diff options
41 files changed, 421 insertions, 175 deletions
| diff --git a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java index 92e845967..d70073db8 100644 --- a/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java +++ b/common/src/main/java/at/gv/egovernment/moa/util/DateTimeUtils.java @@ -26,6 +26,7 @@ package at.gv.egovernment.moa.util;  import java.io.StringWriter;  import java.text.ParseException; +import java.text.SimpleDateFormat;  import java.util.Calendar;  import java.util.Date;  import java.util.GregorianCalendar; @@ -48,38 +49,56 @@ public class DateTimeUtils {     * @param cal the <code>Calendar</code> value     * @return the <code>dateTime</code> value     */ -  public static String buildDateTime(Calendar cal) { -    StringWriter out = new StringWriter(); -    out.write("" + cal.get(Calendar.YEAR)); -    out.write("-"); -    out.write(to2DigitString(cal.get(Calendar.MONTH) + 1)); -    out.write("-"); -    out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH))); -    out.write("T"); -    out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY))); -    out.write(":"); -    out.write(to2DigitString(cal.get(Calendar.MINUTE))); -    out.write(":"); -    out.write(to2DigitString(cal.get(Calendar.SECOND))); -    int tzOffsetMilliseconds = -      cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET); -    if (tzOffsetMilliseconds != 0) { -      int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60); -      int tzOffsetHours = tzOffsetMinutes / 60; -      tzOffsetMinutes -= tzOffsetHours * 60; -      if (tzOffsetMilliseconds > 0) { -        out.write("+"); -        out.write(to2DigitString(tzOffsetHours)); -        out.write(":"); -        out.write(to2DigitString(tzOffsetMinutes)); -      } else { -        out.write("-"); -        out.write(to2DigitString(-tzOffsetHours)); -        out.write(":"); -        out.write(to2DigitString(-tzOffsetMinutes)); -      } -    } -    return out.toString(); +  public static String buildDateTime(Calendar cal, boolean useUTC) { +	   +	  if (useUTC) +		  return buildDateTimeUTC(cal); +	  else { +	    StringWriter out = new StringWriter(); +	    out.write("" + cal.get(Calendar.YEAR)); +	    out.write("-"); +	    out.write(to2DigitString(cal.get(Calendar.MONTH) + 1)); +	    out.write("-"); +	    out.write(to2DigitString(cal.get(Calendar.DAY_OF_MONTH))); +	    out.write("T"); +	    out.write(to2DigitString(cal.get(Calendar.HOUR_OF_DAY))); +	    out.write(":"); +	    out.write(to2DigitString(cal.get(Calendar.MINUTE))); +	    out.write(":"); +	    out.write(to2DigitString(cal.get(Calendar.SECOND))); +	    int tzOffsetMilliseconds = +	      cal.get(Calendar.ZONE_OFFSET) + cal.get(Calendar.DST_OFFSET); +	    if (tzOffsetMilliseconds != 0) { +	      int tzOffsetMinutes = tzOffsetMilliseconds / (1000 * 60); +	      int tzOffsetHours = tzOffsetMinutes / 60; +	      tzOffsetMinutes -= tzOffsetHours * 60; +	      if (tzOffsetMilliseconds > 0) { +	        out.write("+"); +	        out.write(to2DigitString(tzOffsetHours)); +	        out.write(":"); +	        out.write(to2DigitString(tzOffsetMinutes)); +	      } else { +	        out.write("-"); +	        out.write(to2DigitString(-tzOffsetHours)); +	        out.write(":"); +	        out.write(to2DigitString(-tzOffsetMinutes)); +	      } +	    } +	    return out.toString(); +	  } +  } +   +  /** +   * Builds a <code>dateTime</code> value in UTC from a <code>Calendar</code> value. +   * @param cal the <code>Calendar</code> value +   * @return the <code>dateTime</code> value +   */ +  public static String buildDateTimeUTC(Calendar cal) { +     +	  SimpleDateFormat f = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); +	  f.setTimeZone(TimeZone.getTimeZone("UTC")); +	   +	  return f.format(cal.getTime());		    }    /** diff --git a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd index cc562187a..d16953eab 100644 --- a/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd +++ b/common/src/main/resources/resources/schemas/MOA-ID-Configuration-1.5.1.xsd @@ -89,10 +89,16 @@  	<xsd:element name="MOA-IDConfiguration">
  		<xsd:complexType>
  			<xsd:sequence>
 -				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
 +				<xsd:element name="AuthComponent" minOccurs="0">
  					<xsd:annotation>
  						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
  					</xsd:annotation>
 +					<xsd:complexType>
 +						<xsd:complexContent>
 +							<xsd:extension base="AuthComponentType">								
 +							</xsd:extension>
 +						</xsd:complexContent>
 +					</xsd:complexType>
  				</xsd:element>
  				<xsd:element name="ProxyComponent" minOccurs="0">
  					<xsd:annotation>
 @@ -467,6 +473,7 @@  					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
  					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
  					<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>
 +					<xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>
  					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
  				</xsd:complexType>
  			</xsd:element>
 diff --git a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java index 8fdd389a2..3364e9888 100644 --- a/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java +++ b/common/src/test/java/test/at/gv/egovernment/moa/util/DateTimeUtilsTest.java @@ -121,7 +121,7 @@ public class DateTimeUtilsTest extends TestCase {    	Calendar cal = new GregorianCalendar(TimeZone.getTimeZone(timeZone));    	cal.set(year,month, day, hour, min, sec);    	cal.set(Calendar.MILLISECOND, 0); -  	String dateTimeBuilt = DateTimeUtils.buildDateTime(cal); +  	String dateTimeBuilt = DateTimeUtils.buildDateTime(cal, false);    	assertEquals(dateTimeShould, dateTimeBuilt);    } diff --git a/id/readme_1.5.1.txt b/id/readme_1.5.1.txt index 8cf5e7361..e742212df 100644 --- a/id/readme_1.5.1.txt +++ b/id/readme_1.5.1.txt @@ -17,6 +17,8 @@ gleichen Verzeichnis):  - Änderung der Konfiguration 
  	- für Online-Vollmachten
  	- Fixer Target-Parameter für Online-Applikation konfigurierbar
 +	- Optionaler Parameter zur Angabe der IssueInstant im UTC Format in der SAML-Assertion
 +- Weiterer optionaler Parameter sourceID beim MOA-ID Aufruf
  - IAIK Libraries aktualisiert:
  	iaik-moa:           Version 1.31	
 diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml index 697cadec4..6525642f1 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration.xml @@ -65,7 +65,8 @@  			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->  			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->  			<!--<Mandates>--> -			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> +			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> +			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->  			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->  			<!--			</Mandates>-->  		</AuthComponent> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml index 41103cf3c..27bf6681c 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfigurationProxy.xml @@ -76,7 +76,8 @@  			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->  			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->  			<!--<Mandates>--> -			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> +			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> +			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->  			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->  			<!--			</Mandates>-->  		</AuthComponent> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml index 05c6387e1..eefc7cf6a 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKs.xml @@ -67,7 +67,8 @@  			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->  			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->  			<!-- <Mandates> --> -			<!-- Liste der Vollmachten-Identifikatoren, die festlegt mit welchen Vollmachtstyp man sich bei der Online-Applikation anmelden kann--> +			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> +			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->  			<!--<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->  			<!--</Mandates> -->  		</AuthComponent> diff --git a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml index 1d8b50537..f9e296c62 100644 --- a/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml +++ b/id/server/data/deploy/conf/moa-id/SampleMOAIDConfiguration_withTestBKsProxy.xml @@ -77,7 +77,8 @@  			<!-- Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfigurieren -->  			<!-- (siehe OnlineApplication/AuthComponent/Mandates)-->  			<!--<Mandates>--> -			<!-- Liste der Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> +			<!-- Liste der Vollmachten-Profile, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann--> +			<!-- Unter https://vollmachten.stammzahlenregister.gv.at/mis/ finden Sie eine Liste der unterstützen Vollmachten-Profile.-->  			<!--				<Profiles>Zustellung,Prokura,PostvollmachtAufBasisProkura,WKOVollmachtAufBasisProkura,ZVR,ZVRMitPostvollmacht,ERsB,ErsBMitPostvollmacht,PostvollmachtBilateral,GeneralvollmachtBilateral,WKOVollmachtBilateral</Profiles>-->  			<!--			</Mandates>-->  		</AuthComponent> diff --git a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd index cc562187a..d16953eab 100644 --- a/id/server/doc/MOA-ID-Configuration-1.5.1.xsd +++ b/id/server/doc/MOA-ID-Configuration-1.5.1.xsd @@ -89,10 +89,16 @@  	<xsd:element name="MOA-IDConfiguration">
  		<xsd:complexType>
  			<xsd:sequence>
 -				<xsd:element name="AuthComponent" type="AuthComponentType" minOccurs="0">
 +				<xsd:element name="AuthComponent" minOccurs="0">
  					<xsd:annotation>
  						<xsd:documentation>enthält Parameter der Authentisierungs-Komponente</xsd:documentation>
  					</xsd:annotation>
 +					<xsd:complexType>
 +						<xsd:complexContent>
 +							<xsd:extension base="AuthComponentType">								
 +							</xsd:extension>
 +						</xsd:complexContent>
 +					</xsd:complexType>
  				</xsd:element>
  				<xsd:element name="ProxyComponent" minOccurs="0">
  					<xsd:annotation>
 @@ -467,6 +473,7 @@  					<xsd:attribute name="provideIdentityLink" type="xsd:boolean" use="optional" default="false"/>
  					<xsd:attribute name="provideCertificate" type="xsd:boolean" use="optional" default="false"/>
  					<xsd:attribute name="provideFullMandatorData" type="xsd:boolean" use="optional" default="false"/>
 +					<xsd:attribute name="useUTC" type="xsd:boolean" use="optional" default="false"/>
  					<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0" maxOccurs="1"/-->
  				</xsd:complexType>
  			</xsd:element>
 diff --git a/id/server/doc/MOA_ID_1.5_Anhang.pdf b/id/server/doc/MOA_ID_1.5_Anhang.pdfBinary files differ index 454ff933a..f2e5057c7 100644 --- a/id/server/doc/MOA_ID_1.5_Anhang.pdf +++ b/id/server/doc/MOA_ID_1.5_Anhang.pdf diff --git a/id/server/doc/moa_id/faqs.htm b/id/server/doc/moa_id/faqs.htm index 0b9ef0415..814d0c9f7 100644 --- a/id/server/doc/moa_id/faqs.htm +++ b/id/server/doc/moa_id/faqs.htm @@ -207,8 +207,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr        </td>        <td valign="top" width="460">          <hr /> -<div style="font-size:8pt; color:#909090">© 2003 <!-- Development Center, BRZ GmbH --></div> -</td></tr></table> +<div style="font-size:8pt; color:#909090">© 2012</div></td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/id-admin.htm b/id/server/doc/moa_id/id-admin.htm index 7192f02e2..7d014299e 100644 --- a/id/server/doc/moa_id/id-admin.htm +++ b/id/server/doc/moa_id/id-admin.htm @@ -311,7 +311,7 @@ Die Versionsangaben beziehen sich auf die Versionen, mit denen die MOA ID Webapp  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2004</div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/id-admin_1.htm b/id/server/doc/moa_id/id-admin_1.htm index 9b18fcdbe..08a1acc73 100644 --- a/id/server/doc/moa_id/id-admin_1.htm +++ b/id/server/doc/moa_id/id-admin_1.htm @@ -539,7 +539,7 @@ Wenn nun versucht wird, eine Transaktion mit einer ungültigen SessionID fort  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2010</div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/id-admin_2.htm b/id/server/doc/moa_id/id-admin_2.htm index ea4874edd..8a217bfcc 100644 --- a/id/server/doc/moa_id/id-admin_2.htm +++ b/id/server/doc/moa_id/id-admin_2.htm @@ -613,8 +613,9 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt                                Anmeldedaten aufzunehmen.                                Alle Attribute sind optional und haben den Default-Wert                                <tt>false</tt>.                            <br> -                            Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollständigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des  Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name  und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion  übermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten übermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zusätzlich die gesamte Vollmacht übergeben. </p> -<p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem +                            Das Attribut <tt id="provideStammzahlOA2">provideFullMandatorData</tt> bestimmt ob bei einer Vollmachten-Anmeldung die vollständigen Vollmacht in der SAML Assertion mitgegeben wird oder nur die Basisdaten wie Name, Geburtsdatum und bPK des  Vertreters (bzw. Organwalter/PV) sowie Name, Geburtsdatum und bPK (bzw. Name  und Stammzahl bei juristischen Personen) des Vertretenen in der Assertion  übermittelt. Bei <tt id="provideStammzahlOA3">provideFullMandatorData=false</tt> werden nur die Basisdaten übermittelt (Defaulteinstellung). Bei <tt id="provideStammzahlOA4">provideFullMandatorData=true</tt> wird zusätzlich die gesamte Vollmacht übergeben.<br> +                            Das Attribut <tt id="provideStammzahlOA5">useUTC</tt> bestimmt ob IssueInstant in der SAML Assertion als UTC (2012-01-26T18:38:35Z, <tt id="provideStammzahlOA8">useUTC=true</tt>) oder dem Default-Format (z.B.: 2012-01-26T19:38:35+01:00,  <tt id="provideStammzahlOA9">useUTC=false</tt>) angegeben wird. </p> +      <p><b>Anmerkung</b>: Das Attribut <tt>provideStammzahl</tt> steht in keinem                                Zusammenhang zum gleichnamigen Attribut                                <a href="#provideStammzahlVI">VerifyInfoboxes/@provideStammzahl</a>,                                das angibt ob die Stammzahl an eine <i>Prüfapplikation</i> weitergegeben @@ -921,7 +922,8 @@ Hinweis: Um den Online-Vollmachten Modus für eine Online Applikation zu akt                                <br />                                Mit Hilfe dieses Elements werden die Online-Vollmachten für die Online-Applikation aktiviert.                                 Als Kindelement muss <tt>Profiles</tt> angegeben werden. Dieses Element beinhaltet eine (Komma-separierte) -                              Liste von Vollmachten-Identifikatoren, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann.<br/> +                              Liste von Vollmachten-Profilen, die festlegen mit welchen Vollmachtstypen man sich bei der Online-Applikation anmelden kann. +                              Unter <a href="https://vollmachten.stammzahlenregister.gv.at/mis/" target="_blank">https://vollmachten.stammzahlenregister.gv.at/mis/</a> finden Sie eine Liste der unterstützen Vollmachten-Profile.<br/>                                Hinweis: Hierzu muss auch die Verbindung zum Online-Vollmachten Service konfiguriert werden - siehe <a href="#AuthComponent_OnlineMandates">hier</a>                                </p>                             @@ -1453,7 +1455,7 @@ Im Falle einer fehlerhaften neuen Konfiguration wird die ursprüngliche Konf  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2010</div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/id-admin_3.htm b/id/server/doc/moa_id/id-admin_3.htm index 8b1c74e7c..5b95feca8 100644 --- a/id/server/doc/moa_id/id-admin_3.htm +++ b/id/server/doc/moa_id/id-admin_3.htm @@ -194,7 +194,7 @@ Um das Logging in die Datenbank Log4j bekannt zu machen, muss die Log4j-Konfigur  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2004</div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/id-anwendung.htm b/id/server/doc/moa_id/id-anwendung.htm index d5057f854..c4cab64e1 100644 --- a/id/server/doc/moa_id/id-anwendung.htm +++ b/id/server/doc/moa_id/id-anwendung.htm @@ -94,7 +94,7 @@ Dies kann unter Mithilfe der Webapplikation MOA-ID-PROXY geschehen, die für  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2003 <!-- Development Center, BRZ GmbH --></div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/id-anwendung_1.htm b/id/server/doc/moa_id/id-anwendung_1.htm index 28f7a5979..ad45ff7e1 100644 --- a/id/server/doc/moa_id/id-anwendung_1.htm +++ b/id/server/doc/moa_id/id-anwendung_1.htm @@ -73,7 +73,7 @@ Projekt <span style="font-size:48pt; ">moa</span>   Der Aufruf erfolgt durch einen Verweis der Form: </div>  <pre><a href="https://<moa-id-server-und-pfad>/  StartAuthentication?Target=<geschäftsbereich> -&OA=<oa-url>&Template=<template-url>&useMandate=false"></pre> +&OA=<oa-url>&Template=<template-url>&useMandate=false&sourceID=<sourceID>"></pre>  <table border="1"><tbody valign="baseline">  <tr>  <td id="klein"><moa-id-server-und-pfad></td><td id="klein">Server und Pfad, wo MOA-ID-AUTH installiert ist</td> @@ -92,6 +92,10 @@ StartAuthentication?Target=<geschäftsbereich>    <td id="klein">useMandate=<true/false></td>    <td id="klein">optional; Gibt an ob eine Anmeldung im Online-Vollmachten-Modus durchgeführt werden soll (=true) oder nicht (=false);</td>  </tr> +<tr> +  <td id="klein2">sourceID=<sourceID></td> +  <td id="klein2">optional; Gibt eine sourceID an, die (wenn sie gesetzt ist) in der SAML-Assertion aufscheint</td> +</tr>  </tbody>  </table>  <br/><br/> @@ -204,7 +208,7 @@ Im folgenden Beispiel wird in den Java Truststore "truststore.jks" mit  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2004</div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/id-anwendung_2.htm b/id/server/doc/moa_id/id-anwendung_2.htm index df8b10aad..4e2e89d74 100644 --- a/id/server/doc/moa_id/id-anwendung_2.htm +++ b/id/server/doc/moa_id/id-anwendung_2.htm @@ -237,8 +237,7 @@ Falls nötig, kann eine maßgeschneiderte Implementierung von <tt>ConnectionB  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2003 <!-- Development Center, BRZ GmbH --></div> -</td></tr></table> +<div style="font-size:8pt; color:#909090">© 2012</div></td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/links.htm b/id/server/doc/moa_id/links.htm index ef6c09083..2956c6263 100644 --- a/id/server/doc/moa_id/links.htm +++ b/id/server/doc/moa_id/links.htm @@ -134,8 +134,7 @@ MOA ist eine Entwicklung des Bundesrechenzentrums BRZ in Zusammenarbeit mit A-Tr  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2010 -  <!-- Development Center, BRZ GmbH --></div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/doc/moa_id/moa.htm b/id/server/doc/moa_id/moa.htm index 94f4a35ea..09fb1c5b6 100644 --- a/id/server/doc/moa_id/moa.htm +++ b/id/server/doc/moa_id/moa.htm @@ -247,7 +247,7 @@ an den Benutzer weitergeleitet und die Anfragen des Benutzers an die OA weiterge  <td width="170" valign="top"><br /></td>  <td valign="top">  <hr /> -<div style="font-size:8pt; color:#909090">© 2010</div> +<div style="font-size:8pt; color:#909090">© 2012</div>  </td></tr></table>  <br /> diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 68e6b950a..a68dca65a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -24,11 +24,15 @@  package at.gv.egovernment.moa.id.auth; +import iaik.ixsil.exceptions.UtilsException; +import iaik.ixsil.util.Utils;  import iaik.pki.PKIException;  import iaik.x509.X509Certificate;  import java.io.ByteArrayInputStream;  import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException;  import java.io.IOException;  import java.security.GeneralSecurityException;  import java.security.Principal; @@ -49,7 +53,6 @@ import org.apache.xpath.XPathAPI;  import org.w3c.dom.Document;  import org.w3c.dom.Element;  import org.w3c.dom.Node; -import org.w3c.dom.NodeList;  import org.xml.sax.SAXException;  import at.gv.egovernment.moa.id.AuthenticationException; @@ -114,7 +117,6 @@ import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.DateTimeUtils;  import at.gv.egovernment.moa.util.FileUtils;  import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils;  /** @@ -305,7 +307,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {     * @param useMandate Indicates if mandate is used or not                    * @param templateURL URL providing an HTML template for the HTML form generated     * @param templateMandteURL URL providing an HTML template for the HTML form generated (for signing in mandates mode) -   * @param scheme determines the protocol used  +   * @param scheme determines the protocol used +   * @param sourceID      * @return HTML form     * @throws AuthenticationException     * @see GetIdentityLinkFormBuilder @@ -320,7 +323,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {      String bkuURL,      String useMandate,      String sessionID, -    String scheme) +    String scheme,  +    String sourceID)      throws WrongParametersException, AuthenticationException, ConfigurationException, BuildException {  	  String useMandateString = null; @@ -381,7 +385,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {        session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());        session.setAuthURL(authURL);        session.setTemplateURL(templateURL); -      session.setBusinessService(oaParam.getBusinessService());       +      session.setBusinessService(oaParam.getBusinessService()); +      if (sourceID != null) +    	  session.setSourceID(sourceID);      }      // BKU URL has not been set yet, even if session already exists      if (bkuURL == null) { @@ -510,17 +516,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {      }      // for testing new identity link certificate -    // https://localhost:8443/moa-id-auth/StartAuthentication?Target=AR&OA=https://localhost:8443/TestMOAID_OA/LoginServletExample  //    xmlInfoboxReadResponse = null;  //    try { -//    File file = new File("c:/temp/xxxMuster-new-cert_infobox.xml"); +//    File file = new File("c:/temp/XXXMuster.xml");  //    FileInputStream fis;  //	  //		fis = new FileInputStream(file);  //		byte[] array = Utils.readFromInputStream(fis);  //      //    xmlInfoboxReadResponse = new String(array); -//    //System.out.println(xmlInfoboxReadResponse); +//    System.out.println(xmlInfoboxReadResponse);  //      //    } catch (FileNotFoundException e) {  //		// TODO Auto-generated catch block @@ -529,7 +534,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {  //		// TODO Auto-generated catch block  //		e.printStackTrace();  //	} -//     +       // parses the <InfoboxReadResponse> @@ -687,7 +692,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      // builds the AUTH-block -    String authBlock = buildAuthenticationBlock(session); +    String authBlock = buildAuthenticationBlock(session, oaParam);  //    session.setAuthBlock(authBlock);      // builds the <CreateXMLSignatureRequest> @@ -871,14 +876,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {     * @throws BuildException If an error occurs on serializing an extended SAML attribute      *                        to be appended to the AUTH-Block.     */ -  private String buildAuthenticationBlock(AuthenticationSession session) throws BuildException { +  private String buildAuthenticationBlock(AuthenticationSession session, OAAuthParameter oaParam) throws BuildException {       IdentityLink identityLink = session.getIdentityLink();       String issuer = identityLink.getName();         String gebDat = identityLink.getDateOfBirth();       String identificationValue = identityLink.getIdentificationValue();       String identificationType = identityLink.getIdentificationType(); -     String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); +    String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), oaParam.getUseUTC());      session.setIssueInstant(issueInstant);      String authURL = session.getAuthURL();      String target = session.getTarget(); @@ -1418,6 +1423,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      // parses <CreateXMLSignatureResponse>      CreateXMLSignatureResponse csresp =        new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureReadResponse).parseResponse(); +          try {        String serializedAssertion = DOMUtils.serializeNode(csresp.getSamlAssertion());        session.setAuthBlock(serializedAssertion); @@ -1502,12 +1508,21 @@ public class AuthenticationServer implements MOAIDAuthConstants {        }      } +    OAAuthParameter oaParam = +        AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( +          session.getPublicOAURLPrefix()); +    boolean useUTC = oaParam.getUseUTC();      // builds authentication data and stores it together with a SAML artifact -    AuthenticationData authData = buildAuthenticationData(session, vsresp); +    AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);      if (session.getUseMandate()) {    	      	// mandate mode +    	//session.setAssertionAuthBlock(assertionAuthBlock) +    	 +    	// set signer certificate +    	session.setSignerCertificate(vsresp.getX509certificate()); +    	      	return null;      }      else { @@ -1521,6 +1536,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {                session.getBkuURL(),                session.getAssertionSignerCertificateBase64(),                session.getAssertionBusinessService(), +              session.getSourceID(),                session.getExtendedSAMLAttributesOA());            authData.setSamlAssertion(samlAssertion); @@ -1677,6 +1693,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      			session.getBkuURL(),      			session.getAssertionSignerCertificateBase64(),      			session.getAssertionBusinessService(), +    			session.getSourceID(),      			session.getExtendedSAMLAttributesOA());      authData.setSamlAssertion(samlAssertion); @@ -1772,9 +1789,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {      }      VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse(); -    X509Certificate cert = session.getForeignSignerCertificate(); +    X509Certificate cert = session.getSignerCertificate();      vsresp.setX509certificate(cert); -    AuthenticationData authData = buildAuthenticationData(session, vsresp); +     +    OAAuthParameter oaParam = +        AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( +          session.getPublicOAURLPrefix()); +    boolean useUTC = oaParam.getUseUTC(); +    AuthenticationData authData = buildAuthenticationData(session, vsresp, useUTC);      String samlAssertion = @@ -1786,6 +1808,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {            session.getBkuURL(),            session.getAssertionSignerCertificateBase64(),            session.getAssertionBusinessService(), +          session.getSourceID(),            session.getExtendedSAMLAttributesOA());        authData.setSamlAssertion(samlAssertion); @@ -1823,7 +1846,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {     */    private AuthenticationData buildAuthenticationData(      AuthenticationSession session, -    VerifyXMLSignatureResponse verifyXMLSigResp) +    VerifyXMLSignatureResponse verifyXMLSigResp,  +    boolean useUTC)      throws ConfigurationException, BuildException {      IdentityLink identityLink = session.getIdentityLink(); @@ -1836,7 +1860,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      authData.setMinorVersion(0);      authData.setAssertionID(Random.nextRandom());      authData.setIssuer(session.getAuthURL()); -    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); +    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC));      authData.setIdentificationType(identityLink.getIdentificationType());          authData.setGivenName(identityLink.getGivenName());      authData.setFamilyName(identityLink.getFamilyName()); @@ -1845,6 +1869,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {      authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());      authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());      authData.setBkuURL(session.getBkuURL()); +    authData.setUseUTC(oaParam.getUseUTC());      boolean provideStammzahl = oaParam.getProvideStammzahl();      if (provideStammzahl) {        authData.setIdentificationValue(identityLink.getIdentificationValue()); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java index 260b3fd01..f3be98ef0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java @@ -43,6 +43,8 @@ public interface MOAIDAuthConstants {    public static final String PARAM_OA = "OA";    /** servlet parameter "bkuURI" */    public static final String PARAM_BKU = "bkuURI"; +  /** servlet parameter "sourceID" */ +  public static final String PARAM_SOURCEID = "sourceID";      /** servlet parameter "BKUSelectionTemplate" */    public static final String PARAM_BKUTEMPLATE = "BKUSelectionTemplate";    /** servlet parameter "BKUSelectionTemplate" */ diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 8af4e3af5..410d045f0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -57,6 +57,11 @@ public class AuthenticationAssertionBuilder {    "   <saml:Attribute AttributeName=''{0}'' AttributeNamespace=''{1}''>" + NL +    "     <saml:AttributeValue>{2}</saml:AttributeValue>" + NL +    "   </saml:Attribute>"+ NL; +   +  protected static String SAML_ATTRIBUTE_NO_NAMESPACE = +	  "   <saml:Attribute AttributeName=''{0}''>" + NL + +	  "     <saml:AttributeValue>{1}</saml:AttributeValue>" + NL + +	  "   </saml:Attribute>"+ NL;    /**     * Empty constructor @@ -108,5 +113,26 @@ public class AuthenticationAssertionBuilder {      }     return sb.toString();    } +   +  /** +   * Builds the SAML attributes to be appended to the AUTHBlock or to the SAML assertion  +   * delivered to the online application. +   * The method traverses through the list of given SAML attribute objects and builds an  +   * XML structure (String representation) for each of the attributes.  +   *  +   * @param extendedSAMLAttributes The SAML attributes to be appended to the AUTHBlock or   +   *                               to the SAML assertion delivered to the online application. +   * @return                       A string representation including the XML structures of +   *                               the SAML attributes. +   *                                +   * @throws ParseException        If an error occurs on serializing an SAML attribute. +   */ +  protected String buildSourceIDSAMLAttributes(String sourceID) throws ParseException { +    StringBuffer sb = new StringBuffer(); +    if (sourceID!=null)        +          sb.append(MessageFormat.format( SAML_ATTRIBUTE_NO_NAMESPACE, new Object[] {"SourceID", sourceID})); + +    return sb.toString(); +  }  } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index 367116c73..7032e09eb 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -69,9 +69,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB        "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +        "     <saml:AttributeValue>{9}</saml:AttributeValue>" + NL +        "   </saml:Attribute>" + NL + -	  "{10}" +  -      "{11}" + +      "{10}" +       +	  "{11}" +         "{12}" + +      "{13}" +        	  "	</saml:AttributeStatement>" + NL +  	  "</saml:Assertion>"; @@ -103,9 +104,10 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB        "   <saml:Attribute AttributeName=''bkuURL'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +        "     <saml:AttributeValue>{10}</saml:AttributeValue>" + NL +        "   </saml:Attribute>" + NL + -	  "{11}" +  -      "{12}" + +      "{11}" + +	  "{12}" +         "{13}" + +      "{14}" +  	  "	</saml:AttributeStatement>" + NL +  	  "</saml:Assertion>";  	/** @@ -156,6 +158,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB      String bkuURL,      String signerCertificateBase64,      boolean businessService, +    String sourceID,      List extendedSAMLAttributes)     throws BuildException     { @@ -195,6 +198,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB    	String assertion;      try { +   	        assertion = MessageFormat.format(AUTH_DATA, new Object[] {          authData.getAssertionID(),           authData.getIssuer(),  @@ -206,6 +210,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB          StringUtils.removeXMLDeclaration(xmlPersonData),           isQualifiedCertificate,          bkuURL, +        buildSourceIDSAMLAttributes(sourceID),          publicAuthorityAttribute,          signerCertificateAttribute,          buildExtendedSAMLAttributes(extendedSAMLAttributes)}); @@ -244,6 +249,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB      String bkuURL,      String signerCertificateBase64,      boolean businessService, +    String sourceID,      List extendedSAMLAttributes)     throws BuildException     { @@ -295,6 +301,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB          StringUtils.removeXMLDeclaration(xmlMandateData),          isQualifiedCertificate,          bkuURL, +        buildSourceIDSAMLAttributes(sourceID),          publicAuthorityAttribute,          signerCertificateAttribute,          buildExtendedSAMLAttributes(extendedSAMLAttributes)}); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java index 3ab8ff819..5a18b720b 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java @@ -62,6 +62,11 @@ public class AuthenticationSession {  	 * Friendly name for the target, if target is configured via MOA-ID configuration  	 */  	private String targetFriendlyName; +	 +	/** +	 * SourceID +	 */ +	private String sourceID;  	/**  	 * Indicates if target from configuration is used or not  	 */ @@ -155,7 +160,7 @@ public class AuthenticationSession {      private boolean businessService;      /** -     * Signer certificate of the foreign citizen +     * Signer certificate of the foreign citizen or for mandate mode       */      private X509Certificate signerCertificate;    /** @@ -212,11 +217,11 @@ public class AuthenticationSession {      infoboxValidators = new ArrayList();    } -  public X509Certificate getForeignSignerCertificate() { +  public X509Certificate getSignerCertificate() {  	  return signerCertificate;    } -  public void setForeignSignerCertificate(X509Certificate signerCertificate) { +  public void setSignerCertificate(X509Certificate signerCertificate) {  	  this.signerCertificate = signerCertificate;    } @@ -285,6 +290,14 @@ public class AuthenticationSession {    }    /** +   * Returns the sourceID. +   * @return String +   */ +  public String getSourceID() { +    return sourceID; +  } +   +  /**     * Returns the target friendly name.     * @return String     */ @@ -332,6 +345,15 @@ public class AuthenticationSession {        this.target = target;      }    } +   +  /** +   * Sets the sourceID +   * @param sourceID The sourceID to set +   */ +  public void setSourceID(String sourceID) { +    this.sourceID = sourceID; +  } +      /**     * Sets the target. If the target includes the target prefix, the prefix will be stripped off.     * @param target The target to set diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java index da5ad6ab9..b5c72ef9f 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataService.java @@ -87,6 +87,7 @@ public class GetAuthenticationDataService implements Constants {  		String statusMessageCode = null;      String statusMessage = null;  		String samlAssertion = ""; +		boolean useUTC = false;  		if (requests.length > 1) {  			// more than 1 request given as parameter  			statusCode = "samlp:Requester"; @@ -113,8 +114,11 @@ public class GetAuthenticationDataService implements Constants {                      requestID = request.getAttribute("RequestID");  					String samlArtifact = DOMUtils.getText(samlArtifactElem);  					try { +						              AuthenticationData authData = AuthenticationServer.getInstance().    						getAuthenticationData(samlArtifact); +                         +            useUTC = authData.getUseUTC();              // success              samlAssertion = authData.getSamlAssertion();              statusCode = "samlp:Success"; @@ -135,12 +139,13 @@ public class GetAuthenticationDataService implements Constants {  	    }  		}      try { -			String responseID = Random.nextRandom(); -			String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); +			String responseID = Random.nextRandom();			 +			String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);        if (statusMessage == null)  			  statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);  	    responses[0] = new SAMLResponseBuilder().build(  	    	responseID, requestID, issueInstant, statusCode, subStatusCode, statusMessage, samlAssertion); +        	}      catch (MOAIDException e) {  	    AxisFault fault = AxisFault.makeFault(e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java index ca3883dad..431af3c31 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/StartAuthenticationServlet.java @@ -79,21 +79,22 @@ public class StartAuthenticationServlet extends AuthServlet {      authURL = authURL.concat(req.getContextPath() + "/");      String target = req.getParameter(PARAM_TARGET); +    String sourceID = req.getParameter(PARAM_SOURCEID);      String oaURL = req.getParameter(PARAM_OA);      String bkuURL = req.getParameter(PARAM_BKU);      String templateURL = req.getParameter(PARAM_TEMPLATE);      String sessionID = req.getParameter(PARAM_SESSIONID);      String useMandate = req.getParameter(PARAM_USEMANDATE); -          // escape parameter strings      target = StringEscapeUtils.escapeHtml(target); +    sourceID = StringEscapeUtils.escapeHtml(sourceID);      oaURL = StringEscapeUtils.escapeHtml(oaURL);      bkuURL = StringEscapeUtils.escapeHtml(bkuURL);      templateURL = StringEscapeUtils.escapeHtml(templateURL);      sessionID = StringEscapeUtils.escapeHtml(sessionID);      useMandate = StringEscapeUtils.escapeHtml(useMandate); -        +          resp.setHeader(HEADER_EXPIRES,HEADER_VALUE_EXPIRES);      resp.setHeader(HEADER_PRAGMA,HEADER_VALUE_PRAGMA);      resp.setHeader(HEADER_CACHE_CONTROL,HEADER_VALUE_CACHE_CONTROL); @@ -111,7 +112,9 @@ public class StartAuthenticationServlet extends AuthServlet {  		    if (!ParamValidatorUtils.isValidSessionID(sessionID))               throw new WrongParametersException("StartAuthentication", PARAM_SESSIONID, "auth.12");  		    if (!ParamValidatorUtils.isValidUseMandate(useMandate)) -	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12"); +	             throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");		     +		    if (!ParamValidatorUtils.isValidSourceID(sourceID)) +	             throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12");  		    OAAuthParameter oaParam =  		          AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL); @@ -130,11 +133,11 @@ public class StartAuthenticationServlet extends AuthServlet {  		    	if (!ParamValidatorUtils.isValidTarget(target))  		    		throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12"); -		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); +		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);  		    }  		    else {  		    	// use target from config			    	 -		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme()); +		    	getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(authURL, targetConfig, targetFriendlyNameConfig, oaURL, templateURL, bkuURL, useMandate, sessionID, req.getScheme(), sourceID);  		    }  			resp.setContentType("text/html;charset=UTF-8"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java index f7f9d8fed..17cbe7a3d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java @@ -24,26 +24,40 @@  package at.gv.egovernment.moa.id.auth.servlet; +import iaik.pki.PKIException; +import iaik.x509.X509Certificate; +  import java.io.IOException; +import java.security.GeneralSecurityException;  import java.util.Map; +import javax.net.ssl.SSLSocketFactory;  import javax.servlet.ServletException;  import javax.servlet.http.HttpServletRequest;  import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException;  import org.apache.commons.fileupload.FileUploadException;  import org.apache.commons.lang.StringEscapeUtils; +import org.w3c.dom.Element; +import at.gv.egovernment.moa.id.AuthenticationException;  import at.gv.egovernment.moa.id.MOAIDException;  import at.gv.egovernment.moa.id.auth.AuthenticationServer;  import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;  import at.gv.egovernment.moa.id.auth.WrongParametersException;  import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;  import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;  import at.gv.egovernment.moa.id.util.ParamValidatorUtils; -import at.gv.egovernment.moa.id.util.ServletUtils; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; +import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;  import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils;  import at.gv.egovernment.moa.util.URLEncoder;  /** @@ -143,27 +157,31 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {  			String samlArtifactBase64 =   				AuthenticationServer.getInstance().verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); +			  			if (samlArtifactBase64 == null) {   				//mandate Mode +			 +				callMISService(session, req, resp); -				Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); +				//Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); -     		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); +     		   //String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true);       		   // build dataurl -     		   String dataurl = -                 new DataURLBuilder().buildDataURL( -                   session.getAuthURL(), -                   REQ_VERIFY_CERTIFICATE, -                   session.getSessionID()); +//     		   String dataurl = +//                 new DataURLBuilder().buildDataURL( +//                   session.getAuthURL(), +//                   REQ_VERIFY_CERTIFICATE, +//                   session.getSessionID());       		  //Logger.debug("ContentType set to: application/x-www-form-urlencoded (ServletUtils)");       		  //ServletUtils.writeCreateXMLSignatureRequestURLEncoded(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); -     		  Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); -     		  ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); +     		  //Logger.debug("ContentType set to: text/xml;charset=UTF-8 (ServletUtils)"); +     		  //ServletUtils.writeCreateXMLSignatureRequest(resp, session, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl);  			} +			  			if (!samlArtifactBase64.equals("Redirect to Input Processor")) {  			  redirectURL = session.getOAURLRequested();    			if (!session.getBusinessService()) { @@ -187,6 +205,78 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {  		}    } +   +  /** +   * Calls the MIS Service +   * @param session + * @throws IOException  +   */ +  private void callMISService(AuthenticationSession session, HttpServletRequest req, HttpServletResponse resp) throws IOException { +	   +	  try { +		  AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance(); +		ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	 +		SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters); +		 +		// get identitity link as byte[] +		Element elem = session.getIdentityLink().getSamlAssertion(); +		String s = DOMUtils.serializeNode(elem); +		 +		System.out.println("IDL: " + s); +		 +		byte[] idl = s.getBytes(); +		 +		// redirect url +		// build redirect(to the GetMISSessionIdSerlvet) +        String redirectURL = +              new DataURLBuilder().buildDataURL( +                session.getAuthURL(), +                GET_MIS_SESSIONID, +                session.getSessionID()); +		 +        String oaURL = session.getOAURLRequested(); +        OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL); +        String profiles = oaParam.getMandateProfiles(); + +        if (profiles == null) { +      	  Logger.error("No Mandate/Profile for OA configured."); +      	  throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID}); +        } +         +        String profilesArray[] = profiles.split(",");  	 		  +        for(int i = 0; i < profilesArray.length; i++) { +      	  profilesArray[i] = profilesArray[i].trim(); +        } +         +        String oaFriendlyName = oaParam.getFriendlyName(); +        String mandateReferenceValue = session.getMandateReferenceValue(); +        X509Certificate cert = session.getSignerCertificate(); +        MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory); +        String redirectMISGUI = misSessionID.getRedirectURL(); +         +        if (misSessionID == null) { +      	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); +      	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service."); +        } +         +        session.setMISSessionID(misSessionID.getSessiondId()); +	 +        resp.setStatus(302); +    	  resp.addHeader("Location", redirectMISGUI); +    	  Logger.debug("REDIRECT TO: " + redirectURL); +	  } +	  catch (MOAIDException ex) { +	      handleError(null, ex, req, resp); +	    } catch (GeneralSecurityException ex) { +	    	handleError(null, ex, req, resp); +		} catch (PKIException e) { +			handleError(null, e, req, resp); +		} catch (MISSimpleClientException e) { +			handleError(null, e, req, resp); +		} catch (TransformerException e) { +			handleError(null, e, req, resp); +		}  +  }    /**     * Adds a parameter to a URL.     * @param url the URL diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java index acf8b0b64..27f956c40 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java @@ -146,56 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet {  	    	if (useMandate) {
 -	    		// Mandate Modus	    	
 -	    		// make request to MIS
 -	    		
 -	    		AuthConfigurationProvider authConf= AuthConfigurationProvider.getInstance();
 -    			ConnectionParameter connectionParameters = authConf.getOnlineMandatesConnectionParameter();	
 -    			SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters);
 -    			
 -    			// get identitity link as byte[]
 -    			Element elem = session.getIdentityLink().getSamlAssertion();
 -    			String s = DOMUtils.serializeNode(elem);
 -    			byte[] idl = s.getBytes();
 -    			
 -    			// redirect url
 -    			// build redirect(to the GetMISSessionIdSerlvet)
 -    	          String redirectURL =
 -    	                new DataURLBuilder().buildDataURL(
 -    	                  session.getAuthURL(),
 -    	                  GET_MIS_SESSIONID,
 -    	                  session.getSessionID());
 -    			
 -    	          String oaURL = session.getOAURLRequested();
 -    	          OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
 -    	          String profiles = oaParam.getMandateProfiles();
 -
 -    	          if (profiles == null) {
 -    	        	  Logger.error("No Mandate/Profile for OA configured.");
 -    	        	  throw new AuthenticationException("auth.16", new Object[] { GET_MIS_SESSIONID});
 -    	          }
 -    	          
 -    	          String profilesArray[] = profiles.split(",");  	 		 
 -    	          for(int i = 0; i < profilesArray.length; i++) {
 -    	        	  profilesArray[i] = profilesArray[i].trim();
 -    	          }
 -    	           -    	          String oaFriendlyName = oaParam.getFriendlyName(); -    	          String mandateReferenceValue = session.getMandateReferenceValue();
 -    	          MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert.getEncoded(), oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, sslFactory);
 -    	          String redirectMISGUI = misSessionID.getRedirectURL();
 -    	          
 -    	          if (misSessionID == null) {
 -    	        	  Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
 -    	        	  throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
 -    	          }
 -    	          
 -    	          session.setMISSessionID(misSessionID.getSessiondId());
 -    		
 -    	          resp.setStatus(302);
 -  		    	  resp.addHeader("Location", redirectMISGUI);
 -  		    	  Logger.debug("REDIRECT TO: " + redirectURL);
 -    	          
 +	    		Logger.error("Online-Mandate Mode for foreign citizencs not supported."); +    			throw new AuthenticationException("auth.13", null);    	          
  	    	}
  	    	else {
  	    		// Foreign Identities Modus	
 @@ -218,15 +170,7 @@ public class VerifyCertificateServlet extends AuthServlet {  	    }
  	    catch (MOAIDException ex) {
  	      handleError(null, ex, req, resp);
 -	    } catch (GeneralSecurityException ex) {
 -	    	handleError(null, ex, req, resp);
 -		} catch (PKIException e) {
 -			handleError(null, e, req, resp);
 -		} catch (MISSimpleClientException e) {
 -			handleError(null, e, req, resp);
 -		} catch (TransformerException e) {
 -			handleError(null, e, req, resp);
 -		} 
 +	    } 
    }
    /**
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java index 6d4a21674..fc5d82936 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java @@ -150,7 +150,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {      		   // create the InfoboxReadRequest to get the certificate      		   String infoboxReadRequest = new InfoboxReadRequestBuilderCertificate().build(true); -    		   // build dataurl (to the GetForeignIDSerlvet) +    		   // build dataurl (to the VerifyCertificateSerlvet)            String dataurl =                  new DataURLBuilder().buildDataURL(                    session.getAuthURL(), diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java index 7fe85cfae..8cc51bf93 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationBuilder.java @@ -579,6 +579,7 @@ public class ConfigurationBuilder {          oap.setProvideIdentityLink(BoolUtils.valueOf(authComponent.getAttribute("provideIdentityLink")));          oap.setProvideCertificate(BoolUtils.valueOf(authComponent.getAttribute("provideCertificate")));          oap.setProvideFullMandatorData(BoolUtils.valueOf(authComponent.getAttribute("provideFullMandatorData"))); +        oap.setUseUTC(BoolUtils.valueOf(authComponent.getAttribute("useUTC")));          oap.setBkuSelectionTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_BKUSELECT_TEMPLATE_XPATH, bkuSelectionTemplateURL));          oap.setTemplateURL(buildTemplateURL(authComponent, OA_AUTH_COMPONENT_TEMPLATE_XPATH, templateURL));         diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index f85666acf..65e21cbce 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -84,6 +84,9 @@ public class OAAuthParameter extends OAParameter {     * determines whether the full mandator data (i.e. the mandate) is to be included in the authentication data      */    private boolean provideFullMandatorData; +   +  /** determines wheter the IssueInstant of the SAML assertion is in UTC or not*/ +  private boolean useUTC;    /**     * url to a template for web page "Auswahl der Bürgerkartenumgebung"     */ @@ -191,6 +194,14 @@ public class OAAuthParameter extends OAParameter {      return provideFullMandatorData;    } +  /** +   * Returns <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. +   * @return <code>true</code> if the IssueInstant should be given in UTC, otherwise <code>false</code>. +   */ +  public boolean getUseUTC() { +    return useUTC; +  } +    /**        * Returns the key box identifier. @@ -305,6 +316,16 @@ public class OAAuthParameter extends OAParameter {    public void setProvideFullMandatorData(boolean provideFullMandatorData) {      this.provideFullMandatorData = provideFullMandatorData;    } +   +  /** +   * Sets the useUTC variable. +   * @param useUTC The useUTC value to set +   */ +  public void setUseUTC(boolean useUTC) { +    this.useUTC = useUTC; +  }  +   +       /**      * Sets the key box identifier. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 44eb98dad..79f3b4e30 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -107,6 +107,9 @@ public class AuthenticationData {     * the corresponding <code>lt;saml:Assertion></code>     */    private String samlAssertion; +   +  /** useUTC */ +  private boolean useUTC;    /**     * creation timestamp     */ @@ -166,6 +169,14 @@ public class AuthenticationData {    public String getWBPK() {      return wbPK;    } +   +  /** +   * Returns useUTC +   * @return useUTC +   */ +  public boolean getUseUTC() { +	  return useUTC; +  }    /**     * Sets the minorVersion. @@ -215,6 +226,10 @@ public class AuthenticationData {      this.wbPK = wbPK;    } +  public void setUseUTC(boolean useUTC) { +	  this.useUTC = useUTC; +  } +      /**     * Returns the assertionID.     * @return String diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java index 5ce952662..2493f42b8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java @@ -63,7 +63,7 @@ public class SAMLRequestBuilder implements Constants {     */    public Element build(String requestID, String samlArtifactBase64) throws BuildException {    	try { -  		String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance()); +  		String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true);    		String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});    		Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();  	  	return requestElem; diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java index 8c3bccab3..fa220d13d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java @@ -75,6 +75,36 @@ public class ParamValidatorUtils {      	  return false;  
        }
 +   } +    +   /** +    * Checks if the given target is valid +    * @param sourceID HTTP parameter from request +    * @return  +    */ +   public static boolean isValidSourceID(String sourceID) { +    +	   Logger.debug("Überprüfe Parameter sourceID"); +	    +      // if non parameter is given return true +      if (sourceID == null) { +    	  Logger.debug("Parameter Target ist null"); +    	  return true; +      } +          +       +      Pattern pattern = Pattern.compile("[\\w-_]{1,50}"); +      Matcher matcher = pattern.matcher(sourceID); +      boolean b = matcher.matches(); +      if (b) { +    	Logger.debug("Parameter sourceID erfolgreich überprüft"); +    	return true; +      } +      else { +    	  Logger.error("Fehler Überprüfung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-50 Zeichen lang)"); +    	  return false;   +      } +                 }
     /**
 diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 1181253f1..620919c61 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -149,7 +149,8 @@ public class MISSimpleClient {  			Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
  			Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
  			Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
 -	    
 +	     +			  			idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
  			mirElement.appendChild(idlElement);
 @@ -237,7 +238,18 @@ public class MISSimpleClient {  		}
  	}
 -	private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
 +	private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException { +		 +//		try { +//			System.out.println("REQUEST-MIS: \n"  + DOMUtils.serializeNode(request)); +//		} catch (TransformerException e1) { +//			// TODO Auto-generated catch block +//			e1.printStackTrace(); +//		} catch (IOException e1) { +//			// TODO Auto-generated catch block +//			e1.printStackTrace(); +//		} +		
  		if (webServiceURL == null) {
  			throw new NullPointerException("Argument webServiceURL must not be null.");
  		}
 @@ -249,7 +261,8 @@ public class MISSimpleClient {  			PostMethod post = new PostMethod(webServiceURL);
  			StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
  			post.setRequestEntity(re);
 -			int responseCode = httpclient.executeMethod(post);			
 +			int responseCode = httpclient.executeMethod(post); +			
  			if (responseCode != 200) {
  				throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
  			}
 diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java index fcf7477c5..818773794 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test100StartAuthentication.java @@ -47,7 +47,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          "http://localhost:9080/", //oaURL          "file:" + findXmldata("AuthTemplate.html"),           "http://localhost:3495/http-security-layer-request", -         null, null, null); +         null, null, null, null);        htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");        //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));        assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -66,7 +66,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          null,          "http://localhost:9080/", //oaURL          null,  -        "http://localhost:3495/http-security-layer-request", null, null, null); +        "http://localhost:3495/http-security-layer-request", null, null, null, null);        htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");        //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));        assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -87,7 +87,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          "file:" + findXmldata("AuthTemplate.html"),            null,           null, -         null, null); +         null, null, null);        htmlForm = killExclusive(htmlForm, "MOASessionID=","\"","DELETED");        //writeXmldata("htmlForm_out.html",htmlForm.getBytes("UTF-8"));        assertEquals(readXmldata("htmlForm.html"),htmlForm); @@ -106,7 +106,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {          "gb", //target          null,          "http://localhost:9080/", //oaURL -        null, null, null, null, null); +        null, null, null, null, null, null);          //assertEquals("",htmlForm);            System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen"); @@ -126,7 +126,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("http://localhost:8080/auth", //authURL          "gb", null, "http://localhost:9080/", //oaURL -        null, null, null, null, null); +        null, null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } @@ -144,7 +144,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("https://localhost:8443/auth", //authURL          "gb", null, "http://host_not_in_config/", //oaURL -        null, null, null, null, null); +        null, null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } @@ -163,7 +163,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("https://localhost:8443/auth", //authURL          "gb", null, null, //oaURL -        null, null, null, null, null); +        null, null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } @@ -182,7 +182,7 @@ public class Test100StartAuthentication extends AbnahmeTestCase {        try {          server.startAuthentication("https://localhost:8443/auth", //authURL          null, null, "http://localhost:9080/", //oaURL -        null, null, null, null, null); +        null, null, null, null, null, null);          System.err.println(this.getName() + " hat KEINE FEHLER geworfen");          fail(this.getName() + " hat KEINE FEHLER geworfen");        } diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java index 6ebb3cf3e..d9cd13259 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test300VerifyAuthBlock.java @@ -598,7 +598,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {      authData.setMinorVersion(0);      authData.setAssertionID(Random.nextRandom());      authData.setIssuer(session.getAuthURL()); -    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); +    authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance(), false));      String vpkBase64 = new BPKBuilder().buildBPK(        identityLink.getIdentificationValue(), session.getTarget());      authData.setBPK(vpkBase64); @@ -619,7 +619,7 @@ public class Test300VerifyAuthBlock extends AbnahmeTestCase {          oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";        String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";        String samlAssertion = new AuthenticationDataAssertionBuilder().build( -        authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null); +        authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false, null, null);        authData.setSamlAssertion(samlAssertion);        return authData;      } diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java index a66e6072c..fab258e09 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java @@ -228,7 +228,7 @@ public class Test600GetAuthenticationDataService extends AbnahmeTestCase {        String request =               "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +        moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" + -      DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" + +      DateTimeUtils.buildDateTime(Calendar.getInstance(), false)+"\">" +        "</samlp:Request>";        Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); diff --git a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java index 69f33f82c..8e38c7673 100644 --- a/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java +++ b/id/server/idserverlib/src/test/java/test/abnahme/AbnahmeTestCase.java @@ -142,7 +142,7 @@ public class AbnahmeTestCase extends MOAIDTestCase {        null,        null,        null, -      null); +      null, null);      String sessionID = parseSessionIDFromForm(htmlForm);      return sessionID;    } diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java index 052c1fed4..187f577a3 100644 --- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java +++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java @@ -54,7 +54,7 @@ public class AuthenticationServerTest extends UnitTestCase {    public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception {    	String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/";    	AuthenticationServer server = AuthenticationServer.getInstance(); -  	String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null); +  	String htmlForm = server.startAuthentication(authURL, target, null, oaURL, templateURL, bkuURL, null, null, null, null);    	String sessionID = parseSessionIDFromForm(htmlForm);    	String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml");      HashMap parameters = new HashMap(1); | 
