aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--id/history.txt3
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html2
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java99
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java13
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java4
-rw-r--r--id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java11
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java4
-rw-r--r--id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java16
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html403
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java7
-rw-r--r--pom.xml4
13 files changed, 166 insertions, 413 deletions
diff --git a/id/history.txt b/id/history.txt
index 3c42241e6..cffdd6ae3 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -45,7 +45,8 @@ Version MOA-ID Release 3.2.2: Änderungen seit Version MOA-ID 3.2.1
- Bug-Fix - Problem with SSL certificate path-construction in case of worker threads
- Bug-Fix - Problems with configuration entries in some special cases
- Bug-Fix - Problem with RandomNumberGeneration in combination with IAIK_JCE and JAVA JDK >= 8u111
- - Bug-Fix - Problem with Statistic Logger if persist operation on database failes
+ - Bug-Fix - Problem with Statistic Logger if persist operation on database failes
+ - Bug-Fix - Problem with empty scope parameter in openID Connect request
------------------------------------------------------------------------------
Version MOA-ID Release 3.2.1: Änderungen seit Version MOA-ID 3.2.0
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html
index 4ea9a4873..45c183215 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/pvp_postbinding_template.html
@@ -33,7 +33,7 @@
<div>
#if($RelayState) <input type="hidden" name="RelayState" value="${RelayState}"/> #end
#if($SAMLRequest) <input type="hidden" name="SAMLRequest" value="${SAMLRequest}" /> #end
- #if($SAMLResponse) <inputtype="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end
+ #if($SAMLResponse) <input type="hidden" name="SAMLResponse" value="${SAMLResponse}" /> #end
</div>
<noscript>
<div>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
index b3eb18082..4d9277152 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/slo_template.html
@@ -77,7 +77,7 @@
<!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
- src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+ src="$contextPath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
style="border: 0; width: 88px; height: 31px"
src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
index 353261085..5f74d8fdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AbstractController.java
@@ -29,6 +29,7 @@ import java.io.StringWriter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.ExceptionHandler;
@@ -48,7 +49,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.IRequest;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.data.ExceptionContainer;
import at.gv.egovernment.moa.id.moduls.IRequestStorage;
@@ -166,8 +166,9 @@ public abstract class AbstractController extends MOAIDAuthConstants {
return;
- } catch (MOADatabaseException e) {
- Logger.warn("Exception can not be stored to Database.", e);
+ } catch (Exception e) {
+ Logger.warn("Default error-handling FAILED. Exception can not be stored to Database.", e);
+ Logger.info("Switch to generic generic backup error-handling ... ");
handleErrorNoRedirect(loggedException, req, resp, true);
}
@@ -231,7 +232,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
ErrorResponseUtils utils = ErrorResponseUtils.getInstance();
String code = utils.mapInternalErrorToExternalError(
((InvalidProtocolRequestException)e).getMessageId());
- String descr = e.getMessage();
+ String descr = StringEscapeUtils.escapeHtml(e.getMessage());
resp.setContentType(MediaType.HTML_UTF_8.toString());
resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "Protocol validation FAILED!" +
"(Errorcode=" + code +
@@ -248,7 +249,7 @@ public abstract class AbstractController extends MOAIDAuthConstants {
null);
//add errorcode and errormessage
- config.putCustomParameter("errorMsg", msg);
+ config.putCustomParameter("errorMsg", StringEscapeUtils.escapeHtml(msg));
config.putCustomParameter("errorCode", errorCode);
//add stacktrace if debug is enabled
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index 73d6e978e..95e3c5bc2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -22,13 +22,19 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
import org.opensaml.xml.encryption.EncryptionConstants;
import org.opensaml.xml.signature.SignatureConstants;
+import at.gv.egovernment.moa.id.data.Trible;
+
public interface PVPConstants {
public static final String SSLSOCKETFACTORYNAME = "MOAMetaDataProvider";
-
+
public static final String DEFAULT_SIGNING_METHODE = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256;
public static final String DEFAULT_DIGESTMETHODE = SignatureConstants.ALGO_ID_DIGEST_SHA256;
public static final String DEFAULT_SYM_ENCRYPTION_METHODE = EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES256;
@@ -54,8 +60,12 @@ public interface PVPConstants {
public static final String PVP_VERSION_NAME = URN_OID_PREFIX + PVP_VERSION_OID;
public static final String PVP_VERSION_FRIENDLY_NAME = "PVP-VERSION";
public static final String PVP_VERSION_2_1 = "2.1";
+
+ public static final String SECCLASS_OID = "1.2.40.0.10.2.1.1.261.110";
public static final String SECCLASS_FRIENDLY_NAME = "SECCLASS";
+ public static final String SECCLASS_NAME = URN_OID_PREFIX + SECCLASS_OID;
+ public static final int SECCLASS_MAX_LENGTH = 128;
public static final String PRINCIPAL_NAME_OID = "1.2.40.0.10.2.1.1.261.20";
public static final String PRINCIPAL_NAME_NAME = URN_OID_PREFIX + PRINCIPAL_NAME_OID;
@@ -136,9 +146,13 @@ public interface PVPConstants {
public static final String ROLES_FRIENDLY_NAME = "ROLES";
public static final int ROLES_MAX_LENGTH = 32767;
- public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";
- public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
- public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
+ @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.94";
+ @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_QAA_LEVEL_OID;
+ @Deprecated public static final String EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-LEVEL";
+
+ public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_OID = "1.2.40.0.10.2.1.1.261.108";
+ public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_NAME = URN_OID_PREFIX + EID_CITIZEN_EIDAS_QAA_LEVEL_OID;
+ public static final String EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME = "EID-CITIZEN-QAA-EIDAS-LEVEL";
public static final String EID_ISSUING_NATION_OID = "1.2.40.0.10.2.1.1.261.32";
public static final String EID_ISSUING_NATION_NAME = URN_OID_PREFIX + EID_ISSUING_NATION_OID;
@@ -283,4 +297,81 @@ public interface PVPConstants {
public static final String PVP_HOLDEROFKEY_OID = "1.2.40.0.10.2.1.1.261.xx.xx";
public static final String PVP_HOLDEROFKEY_NAME = URN_OID_PREFIX + PVP_HOLDEROFKEY_OID;
public static final String PVP_HOLDEROFKEY_FRIENDLY_NAME = "HOLDER-OF-KEY-CERTIFICATE";
+
+
+
+ public static final String ENTITY_CATEGORY_ATTRIBITE = "http://macedir.org/entity-category";
+ public static final String EGOVTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/egovtoken";
+ public static final String CITIZENTOKEN = "http://www.ref.gv.at/ns/names/agiz/pvp/citizentoken";
+
+ /**
+ *
+ * Get required PVP attributes for egovtoken
+ * First : PVP attribute name (OID)
+ * Second: FriendlyName
+ * Third: Required
+ *
+ */
+ public static final List<Trible<String, String, Boolean>> EGOVTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+ {
+ //currently supported attributes
+ add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+
+ //currently not supported attributes
+ add(Trible.newInstance(USERID_NAME, USERID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(GID_NAME, GID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(PARTICIPANT_ID_NAME, PARTICIPANT_ID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(OU_GV_OU_ID_NAME, OU_GV_OU_ID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(OU_NAME, OU_FRIENDLY_NAME, false));
+ add(Trible.newInstance(SECCLASS_NAME, SECCLASS_FRIENDLY_NAME, false));
+
+
+ }
+ });
+
+ /**
+ *
+ * Get required PVP attributes for citizenToken
+ * First : PVP attribute name (OID)
+ * Second: FriendlyName
+ * Third: Required
+ *
+ */
+ public static final List<Trible<String, String, Boolean>> CITIZENTOKEN_PVP_ATTRIBUTES =
+ Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() {
+ private static final long serialVersionUID = 1L;
+ {
+ //required attributes - eIDAS minimal-data set
+ add(Trible.newInstance(PVP_VERSION_NAME, PVP_VERSION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PRINCIPAL_NAME_NAME, PRINCIPAL_NAME_FRIENDLY_NAME, true));
+ add(Trible.newInstance(GIVEN_NAME_NAME, GIVEN_NAME_FRIENDLY_NAME, true));
+ add(Trible.newInstance(BIRTHDATE_NAME, BIRTHDATE_FRIENDLY_NAME, true));
+ add(Trible.newInstance(BPK_NAME, BPK_FRIENDLY_NAME, true));
+
+
+ //not required attributes
+ add(Trible.newInstance(EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, false));
+ add(Trible.newInstance(EID_ISSUING_NATION_NAME, EID_ISSUING_NATION_FRIENDLY_NAME, false));
+ add(Trible.newInstance(EID_SECTOR_FOR_IDENTIFIER_NAME, EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_TYPE_NAME, MANDATE_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_TYPE_OID_NAME, MANDATE_TYPE_OID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_NAME, MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, MANDATE_LEG_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_LEG_PER_FULL_NAME_NAME, MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_PROF_REP_DESC_NAME, MANDATE_PROF_REP_DESC_FRIENDLY_NAME, false));
+ add(Trible.newInstance(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
+
+
+
+ }
+ });
+
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
index 1d94e5da0..c94222ea0 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java
@@ -396,10 +396,16 @@ public interface Constants {
/* Prefix and Schema definition for eIDAS specific SAML2 extensions*/
- public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas";
+ public static final String SAML2_eIDAS_EXTENSIONS_PREFIX = "eidas";
public static final String SAML2_eIDAS_EXTENSIONS = "http://eidas.europa.eu/saml-extensions";
public static final String SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "eIDAS_saml_extensions.xsd";
+
+ /* Prefix and Schema for SAML2 Entity Attributes */
+ public static final String SAML2_MDATTR_EXTENSIONS_PREFIX = "mdattr";
+ public static final String SAML2_MDATTR_EXTENSIONS = "urn:oasis:names:tc:SAML:metadata:attribute";
+ public static final String SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION = SCHEMA_ROOT + "sstc-metadata-attr.xsd";
+
/**
* Contains all namespaces and local schema locations for XML schema
* definitions relevant for MOA. For use in validating XML parsers.
@@ -433,8 +439,9 @@ public interface Constants {
+ (STORK_NS_URI + " " + STORK_SCHEMA_LOCATION + " ")
+ (STORKP_NS_URI + " " + STORKP_SCHEMA_LOCATION + " ")
+ (SAML2_METADATA_URI + " " + SAML2_METADATA_SCHEMA_LOCATION + " ")
- + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION)
- + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION);
+ + (XENC_NS_URI + " " + XENC_SCHEMA_LOCATION + " ")
+ + (SAML2_eIDAS_EXTENSIONS + " " + SAML2_eIDAS_EXTENSIONS_SCHEMA_LOCATION + " ")
+ + (SAML2_MDATTR_EXTENSIONS + " " + SAML2_MDATTR_EXTENSIONS_SCHEMA_LOCATION);
/** URN prefix for bPK and wbPK. */
public static final String URN_PREFIX = "urn:publicid:gv.at";
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
index da38e3bef..15bc92a54 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/AbstractServiceProviderSpecificGUIFormBuilderConfiguration.java
@@ -27,6 +27,8 @@ import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
+import org.apache.commons.lang.StringEscapeUtils;
+
import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils;
import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
@@ -100,7 +102,7 @@ public abstract class AbstractServiceProviderSpecificGUIFormBuilderConfiguration
params.put(PARAM_BKU_LOCAL, IOAAuthParameters.LOCALBKU);
if (pendingReq != null) {
- params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID());
+ params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
//add service-provider specific GUI parameters
IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
diff --git a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
index 2c2792b84..0c07ad3fb 100644
--- a/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
+++ b/id/server/moa-id-frontend-resources/src/main/java/at/gv/egovernment/moa/id/auth/frontend/builder/DefaultGUIFormBuilderConfiguration.java
@@ -26,6 +26,8 @@ import java.io.InputStream;
import java.util.HashMap;
import java.util.Map;
+import org.apache.commons.lang.StringEscapeUtils;
+
import at.gv.egovernment.moa.id.commons.api.IRequest;
/**
@@ -68,6 +70,13 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
}
+ /**
+ * Add a key/value pair into Velocity context.<br>
+ * <b>IMPORTANT:</b> external HTML escapetion is required, because it is NOT done internally
+ *
+ * @param key velocity context key
+ * @param value of this key
+ */
public void putCustomParameter(String key, Object value) {
if (customParameters == null)
customParameters = new HashMap<String, Object>();
@@ -82,7 +91,7 @@ public class DefaultGUIFormBuilderConfiguration extends AbstractGUIFormBuilderCo
public Map<String, Object> getSpecificViewParameters() {
Map<String, Object> params = new HashMap<String, Object>();
if (pendingReq != null) {
- params.put(PARAM_PENDINGREQUESTID, pendingReq.getRequestID());
+ params.put(PARAM_PENDINGREQUESTID, StringEscapeUtils.escapeHtml(pendingReq.getRequestID()));
}
if (customParameters != null)
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 0a2371575..c9bc31f6c 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -945,10 +945,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
session.setAuthBlock(serializedAssertion);
} catch (TransformerException e) {
throw new ParseException("parser.04", new Object[]{
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}, e);
} catch (IOException e) {
throw new ParseException("parser.04", new Object[]{
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}, e);
}
// validates <CreateXMLSignatureResponse>
if (pendingReq.needSingleSignOnFunctionality())
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
index 490dc9dcf..a2ec47a45 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java
@@ -189,8 +189,18 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
}
}
for (String el : nonValidMetadataProvider) {
- loadedproviders.remove(el);
- isUpdateRequired = true;
+ HTTPMetadataProvider provider = loadedproviders.get(el);
+
+ //destroy metadata provider
+ if (provider != null) {
+ provider.destroy();
+ loadedproviders.remove(el);
+ isUpdateRequired = true;
+
+ } else {
+ Logger.error("Can not destroy eIDAS metadata for: " + el + " Reason: !!!!!NOT FOUND ANY MORE!!!!!!");
+
+ }
}
@@ -257,6 +267,8 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider
}
+ Logger.debug("Find #" + loadedproviders.size() + " eIDAS metadata provider");
+
return loadedproviders;
}
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html
index 962faa58f..c2195d300 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/resources/sso_transfer_template.html
@@ -3,379 +3,9 @@
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<!-- MOA-ID 2.x BKUSelection Layout CSS -->
- <style type="text/css">
- @media screen and (min-width: 650px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- background-color : #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
-
- #page {
- display: block;
- border: 2px solid rgb(0,0,0);
- width: 650px;
- height: 460px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255,255,255);
- }
-
- #page1 {
- text-align: center;
- }
-
- #main {
- /* clear:both; */
- position:relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
-
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
-
- #leftcontent {
- /*float:left; */
- width:250px;
- margin-bottom: 25px;
- text-align: left;
- /*border: 1px solid rgb(0,0,0);*/
- }
-
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- }
-
- h2#tabheader{
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
-
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 100px;
- height: 30px
- }
-
- #leftbutton {
- width: 30%;
- float:left;
- margin-left: 40px;
- }
-
- #rightbutton {
- width: 30%;
- float:right;
- margin-right: 45px;
- text-align: right;
- }
-
- button {
- height: 25px;
- width: 75px;
- margin-bottom: 10px;
- }
-
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-
- }
-
- @media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
-
- #localBKU input {
- font-size: 0.6em;
- min-width: 60px;
- /* max-width: 65px; */
- min-height: 1.0em;
- /* border-radius: 5px; */
- }
-
- }
-
- @media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- /* max-width: 75px; */
- min-height: 0.95em;
- /* border-radius: 6px; */
- }
-
- }
-
- @media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- }
-
- @media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- }
-
- @media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 80px; */
- /* border-radius: 6px; */
- }
-
- }
-
-
-
- @media screen and (max-width: 649px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
-
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
-
- #page1 {
- visibility: hidden;
- }
-
- #main {
- visibility: hidden;
- }
-
- #validation {
- visibility: hidden;
- display: none;
- }
-
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
-
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border:none;
- vertical-align: middle;
- min-height: 173px;
- min-width: 204px;
-
- }
-
- input[type=button] {
-/* height: 11%; */
- width: 70%;
- }
- }
-
- * {
- margin: 0;
- padding: 0;
- font-family: #FONTTYPE#;
- }
-
- #selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
- }
-
- .setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- #leftbutton {
- width: 35%;
- float:left;
- margin-left: 15px;
- }
-
- #rightbutton {
- width: 35%;
- float:right;
- margin-right: 25px;
- text-align: right;
- }
-
-/* input[type=button], .sendButton {
- background: #BUTTON_BACKGROUNDCOLOR#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: 3px 3px 3px #222222; */
-/* }
-
-/* button:hover, button:focus, button:active,
- .sendButton:hover , .sendButton:focus, .sendButton:active,
- #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
- background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: -1px -1px 3px #222222; */
-/* }
-
-*/
- input {
- /*border:1px solid #000;*/
- cursor: pointer;
- }
-
- #localBKU input {
-/* color: #BUTTON_COLOR#; */
- border: 0px;
- display: inline-block;
-
- }
-
- #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
- text-decoration: underline;
- }
-
- #installJava, #BrowserNOK {
- clear:both;
- font-size:0.8em;
- padding:4px;
- }
-
- .selectText{
-
- }
-
- .selectTextHeader{
-
- }
-
- .sendButton {
- width: 30%;
- margin-bottom: 1%;
- }
-
- #leftcontent a {
- text-decoration:none;
- color: #000;
- /* display:block;*/
- padding:4px;
- }
-
- #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
- text-decoration:underline;
- color: #000;
- }
-
- .infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
- }
-
- .hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
- }
-
- .dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
- }
-
- .main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-
- }
-
- #alert {
- margin: 100px 250px;
- font-family: Verdana, Arial, Helvetica, sans-serif;
- font-size: 14px;
- font-weight: normal;
- color: red;
- }
-
- .reqframe {
- /*display: none;*/
- visibility: hidden;
-
- }
-
- </style>
+ <link rel="stylesheet" href="$contextPath/css/buildCSS" />
- #if($timeoutURL)
+ #if($timeoutURL)
<script type="text/javascript">
function sloTimeOut() {
window.location.href="$timeoutURL";
@@ -385,30 +15,31 @@
</script>
#end
-
<title>Single Sign-On Session Transfer</title>
</head>
+
#if($timeoutURL)
<body onload='setTimeout(sloTimeOut, $timeout);'>
#else
<body>
#end
+
+<!--body-->
<noscript>
<p>
<strong>Note:</strong> Since your browser does not support
- JavaScript, you must press the Continue button to resume
- the authentication process after the SSO session transfer from smartphone to application is complete.
+ JavaScript, you must press the Continue button once to proceed.
</p>
-
- <a href="$timeoutURL">Press this link to resume</a>
+
+ <a href="$timeoutURL">Press this link to resume</a>
</noscript>
<div id="page">
<div id="page1" class="case selected-case" role="main">
<h2 class="OA_header" role="heading">MOA-ID Single Sign-On Session Transfer Service</h2>
<div id="main">
- <div id="leftcontent" class="hell" role="application">
+ <!--div id="leftcontent" class="hell" role="application"-->
#if($errorMsg)
<div class="alert">
@@ -421,26 +52,26 @@
<p>$successMsg</p>
</div>
#end
-
- #if($QRImage)
+
+ #if($QRImage)
<div>
- <img src="data:image/gif;base64,$QRImage">
+ <img id="qrCode" src="data:image/gif;base64,$QRImage">
</div>
#end
-
- </div>
+
+ <!--/div-->
</div>
</div>
- <div id="validation">
+ <!--div id="validation">
<a href="http://validator.w3.org/check?uri="> <img
style="border: 0; width: 88px; height: 31px"
- src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
+ src="$contextPath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
</a> <a href="http://jigsaw.w3.org/css-validator/"> <img
style="border: 0; width: 88px; height: 31px"
src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
alt="CSS ist valide!" />
</a>
- </div>
+ </div-->
</div>
</body>
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java
index b232b9512..fdc1c9cc1 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringController.java
@@ -30,6 +30,7 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringEscapeUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -58,11 +59,9 @@ public class MonitoringController {
throws ServletException, IOException{
if (authConfig.isMonitoringActive()) {
- Logger.debug("Monitoring Servlet received request");
-
-
+ Logger.debug("Monitoring Servlet received request");
+ String modulename = StringEscapeUtils.escapeHtml(req.getParameter(REQUEST_ATTR_MODULE));
- String modulename = req.getParameter(REQUEST_ATTR_MODULE);
if (MiscUtil.isEmpty(modulename)) {
List<String> error = tests.executeTests();
diff --git a/pom.xml b/pom.xml
index 7240a37c3..b19b8cd98 100644
--- a/pom.xml
+++ b/pom.xml
@@ -528,8 +528,8 @@
<artifactId>moa-id-module-elga_mandate_service</artifactId>
<version>${moa-id-module-elga_mandate_client}</version>
</dependency>
-
- <dependency>
+
+ <dependency>
<groupId>MOA.id.server.modules</groupId>
<artifactId>moa-id-module-bkaMobilaAuthSAML2Test</artifactId>
<version>${moa-id-version}</version>