aboutsummaryrefslogtreecommitdiff
path: root/id/server/data/deploy/conf/moa-id
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/data/deploy/conf/moa-id')
-rw-r--r--id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml24
-rw-r--r--id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml37
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js43
-rw-r--r--id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html1
4 files changed, 96 insertions, 9 deletions
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
index 9fef4fa2e..46052053a 100644
--- a/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/EncryptModule.xml
@@ -3,14 +3,32 @@
<properties>
<comment>SWModule encrypt with JKS.</comment>
- <entry key="keystorePath">keys/eidasKeyStore.jks</entry>
+
+ <entry key="check_certificate_validity_period">false</entry>
+ <entry key="disallow_self_signed_certificate">false</entry>
+ <entry key="response.encryption.mandatory">false</entry>
+
+ <!-- Data Encryption algorithm -->
+ <entry key="data.encryption.algorithm">http://www.w3.org/2009/xmlenc11#aes256-gcm</entry>
+
+ <!-- Decryption algorithm Whitelist-->
+ <entry key="encryption.algorithm.whitelist">
+ http://www.w3.org/2009/xmlenc11#aes128-gcm;
+ http://www.w3.org/2009/xmlenc11#aes256-gcm;
+ http://www.w3.org/2009/xmlenc11#aes192-gcm
+ </entry>
+
+ <!-- Key Encryption algorithm -->
+ <entry key="key.encryption.algorithm">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</entry>
+
+ <entry key="keyStorePath">keys/eidasKeyStore.jks</entry>
+ <entry key="keyStoreType">JKS</entry>
<entry key="keyStorePassword">local-demo</entry>
<entry key="keyPassword">local-demo</entry>
<!-- Management of the encryption activation -->
<entry key="encryptionActivation">eIDAS/encryptionConf.xml</entry>
-
<entry key="responseToPointIssuer.BE">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium,C=BE</entry>
<entry key="responseToPointSerialNumber.BE">54C8F779</entry>
@@ -18,5 +36,5 @@
<entry key="responseDecryptionIssuer">CN=local-demo-cert, OU=DIGIT, O=European Comission, L=Brussels, ST=Belgium, C=BE</entry>
<entry key="serialNumber">54C8F779</entry>
- <entry key="keystoreType">JKS</entry>
+
</properties> \ No newline at end of file
diff --git a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
index 745580428..bf7215cb5 100644
--- a/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
+++ b/id/server/data/deploy/conf/moa-id/eIDAS/SignModule.xml
@@ -3,17 +3,46 @@
<properties>
<comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">keys/eidasKeyStore_Service_CB.jks</entry>
+ <entry key="check_certificate_validity_period">false</entry>
+ <entry key="disallow_self_signed_certificate">false</entry>
+
+ <!-- signing Algorithm SHA_512(default),SHA_384,SHA_256 -->
+ <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 -->
+ <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384 -->
+ <!-- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512 -->
+ <entry key="signature.algorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</entry>
+
+ <!-- List of incoming Signature algorithms white list separated by ; (default all) -->
+ <entry key="signature.algorithm.whitelist">
+ http://www.w3.org/2001/04/xmldsig-more#rsa-sha256;
+ http://www.w3.org/2001/04/xmldsig-more#rsa-sha384;
+ http://www.w3.org/2001/04/xmldsig-more#rsa-sha512;
+ http://www.w3.org/2001/04/xmldsig-more#rsa-ripemd160;
+ http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256;
+ http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384;
+ http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha512;
+ http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1;
+ http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-mgf1
+ </entry>
+
+ <!-- signing response assertion true/false (default false) -->
+ <entry key="response.sign.assertions">true</entry>
+
+ <!--AuthnRequest / Assertion signing keyStore-->
+ <entry key="keyStorePath">keys/eidasKeyStore_Service_CB.jks</entry>
+ <entry key="keyStoreType">JKS</entry>
<entry key="keyStorePassword">local-demo</entry>
<entry key="keyPassword">local-demo</entry>
<entry key="issuer">CN=cpeps-cb-demo-certificate, OU=STORK, O=CPEPS, L=EU, ST=EU, C=CB</entry>
<entry key="serialNumber">54C8F839</entry>
- <entry key="keystoreType">JKS</entry>
- <entry key="metadata.keystorePath">keys/eidasKeyStore_METADATA.jks</entry>
+
+ <!--Metadata signing keystore-->
+ <entry key="metadata.keyStorePath">keys/eidasKeyStore_METADATA.jks</entry>
+ <entry key="metadata.keyStoreType">JKS</entry>
<entry key="metadata.keyStorePassword">local-demo</entry>
<entry key="metadata.keyPassword">local-demo</entry>
<entry key="metadata.issuer">CN=metadata, OU=DIGIT, O=EC, L=Brussels, ST=EU, C=BE</entry>
<entry key="metadata.serialNumber">561BC0C8</entry>
- <entry key="metadata.keystoreType">JKS</entry>
+
</properties>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
index a463bae65..daa60ac11 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/javascript_tempalte.js
@@ -129,12 +129,14 @@ function isIE() {
console.log("Browser is Chrome: "+checkIfBrowserIsChrome());
console.log("Browser is Safari: "+checkIfBrowserIsSafari());
console.log("Browser is Edge: "+checkIfBrowserIsEdge());
+ console.log("Browser is Firefox(>51): " +checkIfBrowserIsFirefox())
var cnt = 0;
if(checkIfBrowserIsChrome())cnt++;
if(checkIfBrowserIsEdge())cnt++;
if(checkIfBrowserIsSafari())cnt++;
+ if(checkIfBrowserIsFirefox())cnt++;
if(cnt==0 || cnt>1)//cnt>1 means perhaps wrong detection
return true;
@@ -149,11 +151,25 @@ function isIE() {
var button = document.getElementsByName("bkuButtonOnline")[0];
button.setAttribute("class","browserInfoButton");
button.setAttribute("title","Java wird nicht unterstützt, klicken für mehr Informationen.");
- button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von Firefox und MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');");
+ button.setAttribute("onClick","alert('Java wird von Ihrem Browser nicht unterstützt, ist jedoch für den Betrieb der Online Bürgerkartenumgebung notwendig.\\nWollen Sie dennoch die Online Bürgerkartenumgebung verwenden, wird zur Zeit Java noch von MS Internet Explorer unterstützt. \\nAlternativ koennen Sie auch eine lokale Bürgerkartenumgebung verwenden, verfügbar unter www.buergerkarte.at.');");
return false;
}
+ function checkIfBrowserIsFirefox() {
+ var firefoxMarkerPos = navigator.userAgent.toLowerCase().indexOf('firefox');
+ if (firefoxMarkerPos > -1) {
+ if (navigator.userAgent.toLowerCase().length >= (firefoxMarkerPos + 'firefox/'.length)) {
+ var ffversion = navigator.userAgent.toLowerCase().substring(firefoxMarkerPos + 8);
+ if (ffversion > 51) {
+ return true;
+ }
+ } else {
+ console.log("Browser looks like Firefox but has suspect userAgent string: " + navigator.userAgent.toLowerCase());
+ }
+ }
+ return false;
+ }
function checkIfBrowserIsChrome(){
var chrome_defined = !!window.chrome;//chrome object defined
var webstore_defined = false;
@@ -173,7 +189,30 @@ function isIE() {
function checkIfBrowserIsSafari(){
var cond1 = Object.prototype.toString.call(window.HTMLElement).indexOf('Constructor') > 0;
return cond1;
- }
+ }
+ function setBKUAvailable(available) {
+ login = document.getElementById("localBKU");
+ //active = (login.className.indexOf("lokalebkuaktiv") != -1);
+ try {
+ if (available) {
+ console.log("Local BKU available")
+ //login.className = login.className.replace("lokalebkuinaktiv", "lokalebkuaktiv");
+ var localBKUForm = document.getElementById("moaidform");
+ var button = localBKUForm.getElementsByTagName("input")[5];
+ button.removeAttribute("class");;
+ button.setAttribute("title","Bürgerkarte mit localer Bürgerkartenumgebung.");
+ } else if (!available) {
+ //login.className = login.className.replace("lokalebkuaktiv", "lokalebkuinaktiv");
+ var localBKUForm = document.getElementById("moaidform");
+ var button = localBKUForm.getElementsByTagName("input")[5];
+ button.setAttribute("class","browserInfoButton");
+ button.setAttribute("title","Es wurde keine Bürgerkartenumgebung gefunden. Sollte es sich hierbei um einen Fehler handeln können Sie den Prozess durch einen Klick auf den Button denoch fortsetzen.");
+ console.log("Local BKU NOT available")
+ }
+ } catch(e) {console.log("Local BKU detection is not possible! Msg: "+e);}
+
+ }
+
/* function setSSOSelection() {
document.getElementById("useSSO").value = "false";
var checkbox = document.getElementById("SSOCheckBox");
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index 32f0a7d4d..794145a2d 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -60,6 +60,7 @@
<input type="submit" value=" Lokale Bürgerkartenumgebung " tabindex="4"
role="button" onclick="setMandateSelection();">
</form>
+ <iframe name="bkudetect" width="0" height="0" scrolling="no" marginheight="0" marginwidth="0" frameborder="0" src="$contextPath/iframeLBKUdetect.html"><\/iframe>
</div>
<!-- Single Sign-On Session transfer functionality -->
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-16 11:45:08 +0000