceName serviceName = SAML2Utils.createSAMLObject(ServiceName.class); + serviceName.setName(new LocalizedString("Default Service", "de")); + attributeService.getNames().add(serviceName); + + return spSSODescriptor; + } + + private IDPSSODescriptor generateIDPMetadata(KeyInfoGenerator keyInfoGenerator) throws ConfigurationException, CredentialsNotAvailableException, SecurityException { + + +// //set SignatureMethode +// signature.setSignatureAlgorithm(PVPConstants.DEFAULT_SIGNING_METHODE); +// +// //set DigestMethode +// List<ContentReference> contentList = signature.getContentReferences(); +// for (ContentReference content : contentList) { +// +// if (content instanceof SAMLObjectContentReference) { +// +// SAMLObjectContentReference el = (SAMLObjectContentReference) content; +// el.setDigestAlgorithm(PVPConstants.DEFAULT_DIGESTMETHODE); +// +// } +// } + + +// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder(); +// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject(); +// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.); +// signature.setKeyInfo(metadataKeyInfo ); + + + IDPSSODescriptor idpSSODescriptor = SAML2Utils + .createSAMLObject(IDPSSODescriptor.class); + + idpSSODescriptor.addSupportedProtocol(SAMLConstants.SAML20P_NS); + + idpSSODescriptor.setWantAuthnRequestsSigned(true); + + if (PVPConfiguration.getInstance().getIDPSSOPostService() != null) { + //add SSO descriptor + SingleSignOnService postSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + postSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSOPostService()); + postSingleSignOnService + .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add( + postSingleSignOnService); + + //add SLO descriptor +// SingleLogoutService postSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// postSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// postSLOService +// .setBinding(SAMLConstants.SAML2_POST_BINDING_URI); +// idpSSODescriptor.getSingleLogoutServices().add(postSLOService); + + } + + if (PVPConfiguration.getInstance().getIDPSSORedirectService() != null) { + //add SSO descriptor + SingleSignOnService redirectSingleSignOnService = SAML2Utils + .createSAMLObject(SingleSignOnService.class); + redirectSingleSignOnService.setLocation(PVPConfiguration + .getInstance().getIDPSSORedirectService()); + redirectSingleSignOnService + .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + idpSSODescriptor.getSingleSignOnServices().add( + redirectSingleSignOnService); + + //add SLO descriptor +// SingleLogoutService redirectSLOService = +// SAML2Utils.createSAMLObject(SingleLogoutService.class); +// redirectSLOService.setLocation(PVPConfiguration +// .getInstance().getIDPSSOPostService()); +// redirectSLOService +// .setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); +// idpSSODescriptor.getSingleLogoutServices().add(redirectSLOService); + } + + /*if (PVPConfiguration.getInstance().getIDPResolveSOAPService() != null) { + ArtifactResolutionService artifactResolutionService = SAML2Utils + .createSAMLObject(ArtifactResolutionService.class); + + artifactResolutionService + .setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + artifactResolutionService.setLocation(PVPConfiguration + .getInstance().getIDPResolveSOAPService()); + + artifactResolutionService.setIndex(0); + + idpSSODescriptor.getArtifactResolutionServices().add( + artifactResolutionService); + }*/ + + //set assertion signing key + Credential assertionSigingCredential = CredentialProvider + .getIDPAssertionSigningCredential(); + + KeyDescriptor signKeyDescriptor = SAML2Utils + .createSAMLObject(KeyDescriptor.class); + signKeyDescriptor.setUse(UsageType.SIGNING); + signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential)); + idpSSODescriptor.getKeyDescriptors().add(signKeyDescriptor); + + idpSSODescriptor.getAttributes().addAll(PVPAttributeBuilder.buildSupportedEmptyAttributes()); + + NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + persistenNameIDFormat.setFormat(NameIDType.PERSISTENT); + + idpSSODescriptor.getNameIDFormats().add(persistenNameIDFormat); + + NameIDFormat transientNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + transientNameIDFormat.setFormat(NameIDType.TRANSIENT); + + idpSSODescriptor.getNameIDFormats().add(transientNameIDFormat); + + NameIDFormat unspecifiedNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class); + unspecifiedNameIDFormat.setFormat(NameIDType.UNSPECIFIED); + + idpSSODescriptor.getNameIDFormats().add(unspecifiedNameIDFormat); + + return idpSSODescriptor; + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java index e81b23d41..863bfe501 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java @@ -22,8 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; -import iaik.pkcs.pkcs11.objects.Object; - +import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.Iterator; @@ -31,11 +30,17 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; import org.apache.commons.lang.StringEscapeUtils; +import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.Status; import org.opensaml.saml2.core.StatusCode; @@ -45,32 +50,53 @@ import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.AttributeConsumingService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.ws.security.SecurityPolicyException; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.signature.SignableXMLObject; + +import edu.emory.mathcs.backport.java.util.Arrays; import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; +import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException; +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.moduls.RequestStorage; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestValidatorException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.validation.AuthnRequestValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; +import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.id.util.VelocityLogAdapter; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { @@ -81,18 +107,29 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public static final String POST = "Post"; public static final String SOAP = "Soap"; public static final String METADATA = "Metadata"; + public static final String ATTRIBUTEQUERY = "AttributeQuery"; + public static final String SINGLELOGOUT = "SingleLogOut"; private static List<IDecoder> decoder = new ArrayList<IDecoder>(); private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + @SuppressWarnings("unchecked") + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME + }); + static { decoder.add(new PostBinding()); decoder.add(new RedirectBinding()); + decoder.add(new SoapBinding()); actions.put(REDIRECT, new AuthenticationAction()); actions.put(POST, new AuthenticationAction()); actions.put(METADATA, new MetadataAction()); + actions.put(ATTRIBUTEQUERY, new AttributQueryAction()); + actions.put(SINGLELOGOUT, new SingleLogOutAction()); //TODO: insert getArtifact action @@ -133,7 +170,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public PVP2XProtocol() { super(); } - + public IRequest preProcess(HttpServletRequest request, HttpServletResponse response, String action) throws MOAIDException { @@ -147,6 +184,7 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { if(METADATA.equals(action)) { return new PVPTargetConfiguration(); + } IDecoder decoder = findDecoder(action, request); @@ -154,103 +192,88 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { return null; } try { - PVPTargetConfiguration config = new PVPTargetConfiguration(); - - - MOARequest moaRequest = decoder.decodeRequest(request, response); - - RequestAbstractType samlReq = moaRequest.getSamlRequest(); - - //String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq)); - //Logger.info("SAML : " + xml); - - if(!moaRequest.isVerified()) { - SAMLVerificationEngine engine = new SAMLVerificationEngine(); - engine.verifyRequest(samlReq, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - moaRequest.setVerified(true); - } - - if(!(samlReq instanceof AuthnRequest)) { - throw new MOAIDException("Unsupported request", new Object[] {}); - } - - EntityDescriptor metadata = moaRequest.getEntityMetadata(); - if(metadata == null) { - throw new NoMetadataInformationException(); - } - SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + InboundMessage msg = (InboundMessage) decoder.decode(request, response); - AuthnRequest authnRequest = (AuthnRequest)samlReq; - - Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); - int assertionidx = 0; - - if(aIdx != null) { - assertionidx = aIdx.intValue(); + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw new InvalidProtocolRequestException("pvp2.20", new Object[] {}); - } else { - assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); } - aIdx = authnRequest.getAttributeConsumingServiceIndex(); - int attributeIdx = 0; - - if(aIdx != null) { - attributeIdx = aIdx.intValue(); + if(!msg.isVerified()) { + SAMLVerificationEngine engine = new SAMLVerificationEngine(); + engine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine()); + msg.setVerified(true); + } + + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof AuthnRequest) + return preProcessAuthRequest(request, response, (MOARequest) msg); - AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); + else if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof AttributeQuery) + return preProcessAttributQueryRequest(request, response, (MOARequest) msg); + + else if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) + return preProcessLogOut(request, response, (MOARequest) msg); - AttributeConsumingService attributeConsumer = null; + else if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) + return preProcessLogOut(request, response, (MOARequest) msg); - if (spSSODescriptor.getAttributeConsumingServices() != null && - spSSODescriptor.getAttributeConsumingServices().size() > 0) { - attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); - } + else if (msg instanceof MOAResponse) { + //load service provider AuthRequest from session + + IRequest obj = RequestStorage.getPendingRequest(msg.getRelayState()); + if (obj instanceof RequestImpl) { + RequestImpl iReqSP = (RequestImpl) obj; + + MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + + if ( processedMsg != null ) { + iReqSP.setInterfederationResponse(processedMsg); + + } else { + Logger.info("Interfederated IDP " + msg.getEntityID() + " has NO valid SSO session." + +". Switch back local authentication process ..."); - String oaURL = moaRequest.getEntityMetadata().getEntityID(); - String binding = consumerService.getBinding(); -// String entityID = moaRequest.getEntityMetadata().getEntityID(); - - Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding); - - oaURL = StringEscapeUtils.escapeHtml(oaURL); - - config.setOAURL(oaURL); - config.setBinding(binding); - config.setRequest(moaRequest); - config.setConsumerURL(consumerService.getLocation()); + SSOManager ssomanager = SSOManager.getInstance(); + ssomanager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + + iReqSP.setRequestedIDP(null); - String useMandate = request.getParameter(PARAM_USEMANDATE); - if(useMandate != null) { - if(useMandate.equals("true") && attributeConsumer != null) { - if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { - throw new MandateAttributesNotHandleAbleException(); } + + return iReqSP; + } - } - //validate AuthnRequest - try { - AuthnRequestValidator.validate((AuthnRequestImpl) samlReq); - - } catch (AuthnRequestValidatorException e) { - if (generateErrorMessage(e, request, response, config)) { - throw new AuthnRequestValidatorException(e.getMessage(), - new Object[] {}, config); - - } else { - throw new MOAIDException(e.getMessage(), new Object[] {}); - - } + Logger.error("Stored PVP21 authrequest from service provider has an unsuppored type."); + return null; + + } else { + Logger.error("Receive unsupported PVP21 message"); + throw new MOAIDException("Unsupported PVP21 message", new Object[] {}); } - - //request.getSession().setAttribute(PARAM_OA, oaURL); - return config; - } catch (PVP2Exception e) { throw e; + + } catch (SecurityPolicyException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); + + } catch (SecurityException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw new InvalidProtocolRequestException("pvp2.22", new Object[] {e.getMessage()}); + + } catch (InvalidProtocolRequestException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID protocol request: " + samlRequest, e); + throw e; } catch (Throwable e) { String samlRequest = request.getParameter("SAMLRequest"); @@ -278,6 +301,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { Status status = SAML2Utils.createSAMLObject(Status.class); StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); + String moaError = null; + if(e instanceof NoPassivAuthenticationException) { statusCode.setValue(StatusCode.NO_PASSIVE_URI); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); @@ -285,6 +312,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { } else if (e instanceof NameIDFormatNotSupportedException) { statusCode.setValue(StatusCode.INVALID_NAMEID_POLICY_URI); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); + + } else if (e instanceof SLOException) { + //SLOExecpetions only occurs if session information is lost + return false; } else if(e instanceof PVP2Exception) { PVP2Exception ex = (PVP2Exception) e; @@ -292,11 +323,20 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { String statusMessageValue = ex.getStatusMessageValue(); if(statusMessageValue != null) { statusMessage.setMessage(StringEscapeUtils.escapeXml(statusMessageValue)); - } + } + moaError = errorUtils.mapInternalErrorToExternalError(ex.getMessageId()); } else { statusCode.setValue(StatusCode.RESPONDER_URI); statusMessage.setMessage(StringEscapeUtils.escapeXml(e.getLocalizedMessage())); + moaError = errorUtils.getResponseErrorCode(e); + } + + + if (MiscUtil.isNotEmpty(moaError)) { + StatusCode moaStatusCode = SAML2Utils.createSAMLObject(StatusCode.class); + moaStatusCode.setValue(moaError); + statusCode.setStatusCode(moaStatusCode); } status.setStatusCode(statusCode); @@ -306,16 +346,27 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { samlResponse.setStatus(status); String remoteSessionID = SAML2Utils.getSecureIdentifier(); samlResponse.setID(remoteSessionID); - + + samlResponse.setIssueInstant(new DateTime()); + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setFormat(NameID.ENTITY); + samlResponse.setIssuer(nissuer); + IEncoder encoder = null; - if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { encoder = new RedirectBinding(); - } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { + + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_ARTIFACT_BINDING_URI)) { // TODO: not supported YET!! //binding = new ArtifactBinding(); + } else if(pvpRequest.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) { encoder = new PostBinding(); + + } else if (pvpRequest.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) { + encoder = new SoapBinding(); } if(encoder == null) { @@ -340,8 +391,10 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { HttpServletResponse response) { if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("GET")) { return getAction(REDIRECT); + } else if(request.getParameter("SAMLRequest") != null && request.getMethod().equals("POST")) { return getAction(POST); + } if(METADATA.equals(request.getParameter("action"))) { @@ -352,8 +405,240 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants { public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) { - // TODO implement validation! + return true; } + + /** + * PreProcess Single LogOut request + * @param request + * @param response + * @param msg + * @return + * @throws MOAIDException + */ + private IRequest preProcessLogOut(HttpServletRequest request, + HttpServletResponse response, MOARequest msg) throws MOAIDException { + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + + if (((MOARequest)msg).getSamlRequest() instanceof LogoutRequest) { + //preProcess single logout request from service provider + + EntityDescriptor metadata = msg.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + + + + String oaURL = metadata.getEntityID(); + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + Logger.info("Dispatch PVP2 SingleLogOut: OAURL=" + oaURL + " Binding=" + msg.getRequestBinding()); + + config.setOAURL(oaURL); + config.setBinding(msg.getRequestBinding()); + + + } else if (((MOARequest)msg).getSamlRequest() instanceof LogoutResponse) { + //preProcess single logour response from service provider + + LogoutResponse resp = (LogoutResponse) (((MOARequest)msg).getSamlRequest()); + + Logger.debug("PreProcess SLO Response from " + resp.getIssuer()); + + if (!resp.getDestination().startsWith( + PVPConfiguration.getInstance().getIDPPublicPath())) { + Logger.warn("PVP 2.1 single logout response destination does not match to IDP URL"); + throw new AssertionValidationExeption("PVP 2.1 single logout response destination does not match to IDP URL", null); + + } + + //TODO: check if relayState exists + msg.getRelayState(); + + + } else + throw new MOAIDException("Unsupported request", new Object[] {}); + + + config.setRequest(msg); + config.setAction(SINGLELOGOUT); + return config; + } + + /** + * PreProcess AttributeQuery request + * @param request + * @param response + * @param moaRequest + * @return + * @throws Throwable + */ + private IRequest preProcessAttributQueryRequest(HttpServletRequest request, + HttpServletResponse response, MOARequest moaRequest) throws Throwable { + + AttributeQuery attrQuery = (AttributeQuery) moaRequest.getSamlRequest(); + moaRequest.setEntityID(attrQuery.getIssuer().getValue()); + + //validate destination + String destinaten = attrQuery.getDestination(); + if (!PVPConfiguration.getInstance().getIDPAttributeQueryService().equals(destinaten)) { + Logger.warn("AttributeQuery destination does not match IDP AttributeQueryService URL"); + throw new AttributQueryException("AttributeQuery destination does not match IDP AttributeQueryService URL", null); + + } + + //check if Issuer is an interfederation IDP + // check parameter + if (!ParamValidatorUtils.isValidOA(moaRequest.getEntityID())) + throw new WrongParametersException("StartAuthentication", + PARAM_OA, "auth.12"); + + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaRequest.getEntityID()); + if (!oa.isInderfederationIDP()) { + Logger.warn("AttributeQuery requests are only allowed for interfederation IDPs."); + throw new AttributQueryException("AttributeQuery requests are only allowed for interfederation IDPs.", null); + + } + + if (!oa.isOutboundSSOInterfederationAllowed()) { + Logger.warn("Interfederation IDP " + oa.getPublicURLPrefix() + " does not allow outgoing SSO interfederation."); + throw new AttributQueryException("Interfederation IDP does not allow outgoing SSO interfederation.", null); + + } + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + config.setRequest(moaRequest); + config.setOAURL(moaRequest.getEntityID()); + config.setBinding(SAMLConstants.SAML2_SOAP11_BINDING_URI); + + return config; + } + + /** + * PreProcess Authn request + * @param request + * @param response + * @param moaRequest + * @return + * @throws Throwable + */ + private IRequest preProcessAuthRequest(HttpServletRequest request, + HttpServletResponse response, MOARequest moaRequest) throws Throwable { + + SignableXMLObject samlReq = moaRequest.getSamlRequest(); + + if(!(samlReq instanceof AuthnRequest)) { + throw new MOAIDException("Unsupported request", new Object[] {}); + } + + EntityDescriptor metadata = moaRequest.getEntityMetadata(); + if(metadata == null) { + throw new NoMetadataInformationException(); + } + SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + AuthnRequest authnRequest = (AuthnRequest)samlReq; + + Integer aIdx = authnRequest.getAssertionConsumerServiceIndex(); + int assertionidx = 0; + + if(aIdx != null) { + assertionidx = aIdx.intValue(); + + } else { + assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor); + } + + aIdx = authnRequest.getAttributeConsumingServiceIndex(); + int attributeIdx = 0; + + if(aIdx != null) { + attributeIdx = aIdx.intValue(); + } + + AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx); + + AttributeConsumingService attributeConsumer = null; + + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx); + } + + PVPTargetConfiguration config = new PVPTargetConfiguration(); + + String oaURL = moaRequest.getEntityMetadata().getEntityID(); + String binding = consumerService.getBinding(); + + Logger.info("Dispatch PVP2 AuthnRequest: OAURL=" + oaURL + " Binding=" + binding); + + oaURL = StringEscapeUtils.escapeHtml(oaURL); + + config.setOAURL(oaURL); + config.setBinding(binding); + config.setRequest(moaRequest); + config.setConsumerURL(consumerService.getLocation()); + + //parse AuthRequest + AuthnRequestImpl authReq = (AuthnRequestImpl) samlReq; + config.setPassiv(authReq.isPassive()); + config.setForce(authReq.isForceAuthn()); + + //validate AuthnRequest + AuthnRequestValidator.validate(authReq); + + String useMandate = request.getParameter(PARAM_USEMANDATE); + if(useMandate != null) { + if(useMandate.equals("true") && attributeConsumer != null) { + if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) { + throw new MandateAttributesNotHandleAbleException(); + } + } + } + + return config; + } + + /** + * PreProcess AuthResponse and Assertion + * @param msg + */ + private MOAResponse preProcessAuthResponse(MOAResponse msg) { + Logger.debug("Start PVP21 assertion processing... "); + Response samlResp = msg.getResponse(); + + try { + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + + //validate PVP 2.1 assertion + SAMLVerificationEngine.validateAssertion(samlResp, true); + + msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); + return msg; + + } else { + Logger.debug("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from interfederated IDP."); + + } + + } catch (IOException e) { + Logger.warn("Interfederation response marshaling FAILED.", e); + + } catch (MarshallingException e) { + Logger.warn("Interfederation response marshaling FAILED.", e); + + } catch (TransformerException e) { + Logger.warn("Interfederation response marshaling FAILED.", e); + + } catch (AssertionValidationExeption e) { + //error is already logged, to nothing + } + + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java index 7946c7596..47c297914 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java @@ -27,6 +27,8 @@ import org.opensaml.xml.signature.SignatureConstants; public interface PVPConstants { + public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider"; + public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256; public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256; public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128; @@ -39,6 +41,8 @@ public interface PVPConstants { public static final String STORK_QAA_1_3 = "http://www.stork.gov.eu/1.0/citizenQAALevel/3"; public static final String STORK_QAA_1_4 = "http://www.stork.gov.eu/1.0/citizenQAALevel/4"; + public static final String STORK_ATTRIBUTE_PREFIX = "http://www.stork.gov.eu/1.0/"; + public static final String URN_OID_PREFIX = "urn:oid:"; public static final String PVP_VERSION_OID = "1.2.40.0.10.2.1.1.261.10"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java index b3887a444..65da23565 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java @@ -22,22 +22,41 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.impl.AuthnRequestImpl; +import org.opensaml.saml2.metadata.AttributeConsumingService; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml2.metadata.SPSSODescriptor; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.logging.Logger; public class PVPTargetConfiguration extends RequestImpl { private static final long serialVersionUID = 4889919265919638188L; - MOARequest request; + InboundMessage request; String binding; String consumerURL; - - public MOARequest getRequest() { + + public InboundMessage getRequest() { return request; } - public void setRequest(MOARequest request) { + public void setRequest(InboundMessage request) { this.request = request; } @@ -55,6 +74,67 @@ public class PVPTargetConfiguration extends RequestImpl { public void setConsumerURL(String consumerURL) { this.consumerURL = consumerURL; + } - + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + + Map<String, String> reqAttr = new HashMap<String, String>(); + for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) + reqAttr.put(el, ""); + + try { + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + + SPSSODescriptor spSSODescriptor = getRequest().getEntityMetadata().getSPSSODescriptor(SAMLConstants.SAML20P_NS); + if (spSSODescriptor.getAttributeConsumingServices() != null && + spSSODescriptor.getAttributeConsumingServices().size() > 0) { + + Integer aIdx = null; + if (getRequest() instanceof MOARequest && + ((MOARequest)getRequest()).getSamlRequest() instanceof AuthnRequestImpl) { + AuthnRequestImpl authnRequest = (AuthnRequestImpl)((MOARequest)getRequest()).getSamlRequest(); + aIdx = authnRequest.getAttributeConsumingServiceIndex(); + + } else { + Logger.error("MOARequest is NOT of type AuthnRequest"); + } + + int idx = 0; + + AttributeConsumingService attributeConsumingService = null; + + if (aIdx != null) { + idx = aIdx.intValue(); + attributeConsumingService = spSSODescriptor + .getAttributeConsumingServices().get(idx); + + } else { + List<AttributeConsumingService> attrConsumingServiceList = spSSODescriptor.getAttributeConsumingServices(); + for (AttributeConsumingService el : attrConsumingServiceList) { + if (el.isDefault()) + attributeConsumingService = el; + } + } + + for ( RequestedAttribute attr : attributeConsumingService.getRequestAttributes()) + reqAttr.put(attr.getName(), ""); + } + + return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.keySet().iterator()); + + } catch (NoMetadataInformationException e) { + Logger.warn("NO metadata found for Entity " + getRequest().getEntityID()); + return null; + + } catch (ConfigurationException e) { + Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); + return null; + } + + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java new file mode 100644 index 000000000..c67d10ab7 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java @@ -0,0 +1,361 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x; + +import java.util.Iterator; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationContainer; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.SSOManager; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.SingleLogOutBuilder; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SLOException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient; +import at.gv.egovernment.moa.id.storage.AssertionStorage; +import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class SingleLogOutAction implements IAction { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public SLOInformationInterface processRequest(IRequest req, + HttpServletRequest httpReq, HttpServletResponse httpResp, + IAuthData authData) throws MOAIDException { + + PVPTargetConfiguration pvpReq = (PVPTargetConfiguration) req; + + if (pvpReq.getRequest() instanceof MOARequest) { + MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + if (samlReq.getSamlRequest() instanceof LogoutRequest) { + Logger.debug("Process Single LogOut request"); + LogoutRequest logOutReq = (LogoutRequest) samlReq.getSamlRequest(); + + AuthenticationSession session = + AuthenticationSessionStoreage.searchMOASessionWithNameIDandOAID( + logOutReq.getIssuer().getValue(), + logOutReq.getNameID().getValue()); + + if (session == null) { + Logger.warn("Can not find active SSO session with nameID " + + logOutReq.getNameID().getValue() + " and OA " + + logOutReq.getIssuer().getValue()); + Logger.info("Search active SSO session with SSO session cookie"); + SSOManager ssomanager = SSOManager.getInstance(); + String ssoID = ssomanager.getSSOSessionID(httpReq); + if (MiscUtil.isEmpty(ssoID)) { + Logger.warn("Can not find active Session. Single LogOut not possible!"); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + return null; + + } else { + String moasession = ssomanager.getMOASession(ssoID); + try { + session = AuthenticationSessionStoreage.getSession(moasession); + + } catch (MOADatabaseException e) { + Logger.warn("Can not find active Session. Single LogOut not possible!"); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + return null; + + } + } + } + + //store active OAs to SLOContaine + List<OASessionStore> dbOAs = AuthenticationSessionStoreage.getAllActiveOAFromMOASession(session); + SLOInformationContainer sloContainer = new SLOInformationContainer(); + sloContainer.setSloRequest(pvpReq); + sloContainer.parseActiveOAs(dbOAs, logOutReq.getIssuer().getValue()); + + //terminate MOASession + try { + AuthenticationSessionStoreage.destroySession(session.getSessionID()); + + } catch (MOADatabaseException e) { + Logger.warn("Delete MOASession FAILED."); + sloContainer.putFailedOA(AuthConfigurationProvider.getInstance().getPublicURLPrefix()); + + } + + //start service provider back channel logout process + Iterator<String> nextOAInterator = sloContainer.getNextBackChannelOA(); + while (nextOAInterator.hasNext()) { + SLOInformationImpl sloDescr = sloContainer.getBackChannelOASessionDescripten(nextOAInterator.next()); + LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr); + + try { + List<XMLObject> soapResp = MOASAMLSOAPClient.send(sloDescr.getServiceURL(), sloReq); + + LogoutResponse sloResp = null; + for (XMLObject el : soapResp) { + if (el instanceof LogoutResponse) + sloResp = (LogoutResponse) el; + } + + if (sloResp == null) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED. NO LogOut response received."); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } + + checkStatusCode(sloContainer, sloResp); + + } catch (SOAPException e) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED.", e); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } catch (SecurityException e) { + Logger.warn("Single LogOut for OA " + sloReq.getIssuer().getValue() + + " FAILED.", e); + sloContainer.putFailedOA(sloReq.getIssuer().getValue()); + + } + } + + //start service provider front channel logout process + try { + doFrontChannelLogOut(sloContainer, httpReq, httpResp); + + } catch (MOADatabaseException e) { + Logger.error("MOA AssertionDatabase ERROR", e); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + return null; + + } + + } else if (samlReq.getSamlRequest() instanceof LogoutResponse) { + Logger.debug("Process Single LogOut response"); + LogoutResponse logOutResp = (LogoutResponse) samlReq.getSamlRequest(); + + try { + if (MiscUtil.isEmpty(samlReq.getRelayState())) { + Logger.warn("SLO Response from " + logOutResp.getIssuer().getValue() + + " has no SAML2 RelayState."); + throw new SLOException("pvp2.19", null); + + } + + SLOInformationContainer sloContainer = + AssertionStorage.getInstance().get(samlReq.getRelayState(), SLOInformationContainer.class); + checkStatusCode(sloContainer, logOutResp); + sloContainer.removeFrontChannelOA(logOutResp.getIssuer().getValue()); + doFrontChannelLogOut(sloContainer, httpReq, httpResp); + + } catch (MOADatabaseException e) { + Logger.error("MOA AssertionDatabase ERROR", e); + throw new SLOException("pvp2.19", null); + + } + + } else { + Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse."); + throw new MOAIDException("pvp2.13", null); + + } + + } else { + Logger.error("Process SingleLogOutAction but request is NOT of type MOARequest."); + throw new MOAIDException("pvp2.13", null); + + } + + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp) { + return false; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName() + */ + @Override + public String getDefaultActionName() { + return PVP2XProtocol.SINGLELOGOUT; + } + + private void checkStatusCode(SLOInformationContainer sloContainer, LogoutResponse logOutResp) { + Status status = logOutResp.getStatus(); + if (!status.getStatusCode().equals(StatusCode.SUCCESS_URI)) { + Logger.warn("Single LogOut for OA " + logOutResp.getIssuer().getValue() + + " FAILED. (ResponseCode: " + status.getStatusCode().getValue() + + " Message: " + status.getStatusMessage().getMessage() + ")"); + sloContainer.putFailedOA(logOutResp.getIssuer().getValue()); + + } else + Logger.debug("Single LogOut for OA " + logOutResp.getIssuer().getValue() + " SUCCESS"); + + } + + private void doFrontChannelLogOut(SLOInformationContainer sloContainer, + HttpServletRequest httpReq, HttpServletResponse httpResp + ) throws MOAIDException, MOADatabaseException { + String nextOA = sloContainer.getNextFrontChannelOA(); + if (MiscUtil.isNotEmpty(nextOA)) { + SLOInformationImpl sloDescr = sloContainer.getFrontChannelOASessionDescripten(nextOA); + LogoutRequest sloReq = SingleLogOutBuilder.buildSLORequestMessage(sloDescr); + String relayState = Random.nextRandom(); + + AssertionStorage.getInstance().put(relayState, sloContainer); + + sendFrontChannelSLOMessage(sloDescr.getServiceURL(), sloDescr.getBinding(), + sloReq, httpReq, httpResp, relayState); + + } else { + //send SLO response to SLO request issuer + PVPTargetConfiguration pvpReq = sloContainer.getSloRequest(); + MOARequest samlReq = (MOARequest) pvpReq.getRequest(); + SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq); + LogoutResponse message = SingleLogOutBuilder.buildSLOResponseMessage(sloService, pvpReq, sloContainer.getSloFailedOAs()); + sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState()); + + } + } + + /** + * @param serviceURL + * @param binding + * @param sloReq + * @param httpReq + * @param httpResp + * @param relayState + */ + private void sendFrontChannelSLOMessage(String serviceURL, String bindingType, + RequestAbstractType sloReq, HttpServletRequest httpReq, + HttpServletResponse httpResp, String relayState) throws MOAIDException { + IEncoder binding = null; + if (bindingType.equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + + } else if (bindingType.equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + + } + + if (binding == null) { + throw new BindingNotSupportedException(bindingType); + } + + try { + binding.encodeRequest(httpReq, httpResp, sloReq, + serviceURL, relayState); + + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } + + } + + private void sendFrontChannelSLOMessage(SingleLogoutService consumerService, + LogoutResponse sloResp, HttpServletRequest req, HttpServletResponse resp, + String relayState) throws MOAIDException { + IEncoder binding = null; + if (consumerService.getBinding().equals( + SAMLConstants.SAML2_REDIRECT_BINDING_URI)) { + binding = new RedirectBinding(); + + } else if (consumerService.getBinding().equals( + SAMLConstants.SAML2_POST_BINDING_URI)) { + binding = new PostBinding(); + + } + + if (binding == null) { + throw new BindingNotSupportedException(consumerService.getBinding()); + } + + try { + binding.encodeRespone(req, resp, sloResp, + consumerService.getLocation(), relayState); + + } catch (MessageEncodingException e) { + Logger.error("Message Encoding exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } catch (SecurityException e) { + Logger.error("Security exception", e); + throw new MOAIDException("pvp2.01", null, e); + + } + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java index 43a17af23..8691667f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java @@ -43,13 +43,14 @@ import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.signature.Signature; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; public class ArtifactBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { } @@ -100,23 +101,21 @@ public class ArtifactBinding implements IDecoder, IEncoder { } } - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { return null; } - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException { - - return null; - } public boolean handleDecode(String action, HttpServletRequest req) { return false; } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_ARTIFACT_BINDING_URI; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java index b64b28de8..fb17c02b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java @@ -29,15 +29,14 @@ import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.xml.security.SecurityException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; public interface IDecoder { - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException, PVP2Exception; - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) - throws MessageDecodingException, SecurityException, PVP2Exception; - + public boolean handleDecode(String action, HttpServletRequest req); + + public String getSAML2BindingName(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java index f7dfd055c..de5548a44 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java @@ -34,7 +34,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; public interface IEncoder { public void encodeRequest(HttpServletRequest req, - HttpServletResponse resp, RequestAbstractType request, String targetLocation) + HttpServletResponse resp, RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException, PVP2Exception; /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java index 1d6b227d6..6080f8a33 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java @@ -26,9 +26,22 @@ import org.opensaml.common.binding.decoding.URIComparator; public class MOAURICompare implements URIComparator { - public boolean compare(String uri1, String uri2) { - // TODO: implement proper equalizer for rewritten URLS - return true; + /** + * @param idpssoPostService + */ + + private String serviceURL = ""; + + public MOAURICompare(String serviceURL) { + this.serviceURL = serviceURL; + } + + public boolean compare(String uri1, String uri2) { + if (this.serviceURL.equals(uri1)) + return true; + + else + return false; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java index 11e280d8f..a2fe5c01b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java @@ -34,7 +34,9 @@ import org.opensaml.saml2.binding.encoding.HTTPPostEncoder; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleLogoutService; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; import org.opensaml.ws.message.decoder.MessageDecodingException; @@ -47,6 +49,14 @@ import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -56,10 +66,38 @@ import at.gv.egovernment.moa.logging.Logger; public class PostBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { - // TODO Auto-generated method stub + + try { + X509Credential credentials = CredentialProvider + .getIDPAssertionSigningCredential(); + + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); + HTTPPostEncoder encoder = new HTTPPostEncoder(engine, + "resources/templates/pvp_postbinding_template.html"); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder().buildObject(); + service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"); + service.setLocation(targetLocation);; + + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(request); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + encoder.encode(context); + + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } catch (Exception e) { + e.printStackTrace(); + throw new SecurityException(e); + } } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, @@ -100,63 +138,63 @@ public class PostBinding implements IDecoder, IEncoder { } } - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - decode.setURIComparator(new MOAURICompare()); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - + try { + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService())); + + } catch (ConfigurationException e) { + throw new SecurityException(e); + } + + decode.decode(messageContext); + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - - decode.decode(messageContext); - - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext - .getInboundMessage(); - + InboundMessage msg = null; + + if (messageContext.getInboundMessage() instanceof RequestAbstractType) { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + msg = new MOARequest(inboundMessage, getSAML2BindingName()); + + } else if (messageContext.getInboundMessage() instanceof Response){ + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + msg = new MOAResponse(inboundMessage); + + } else + //create empty container if request type is unknown + msg = new InboundMessage(); - MOARequest request = new MOARequest(inboundMessage); - request.setVerified(false); + msg.setVerified(false); + decode.decode(messageContext); if (messageContext.getPeerEntityMetadata() != null) - request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); else - Logger.info("No Metadata found for OA with EntityID " + inboundMessage.getIssuer().getValue()); + Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); - request.setRelayState(messageContext.getRelayState()); - return request; - - } - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException { - - HTTPPostDecoder decode = new HTTPPostDecoder(new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - - decode.decode(messageContext); - - Response inboundMessage = (Response) messageContext.getInboundMessage(); - - MOAResponse moaResponse = new MOAResponse(inboundMessage); - moaResponse.setVerified(false); - moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); - return moaResponse; - + msg.setRelayState(messageContext.getRelayState()); + + return msg; } public boolean handleDecode(String action, HttpServletRequest req) { - return (req.getMethod().equals("POST")); + return (req.getMethod().equals("POST") && action.equals(PVP2XProtocol.POST)); + } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_POST_BINDING_URI; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java index dc6a1f637..8fba6cde0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java @@ -35,6 +35,7 @@ import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.StatusResponseType; +import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.SingleSignOnService; import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder; @@ -50,7 +51,13 @@ import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; import org.opensaml.xml.security.x509.X509Credential; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -61,9 +68,34 @@ import at.gv.egovernment.moa.util.DOMUtils; public class RedirectBinding implements IDecoder, IEncoder { public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException { - // TODO: implement + + try { + X509Credential credentials = CredentialProvider + .getIDPAssertionSigningCredential(); + + Logger.debug("create SAML RedirectBinding response"); + + HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder(); + HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter( + resp, true); + BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); + SingleSignOnService service = new SingleSignOnServiceBuilder() + .buildObject(); + service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI); + service.setLocation(targetLocation); + context.setOutboundSAMLMessageSigningCredential(credentials); + context.setPeerEntityEndpoint(service); + context.setOutboundSAMLMessage(request); + context.setOutboundMessageTransport(responseAdapter); + context.setRelayState(relayState); + + encoder.encode(context); + } catch (CredentialsNotAvailableException e) { + e.printStackTrace(); + throw new SecurityException(e); + } } public void encodeRespone(HttpServletRequest req, HttpServletResponse resp, @@ -85,10 +117,10 @@ public class RedirectBinding implements IDecoder, IEncoder { service.setLocation(targetLocation); context.setOutboundSAMLMessageSigningCredential(credentials); context.setPeerEntityEndpoint(service); - // context.setOutboundMessage(authReq); context.setOutboundSAMLMessage(response); context.setOutboundMessageTransport(responseAdapter); - + context.setRelayState(relayState); + encoder.encode(context); } catch (CredentialsNotAvailableException e) { e.printStackTrace(); @@ -96,84 +128,80 @@ public class RedirectBinding implements IDecoder, IEncoder { } } - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException { HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( new BasicParserPool()); - decode.setURIComparator(new MOAURICompare()); - BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); - messageContext - .setInboundMessageTransport(new HttpServletRequestAdapter(req)); - - messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); - - SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( - TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - - SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); - - BasicSecurityPolicy policy = new BasicSecurityPolicy(); - policy.getPolicyRules().add(signatureRule); - policy.getPolicyRules().add(signedRole); + try { + decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService())); - SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); - messageContext.setSecurityPolicyResolver(resolver); + } catch (ConfigurationException e) { + throw new SecurityException(e); + + } - decode.decode(messageContext); - - signatureRule.evaluate(messageContext); - - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext - .getInboundMessage(); - MOARequest request = new MOARequest(inboundMessage); - request.setVerified(true); - request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); - return request; - } - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException { - - HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder( - new BasicParserPool()); - BasicSAMLMessageContext<Response, ?, ?> messageContext = new BasicSAMLMessageContext<Response, SAMLObject, SAMLObject>(); + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter(req)); + decode.decode(messageContext); + + messageContext.setMetadataProvider(MOAMetadataProvider.getInstance()); + SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule( TrustEngineFactory.getSignatureKnownKeysTrustEngine()); - - // signatureRule.evaluate(messageContext); + SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule(); BasicSecurityPolicy policy = new BasicSecurityPolicy(); policy.getPolicyRules().add(signatureRule); + policy.getPolicyRules().add(signedRole); SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver( - policy); - messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + policy); messageContext.setSecurityPolicyResolver(resolver); - MOAMetadataProvider provider = null; - - provider = MOAMetadataProvider.getInstance(); + + InboundMessage msg = null; + + if (messageContext.getInboundMessage() instanceof RequestAbstractType) { + messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME); + + RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + .getInboundMessage(); + msg = new MOARequest(inboundMessage, getSAML2BindingName()); + + + } else if (messageContext.getInboundMessage() instanceof Response){ + messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); + + Response inboundMessage = (Response) messageContext.getInboundMessage(); + msg = new MOAResponse(inboundMessage); + + } else + //create empty container if request type is unknown + msg = new InboundMessage(); - messageContext.setMetadataProvider(provider); + signatureRule.evaluate(messageContext); + msg.setVerified(true); decode.decode(messageContext); - - Response inboundMessage = (Response) messageContext.getInboundMessage(); - - MOAResponse moaResponse = new MOAResponse(inboundMessage); - moaResponse.setVerified(true); - moaResponse.setEntityMetadata(messageContext.getPeerEntityMetadata()); - return moaResponse; + if (messageContext.getPeerEntityMetadata() != null) + msg.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + + else + Logger.info("No Metadata found for OA with EntityID " + messageContext.getInboundMessageIssuer()); + + msg.setRelayState(messageContext.getRelayState()); + + return msg; } public boolean handleDecode(String action, HttpServletRequest req) { return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod() .equals("GET")); } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_REDIRECT_BINDING_URI; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java index 1d41654eb..75332cfea 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java @@ -22,6 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.binding; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -33,51 +35,68 @@ import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.StatusResponseType; import org.opensaml.ws.message.decoder.MessageDecodingException; import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.ws.soap.client.BasicSOAPMessageContext; +import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder; import org.opensaml.ws.transport.http.HttpServletRequestAdapter; import org.opensaml.ws.transport.http.HttpServletResponseAdapter; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; import org.opensaml.xml.security.SecurityException; import org.opensaml.xml.security.credential.Credential; +import org.opensaml.xml.signature.SignableXMLObject; import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; public class SoapBinding implements IDecoder, IEncoder { - public MOARequest decodeRequest(HttpServletRequest req, + public InboundMessageInterface decode(HttpServletRequest req, HttpServletResponse resp) throws MessageDecodingException, SecurityException, PVP2Exception { - HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(); - BasicSAMLMessageContext<RequestAbstractType, ?, ?> messageContext = - new BasicSAMLMessageContext<RequestAbstractType, SAMLObject, SAMLObject>(); + HTTPSOAP11Decoder soapDecoder = new HTTPSOAP11Decoder(new BasicParserPool()); + BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = + new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>(); messageContext .setInboundMessageTransport(new HttpServletRequestAdapter( req)); + soapDecoder.decode(messageContext); - - RequestAbstractType inboundMessage = (RequestAbstractType) messageContext + + Envelope inboundMessage = (Envelope) messageContext .getInboundMessage(); - MOARequest request = new MOARequest(inboundMessage); + if (inboundMessage.getBody() != null) { + List<XMLObject> xmlElemList = inboundMessage.getBody().getUnknownXMLObjects(); - return request; - } - - public MOAResponse decodeRespone(HttpServletRequest req, - HttpServletResponse resp) throws MessageDecodingException, - SecurityException, PVP2Exception { - throw new BindingNotSupportedException(SAMLConstants.SAML2_SOAP11_BINDING_URI + " response"); + if (!xmlElemList.isEmpty()) { + SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0); + MOARequest request = new MOARequest(attrReq, getSAML2BindingName()); + request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID()); + request.setVerified(false); + return request; + + } + } + + Logger.error("Receive empty PVP 2.1 attributequery request."); + throw new AttributQueryException("Receive empty PVP 2.1 attributequery request.", null); } public boolean handleDecode(String action, HttpServletRequest req) { - return (action.equals(PVP2XProtocol.SOAP)); + return (req.getMethod().equals("POST") && + (action.equals(PVP2XProtocol.SOAP) || action.equals(PVP2XProtocol.ATTRIBUTEQUERY))); } public void encodeRequest(HttpServletRequest req, HttpServletResponse resp, - RequestAbstractType request, String targetLocation) + RequestAbstractType request, String targetLocation, String relayState) throws MessageEncodingException, SecurityException, PVP2Exception { } @@ -103,5 +122,9 @@ public class SoapBinding implements IDecoder, IEncoder { throw new SecurityException(e); } } + + public String getSAML2BindingName() { + return SAMLConstants.SAML2_SOAP11_BINDING_URI; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java new file mode 100644 index 000000000..6296d102f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AttributQueryBuilder.java @@ -0,0 +1,185 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.parsers.ParserConfigurationException; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Subject; +import org.opensaml.saml2.core.impl.AttributeQueryBuilder; +import org.opensaml.xml.io.Marshaller; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.x509.X509Credential; +import org.opensaml.xml.signature.Signature; +import org.opensaml.xml.signature.SignatureConstants; +import org.opensaml.xml.signature.SignatureException; +import org.opensaml.xml.signature.Signer; +import org.w3c.dom.Document; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Constants; + +/** + * @author tlenz + * + */ +public class AttributQueryBuilder { + + public static List<Attribute> buildSAML2AttributeList(OAAuthParameter oa, Iterator<String> iterator) { + + Logger.debug("Build OA specific Attributes for AttributQuery request"); + + List<Attribute> attrList = new ArrayList<Attribute>(); + + SamlAttributeGenerator generator = new SamlAttributeGenerator(); + + while(iterator.hasNext()) { + String rA = iterator.next(); + Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(rA); + if (attr == null) { + Logger.warn("Attribut " + rA + " has no valid Name"); + + } else { + //add OA specific information + if (rA.equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME)) { + if (oa.getBusinessService()) + attr = generator.buildStringAttribute(attr.getFriendlyName(), + attr.getName(), oa.getIdentityLinkDomainIdentifier()); + else + attr = generator.buildStringAttribute(attr.getFriendlyName(), + attr.getName(), Constants.URN_PREFIX_CDID + "+" + oa.getTarget()); + } + + //TODO: add attribute values for SSO with mandates (ProfileList) + + + attrList.add(attr); + } + } + + return attrList; + } + + + public static AttributeQuery buildAttributQueryRequest(String nameID, + String endpoint, List<Attribute> requestedAttributes) throws AttributQueryException { + + + try { + + AttributeQuery query = new AttributeQueryBuilder().buildObject(); + + //set user nameID + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + subjectNameID.setValue(nameID); + subjectNameID.setFormat(NameID.TRANSIENT); + subject.setNameID(subjectNameID); + query.setSubject(subject); + + //set attributes + query.getAttributes().addAll(requestedAttributes); + + //set general request parameters + DateTime now = new DateTime(); + query.setIssueInstant(now); + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setFormat(NameID.ENTITY); + query.setIssuer(nissuer); + + String sessionID = SAML2Utils.getSecureIdentifier(); + query.setID(sessionID); + + query.setDestination(endpoint); + + X509Credential idpSigningCredential = CredentialProvider.getIDPAssertionSigningCredential(); + + Signature signer = SAML2Utils.createSAMLObject(Signature.class); + signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); + signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); + signer.setSigningCredential(idpSigningCredential); + query.setSignature(signer); + + DocumentBuilder builder; + DocumentBuilderFactory factory = DocumentBuilderFactory + .newInstance(); + + builder = factory.newDocumentBuilder(); + Document document = builder.newDocument(); + Marshaller out = Configuration.getMarshallerFactory() + .getMarshaller(query); + out.marshall(query, document); + + Signer.signObject(signer); + + return query; + + } catch (ConfigurationException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (CredentialsNotAvailableException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (ParserConfigurationException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (MarshallingException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } catch (SignatureException e) { + Logger.error("Build AttributQuery Request FAILED.", e); + throw new AttributQueryException("Build AttributQuery Request FAILED.", null, e); + + } + + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java new file mode 100644 index 000000000..4ef09184d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/AuthResponseBuilder.java @@ -0,0 +1,152 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.ArrayList; +import java.util.Date; +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.Configuration; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.EncryptedAssertion; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.encryption.Encrypter; +import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.MetadataCredentialResolver; +import org.opensaml.security.MetadataCriteria; +import org.opensaml.xml.encryption.EncryptionException; +import org.opensaml.xml.encryption.EncryptionParameters; +import org.opensaml.xml.encryption.KeyEncryptionParameters; +import org.opensaml.xml.security.CriteriaSet; +import org.opensaml.xml.security.SecurityException; +import org.opensaml.xml.security.credential.UsageType; +import org.opensaml.xml.security.criteria.EntityIDCriteria; +import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; +import org.opensaml.xml.security.x509.X509Credential; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class AuthResponseBuilder { + + public static Response buildResponse(RequestAbstractType req, DateTime date, Assertion assertion) throws InvalidAssertionEncryptionException, ConfigurationException { + Response authResponse = SAML2Utils.createSAMLObject(Response.class); + + Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); + + //change to entity value from entity name to IDP EntityID (URL) + nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + nissuer.setFormat(NameID.ENTITY); + authResponse.setIssuer(nissuer); + authResponse.setInResponseTo(req.getID()); + + //set responseID + String remoteSessionID = SAML2Utils.getSecureIdentifier(); + authResponse.setID(remoteSessionID); + + + //SAML2 response required IssueInstant + authResponse.setIssueInstant(date); + + authResponse.setStatus(SAML2Utils.getSuccessStatus()); + + //check, if metadata includes an encryption key + MetadataCredentialResolver mdCredResolver = + new MetadataCredentialResolver(MOAMetadataProvider.getInstance()); + + CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add( new EntityIDCriteria(req.getIssuer().getValue()) ); + criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) ); + + X509Credential encryptionCredentials = null; + try { + encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); + + } catch (SecurityException e2) { + Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2); + throw new InvalidAssertionEncryptionException(); + + } + + boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive(); + if (encryptionCredentials != null && isEncryptionActive) { + //encrypt SAML2 assertion + + try { + + EncryptionParameters dataEncParams = new EncryptionParameters(); + dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); + + List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>(); + KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); + + keyEncParam.setEncryptionCredential(encryptionCredentials); + keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); + KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() + .getKeyInfoGeneratorManager().getDefaultManager() + .getFactory(encryptionCredentials); + keyEncParam.setKeyInfoGenerator(kigf.newInstance()); + keyEncParamList.add(keyEncParam); + + Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); + //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); + samlEncrypter.setKeyPlacement(KeyPlacement.PEER); + + EncryptedAssertion encryptAssertion = null; + + encryptAssertion = samlEncrypter.encrypt(assertion); + + authResponse.getEncryptedAssertions().add(encryptAssertion); + + } catch (EncryptionException e1) { + Logger.warn("Can not encrypt the PVP2 assertion", e1); + throw new InvalidAssertionEncryptionException(); + + } + + } else { + authResponse.getAssertions().add(assertion); + + } + + return authResponse; + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java index 39e35120c..8b6e71e6b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java @@ -29,9 +29,8 @@ import java.util.List; import org.opensaml.saml2.core.Attribute; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock; @@ -150,11 +149,11 @@ public class PVPAttributeBuilder { addBuilder(new STORKTitleAttributBuilder()); } - public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam, - AuthenticationData authData) throws PVP2Exception { + public static Attribute buildAttribute(String name, OAAuthParameter oaParam, + IAuthData authData) throws PVP2Exception { if (builders.containsKey(name)) { try { - return builders.get(name).build(authSession, oaParam, authData, generator); + return builders.get(name).build(oaParam, authData, generator); } catch (AttributeException e) { if (e instanceof UnavailableAttributeException) { @@ -171,6 +170,22 @@ public class PVPAttributeBuilder { return null; } + public static Attribute buildEmptyAttribute(String name) { + if (builders.containsKey(name)) { + return builders.get(name).buildEmpty(generator); + } + return null; + } + + public static Attribute buildAttribute(String name, String value) { + if (builders.containsKey(name)) { + return builders.get(name).buildEmpty(generator); + } + return null; + } + + + public static List<Attribute> buildSupportedEmptyAttributes() { List<Attribute> attributes = new ArrayList<Attribute>(); Iterator<IAttributeBuilder> builderIt = builders.values().iterator(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java new file mode 100644 index 000000000..04d374e93 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java @@ -0,0 +1,186 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.builder; + +import java.util.List; + +import org.joda.time.DateTime; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Issuer; +import org.opensaml.saml2.core.LogoutRequest; +import org.opensaml.saml2.core.LogoutResponse; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.core.Status; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.core.StatusMessage; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml2.metadata.SingleLogoutService; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; + +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NOSLOServiceDescriptorException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SingleLogOutBuilder { + + public static LogoutRequest buildSLORequestMessage(SLOInformationImpl sloInfo) throws ConfigurationException { + LogoutRequest sloReq = SAML2Utils.createSAMLObject(LogoutRequest.class); + + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setFormat(NameID.ENTITY); + sloReq.setIssuer(issuer); + sloReq.setIssueInstant(new DateTime()); + + sloReq.setDestination(sloInfo.getServiceURL()); + + NameID nameID = SAML2Utils.createSAMLObject(NameID.class); + nameID.setFormat(sloInfo.getUserNameIDFormat()); + nameID.setValue(sloInfo.getUserNameIdentifier()); + sloReq.setNameID(nameID ); + + return sloReq; + } + + public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException { + LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setFormat(NameID.ENTITY); + sloResp.setIssuer(issuer); + sloResp.setIssueInstant(new DateTime()); + sloResp.setDestination(sloService.getLocation()); + Status status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI); + statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null)); + status.setStatusCode(statusCode); + status.setStatusMessage(statusMessage); + sloResp.setStatus(status); + return sloResp; + } + + public static LogoutResponse buildSLOResponseMessage(SingleLogoutService sloService, PVPTargetConfiguration spRequest, List<String> failedOAs) throws ConfigurationException { + LogoutResponse sloResp = SAML2Utils.createSAMLObject(LogoutResponse.class); + Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class); + issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); + issuer.setFormat(NameID.ENTITY); + sloResp.setIssuer(issuer); + sloResp.setIssueInstant(new DateTime()); + sloResp.setDestination(sloService.getLocation()); + + Status status; + if (failedOAs == null || failedOAs.size() == 0) { + status = SAML2Utils.getSuccessStatus(); + + } else { + status = SAML2Utils.createSAMLObject(Status.class); + StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class); + StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class); + statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI); + statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null)); + status.setStatusCode(statusCode); + status.setStatusMessage(statusMessage); + + } + sloResp.setStatus(status); + return sloResp; + + } + + public static SingleLogoutService getRequestSLODescriptor(String entityID) throws NOSLOServiceDescriptorException { + try { + EntityDescriptor entity = MOAMetadataProvider.getInstance().getEntityDescriptor(entityID); + SPSSODescriptor spsso = entity.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + SingleLogoutService sloService = null; + for (SingleLogoutService el : spsso.getSingleLogoutServices()) { + if (el.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) + sloService = el; + + else if (el.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) + && ( + (sloService != null && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI)) + || sloService == null) + ) + sloService = el; + + else if (el.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI) + && ( + (sloService != null + && !sloService.getBinding().equals(SAMLConstants.SAML2_SOAP11_BINDING_URI) + && !sloService.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) + || sloService == null) + ) + sloService = el; + } + + if (sloService == null) { + Logger.error("Found no SLO ServiceDescriptor in Metadata"); + throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); + + } + return sloService; + + } catch (MetadataProviderException e) { + Logger.error("Found no SLO ServiceDescriptor in Metadata"); + throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); + } + + } + + public static SingleLogoutService getResponseSLODescriptor(PVPTargetConfiguration spRequest) throws NoMetadataInformationException, NOSLOServiceDescriptorException { + MOARequest moaReq = (MOARequest) spRequest.getRequest(); + EntityDescriptor metadata = moaReq.getEntityMetadata(); + SPSSODescriptor spsso = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + + SingleLogoutService sloService = null; + for (SingleLogoutService el : spsso.getSingleLogoutServices()) { + if (el.getBinding().equals(spRequest.getBinding())) + sloService = el; + } + if (sloService == null && spsso.getSingleLogoutServices().size() != 0) + sloService = spsso.getSingleLogoutServices().get(0); + + else { + Logger.error("Found no SLO ServiceDescriptor in Metadata"); + throw new NOSLOServiceDescriptorException("NO SLO ServiceDescriptor", null); + } + return sloService; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java index 9def5d22c..4d6343fce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion; import java.security.MessageDigest; +import java.util.ArrayList; import java.util.Iterator; import java.util.List; @@ -30,6 +31,7 @@ import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.AttributeQuery; import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.Audience; import org.opensaml.saml2.core.AudienceRestriction; @@ -53,29 +55,28 @@ import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.w3c.dom.Element; -import edu.emory.mathcs.backport.java.util.Arrays; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.QAANotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.id.util.QAALevelVerifier; @@ -83,12 +84,65 @@ import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.MiscUtil; public class PVP2AssertionBuilder implements PVPConstants { + + public static Assertion buildAssertion(AttributeQuery attrQuery, + List<String> reqAttributes, IAuthData authData, DateTime date, String sessionIndex) throws ConfigurationException { + + + AuthnContextClassRef authnContextClassRef = SAML2Utils.createSAMLObject(AuthnContextClassRef.class); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); + + List<Attribute> attrList = new ArrayList<Attribute>(); + if (reqAttributes != null) { + Iterator<String> it = reqAttributes.iterator(); + while (it.hasNext()) { + String reqAttributName = it.next(); + try { + Attribute attr = PVPAttributeBuilder.buildAttribute( + reqAttributName, null, authData); + if (attr == null) { + Logger.error( + "Attribute generation failed! for " + + reqAttributName); + + } else { + attrList.add(attr); + + } + + } catch (PVP2Exception e) { + Logger.error( + "Attribute generation failed! for " + + reqAttributName); + + } catch (Exception e) { + Logger.error( + "General Attribute generation failed! for " + + reqAttributName); + + } + } + } + + + NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); + subjectNameID.setFormat(attrQuery.getSubject().getNameID().getFormat()); + subjectNameID.setValue(attrQuery.getSubject().getNameID().getValue()); + + SubjectConfirmationData subjectConfirmationData = null; + + return buildGenericAssertion(attrQuery.getIssuer().getValue(), date, + authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex); + } + public static Assertion buildAssertion(AuthnRequest authnRequest, - AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date, AssertionConsumerService assertionConsumerService) + IAuthData authData, EntityDescriptor peerEntity, DateTime date, + AssertionConsumerService assertionConsumerService, SLOInformationImpl sloInformation) throws MOAIDException { - Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + RequestedAuthnContext reqAuthnContext = authnRequest .getRequestedAuthnContext(); @@ -101,7 +155,7 @@ public class PVP2AssertionBuilder implements PVPConstants { peerEntity.getEntityID()); if (reqAuthnContext == null) { - authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); } else { @@ -112,7 +166,7 @@ public class PVP2AssertionBuilder implements PVPConstants { if (reqAuthnContextClassRefIt.size() == 0) { - QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), STORK_QAA_1_4); stork_qaa_1_4_found = true; @@ -126,20 +180,20 @@ public class PVP2AssertionBuilder implements PVPConstants { || qaa_uri.trim().equals(STORK_QAA_1_2) || qaa_uri.trim().equals(STORK_QAA_1_1)) { - if (authSession.isForeigner()) { - QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + if (authData.isForeigner()) { + QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), STORK_QAA_PREFIX + oaParam.getQaaLevel()); stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); } else { - QAALevelVerifier.verifyQAALevel(authSession.getQAALevel(), + QAALevelVerifier.verifyQAALevel(authData.getQAALevel(), qaa_uri.trim()); stork_qaa_1_4_found = true; - authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); + authnContextClassRef.setAuthnContextClassRef(authData.getQAALevel()); } break; @@ -152,33 +206,13 @@ public class PVP2AssertionBuilder implements PVPConstants { } } - AuthnContext authnContext = SAML2Utils - .createSAMLObject(AuthnContext.class); - authnContext.setAuthnContextClassRef(authnContextClassRef); - - AuthnStatement authnStatement = SAML2Utils - .createSAMLObject(AuthnStatement.class); - String remoteSessionID = SAML2Utils.getSecureIdentifier(); - authnStatement.setAuthnInstant(date); - // currently dummy id ... - authnStatement.setSessionIndex(remoteSessionID); - authnStatement.setAuthnContext(authnContext); - assertion.getAuthnStatements().add(authnStatement); SPSSODescriptor spSSODescriptor = peerEntity .getSPSSODescriptor(SAMLConstants.SAML20P_NS); - - AttributeStatement attributeStatement = SAML2Utils - .createSAMLObject(AttributeStatement.class); - - Subject subject = SAML2Utils.createSAMLObject(Subject.class); - - AuthenticationData authData = AuthenticationServer - .buildAuthenticationData(authSession, oaParam, - oaParam.getTarget()); - + //add Attributes to Assertion + List<Attribute> attrList = new ArrayList<Attribute>(); if (spSSODescriptor.getAttributeConsumingServices() != null && spSSODescriptor.getAttributeConsumingServices().size() > 0) { @@ -199,22 +233,22 @@ public class PVP2AssertionBuilder implements PVPConstants { attributeConsumingService = el; } } - - if (attributeConsumingService != null) { + + if (attributeConsumingService != null) { Iterator<RequestedAttribute> it = attributeConsumingService .getRequestAttributes().iterator(); while (it.hasNext()) { RequestedAttribute reqAttribut = it.next(); try { Attribute attr = PVPAttributeBuilder.buildAttribute( - reqAttribut.getName(), authSession, oaParam, authData); + reqAttribut.getName(), oaParam, authData); if (attr == null) { if (reqAttribut.isRequired()) { throw new UnprovideableAttributeException( reqAttribut.getName()); } } else { - attributeStatement.getAttributes().add(attr); + attrList.add(attr); } } catch (PVP2Exception e) { Logger.error( @@ -224,19 +258,26 @@ public class PVP2AssertionBuilder implements PVPConstants { throw new UnprovideableAttributeException( reqAttribut.getName()); } + + } catch (Exception e) { + Logger.error( + "General Attribute generation failed! for " + + reqAttribut.getFriendlyName(), e); + if (reqAttribut.isRequired()) { + throw new UnprovideableAttributeException( + reqAttribut.getName()); + } + } } } } - if (attributeStatement.getAttributes().size() > 0) { - assertion.getAttributeStatements().add(attributeStatement); - } NameID subjectNameID = SAML2Utils.createSAMLObject(NameID.class); - //TLenz: set correct bPK Type and Value from AuthData - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + //build nameID and nameID Format from moasession + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAvailableException(); } @@ -265,7 +306,7 @@ public class PVP2AssertionBuilder implements PVPConstants { if (bpktype.equals(Constants.URN_PREFIX_BASEID)) { - if (authSession.getBusinessService()) { + if (oaParam.getBusinessService()) { subjectNameID.setValue(new BPKBuilder().buildWBPK(bpk, oaParam.getIdentityLinkDomainIdentifier())); if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) subjectNameID.setNameQualifier(oaParam.getIdentityLinkDomainIdentifier()); @@ -334,21 +375,68 @@ public class PVP2AssertionBuilder implements PVPConstants { } } else - subjectNameID.setFormat(nameIDFormat); - - - subject.setNameID(subjectNameID); + subjectNameID.setFormat(nameIDFormat); + - SubjectConfirmation subjectConfirmation = SAML2Utils - .createSAMLObject(SubjectConfirmation.class); - subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); + String sessionIndex = null; + + //if request is a reauthentication and NameIDFormat match reuse old session information + if (MiscUtil.isNotEmpty(authData.getNameID()) && + MiscUtil.isNotEmpty(authData.getNameIDFormat()) && + nameIDFormat.equals(authData.getNameIDFormat())) { + subjectNameID.setValue(authData.getNameID()); + sessionIndex = authData.getSessionIndex(); + + } else + sessionIndex = SAML2Utils.getSecureIdentifier(); + SubjectConfirmationData subjectConfirmationData = SAML2Utils .createSAMLObject(SubjectConfirmationData.class); subjectConfirmationData.setInResponseTo(authnRequest.getID()); subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5)); subjectConfirmationData.setRecipient(assertionConsumerService.getLocation()); + + //set SLO information + sloInformation.setUserNameIdentifier(subjectNameID.getValue()); + sloInformation.setNameIDFormat(subjectNameID.getFormat()); + sloInformation.setSessionIndex(sessionIndex); + + return buildGenericAssertion(peerEntity.getEntityID(), date, authnContextClassRef, attrList, subjectNameID, subjectConfirmationData, sessionIndex); + } + + private static Assertion buildGenericAssertion(String entityID, DateTime date, + AuthnContextClassRef authnContextClassRef, List<Attribute> attrList, + NameID subjectNameID, SubjectConfirmationData subjectConfirmationData, + String sessionIndex) throws ConfigurationException { + Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class); + + AuthnContext authnContext = SAML2Utils + .createSAMLObject(AuthnContext.class); + authnContext.setAuthnContextClassRef(authnContextClassRef); + AuthnStatement authnStatement = SAML2Utils + .createSAMLObject(AuthnStatement.class); + + authnStatement.setAuthnInstant(date); + authnStatement.setSessionIndex(sessionIndex); + authnStatement.setAuthnContext(authnContext); + + assertion.getAuthnStatements().add(authnStatement); + + AttributeStatement attributeStatement = SAML2Utils + .createSAMLObject(AttributeStatement.class); + attributeStatement.getAttributes().addAll(attrList); + if (attributeStatement.getAttributes().size() > 0) { + assertion.getAttributeStatements().add(attributeStatement); + } + + Subject subject = SAML2Utils.createSAMLObject(Subject.class); + subject.setNameID(subjectNameID); + + SubjectConfirmation subjectConfirmation = SAML2Utils + .createSAMLObject(SubjectConfirmation.class); + subjectConfirmation.setMethod(SubjectConfirmation.METHOD_BEARER); subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); subject.getSubjectConfirmations().add(subjectConfirmation); @@ -358,7 +446,7 @@ public class PVP2AssertionBuilder implements PVPConstants { .createSAMLObject(AudienceRestriction.class); Audience audience = SAML2Utils.createSAMLObject(Audience.class); - audience.setAudienceURI(peerEntity.getEntityID()); + audience.setAudienceURI(entityID); audienceRestriction.getAudiences().add(audience); conditions.setNotBefore(date); @@ -377,7 +465,7 @@ public class PVP2AssertionBuilder implements PVPConstants { assertion.setSubject(subject); assertion.setID(SAML2Utils.getSecureIdentifier()); assertion.setIssueInstant(date); - - return assertion; + + return assertion; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java index 648651350..3dd1dd064 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -35,7 +34,7 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder { return BPK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { String bpk = authData.getBPK(); String type = authData.getBPKType(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java index f3d815e7d..89ec383ce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java @@ -23,47 +23,31 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.text.DateFormat; -import java.text.ParseException; import java.text.SimpleDateFormat; -import java.util.Date; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.util.MiscUtil; public class BirthdateAttributeBuilder implements IPVPAttributeBuilder { - - public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd"; - + public String getName() { return BIRTHDATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - try { - DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT); + + if (authData.getDateOfBirth() != null) { + DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); + String dateString = pvpDateFormat.format(authData.getDateOfBirth()); + + return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); - if (MiscUtil.isNotEmpty(authSession.getIdentityLink().getDateOfBirth())) { - Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth()); - DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN); - String dateString = pvpDateFormat.format(date); + } else { + //build empty attribute if no Birthday date is found (STORK2) + return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); - return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); - - } else { - //build empty attribute if no Birthday date is found (STORK2) - return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME); - - } - - //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString); - } - catch (ParseException e) { - e.printStackTrace(); - return null; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java index 56972248b..ded9e7166 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java @@ -26,9 +26,8 @@ import iaik.util.logging.Log; import java.io.IOException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; @@ -40,11 +39,11 @@ public class EIDAuthBlock implements IPVPAttributeBuilder { return EID_AUTH_BLOCK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { try { - String authblock = authSession.getAuthBlock(); + String authblock = authData.getAuthBlock(); if (MiscUtil.isNotEmpty(authblock)) { return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME, Base64Utils.encode(authblock.getBytes())); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java index 7179dd090..2df5ec22e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,10 +34,10 @@ public class EIDCcsURL implements IPVPAttributeBuilder { return EID_CCS_URL_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - String bkuurl = authSession.getBkuURL(); + String bkuurl = authData.getBkuURL(); if (MiscUtil.isNotEmpty(bkuurl)) return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl); else diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java index 02088eea1..365f36594 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder { @@ -33,10 +32,17 @@ public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder return EID_CITIZEN_QAA_LEVEL_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { + + String qaaLevel = null; + if (authData.getQAALevel().startsWith(STORK_QAA_PREFIX)) + qaaLevel = authData.getQAALevel().substring(STORK_QAA_PREFIX.length()); + else + qaaLevel = authData.getQAALevel(); + return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, - EID_CITIZEN_QAA_LEVEL_NAME, 4); + EID_CITIZEN_QAA_LEVEL_NAME, Integer.valueOf(qaaLevel)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java index 2d86586d2..531369e9a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java @@ -24,19 +24,11 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import java.io.IOException; -import javax.xml.transform.TransformerException; - -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DOMUtils; public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { @@ -44,36 +36,15 @@ public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder { return EID_IDENTITY_LINK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { try { String ilAssertion = null; - if (oaParam.getBusinessService()) { + ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - - Element resignedilAssertion; - - resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink() - .getSamlAssertion()); - - ilAssertion = DOMUtils.serializeNode(resignedilAssertion); - - } else - ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - - return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes())); - } catch (MOAIDException e) { - Logger.warn("IdentityLink serialization error.", e); - return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME); - } catch (TransformerException e) { - Logger.warn("IdentityLink serialization error.", e); - return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, - EID_IDENTITY_LINK_NAME); } catch (IOException e) { Logger.warn("IdentityLink serialization error.", e); return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java index 39d4d29e7..9b85af9f8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java @@ -22,16 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import iaik.x509.X509Certificate; - -import javax.naming.ldap.LdapName; -import javax.naming.ldap.Rdn; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.logging.Logger; public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { @@ -39,35 +32,9 @@ public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder { return EID_ISSUING_NATION_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - String countryCode = "AT"; - - - if (authSession.getStorkAuthnRequest() != null) { - countryCode = authSession.getStorkAuthnRequest() - .getCitizenCountryCode(); - } else { - - //TODO: replace with TSL lookup when TSL is ready! - X509Certificate certificate = authSession.getSignerCertificate(); - - if (certificate != null) { - try { - LdapName ln = new LdapName(certificate.getIssuerDN() - .getName()); - for (Rdn rdn : ln.getRdns()) { - if (rdn.getType().equalsIgnoreCase("C")) { - Logger.info("C is: " + rdn.getValue()); - countryCode = rdn.getValue().toString(); - break; - } - } - } catch (Exception e) { - Logger.error("Failed to extract country code from certificate", e); - } - } - } + String countryCode = authData.getCcc(); return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME, EID_ISSUING_NATION_NAME, countryCode); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java index e8fba6af2..04cc59b10 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java @@ -22,11 +22,14 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import java.io.IOException; + import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; public class EIDSTORKTOKEN implements IPVPAttributeBuilder { @@ -35,21 +38,28 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder { return EID_STORK_TOKEN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (!authSession.isForeigner()) { + if (!authData.isForeigner()) { throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME); } else { - String storkResponse = authSession.getStorkAuthnResponse(); + String storkResponse = authData.getStorkAuthnResponse(); if ( MiscUtil.isEmpty(storkResponse) ) { throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME); } else { - return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, storkResponse); + try { + return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME, + Base64Utils.encode(storkResponse.getBytes())); + + } catch (IOException e) { + Logger.warn("Encode AuthBlock BASE64 failed.", e); + throw new UnavailableAttributeException(EID_STORK_TOKEN_NAME); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java index 807d59050..7f52e1d47 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { @@ -33,7 +32,7 @@ public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder { return EID_SECTOR_FOR_IDENTIFIER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { String bpktype = authData.getBPKType(); return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java index 7cd415ada..df1bc1860 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java @@ -26,9 +26,8 @@ import iaik.util.logging.Log; import java.io.IOException; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.util.Base64Utils; @@ -39,11 +38,11 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder { return EID_SIGNER_CERTIFICATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { try { - byte[] signerCertificate = authSession.getEncodedSignerCertificate(); + byte[] signerCertificate = authData.getSignerCertificate(); if (signerCertificate != null) { return g.buildStringAttribute(EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, EID_SIGNER_CERTIFICATE_NAME, Base64Utils .encode(signerCertificate)); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java index 5bf65da04..a8b703fc2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java @@ -22,10 +22,10 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; public class EIDSourcePIN implements IPVPAttributeBuilder { @@ -34,11 +34,11 @@ public class EIDSourcePIN implements IPVPAttributeBuilder { return EID_SOURCE_PIN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) - throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME); + throw new AttributePolicyException(EID_SOURCE_PIN_NAME); else { return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java index ec509f74b..0681419fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; @@ -34,7 +33,7 @@ public class EIDSourcePINType implements IPVPAttributeBuilder { return EID_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { if (oaParam.getBusinessService()) diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java index 7bd5e2db5..fcde1e9bd 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { @@ -33,9 +32,9 @@ public class GivenNameAttributeBuilder implements IPVPAttributeBuilder { return GIVEN_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName()); + return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authData.getGivenName()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java index 55b16edfb..d66b0ab02 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java @@ -22,15 +22,14 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public interface IAttributeBuilder { public String getName(); - public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData, + public <ATT> ATT build(final OAAuthParameter oaParam, final IAuthData authData, final IAttributeGenerator<ATT> g) throws AttributeException; public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java index 4528aa1fe..670398ff6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java @@ -29,6 +29,7 @@ import javax.xml.transform.TransformerException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -40,13 +41,13 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder return MANDATE_FULL_MANDATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - if (authSession.getMandate() != null) { + if (authData.isUseMandate()) { + if (authData.getMandate() != null) { String fullMandate; try { - fullMandate = DOMUtils.serializeNode(authSession + fullMandate = DOMUtils.serializeNode(authData .getMandate()); return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME, MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes())); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java index 9ab1de50d..9230e47fc 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java @@ -26,9 +26,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -40,10 +39,10 @@ public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttribute return MANDATE_LEG_PER_FULL_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java index ca68704c9..04103f28a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java @@ -27,9 +27,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttribu return MANDATE_LEG_PER_SOURCE_PIN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java index 5656d1769..02e1d7ce0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java @@ -27,9 +27,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -41,10 +40,10 @@ public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttr return MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java index 039fc8af8..38456302c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java @@ -28,10 +28,9 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -44,10 +43,10 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui return MANDATE_NAT_PER_BPK_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } @@ -62,11 +61,6 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - // if(authSession.getBusinessService()) { - // id = MandateBuilder.getWBPKIdentification(physicalPerson); - // } else { - // id = MandateBuilder.getBPKIdentification(physicalPerson); - // } if (id == null) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); @@ -76,7 +70,7 @@ public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBui try { if (id.getType().equals(Constants.URN_PREFIX_BASEID)) { - if (authSession.getBusinessService()) { + if (oaParam.getBusinessService()) { bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java index f5dc277bd..4fcfd4650 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java @@ -31,9 +31,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; @@ -46,10 +45,10 @@ public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttrib return MANDATE_NAT_PER_BIRTHDATE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java index 2a7bafdbc..3452d7ed0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java @@ -29,9 +29,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -43,10 +42,10 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttr return MANDATE_NAT_PER_FAMILY_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java index 4707c385a..59d5c65fe 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java @@ -28,9 +28,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -42,10 +41,10 @@ public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttrib return MANDATE_NAT_PER_GIVEN_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java index 7fbbce9bc..444312759 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java @@ -30,7 +30,9 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -41,10 +43,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri return MANDATE_NAT_PER_SOURCE_PIN_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } @@ -61,12 +63,10 @@ public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttri IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - if(authSession.getBusinessService()) { - id = MandateBuilder.getWBPKIdentification(physicalPerson); - -// } else { -// id = MandateBuilder.getBPKIdentification(physicalPerson); + if(oaParam.getBusinessService()) { + throw new AttributePolicyException(this.getName()); } + if(id == null) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java index 538cee048..6adc9b532 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java @@ -27,9 +27,8 @@ import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType; import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -41,10 +40,10 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt return MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + Element mandate = authData.getMandate(); if(mandate == null) { throw new NoMandateDataAttributeException(); } @@ -60,11 +59,6 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAt } IdentificationType id = null; id = physicalPerson.getIdentification().get(0); - /*if(authSession.getBusinessService()) { - id = MandateBuilder.getWBPKIdentification(physicalPerson); - } else { - id = MandateBuilder.getBPKIdentification(physicalPerson); - }*/ if(id == null) { Logger.error("Failed to generate IdentificationType"); throw new NoMandateDataAttributeException(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java index 814211b24..4c981cb24 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java @@ -22,14 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder { @@ -37,24 +35,24 @@ public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder return MANDATE_PROF_REP_DESC_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if(authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if(authData.isUseMandate()) { + MISMandate mandate = authData.getMISMandate(); + + if(mandate == null) { throw new NoMandateDataAttributeException(); } - String text = AttributeExtractor.extractSAMLAttributeOA( - EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION, - authSession); + String text = mandate.getTextualDescriptionOfOID(); - if(text == null) { + if(MiscUtil.isEmpty(text)) { return null; - } - - return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, - MANDATE_PROF_REP_DESC_NAME, text); + + } else + return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME, + MANDATE_PROF_REP_DESC_NAME, text); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java index b040072a6..1a3311c8a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java @@ -22,14 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import org.w3c.dom.Element; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate; +import at.gv.egovernment.moa.util.MiscUtil; public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { @@ -37,21 +35,21 @@ public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder { return MANDATE_PROF_REP_OID_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + + MISMandate mandate = authData.getMISMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } - String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession); - - if (oid == null) { - return null; - } - - return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid); + String oid = mandate.getProfRep(); + + if(MiscUtil.isEmpty(oid)) + return null; + else + return g.buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME, MANDATE_PROF_REP_OID_NAME, oid); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java index 7e7b57e4f..7b41e9bb6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder { @@ -33,12 +32,12 @@ public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuild return MANDATE_REFERENCE_VALUE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { + if (authData.isUseMandate()) { return g.buildStringAttribute(MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, MANDATE_REFERENCE_VALUE_NAME, - authSession.getMandateReferenceValue()); + authData.getMandateReferenceValue()); } return null; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java index 4842141fc..63165f52a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java @@ -25,9 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; import org.w3c.dom.Element; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException; import at.gv.egovernment.moa.id.util.MandateBuilder; @@ -38,10 +37,10 @@ public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder { return MANDATE_TYPE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - if (authSession.getUseMandate()) { - Element mandate = authSession.getMandate(); + if (authData.isUseMandate()) { + Element mandate = authData.getMandate(); if (mandate == null) { throw new NoMandateDataAttributeException(); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java index e8c410555..674efa0d1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { @@ -33,7 +32,7 @@ public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder { return PVP_VERSION_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME, PVP_VERSION_2_1); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java index c687b2bff..11fdeb232 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java @@ -22,9 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { @@ -33,9 +32,9 @@ public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder { return PRINCIPAL_NAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName()); + return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authData.getFamilyName()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java index b81b30e5b..aff0fc0ef 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAdoptedFamilyNameAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKAdoptedFamilyNameAttributBuilder implements IPVPAttributeBuild return STORKConstants.ADOPTEDFAMILYNAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.ADOPTEDFAMILYNAME_FRIENDLYNAME, STORKConstants.ADOPTEDFAMILYNAME_NAME, - STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.ADOPTEDFAMILYNAME_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java index 98fe853ff..fb7c60a95 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAgeAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKAgeAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKAgeAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.AGE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.AGE_FRIENDLYNAME, STORKConstants.AGE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.AGE_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java index 6d2b031a5..387e49d25 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKAttributHelper.java @@ -26,6 +26,7 @@ import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; import at.gv.egovernment.moa.logging.Logger; @@ -36,7 +37,7 @@ import at.gv.egovernment.moa.logging.Logger; public class STORKAttributHelper { public static String getAttribut(String attributName, - AuthenticationSession authSession) throws UnavailableAttributeException { + IAuthData authSession) throws UnavailableAttributeException { if (!authSession.isForeigner()) { throw new UnavailableAttributeException(attributName); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java index c3d6f070d..ddfa63b51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCanonicalResidenceAddressAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKCanonicalResidenceAddressAttributBuilder implements IPVPAttrib return STORKConstants.CANONICALRESIDENCEADDRESS_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.CANONICALRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.CANONICALRESIDENCEADDRESS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.CANONICALRESIDENCEADDRESS_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java index c873a86ea..08cd65a6d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKCountryCodeOfBirthAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKCountryCodeOfBirthAttributBuilder implements IPVPAttributeBuil return STORKConstants.CONTRYCODEOFBIRTH_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.CONTRYCODEOFBIRTH_FRIENDLYNAME, STORKConstants.CONTRYCODEOFBIRTH_NAME, - STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.CONTRYCODEOFBIRTH_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java index 394bffa31..f3a77708b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKFiscalNumberAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKFiscalNumberAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.FISCALNUMBER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.FISCALNUMBER_FRIENDLYNAME, STORKConstants.FISCALNUMBER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.FISCALNUMBER_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java index 9209e73c4..6f62dbf89 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKGenderAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKGenderAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKGenderAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.GENDER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.GENDER_FRIENDLYNAME, STORKConstants.GENDER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.GENDER_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java index 59f345bd3..65bf9ff6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKInhertedFamilyNameAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKInhertedFamilyNameAttributBuilder implements IPVPAttributeBuil return STORKConstants.INHERITEDFAMILYNAME_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.INHERITEDFAMILYNAME_FRIENDLYNAME, STORKConstants.INHERITEDFAMILYNAME_NAME, - STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.INHERITEDFAMILYNAME_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java index d99833f13..a7a77d7b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKIsAgeOverAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKIsAgeOverAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.ISAGEOVER_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.ISAGEOVER_FRIENDLYNAME, STORKConstants.ISAGEOVER_NAME, - STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.ISAGEOVER_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java index 1e627e723..c6ce4e32a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKMaritalStatusAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKMaritalStatusAttributBuilder implements IPVPAttributeBuilder return STORKConstants.MARITALSTATUS_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.MARITALSTATUS_FRIENDLYNAME, STORKConstants.MARITALSTATUS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.MARITALSTATUS_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java index d46219996..8db5ceeb8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKNationalityCodeAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKNationalityCodeAttributBuilder implements IPVPAttributeBuilder return STORKConstants.NATIONALITYCODE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.NATIONALITYCODE_FRIENDLYNAME, STORKConstants.NATIONALITYCODE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.NATIONALITYCODE_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java index 7bf6716ec..421f8c28d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKPseudonymAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKPseudonymAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.PSEUDONYM_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.PSEUDONYM_FRIENDLYNAME, STORKConstants.PSEUDONYM_NAME, - STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.PSEUDONYM_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java index d47de1ff9..ceff4cf4f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKResidencePermitAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKResidencePermitAttributBuilder implements IPVPAttributeBuilder return STORKConstants.RESIDENCEPERMIT_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.RESIDENCEPERMIT_FRIENDLYNAME, STORKConstants.RESIDENCEPERMIT_NAME, - STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.RESIDENCEPERMIT_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java index c75d6b0fb..1344883bf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTextResidenceAddressAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKTextResidenceAddressAttributBuilder implements IPVPAttributeBu return STORKConstants.TEXTRESIDENCEADDRESS_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.TEXTRESIDENCEADDRESS_FRIENDLYNAME, STORKConstants.TEXTRESIDENCEADDRESS_NAME, - STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.TEXTRESIDENCEADDRESS_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java index 357b2fe0d..5209697d6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/STORKTitleAttributBuilder.java @@ -22,10 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; public class STORKTitleAttributBuilder implements IPVPAttributeBuilder { @@ -34,11 +33,11 @@ public class STORKTitleAttributBuilder implements IPVPAttributeBuilder { return STORKConstants.TITLE_NAME; } - public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData, + public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData, IAttributeGenerator<ATT> g) throws AttributeException { return g.buildStringAttribute(STORKConstants.TITLE_FRIENDLYNAME, STORKConstants.TITLE_NAME, - STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authSession)); + STORKAttributHelper.getAttribut(STORKConstants.TITLE_NAME, authData)); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java index 60fe47364..1e0e2ee51 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributePolicyException.java @@ -20,21 +20,21 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; +package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions; -public class PVP2EncodingException extends PVP2Exception { - - public PVP2EncodingException() { - super("pvp2.01", null); +public class AttributePolicyException extends AttributeException { + + private static final long serialVersionUID = 1L; + + private String attributeName; + + public AttributePolicyException(String attributeName) { + super("Attribute " + attributeName + " is restricted by IDP policy."); + this.attributeName = attributeName; } - public PVP2EncodingException(Throwable wrapped) { - super("pvp2.01", null, wrapped); + public String getAttributeName() { + return attributeName; } - - /** - * - */ - private static final long serialVersionUID = -1348774139990071020L; - + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java index ebfffb648..255fba093 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java @@ -52,9 +52,11 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Contact; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; public class PVPConfiguration { @@ -68,9 +70,11 @@ public class PVPConfiguration { return instance; } - public static final String PVP2_METADATA = "/pvp2/metadata"; - public static final String PVP2_REDIRECT = "/pvp2/redirect"; - public static final String PVP2_POST = "/pvp2/post"; + public static final String PVP2_METADATA = "/pvp2/metadata"; + public static final String PVP2_REDIRECT = "/pvp2/redirect"; + public static final String PVP2_POST = "/pvp2/post"; + public static final String PVP2_SOAP = "/pvp2/soap"; + public static final String PVP2_ATTRIBUTEQUERY = "/pvp2/attributequery"; public static final String PVP_CONFIG_FILE = "pvp2config.properties"; @@ -83,6 +87,9 @@ public class PVPConfiguration { public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias"; public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword"; + public static final String IDP_KEYALIASENCRYTPION = "sp.ks.assertion.encryption.alias"; + public static final String IDP_KEY_PASSENCRYTPION = "sp.ks.assertion.encryption.keypassword"; + public static final String IDP_ISSUER_NAME = "idp.issuer.name"; public static final String METADATA_FILE = "md.dir"; @@ -112,12 +119,14 @@ public class PVPConfiguration { //PVP2 generalpvpconfigdb; Properties props; + String rootDir = null; private PVPConfiguration() { try { //generalpvpconfigdb = AuthConfigurationProvider.getInstance().getGeneralPVP2DBConfig(); props = AuthConfigurationProvider.getInstance().getGeneralPVP2ProperiesConfig(); - + rootDir = AuthConfigurationProvider.getInstance().getRootConfigFileDir(); + } catch (ConfigurationException e) { e.printStackTrace(); } @@ -138,6 +147,14 @@ public class PVPConfiguration { return getIDPPublicPath() + PVP2_POST; } + public String getIDPSSOSOAPService() throws ConfigurationException { + return getIDPPublicPath() + PVP2_SOAP; + } + + public String getIDPAttributeQueryService() throws ConfigurationException { + return getIDPPublicPath() + PVP2_ATTRIBUTEQUERY; + } + public String getIDPSSORedirectService() throws ConfigurationException { return getIDPPublicPath() + PVP2_REDIRECT; } @@ -147,7 +164,7 @@ public class PVPConfiguration { } public String getIDPKeyStoreFilename() { - return props.getProperty(IDP_JAVAKEYSTORE); + return FileUtils.makeAbsoluteURL(props.getProperty(IDP_JAVAKEYSTORE), rootDir); } public String getIDPKeyStorePassword() { @@ -170,6 +187,14 @@ public class PVPConfiguration { return props.getProperty(IDP_KEY_PASSASSERTION); } + public String getIDPKeyAliasAssertionEncryption() { + return props.getProperty(IDP_KEYALIASASSERTION); + } + + public String getIDPKeyPasswordAssertionEncryption() { + return props.getProperty(IDP_KEY_PASSASSERTION); + } + public String getIDPIssuerName() throws ConfigurationException { if (moaIDVersion == null) { @@ -223,7 +248,7 @@ public class PVPConfiguration { public iaik.x509.X509Certificate getTrustEntityCertificate(String entityID) { try { - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); + IOAAuthParameters oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(entityID); if (oaParam == null) { Logger.warn("Online Application with ID " + entityID + " not found!"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java new file mode 100644 index 000000000..69ca4e8f5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionAttributeExtractorExeption.java @@ -0,0 +1,50 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +/** + * @author tlenz + * + */ +public class AssertionAttributeExtractorExeption extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -6459000942830951492L; + + public AssertionAttributeExtractorExeption(String attributeName) { + super("Parse PVP2.1 assertion FAILED: Attribute " + attributeName + + " can not extract.", null); + } + + public AssertionAttributeExtractorExeption(String messageId, + Object[] parameters) { + super(messageId, parameters); + } + + public AssertionAttributeExtractorExeption() { + super("Parse PVP2.1 assertion FAILED. Interfederation not possible", null); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java new file mode 100644 index 000000000..fcd8472b1 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AssertionValidationExeption.java @@ -0,0 +1,49 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +import at.gv.egovernment.moa.id.config.ConfigurationException; + +/** + * @author tlenz + * + */ +public class AssertionValidationExeption extends PVP2Exception { + + private static final long serialVersionUID = -3987805399122286259L; + + public AssertionValidationExeption(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + /** + * @param string + * @param object + * @param e + */ + public AssertionValidationExeption(String string, Object[] parameters, + Throwable e) { + super(string, parameters, e); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java index fdc8c8d39..9008a7183 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/AttributQueryException.java @@ -1,4 +1,4 @@ -/******************************************************************************* +/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. @@ -19,21 +19,26 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ + */ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; -import org.opensaml.saml2.core.StatusCode; - -public class NoAuthContextException extends PVP2Exception { +/** + * @author tlenz + * + */ +public class AttributQueryException extends PVP2Exception { /** * */ - private static final long serialVersionUID = 7040652043174500992L; + private static final long serialVersionUID = -4302422507173728748L; - public NoAuthContextException() { - super("pvp2.04", null); - this.statusCodeValue = StatusCode.REQUESTER_URI; + public AttributQueryException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + + public AttributQueryException(String messageId, Object[] parameters, Throwable e) { + super(messageId, parameters, e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java index 69da5c09c..b49070bd6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java @@ -30,7 +30,7 @@ public class InvalidAssertionEncryptionException extends PVP2Exception { public InvalidAssertionEncryptionException() { super("pvp2.16", new Object[]{}); - this.statusCodeValue = StatusCode.REQUESTER_URI; + this.statusCodeValue = StatusCode.RESPONDER_URI; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java new file mode 100644 index 000000000..204e1c2a5 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NOSLOServiceDescriptorException.java @@ -0,0 +1,44 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +/** + * @author tlenz + * + */ +public class NOSLOServiceDescriptorException extends PVP2Exception { + + /** + * + */ + private static final long serialVersionUID = -3073730570511152661L; + + /** + * @param messageId + * @param parameters + */ + public NOSLOServiceDescriptorException(String messageId, Object[] parameters) { + super(messageId, parameters); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java index b5facde34..87e443930 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java @@ -22,10 +22,14 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; +import org.opensaml.saml2.core.StatusCode; + public class NameIDFormatNotSupportedException extends AuthnRequestValidatorException { public NameIDFormatNotSupportedException(String nameIDFormat) { super("pvp2.12", new Object[] {nameIDFormat}); + statusCodeValue = StatusCode.INVALID_NAMEID_POLICY_URI; + } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java new file mode 100644 index 000000000..9f1b6168e --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SLOException.java @@ -0,0 +1,41 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions; + +/** + * @author tlenz + * + */ +public class SLOException extends PVP2Exception { + private static final long serialVersionUID = -5284624715788385022L; + + /** + * @param messageId + * @param parameters + */ + public SLOException(String messageId, Object[] parameters) { + super(messageId, parameters); + // TODO Auto-generated constructor stub + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java index 11054fd57..332caf967 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessage.java @@ -1,4 +1,4 @@ -/******************************************************************************* +/* * Copyright 2014 Federal Chancellery Austria * MOA-ID has been developed in a cooperation between BRZ, the Federal * Chancellery Austria - ICT staff unit, and Graz University of Technology. @@ -19,106 +19,96 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; import java.io.Serializable; -import org.opensaml.Configuration; -import org.opensaml.saml2.core.RequestAbstractType; -import org.opensaml.saml2.core.impl.RequestAbstractTypeMarshaller; -import org.opensaml.saml2.core.impl.RequestAbstractTypeUnmarshaller; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.io.Unmarshaller; -import org.opensaml.xml.io.UnmarshallerFactory; -import org.opensaml.xml.io.UnmarshallingException; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.logging.Logger; -public class MOARequest implements Serializable{ +/** + * @author tlenz + * + */ +public class InboundMessage implements InboundMessageInterface, Serializable{ private static final long serialVersionUID = 2395131650841669663L; - private Element samlRequest; + private Element samlMessage = null; private boolean verified = false; private String entityID = null; private String relayState = null; - public MOARequest(RequestAbstractType request) { - samlRequest = request.getDOM(); - } - - public RequestAbstractType getSamlRequest() { - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(samlRequest); + + public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException { try { - return (RequestAbstractType) unmashaller.unmarshall(samlRequest); + return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID); - } catch (UnmarshallingException e) { - Logger.warn("AuthnRequest Unmarshaller error", e); - return null; - } - + } catch (MetadataProviderException e) { + Logger.warn("No Metadata for EntitiyID " + entityID); + throw new NoMetadataInformationException(); + } } - - /** - * @return the relayState + * @param entitiyID the entitiyID to set */ - public String getRelayState() { - return relayState; + public void setEntityID(String entitiyID) { + this.entityID = entitiyID; } - + + public void setVerified(boolean verified) { + this.verified = verified; + } + /** * @param relayState the relayState to set */ public void setRelayState(String relayState) { this.relayState = relayState; } - - public void setSamlRequest(RequestAbstractType request) { - this.samlRequest = request.getDOM(); - } - - public boolean isVerified() { - return verified; - } - - public void setVerified(boolean verified) { - this.verified = verified; + + public void setSAMLMessage(Element msg) { + this.samlMessage = msg; } - - public EntityDescriptor getEntityMetadata() throws NoMetadataInformationException { - - try { - return MOAMetadataProvider.getInstance().getEntityDescriptor(this.entityID); - - } catch (MetadataProviderException e) { - Logger.warn("No Metadata for EntitiyID " + entityID); - throw new NoMetadataInformationException(); - } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getRelayState() + */ + @Override + public String getRelayState() { + return relayState; } - /** - * @return the entitiyID + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getEntityID() */ + @Override public String getEntityID() { return entityID; } - /** - * @param entitiyID the entitiyID to set + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#isVerified() */ - public void setEntityID(String entitiyID) { - this.entityID = entitiyID; + @Override + public boolean isVerified() { + return verified; } - + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.messages.PVP21InboundMessage#getInboundMessage() + */ + @Override + public Element getInboundMessage() { + return samlMessage; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java new file mode 100644 index 000000000..60a6f069a --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/InboundMessageInterface.java @@ -0,0 +1,38 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; + +import org.w3c.dom.Element; + +/** + * @author tlenz + * + */ +public interface InboundMessageInterface { + + public String getRelayState(); + public String getEntityID(); + public boolean isVerified(); + public Element getInboundMessage(); + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java new file mode 100644 index 000000000..7679e74a6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOARequest.java @@ -0,0 +1,66 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; + + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.RequestAbstractType; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.opensaml.xml.signature.SignableXMLObject; + +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.logging.Logger; + +public class MOARequest extends InboundMessage{ + + private static final long serialVersionUID = 8613921176727607896L; + + private String binding = null; + + public MOARequest(SignableXMLObject inboundMessage, String binding) { + setSAMLMessage(inboundMessage.getDOM()); + this.binding = binding; + + } + + public String getRequestBinding() { + return binding; + } + + public SignableXMLObject getSamlRequest() { + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); + + try { + return (SignableXMLObject) unmashaller.unmarshall(getInboundMessage()); + + } catch (UnmarshallingException e) { + Logger.warn("AuthnRequest Unmarshaller error", e); + return null; + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java index 3d21d95c4..870273cf3 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/messages/MOAResponse.java @@ -20,41 +20,37 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.binding; +package at.gv.egovernment.moa.id.protocols.pvp2x.messages; +import org.opensaml.Configuration; import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; -public class MOAResponse { - private Response samlResponse; - private EntityDescriptor entityMetadata; - private boolean verified = false; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.logging.Logger; - public MOAResponse(Response response) { - samlResponse = response; - } - - public Response getSamlResponse() { - return samlResponse; - } - - public void setSamlResponse(Response samlResponse) { - this.samlResponse = samlResponse; - } +public class MOAResponse extends InboundMessage { + + private static final long serialVersionUID = -1133012928130138501L; - public boolean isVerified() { - return verified; + public MOAResponse(Response response) { + setSAMLMessage(response.getDOM()); } - public void setVerified(boolean verified) { - this.verified = verified; + public Response getResponse() { + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmashaller = unmarshallerFactory.getUnmarshaller(getInboundMessage()); + + try { + return (Response) unmashaller.unmarshall(getInboundMessage()); + + } catch (UnmarshallingException e) { + Logger.warn("AuthnResponse Unmarshaller error", e); + return null; + } + } - public EntityDescriptor getEntityMetadata() { - return entityMetadata; - } - - public void setEntityMetadata(EntityDescriptor entityMetadata) { - this.entityMetadata = entityMetadata; - } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java index 6d9022bd9..a57fb5717 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java @@ -22,6 +22,7 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.metadata; +import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Collection; import java.util.Date; @@ -31,9 +32,10 @@ import java.util.List; import java.util.Map; import java.util.Timer; +import javax.net.ssl.SSLHandshakeException; import javax.xml.namespace.QName; -import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -46,9 +48,15 @@ import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead; +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2; import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.InterfederatedIDPPublicServiceFilter; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -118,14 +126,15 @@ public class MOAMetadataProvider implements MetadataProvider { } } + //set Timestamp + Date oldTimeStamp = timestamp; + timestamp = new Date(); + //load all PVP2 OAs form ConfigurationDatabase and //compare actually loaded Providers with configured PVP2 OAs List<OnlineApplication> oaList = ConfigurationDBRead .getAllActiveOnlineApplications(); - - //set Timestamp - timestamp = new Date(); - + Iterator<OnlineApplication> oaIt = oaList.iterator(); while (oaIt.hasNext()) { HTTPMetadataProvider httpProvider = null; @@ -138,7 +147,16 @@ public class MOAMetadataProvider implements MetadataProvider { String metadataurl = pvp2Config.getMetadataURL(); if (loadedproviders.containsKey(metadataurl)) { - //PVP2 OA is actually loaded, to nothing + + if (pvp2Config.getUpdateRequiredItem() != null && + pvp2Config.getUpdateRequiredItem().after(oldTimeStamp)) { + //PVP2 OA is actually loaded, but update is requested + Logger.info("Reload metadata for: " + oa.getFriendlyName()); + loadedproviders.get(metadataurl).refresh(); + + } + + // PVP2 OA is actually loaded, to nothing providersinuse.put(metadataurl, loadedproviders.get(metadataurl)); loadedproviders.remove(metadataurl); @@ -146,11 +164,14 @@ public class MOAMetadataProvider implements MetadataProvider { } else if ( MiscUtil.isNotEmpty(metadataurl) && !providersinuse.containsKey(metadataurl) ) { //PVP2 OA is new, add it to MOAMetadataProvider + Logger.info("Loading metadata for: " + oa.getFriendlyName()); httpProvider = createNewHTTPMetaDataProvider( pvp2Config.getMetadataURL(), pvp2Config.getCertificate(), - oa.getFriendlyName()); + oa.getFriendlyName(), + buildMetadataFilterChain(oa, pvp2Config.getMetadataURL(), + pvp2Config.getCertificate())); if (httpProvider != null) providersinuse.put(metadataurl, httpProvider); @@ -256,7 +277,9 @@ public class MOAMetadataProvider implements MetadataProvider { httpProvider = createNewHTTPMetaDataProvider( metadataURL, pvp2Config.getCertificate(), - oa.getFriendlyName()); + oa.getFriendlyName(), + buildMetadataFilterChain(oa, metadataURL, + pvp2Config.getCertificate())); if (httpProvider != null) providersinuse.put(metadataURL, httpProvider); @@ -295,13 +318,45 @@ public class MOAMetadataProvider implements MetadataProvider { timestamp = new Date(); } - private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) { + private MetadataFilterChain buildMetadataFilterChain(OnlineApplication oa, String metadataURL, byte[] certificate) throws CertificateException { + MetadataFilterChain filterChain = new MetadataFilterChain(metadataURL, certificate); + + if (oa.isIsInterfederationIDP() != null && oa.isIsInterfederationIDP()) { + Logger.info("Online-Application is an interfederated IDP. Add addional Metadata policies"); + filterChain.getFilters().add(new InterfederatedIDPPublicServiceFilter(metadataURL, oa.getType())); + + } + + return filterChain; + } + + private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName, MetadataFilterChain filter) { HTTPMetadataProvider httpProvider = null; Timer timer= null; - - try { + MOAHttpClient httpClient = null; + try { + httpClient = new MOAHttpClient(); + + if (metadataURL.startsWith("https:")) { + try { + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProvider.getInstance().getCertstoreDirectory(), + AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + null, + ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + timer = new Timer(); - httpProvider = new HTTPMetadataProvider(timer, new HttpClient(), + httpProvider = new HTTPMetadataProvider(timer, httpClient, metadataURL); httpProvider.setParserPool(new BasicParserPool()); httpProvider.setRequireValidMetadata(true); @@ -309,17 +364,20 @@ public class MOAMetadataProvider implements MetadataProvider { httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours //httpProvider.setRefreshDelayFactor(0.1F); - // TODO: use proper SSL checking - - MetadataFilter filter = new MetadataSignatureFilter( - metadataURL, certificate); + if (filter == null) { + filter = new MetadataFilterChain(metadataURL, certificate); + } httpProvider.setMetadataFilter(filter); httpProvider.initialize(); return httpProvider; - - + } catch (Throwable e) { + if (e.getCause() != null && e.getCause().getCause() instanceof SSLHandshakeException) { + Logger.warn("SSL-Server certificate for metadata " + + metadataURL + " not trusted.", e); + } + Logger.error( "Failed to add Metadata file for " + oaName + "[ " diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java index 04ef4cdbf..303fc2924 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java @@ -30,10 +30,12 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry import org.opensaml.saml2.core.ArtifactResolve; import org.opensaml.saml2.core.ArtifactResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.RequestDeniedException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; @@ -41,18 +43,18 @@ import at.gv.egovernment.moa.logging.Logger; public class ArtifactResolution implements IRequestHandler { - public boolean handleObject(MOARequest obj) { - return (obj.getSamlRequest() instanceof ArtifactResolve); + public boolean handleObject(InboundMessage obj) { + return (obj instanceof MOARequest && + ((MOARequest)obj).getSamlRequest() instanceof ArtifactResolve); } - public String process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + HttpServletResponse resp, IAuthData authData) throws MOAIDException { if (!handleObject(obj)) { throw new MOAIDException("pvp2.13", null); } - - ArtifactResolve artifactResolve = (ArtifactResolve) obj - .getSamlRequest(); + + ArtifactResolve artifactResolve = (ArtifactResolve) ((MOARequest)obj).getSamlRequest(); String artifactID = artifactResolve.getArtifact().getArtifact(); PVPAssertionStorage pvpAssertion = PVPAssertionStorage.getInstance(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java index fd7ff9885..ca5210d21 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java @@ -22,72 +22,55 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; -import java.util.ArrayList; -import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; -import org.opensaml.Configuration; import org.opensaml.common.xml.SAMLConstants; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.AuthnRequest; -import org.opensaml.saml2.core.EncryptedAssertion; -import org.opensaml.saml2.core.Issuer; -import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Response; -import org.opensaml.saml2.encryption.Encrypter; -import org.opensaml.saml2.encryption.Encrypter.KeyPlacement; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; -import org.opensaml.security.MetadataCredentialResolver; -import org.opensaml.security.MetadataCriteria; import org.opensaml.ws.message.encoder.MessageEncodingException; -import org.opensaml.xml.encryption.EncryptionException; -import org.opensaml.xml.encryption.EncryptionParameters; -import org.opensaml.xml.encryption.KeyEncryptionParameters; -import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.SecurityException; -import org.opensaml.xml.security.credential.UsageType; -import org.opensaml.xml.security.criteria.EntityIDCriteria; -import org.opensaml.xml.security.criteria.UsageCriteria; -import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory; -import org.opensaml.xml.security.x509.X509Credential; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AuthResponseBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; public class AuthnRequestHandler implements IRequestHandler, PVPConstants { - public boolean handleObject(MOARequest obj) { - return (obj.getSamlRequest() instanceof AuthnRequest); + public boolean handleObject(InboundMessage obj) { + + return (obj instanceof MOARequest && + ((MOARequest)obj).getSamlRequest() instanceof AuthnRequest); } - public String process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException { + public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + HttpServletResponse resp, IAuthData authData) throws MOAIDException { if (!handleObject(obj)) { throw new MOAIDException("pvp2.13", null); } - + //get basic information - AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest(); + MOARequest moaRequest = (MOARequest) obj; + AuthnRequest authnRequest = (AuthnRequest) moaRequest.getSamlRequest(); EntityDescriptor peerEntity = obj.getEntityMetadata(); SPSSODescriptor spSSODescriptor = peerEntity .getSPSSODescriptor(SAMLConstants.SAML20P_NS); @@ -113,91 +96,14 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { DateTime date = new DateTime(); - //build Assertion - Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date, consumerService); - - Response authResponse = SAML2Utils.createSAMLObject(Response.class); - - Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class); - - //change to entity value from entity name to IDP EntityID (URL) - nissuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath()); - nissuer.setFormat(NameID.ENTITY); - authResponse.setIssuer(nissuer); - authResponse.setInResponseTo(authnRequest.getID()); - - //set responseID - String remoteSessionID = SAML2Utils.getSecureIdentifier(); - authResponse.setID(remoteSessionID); - + SLOInformationImpl sloInformation = new SLOInformationImpl(); - //SAML2 response required IssueInstant - authResponse.setIssueInstant(date); + //build Assertion + Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authData, + peerEntity, date, consumerService, sloInformation); - authResponse.setStatus(SAML2Utils.getSuccessStatus()); - - String oaURL = consumerService.getLocation(); - - //check, if metadata includes an encryption key - MetadataCredentialResolver mdCredResolver = - new MetadataCredentialResolver(MOAMetadataProvider.getInstance()); - - CriteriaSet criteriaSet = new CriteriaSet(); - criteriaSet.add( new EntityIDCriteria(obj.getSamlRequest().getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); - criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) ); - - X509Credential encryptionCredentials = null; - try { - encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet); - - } catch (SecurityException e2) { - Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2); - throw new InvalidAssertionEncryptionException(); - - } - - boolean isEncryptionActive = AuthConfigurationProvider.getInstance().isPVP2AssertionEncryptionActive(); - if (encryptionCredentials != null && isEncryptionActive) { - //encrypt SAML2 assertion - - try { - - EncryptionParameters dataEncParams = new EncryptionParameters(); - dataEncParams.setAlgorithm(PVPConstants.DEFAULT_SYM_ENCRYPTION_METHODE); - - List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>(); - KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); - - keyEncParam.setEncryptionCredential(encryptionCredentials); - keyEncParam.setAlgorithm(PVPConstants.DEFAULT_ASYM_ENCRYPTION_METHODE); - KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration() - .getKeyInfoGeneratorManager().getDefaultManager() - .getFactory(encryptionCredentials); - keyEncParam.setKeyInfoGenerator(kigf.newInstance()); - keyEncParamList.add(keyEncParam); - - Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); - //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE); - samlEncrypter.setKeyPlacement(KeyPlacement.PEER); - - EncryptedAssertion encryptAssertion = null; - - encryptAssertion = samlEncrypter.encrypt(assertion); - - authResponse.getEncryptedAssertions().add(encryptAssertion); - - } catch (EncryptionException e1) { - Logger.warn("Can not encrypt the PVP2 assertion", e1); - throw new InvalidAssertionEncryptionException(); - - } - - } else { - authResponse.getAssertions().add(assertion); - - } - + Response authResponse = AuthResponseBuilder.buildResponse(authnRequest, date, assertion); + IEncoder binding = null; if (consumerService.getBinding().equals( @@ -218,32 +124,21 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants { if (binding == null) { throw new BindingNotSupportedException(consumerService.getBinding()); } - + try { - binding.encodeRespone(req, resp, authResponse, oaURL, obj.getRelayState()); - // TODO add remoteSessionID to AuthSession ExternalPVPSessionStore - -// Logger logger = new Logger(); -// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse))); - - - return assertion.getID(); + binding.encodeRespone(req, resp, authResponse, + consumerService.getLocation(), obj.getRelayState()); + + return sloInformation; } catch (MessageEncodingException e) { Logger.error("Message Encoding exception", e); throw new MOAIDException("pvp2.01", null, e); + } catch (SecurityException e) { Logger.error("Security exception", e); throw new MOAIDException("pvp2.01", null, e); -// } catch (TransformerException e) { -// Logger.error("Security exception", e); -// throw new MOAIDException("pvp2.01", null, e); -// } catch (IOException e) { -// Logger.error("Security exception", e); -// throw new MOAIDException("pvp2.01", null, e); -// } catch (MarshallingException e) { -// Logger.error("Security exception", e); -// throw new MOAIDException("pvp2.01", null, e); + } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java index 92a47adb3..d1ae0b202 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java @@ -25,13 +25,15 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; public interface IRequestHandler { - public boolean handleObject(MOARequest obj); + public boolean handleObject(InboundMessage obj); - public String process(MOARequest obj, HttpServletRequest req, - HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException; + public SLOInformationInterface process(InboundMessage obj, HttpServletRequest req, + HttpServletResponse resp, IAuthData authData) throws MOAIDException; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java index a4f43a97a..5b9bf940d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java @@ -29,9 +29,12 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported; public class RequestManager { @@ -53,13 +56,13 @@ public class RequestManager { handler.add(new ArtifactResolution()); } - public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession) + public SLOInformationInterface handle(InboundMessage obj, HttpServletRequest req, HttpServletResponse resp, IAuthData authData) throws SAMLRequestNotSupported, MOAIDException { Iterator<IRequestHandler> it = handler.iterator(); while(it.hasNext()) { IRequestHandler handler = it.next(); if(handler.handleObject(obj)) { - return handler.process(obj, req, resp, moasession); + return handler.process(obj, req, resp, authData); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java index d95e21a0e..48e435777 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java @@ -39,6 +39,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.MiscUtil; public class CredentialProvider { @@ -86,7 +87,32 @@ public class CredentialProvider { throw new CredentialsNotAvailableException(e.getMessage(), null); } } - + + public static X509Credential getIDPAssertionEncryptionCredential() + throws CredentialsNotAvailableException { + PVPConfiguration config = PVPConfiguration.getInstance(); + try { + if (keyStore == null) + keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(), + config.getIDPKeyStorePassword()); + + //if no encryption key is configured return null + if (MiscUtil.isEmpty(config.getIDPKeyAliasAssertionEncryption())) + return null; + + MOAKeyStoreX509CredentialAdapter credentials = new MOAKeyStoreX509CredentialAdapter( + keyStore, config.getIDPKeyAliasAssertionEncryption(), config + .getIDPKeyPasswordAssertionEncryption().toCharArray()); + + credentials.setUsageType(UsageType.ENCRYPTION); + return (X509Credential) credentials; + } catch (Exception e) { + Logger.error("Failed to generate IDP Assertion Encryption credentials"); + e.printStackTrace(); + throw new CredentialsNotAvailableException(e.getMessage(), null); + } + } + public static Signature getIDPSignature(Credential credentials) { PrivateKey privatekey = credentials.getPrivateKey(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java new file mode 100644 index 000000000..61b481447 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -0,0 +1,111 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.List; + +import org.opensaml.saml2.core.Assertion; +import org.opensaml.saml2.core.AuthnContextClassRef; +import org.opensaml.saml2.core.AuthnStatement; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.Subject; + +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class AssertionAttributeExtractor { + + private Assertion assertion = null; + + public AssertionAttributeExtractor(Response samlResponse) throws AssertionAttributeExtractorExeption { + if (samlResponse != null) { + if (samlResponse.getAssertions().size() == 0) + throw new AssertionAttributeExtractorExeption("Assertion"); + + else if (samlResponse.getAssertions().size() > 1) + Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used."); + + assertion = samlResponse.getAssertions().get(0); + + } else + throw new AssertionAttributeExtractorExeption(); + } + + public String getNameID() throws AssertionAttributeExtractorExeption { + if (assertion.getSubject() != null) { + Subject subject = assertion.getSubject(); + + if (subject.getNameID() != null) { + if (MiscUtil.isNotEmpty(subject.getNameID().getValue())) + return subject.getNameID().getValue(); + + else + Logger.error("SAML2 NameID Element is empty."); + } + } + + throw new AssertionAttributeExtractorExeption("nameID"); + } + + public String getSessionIndex() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + + if (MiscUtil.isNotEmpty(authn.getSessionIndex())) + return authn.getSessionIndex(); + + else + throw new AssertionAttributeExtractorExeption("SessionIndex"); + } + + /** + * @return + * @throws AssertionAttributeExtractorExeption + */ + public String getQAALevel() throws AssertionAttributeExtractorExeption { + AuthnStatement authn = getAuthnStatement(); + if (authn.getAuthnContext() != null && authn.getAuthnContext().getAuthnContextClassRef() != null) { + AuthnContextClassRef qaaClass = authn.getAuthnContext().getAuthnContextClassRef(); + + if (MiscUtil.isNotEmpty(qaaClass.getAuthnContextClassRef())) + return qaaClass.getAuthnContextClassRef(); + + else + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef (QAALevel)"); + } + + throw new AssertionAttributeExtractorExeption("AuthnContextClassRef"); + } + + private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { + List<AuthnStatement> authnList = assertion.getAuthnStatements(); + if (authnList.size() == 0) + throw new AssertionAttributeExtractorExeption("AuthnStatement"); + + else if (authnList.size() > 1) + Logger.warn("Found more then ONE AuthnStatements in PVP2.1 assertions. Only the First is used."); + + return authnList.get(0); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java deleted file mode 100644 index 666bfab3c..000000000 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java +++ /dev/null @@ -1,85 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.utils; - -import java.util.Iterator; -import java.util.List; - -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; -import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; - -public class AttributeExtractor { - - public static String extractSAMLAttributeOA(String name, - AuthenticationSession authSession) { - List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA(); - if(extAttributes == null) { - return null; - } - Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator(); - while(extAttributesIt.hasNext()) { - Object attr = extAttributesIt.next(); - if(attr instanceof ExtendedSAMLAttribute) { - ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; - if(extAttribute.getName().equals(name)) { - if(extAttribute.getValue() instanceof String) { - return extAttribute.getValue().toString(); - } - break; - } - } - } - return null; - } - - public static String extractSAMLAttributeAUTH(String name, - AuthenticationSession authSession) { - List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH(); - if(extAttributes == null) { - return null; - } - Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator(); - while(extAttributesIt.hasNext()) { - Object attr = extAttributesIt.next(); - if(attr instanceof ExtendedSAMLAttribute) { - ExtendedSAMLAttribute extAttribute = (ExtendedSAMLAttribute) attr; - if(extAttribute.getName().equals(name)) { - if(extAttribute.getValue() instanceof String) { - return extAttribute.getValue().toString(); - } - break; - } - } - } - return null; - } - - public static String extractSAMLAttributeBOTH(String name, - AuthenticationSession authSession) { - String value = extractSAMLAttributeOA(name, authSession); - if(value == null) { - value = extractSAMLAttributeAUTH(name, authSession); - } - return value; - } -} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java new file mode 100644 index 000000000..12de97a3f --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java @@ -0,0 +1,93 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.utils; + +import java.util.List; + +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; +import org.opensaml.ws.soap.client.BasicSOAPMessageContext; +import org.opensaml.ws.soap.client.http.HttpClientBuilder; +import org.opensaml.ws.soap.client.http.HttpSOAPClient; +import org.opensaml.ws.soap.common.SOAPException; +import org.opensaml.ws.soap.soap11.Body; +import org.opensaml.ws.soap.soap11.Envelope; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.opensaml.xml.security.SecurityException; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MOASAMLSOAPClient { + + public static List<XMLObject> send(String destination, XMLObject payLoad) throws ConfigurationException, SOAPException, SecurityException { + //build SOAP request + BasicParserPool parserPool = new BasicParserPool(); + parserPool.setNamespaceAware(true); + + Envelope soapRequest = SAML2Utils.buildSOAP11Envelope(payLoad); + + BasicSOAPMessageContext soapContext = new BasicSOAPMessageContext(); + soapContext.setOutboundMessage(soapRequest); + + HttpClientBuilder clientBuilder = new HttpClientBuilder(); + if (destination.startsWith("https")) { + try { + SecureProtocolSocketFactory sslprotocolsocketfactory = + new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + AuthConfigurationProvider.getInstance().getCertstoreDirectory(), + AuthConfigurationProvider.getInstance().getTrustedCACertificates(), + null, + ChainingModeType.fromValue(AuthConfigurationProvider.getInstance().getDefaultChainingMode()), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking()); + clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory ); + + } catch (MOAHttpProtocolSocketFactoryException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore."); + + } + } + + HttpSOAPClient soapClient = new HttpSOAPClient(clientBuilder.buildClient(), parserPool); + + //send request to IDP + soapClient.send(destination, soapContext); + + //parse response + Envelope soapResponse = (Envelope) soapContext.getInboundMessage(); + Body soapBody = soapResponse.getBody(); + + return soapBody.getUnknownXMLObjects(); + + } +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index b52e37e06..9d57c2bae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -38,6 +38,8 @@ import org.opensaml.saml2.core.Status; import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.metadata.AssertionConsumerService; import org.opensaml.saml2.metadata.SPSSODescriptor; +import org.opensaml.ws.soap.soap11.Body; +import org.opensaml.ws.soap.soap11.Envelope; import org.opensaml.xml.XMLObject; import org.opensaml.xml.XMLObjectBuilderFactory; import org.opensaml.xml.io.Marshaller; @@ -115,4 +117,15 @@ public class SAML2Utils { return 0; } + + public static Envelope buildSOAP11Envelope(XMLObject payload) { + XMLObjectBuilderFactory bf = Configuration.getBuilderFactory(); + Envelope envelope = (Envelope) bf.getBuilder(Envelope.DEFAULT_ELEMENT_NAME).buildObject(Envelope.DEFAULT_ELEMENT_NAME); + Body body = (Body) bf.getBuilder(Body.DEFAULT_ELEMENT_NAME).buildObject(Body.DEFAULT_ELEMENT_NAME); + + body.getUnknownXMLObjects().add(payload); + envelope.setBody(body); + + return envelope; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java index ac222ee54..6388042d9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java @@ -22,21 +22,60 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +import java.util.ArrayList; +import java.util.List; + +import org.joda.time.DateTime; import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.core.Conditions; +import org.opensaml.saml2.core.EncryptedAssertion; import org.opensaml.saml2.core.RequestAbstractType; import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.saml2.encryption.Decrypter; +import org.opensaml.saml2.encryption.EncryptedElementTypeEncryptedKeyResolver; +import org.opensaml.saml2.metadata.IDPSSODescriptor; import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.security.MetadataCriteria; import org.opensaml.security.SAMLSignatureProfileValidator; +import org.opensaml.xml.encryption.ChainingEncryptedKeyResolver; +import org.opensaml.xml.encryption.DecryptionException; +import org.opensaml.xml.encryption.InlineEncryptedKeyResolver; +import org.opensaml.xml.encryption.SimpleRetrievalMethodEncryptedKeyResolver; import org.opensaml.xml.security.CriteriaSet; import org.opensaml.xml.security.credential.UsageType; import org.opensaml.xml.security.criteria.EntityIDCriteria; import org.opensaml.xml.security.criteria.UsageCriteria; +import org.opensaml.xml.security.keyinfo.StaticKeyInfoCredentialResolver; +import org.opensaml.xml.security.x509.X509Credential; import org.opensaml.xml.signature.SignatureTrustEngine; import org.opensaml.xml.validation.ValidationException; +import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider; +import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.logging.Logger; + public class SAMLVerificationEngine { + + public void verify(InboundMessage msg, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { + if (msg instanceof MOARequest && + ((MOARequest)msg).getSamlRequest() instanceof RequestAbstractType) + verifyRequest(((RequestAbstractType)((MOARequest)msg).getSamlRequest()), sigTrustEngine); + + else + verifyResponse(((MOAResponse)msg).getResponse(), sigTrustEngine); + + } + + public void verifyResponse(Response samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception { SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); try { @@ -48,16 +87,16 @@ public class SAMLVerificationEngine { CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add( new EntityIDCriteria(samlObj.getIssuer().getValue()) ); - criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); + criteriaSet.add( new MetadataCriteria(IDPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) ); criteriaSet.add( new UsageCriteria(UsageType.SIGNING) ); try { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { - throw new Exception("Signature was either invalid or signing key could not be established as trusted"); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } catch (SecurityException e) { - // Indicates processing error evaluating the signature e.printStackTrace(); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } @@ -78,12 +117,96 @@ public class SAMLVerificationEngine { try { if (!sigTrustEngine.validate(samlObj.getSignature(), criteriaSet)) { - throw new Exception("Signature was either invalid or signing key could not be established as trusted"); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } catch (SecurityException e) { - // Indicates processing error evaluating the signature - e.printStackTrace(); + e.printStackTrace(); + throw new InvalidProtocolRequestException("pvp2.21", new Object[] {}); } } + public static void validateAssertion(Response samlResp, boolean validateDestination) throws AssertionValidationExeption { + try { + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + List<org.opensaml.saml2.core.Assertion> saml2assertions = new ArrayList<org.opensaml.saml2.core.Assertion>(); + + if (validateDestination && !samlResp.getDestination().startsWith( + PVPConfiguration.getInstance().getIDPPublicPath())) { + Logger.warn("PVP 2.1 assertion destination does not match to IDP URL"); + throw new AssertionValidationExeption("PVP 2.1 assertion destination does not match to IDP URL", null); + + } + + //check encrypted Assertion + List<EncryptedAssertion> encryAssertionList = samlResp.getEncryptedAssertions(); + if (encryAssertionList != null && encryAssertionList.size() > 0) { + //decrypt assertions + + Logger.debug("Found encryped assertion. Start decryption ..."); + + X509Credential authDecCredential = CredentialProvider.getIDPAssertionEncryptionCredential(); + + StaticKeyInfoCredentialResolver skicr = + new StaticKeyInfoCredentialResolver(authDecCredential); + + ChainingEncryptedKeyResolver encryptedKeyResolver = new ChainingEncryptedKeyResolver(); + encryptedKeyResolver.getResolverChain().add( new InlineEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new EncryptedElementTypeEncryptedKeyResolver() ); + encryptedKeyResolver.getResolverChain().add( new SimpleRetrievalMethodEncryptedKeyResolver() ); + + Decrypter samlDecrypter = + new Decrypter(null, skicr, encryptedKeyResolver); + + for (EncryptedAssertion encAssertion : encryAssertionList) { + saml2assertions.add(samlDecrypter.decrypt(encAssertion)); + + } + + Logger.debug("Assertion decryption finished. "); + + } else { + saml2assertions.addAll(samlResp.getAssertions()); + + } + + for (org.opensaml.saml2.core.Assertion saml2assertion : saml2assertions) { + + Conditions conditions = saml2assertion.getConditions(); + DateTime notbefore = conditions.getNotBefore(); + DateTime notafter = conditions.getNotOnOrAfter(); + if ( notbefore.isAfterNow() || notafter.isBeforeNow() ) { + Logger.warn("PVP2 Assertion is out of Date"); + saml2assertions.remove(saml2assertion); + + } + } + + if (saml2assertions.isEmpty()) { + Logger.info("No valid PVP 2.1 assertion received."); + throw new AssertionValidationExeption("No valid PVP 2.1 assertion received.", null); + } + + samlResp.getAssertions().clear(); + samlResp.getEncryptedAssertions().clear(); + samlResp.getAssertions().addAll(saml2assertions); + + } else { + Logger.info("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue()); + throw new AssertionValidationExeption("PVP 2.1 assertion includes an error. Receive errorcode " + + samlResp.getStatus().getStatusCode().getValue(), null); + } + + } catch (CredentialsNotAvailableException e) { + Logger.warn("Assertion decrypt FAILED - No Credentials", e); + throw new AssertionValidationExeption("Assertion decrypt FAILED - No Credentials", null, e); + + } catch (DecryptionException e) { + Logger.warn("Assertion decrypt FAILED.", e); + throw new AssertionValidationExeption("Assertion decrypt FAILED.", null, e); + + } catch (ConfigurationException e) { + throw new AssertionValidationExeption("pvp.12", null, e); + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java new file mode 100644 index 000000000..3d608fd6d --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/InterfederatedIDPPublicServiceFilter.java @@ -0,0 +1,76 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import at.gv.egovernment.moa.id.commons.db.dao.config.InterfederationIDPType; +import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class InterfederatedIDPPublicServiceFilter implements MetadataFilter { + + private String metadataURL; + private boolean isPublicService = false; + + /** + * + */ + public InterfederatedIDPPublicServiceFilter(String metadataURL, String oaType) { + Logger.debug("Add " + this.getClass().getName() + " to metadata policy"); + this.metadataURL = metadataURL; + + if (oaType.equals("businessService")) + this.isPublicService = false; + else + this.isPublicService = true; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws FilterException { + + boolean metadatacheck = ValidationHelper.isPublicServiceAllowed(this.metadataURL); + + if (isPublicService && isPublicService != metadatacheck) { + Logger.warn("Interfederated IDP " + metadataURL + " is configured " + + "as Public-Servic IDP but PublicService policy check FAILED."); + throw new FilterException("Interfederated IDP " + metadataURL + " is configured " + + "as Public-Servic IDP but PublicService policy check FAILED."); + + } + + Logger.info("Metadata PublicService policy check done OK"); + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java new file mode 100644 index 000000000..4e1d939ff --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataFilterChain.java @@ -0,0 +1,82 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; + +import java.security.cert.CertificateException; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.metadata.provider.FilterException; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.xml.XMLObject; + +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class MetadataFilterChain implements MetadataFilter { + + private List<MetadataFilter> filters = new ArrayList<MetadataFilter>(); + + /** + * @throws CertificateException + * + */ + public MetadataFilterChain(String url, byte[] certificate) throws CertificateException { + addDefaultFilters(url, certificate); + } + + public void addDefaultFilters(String url, byte[] certificate) throws CertificateException { + filters.add(new MetadataSignatureFilter(url, certificate)); + + } + + /** + * @return the filter + */ + public List<MetadataFilter> getFilters() { + return filters; + } + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataFilter#doFilter(org.opensaml.xml.XMLObject) + */ + @Override + public void doFilter(XMLObject arg0) throws FilterException { + for (MetadataFilter filter : filters) { + Logger.trace("Use MOAMetadatafilter " + filter.getClass().getName()); + filter.doFilter(arg0); + } + + } + + + + + + + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java index ed0cf9c62..0405fa114 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/MetadataSignatureFilter.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.protocols.pvp2x.verification; +package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; import iaik.x509.X509Certificate; @@ -39,6 +39,7 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.EntityVerifier; import at.gv.egovernment.moa.logging.Logger; public class MetadataSignatureFilter implements MetadataFilter { @@ -151,9 +152,9 @@ public class MetadataSignatureFilter implements MetadataFilter { ConfigurationDBUtils.closeSession(); - Logger.info("Metadata Filter done OK"); + Logger.info("Metadata signature policy check done OK"); } catch (MOAIDException e) { - e.printStackTrace(); + Logger.warn("Metadata signature policy check FAILED.", e); throw new FilterException(e); } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index c337433b6..67f780b3a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -27,30 +27,26 @@ import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.URLEncoder; public class GetArtifactAction implements IAction { - public String processRequest(IRequest req, HttpServletRequest httpReq, - HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, + HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { String oaURL = (String) req.getOAURL(); - String target = (String) req.getTarget(); String sourceID = null; if (req instanceof SAML1RequestImpl) { @@ -59,42 +55,32 @@ public class GetArtifactAction implements IAction { } - try { - - - if (oaURL == null) { - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - } + SAML1AuthenticationData authData; + if (obj instanceof SAML1AuthenticationData) { + authData = (SAML1AuthenticationData) obj; - // check parameter - if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", - PARAM_OA, "auth.12"); - - // TODO: Support Mandate MODE! + } else { + Logger.error("AuthDate is NOT of type SAML1AuthenticationData."); + throw new AuthenticationException("AuthDate is NOT of type SAML1AuthenticationData.", new Object[]{}); + } + + try { OAAuthParameter oaParam = AuthConfigurationProvider.getInstance() - .getOnlineApplicationParameter(oaURL); - - SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); - - AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session, - oaParam, - target); + .getOnlineApplicationParameter(oaURL); + SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace(); + // add other stork attributes to MOA assertion if available - if(null != session.getStorkAttributes()) { - List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(session.getStorkAttributes()); - session.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes); - //produce MOA-Assertion and artifact - AuthenticationServer.getInstance().getForeignAuthenticationData(session); + if(null != authData.getStorkAttributes()) { + List<ExtendedSAMLAttribute> moaExtendedSAMLAttibutes = STORKResponseProcessor.addAdditionalSTORKAttributes(authData.getStorkAttributes()); + authData.getExtendedSAMLAttributesOA().addAll(moaExtendedSAMLAttibutes); Logger.info("MOA assertion assembled and SAML Artifact generated."); } - String samlArtifactBase64 = saml1server.BuildSAMLArtifact(session, oaParam, authData, sourceID); + String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); - if (AuthenticationSessionStoreage.isSSOSession(session.getSessionID())) { - String url = "RedirectServlet"; + if (authData.isSsoSession()) { + String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (!oaParam.getBusinessService()) url = addURLParameter(url, PARAM_TARGET, URLEncoder.encode(oaParam.getTarget(), "UTF-8")); @@ -122,7 +108,10 @@ public class GetArtifactAction implements IAction { Logger.debug("REDIRECT TO: " + redirectURL); } - return authData.getAssertionID(); + SLOInformationInterface sloInformation = + new SLOInformationImpl(authData.getAssertionID(), null, null, req.requestedModule()); + + return sloInformation; } catch (Exception ex) { Logger.error("SAML1 Assertion build error", ex); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 0f5e9ee68..2b4aaf458 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -56,7 +56,7 @@ import org.w3c.dom.NodeList; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; -import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.Constants; @@ -138,12 +138,9 @@ public class GetAuthenticationDataService implements Constants { try { - AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact); + samlAssertion = saml1server.getSaml1AuthenticationData(samlArtifact); -// useUTC = authData.getUseUTC(); - // success - samlAssertion = authData.getSamlAssertion(); statusCode = "samlp:Success"; statusMessageCode = "1200"; } @@ -153,18 +150,18 @@ public class GetAuthenticationDataService implements Constants { try { Throwable error = saml1server.getErrorResponse(samlArtifact); statusCode = "samlp:Responder"; - subStatusCode = "samlp:RequestDenied"; + + ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); if (error instanceof MOAIDException) { - statusMessageCode = ((MOAIDException)error).getMessageId(); + statusMessageCode = ((MOAIDException)error).getMessageId(); statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); } else { - statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); - } - - - + statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); + } + subStatusCode = errorUtils.getResponseErrorCode(error); + } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java new file mode 100644 index 000000000..d48c0a9bb --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -0,0 +1,177 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.protocols.saml1; + +import java.text.ParseException; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DateTimeUtils; + +/** + * Encapsulates authentication data contained in a <code><saml:Assertion></code>. + * + * @author Paul Ivancsics + * @version $Id$ + */ + +public class SAML1AuthenticationData extends AuthenticationData { + /** + * + */ + private static final long serialVersionUID = -1042697056735596866L; +/** + * major version number of the SAML assertion + */ + private int majorVersion; + /** + * minor version number of the SAML assertion + */ + private int minorVersion; + /** + * identifier for this assertion + */ + private String assertionID; +/** + * @return the majorVersion + */ + + private String samlAssertion = null; + + private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA; + + + public SAML1AuthenticationData() { + this.setMajorVersion(1); + this.setMinorVersion(0); + this.setAssertionID(Random.nextRandom()); + } + + + //this method is only required for MOA-ID Proxy 2.0 Release. + //TODO: remove it, if MOA-ID Proxy is not supported anymore. + public String getWBPK() { + return getBPK(); + } + +public int getMajorVersion() { + return majorVersion; +} +/** + * @param majorVersion the majorVersion to set + */ +public void setMajorVersion(int majorVersion) { + this.majorVersion = majorVersion; +} +/** + * @return the minorVersion + */ +public int getMinorVersion() { + return minorVersion; +} +/** + * @param minorVersion the minorVersion to set + */ +public void setMinorVersion(int minorVersion) { + this.minorVersion = minorVersion; +} +/** + * @return the assertionID + */ +public String getAssertionID() { + return assertionID; +} +/** + * @param assertionID the assertionID to set + */ +public void setAssertionID(String assertionID) { + this.assertionID = assertionID; +} + +public void setIssueInstant(String date) { + try { + setIssueInstant(DateTimeUtils.parseDateTime(date)); + + } catch (ParseException e) { + Logger.error("Parse IssueInstant element FAILED.", e); + + } +} + +/** + * @return the samlAssertion + */ +public String getSamlAssertion() { + return samlAssertion; +} + +/** + * @param samlAssertion the samlAssertion to set + */ +public void setSamlAssertion(String samlAssertion) { + this.samlAssertion = samlAssertion; +} + +/** + * @return the extendedSAMLAttributesOA + */ +public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() { + return extendedSAMLAttributesOA; +} + +/** + * @param extendedSAMLAttributesOA the extendedSAMLAttributesOA to set + */ +public void setExtendedSAMLAttributesOA( + List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) { + this.extendedSAMLAttributesOA = extendedSAMLAttributesOA; +} + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index 6391860ff..52b9b40ab 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -23,7 +23,6 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.io.IOException; -import java.util.Date; import java.util.List; import javax.xml.parsers.ParserConfigurationException; @@ -116,7 +115,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * * @return <code>AuthenticationData</code> */ - public AuthenticationData getSaml1AuthenticationData(String samlArtifact) + public String getSaml1AuthenticationData(String samlArtifact) throws AuthenticationException { try { new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); @@ -125,13 +124,13 @@ public class SAML1AuthenticationServer extends AuthenticationServer { throw new AuthenticationException("1205", new Object[] { samlArtifact, ex.toString() }); } - AuthenticationData authData = null; + String authData = null; synchronized (authenticationDataStore) { // System.out.println("assertionHandle: " + assertionHandle); try { authData = authenticationDataStore - .get(samlArtifact, AuthenticationData.class); + .get(samlArtifact, String.class, authDataTimeOut); } catch (MOADatabaseException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -140,12 +139,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } authenticationDataStore.remove(samlArtifact); - - long now = new Date().getTime(); - - if (now - authData.getTimestamp().getTime() > authDataTimeOut) - throw new AuthenticationException("1207", new Object[] { samlArtifact }); - + Logger.debug("Assertion delivered for SAML Artifact: " + samlArtifact); return authData; @@ -163,9 +157,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer { return samlArtifact; } - public String BuildSAMLArtifact(AuthenticationSession session, - OAAuthParameter oaParam, - AuthenticationData authData, String sourceID) + public String BuildSAMLArtifact(OAAuthParameter oaParam, + SAML1AuthenticationData authData, String sourceID) throws ConfigurationException, BuildException, AuthenticationException { //Load SAML1 Parameter from OA config @@ -179,7 +172,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //set BASE64 encoded signer certificate String signerCertificateBase64 = ""; if (saml1parameter.isProvideCertificate()) { - byte[] signerCertificate = session.getEncodedSignerCertificate(); + byte[] signerCertificate = authData.getSignerCertificate(); if (signerCertificate != null) { signerCertificateBase64 = Base64Utils @@ -195,41 +188,31 @@ public class SAML1AuthenticationServer extends AuthenticationServer { provideStammzahl); //set Authblock - String authBlock = saml1parameter.isProvideAUTHBlock() ? session + String authBlock = saml1parameter.isProvideAUTHBlock() ? authData .getAuthBlock() : ""; //set IdentityLink for assortion String ilAssertion = ""; if (saml1parameter.isProvideIdentityLink()) { - if (oaParam.getBusinessService()) { - //IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - -// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink() -// .getSamlAssertion()); -// -// ilAssertion = DOMUtils.serializeNode(resignedilAssertion); + ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - } else { - ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion(); - - if (!saml1parameter.isProvideStammzahl()) - ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() - .getIdentificationValue(), ""); - - } + if (!saml1parameter.isProvideStammzahl()) + ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink() + .getIdentificationValue(), ""); } + String samlAssertion; - if (session.getUseMandate()) { - List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA(); + if (authData.isUseMandate()) { + List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); if (saml1parameter.isProvideFullMandatorData()) { try { ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes( - session.getMISMandate(), oaParam.getBusinessService(), + authData.getMISMandate(), oaParam.getBusinessService(), saml1parameter.isProvideStammzahl()); if (extendedSAMLAttributes != null) { @@ -293,7 +276,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } } - String mandateDate = generateMandateDate(session, oaParam, authData); + String mandateDate = generateMandateDate(oaParam, authData); samlAssertion = new AuthenticationDataAssertionBuilder().buildMandate( authData, @@ -301,7 +284,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { mandateDate, authBlock, ilAssertion, - session.getBkuURL(), + authData.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), oaAttributes, @@ -314,24 +297,23 @@ public class SAML1AuthenticationServer extends AuthenticationServer { prPerson, authBlock, ilAssertion, - session.getBkuURL(), + authData.getBkuURL(), signerCertificateBase64, oaParam.getBusinessService(), - session.getExtendedSAMLAttributesOA(), + authData.getExtendedSAMLAttributesOA(), useCondition, conditionLength); } - authData.setSamlAssertion(samlAssertion); + //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - session.getAuthURL(), Random.nextRandom(), + authData.getIssuer(), Random.nextRandom(), sourceID); - storeAuthenticationData(samlArtifact, authData); + storeAuthenticationData(samlArtifact, samlAssertion); - Logger.info("Anmeldedaten zu MOASession " + session.getSessionID() - + " angelegt, SAML Artifakt " + samlArtifact); + Logger.info("Anmeldedaten angelegt, SAML Artifakt " + samlArtifact); return samlArtifact; } catch (Throwable ex) { @@ -341,21 +323,20 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(AuthenticationSession session, - OAAuthParameter oaParam, AuthenticationData authData + private String generateMandateDate(OAAuthParameter oaParam, AuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { - if (session == null) + if (authData == null) throw new AuthenticationException("auth.10", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID }); IdentityLink tempIdentityLink = null; - Element mandate = session.getMandate(); + Element mandate = authData.getMandate(); - if (session.getUseMandate()) { + if (authData.isUseMandate()) { tempIdentityLink = new IdentityLink(); Element mandator = ParepUtils.extractMandator(mandate); String dateOfBirth = ""; @@ -432,7 +413,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { String oatargetType; if(oaParam.getBusinessService()) { - oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+session.getDomainIdentifier(); + if (oaParam.getIdentityLinkDomainIdentifier().startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_)) + oatargetType = oaParam.getIdentityLinkDomainIdentifier(); + else + oatargetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_+oaParam.getIdentityLinkDomainIdentifier(); } else { oatargetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget(); @@ -509,7 +493,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { * when SAML artifact is invalid */ private void storeAuthenticationData(String samlArtifact, - AuthenticationData authData) throws AuthenticationException { + String samlAssertion) throws AuthenticationException { try { SAMLArtifactParser parser = new SAMLArtifactParser(samlArtifact); @@ -523,7 +507,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { synchronized (authenticationDataStore) { Logger.debug("Assertion stored for SAML Artifact: " + samlArtifact); - authenticationDataStore.put(samlArtifact, authData); + authenticationDataStore.put(samlArtifact, samlAssertion); } } catch (AuthenticationException ex) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index b6a2ac0b6..dafcb9987 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -23,12 +23,15 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.util.HashMap; +import java.util.List; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; +import edu.emory.mathcs.backport.java.util.Arrays; + import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; @@ -41,7 +44,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IModulInfo; import at.gv.egovernment.moa.id.moduls.IRequest; -import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,8 +57,23 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { public static final String GETARTIFACT = "GetArtifact"; - private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + @SuppressWarnings("unchecked") + public static final List<String> DEFAULTREQUESTEDATTRFORINTERFEDERATION = Arrays.asList( + new String[] { + PVPConstants.BPK_NAME, + PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, + PVPConstants.GIVEN_NAME_NAME, + PVPConstants.PRINCIPAL_NAME_NAME, + PVPConstants.BIRTHDATE_NAME, + PVPConstants.EID_CCS_URL_NAME, + PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, + PVPConstants.EID_IDENTITY_LINK_NAME, + PVPConstants.EID_SOURCE_PIN_NAME, + PVPConstants.EID_SOURCE_PIN_TYPE_NAME + }); + private static HashMap<String, IAction> actions = new HashMap<String, IAction>(); + static { actions.put(GETARTIFACT, new GetArtifactAction()); @@ -139,12 +157,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { new Object[] { oaURL }); } - config.setSourceID(sourceID); - + config.setSourceID(sourceID); config.setTarget(oaParam.getTarget()); - -// request.getSession().setAttribute(PARAM_OA, oaURL); -// request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget()); + return config; } @@ -157,7 +172,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants { String samlArtifactBase64 = saml1authentication.BuildErrorAssertion(e, protocolRequest); - String url = "RedirectServlet"; + String url = AuthConfigurationProvider.getInstance().getPublicURLPrefix() + "/RedirectServlet"; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 72adfe0e7..9bf88534f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -22,7 +22,19 @@ */ package at.gv.egovernment.moa.id.protocols.saml1; +import java.util.ArrayList; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1; +import at.gv.egovernment.moa.id.config.ConfigurationException; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; +import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz @@ -48,4 +60,37 @@ public class SAML1RequestImpl extends RequestImpl { this.sourceID = sourceID; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + + List<String> reqAttr = new ArrayList<String>(); + reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); + + try { + OAAuthParameter oa = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(getOAURL()); + OASAML1 saml1 = oa.getSAML1Parameter(); + if (saml1 != null) { + if (saml1.isProvideAUTHBlock()) + reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); + + if (saml1.isProvideCertificate()) + reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); + + if (saml1.isProvideFullMandatorData()) + reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); + } + + return AttributQueryBuilder.buildSAML2AttributeList(oa, reqAttr.iterator()); + + } catch (ConfigurationException e) { + Logger.error("Load configuration for OA " + getOAURL() + " FAILED", e); + return null; + } + + + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java index 2f6dfe555..307715324 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeCollector.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.io.StringWriter; import java.util.ArrayList; import java.util.List; @@ -13,17 +12,17 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; -import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.*; import eu.stork.peps.auth.engine.STORKSAMLEngine; import eu.stork.peps.exceptions.STORKSAMLEngineException; -import org.apache.velocity.Template; -import org.apache.velocity.VelocityContext; -import org.apache.velocity.app.VelocityEngine; + import org.opensaml.common.impl.SecureRandomIdentifierGenerator; import javax.servlet.http.HttpServletRequest; @@ -47,7 +46,7 @@ public class AttributeCollector implements IAction { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { // - fetch the container String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); @@ -108,7 +107,7 @@ public class AttributeCollector implements IAction { // read configuration parameters of OA OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(container.getRequest().getAssertionConsumerServiceURL()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + throw new AuthenticationException("stork.12", new Object[]{container.getRequest().getAssertionConsumerServiceURL()}); // find the attribute provider plugin that can handle the response IPersonalAttributeList newAttributes = null; @@ -134,7 +133,14 @@ public class AttributeCollector implements IAction { addOrUpdateAll(container.getResponse().getPersonalAttributeList(), newAttributes); // see if we need some more attributes - return processRequest(container, httpReq, httpResp, moasession, oaParam); + SLOInformationImpl sloInfo = (SLOInformationImpl) processRequest(container, httpReq, httpResp, authData, oaParam); + + if (sloInfo == null) { + sloInfo = new SLOInformationImpl(null, null, null, req.requestedModule()); + } + + return sloInfo; + } /** @@ -145,7 +151,7 @@ public class AttributeCollector implements IAction { * @return the string * @throws MOAIDException */ - public String processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, AuthenticationSession moasession, OAAuthParameter oaParam) throws MOAIDException { + public SLOInformationInterface processRequest(DataContainer container, HttpServletRequest request, HttpServletResponse response, IAuthData authData, OAAuthParameter oaParam) throws MOAIDException { // check if there are attributes we need to fetch IPersonalAttributeList requestAttributeList = container.getRequest().getPersonalAttributeList(); @@ -193,7 +199,7 @@ public class AttributeCollector implements IAction { //aquiredAttributes = currentProvider.acquire(currentAttribute, container.getRequest().getSpCountry(), moasession); //aquiredAttributes = currentProvider.acquire(missingAttributes, container.getRequest().getSpCountry(), moasession); - aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), moasession); + aquiredAttributes = currentProvider.acquire(currentProviderConfiguredAttributes, container.getRequest().getSpCountry(), authData); Logger.info(currentProvider.getClass().getSimpleName() + " can handle attribute '" + currentAttribute.getName() + "'"); break; @@ -222,7 +228,7 @@ public class AttributeCollector implements IAction { else new ConsentEvaluator().generateSTORKResponse(response, container); - return "12345"; // AssertionId + return null; // AssertionId // TODO } catch (ExternalAttributeRequestRequiredException e) { @@ -250,7 +256,8 @@ public class AttributeCollector implements IAction { throw new MOAIDException("stork.11", null); } - return "12345"; // TODO what to do here? + //TODO: in case of Single LogOut -> SLO information has to be stored + return null; // TODO what to do here? } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java index d7a4bfcc2..7647c8e89 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AttributeProvider.java @@ -6,6 +6,7 @@ import javax.servlet.http.HttpServletResponse; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -25,15 +26,15 @@ public interface AttributeProvider { * * @param attributes the list of attributes to be acquired * @param spCountyCode the sp county code - * @param moasession the moasession + * @param authData the moasession * @return the personal attribute * @throws UnsupportedAttributeException the unsupported attribute exception * @throws ExternalAttributeRequestRequiredException an attribute request to an external service has to be done * @throws MOAIDException the mOAID exception */ - public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + public IPersonalAttributeList acquire(PersonalAttribute attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; - public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; + public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException; /** * Perform redirect. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java index 51ec1fff3..0312f776b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java @@ -5,7 +5,11 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationImpl; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -41,13 +45,13 @@ public class AuthenticationRequest implements IAction { private VelocityEngine velocityEngine; - private AuthenticationSession moaSession = null; + private IAuthData authData = null; private MOASTORKRequest moaStorkRequest = null; - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - this.moaSession = moasession; + this.authData = authData; if ((req instanceof MOASTORKRequest) && ((MOASTORKRequest) req).getStorkAuthnRequest().getCitizenCountryCode().equals("AT")) { @@ -56,9 +60,10 @@ public class AuthenticationRequest implements IAction { Logger.debug("Entering MOASTORKRequest"); httpResp.reset(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + //TODO: CHECK: req.getOAURL() should return the unique OA identifier + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); @@ -84,7 +89,7 @@ public class AuthenticationRequest implements IAction { // } // Get personal attributtes from MOA/IdentityLink - moaStorkResponse.setPersonalAttributeList(populateAttributes()); + moaStorkResponse.setPersonalAttributeList(populateAttributes(oaParam)); } //moaStorkResponse.setCountry(moaStorkRequest.getSpCountry()); @@ -105,7 +110,7 @@ public class AuthenticationRequest implements IAction { Logger.debug("Data container prepared"); - return (new AttributeCollector()).processRequest(container, httpReq, httpResp, moasession, oaParam); + return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam); } // check if we are getting request for citizen of some other country else if (req instanceof MOASTORKRequest) { @@ -125,7 +130,7 @@ public class AuthenticationRequest implements IAction { /* Handles STORKAuthnRequeste received for citizens of other countries */ - private String handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { + private SLOInformationInterface handleMOAStorkRequest(String instanceName, MOASTORKRequest moastorkRequest, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { STORKAuthnRequest spAuthnRequest = moastorkRequest.getStorkAuthnRequest(); STORKAuthnRequest storkAuthnRequest = null; @@ -140,7 +145,7 @@ public class AuthenticationRequest implements IAction { throw new MOAIDException("stork.05", null); // TODO } - + //TODO: in case of Single LogOut -> SLO information has to be stored // check if citizen country is configured in the system if (!(AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode))) { Logger.error("Citizen country PEPS not configured in MOA instance: " + citizenCountryCode); @@ -205,15 +210,18 @@ public class AuthenticationRequest implements IAction { e.printStackTrace(); } - // preparing redirection for the client + // preparing redirection for the client performRedirection("SAMLRequest", destinationURL, storkAuthnRequest.getTokenSaml(), httpResp); - return "xxxx";// TODO + + SLOInformationImpl sloInfo = new SLOInformationImpl(); + sloInfo.setProtocolType(moastorkRequest.requestedModule()); + return sloInfo; } /* Handles STORKAuthnResponse received from PEPS (return to SP) */ - private String handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { + private SLOInformationInterface handleMOAStorkResponse(String instanceName, MOASTORKResponse moastorkResponse, String remoteAddr, HttpServletResponse httpResp) throws MOAIDException { STORKAuthnResponse authnResponse = null; @@ -257,7 +265,8 @@ public class AuthenticationRequest implements IAction { // preparing redirection for the client performRedirection("SAMLResponse", dataContainer.getRequest().getAssertionConsumerServiceURL(), authnResponse.getTokenSaml(), httpResp); - return "yyyyy"; // TODO + + return null; } /* @@ -392,16 +401,16 @@ public class AuthenticationRequest implements IAction { // does nothing - public void mandate(AuthenticationSession moasession) { + public void mandate(IAuthData authData) { - if (moasession.getUseMandate()) { + if (authData.isUseMandate()) { try { - MISMandate mandate = moasession.getMISMandate(); + MISMandate mandate = authData.getMISMandate(); String owbpk = mandate.getOWbPK(); byte[] mand = mandate.getMandate(); String profprep = mandate.getProfRep(); //String textdesc = mandate.getTextualDescriptionOfOID(); - Element mndt = moasession.getMandate(); + Element mndt = authData.getMandate(); iterate(mndt.getAttributes()); Logger.debug("mandate encoded: " + new String(org.bouncycastle.util.encoders.Base64.encode(mand))); @@ -413,14 +422,14 @@ public class AuthenticationRequest implements IAction { } - public PersonalAttributeList populateAttributes() { + public PersonalAttributeList populateAttributes(IOAAuthParameters oaParam) { IPersonalAttributeList attrLst = moaStorkRequest.getStorkAuthnRequest().getPersonalAttributeList(); Logger.info("Found " + attrLst.size() + " personal attributes in the request."); // Define attribute list to be populated PersonalAttributeList attributeList = new PersonalAttributeList(); - MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(moaSession.getIdentityLink(), moaStorkRequest); + MOAAttributeProvider moaAttributeProvider = new MOAAttributeProvider(authData.getIdentityLink(), moaStorkRequest); try { for (PersonalAttribute personalAttribute : attrLst) { @@ -431,10 +440,8 @@ public class AuthenticationRequest implements IAction { Logger.error("Exception, attributes: " + e.getMessage()); } - Logger.debug("AUTHBLOCK " + moaSession.getAuthBlock()); - Logger.debug("TARGET " + moaSession.getTarget() + " " + moaSession.getTargetFriendlyName()); - Logger.debug("SESSION IDENTIFIER " + moaSession.getCcc() + " " + moaSession.getDomainIdentifier()); - Logger.debug("AUTHBLOCKTOKKEN" + moaSession.getAuthBlockTokken()); + Logger.debug("AUTHBLOCK " + authData.getAuthBlock()); + Logger.debug("SESSION IDENTIFIER " + authData.getCcc() + " " + oaParam.getIdentityLinkDomainIdentifier()); return attributeList; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java index 9a3376e4c..d827e73cf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java @@ -7,7 +7,9 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.moduls.IRequest; import at.gv.egovernment.moa.id.storage.AssertionStorage; @@ -40,7 +42,7 @@ public class ConsentEvaluator implements IAction { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.auth.data.AuthenticationSession) */ - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { // - fetch the container String artifactId = (String) httpReq.getParameter(ARTIFACT_ID); @@ -64,7 +66,7 @@ public class ConsentEvaluator implements IAction { // build and send response generateSTORKResponse(httpResp, container); - return "12345"; // AssertionId + return null; // AssertionId } /** @@ -76,7 +78,7 @@ public class ConsentEvaluator implements IAction { * @return the string * @throws MOAIDException the mOAID exception */ - public String requestConsent(DataContainer container, HttpServletResponse response, OAAuthParameter oaParam) throws MOAIDException { + public String requestConsent(DataContainer container, HttpServletResponse response, IOAAuthParameters oaParam) throws MOAIDException { // prepare redirect String newArtifactId; try { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java index c132d5640..2c4793f8f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/EHvdAttributeProviderPlugin.java @@ -19,6 +19,7 @@ import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttribute; @@ -51,7 +52,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(eu.stork.peps.auth.commons.PersonalAttribute) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { @@ -94,7 +95,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { requestBodyElem.addAttribute(envelope.createName("xmlns"), "http://gesundheit.gv.at/BAGDAD/DataAccessService"); SOAPElement requestBodyElem1 = requestBodyElem.addChildElement("bPK"); - requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(moasession.getIdentityLink().getIdentificationValue(), "GH")); + + //TODO: CHECK: IdentificationValue containts wbPK if MOA-ID is used as VIDP + requestBodyElem1.addTextNode(new BPKBuilder().buildBPK(authData.getIdentificationValue(), "GH")); requestMessage.saveChanges(); @@ -190,7 +193,7 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { // add stork id for verification ArrayList<String> value = new ArrayList<String>(); - value.add(new BPKBuilder().buildStorkeIdentifier(moasession.getIdentityLink(), spCountryCode)); + value.add(new BPKBuilder().buildStorkeIdentifier(authData.getIdentityLink(), spCountryCode)); result.add(new PersonalAttribute("eIdentifier", false, value, "Available")); return result; @@ -200,9 +203,9 @@ public class EHvdAttributeProviderPlugin implements AttributeProvider { } @Override - public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { if (attributes.size() == 1) { - return acquire(attributes.get(0), spCountyCode, moasession); + return acquire(attributes.get(0), spCountyCode, authData); } else { throw new MOAIDException("stork.13", new Object[] { }); // TODO message only one attribute supported by this provider diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java index a5a91fa55..d7927a917 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKRequest.java @@ -1,8 +1,11 @@ package at.gv.egovernment.moa.id.protocols.stork2; -import java.io.Serializable; +import java.util.List; -import at.gv.egovernment.moa.id.moduls.IRequest; +import org.opensaml.saml2.core.Attribute; + +import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.STORKAttrQueryRequest; @@ -14,7 +17,7 @@ import eu.stork.peps.auth.commons.STORKAuthnResponse; * * @author bsuzic */ -public class MOASTORKRequest implements IRequest, Serializable { +public class MOASTORKRequest extends RequestImpl { /** The Constant serialVersionUID. */ private static final long serialVersionUID = 4581953368724501376L; @@ -22,15 +25,6 @@ public class MOASTORKRequest implements IRequest, Serializable { /** The request id. */ private String requestID; - /** The target. */ - private String target = null; - - /** The module. */ - String module = null; - - /** The action. */ - String action = null; - /** The stork authn request. */ private STORKAuthnRequest storkAuthnRequest; @@ -128,41 +122,6 @@ public class MOASTORKRequest implements IRequest, Serializable { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() - */ - public String requestedModule() { - return this.module; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedAction() - */ - public String requestedAction() { - return action; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setModule(java.lang.String) - */ - public void setModule(String module) { - this.module = module; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#setAction(java.lang.String) - */ - public void setAction(String action) { - this.action = action; - } - - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.IRequest#getTarget() - */ - public String getTarget() { - return this.target; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IRequest#setRequestID(java.lang.String) */ public void setRequestID(String id) { @@ -211,4 +170,31 @@ public class MOASTORKRequest implements IRequest, Serializable { else return this.storkAuthnRequest.getAssertionConsumerServiceURL(); } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getRequestedIDP() + */ + @Override + public String getRequestedIDP() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.IRequest#getInterfederationResponse() + */ + @Override + public MOAResponse getInterfederationResponse() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java index 7d9e20cd0..2cd0e1d57 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MOASTORKResponse.java @@ -1,6 +1,7 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; import eu.stork.peps.auth.commons.PersonalAttributeList; @@ -8,13 +9,16 @@ import eu.stork.peps.auth.commons.STORKAttrQueryResponse; import eu.stork.peps.auth.commons.STORKAuthnResponse; import java.io.Serializable; +import java.util.List; + +import org.opensaml.saml2.core.Attribute; /** * Implements MOA request and stores StorkAuthn/Attr-Request related data. * * @author bsuzic */ -public class MOASTORKResponse implements IRequest, Serializable { +public class MOASTORKResponse extends RequestImpl { /** * The Constant serialVersionUID. @@ -257,5 +261,14 @@ public class MOASTORKResponse implements IRequest, Serializable { this.action = action; } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() + */ + @Override + public List<Attribute> getRequestedAttributes() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java index d4f7066d0..edba7b754 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateAttributeRequestProvider.java @@ -4,6 +4,7 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; @@ -48,7 +49,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider { return "MandateAttributeRequestProvider"; } - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountryCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring attribute: " + attribute.getName() + ", by: " + getAttrProviderName()); this.spCountryCode = spCountryCode; requestedAttributes = new PersonalAttributeList(1); @@ -69,7 +70,7 @@ public class MandateAttributeRequestProvider implements AttributeProvider { } @Override - public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountryCode, AuthenticationSession moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { + public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, String spCountryCode, IAuthData moasession) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException, MOAIDException { Logger.info("Acquiring " + attributes.size() + " attributes, by: " + getAttrProviderName()); this.spCountryCode = spCountryCode; requestedAttributes = new PersonalAttributeList(attributes.size()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java index 9c7f45146..811d828e1 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.protocols.stork2; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.moduls.IAction; @@ -28,28 +30,26 @@ import javax.xml.namespace.QName; import java.io.StringWriter; import java.math.BigInteger; import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; /** * */ public class MandateRetrievalRequest implements IAction { - private AuthenticationSession moaSession; + private IAuthData authData; private MOASTORKRequest moaStorkRequest; - public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException { + public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { Logger.debug("Entering AttributeRequest for MandateProvider"); httpResp.reset(); - OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix()); + OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL()); if (oaParam == null) - throw new AuthenticationException("stork.12", new Object[]{moasession.getPublicOAURLPrefix()}); + throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()}); MOASTORKResponse moaStorkResponse = new MOASTORKResponse(); STORKAttrQueryResponse attrResponse = new STORKAttrQueryResponse(); - this.moaSession = moasession; + this.authData = authData; if ((req instanceof MOASTORKRequest)) { this.moaStorkRequest = (MOASTORKRequest) req; @@ -63,10 +63,10 @@ public class MandateRetrievalRequest implements IAction { MandateContainer mandateContainer = null; try { - mandateContainer = new CorporateBodyMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8")); + mandateContainer = new CorporateBodyMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); } catch (Exception ex) { try { - mandateContainer = new PhyPersonMandateContainer(new String(moaSession.getMISMandate().getMandate(), "UTF-8")); + mandateContainer = new PhyPersonMandateContainer(new String(authData.getMISMandate().getMandate(), "UTF-8")); } catch (Exception ex2) { Logger.error("Could not extract data and create mandate container."); throw new MOAIDException("stork.16", new Object[] {}); // TODO @@ -285,6 +285,4 @@ public class MandateRetrievalRequest implements IAction { public String getDefaultActionName() { return STORKProtocol.MANDATERETRIEVALREQUEST; } - - } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java index e93a7ec87..ed9c45126 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/STORKProtocol.java @@ -147,6 +147,7 @@ public class STORKProtocol implements IModulInfo, MOAIDAuthConstants { STORK2Request.setSTORKAuthnRequest(authnRequest); STORK2Request.setSTORKAttrRequest(attrRequest); + return STORK2Request; } else { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java index 89eb07815..553063ae8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/SignedDocAttributeRequestProvider.java @@ -16,6 +16,7 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; import eu.stork.peps.auth.commons.IPersonalAttributeList; @@ -56,7 +57,7 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { * at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java * .lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) throws UnsupportedAttributeException, + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if(!attributes.contains(attribute.getName())) { throw new UnsupportedAttributeException(); @@ -126,4 +127,24 @@ public class SignedDocAttributeRequestProvider implements AttributeProvider { } } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, + String spCountyCode, IAuthData authData) + throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException, MOAIDException { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames() + */ + @Override + public List<String> getSupportedAttributeNames() throws MOAIDException { + // TODO Auto-generated method stub + return null; + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java index c0e613b82..3a73dafae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/StorkAttributeRequestProvider.java @@ -1,6 +1,8 @@ package at.gv.egovernment.moa.id.protocols.stork2; import java.io.StringWriter; +import java.util.List; + import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; @@ -11,6 +13,7 @@ import org.apache.velocity.app.VelocityEngine; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.MOAIDException; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; +import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.id.util.VelocityProvider; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +58,7 @@ public class StorkAttributeRequestProvider implements AttributeProvider { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.lang.String) */ - public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, AuthenticationSession moasession) + public IPersonalAttributeList acquire(PersonalAttribute attribute, String spCountyCode, IAuthData authData) throws UnsupportedAttributeException, ExternalAttributeRequestRequiredException { if (!attributes.contains(attribute.getName())) @@ -158,5 +161,26 @@ public class StorkAttributeRequestProvider implements AttributeProvider { Logger.info("STORK AttrRequest successfully rendered!"); } + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#acquire(java.util.List, java.lang.String, at.gv.egovernment.moa.id.data.IAuthData) + */ + @Override + public IPersonalAttributeList acquire(List<PersonalAttribute> attributes, + String spCountyCode, IAuthData authData) + throws UnsupportedAttributeException, + ExternalAttributeRequestRequiredException, MOAIDException { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.stork2.AttributeProvider#getSupportedAttributeNames() + */ + @Override + public List<String> getSupportedAttributeNames() throws MOAIDException { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java index 34add9895..f094dfabf 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java @@ -54,6 +54,7 @@ import java.util.Map; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.URLEncoder; @@ -78,7 +79,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { */ public Map getAuthenticationHeaders( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) { @@ -116,7 +117,7 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { */ public Map getAuthenticationParameters( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) { @@ -149,13 +150,13 @@ public class DefaultLoginParameterResolver implements LoginParameterResolver { * @param clientIPAddress client IP address * @return header or parameter value resolved; <code>null</code> if unknown name is given */ - private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) { + private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) { if (predicate.equals(MOAGivenName)) return authData.getGivenName(); if (predicate.equals(MOAFamilyName)) return authData.getFamilyName(); if (predicate.equals(MOADateOfBirth)) - return authData.getDateOfBirth(); + return authData.getFormatedDateOfBirth(); if (predicate.equals(MOABPK)) return authData.getBPK(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java index cd751b7ee..d432f8c41 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java @@ -50,6 +50,7 @@ import java.util.Map; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; /** * Determines authentication parameters and headers to be added to a {@link java.net.URLConnection} @@ -102,7 +103,7 @@ public interface LoginParameterResolver { */ public Map getAuthenticationHeaders( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; @@ -122,7 +123,7 @@ public interface LoginParameterResolver { */ public Map getAuthenticationParameters( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java index 9f3de08aa..a5c632077 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java @@ -77,6 +77,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -373,7 +374,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes */ public Map getAuthenticationHeaders( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { @@ -447,7 +448,7 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes */ public Map getAuthenticationParameters( OAConfiguration oaConf, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws LoginParameterResolverException, NotAllowedException { @@ -511,14 +512,14 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes */ private static String resolveValue( String predicate, - AuthenticationData authData, + SAML1AuthenticationData authData, String clientIPAddress) { if (predicate.equals("MOAGivenName")) return authData.getGivenName(); if (predicate.equals("MOAFamilyName")) return authData.getFamilyName(); if (predicate.equals("MOADateOfBirth")) - return authData.getDateOfBirth(); + return authData.getFormatedDateOfBirth(); if (predicate.equals("MOABPK")) return authData.getBPK(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java index 2760a736b..740421024 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java @@ -48,10 +48,12 @@ package at.gv.egovernment.moa.id.proxy; import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import java.io.IOException; import java.util.*; + import org.apache.xerces.parsers.DOMParser; import org.w3c.dom.*; @@ -196,7 +198,7 @@ public class XMLLoginParameterResolverPlainData } //TODO document - public Map getAuthenticationHeaders(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException + public Map getAuthenticationHeaders(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) throws NotAllowedException { Map result = new HashMap(); if(oaConf.getAuthType().equals("basic")) @@ -318,7 +320,7 @@ public class XMLLoginParameterResolverPlainData return result; } - public Map getAuthenticationParameters(OAConfiguration oaConf, AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) + public Map getAuthenticationParameters(OAConfiguration oaConf, SAML1AuthenticationData authData, String clientIPAddress, boolean businessService, String publicURLPrefix) { Map result = new HashMap(); if(oaConf.getAuthType().equals("param")) @@ -336,14 +338,14 @@ public class XMLLoginParameterResolverPlainData return result; } - private static String resolveValue(String predicate, AuthenticationData authData, String clientIPAddress) + private static String resolveValue(String predicate, SAML1AuthenticationData authData, String clientIPAddress) { if(predicate.equals(MOAGivenName)) return authData.getGivenName(); if(predicate.equals(MOAFamilyName)) return authData.getFamilyName(); if(predicate.equals(MOADateOfBirth)) - return authData.getDateOfBirth(); + return authData.getFormatedDateOfBirth(); if(predicate.equals(MOABPK)) return authData.getBPK(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java index 0ef2077a3..26da33e34 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java @@ -68,6 +68,7 @@ import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.id.proxy.servlet.ProxyException; @@ -107,7 +108,7 @@ public class GetAuthenticationDataInvoker { * @return AuthenticationData * @throws MOAIDException */ - public AuthenticationData getAuthenticationData(String samlArtifact) + public SAML1AuthenticationData getAuthenticationData(String samlArtifact) throws MOAIDException { ConnectionParameter authConnParam = diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java index 35f72d36d..ebda8dae0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java @@ -50,6 +50,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -147,11 +148,11 @@ public class AuthenticationDataAssertionParser implements Constants { * @return <code>AuthenticationData</code> object * @throws ParseException on any error */ - public AuthenticationData parseAuthenticationData() + public SAML1AuthenticationData parseAuthenticationData() throws ParseException { try { - AuthenticationData authData = new AuthenticationData(); + SAML1AuthenticationData authData = new SAML1AuthenticationData(); //ÄNDERN: NUR der Identification-Teil authData.setSamlAssertion(DOMUtils.serializeNode(samlAssertion)); authData.setMajorVersion(new Integer( diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java index 9835c554d..cec8dbe6c 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java @@ -51,6 +51,7 @@ import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.XPathUtils; @@ -130,7 +131,7 @@ public class SAMLResponseParser implements Constants { * @return <code>AuthenticationData</code> object * @throws ParseException on any parsing error */ - public AuthenticationData parseAuthenticationData() + public SAML1AuthenticationData parseAuthenticationData() throws ParseException { Element samlAssertion; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java index 52f72f577..9447f2e35 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java @@ -84,6 +84,7 @@ import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.proxy.ConnectionBuilder; import at.gv.egovernment.moa.id.proxy.ConnectionBuilderFactory; import at.gv.egovernment.moa.id.proxy.LoginParameterResolver; @@ -232,7 +233,7 @@ public class ProxyServlet extends HttpServlet { // boolean targetprovided = req.getParameter(PARAM_TARGET) != null; // get authentication data from the MOA-ID Auth component - AuthenticationData authData; + SAML1AuthenticationData authData; try { authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java index 6d8979da3..890ec9f0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java @@ -31,9 +31,11 @@ import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -82,10 +84,41 @@ public class AssertionStorage { } - public <T> T get(String artifact, final Class<T> clazz) throws MOADatabaseException { + + /** + * @param samlArtifact + * @param class1 + * @param authdatatimeout + * @return + * @throws MOADatabaseException + * @throws AuthenticationException + */ + public <T> T get(String samlArtifact, + final Class<T> clazz) throws MOADatabaseException { + + try { + return get(samlArtifact, clazz, -1); + + } catch (AuthenticationException e) { + //this execption only occurs if an additional timeOut is used + Logger.error("This exeption should not occur!!!!", e); + return null; + } + } + + public <T> T get(String artifact, final Class<T> clazz, long authdatatimeout) throws MOADatabaseException, AuthenticationException { AssertionStore element = searchInDatabase(artifact); + if (authdatatimeout > -1) { + //check timeout + long now = new Date().getTime(); + + if (now - element.getDatatime().getTime() > authdatatimeout) + throw new AuthenticationException("1207", new Object[] { artifact }); + } + + //Deserialize Assertion Object data = SerializationUtils.deserialize(element.getAssertion()); @@ -118,7 +151,7 @@ public class AssertionStorage { if (results.size() != 0) { for(AssertionStore result : results) { try { - MOASessionDBUtils.delete(result); + cleanDelete(result); Logger.info("Remove sessioninformation with ID=" + result.getArtifact() + " after timeout."); @@ -135,7 +168,7 @@ public class AssertionStorage { try { AssertionStore element = searchInDatabase(artifact); - MOASessionDBUtils.delete(element); + cleanDelete(element); Logger.info("Remove sessioninformation with ID" + artifact); @@ -148,6 +181,23 @@ public class AssertionStorage { } } + private void cleanDelete(AssertionStore element) { + try { + element.setAssertion(new byte[]{}); + MOASessionDBUtils.saveOrUpdate(element); + + } catch (MOADatabaseException e) { + Logger.warn("Blank shortTime session with artifact=" + element.getArtifact() + " FAILED.", e); + + } finally { + if (!MOASessionDBUtils.delete(element)) + Logger.error("ShortTime session with artifact=" + element.getArtifact() + + " not removed! (Error during Database communication)"); + + } + + } + @SuppressWarnings("rawtypes") private AssertionStore searchInDatabase(String artifact) throws MOADatabaseException { MiscUtil.assertNotNull(artifact, "artifact"); @@ -158,7 +208,7 @@ public class AssertionStorage { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getAssertionWithArtifact"); - query.setString("artifact", artifact); + query.setParameter("artifact", artifact); result = query.list(); //send transaction diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java index e6efa0256..26922a13b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java @@ -22,10 +22,12 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.storage; +import java.util.ArrayList; import java.util.Date; import java.util.List; import org.apache.commons.lang.SerializationUtils; +import org.apache.commons.lang.StringEscapeUtils; import org.hibernate.HibernateException; import org.hibernate.Query; import org.hibernate.Session; @@ -36,10 +38,15 @@ import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils; import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.data.EncryptedData; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.moduls.IRequest; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.id.util.SessionEncrytionUtil; import at.gv.egovernment.moa.logging.Logger; @@ -62,21 +69,6 @@ public class AuthenticationSessionStoreage { } } - public static void setAuthenticated(String moaSessionID, boolean value) { - - AuthenticatedSessionStore session; - - try { - session = searchInDatabase(moaSessionID); - session.setAuthenticated(value); - MOASessionDBUtils.saveOrUpdate(session); - - - } catch (MOADatabaseException e) { - Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); - } - } - public static AuthenticationSession createSession() throws MOADatabaseException { String id = Random.nextRandom(); AuthenticationSession session = new AuthenticationSession(id); @@ -103,44 +95,39 @@ public class AuthenticationSessionStoreage { return session; } - - public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + + public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { try { - AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - dbsession.setAuthenticated(session.isAuthenticated()); - byte[] serialized = SerializationUtils.serialize(session); - - EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); - dbsession.setSession(encdata.getEncData()); - dbsession.setIv(encdata.getIv()); - - //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 - dbsession.setUpdated(new Date()); - - MOASessionDBUtils.saveOrUpdate(dbsession); - Logger.debug("MOASession with sessionID=" + session.getSessionID() + " is stored in Database"); - + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return decryptSession(dbsession); + } catch (MOADatabaseException e) { - Logger.warn("MOASession could not be stored."); - throw new MOADatabaseException(e); - } + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e); + throw new MOADatabaseException("MOASession deserialization-exception"); + } + } + + public static void storeSession(AuthenticationSession session) throws MOADatabaseException, BuildException { + storeSession(session, null); } public static void storeSession(AuthenticationSession session, String pendingRequestID) throws MOADatabaseException, BuildException { try { AuthenticatedSessionStore dbsession = searchInDatabase(session.getSessionID()); - dbsession.setPendingRequestID(pendingRequestID); - - dbsession.setAuthenticated(session.isAuthenticated()); - byte[] serialized = SerializationUtils.serialize(session); - EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); - dbsession.setSession(encdata.getEncData()); - dbsession.setIv(encdata.getIv()); + if (MiscUtil.isNotEmpty(pendingRequestID)) + dbsession.setPendingRequestID(pendingRequestID); + + encryptSession(session, dbsession); //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 + dbsession.setAuthenticated(session.isAuthenticated()); dbsession.setUpdated(new Date()); MOASessionDBUtils.saveOrUpdate(dbsession); @@ -152,10 +139,9 @@ public class AuthenticationSessionStoreage { } } - public static void destroySession(String moaSessionID) throws MOADatabaseException { - Session session = MOASessionDBUtils.getCurrentSession(); + Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; @@ -163,7 +149,7 @@ public class AuthenticationSessionStoreage { session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithID"); - query.setString("sessionid", moaSessionID); + query.setParameter("sessionid", moaSessionID); result = query.list(); @@ -175,11 +161,9 @@ public class AuthenticationSessionStoreage { throw new MOADatabaseException("No session found with this sessionID"); } - AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); - - //delete MOA Session - session.delete(dbsession); - session.getTransaction().commit(); + AuthenticatedSessionStore dbsession = (AuthenticatedSessionStore) result.get(0); + session.getTransaction().commit(); + cleanDelete(dbsession); } } @@ -196,16 +180,11 @@ public class AuthenticationSessionStoreage { + "to " + id); session.setSessionID(id); + encryptSession(session, dbsession); dbsession.setSessionid(id); dbsession.setAuthenticated(session.isAuthenticated()); - - byte[] serialized = SerializationUtils.serialize(session); - - EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); - dbsession.setSession(encdata.getEncData()); - dbsession.setIv(encdata.getIv()); - + //set Timestamp in this state, because automated timestamp generation is buggy in Hibernate 4.2.1 dbsession.setUpdated(new Date()); @@ -219,9 +198,94 @@ public class AuthenticationSessionStoreage { throw new AuthenticationException("TODO!", null); } } + + public static void setAuthenticated(String moaSessionID, boolean value) { + + AuthenticatedSessionStore session; + + try { + session = searchInDatabase(moaSessionID); + session.setAuthenticated(value); + MOASessionDBUtils.saveOrUpdate(session); + + } catch (MOADatabaseException e) { + Logger.warn("isAuthenticated can not be stored in MOASession " + moaSessionID, e); + } + } + + public static String getMOASessionSSOID(String SSOSessionID) { + MiscUtil.assertNotNull(SSOSessionID, "SSOsessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOSessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0).getSessionid(); + + } + } + + public static boolean isSSOSession(String sessionID) throws MOADatabaseException { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.isSSOSession(); + + } catch (MOADatabaseException e) { + Logger.info("No MOA Session with id: " + sessionID); + throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } + } + + public static AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId, String moaSessionId) { + MiscUtil.assertNotNull(SSOId, "SSOSessionID"); + Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithSSOID"); + query.setParameter("sessionid", SSOId); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + + } else { + return result.get(0); + } + } + public static void addSSOInformation(String moaSessionID, String SSOSessionID, - String assertionID, String OAUrl) throws AuthenticationException { + SLOInformationInterface SLOInfo, String OAUrl) throws AuthenticationException { AuthenticatedSessionStore dbsession; Transaction tx = null; @@ -237,7 +301,7 @@ public class AuthenticationSessionStoreage { tx = session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithID"); - query.setString("sessionid", moaSessionID); + query.setParameter("sessionid", moaSessionID); result = query.list(); @@ -251,13 +315,34 @@ public class AuthenticationSessionStoreage { } dbsession = (AuthenticatedSessionStore) result.get(0); - + + OASessionStore activeOA = null; + //check if OA already has an active OA session + if (dbsession.getActiveOAsessions() != null) { + for (OASessionStore el : dbsession.getActiveOAsessions()) { + if (el.getOaurlprefix().equals(OAUrl)) + activeOA = el; + } + } + + if (activeOA == null) + activeOA = new OASessionStore(); + //set active OA applications - OASessionStore activeOA = new OASessionStore(); activeOA.setOaurlprefix(OAUrl); activeOA.setMoasession(dbsession); activeOA.setCreated(new Date()); - activeOA.setAssertionSessionID(assertionID); + + //set additional information for SLO + if (SLOInfo != null) { + activeOA.setAssertionSessionID(SLOInfo.getSessionIndex()); + activeOA.setUserNameID(SLOInfo.getUserNameIdentifier()); + activeOA.setUserNameIDFormat(SLOInfo.getUserNameIDFormat()); + activeOA.setProtocolType(SLOInfo.getProtocolType()); + activeOA.setAttributeQueryUsed(false); + + + } List<OASessionStore> activeOAs = dbsession.getActiveOAsessions(); activeOAs.add(activeOA); @@ -286,7 +371,7 @@ public class AuthenticationSessionStoreage { tx.commit(); Logger.debug("Add SSO-Session login information for OA: " + OAUrl - + " and AssertionID: " + assertionID); + + " and AssertionID: " + SLOInfo.getSessionIndex()); } } catch (MOADatabaseException e) { @@ -298,56 +383,75 @@ public class AuthenticationSessionStoreage { throw new AuthenticationException("SSO Session information can not be stored! --> SSO is deactivated", null); } } - - - public static AuthenticationSession getSession(String sessionID) throws MOADatabaseException { + + public static List<OASessionStore> getAllActiveOAFromMOASession(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + AuthenticatedSessionStore dbsession = searchInDatabase(moaSession.getSessionID()); + return dbsession.getActiveOAsessions(); - //decrypt Session - EncryptedData encdata = new EncryptedData(dbsession.getSession(), - dbsession.getIv()); - byte[] decrypted = SessionEncrytionUtil.decrypt(encdata); - - AuthenticationSession session = (AuthenticationSession) SerializationUtils.deserialize(decrypted); - - return session; - } catch (MOADatabaseException e) { - Logger.info("No MOA Session with id: " + sessionID); - throw new MOADatabaseException("No MOA Session with id: " + sessionID); + Logger.warn("NO session information found for sessionID " + moaSession.getSessionID(), e); - } catch (Throwable e) { - Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e); - throw new MOADatabaseException("MOASession deserialization-exception"); } + + return null; } - public static boolean isSSOSession(String sessionID) throws MOADatabaseException { - try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); - return dbsession.isSSOSession(); + public static AuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { + MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); + MiscUtil.assertNotNull(userNameID, "userNameID"); + Logger.trace("Get moaSession for userNameID " + userNameID + " and OA " + + oaID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOASessionWithNameIDandOAID"); + query.setParameter("oaID", oaID); + query.setParameter("nameID", userNameID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No unique entry found."); + return null; + + } + try { + return decryptSession(result.get(0)); - } catch (MOADatabaseException e) { - Logger.info("No MOA Session with id: " + sessionID); - throw new MOADatabaseException("No MOA Session with id: " + sessionID); + } catch (BuildException e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + result.get(0).getSessionid(), e); + return null; } - - } - public static String getMOASessionID(String SSOSessionID) { - MiscUtil.assertNotNull(SSOSessionID, "moasessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOSessionID + " from database."); + public static OASessionStore searchActiveOASSOSession(AuthenticationSession moaSession, String oaID, String protocolType) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + MiscUtil.assertNotNull(oaID, "OnlineApplicationIdentifier"); + MiscUtil.assertNotNull(protocolType, "usedProtocol"); + Logger.trace("Get active OnlineApplication for sessionID " + moaSession.getSessionID() + " with OAID " + + oaID + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; synchronized (session) { session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setString("sessionid", SSOSessionID); + Query query = session.getNamedQuery("getActiveOAWithSessionIDandOAIDandProtocol"); + query.setParameter("sessionID", moaSession.getSessionID()); + query.setParameter("oaID", oaID); + query.setParameter("protocol", protocolType); result = query.list(); //send transaction @@ -357,29 +461,71 @@ public class AuthenticationSessionStoreage { Logger.trace("Found entries: " + result.size()); //Assertion requires an unique artifact - if (result.size() != 1) { + if (result.size() == 0) { Logger.trace("No entries found."); - return null; - - } else { - return result.get(0).getSessionid(); - + return null; + } + return result.get(0).getActiveOAsessions().get(0); } - public static boolean isValidSessionWithSSOID(String SSOId, String moaSessionId) { - - MiscUtil.assertNotNull(SSOId, "SSOSessionID"); - Logger.trace("Get authenticated session with SSOID " + SSOId + " from database."); + public static String getPendingRequestID(String sessionID) { + try { + AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); + return dbsession.getPendingRequestID(); + + } catch (MOADatabaseException e) { + Logger.warn("MOASession with ID " + sessionID + " not found"); + return ""; + } + } + + public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) { + try { + MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); + Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setParameter("sessionid", pedingRequestID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() != 1) { + Logger.trace("No entries found."); + return null; + } + + return decryptSession(result.get(0)); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); + return null; + } + } + + public static boolean deleteSessionWithPendingRequestID(String id) { + MiscUtil.assertNotNull(id, "PendingRequestID"); + Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; synchronized (session) { session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithSSOID"); - query.setString("sessionid", SSOId); + Query query = session.getNamedQuery("getSessionWithPendingRequestID"); + query.setParameter("sessionid", id); result = query.list(); //send transaction @@ -394,22 +540,91 @@ public class AuthenticationSessionStoreage { return false; } else { + cleanDelete(result.get(0)); return true; } + + } + + public static AuthenticationSession getSessionWithUserNameID(String nameID) { + + try { + MiscUtil.assertNotNull(nameID, "nameID"); + Logger.trace("Get authenticated session with pedingRequestID " + nameID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getMOAISessionWithUserNameID"); + query.setParameter("usernameid", StringEscapeUtils.escapeHtml(nameID)); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + } + + return decryptSession(result.get(0)); + + } catch (Throwable e) { + Logger.warn("MOASession deserialization-exception by using MOASessionID=" + nameID); + return null; + } + + } + + public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { + MiscUtil.assertNotNull(sessionID, "MOASession"); + Logger.trace("Get interfederated IDP for SSO with sessionID " + sessionID + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionID"); + query.setParameter("sessionID", sessionID); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getInderfederation().get(0); } - public static boolean deleteSessionWithPendingRequestID(String id) { - MiscUtil.assertNotNull(id, "PendingRequestID"); - Logger.trace("Delete MOAsession with PendingRequestID " + id + " from database."); + public static InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, String idpID) { + MiscUtil.assertNotNull(sessionID, "MOASession"); + MiscUtil.assertNotNull(idpID, "Interfederated IDP ID"); + Logger.trace("Get interfederated IDP "+ idpID + " for SSO with sessionID " + sessionID + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); List<AuthenticatedSessionStore> result; synchronized (session) { session.beginTransaction(); - Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setString("sessionid", id); + Query query = session.getNamedQuery("getInterfederatedIDPForSSOWithSessionIDIDPID"); + query.setParameter("sessionID", sessionID); + query.setParameter("idpID", idpID); result = query.list(); //send transaction @@ -419,33 +634,138 @@ public class AuthenticationSessionStoreage { Logger.trace("Found entries: " + result.size()); //Assertion requires an unique artifact - if (result.size() != 1) { + if (result.size() == 0) { Logger.trace("No entries found."); - return false; - - } else { - MOASessionDBUtils.delete(result.get(0)); - return true; + return null; + } - - + + return result.get(0).getInderfederation().get(0); } - public static String getPendingRequestID(String sessionID) { + public static String createInterfederatedSession(IRequest req, boolean isAuthenticated, String ssoID) throws MOADatabaseException, AssertionAttributeExtractorExeption { + AuthenticatedSessionStore dbsession = null; + + //search for active SSO session + if (MiscUtil.isNotEmpty(ssoID)) { + String moaSession = getMOASessionSSOID(ssoID); + if (MiscUtil.isNotEmpty(moaSession)) { + try { + dbsession = searchInDatabase(moaSession); + + }catch (MOADatabaseException e) { + + } + } + } + + String id = null; + Date now = new Date(); + + //create new MOASession if any exists + if (dbsession == null) { + id = Random.nextRandom(); + dbsession = new AuthenticatedSessionStore(); + dbsession.setSessionid(id); + dbsession.setCreated(now); + + } else { + id = dbsession.getSessionid(); + + } + + dbsession.setInterfederatedSSOSession(true); + dbsession.setAuthenticated(isAuthenticated); + dbsession.setUpdated(now); + + AuthenticationSession session = new AuthenticationSession(id); + session.setAuthenticated(true); + session.setAuthenticatedUsed(false); + dbsession.setSession(SerializationUtils.serialize(session)); + + //add interfederation information + List<InterfederationSessionStore> idpList = dbsession.getInderfederation(); + InterfederationSessionStore idp = null; + if (idpList == null) { + idpList = new ArrayList<InterfederationSessionStore>(); + dbsession.setInderfederation(idpList); + + } else { + for (InterfederationSessionStore el : idpList) { + //resue old entry if interfederation IDP is reused for authentication + if (el.getIdpurlprefix().equals(req.getInterfederationResponse().getEntityID())) + idp = el; + + } + } + + //create new interfederation IDP entry + if (idp == null) { + idp = new InterfederationSessionStore(); + idp.setCreated(now); + idp.setIdpurlprefix(req.getInterfederationResponse().getEntityID()); + idp.setMoasession(dbsession); + idpList.add(idp); + + } + AssertionAttributeExtractor extract = new AssertionAttributeExtractor(req.getInterfederationResponse().getResponse()); + idp.setSessionIndex(extract.getSessionIndex()); + idp.setUserNameID(extract.getNameID()); + idp.setAttributesRequested(false); + idp.setQAALevel(extract.getQAALevel()); + + //store AssertionStore element to Database try { - AuthenticatedSessionStore dbsession = searchInDatabase(sessionID); - return dbsession.getPendingRequestID(); + MOASessionDBUtils.saveOrUpdate(dbsession); + Logger.info("MOASession with sessionID=" + id + " is stored in Database"); } catch (MOADatabaseException e) { - Logger.warn("MOASession with ID " + sessionID + " not found"); - return ""; + Logger.warn("MOASession could not be created."); + throw new MOADatabaseException(e); } + return id; } - public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) { + public static InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(AuthenticationSession moaSession) { + MiscUtil.assertNotNull(moaSession, "MOASession"); + Logger.trace("Get interfederated IDP for AttributeQuery with sessionID " + moaSession.getSessionID() + " from database."); + Session session = MOASessionDBUtils.getCurrentSession(); + + List<AuthenticatedSessionStore> result; + + synchronized (session) { + session.beginTransaction(); + Query query = session.getNamedQuery("getInterfederatedIDPForAttributeQueryWithSessionID"); + query.setParameter("sessionID", moaSession.getSessionID()); + result = query.list(); + + //send transaction + session.getTransaction().commit(); + } + + Logger.trace("Found entries: " + result.size()); + + //Assertion requires an unique artifact + if (result.size() == 0) { + Logger.trace("No entries found."); + return null; + + } + + return result.get(0).getInderfederation().get(0); + } + + /** + * @param entityID + * @param requestID + */ + public static boolean removeInterfederetedSession(String entityID, + String pedingRequestID) { try { + Logger.debug("Remove interfederated IDP from local SSO session ..."); + MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID"); Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database."); Session session = MOASessionDBUtils.getCurrentSession(); @@ -455,7 +775,7 @@ public class AuthenticationSessionStoreage { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithPendingRequestID"); - query.setString("sessionid", pedingRequestID); + query.setParameter("sessionid", pedingRequestID); result = query.list(); //send transaction @@ -467,20 +787,27 @@ public class AuthenticationSessionStoreage { //Assertion requires an unique artifact if (result.size() != 1) { Logger.trace("No entries found."); - return null; + return false; } - //decrypt Session - EncryptedData encdata = new EncryptedData(result.get(0).getSession(), - result.get(0).getIv()); - byte[] decrypted = SessionEncrytionUtil.decrypt(encdata); - return (AuthenticationSession) SerializationUtils.deserialize(decrypted); - + AuthenticatedSessionStore authsession = result.get(0); + + List<InterfederationSessionStore> idpSessions = authsession.getInderfederation(); + if (idpSessions != null) { + for (InterfederationSessionStore idp : idpSessions) { + if (idp.getIdpurlprefix().equals(entityID)) + idpSessions.remove(idp); + + } + } + + MOASessionDBUtils.saveOrUpdate(authsession); + return true; } catch (Throwable e) { Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID); - return null; - } + return false; + } } public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { @@ -502,7 +829,7 @@ public class AuthenticationSessionStoreage { if (results.size() != 0) { for(AuthenticatedSessionStore result : results) { try { - MOASessionDBUtils.delete(result); + cleanDelete(result); Logger.info("Authenticated session with sessionID=" + result.getSessionid() + " after session timeout."); @@ -510,11 +837,43 @@ public class AuthenticationSessionStoreage { Logger.warn("Authenticated session with sessionID=" + result.getSessionid() + " not removed after timeout! (Error during Database communication)", e); } - } } } + private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException { + byte[] serialized = SerializationUtils.serialize(session); + + EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized); + dbsession.setSession(encdata.getEncData()); + dbsession.setIv(encdata.getIv()); + } + + private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException { + EncryptedData encdata = new EncryptedData(dbsession.getSession(), + dbsession.getIv()); + byte[] decrypted = SessionEncrytionUtil.decrypt(encdata); + + return (AuthenticationSession) SerializationUtils.deserialize(decrypted); + + } + + private static void cleanDelete(AuthenticatedSessionStore result) { + try { + result.setSession(new byte[] {}); + MOASessionDBUtils.saveOrUpdate(result); + + } catch (MOADatabaseException e) { + Logger.warn("Blank authenticated session with sessionID=" + result.getSessionid() + " FAILED.", e); + + } finally { + if (!MOASessionDBUtils.delete(result)) + Logger.error("Authenticated session with sessionID=" + result.getSessionid() + + " not removed! (Error during Database communication)"); + + } + } + @SuppressWarnings("rawtypes") private static AuthenticatedSessionStore searchInDatabase(String sessionID) throws MOADatabaseException { MiscUtil.assertNotNull(sessionID, "moasessionID"); @@ -526,7 +885,7 @@ public class AuthenticationSessionStoreage { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getSessionWithID"); - query.setString("sessionid", sessionID); + query.setParameter("sessionid", sessionID); result = query.list(); //send transaction diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java index ae8e5ee27..054ad1014 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java @@ -154,7 +154,7 @@ public class DBExceptionStoreImpl implements IExceptionStore { synchronized (session) { session.beginTransaction(); Query query = session.getNamedQuery("getExceptionWithID"); - query.setString("id", id); + query.setParameter("id", id); result = query.list(); //send transaction diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java new file mode 100644 index 000000000..aff7e5057 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ErrorResponseUtils.java @@ -0,0 +1,103 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.util; + +import java.util.Locale; + +import at.gv.egovernment.moa.id.auth.exception.BKUException; +import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +import at.gv.egovernment.moa.id.auth.exception.MOAIDException; +import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception; +import at.gv.egovernment.moa.util.Messages; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class ErrorResponseUtils { + + public static final String INTERNALERRORCODE = "9199"; + + private static ErrorResponseUtils instance = null; + private static final String[] DEFAULT_MESSAGE_RESOURCES = + { "resources/properties/protocol_response_statuscodes" }; + private static final Locale[] DEFAULT_MESSAGE_LOCALES = + new Locale[] { new Locale("de", "AT") }; + private Messages messages = null; + + + public static ErrorResponseUtils getInstance() { + if (instance == null) { + instance = new ErrorResponseUtils(DEFAULT_MESSAGE_RESOURCES, DEFAULT_MESSAGE_LOCALES); + + } + return instance; + } + + private ErrorResponseUtils(String[] resourceNames, Locale[] locales) { + this.messages = new Messages(resourceNames, locales); + } + + public String getResponseErrorCode(Throwable throwable) { + String errorCode = null; + + if (throwable instanceof BKUException) { + BKUException error = (BKUException) throwable; + errorCode = mapInternalErrorToExternalError(error.getMessageId()) + + error.getBkuErrorCode(); + + } else if (throwable instanceof MISSimpleClientException) { + MISSimpleClientException error = (MISSimpleClientException) throwable; + + if (MiscUtil.isNotEmpty(error.getMISErrorCode())) + errorCode = mapInternalErrorToExternalError(error.getMessageId()) + + error.getMISErrorCode(); + else + errorCode = mapInternalErrorToExternalError(error.getMessageId()); + + } else if (throwable instanceof MOAIDException) { + MOAIDException error = (MOAIDException) throwable; + errorCode = mapInternalErrorToExternalError(error.getMessageId()); + + } else { + errorCode = INTERNALERRORCODE; + + } + + return errorCode; + + } + + public String mapInternalErrorToExternalError(String intErrorCode) { + String extErrorCode = messages.getMessage(intErrorCode, null); + + if (MiscUtil.isEmpty(extErrorCode)) + extErrorCode = INTERNALERRORCODE; + + return extErrorCode; + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java index ed3f297c7..81abe3f5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java @@ -46,11 +46,7 @@ package at.gv.egovernment.moa.id.util; -import iaik.pki.PKIConfiguration; import iaik.pki.PKIException; -import iaik.pki.PKIFactory; -import iaik.pki.PKIProfile; -import iaik.pki.jsse.IAIKX509TrustManager; import iaik.security.provider.IAIK; import java.io.BufferedInputStream; @@ -62,26 +58,19 @@ import java.io.Reader; import java.net.URL; import java.security.GeneralSecurityException; import java.security.Security; -import java.util.HashMap; -import java.util.Map; import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; -import javax.net.ssl.TrustManager; import org.apache.regexp.RE; import org.apache.regexp.RESyntaxException; +import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.ConfigurationProvider; import at.gv.egovernment.moa.id.config.ConnectionParameter; import at.gv.egovernment.moa.id.config.ConnectionParameterInterface; -import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl; -import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl; -import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager; -import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; /** @@ -94,14 +83,7 @@ import at.gv.egovernment.moa.logging.Logger; */ public class SSLUtils { - /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ - private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>(); - - /** - * Initializes the SSLSocketFactory store. - */ public static void initialize() { - sslSocketFactories = new HashMap<String, SSLSocketFactory>(); // JSSE Abhängigkeit //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); Security.addProvider(new IAIK()); @@ -132,61 +114,38 @@ public class SSLUtils { ConnectionParameterInterface connParam) throws IOException, GeneralSecurityException, ConfigurationException, PKIException { - Logger.debug("Get SSLSocketFactory for " + connParam.getUrl()); - // retrieve SSLSocketFactory if already created - SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(connParam.getUrl()); - if (ssf != null) - return ssf; - - // else create new SSLSocketFactory - String trustStoreURL = conf.getTrustedCACertificates(); - - if (trustStoreURL == null) - throw new ConfigurationException( - "config.08", new Object[] {"TrustedCACertificates"}); - String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); - - TrustManager[] tms = getTrustManagers(conf, trustStoreURL, acceptedServerCertURL); - - KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( - "pkcs12", connParam.getClientKeyStore(), connParam.getClientKeyStorePassword()); - SSLContext ctx = SSLContext.getInstance("TLS"); - ctx.init(kms, tms, null); ssf = ctx.getSocketFactory(); - // store SSLSocketFactory - sslSocketFactories.put(connParam.getUrl(), ssf); - return ssf; + // else create new SSLSocketFactory + String trustStoreURL = conf.getTrustedCACertificates(); + + if (trustStoreURL == null) + throw new ConfigurationException( + "config.08", new Object[] {"TrustedCACertificates"}); + + String acceptedServerCertURL = connParam.getAcceptedServerCertificates(); + + //INFO: MOA-ID 2.x always use defaultChainingMode + + try { + SSLSocketFactory ssf = + at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils.getSSLSocketFactory( + connParam.getUrl(), + conf.getCertstoreDirectory(), + trustStoreURL, + acceptedServerCertURL, + AuthConfigurationProvider.getInstance().getDefaultChainingMode(), + AuthConfigurationProvider.getInstance().isTrustmanagerrevoationchecking(), + connParam.getClientKeyStore(), + connParam.getClientKeyStorePassword(), + "pkcs12"); + + return ssf; + + } catch (SSLConfigurationException e) { + throw new ConfigurationException(e.getErrorID(), e.getParameters(), e.getE()); + + } } - - /** - * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, - * using configuration data. - * - * @param conf MOA-ID configuration provider - * @param trustStoreURL trust store URL - * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates - * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code> - * @throws ConfigurationException on invalid configuration data - * @throws IOException on data-reading problems - * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> - */ - public static TrustManager[] getTrustManagers( - ConfigurationProvider conf, String trustStoreURL, String acceptedServerCertURL) - throws ConfigurationException, PKIException, IOException, GeneralSecurityException { - - PKIConfiguration cfg = null; - if (! PKIFactory.getInstance().isAlreadyConfigured()) - cfg = new PKIConfigurationImpl(conf); - boolean checkRevocation = conf.isTrustmanagerrevoationchecking(); - PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); - // This call fixes a bug occuring when PKIConfiguration is - // initialized by the MOA-SP initialization code, in case - // MOA-SP is called by API - MOAIDTrustManager.initializeLoggingContext(); - IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); - tm.init(cfg, profile); - return new TrustManager[] {tm}; - } /** * Reads a file, given by URL, into a byte array, * securing the connection by IAIKX509TrustManager. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java index 385dd753c..f7785d2c2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java @@ -48,6 +48,8 @@ package at.gv.egovernment.moa.id.util.client.mis.simple; import java.io.Serializable;
+import at.gv.egovernment.moa.util.MiscUtil;
+
public class MISMandate implements Serializable{
private static final long serialVersionUID = 1L;
@@ -90,16 +92,21 @@ public class MISMandate implements Serializable{ }
public String getTextualDescriptionOfOID() {
- if (this.oid.equalsIgnoreCase(OID_NOTAR))
- return TEXT_NOTAR;
- if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
- return TEXT_RECHTSANWALT;
- if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
- return TEXT_ZIVILTECHNIKER;
- if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
- return TEXT_ORGANWALTER;
+ if (MiscUtil.isNotEmpty(this.oid)) {
+ if (this.oid.equalsIgnoreCase(OID_NOTAR))
+ return TEXT_NOTAR;
+ if (this.oid.equalsIgnoreCase(OID_RECHTSANWALT))
+ return TEXT_RECHTSANWALT;
+ if (this.oid.equalsIgnoreCase(OID_ZIVILTECHNIKER))
+ return TEXT_ZIVILTECHNIKER;
+ if (this.oid.equalsIgnoreCase(OID_ORGANWALTER))
+ return TEXT_ORGANWALTER;
- return "Keine textuelle Beschreibung für OID " + oid;
+ return "Keine textuelle Beschreibung für OID " + oid;
+
+ } else {
+ return null;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index b9c4e88b7..aaf793987 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -149,17 +149,17 @@ public class MISSimpleClient { }
return foundMandates;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
- public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static MISSessionId sendSessionIdRequest(String webServiceURL, byte[] idl, byte[] cert, String oaFriendlyName, String redirectURL, String referenceValue, List<String> mandateIdentifier, String targetType, byte[] authBlock, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
- throw new NullPointerException("Argument webServiceURL must not be null.");
+ throw new MISSimpleClientException("service.04");
}
if (idl == null) {
throw new NullPointerException("Argument idl must not be null.");
@@ -224,8 +224,11 @@ public class MISSimpleClient { targetElement.appendChild(targetTypeElement);
mirElement.appendChild(targetElement);
-
-
+ //add AuthBlock element
+ Element authBlockElement = doc.createElementNS(MIS_NS, "authBlock");
+ authBlockElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(authBlock))));
+ mirElement.appendChild(authBlockElement);
+
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
@@ -253,11 +256,11 @@ public class MISSimpleClient { return msid;
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (DOMException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -271,9 +274,10 @@ public class MISSimpleClient { if (errorElement != null) {
String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
- throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text, code, text); }
+ throw new MISSimpleClientException("service.05", code, text); }
+
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("auth.15", e);
}
}
@@ -308,19 +312,19 @@ public class MISSimpleClient { return unpackFromSOAP(doc.getDocumentElement());
} catch(IOException e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.04", e);
} catch (TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (SAXException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
} catch (Exception e) {
- throw new MISSimpleClientException(e.getLocalizedMessage(), e);
+ throw new MISSimpleClientException("service.06", e);
}
@@ -336,7 +340,7 @@ public class MISSimpleClient { soapBody.appendChild(doc.importNode(element, true));
return soapEnvelope;
} catch(ParserConfigurationException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
@@ -344,7 +348,7 @@ public class MISSimpleClient { try {
return (Element) XPathAPI.selectSingleNode(element, "/soap:Envelope/soap:Body/child::*[position()=1]", NS_NODE);
} catch(TransformerException e) {
- throw new MISSimpleClientException(e);
+ throw new MISSimpleClientException("service.06", e);
}
}
}
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 3cd8ee24a..c8cca157d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -24,7 +24,6 @@ auth.03=Fehler beim Abholen einer Datei von der URL "{0}": Interne Fehlermeldung auth.04=Fehler beim Auslesen der Resource "{0}": {1}
auth.05=Fehlender Parameter "{1}" beim Aufruf von "{0}"
auth.06=Fehler beim Speichern der Anmeldedaten, fehlerhaftes SAML-Artifact Format (SAML-Artifact={0})
-#auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen. <br><b>Hinweis:</b> Bitte Dokumentation zu GenericConfiguration: "FrontendServlets.EnableHTTPConnection" beachten.
auth.07=Aufruf von {0} muss mit Schema "https:" erfolgen.
auth.08=In der B\u00FCrgerkartenumgebung ist ein Fehler aufgetreten\: <br>Fehlercode <i>{0}</i>\: {1}
auth.09=Zur Auswahlseite der B\u00FCrgertenumgebung (URL\={0}) konnte keine Verbindung hergestellt werden. \: <br>HTTP-Statuscode <i>{1}</i>
@@ -33,7 +32,7 @@ auth.11=Die zentral gespeicherte Auswahlseite f\u00FCr B\u00FCrgerkartenumgebung auth.12=Fehlerhafter Parameter "{1}" beim Aufruf von "{0}"
auth.13=Vollmachtenmodus f\u00FCr ausl\u00E4ndische B\u00FCrger wird nicht unterst\u00FCtzt.
auth.14=Zertifikat konnte nicht ausgelesen werden.
-auth.15=Fehler bei Anfrage an Vollmachten Service.
+auth.15=Fehler beim validieren der Online-Vollmacht.
auth.16=Fehler bei Abarbeitung der Vollmacht in "{0}"
auth.17=Vollmachtenmodus f\u00FCr nicht-\u00F6ffentlichen Bereich wird nicht unterst\u00FCtzt.
auth.18=Keine MOASessionID vorhanden
@@ -43,6 +42,7 @@ auth.21=Der Anmeldevorgang wurde durch den Benutzer abgebrochen. auth.22=Das Protokoll {0} ist deaktiviert.
auth.23=Das BKU-Selektion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
auth.24=Das Send-Assertion Template entspricht nicht der Spezifikation von MOA-ID 2.x.
+auth.25=Fehler beim validieren der SZR-Gateway Response.
init.00=MOA ID Authentisierung wurde erfolgreich gestartet
init.01=Fehler beim Aktivieren des IAIK-JCE/JSSE/JDK1.3 Workaround\: SSL ist m\u00F6glicherweise nicht verf\u00FCgbar
@@ -70,7 +70,8 @@ config.16=MOA ID Proxy konnte nicht gestartet werden. Das Element ConnnectionPar config.17=Fehler beim initialisieren von Hibernate
config.18=Keine MOA-ID 2.x Konfiguration gefunden.
config.19=Kein Schl\u00FCssel f\u00FCr die Resignierung der Personenbindung gefunden.
-config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.20=Umgebungsvariable "moa.id.proxy.configuration" nicht gesetzt
+config.21=F\u00FCr diese Online Applikation sind keine Vollmachtsprofile hinterlegt.
parser.00=Leichter Fehler beim Parsen: {0}
parser.01=Fehler beim Parsen: {0}
@@ -87,11 +88,19 @@ builder.02=Fehler beim Ausblenden von Stammzahlen builder.03=Fehler beim Aufbau des HTML Codes f\u00FCr Vollmachten
builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck.
builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert.
+builder.06=Fehler beim generieren der Anmeldedaten aus SSO IDP Interfederation Informationen.
+builder.07=Fehlerhaftes SecurityLayer Template.
service.00=Fehler beim Aufruf des Web Service: {0}
service.01=Fehler beim Aufruf des Web Service: kein Endpoint
service.02=Fehler beim Aufruf des Web Service, Status {0}: {1}
service.03=Fehler beim Aufruf des SPSS-API: {0}
+service.04=Das Online-Vollmachten Service ist unter {0} nicht erreichbar.
+service.05=Fehler beim Anfragen des Online-Vollmachen Service: {0} / {1}
+service.06=Allgemeiner Fehler beim Anfragen des Online-Vollmachten Service
+service.07=Der SZR-Gateway ist unter {0} nicht erreichbar.
+service.08=Die Eintragung der ausländischen Person am SZR-Gateway ist fehlgeschlagen.
+service.09=Der SZR-Gateway Client konnte nicht initialisiert werden.
cleaner.00=AuthenticationSessionCleaner wurde gestartet
cleaner.01=Fehler im AuthenticationSessionCleaner
@@ -129,7 +138,7 @@ validator.08=Das Manifest ist ung\u00FCltig validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein
validator.10=Anzahl der URLs zur Authentisierungskomponente ung\u00FCltig {0}
-validator.11="Gesch�ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
+validator.11="Gesch\\u00E4ftsbereich" wurde nicht in den SAML-Attributen gefunden {0}
validator.12=Der Namespace des SAML-Attributs "Gesch\\u00E4ftsbereich" ist ung\u00FCltig {0}
validator.13=Das Target des 'Gesch\u00E4ftsbereichs' ist ung\u00FCltig {0}
validator.14="OA" wurde nicht in den SAML-Attributen gefunden {0}
@@ -137,7 +146,6 @@ validator.15=Der Namespace des SAML-Attributs "OA" ist ung\u00FCltig {0} validator.16=Die vorkonfigurierte URL der OnlineApplikation ist fehlerhaft {0}
validator.17= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist ung\u00FCltig {0}
-#validator.18= Der SubjectDN-Name des von MOA-SP retournierten Zertifikats ist nicht als g�ltiger SubjectDN-Name f�r eine Personenbindung konfiguriert. <b>{0}</b> wurde NICHT in der Konfiguration gefunden
validator.18= Das Zertifikat mit dem die Personenbindung signiert wurde, ist nicht zum Signieren der Personenbindung zul\u00E4ssig. Es konnte weder der SubjectDN ({0}) einem berechtigten Namen zugeordnet werden, noch enth?lt das Zertifikat die Erweiterung "Eigenschaft zur Ausstellung von Personenbindungen".
validator.19=Das verwendete Zertifikat zum Signieren ist ung\u00FCltig.<br>{0}
@@ -152,7 +160,7 @@ validator.26=OA Applikation ist eine Wirtschaftsapplikation, trotzdem ist ein SA validator.27=OA Applikation ist keine Wirtschaftsapplikation, trotzdem ist ein SAML-Attribut "wbPK" enthalten
validator.28=Fehlerhafter Wert im "wbPK" SAML-Attribut {0}
validator.29=Fehler beim Auslesen des "wbPK" SAML-Attributs {0}
-validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung�ltig {0}
+validator.30=Der Namespace des SAML-Attributs "wbPK" ist ung\u00FCltig {0}
validator.31="wbPK" wurde nicht in den SAML-Attributen gefunden {0}
@@ -212,7 +220,7 @@ stork.13=Fehler beim Sammeln eines Attributes in einem AttributProviderPlugin stork.14=Es wurde weder Authentifizierungs/ noch Attributerequest empfangen
stork.15=Unbekannte request.
stork.16=Ein Attribute aus zwei verschiedenen Quellen unterscheidet sich\: {0}
-stork.17=Fehler beim Einholen der Zustimmung für Attribut\u00FCbertragung durch den Benutzer
+stork.17=Fehler beim Einholen der Zustimmung f\uFFFDr Attribut\u00FCbertragung durch den Benutzer
stork.18=STORK-SAML Engine konnte nicht initialisiert werden.
pvp2.00={0} ist kein gueltiger consumer service index
@@ -233,6 +241,11 @@ pvp2.14=SAML Anfrage verweigert pvp2.15=Keine Metadateninformation gefunden
pvp2.16=Fehler beim verschl\u00FCsseln der PVP2 Assertion
pvp2.17=Der QAA Level {0} entspricht nicht dem angeforderten QAA Level {1}
+pvp2.18=Es konnten nicht alle Single Sign-On Sessions beendet werden.
+pvp2.19=Der Single LogOut Vorgang musste wegen eines unkorregierbaren Fehler abgebrochen werden.
+pvp2.20=Für die im Request angegebene EntityID konnten keine g\u00FCltigen Metadaten gefunden werden.
+pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
+pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler={0}).
oauth20.01=Fehlerhafte redirect url
oauth20.02=Fehlender Parameter "{0}"
@@ -241,5 +254,5 @@ oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt oauth20.05=Der angegebene Benutzer ist nicht berechtigt
oauth20.06=Die angegebene OA kann nicht verwendet werden
oauth20.07=Angeforderter grant_type ist nicht erlaubt
-oauth20.08=Nicht berechtigt f�r Token-Request
+oauth20.08=Nicht berechtigt f\u00FCr Token-Request
oauth20.09=Zertifikat fuer JSON Web-Token ist falsch konfiguriert. Fehler bei "{0}"
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties new file mode 100644 index 000000000..2a55ea64c --- /dev/null +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -0,0 +1,187 @@ +auth.00=1000 +auth.01=1001 +auth.02=1100 +auth.03=9000 +auth.04=9100 +auth.05=1002 +auth.06=6200 +auth.07=1003 +auth.08=40 +auth.09=9100 +auth.10=1002 +auth.11=9100 +auth.12=1002 +auth.13=1007 +auth.14=1004 +auth.15=1108 +auth.16=9102 +auth.17=1006 +auth.18=1100 +auth.20=1100 +auth.21=1005 +auth.22=6000 +auth.23=9000 +auth.24=9001 +auth.25=1109 + +init.00=9199 +init.01=9199 +init.02=9199 +init.04=9101 + +config.00=9199 +config.01=9199 +config.02=9199 +config.03=9199 +config.04=9199 +config.05=9199 +config.06=9199 +config.07=9199 +config.08=9199 +config.09=9199 +config.10=9199 +config.11=9199 +config.12=9199 +config.13=9199 +config.14=9199 +config.15=9199 +config.16=9199 +config.17=9199 +config.18=9199 +config.19=9199 +config.20=9199 +config.21=9006 + +parser.00=1101 +parser.01=1101 +parser.02=1101 +parser.03=1101 +parser.04=1101 +parser.05=1101 +parser.06=1101 +parser.07=1101 + +builder.00=9102 +builder.01=9103 +builder.02=9102 +builder.03=9102 +builder.04=Die Personenbindung konnte nicht neu signiert werden und wird aus diesem Grund nicht ausgeliefert. MOA-SS lieferte folgenden Fehlercode {0} und Fehler {1} zur\u00FCck. +builder.05=Beim resignieren der Personenbindung ist ein allgemeiner Fehler aufgetreten und wird aus diesem Grund nicht ausgeliefert. +builder.06=4400 +builder.07=9002 + +service.00=4300 +service.03=4300 +service.04=41000 +service.05=411 +service.06=41001 +service.07=4200 +service.08=4201 +service.09=9007 + +validator.00=1102 +validator.01=1102 +validator.02=1102 +validator.03=1102 +validator.04=1102 +validator.05=1102 + +validator.06=1103 +validator.07=1104 +validator.08=1103 +validator.09=1106 + +validator.10=1106 +validator.11=1106 +validator.12=1106 +validator.13=1106 +validator.14=1106 +validator.15=1106 +validator.16=1106 + +validator.17=1104 +validator.18=1104 + +validator.19=1105 + +validator.21=1103 +validator.22=1103 +validator.23=1103 +validator.24=1103 +validator.25=1103 + +validator.26=1106 +validator.27=1106 +validator.28=1106 +validator.29=1106 +validator.30=1106 +validator.31=1106 + +validator.32=1106 +validator.33=1106 +validator.34=1106 +validator.35=1106 +validator.36=1106 +validator.37=1106 +validator.38=1106 +validator.39=1106 + +validator.40=9199 +validator.41=9199 +validator.42=9199 +validator.43=9199 +validator.44=9199 +validator.45=9102 +validator.46=9102 +validator.47=9102 +validator.48=9199 + +validator.49=1104 +validator.50=1106 + +validator.64=9102 + +validator.67=1106 +validator.68=1106 +validator.69=1106 +validator.70=1106 +validator.71=1105 + +ssl.01=1107 + +stork.00=1200 +stork.01=1200 +stork.02=1200 +stork.04=1201 +stork.05=1201 +stork.06=1202 +stork.07=1201 +stork.08=1201 +stork.09=1201 +stork.10=4200 +stork.11=1203 +stork.12=9003 +stork.13=1203 +stork.14=6001 +stork.15=6001 +stork.16=1203 +stork.17=1203 +stork.18=9004 + +pvp2.01=6100 +pvp2.06=6100 +pvp2.13=9199 +pvp2.16=6101 +pvp2.17=6102 +pvp2.20=6103 +pvp2.21=6104 +pvp2.22=6105 + +oauth20.01=6200 +oauth20.06=1000 +oauth20.09=9005 +oauth20.10=9102 + +##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes +mis.301=1005 +bku.6001=1005
\ No newline at end of file diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java index e5bde81fd..3acf20a41 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java @@ -52,6 +52,7 @@ import test.at.gv.egovernment.moa.id.UnitTestCase; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -209,7 +210,7 @@ public class SAMLResponseParserTest extends UnitTestCase { assertEquals("samlp:Success", status.getStatusCode()); assertEquals("samlp:Success", status.getSubStatusCode()); assertEquals("Ollas leiwand", status.getStatusMessage()); - AuthenticationData authData = parser.parseAuthenticationData(); + SAML1AuthenticationData authData = parser.parseAuthenticationData(); assertEquals(1, authData.getMajorVersion()); assertEquals(0, authData.getMinorVersion()); assertEquals("-4633313027464114584", authData.getAssertionID()); diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml index 6c2e12c65..4b2ae6536 100644 --- a/id/server/moa-id-commons/pom.xml +++ b/id/server/moa-id-commons/pom.xml @@ -4,11 +4,12 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <artifactId>moa-id-commons</artifactId> <name>moa-id-commons</name> <groupId>MOA.id.server</groupId> + <version>${moa-id-version}</version> <profiles> <profile> @@ -64,11 +65,20 @@ <version>3.3.1</version> </dependency> <dependency> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + </dependency> + <dependency> <groupId>MOA</groupId> <artifactId>moa-common</artifactId> <type>jar</type> </dependency> + <dependency> + <groupId>iaik.prod</groupId> + <artifactId>iaik_X509TrustManager</artifactId> + </dependency> + <!-- dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-xjc</artifactId> @@ -127,6 +137,7 @@ </resources> <plugins> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-compiler-plugin</artifactId> @@ -184,7 +195,7 @@ </configuration> </plugin> - <plugin> +<!-- <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> <version>2.5</version> @@ -226,10 +237,27 @@ </goals> </execution> </executions> - </plugin> - </plugins> - <pluginManagement> - <plugins> + </plugin> --> + + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../../../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.--> <plugin> <groupId>org.eclipse.m2e</groupId> @@ -262,6 +290,5 @@ </configuration> </plugin> </plugins> - </pluginManagement> </build> </project>
\ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java index 730a328ab..5cfb1bb92 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/AuthenticatedSessionStore.java @@ -30,6 +30,7 @@ import java.util.List; import javax.persistence.CascadeType; import javax.persistence.Column; import javax.persistence.Entity; +import javax.persistence.FetchType; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; @@ -53,7 +54,13 @@ import org.hibernate.annotations.DynamicUpdate; @NamedQuery(name="getSessionWithID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.sessionid = :sessionid"), @NamedQuery(name="getSessionWithSSOID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.SSOsessionid = :sessionid"), @NamedQuery(name="getSessionWithPendingRequestID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.pendingRequestID = :sessionid"), - @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate") + @NamedQuery(name="getMOAISessionsWithTimeOut", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore where authenticatedsessionstore.created < :timeoutcreate or authenticatedsessionstore.updated < :timeoutupdate"), + @NamedQuery(name="getMOAISessionWithUserNameID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.userNameID = :usernameid and activeOAsessions.attributeQueryUsed is false"), + @NamedQuery(name="getActiveOAWithSessionIDandOAIDandProtocol", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.protocolType = :protocol and authenticatedsessionstore.sessionid = :sessionID"), + @NamedQuery(name="getMOASessionWithNameIDandOAID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.activeOAsessions activeOAsessions where activeOAsessions.oaurlprefix = :oaID and activeOAsessions.userNameID = :nameID"), + @NamedQuery(name="getInterfederatedIDPForAttributeQueryWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is false and authenticatedsessionstore.sessionid = :sessionID"), + @NamedQuery(name="getInterfederatedIDPForSSOWithSessionID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID order by inderfederations.QAALevel DESC"), + @NamedQuery(name="getInterfederatedIDPForSSOWithSessionIDIDPID", query = "select authenticatedsessionstore from AuthenticatedSessionStore authenticatedsessionstore join fetch authenticatedsessionstore.inderfederation inderfederations where inderfederations.attributesRequested is true and authenticatedsessionstore.sessionid = :sessionID and inderfederations.idpurlprefix = :idpID") }) public class AuthenticatedSessionStore implements Serializable{ @@ -82,6 +89,9 @@ public class AuthenticatedSessionStore implements Serializable{ @Column(name = "isSSOSession", nullable=false) private boolean isSSOSession = false; + + @Column(name = "isInterfederatedSSOSession", nullable=false) + private boolean isInterfederatedSSOSession = false; @Column(name = "pendingRequestID", nullable=false) private String pendingRequestID = ""; @@ -100,6 +110,9 @@ public class AuthenticatedSessionStore implements Serializable{ @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL) private List<OldSSOSessionIDStore> oldssosessionids = null; + @OneToMany(mappedBy="moasession", cascade=CascadeType.ALL, fetch=FetchType.EAGER) + private List<InterfederationSessionStore> inderfederation = null; + @PrePersist protected void created() { this.updated = this.created = new Date(); @@ -193,6 +206,20 @@ public class AuthenticatedSessionStore implements Serializable{ public void setOldssosessionids(List<OldSSOSessionIDStore> oldssosessionids) { this.oldssosessionids = oldssosessionids; } + + /** + * @return the inderfederation + */ + public List<InterfederationSessionStore> getInderfederation() { + return inderfederation; + } + + /** + * @param inderfederation the inderfederation to set + */ + public void setInderfederation(List<InterfederationSessionStore> inderfederation) { + this.inderfederation = inderfederation; + } /** * @return the pendingRequestID @@ -221,8 +248,21 @@ public class AuthenticatedSessionStore implements Serializable{ public void setIv(byte[] iv) { this.iv = iv; } + + /** + * @return the isInterfederatedSSOSession + */ + public boolean isInterfederatedSSOSession() { + return isInterfederatedSSOSession; + } + + /** + * @param isInterfederatedSSOSession the isInterfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean isInterfederatedSSOSession) { + this.isInterfederatedSSOSession = isInterfederatedSSOSession; + } - } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java new file mode 100644 index 000000000..1fcdd9b9b --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/InterfederationSessionStore.java @@ -0,0 +1,195 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + *******************************************************************************/ +package at.gv.egovernment.moa.id.commons.db.dao.session; + +import java.io.Serializable; +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.FetchType; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.JoinColumn; +import javax.persistence.ManyToOne; +import javax.persistence.Table; + +import org.hibernate.annotations.DynamicUpdate; + +@Entity +@DynamicUpdate(value=true) +@Table(name = "interfederation") + +public class InterfederationSessionStore implements Serializable{ + + private static final long serialVersionUID = 1L; + + @Id + @GeneratedValue(strategy = GenerationType.IDENTITY) + @Column(name = "id", unique=true, nullable=false) + private long id; + + @Column(name = "idpurlprefix", unique=false, nullable=false) + private String idpurlprefix; + + @Column(name = "sessionIndex", unique=false, nullable=false) + private String sessionIndex; + + @Column(name = "nameID", unique=false, nullable=false) + private String userNameID; + + @Column(name = "QAALevel", unique=false, nullable=false) + private String QAALevel; + + @Column(name = "attributesRequested", unique=false, nullable=true) + private boolean attributesRequested; + + @Column(name = "created", updatable=false, nullable=false) +// @Temporal(TemporalType.TIMESTAMP) + private Date created; + +// @PrePersist +// protected void created() { +// this.created = new Date(); +// } + + @ManyToOne(fetch=FetchType.LAZY) + @JoinColumn(name = "moasession") + private AuthenticatedSessionStore moasession; + + /** + * @return the id + */ + public long getId() { + return id; + } + + /** + * @param id the id to set + */ + public void setId(long id) { + this.id = id; + } + + /** + * @return the idpurlprefix + */ + public String getIdpurlprefix() { + return idpurlprefix; + } + + /** + * @param idpurlprefix the idpurlprefix to set + */ + public void setIdpurlprefix(String idpurlprefix) { + this.idpurlprefix = idpurlprefix; + } + + /** + * @return the sessionIndex + */ + public String getSessionIndex() { + return sessionIndex; + } + + /** + * @param sessionIndex the sessionIndex to set + */ + public void setSessionIndex(String sessionIndex) { + this.sessionIndex = sessionIndex; + } + + /** + * @return the userNameID + */ + public String getUserNameID() { + return userNameID; + } + + /** + * @param userNameID the userNameID to set + */ + public void setUserNameID(String userNameID) { + this.userNameID = userNameID; + } + + /** + * @return the attributesRequested + */ + public boolean isAttributesRequested() { + return attributesRequested; + } + + /** + * @param attributesRequested the attributesRequested to set + */ + public void setAttributesRequested(boolean attributesRequested) { + this.attributesRequested = attributesRequested; + } + + /** + * @return the created + */ + public Date getCreated() { + return created; + } + + /** + * @param created the created to set + */ + public void setCreated(Date created) { + this.created = created; + } + + /** + * @return the moasession + */ + public AuthenticatedSessionStore getMoasession() { + return moasession; + } + + /** + * @param moasession the moasession to set + */ + public void setMoasession(AuthenticatedSessionStore moasession) { + this.moasession = moasession; + } + + /** + * @return the qAALevel + */ + public String getQAALevel() { + return QAALevel; + } + + /** + * @param qAALevel the qAALevel to set + */ + public void setQAALevel(String qAALevel) { + QAALevel = qAALevel; + } + + +} + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java index 6d1b64262..539de990f 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/session/OASessionStore.java @@ -56,6 +56,18 @@ public class OASessionStore implements Serializable{ @Column(name = "assertionSessionID", unique=false, nullable=true) private String assertionSessionID; + @Column(name = "userNameID", unique=false, nullable=true) + private String userNameID; + + @Column(name = "userNameIDFormat", unique=false, nullable=true) + private String userNameIDFormat; + + @Column(name = "protocolType", unique=false, nullable=true) + private String protocolType; + + @Column(name = "attributequeryused", unique=false, nullable=false) + private boolean attributeQueryUsed = false; + @Column(name = "created", updatable=false, nullable=false) // @Temporal(TemporalType.TIMESTAMP) private Date created; @@ -115,6 +127,64 @@ public class OASessionStore implements Serializable{ this.assertionSessionID = assertionSessionID; } + /** + * @return the userNameID + */ + public String getUserNameID() { + return userNameID; + } + + /** + * @param userNameID the userNameID to set + */ + public void setUserNameID(String userNameID) { + this.userNameID = userNameID; + } + + /** + * @return the protocolType + */ + public String getProtocolType() { + return protocolType; + } + + /** + * @param protocolType the protocolType to set + */ + public void setProtocolType(String protocolType) { + this.protocolType = protocolType; + } + + /** + * @return the attributeQueryUsed + */ + public boolean isAttributeQueryUsed() { + return attributeQueryUsed; + } + + /** + * @param attributeQueryUsed the attributeQueryUsed to set + */ + public void setAttributeQueryUsed(boolean attributeQueryUsed) { + this.attributeQueryUsed = attributeQueryUsed; + } + + /** + * @return the userNameIDFormat + */ + public String getUserNameIDFormat() { + return userNameIDFormat; + } + + /** + * @param userNameIDFormat the userNameIDFormat to set + */ + public void setUserNameIDFormat(String userNameIDFormat) { + this.userNameIDFormat = userNameIDFormat; + } + + + } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java index 65c9003e3..b557d2dc9 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java @@ -78,6 +78,9 @@ public class StatisticLog implements Serializable{ @Column(name = "isSSOLogin", unique=false) private boolean ssosession; + @Column(name = "isInterfederatedSSOLogin", unique=false) + private boolean interfederatedSSOSession; + @Column(name = "isBusinessService", unique=false) private boolean businessservice; @@ -390,6 +393,21 @@ public class StatisticLog implements Serializable{ public void setErrortype(String errortype) { this.errortype = errortype; } + + /** + * @return the interfederatedSSOSession + */ + public boolean isInterfederatedSSOSession() { + return interfederatedSSOSession; + } + + /** + * @param interfederatedSSOSession the interfederatedSSOSession to set + */ + public void setInterfederatedSSOSession(boolean interfederatedSSOSession) { + this.interfederatedSSOSession = interfederatedSSOSession; + } + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java new file mode 100644 index 000000000..c6d8b1d79 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/ex/MOAHttpProtocolSocketFactoryException.java @@ -0,0 +1,42 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.ex; + +/** + * @author tlenz + * + */ +public class MOAHttpProtocolSocketFactoryException extends Exception { + + private static final long serialVersionUID = 4934502074731319897L; + + + public MOAHttpProtocolSocketFactoryException(String message) { + super(message); + } + + public MOAHttpProtocolSocketFactoryException(String message, Throwable e) { + super(message, e ); + } + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java new file mode 100644 index 000000000..3b6fc34ea --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/MOAHttpProtocolSocketFactory.java @@ -0,0 +1,129 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.utils; + +import iaik.pki.PKIException; + +import java.io.IOException; +import java.net.InetAddress; +import java.net.Socket; +import java.net.UnknownHostException; +import java.security.GeneralSecurityException; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; + +import org.apache.commons.httpclient.ConnectTimeoutException; +import org.apache.commons.httpclient.params.HttpConnectionParams; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + +import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.ssl.SSLConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.ssl.SSLUtils; + +/** + * @author tlenz + * + */ +public class MOAHttpProtocolSocketFactory implements SecureProtocolSocketFactory { + + + + private SSLSocketFactory sslfactory = null; + + public MOAHttpProtocolSocketFactory ( + String url, + String certStoreRootDirParam, + String trustStoreURL, + String acceptedServerCertURL, + ChainingModeType chainingMode, + boolean checkRevocation + ) throws MOAHttpProtocolSocketFactoryException { + super(); + + try { + this.sslfactory = SSLUtils.getSSLSocketFactory( + url, + certStoreRootDirParam, + trustStoreURL, + acceptedServerCertURL, + chainingMode.value(), + checkRevocation, + null, + null, + null); + + } catch (IOException e) { + throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); + + } catch (GeneralSecurityException e) { + throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); + + } catch (SSLConfigurationException e) { + throw new MOAHttpProtocolSocketFactoryException("SSL Configuration loading FAILED.", e); + + } catch (PKIException e) { + throw new MOAHttpProtocolSocketFactoryException("Initialize SSL Context FAILED", e); + + } + + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int) + */ + public Socket createSocket(String host, int port, InetAddress localAddress, + int localPort) throws IOException, UnknownHostException { + return this.sslfactory.createSocket(host, port, + localAddress, localPort); + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int, org.apache.commons.httpclient.params.HttpConnectionParams) + */ + public Socket createSocket(String host, int port, InetAddress localAddress, + int localPort, HttpConnectionParams params) throws IOException, + UnknownHostException, ConnectTimeoutException { + return this.sslfactory.createSocket(host, port, + localAddress, localPort); + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.ProtocolSocketFactory#createSocket(java.lang.String, int) + */ + public Socket createSocket(String host, int port) throws IOException, + UnknownHostException { + return this.sslfactory.createSocket(host, port); + } + + /* (non-Javadoc) + * @see org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean) + */ + public Socket createSocket(Socket socket, String host, int port, + boolean autoClose) throws IOException, UnknownHostException { + return this.sslfactory.createSocket(socket, host, + port, autoClose); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java index b6fe20a61..00e750f58 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/CertStoreConfigurationImpl.java @@ -44,11 +44,8 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; import at.gv.egovernment.moa.logging.Logger; import iaik.pki.store.certstore.CertStoreConfiguration; import iaik.pki.store.certstore.CertStoreParameters; @@ -69,10 +66,7 @@ public class CertStoreConfigurationImpl extends ObservableImpl * identifies the rootDirectory */ private String rootDirectory; - /** - * ConfigurationProvider - */ - private ConfigurationProvider conf; + /** * Array for storing all CertStoreParameters */ @@ -85,13 +79,10 @@ public class CertStoreConfigurationImpl extends ObservableImpl * @throws ConfigurationException an any config-error * being read. */ - public CertStoreConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { - this.conf = conf; - - String certStoreRootDirParam = conf.getCertstoreDirectory(); + public CertStoreConfigurationImpl(String certStoreRootDirParam) throws SSLConfigurationException { if (certStoreRootDirParam == null) - throw new ConfigurationException( + throw new SSLConfigurationException( "config.08", new Object[]{"CertStoreDirectory"}); //rootDirectory = FileUtils.makeAbsoluteURL(certStoreRootDirParam, conf.getRootConfigFileDir()); @@ -105,13 +96,13 @@ public class CertStoreConfigurationImpl extends ObservableImpl if (!f.exists()) { Logger.error("File does not exists: " + f.getAbsolutePath()); - throw new ConfigurationException( + throw new SSLConfigurationException( "config.05", new Object[]{"CertStoreDirectory"}); } if (!f.isDirectory()) { Logger.error("File is not a directory: " + f.getAbsolutePath()); - throw new ConfigurationException( + throw new SSLConfigurationException( "config.05", new Object[]{"CertStoreDirectory"}); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java index 202be882e..eaef3f1d4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/MOAIDTrustManager.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.pki.jsse; +package at.gv.egovernment.moa.id.commons.utils.ssl; import java.io.File; import java.io.FileInputStream; @@ -56,7 +56,6 @@ import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.logging.LoggingContext; import at.gv.egovernment.moa.logging.LoggingContextManager; @@ -150,7 +149,7 @@ public class MOAIDTrustManager extends IAIKX509TrustManager { if (serverCert.equals(acceptedServerCert)) return true; } - Logger.warn(MOAIDMessageProvider.getInstance().getMessage("ssl.01", null)); + Logger.warn("SSL certificate validation FAILED."); return false; } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java index 16184502d..fa9cd879d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ObservableImpl.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.servertools.observer; +package at.gv.egovernment.moa.id.commons.utils.ssl; import iaik.pki.store.observer.NotificationData; import iaik.pki.store.observer.Observable; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java index 064d8a835..5d8c7a54e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIConfigurationImpl.java @@ -44,10 +44,8 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; -import at.gv.egovernment.moa.id.config.ConfigurationException; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; import iaik.pki.PKIConfiguration; import iaik.pki.pathvalidation.ValidationConfiguration; import iaik.pki.revocation.RevocationConfiguration; @@ -74,11 +72,11 @@ public class PKIConfigurationImpl implements PKIConfiguration { * @param conf the Configuration for the PKIConfig * @throws ConfigurationException for any config error */ - public PKIConfigurationImpl(ConfigurationProvider conf) throws ConfigurationException { + public PKIConfigurationImpl(String certStoreRootDirParam, String chainingMode) throws SSLConfigurationException { - certStoreConfiguration = new CertStoreConfigurationImpl(conf); + certStoreConfiguration = new CertStoreConfigurationImpl(certStoreRootDirParam); revocationConfiguration = new RevocationConfigurationImpl(); - validationConfiguration = new ValidationConfigurationImpl(conf); + validationConfiguration = new ValidationConfigurationImpl(chainingMode); } /** diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java index 8afba2a12..59994a257 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/PKIProfileImpl.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.pki; +package at.gv.egovernment.moa.id.commons.utils.ssl; import java.security.cert.X509Certificate; import java.util.Collections; @@ -57,8 +57,6 @@ import iaik.pki.revocation.RevocationSourceTypes; import iaik.pki.store.truststore.TrustStoreProfile; import iaik.pki.store.truststore.TrustStoreTypes; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - /** * Implementation of the <code>PKIProfile</code> interface and subinterfaces * providing information needed for certificate path validation. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java index 2c24161f6..b5e0543db 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/RevocationConfigurationImpl.java @@ -44,7 +44,7 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; import iaik.pki.revocation.RevocationConfiguration; @@ -53,8 +53,6 @@ import java.util.Collections; import java.util.Date; import java.util.Set; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; - /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> * @author Paul Ivancsics diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java new file mode 100644 index 000000000..b1334ad67 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLConfigurationException.java @@ -0,0 +1,71 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.commons.utils.ssl; + +/** + * @author tlenz + * + */ +public class SSLConfigurationException extends Exception { + + private static final long serialVersionUID = -3705679559648920151L; + + private String errorID = null; + private Object[] parameters = null; + private Throwable e = null; + + public SSLConfigurationException(String errorID, Object[] parameters) { + this.errorID = errorID; + this.parameters = parameters; + } + + public SSLConfigurationException(String errorID, Object[] parameters, Throwable e) { + this.errorID = errorID; + this.parameters = parameters; + this.e = e; + } + + /** + * @return the errorID + */ + public String getErrorID() { + return errorID; + } + + /** + * @return the parameters + */ + public Object[] getParameters() { + return parameters; + } + + /** + * @return the e + */ + public Throwable getE() { + return e; + } + + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java new file mode 100644 index 000000000..68437a04d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/SSLUtils.java @@ -0,0 +1,186 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.commons.utils.ssl; + +import iaik.pki.PKIConfiguration; +import iaik.pki.PKIException; +import iaik.pki.PKIFactory; +import iaik.pki.PKIProfile; +import iaik.pki.jsse.IAIKX509TrustManager; +import iaik.security.provider.IAIK; + +import java.io.IOException; +import java.security.GeneralSecurityException; +import java.security.Security; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.KeyManager; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.TrustManager; + +import at.gv.egovernment.moa.logging.Logger; + + +/** + * Utility for a obtaining a secure socket factory using <code>IAIKX509TrustManager</code>. + * This <code>TrustManager</code> implementation features CRL checking.<br/> + * <code>SSLUtils</code> caches secure socket factories for given <code>ConnectionParameter</code>s. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtils { + + /** SSLSocketFactory store, mapping URL->SSLSocketFactory **/ + private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>(); + + /** + * Initializes the SSLSocketFactory store. + */ + public static void initialize() { + sslSocketFactories = new HashMap<String, SSLSocketFactory>(); + // JSSE Abhängigkeit + //Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + Security.addProvider(new IAIK()); + //System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + + + } + + /** + * Creates an <code>SSLSocketFactory</code> which utilizes an + * <code>IAIKX509TrustManager</code> for the given trust store, + * and the given key store. + * + * @param conf configuration provider providing a generic properties pointing + * to trusted CA store and certificate store root + * @param connParam connection parameter containing the client key store settings + * to be used in case of client authentication; + * if <code>connParam.getClientKeyStore() == null</code>, client authentication + * is assumed to be disabled + * @return <code>SSLSocketFactory</code> to be used by an <code>HttpsURLConnection</code> + * @throws IOException thrown while reading key store file + * @throws GeneralSecurityException thrown while creating the socket factory + * @throws ConfigurationException on invalid configuration data + * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> + */ + public static SSLSocketFactory getSSLSocketFactory( + String url, + String certStoreRootDirParam, + String trustStoreURL, + String acceptedServerCertURL, + String chainingMode, + boolean checkRevocation, + String clientKeyStoreURL, + String clientKeyStorePassword, + String clientKeyStoreType + ) + throws IOException, GeneralSecurityException, SSLConfigurationException, PKIException { + + Logger.debug("Get SSLSocketFactory for " + url); + // retrieve SSLSocketFactory if already created + SSLSocketFactory ssf = (SSLSocketFactory)sslSocketFactories.get(url); + if (ssf != null) + return ssf; + + TrustManager[] tms = getTrustManagers( + certStoreRootDirParam, + chainingMode, + trustStoreURL, + acceptedServerCertURL, + checkRevocation); + + KeyManager[] kms = at.gv.egovernment.moa.util.SSLUtils.getKeyManagers( + clientKeyStoreType, clientKeyStoreURL, clientKeyStorePassword); + SSLContext ctx = SSLContext.getInstance("TLS"); + ctx.init(kms, tms, null); + ssf = ctx.getSocketFactory(); + // store SSLSocketFactory + sslSocketFactories.put(url, ssf); + return ssf; + } + + public static void removeSSLSocketFactory(String url) { + Logger.info("Remove SSLSocketFactory for URL " + url); + if (sslSocketFactories.containsKey(url)) + sslSocketFactories.remove(url); + + } + + /** + * Initializes an <code>IAIKX509TrustManager</code> for a given trust store, + * using configuration data. + * + * @param conf MOA-ID configuration provider + * @param trustStoreURL trust store URL + * @param acceptedServerCertURL file URL pointing to directory containing accepted server SSL certificates + * @return <code>TrustManager</code> array containing the <code>IAIKX509TrustManager</code> + * @throws ConfigurationException on invalid configuration data + * @throws IOException on data-reading problems + * @throws PKIException while initializing the <code>IAIKX509TrustManager</code> + */ + private static TrustManager[] getTrustManagers(String certStoreRootDirParam, + String chainingMode, String trustStoreURL, String acceptedServerCertURL, + boolean checkRevocation) + throws SSLConfigurationException, PKIException, IOException, GeneralSecurityException { + + PKIConfiguration cfg = null; + if (! PKIFactory.getInstance().isAlreadyConfigured()) + cfg = new PKIConfigurationImpl(certStoreRootDirParam, chainingMode); + PKIProfile profile = new PKIProfileImpl(trustStoreURL, checkRevocation); + // This call fixes a bug occuring when PKIConfiguration is + // initialized by the MOA-SP initialization code, in case + // MOA-SP is called by API + MOAIDTrustManager.initializeLoggingContext(); + IAIKX509TrustManager tm = new MOAIDTrustManager(acceptedServerCertURL); + tm.init(cfg, profile); + return new TrustManager[] {tm}; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java index d230eef26..275aed4c4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/ssl/ValidationConfigurationImpl.java @@ -44,15 +44,13 @@ */ -package at.gv.egovernment.moa.id.iaik.config; +package at.gv.egovernment.moa.id.commons.utils.ssl; import iaik.pki.pathvalidation.ValidationConfiguration; import java.security.cert.X509Certificate; import java.security.spec.AlgorithmParameterSpec; -import at.gv.egovernment.moa.id.config.ConfigurationProvider; -import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; /** * Implementation of interface needed to initialize an IAIK JSSE <code>TrustManager</code> @@ -62,21 +60,23 @@ import at.gv.egovernment.moa.id.iaik.servertools.observer.ObservableImpl; public class ValidationConfigurationImpl extends ObservableImpl implements ValidationConfiguration { /** The ConfigurationProvider for the validation*/ - private ConfigurationProvider conf; + private String chainingMode; /** * Constructor * @param conf with the configuration */ - public ValidationConfigurationImpl(ConfigurationProvider conf) { - this.conf = conf; + public ValidationConfigurationImpl(String chainingMode) { + this.chainingMode = chainingMode; } /** * @see iaik.pki.pathvalidation.ValidationConfiguration#getChainingMode(java.security.cert.X509Certificate) */ public String getChainingMode(X509Certificate trustAnchor) { - String chainingMode = conf.getChainingMode(trustAnchor); + + //INFO: MOA-ID 2.x always use defaultChainingMode + return chainingMode; } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java index 6d7032f9d..2ad50568a 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/TargetValidator.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/TargetValidator.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.configuration.validation; +package at.gv.egovernment.moa.id.commons.validation; import java.util.ArrayList; import java.util.Collections; diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java index c1feddfb8..be6d7d01e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/ValidationHelper.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/ValidationHelper.java @@ -20,7 +20,7 @@ * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. *******************************************************************************/ -package at.gv.egovernment.moa.id.configuration.validation; +package at.gv.egovernment.moa.id.commons.validation; import iaik.asn1.ObjectID; import iaik.utils.Util; @@ -46,12 +46,15 @@ import javax.net.ssl.SSLSocketFactory; import org.apache.log4j.Logger; + public class ValidationHelper { - private static final Logger log = Logger.getLogger(ValidationHelper.class); + public static final String PUBLICSERVICE_URL_POSTFIX = ".gv.at"; + private static final Logger log = Logger.getLogger(ValidationHelper.class); private static final String TEMPLATE_DATEFORMAT = "dd.MM.yyyy"; + public static boolean isPublicServiceAllowed(String identifier) { @@ -64,7 +67,7 @@ public class ValidationHelper { if (host.endsWith("/")) host = host.substring(0, host.length()-1); - if (url.getHost().endsWith(at.gv.egovernment.moa.id.configuration.Constants.PUBLICSERVICE_URL_POSTFIX)) { + if (url.getHost().endsWith(PUBLICSERVICE_URL_POSTFIX)) { log.debug("PublicURLPrefix with .gv.at Domain found."); return true; @@ -234,11 +237,13 @@ public class ValidationHelper { Matcher matcher = pattern.matcher(target); boolean b = matcher.matches(); if (b) { - log.debug("Parameter Target erfolgreich ueberprueft"); + log.debug("Parameter SSO-Target erfolgreich ueberprueft. SSO Target is PublicService."); return true; } else { - log.error("Fehler Ueberpruefung Parameter Target. Target entspricht nicht den Kriterien (nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang)"); + log.info("Parameter SSO-Target entspricht nicht den Kriterien " + + "(nur Zeichen a-z, A-Z und -, sowie 1-5 Zeichen lang) fuer den oeffentlichen Bereich. " + + "Valiere SSO-Target fuer privatwirtschaftliche Bereiche."); return false; } } diff --git a/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java new file mode 100644 index 000000000..e4aa6a284 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/org/apache/commons/httpclient/MOAHttpClient.java @@ -0,0 +1,100 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package org.apache.commons.httpclient; + +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URL; + +import org.apache.commons.httpclient.HostConfiguration; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.HttpException; +import org.apache.commons.httpclient.HttpMethod; +import org.apache.commons.httpclient.HttpMethodDirector; +import org.apache.commons.httpclient.HttpState; +import org.apache.commons.httpclient.URI; +import org.apache.commons.httpclient.protocol.Protocol; +import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory; + +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; + +/** + * @author tlenz + * + *HTTP client which can be used with MOA SSL TrustStore implementation + * + */ +public class MOAHttpClient extends HttpClient { + + + public void setCustomSSLTrustStore(String metadataURL, SecureProtocolSocketFactory protoSocketFactory) throws MOAHttpProtocolSocketFactoryException, MalformedURLException { + ; + + URL url = new URL(metadataURL); + int port = -1; + if (url.getPort() < 0) + port = url.getDefaultPort(); + else + port = url.getPort(); + + Protocol authhttps = new Protocol("https", protoSocketFactory, port); + getHostConfiguration().setHost(url.getHost(), port, authhttps); + + } + + public int executeMethod(HostConfiguration hostconfig, + final HttpMethod method, final HttpState state) + throws IOException, HttpException { + + if (method == null) { + throw new IllegalArgumentException("HttpMethod parameter may not be null"); + } + HostConfiguration defaulthostconfig = getHostConfiguration(); + if (hostconfig == null) { + hostconfig = defaulthostconfig; + } + URI uri = method.getURI(); + if (hostconfig == defaulthostconfig || uri.isAbsoluteURI()) { + // make a deep copy of the host defaults + hostconfig = (HostConfiguration) hostconfig.clone(); + + /** + * Only build default host with default protocol if protocol is empty + * + * In case of https, the methode setCustomSSLTrustStore can be used to set a + * the MOA TrustStore for SSL connection validation + */ + if (uri.isAbsoluteURI() && hostconfig.getProtocol() == null) { + hostconfig.setHost(uri); + } + } + + HttpMethodDirector methodDirector = new HttpMethodDirector( + getHttpConnectionManager(), + hostconfig, + getParams(), + (state == null ? getState() : state)); + methodDirector.executeMethod(method); + return method.getStatusCode(); + } +} diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb index f2701bec4..cf04319c8 100644 --- a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb +++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb @@ -1,7 +1,8 @@ -<jaxb:bindings version="1.0" +<jaxb:bindings version="2.1" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:xsd="http://www.w3.org/2001/XMLSchema" - xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"> + xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" + jaxb:extensionBindingPrefixes="hj"> <jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema"> <jaxb:globalBindings localScoping="toplevel"> diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd index d7f48e51a..3a2914cb4 100644 --- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd +++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd @@ -1,6 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> <!-- Mit XMLSpy v2013 sp1 (http://www.altova.com) von Thomas Lenz (Graz University of Technology IAIK) bearbeitet --> -<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0"> +<xsd:schema xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:jaxb="http://java.sun.com/xml/ns/jaxb" xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations" xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc" targetNamespace="http://www.buergerkarte.at/namespaces/moaconfig#" elementFormDefault="qualified" attributeFormDefault="unqualified" version="2.0.0" jaxb:extensionBindingPrefixes="xjc hj" jaxb:version="2.0"> <xsd:complexType name="OnlineApplication"> <xsd:complexContent> <xsd:extension base="OnlineApplicationType"> @@ -481,10 +481,27 @@ </xsd:element> </xsd:sequence> </xsd:complexType> + <xsd:complexType name="InterfederationIDPType"> + <xsd:sequence> + <xsd:element name="attributeQueryURL" type="xsd:string" minOccurs="0" maxOccurs="1"/> + <xsd:element name="storeSSOSession" type="xsd:boolean" minOccurs="1" maxOccurs="1" default="true"/> + </xsd:sequence> + <xsd:attribute name="inboundSSO" type="xsd:boolean" default="true"/> + <xsd:attribute name="outboundSSO" type="xsd:boolean" default="true"/> + </xsd:complexType> <xsd:complexType name="OnlineApplicationType"> <xsd:sequence> + <xsd:element name="isNew" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"> + <xsd:annotation> + <xsd:appinfo> + <hj:ignored/> + </xsd:appinfo> + </xsd:annotation> + </xsd:element> <xsd:element name="isActive" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"/> <xsd:element name="isAdminRequired" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> + <xsd:element name="isInterfederationIDP" type="xsd:boolean" default="false" minOccurs="0" maxOccurs="1"/> + <xsd:element name="InterfederationIDP" type="InterfederationIDPType" minOccurs="0" maxOccurs="1"/> <xsd:element name="AuthComponent_OA" minOccurs="0"> <xsd:annotation> <xsd:documentation>enthält Parameter über die OA, die die @@ -842,6 +859,7 @@ <xsd:sequence> <xsd:element name="metadataURL" type="xsd:anyURI" minOccurs="1" maxOccurs="1"/> <xsd:element name="certificate" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/> + <xsd:element name="updateRequired" type="xsd:dateTime" minOccurs="1" maxOccurs="1"/> </xsd:sequence> </xsd:complexType> </xsd:element> @@ -884,17 +902,12 @@ <xsd:element name="OA_STORK"> <xsd:complexType> <xsd:sequence> - <xsd:element name="StorkLogonEnabled" type="xsd:boolean" - default="true" /> - <xsd:element ref="Qaa" minOccurs="0" maxOccurs="1" /> - <xsd:element ref="OAAttributes" minOccurs="0" - maxOccurs="unbounded" /> - <xsd:element name="VidpEnabled" type="xsd:boolean" - default="false" /> - <xsd:element ref="AttributeProviders" minOccurs="0" - maxOccurs="unbounded" /> - <xsd:element name="requireConsent" type="xsd:boolean" - default="true" /> + <xsd:element name="StorkLogonEnabled" type="xsd:boolean" default="true"/> + <xsd:element ref="Qaa" minOccurs="0" maxOccurs="1"/> + <xsd:element ref="OAAttributes" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="VidpEnabled" type="xsd:boolean" default="false"/> + <xsd:element ref="AttributeProviders" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="requireConsent" type="xsd:boolean" default="true"/> <xsd:element ref="C-PEPS" maxOccurs="unbounded"/> </xsd:sequence> </xsd:complexType> @@ -942,6 +955,20 @@ <xsd:element name="isPVP2Generated" type="xsd:boolean" minOccurs="0" maxOccurs="1"/> <xsd:element name="lastLogin" type="xsd:string" minOccurs="1" maxOccurs="1"/> <xsd:element name="OnlineApplication" type="OnlineApplication" minOccurs="0" maxOccurs="unbounded"/> + <xsd:element name="onlyBusinessService" type="xsd:boolean" default="false" minOccurs="1" maxOccurs="1"> + <xsd:annotation> + <xsd:appinfo> + <hj:ignored/> + </xsd:appinfo> + </xsd:annotation> + </xsd:element> + <xsd:element name="businessServiceType" type="xsd:string" minOccurs="0" maxOccurs="1"> + <xsd:annotation> + <xsd:appinfo> + <hj:ignored/> + </xsd:appinfo> + </xsd:annotation> + </xsd:element> </xsd:sequence> </xsd:complexType> <xsd:complexType name="BKUSelectionCustomizationType"> diff --git a/id/server/pom.xml b/id/server/pom.xml index d748c01eb..cd2f82e84 100644 --- a/id/server/pom.xml +++ b/id/server/pom.xml @@ -4,7 +4,7 @@ <parent>
<groupId>MOA</groupId>
<artifactId>id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -26,4 +26,27 @@ <repositoryPath>${basedir}/../../repository</repositoryPath>
</properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
diff --git a/id/server/proxy/pom.xml b/id/server/proxy/pom.xml index e47b31144..dbae5ca30 100644 --- a/id/server/proxy/pom.xml +++ b/id/server/proxy/pom.xml @@ -2,7 +2,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<properties>
@@ -26,6 +26,25 @@ <build>
<plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml index c1dd27924..e74f702a8 100644 --- a/id/server/stork2-commons/pom.xml +++ b/id/server/stork2-commons/pom.xml @@ -3,7 +3,7 @@ <parent> <groupId>MOA.id</groupId> <artifactId>moa-id</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <modelVersion>4.0.0</modelVersion> <groupId>eu.stork</groupId> @@ -145,6 +145,27 @@ </plugins> </pluginManagement> <plugins> + + + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../../../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-javadoc-plugin</artifactId> diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml index 015697c5c..5a6621f12 100644 --- a/id/server/stork2-saml-engine/pom.xml +++ b/id/server/stork2-saml-engine/pom.xml @@ -3,7 +3,7 @@ <parent>
<groupId>MOA.id</groupId>
<artifactId>moa-id</artifactId>
- <version>2.0.1</version>
+ <version>2.x</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -49,6 +49,12 @@ <groupId>eu.stork</groupId>
<artifactId>Commons</artifactId>
<version>${commons.version}</version>
+ <exclusions>
+ <exclusion>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk16</artifactId>
+ </exclusion>
+ </exclusions>
</dependency>
<dependency>
@@ -84,21 +90,21 @@ <artifactId>slf4j-api</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
<version>1.7.6</version>
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>log4j-over-slf4j</artifactId>
<version>1.7.6</version>
- </dependency>
+ </dependency> -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
@@ -145,9 +151,30 @@ <skip>true</skip>
</configuration>
</plugin>
+
</plugins>
</pluginManagement>
<plugins>
+
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java index 6d9ac9ce3..06e80dc14 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignP12.java @@ -41,7 +41,6 @@ import eu.stork.peps.auth.engine.X509PrincipalUtil; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.NotImplementedException; import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.SignableSAMLObject; @@ -518,23 +517,23 @@ public final class SignP12 implements SAMLEngineSignI { FileInputStream fisTrustStore = null; try { - // Dynamically register Bouncy Castle provider. - boolean found = false; - // Check if BouncyCastle is already registered as a provider - final Provider[] providers = Security.getProviders(); - for (int i = 0; i < providers.length; i++) { - if (providers[i].getName().equals( - BouncyCastleProvider.PROVIDER_NAME)) { - found = true; - } - } - - // Register only if the provider has not been previously registered - if (!found) { - LOG.debug("SAMLCore: Register Bouncy Castle provider."); - Security.insertProviderAt(new BouncyCastleProvider(), Security - .getProviders().length); - } +// // Dynamically register Bouncy Castle provider. +// boolean found = false; +// // Check if BouncyCastle is already registered as a provider +// final Provider[] providers = Security.getProviders(); +// for (int i = 0; i < providers.length; i++) { +// if (providers[i].getName().equals( +// BouncyCastleProvider.PROVIDER_NAME)) { +// found = true; +// } +// } +// +// // Register only if the provider has not been previously registered +// if (!found) { +// LOG.debug("SAMLCore: Register Bouncy Castle provider."); +// Security.insertProviderAt(new BouncyCastleProvider(), Security +// .getProviders().length); +// } p12Store = KeyStore.getInstance(properties .getProperty("keystoreType")); diff --git a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java index e31688069..39be750cd 100644 --- a/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java +++ b/id/server/stork2-saml-engine/src/main/java/eu/stork/peps/auth/engine/core/impl/SignSW.java @@ -22,7 +22,7 @@ import eu.stork.peps.exceptions.SAMLEngineException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang.NotImplementedException; import org.bouncycastle.jce.X509Principal; -import org.bouncycastle.jce.provider.BouncyCastleProvider; +//import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.opensaml.Configuration; import org.opensaml.common.SAMLObject; import org.opensaml.common.SignableSAMLObject; @@ -488,23 +488,23 @@ public class SignSW implements SAMLEngineSignI { LOG.info("Load Cryptographic Service Provider"); FileInputStream fis = null; try { - // Dynamically register Bouncy Castle provider. - boolean found = false; - // Check if BouncyCastle is already registered as a provider - final Provider[] providers = Security.getProviders(); - for (int i = 0; i < providers.length; i++) { - if (providers[i].getName().equals( - BouncyCastleProvider.PROVIDER_NAME)) { - found = true; - } - } - - // Register only if the provider has not been previously registered - if (!found) { - LOG.info("SAMLCore: Register Bouncy Castle provider."); - Security.insertProviderAt(new BouncyCastleProvider(), Security - .getProviders().length); - } +// // Dynamically register Bouncy Castle provider. +// boolean found = false; +// // Check if BouncyCastle is already registered as a provider +// final Provider[] providers = Security.getProviders(); +// for (int i = 0; i < providers.length; i++) { +// if (providers[i].getName().equals( +// BouncyCastleProvider.PROVIDER_NAME)) { +// found = true; +// } +// } +// +// // Register only if the provider has not been previously registered +// if (!found) { +// LOG.info("SAMLCore: Register Bouncy Castle provider."); +// Security.insertProviderAt(new BouncyCastleProvider(), Security +// .getProviders().length); +// } storkOwnKeyStore = KeyStore.getInstance(properties .getProperty(KEYSTORE_TYPE)); @@ -4,12 +4,19 @@ <groupId>MOA</groupId>
<artifactId>MOA</artifactId>
<packaging>pom</packaging>
- <version>2.0.1</version>
+ <version>2.x</version>
<name>MOA</name>
<properties>
<repositoryPath>${basedir}/repository</repositoryPath>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+
+ <moa-commons-version>2.0.0</moa-commons-version>
+ <moa-id-version>2.1.0-RC1</moa-id-version>
+ <moa-id-proxy-version>2.0.0</moa-id-proxy-version>
+ <moa-spss-version>2.0.1</moa-spss-version>
+ <configtool-version>1.1.0-RC1</configtool-version>
+ <demo-oa-version>2.0.1</demo-oa-version>
</properties>
<profiles>
@@ -52,14 +59,31 @@ <build>
<plugins>
- <plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<skip>true</skip>
</configuration>
</plugin>
-
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
@@ -100,7 +124,7 @@ </configuration>
</plugin>
</plugins>
-
+
</build>
<reporting>
@@ -216,38 +240,38 @@ <dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
- <version>2.0.1</version>
+ <version>${moa-commons-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-lib</artifactId>
- <version>2.0.1</version>
+ <version>${moa-id-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.id.server</groupId>
<artifactId>moa-id-commons</artifactId>
- <version>2.0.1</version>
+ <version>${moa-id-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
- <version>2.0.1</version>
+ <version>${moa-spss-version}</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>MOA</groupId>
<artifactId>moa-common</artifactId>
- <version>2.0.1</version>
+ <version>${moa-commons-version}</version>
<type>test-jar</type>
<scope>test</scope>
</dependency>
<dependency>
<groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-tools</artifactId>
- <version>2.0.1</version>
+ <version>${moa-spss-version}</version>
<scope>test</scope>
</dependency>
<dependency>
diff --git a/spss/assembly-lib.xml b/spss/assembly-lib.xml index 895cc97c2..d8b78d2e8 100644 --- a/spss/assembly-lib.xml +++ b/spss/assembly-lib.xml @@ -1,5 +1,5 @@ <assembly> - <id>spss-${project.version}-lib</id> + <id>spss-${moa-spss-version}-lib</id> <formats> <format>dir</format> @@ -7,7 +7,7 @@ <!-- <format>tar.gz</format> --> </formats> - <baseDirectory>moa-spss-lib-${project.version}</baseDirectory> + <baseDirectory>moa-spss-lib-${moa-spss-version}</baseDirectory> <moduleSets> <moduleSet> diff --git a/spss/assembly.xml b/spss/assembly.xml index 17133d090..20673b198 100644 --- a/spss/assembly.xml +++ b/spss/assembly.xml @@ -1,5 +1,5 @@ <assembly> - <id>spss-${project.version}</id> + <id>spss-${moa-spss-version}</id> <formats> <format>dir</format> @@ -7,7 +7,7 @@ <!-- <format>tar.gz</format> --> </formats> - <baseDirectory>moa-spss-${project.version}</baseDirectory> + <baseDirectory>moa-spss-${moa-spss-version}</baseDirectory> <moduleSets> <moduleSet> diff --git a/spss/handbook/clients/api/pom.xml b/spss/handbook/clients/api/pom.xml index 442d4fdb7..52a96c56b 100644 --- a/spss/handbook/clients/api/pom.xml +++ b/spss/handbook/clients/api/pom.xml @@ -133,5 +133,26 @@ <artifactId>moa-spss-lib</artifactId>
</dependency>
</dependencies>
-
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/spss/handbook/clients/pom.xml b/spss/handbook/clients/pom.xml index 3b3bfd6b2..70ae70a4b 100644 --- a/spss/handbook/clients/pom.xml +++ b/spss/handbook/clients/pom.xml @@ -22,5 +22,26 @@ <properties>
<repositoryPath>${basedir}/../../../../repository</repositoryPath>
</properties>
-
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/spss/handbook/clients/referencedData/pom.xml b/spss/handbook/clients/referencedData/pom.xml index 8e0378bd6..65f8635de 100644 --- a/spss/handbook/clients/referencedData/pom.xml +++ b/spss/handbook/clients/referencedData/pom.xml @@ -33,7 +33,25 @@ </archive>
</configuration>
</plugin>
- </plugins>
- </build>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/spss/handbook/clients/webservice/pom.xml b/spss/handbook/clients/webservice/pom.xml index bc1859408..95f2c5173 100644 --- a/spss/handbook/clients/webservice/pom.xml +++ b/spss/handbook/clients/webservice/pom.xml @@ -132,5 +132,26 @@ <artifactId>moa-spss-lib</artifactId>
</dependency>
</dependencies>
-
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/spss/handbook/pom.xml b/spss/handbook/pom.xml index 5e476d5c1..e9323a55f 100644 --- a/spss/handbook/pom.xml +++ b/spss/handbook/pom.xml @@ -20,5 +20,26 @@ <properties>
<repositoryPath>${basedir}/../../../repository</repositoryPath>
</properties>
-
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
</project>
diff --git a/spss/pom.xml b/spss/pom.xml index 165a09dba..5954b9b0a 100644 --- a/spss/pom.xml +++ b/spss/pom.xml @@ -3,11 +3,10 @@ <parent> <groupId>MOA</groupId> <artifactId>MOA</artifactId> - <version>2.0.1</version> + <version>2.x</version> </parent> <modelVersion>4.0.0</modelVersion> - <groupId>MOA</groupId> <artifactId>spss</artifactId> <packaging>pom</packaging> <version>2.0.x</version> @@ -22,4 +21,27 @@ <module>handbook</module> </modules> + <build> + <plugins> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> + </project> diff --git a/spss/server/pom.xml b/spss/server/pom.xml index b5e1b32c1..08e740cd3 100644 --- a/spss/server/pom.xml +++ b/spss/server/pom.xml @@ -10,7 +10,6 @@ <groupId>MOA.spss</groupId>
<artifactId>moa-spss</artifactId>
<packaging>pom</packaging>
- <version>2.0.x</version>
<name>MOA SP/SS Server</name>
<modules>
@@ -23,4 +22,27 @@ <repositoryPath>${basedir}/../../repository</repositoryPath>
</properties>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+
</project>
diff --git a/spss/server/serverlib/pom.xml b/spss/server/serverlib/pom.xml index 42cf5bfc9..fb95746da 100644 --- a/spss/server/serverlib/pom.xml +++ b/spss/server/serverlib/pom.xml @@ -9,7 +9,7 @@ <groupId>MOA.spss.server</groupId>
<artifactId>moa-spss-lib</artifactId>
<packaging>jar</packaging>
- <version>2.0.1</version>
+ <version>${moa-spss-version}</version>
<name>MOA SP/SS API</name>
<properties>
@@ -175,9 +175,27 @@ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>properties-maven-plugin</artifactId>
+ <version>1.0-alpha-2</version>
+ <executions>
+ <execution>
+ <phase>initialize</phase>
+ <goals>
+ <goal>read-project-properties</goal>
+ </goals>
+ <configuration>
+ <files>
+ <file>${basedir}/../../../moa-id.properties</file>
+ </files>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
- <build>
- <plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-jar-plugin</artifactId>
diff --git a/spss/server/serverws/pom.xml b/spss/server/serverws/pom.xml index 4f09e940d..ac06946a4 100644 --- a/spss/server/serverws/pom.xml +++ b/spss/server/serverws/pom.xml @@ -66,9 +66,27 @@ </webResources> </configuration> </plugin> - </plugins> - </build> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../../../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> <dependencies> <dependency> <groupId>MOA.spss.server</groupId> diff --git a/spss/server/tools/pom.xml b/spss/server/tools/pom.xml index acc06ff38..880eac2c1 100644 --- a/spss/server/tools/pom.xml +++ b/spss/server/tools/pom.xml @@ -80,7 +80,25 @@ <target>1.5</target> </configuration> </plugin> - </plugins> - </build> + <plugin> + <groupId>org.codehaus.mojo</groupId> + <artifactId>properties-maven-plugin</artifactId> + <version>1.0-alpha-2</version> + <executions> + <execution> + <phase>initialize</phase> + <goals> + <goal>read-project-properties</goal> + </goals> + <configuration> + <files> + <file>${basedir}/../../../moa-id.properties</file> + </files> + </configuration> + </execution> + </executions> + </plugin> + </plugins> + </build> </project> |
