path: root/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id
diff options
Diffstat (limited to 'id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id')
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java)24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java)24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java)24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java)24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java)24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java)24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java)25
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java)40
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java)39
363 files changed, 16112 insertions, 9107 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
new file mode 100644
index 000000000..17a5d2be9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/advancedlogging/StatisticLogger.java
@@ -0,0 +1,377 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.advancedlogging;
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.util.Date;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import org.apache.commons.lang3.StringEscapeUtils;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class StatisticLogger {
+ private static final String GENERIC_LOCALBKU = ":3496/https-security-layer-request";
+ private static final String GENERIC_HANDYBKU = "https://www.handy-signatur.at/";
+ private static final String MANTATORTYPE_JUR = "jur";
+ private static final String MANTATORTYPE_NAT = "nat";
+ private static final int MAXERRORLENGTH = 250;
+ private static final String ERRORTYPE_UNKNOWN = "unkown";
+ private static final String ERRORTYPE_BKU = "bku";
+ private static final String ERRORTYPE_MOASP = "moa-sp";
+ private static final String ERRORTYPE_MANDATE = "mandate";
+ private static final String ERRORTYPE_MOAID = "moa-id";
+ private static StatisticLogger instance;
+ private boolean isAktive = false;
+ public static StatisticLogger getInstance() {
+ if (instance == null)
+ instance = new StatisticLogger();
+ return instance;
+ }
+ private StatisticLogger() {
+ try {
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ if (config != null)
+ isAktive = config.isAdvancedLoggingActive();
+ } catch (ConfigurationException e) {
+ Logger.error("StatisticLogger can not be inizialized", e);
+ }
+ }
+ public void logSuccessOperation(IRequest protocolRequest, AuthenticationSession moasession, boolean isSSOSession) {
+ if ( isAktive && protocolRequest != null && moasession != null) {
+ OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(protocolRequest.getOAURL());
+ if (dbOA == null) {
+ Logger.warn("Advanced logging failed: OA can not be found in database.");
+ return;
+ }
+ StatisticLog dblog = new StatisticLog();
+ //set actual date and time
+ dblog.setTimestamp(new Date());
+ //set OA databaseID
+ dblog.setOaID(dbOA.getHjid());
+ //log basic AuthInformation
+ dblog.setOaurlprefix(protocolRequest.getOAURL());
+ dblog.setOafriendlyName(dbOA.getFriendlyName());
+ boolean isbusinessservice = isBusinessService(dbOA);
+ dblog.setBusinessservice(isbusinessservice);
+ if (isbusinessservice)
+ dblog.setOatarget(dbOA.getAuthComponentOA().getIdentificationNumber().getValue());
+ else
+ dblog.setOatarget(dbOA.getTarget());
+ dblog.setBkuurl(moasession.getBkuURL());
+ dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ dblog.setProtocoltype(protocolRequest.requestedModule());
+ dblog.setProtocolsubtype(protocolRequest.requestedAction());
+ dblog.setSsosession(isSSOSession);
+ //log MandateInforamtion
+ if (moasession.getUseMandate()) {
+ dblog.setMandatelogin(moasession.getUseMandate());
+ MISMandate mandate = moasession.getMISMandate();
+ if (mandate != null) {
+ if (MiscUtil.isNotEmpty(mandate.getProfRep())) {
+ dblog.setMandatetype(mandate.getProfRep());
+ dblog.setPv(true);
+ dblog.setPvOID(mandate.getProfRep());
+ } else {
+ dblog.setPv(false);
+ }
+ try {
+ InputStream is = new ByteArrayInputStream(mandate.getMandate());
+ JAXBContext jc = JAXBContext.newInstance(Mandate.class);
+ Unmarshaller u = jc.createUnmarshaller();
+ Object mismandateobj = u.unmarshal(is);
+ if (mismandateobj != null && mismandateobj instanceof Mandate) {
+ Mandate mismandate = (Mandate) mismandateobj;
+ if (MiscUtil.isEmpty(mandate.getProfRep()))
+ dblog.setMandatetype(mismandate.getAnnotation());
+ Mandator mandator = mismandate.getMandator();
+ CorporateBodyType corp = mandator.getCorporateBody();
+ if (corp != null) {
+ dblog.setMandatortype(MANTATORTYPE_JUR);
+ } else {
+ dblog.setMandatortype(MANTATORTYPE_NAT);
+ }
+ } else {
+ Logger.warn("Advancted logging can not unmarshall MISMandate");
+ }
+ } catch (JAXBException e) {
+ Logger.warn("Advancted logging can not parse mandate.", e);
+ }
+ }
+ }
+ ConfigurationDBUtils.closeSession();
+ try {
+ StatisticLogDBUtils.saveOrUpdate(dblog);
+ } catch (MOADatabaseException e) {
+ Logger.warn("Statistic Log can not be stored into Database", e);
+ }
+ }
+ }
+ public void logErrorOperation(Throwable throwable) {
+ if ( isAktive ) {
+ StatisticLog dblog = new StatisticLog();
+ //set actual date and time
+ dblog.setTimestamp(new Date());
+ if (throwable != null)
+ generateErrorLogFormThrowable(throwable, dblog);
+ else {
+ dblog.setErrormessage("UNKOWN ERROR DETECTED!");
+ dblog.setErrortype(ERRORTYPE_UNKNOWN);
+ }
+ try {
+ StatisticLogDBUtils.saveOrUpdate(dblog);
+ } catch (MOADatabaseException e) {
+ Logger.warn("Statistic Log can not be stored into Database", e);
+ }
+ }
+ }
+ public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
+ if (isAktive && throwable != null && errorRequest != null) {
+ StatisticLog dblog = new StatisticLog();
+ //set actual date and time
+ dblog.setTimestamp(new Date());
+ dblog.setOaurlprefix(errorRequest.getOAURL());
+ dblog.setProtocoltype(errorRequest.requestedModule());
+ dblog.setProtocolsubtype(errorRequest.requestedAction());
+ OnlineApplication dbOA = ConfigurationDBRead.getOnlineApplication(errorRequest.getOAURL());
+ if (dbOA != null) {
+ dblog.setOafriendlyName(dbOA.getFriendlyName());
+ dblog.setOatarget(dbOA.getTarget());
+ dblog.setOaID(dbOA.getHjid());
+ dblog.setBusinessservice(isBusinessService(dbOA));
+ }
+ AuthenticationSession moasession = AuthenticationSessionStoreage.getSessionWithPendingRequestID(errorRequest.getRequestID());
+ if (moasession != null) {
+ dblog.setBkuurl(moasession.getBkuURL());
+ dblog.setBkutype(findBKUType(moasession.getBkuURL(), dbOA));
+ dblog.setMandatelogin(moasession.getUseMandate());
+ }
+ generateErrorLogFormThrowable(throwable, dblog);
+ ConfigurationDBUtils.closeSession();
+ try {
+ StatisticLogDBUtils.saveOrUpdate(dblog);
+ } catch (MOADatabaseException e) {
+ Logger.warn("Statistic Log can not be stored into Database", e);
+ }
+ }
+ }
+ private boolean isBusinessService(OnlineApplication oa) {
+ if (oa.getType().equals("businessService"))
+ return true;
+ else
+ return false;
+ }
+ private String getErrorMessageWithMaxLength(String error, int maxlength) {
+ if (error != null) {
+ if (error.length() > maxlength)
+ return StringEscapeUtils.escapeHtml4(error.substring(0, maxlength));
+ else
+ return StringEscapeUtils.escapeHtml4(error);
+ } else
+ return new String();
+ }
+ private void generateErrorLogFormThrowable(Throwable throwable, StatisticLog dblog) {
+ if (throwable instanceof BKUException) {
+ BKUException error = (BKUException) throwable;
+ dblog.setErrortype(ERRORTYPE_BKU);
+ dblog.setErrorcode(error.getBkuErrorCode());
+ dblog.setErrormessage(getErrorMessageWithMaxLength(error.getBkuErrorMessage(), MAXERRORLENGTH));
+ }else if (throwable instanceof MISSimpleClientException) {
+ MISSimpleClientException error = (MISSimpleClientException) throwable;
+ dblog.setErrortype(ERRORTYPE_MANDATE);
+ dblog.setErrorcode(error.getMISErrorCode());
+ if (MiscUtil.isEmpty(error.getMISErrorMessage()))
+ dblog.setErrormessage(getErrorMessageWithMaxLength(error.getMessage(), MAXERRORLENGTH));
+ else
+ dblog.setErrormessage(getErrorMessageWithMaxLength(error.getMISErrorMessage(), MAXERRORLENGTH));
+ } else if (throwable instanceof ServiceException) {
+ ServiceException error = (ServiceException) throwable;
+ dblog.setErrortype(ERRORTYPE_MOASP);
+ dblog.setErrorcode(error.getMessageId());
+ dblog.setErrormessage(getErrorMessageWithMaxLength(error.getMessage(), MAXERRORLENGTH));
+ } else if (throwable instanceof MOAIDException) {
+ MOAIDException error = (MOAIDException) throwable;
+ dblog.setErrortype(ERRORTYPE_MOAID);
+ dblog.setErrorcode(error.getMessageId());
+ dblog.setErrormessage(getErrorMessageWithMaxLength(error.getMessage(), MAXERRORLENGTH));
+ } else {
+ dblog.setErrortype(ERRORTYPE_UNKNOWN);
+ dblog.setErrormessage(getErrorMessageWithMaxLength(throwable.getMessage(), MAXERRORLENGTH));
+ }
+ }
+ private String findBKUType(String bkuURL, OnlineApplication dbOA) {
+ if (dbOA != null) {
+ AuthComponentOA oaAuth = dbOA.getAuthComponentOA();
+ if (oaAuth != null) {
+ BKUURLS bkuurls = oaAuth.getBKUURLS();
+ if (bkuurls != null) {
+ if (bkuURL.equals(bkuurls.getHandyBKU()))
+ return OAAuthParameter.HANDYBKU;
+ if (bkuURL.equals(bkuurls.getLocalBKU()))
+ return OAAuthParameter.LOCALBKU;
+ if (bkuURL.equals(bkuurls.getOnlineBKU()))
+ return OAAuthParameter.ONLINEBKU;
+ }
+ }
+ }
+ Logger.trace("Staticic Log search BKUType from DefaultBKUs");
+ try {
+ AuthConfigurationProvider authconfig = AuthConfigurationProvider.getInstance();
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.ONLINEBKU)))
+ return OAAuthParameter.ONLINEBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.LOCALBKU)))
+ return OAAuthParameter.LOCALBKU;
+ if (bkuURL.equals(authconfig.getDefaultBKUURL(OAAuthParameter.HANDYBKU)))
+ return OAAuthParameter.HANDYBKU;
+ } catch (ConfigurationException e) {
+ Logger.info("Advanced Logging: Default BKUs read failed");
+ }
+ Logger.debug("Staticic Log search BKUType from generneric Parameters");
+ if (bkuURL.endsWith(GENERIC_LOCALBKU)) {
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.LOCALBKU);
+ return OAAuthParameter.LOCALBKU;
+ }
+ if (bkuURL.startsWith(GENERIC_HANDYBKU)) {
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.HANDYBKU);
+ return OAAuthParameter.HANDYBKU;
+ }
+ Logger.debug("BKUURL " + bkuURL + " is mapped to " + OAAuthParameter.ONLINEBKU);
+ return OAAuthParameter.ONLINEBKU;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index ff2cee559..1348d2a56 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -1,31 +1,8 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
import iaik.pki.PKIException;
-import iaik.x509.CertificateFactory;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -39,12 +16,9 @@ import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
-import java.util.Set;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
@@ -53,21 +27,18 @@ import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
+import org.apache.commons.lang.StringEscapeUtils;
import org.apache.xpath.XPathAPI;
import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.XMLHelper;
+import org.springframework.util.xml.DomUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
@@ -75,9 +46,6 @@ import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.InfoboxValidatorParamsBuilder;
-import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
-import at.gv.egovernment.moa.id.auth.builder.SelectBKUFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
@@ -85,44 +53,45 @@ import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.ExtendedInfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
+//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.client.SZRGWClient;
+import at.gv.egovernment.moa.id.client.SZRGWClientException;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameters;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -130,8 +99,6 @@ import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.LogMsg;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -139,6 +106,8 @@ import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.egovernment.moa.util.XPathUtils;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
@@ -161,8 +130,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
/** single instance */
private static AuthenticationServer instance;
- /** session data store (session ID -> AuthenticationSession) */
- //private static Map sessionStore = new HashMap();
* time out in milliseconds used by {@link cleanup} for session store
@@ -193,171 +160,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
-// /**
-// * Processes request to select a BKU. <br/>
-// * Processing depends on value of
-// * {@link AuthConfigurationProvider#getBKUSelectionType}. <br/>
-// * For <code>bkuSelectionType==HTMLComplete</code>, a <code>returnURI</code>
-// * for the "BKU Auswahl" service is returned. <br/>
-// * For <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
-// * selection is returned.
-// *
-// * @param authURL
-// * base URL of MOA-ID Auth component
-// * @param target
-// * "Gesch&auml;ftsbereich"
-// * @param oaURL
-// * online application URL requested
-// * @param bkuSelectionTemplateURL
-// * template for BKU selection form to be used in case of
-// * <code>HTMLSelect</code>; may be null
-// * @param templateURL
-// * URL providing an HTML template for the HTML form to be used
-// * for call <code>startAuthentication</code>
-// * @return for <code>bkuSelectionType==HTMLComplete</code>, the
-// * <code>returnURI</code> for the "BKU Auswahl" service; for
-// * <code>bkuSelectionType==HTMLSelect</code>, an HTML form for BKU
-// * selection
-// * @throws WrongParametersException
-// * upon missing parameters
-// * @throws AuthenticationException
-// * when the configured BKU selection service cannot be reached,
-// * and when the given bkuSelectionTemplateURL cannot be reached
-// * @throws ConfigurationException
-// * on missing configuration data
-// * @throws BuildException
-// * while building the HTML form
-// */
-// public String selectBKU(String authURL, String target, String oaURL,
-// String bkuSelectionTemplateURL, String templateURL)
-// throws WrongParametersException, AuthenticationException,
-// ConfigurationException, BuildException {
-// // check if HTTP Connection may be allowed (through
-// String boolStr = AuthConfigurationProvider
-// .getInstance()
-// .getGenericConfigurationParameter(
-// if ((!authURL.startsWith("https:"))
-// && (false == BoolUtils.valueOf(boolStr)))
-// throw new AuthenticationException("auth.07", new Object[] { authURL
-// + "*" });
-// if (isEmpty(authURL))
-// throw new WrongParametersException("StartAuthentication",
-// "AuthURL", "auth.05");
-// if (isEmpty(oaURL))
-// throw new WrongParametersException("StartAuthentication", PARAM_OA,
-// "auth.05");
-// ConnectionParameter bkuConnParam = AuthConfigurationProvider
-// .getInstance().getBKUConnectionParameter();
-// if (bkuConnParam == null)
-// throw new ConfigurationException("config.08",
-// new Object[] { "BKUSelection/ConnectionParameter" });
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(oaURL);
-// if (oaParam == null)
-// throw new AuthenticationException("auth.00", new Object[] { oaURL });
-// if (!oaParam.getBusinessService()) {
-// if (isEmpty(target))
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_TARGET, "auth.05");
-// } else {
-// if (!isEmpty(target)) {
-// Logger
-// .info("Ignoring target parameter thus application type is \"businessService\"");
-// }
-// target = null;
-// }
-// AuthenticationSession session = newSession();
-// Logger.info("MOASession " + session.getSessionID() + " angelegt");
-// session.setTarget(target);
-// session.setOAURLRequested(oaURL);
-// session.setPublicOAURLPrefix(oaParam.getPublicURLPrefix());
-// session.setAuthURL(authURL);
-// session.setTemplateURL(templateURL);
-// session.setBusinessService(oaParam.getBusinessService());
-// try {
-// AuthenticationSessionStoreage.storeSession(session);
-// } catch (MOADatabaseException e) {
-// throw new AuthenticationException("", null);
-// }
-// String returnURL = new DataURLBuilder().buildDataURL(authURL,
-// REQ_START_AUTHENTICATION, session.getSessionID());
-// String bkuSelectionType = AuthConfigurationProvider.getInstance()
-// .getBKUSelectionType();
-// if (bkuSelectionType
-// .equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
-// // bkuSelectionType==HTMLComplete
-// String redirectURL = bkuConnParam.getUrl() + "?"
-// + AuthServlet.PARAM_RETURN + "=" + returnURL;
-// return redirectURL;
-// } else {
-// // bkuSelectionType==HTMLSelect
-// String bkuSelectTag;
-// try {
-// bkuSelectTag = readBKUSelectTag(AuthConfigurationProvider
-// .getInstance(), bkuConnParam);
-// } catch (Throwable ex) {
-// throw new AuthenticationException("auth.11", new Object[] {
-// bkuConnParam.getUrl(), ex.toString() }, ex);
-// }
-// String bkuSelectionTemplate = null;
-// //removed in MOAID 2.0
-// // override template url by url from configuration file
-//// if (oaParam.getBkuSelectionTemplateURL() != null) {
-//// bkuSelectionTemplateURL = oaParam.getBkuSelectionTemplateURL();
-//// }
-//// if (bkuSelectionTemplateURL != null) {
-//// try {
-//// bkuSelectionTemplate = new String(FileUtils
-//// .readURL(bkuSelectionTemplateURL));
-//// } catch (IOException ex) {
-//// throw new AuthenticationException("auth.03", new Object[] {
-//// bkuSelectionTemplateURL, ex.toString() }, ex);
-//// }
-//// }
-// String htmlForm = new SelectBKUFormBuilder().build(
-// bkuSelectionTemplate, returnURL, bkuSelectTag);
-// return htmlForm;
-// }
-// }
- /**
- * Method readBKUSelectTag.
- *
- * @param conf
- * the ConfigurationProvider
- * @param connParam
- * the ConnectionParameter for that connection
- * @return String
- * @throws ConfigurationException
- * on config-errors
- * @throws PKIException
- * on PKI errors
- * @throws IOException
- * on any data error
- * @throws GeneralSecurityException
- * on security errors
- */
- private String readBKUSelectTag(ConfigurationProvider conf,
- ConnectionParameter connParam) throws ConfigurationException,
- PKIException, IOException, GeneralSecurityException {
- if (connParam.isHTTPSURL())
- return SSLUtils.readHttpsURL(conf, connParam);
- else
- return HTTPUtils.readHttpURL(connParam.getUrl());
- }
* Processes the beginning of an authentication session.
@@ -394,7 +196,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param templateMandteURL
* URL providing an HTML template for the HTML form generated
* (for signing in mandates mode)
- * @param scheme
+ * @param req
* determines the protocol used
* @param sourceID
* @return HTML form
@@ -402,7 +204,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @see GetIdentityLinkFormBuilder
* @see InfoboxReadRequestBuilder
- public String startAuthentication(AuthenticationSession session, String scheme) throws WrongParametersException,
+ public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException,
AuthenticationException, ConfigurationException, BuildException {
if (session == null) {
@@ -440,12 +242,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- oaParam.isSlVersion12(), isbuisness, domainIdentifier);
+ isbuisness, domainIdentifier);
} else {
//build ReadInfobox request
infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- oaParam.isSlVersion12(), oaParam.getBusinessService(), oaParam
+ oaParam.getBusinessService(), oaParam
@@ -456,6 +258,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//removed in MOAID 2.0
String pushInfobox = "";
// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
// .getVerifyInfoboxParameters();
// if (verifyInfoboxParameters != null) {
@@ -465,14 +268,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
//build CertInfo request
String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
- .build(oaParam.isSlVersion12());
+ .build();
String certInfoDataURL = new DataURLBuilder()
.buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
+ //get Applet Parameters
+ String appletwidth = req.getParameter(PARAM_APPLET_WIDTH);
+ String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
+ appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
+ appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
String htmlForm = new GetIdentityLinkFormBuilder().build(template,
session.getBkuURL(), infoboxReadRequest, dataURL, certInfoRequest,
- certInfoDataURL, pushInfobox);
+ certInfoDataURL, pushInfobox, oaParam, appletheigth, appletwidth);
return htmlForm;
@@ -501,11 +310,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* including the <code>&lt;InfoboxReadResponse&gt;</code>
* @return String representation of the
* <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * @throws BKUException
public String verifyIdentityLink(AuthenticationSession session,
- Map infoboxReadResponseParameters) throws AuthenticationException,
+ Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException {
+ ValidateException, ServiceException, BKUException {
if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
@@ -514,18 +324,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters
- // System.out.println("PB: " + xmlInfoboxReadResponse);
if (isEmpty(xmlInfoboxReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
-// AuthenticationSession session = getSession(sessionID);
-// if (session.getTimestampIdentityLink() != null)
-// throw new AuthenticationException("auth.01",
-// new Object[] { sessionID });
- session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider
@@ -551,24 +353,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return null;
- // for testing new identity link certificate
- // xmlInfoboxReadResponse = null;
- // try {
- // File file = new File("c:/temp/XXXMuster.xml");
- // FileInputStream fis;
- //
- // fis = new FileInputStream(file);
- // byte[] array = Utils.readFromInputStream(fis);
- //
- // xmlInfoboxReadResponse = new String(array);
- // System.out.println(xmlInfoboxReadResponse);
- //
- // } catch (FileNotFoundException e) {
- // e.printStackTrace();
- // } catch (UtilsException e) {
- // e.printStackTrace();
- // }
// parses the <InfoboxReadResponse>
IdentityLink identityLink = new InfoboxReadResponseParser(
@@ -586,10 +370,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- if (identityLink.getIdentificationType().equalsIgnoreCase(
- Constants.URN_PREFIX_BASEID)) {
- }
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
@@ -608,13 +388,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// now validate the extended infoboxes
- //TODO: check correctness
-// verifyInfoboxes(session, infoboxReadResponseParameters, !oaParam
-// .getProvideStammzahl());
- verifyInfoboxes(session, infoboxReadResponseParameters, false);
+ //Removed in MOA-ID 2.0
+ //verifyInfoboxes(session, infoboxReadResponseParameters, false);
- //TODO: make it better!!
return "found!";
@@ -706,7 +482,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
- //AuthenticationSession session = getSession(sessionID);
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
@@ -760,26 +535,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
- //TODO: CHECK!! is moved to buildAuthenticationBlock to hold the baseID in identitylink
- // if (!fromMandate) {
- // BZ.., calculate bPK for signing to be already present in AuthBlock
-// IdentityLink identityLink = session.getIdentityLink();
-// if (identityLink.getIdentificationType().equals(
-// Constants.URN_PREFIX_BASEID)) {
-// // only compute bPK if online application is a public service and we
-// // have the Stammzahl
-// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
-// .getIdentificationValue(), session.getTarget());
-// identityLink.setIdentificationValue(bpkBase64);
-// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
-// }
- // ..BZ
- // }
// builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session, oaParam);
+ String authBlock = buildAuthenticationBlock(session, oaParam);
- // session.setAuthBlock(authBlock);
// builds the <CreateXMLSignatureRequest>
List<String> transformsInfos = oaParam.getTransformsInfos();
if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
@@ -788,81 +546,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
.build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos, oaParam.isSlVersion12());
+ transformsInfos);
return createXMLSignatureRequest;
-// /**
-// *
-// * @param session
-// * @param authConf
-// * @param oaParam
-// * @return
-// * @throws ConfigurationException
-// * @throws BuildException
-// * @throws ValidateException
-// */
-// public String getCreateXMLSignatureRequestAuthBlockOrRedirectForOW(
-// AuthenticationSession session, AuthConfigurationProvider authConf,
-// OAAuthParameter oaParam, boolean isOW) throws ConfigurationException,
-// BuildException, ValidateException {
-// // check for intermediate processing of the infoboxes
-// if (session.isValidatorInputPending())
-// return "Redirect to Input Processor";
-// if (authConf == null)
-// authConf = AuthConfigurationProvider.getInstance();
-// if (oaParam == null)
-// oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(
-// session.getPublicOAURLPrefix());
-// // BZ.., calculate bPK for signing to be already present in AuthBlock
-// IdentityLink identityLink = session.getIdentityLink();
-// if (identityLink.getIdentificationType().equals(
-// Constants.URN_PREFIX_BASEID)) {
-// // only compute bPK if online application is a public service and we
-// // have the Stammzahl
-//// if (isOW) {
-//// // if person is OW, delete identification value (bPK is calculated via MIS)
-//// identityLink.setIdentificationValue(null);
-//// identityLink.setIdentificationType(null);
-//// }
-//// else {
-// //TODO: check correctness!!! bpk calcultion is done during Assertion generation
-//// String bpkBase64 = new BPKBuilder().buildBPK(identityLink
-//// .getIdentificationValue(), session.getTarget());
-//// identityLink.setIdentificationValue(bpkBase64);
-//// //TODO: insert correct Type!!!!
-//// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
-//// }
-// }
-// // ..BZ
-// // }
-// // builds the AUTH-block
-// String authBlock = buildAuthenticationBlockForOW(session, oaParam, isOW);
-// // session.setAuthBlock(authBlock);
-// // builds the <CreateXMLSignatureRequest>
-// List<String> transformsInfos = oaParam.getTransformsInfos();
-// if ((transformsInfos == null) || (transformsInfos.size() == 0)) {
-// // no OA specific transforms specified, use default ones
-// transformsInfos = authConf.getTransformsInfos();
-// }
-// String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
-// .build(authBlock, oaParam.getKeyBoxIdentifier(),
-// transformsInfos, oaParam.isSlVersion12());
-// System.out.println("XML: " + createXMLSignatureRequest);
-// return createXMLSignatureRequest;
-// }
* Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
* <ul>
@@ -885,15 +572,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
-// AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- //session.setSignerCertificate(cert);
return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
@@ -938,11 +621,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param createXMLSignatureResponseParameters
* The parameters from the response returned from the BKU
* including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @throws BKUException
public X509Certificate verifyXMLSignature(String sessionID,
- Map createXMLSignatureResponseParameters)
+ Map<String, String> createXMLSignatureResponseParameters)
throws AuthenticationException, BuildException, ParseException,
- ConfigurationException, ValidateException, ServiceException {
+ ConfigurationException, ValidateException, ServiceException, BKUException {
if (isEmpty(sessionID))
throw new AuthenticationException("auth.10", new Object[] {
@@ -955,12 +639,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
throw new AuthenticationException("auth.10", new Object[] {
- //AuthenticationSession session = getSession(sessionID);
- /*
- * if (session.getTimestampIdentityLink() != null) throw new
- * AuthenticationException("auth.01", new Object[] { sessionID });
- */
- // session.setTimestampIdentityLink();
AuthConfigurationProvider authConf = AuthConfigurationProvider
@@ -983,8 +661,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- // int code = verifyXMLSignatureResponse.getSignatureCheckCode();
return verifyXMLSignatureResponse.getX509certificate();
@@ -1005,11 +681,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @param readInfoboxResponseParameters
* The parameters from the response returned from the BKU
* including the <code>&lt;ReadInfoboxResponse&gt;</code>
+ * @throws BKUException
public X509Certificate getCertificate(String sessionID,
- Map readInfoboxResponseParameters) throws AuthenticationException,
+ Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException {
+ ValidateException, ServiceException, BKUException {
if (isEmpty(sessionID))
throw new AuthenticationException("auth.10", new Object[] {
@@ -1054,40 +731,40 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String identificationValue = null;
String identificationType = null;
- if (identityLink.getIdentificationType().equals(
- Constants.URN_PREFIX_BASEID)) {
- // only compute bPK if online application is a public service and we
- // have the Stammzahl
+ //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested
+ if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) {
+ identificationType = "";
+ identificationValue = "";
+ } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+ if (oaParam.getBusinessService()) {
- if (session.isSsoRequested()) {
- identificationType = "";
- identificationValue = "";
+ String bpkBase64 = new BPKBuilder().buildWBPK(identityLink
+ .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
+ identificationValue = bpkBase64;
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+" ))
+ identificationType = oaParam.getIdentityLinkDomainIdentifier();
+ else
+ identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
} else {
String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
+ .getIdentificationValue(), session.getTarget());
identificationValue = bpkBase64;
identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
-// identityLink.setIdentificationValue(bpkBase64);
-// identityLink.setIdentificationType(Constants.URN_PREFIX_CDID + "+" + session.getTarget());
} else {
identificationValue = identityLink.getIdentificationValue();
identificationType = identityLink.getIdentificationType();
- //set empty AuthBlock BPK in case of OW
- if (session.isOW()) {
- identificationType = "";
- identificationValue = "";
- }
- String issueInstant = DateTimeUtils.buildDateTime(Calendar
- .getInstance(), oaParam.getUseUTC());
+ String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
+ .getInstance());
String authURL = session.getAuthURL();
String target = session.getTarget();
@@ -1097,7 +774,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
// (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
// String oaURL = session.getPublicOAURLPrefix();
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
if (session.isSsoRequested()) {
@@ -1125,310 +802,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
identificationType, oaURL, gebDat,
extendedSAMLAttributes, session, oaParam);
return authBlock;
- }
+ }
-// /**
-// * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
-// * given session data.
-// *
-// * @param session
-// * authentication session
-// *
-// * @return <code>&lt;saml:Assertion&gt;</code> as a String
-// *
-// * @throws BuildException
-// * If an error occurs on serializing an extended SAML attribute
-// * to be appended to the AUTH-Block.
-// */
-// private String buildAuthenticationBlockForOW(AuthenticationSession session,
-// OAAuthParameter oaParam, boolean isOW) throws BuildException {
-// IdentityLink identityLink = session.getIdentityLink();
-// String issuer = identityLink.getName();
-// String gebDat = identityLink.getDateOfBirth();
-// String identificationValue = identityLink.getIdentificationValue();
-// String identificationType = identityLink.getIdentificationType();
-// String issueInstant = DateTimeUtils.buildDateTime(Calendar
-// .getInstance(), oaParam.getUseUTC());
-// session.setIssueInstant(issueInstant);
-// String authURL = session.getAuthURL();
-// String target = session.getTarget();
-// String targetFriendlyName = session.getTargetFriendlyName();
-// // Bug #485
-// // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
-// // String oaURL = session.getPublicOAURLPrefix();
-// String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
-// List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
-// Iterator it = extendedSAMLAttributes.iterator();
-// // delete bPK attribute from extended SAML attributes
-// if (session.isOW()) {
-// ExtendedSAMLAttribute toDelete = null;
-// while (it.hasNext()) {
-// ExtendedSAMLAttribute attr = (ExtendedSAMLAttribute)it.next();
-// if (attr.getName().equalsIgnoreCase("bPK"))
-// toDelete = attr;
-// }
-// if (toDelete != null)
-// extendedSAMLAttributes.remove(toDelete);
-// }
-// String authBlock = new AuthenticationBlockAssertionBuilder()
-// .buildAuthBlock(issuer, issueInstant, authURL, target,
-// targetFriendlyName, identificationValue,
-// identificationType, oaURL, gebDat,
-// extendedSAMLAttributes, session, oaParam);
-// return authBlock;
-// }
- /**
- * Verifies the infoboxes (except of the identity link infobox) returned by
- * the BKU by calling appropriate validator classes.
- *
- * @param session
- * The actual authentication session.
- * @param infoboxReadResponseParams
- * The parameters returned from the BKU as response to an infobox
- * read request (including the infobox tokens to be verified).
- * @param hideStammzahl
- * Indicates whether source pins (<code>Stammzahl</code>en)
- * should be hidden in any SAML attribute that may be returned by
- * a validator.
- *
- * @throws AuthenticationException
- * If the verification of at least one infobox fails.
- * @throws ConfigurationException
- * If the OAuthParameter cannot be extracted.
- */
- private void verifyInfoboxes(AuthenticationSession session,
- Map infoboxReadResponseParams, boolean hideStammzahl)
- throws ValidateException, ConfigurationException {
- AuthConfigurationProvider authConfigurationProvider = AuthConfigurationProvider
- .getInstance();
- // get the default VerifyInfobox parameters
- Map defaultInfoboxParameters = null;
- //removed in MOA-ID 2.0
-// VerifyInfoboxParameters defaultVerifyInfoboxParameters = authConfigurationProvider
-// .getDefaultVerifyInfoboxParameters();
-// if (defaultVerifyInfoboxParameters != null) {
-// defaultInfoboxParameters = defaultVerifyInfoboxParameters
-// .getInfoboxParameters();
-// }
- // get the OA specific VerifyInfobox parameters
- Map infoboxParameters = null;
- OAAuthParameter oaParam = authConfigurationProvider
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- //TODO: check correctness!!!!
- //removed in MOAID 2.0
-// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
-// .getVerifyInfoboxParameters();
-// VerifyInfoboxParameters verifyInfoboxParameters = null;
- session.setExtendedSAMLAttributesAUTH(new Vector()); // Initialize SAML
- // Attributes
- session.setExtendedSAMLAttributesOA(new Vector());
- // System.out.println("SAML set: " +
- // session.getExtendedSAMLAttributesAUTH().size());
-// if (verifyInfoboxParameters != null) {
-// infoboxParameters = verifyInfoboxParameters.getInfoboxParameters();
-// // get the list of infobox identifiers
-// List identifiers = verifyInfoboxParameters.getIdentifiers();
-// if (identifiers != null) {
-// // step through the identifiers and verify the infoboxes
-// Iterator it = identifiers.iterator();
-// while (it.hasNext()) {
-// String identifier = (String) it.next();
-// // get the infobox read response from the map of parameters
-// String infoboxReadResponse = (String) infoboxReadResponseParams
-// .get(identifier);
-// // get the configuration parameters
-// VerifyInfoboxParameter verifyInfoboxParameter = null;
-// Object object = infoboxParameters.get(identifier);
-// // if not present, use default
-// if ((object == null) && (defaultInfoboxParameters != null)) {
-// object = defaultInfoboxParameters.get(identifier);
-// }
-// if (object != null) {
-// verifyInfoboxParameter = (VerifyInfoboxParameter) object;
-// }
-// if (infoboxReadResponse != null) {
-// if (verifyInfoboxParameter == null) {
-// // should not happen because of the pushinfobox
-// // mechanism; check it anyway
-// Logger.error("No validator for verifying \""
-// + identifier + "\"-infobox configured.");
-// throw new ValidateException("validator.41",
-// new Object[] { identifier });
-// } else {
-// String friendlyName = verifyInfoboxParameter
-// .getFriendlyName();
-// boolean isParepRequest = false;
-// // parse the infobox read reponse
-// List infoboxTokenList = null;
-// try {
-// infoboxTokenList = ExtendedInfoboxReadResponseParser
-// .parseInfoboxReadResponse(
-// infoboxReadResponse,
-// friendlyName);
-// } catch (ParseException e) {
-// Logger
-// .error("InfoboxReadResponse for \""
-// + identifier
-// + "\"-infobox could not be parsed successfully: "
-// + e.getMessage());
-// throw new ValidateException("validator.43",
-// new Object[] { friendlyName });
-// }
-// // set compatibility mode for mandates infobox and
-// // all infoboxes (it is possible to be a parep
-// // infobox)
-// // session.setMandateCompatibilityMode(ParepConfiguration.isMandateCompatibilityMode(verifyInfoboxParameter.getApplicationSpecificParams()));
-// // check for party representation in mandates
-// // infobox
-// .equalsIgnoreCase(identifier)
-// && !((infoboxTokenList == null || infoboxTokenList
-// .size() == 0))) {
-// // We need app specific parameters
-// if (null == verifyInfoboxParameter
-// .getApplicationSpecificParams()) {
-// throw new ValidateException("validator.66",
-// new Object[] { friendlyName });
-// }
-// Element mandate = ParepValidator
-// .extractPrimaryToken(infoboxTokenList);
-// // ParepUtils.serializeElement(mandate,
-// // System.out);
-// String mandateID = ParepUtils
-// .extractRepresentativeID(mandate);
-// if (!isEmpty(mandateID)
-// && ("*".equals(mandateID) || mandateID
-// isParepRequest = true;
-// }
-// if (!isParepRequest) {
-// // if mandates validator is disabled we must
-// // throw an error in this case
-// if (!ParepUtils
-// .isValidatorEnabled(verifyInfoboxParameter
-// .getApplicationSpecificParams())) {
-// throw new ValidateException(
-// "validator.60",
-// new Object[] { friendlyName });
-// }
-// }
-// }
-// // get the class for validating the infobox
-// InfoboxValidator infoboxValidator = null;
-// try {
-// Class validatorClass = null;
-// if (isParepRequest) {
-// // Mandates infobox in party representation
-// // mode
-// validatorClass = Class
-// .forName("at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator");
-// } else {
-// validatorClass = Class
-// .forName(verifyInfoboxParameter
-// .getValidatorClassName());
-// }
-// infoboxValidator = (InfoboxValidator) validatorClass
-// .newInstance();
-// } catch (Exception e) {
-// Logger
-// .error("Could not load validator class \""
-// + verifyInfoboxParameter
-// .getValidatorClassName()
-// + "\" for \""
-// + identifier
-// + "\"-infobox: "
-// + e.getMessage());
-// throw new ValidateException("validator.42",
-// new Object[] { friendlyName });
-// }
-// Logger
-// .debug("Successfully loaded validator class \""
-// + verifyInfoboxParameter
-// .getValidatorClassName()
-// + "\" for \""
-// + identifier
-// + "\"-infobox.");
-// // build the parameters for validating the infobox
-// InfoboxValidatorParams infoboxValidatorParams = InfoboxValidatorParamsBuilder
-// .buildInfoboxValidatorParams(session,
-// verifyInfoboxParameter,
-// infoboxTokenList, oaParam);
-// // now validate the infobox
-// InfoboxValidationResult infoboxValidationResult = null;
-// try {
-// infoboxValidationResult = infoboxValidator
-// .validate(infoboxValidatorParams);
-// } catch (ValidateException e) {
-// Logger.error("Error validating " + identifier
-// + " infobox:" + e.getMessage());
-// throw new ValidateException("validator.44",
-// new Object[] { friendlyName });
-// }
-// if (!infoboxValidationResult.isValid()) {
-// Logger.info("Validation of " + identifier
-// + " infobox failed.");
-// throw new ValidateException("validator.40",
-// new Object[] {
-// friendlyName,
-// infoboxValidationResult
-// .getErrorMessage() });
-// }
-// Logger.info(identifier
-// + " infobox successfully validated.");
-// // store the validator for post processing
-// session.addInfoboxValidator(identifier,
-// friendlyName, infoboxValidator);
-// // get the SAML attributes to be appended to the
-// // AUTHBlock or to the final
-// // SAML Assertion
-// AddAdditionalSAMLAttributes(session,
-// infoboxValidationResult
-// .getExtendedSamlAttributes(),
-// identifier, friendlyName);
-// }
-// } else {
-// if ((verifyInfoboxParameter != null)
-// && (verifyInfoboxParameter.isRequired())) {
-// Logger
-// .info("Infobox \""
-// + identifier
-// + "\" is required, but not returned from the BKU");
-// throw new ValidateException("validator.48",
-// new Object[] { verifyInfoboxParameter
-// .getFriendlyName() });
-// }
-// Logger.debug("Infobox \"" + identifier
-// + "\" not returned from BKU.");
-// }
-// }
-// }
-// }
- }
* Verifies the infoboxes (except of the identity link infobox) returned by
@@ -1459,7 +836,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
for (int i = 0; i < length; i++) {
ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
- Object value = verifySAMLAttribute(samlAttribute, i, "MISService",
+ verifySAMLAttribute(samlAttribute, i, "MISService",
@@ -1494,57 +871,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
-// /**
-// * Intermediate processing of the infoboxes. The first pending infobox
-// * validator may validate the provided input
-// *
-// * @param session
-// * The current authentication session
-// * @param parameters
-// * The parameters got returned by the user input fields
-// */
-// public static void processInput(AuthenticationSession session,
-// Map parameters) throws ValidateException {
-// // post processing of the infoboxes
-// Iterator iter = session.getInfoboxValidatorIterator();
-// if (iter != null) {
-// while (iter.hasNext()) {
-// Vector infoboxValidatorVector = (Vector) iter.next();
-// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-// .get(2);
-// if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) {
-// String identifier = (String) infoboxValidatorVector.get(0);
-// String friendlyName = (String) infoboxValidatorVector
-// .get(1);
-// InfoboxValidationResult infoboxValidationResult = null;
-// try {
-// infoboxValidationResult = infoboxvalidator
-// .validate(parameters);
-// } catch (ValidateException e) {
-// Logger.error("Error validating " + identifier
-// + " infobox:" + e.getMessage());
-// throw new ValidateException("validator.44",
-// new Object[] { friendlyName });
-// }
-// if (!infoboxValidationResult.isValid()) {
-// Logger.info("Validation of " + identifier
-// + " infobox failed.");
-// throw new ValidateException("validator.40",
-// new Object[] {
-// friendlyName,
-// infoboxValidationResult
-// .getErrorMessage() });
-// }
-// AddAdditionalSAMLAttributes(
-// session,
-// infoboxValidationResult.getExtendedSamlAttributes(),
-// identifier, friendlyName);
-// }
-// }
-// }
-// }
* Adds given SAML Attributes to the current session. They will be appended
* to the final SAML Assertion or the AUTH block. If the attributes are
@@ -1565,12 +891,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
String friendlyName) throws ValidateException {
if (extendedSAMLAttributes == null)
- List oaAttributes = session.getExtendedSAMLAttributesOA();
+ List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA();
if (oaAttributes == null)
- oaAttributes = new Vector();
- List authAttributes = session.getExtendedSAMLAttributesAUTH();
+ oaAttributes = new Vector<ExtendedSAMLAttribute>();
+ List<ExtendedSAMLAttribute> authAttributes = session.getExtendedSAMLAttributesAUTH();
if (authAttributes == null)
- authAttributes = new Vector();
+ authAttributes = new Vector<ExtendedSAMLAttribute>();
int length = extendedSAMLAttributes.length;
for (int i = 0; i < length; i++) {
ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
@@ -1616,33 +942,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
- // /**
- // * Adds given SAML Attributes to the current session. They will be
- // appended
- // * to the final SAML Assertion or the AUTH block. If the attributes are
- // * already in the list, they will be replaced.
- // *
- // * @param session The current session
- // * @param extendedSAMLAttributes The SAML attributes to add
- // * @param identifier The infobox identifier for debug purposes
- // * @param friendlyNam The friendly name of the infobox for debug purposes
- // */
- // private static void AddAdditionalSAMLAttributes(AuthenticationSession
- // session, MISMandate mandate) throws ValidateException
- // {
- //
- // List oaAttributes = session.getExtendedSAMLAttributesOA();
- // if (oaAttributes==null) oaAttributes = new Vector();
- // List authAttributes = session.getExtendedSAMLAttributesAUTH();
- // if (authAttributes==null) authAttributes = new Vector();
- //
- //
- // addExtendedSamlAttributes(authAttributes, mandate);
- //
- // session.setExtendedSAMLAttributesAUTH(authAttributes);
- // session.setExtendedSAMLAttributesOA(oaAttributes);
- // }
* Adds the AUTH block related SAML attributes to the validation result.
* This is needed always before the AUTH block is to be signed, because the
@@ -1658,15 +957,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
MISMandate mandate, boolean business, boolean provideStammzahl)
throws SAXException, IOException, ParserConfigurationException,
TransformerException {
- Vector extendedSamlAttributes = new Vector();
+ Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
- // extendedSamlAttributes.add(new
- // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW,
- // mandate, SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
// Name
Element domMandate = mandateToElement(mandate);
Element nameSpaceNode = domMandate.getOwnerDocument().createElement(
@@ -1679,27 +973,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Element mandator = (Element) XPathAPI.selectSingleNode(domMandate,
"//md:Mandate/md:Mandator", nameSpaceNode);
- // first check if physical person
- // Element name = (Element) XPathAPI.selectSingleNode(mandator,
- // "descendant-or-self::pr:Name/pr:GivenName", nameSpaceNode);
- // String mandatorname = ParepUtils.extractMandatorName(mandator);
- // extendedSamlAttributes.add(new
- // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME,
- // mandatorname, SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // Geburtsdatum
- // String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
- // if (dob != null && !"".equals(dob)) {
- // extendedSamlAttributes.add(new
- // ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob,
- // SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // }
// Mandate
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- ParepValidator.EXT_SAML_MANDATE_RAW, domMandate,
@@ -1712,28 +988,19 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (!ParepUtils.isEmpty(idType)
&& idType.startsWith(Constants.URN_PREFIX_BASEID)) {
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
ParepUtils.getRegisterString(idType) + ": " + wbpk,
} else if (business) {
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk,
- // String oid = mandate.getProfRep();
- // if (oid != null) {
- // String oidDescription = mandate.getTextualDescriptionOfOID();
- // extendedSamlAttributes.add(new
- // oidDescription, SZRGWConstants.MANDATE_NS,
- // ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- // }
ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes
@@ -1756,14 +1023,14 @@ public class AuthenticationServer implements MOAIDAuthConstants {
MISMandate mandate, boolean business) throws SAXException,
IOException, ParserConfigurationException, TransformerException {
- Vector extendedSamlAttributes = new Vector();
+ Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
// RepresentationType
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
@@ -1771,12 +1038,12 @@ public class AuthenticationServer implements MOAIDAuthConstants {
if (oid != null) {
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- ParepValidator.EXT_SAML_MANDATE_OID, oid,
String oidDescription = mandate.getTextualDescriptionOfOID();
extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
oidDescription, SZRGWConstants.MANDATE_NS,
@@ -1806,10 +1073,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
return doc.getDocumentElement();
- protected static void replaceExtendedSAMLAttribute(List attributes,
+ protected static void replaceExtendedSAMLAttribute(List<ExtendedSAMLAttribute> attributes,
ExtendedSAMLAttribute samlAttribute) {
if (null == attributes) {
- attributes = new Vector();
+ attributes = new Vector<ExtendedSAMLAttribute>();
} else {
String id = samlAttribute.getName();
int length = attributes.size();
@@ -1851,21 +1118,20 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* <code>&lt;CreateXMLSignatureResponse&gt;</code>
* @return SAML artifact needed for retrieving authentication data, encoded
* BASE64
+ * @throws BKUException
public String verifyAuthenticationBlock(AuthenticationSession session,
String xmlCreateXMLSignatureReadResponse)
throws AuthenticationException, BuildException, ParseException,
- ConfigurationException, ServiceException, ValidateException {
+ ConfigurationException, ServiceException, ValidateException, BKUException {
if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
if (isEmpty(xmlCreateXMLSignatureReadResponse))
throw new AuthenticationException("auth.10", new Object[] {
- //AuthenticationSession session = getSession(sessionID);
AuthConfigurationProvider authConf = AuthConfigurationProvider
// parses <CreateXMLSignatureResponse>
@@ -1924,7 +1190,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
- // TODO See Bug #144
// Compare AuthBlock Data with information stored in session, especially
// date and time
@@ -1971,22 +1236,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-// boolean useUTC = oaParam.getUseUTC();
-// boolean useCondition = oaParam.getUseCondition();
-// int conditionLength = oaParam.getConditionLength();
- //TL: moved to Authentification Data generation
-// AuthenticationData authData = buildAuthenticationData(session, vsresp,
-// useUTC, false);
-// //set Authblock
-// session.setAuthData(authData);
@@ -2010,42 +1260,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
return newMOASessionID;
- /*
- String samlAssertion = new AuthenticationDataAssertionBuilder()
- .build(authData, session.getAssertionPrPerson(), session
- .getAssertionAuthBlock(), session
- .getAssertionIlAssertion(), session.getBkuURL(),
- session.getAssertionSignerCertificateBase64(),
- session.getAssertionBusinessService(), session
- .getExtendedSAMLAttributesOA(),
- useCondition, conditionLength);
- authData.setSamlAssertion(samlAssertion);
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
- String samlArtifact = new SAMLArtifactBuilder().build(session
- .getAuthURL(), session.getSessionID(), session
- .getSourceID());
- storeAuthenticationData(samlArtifact, authData);
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID
- + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;
- */
@@ -2135,16 +1350,10 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public String getForeignAuthenticationData(AuthenticationSession session)
throws AuthenticationException, BuildException, ParseException,
ConfigurationException, ServiceException, ValidateException {
- //TODO: CHECK if STORK parts works correct!!!!
if (session == null)
throw new AuthenticationException("auth.10", new Object[] {
- //AuthenticationSession session = getSession(sessionID);
- // AuthConfigurationProvider authConf =
- // AuthConfigurationProvider.getInstance();
// post processing of the infoboxes
Iterator iter = session.getInfoboxValidatorIterator();
@@ -2188,19 +1397,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
X509Certificate cert = session.getSignerCertificate();
-// OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-// .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-// boolean useUTC = oaParam.getUseUTC();
-// boolean useCondition = oaParam.getUseCondition();
-// int conditionLength = oaParam.getConditionLength();
- //TL: moved to Assertion generation.
-// AuthenticationData authData = buildAuthenticationData(session, vsresp,
-// useUTC, true);
-// session.setAuthData(authData);
@@ -2210,43 +1406,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
- return "new Session";
- //TODO: regenerate MOASession ID!
- /*
- String samlAssertion = new AuthenticationDataAssertionBuilder().build(
- authData, session.getAssertionPrPerson(), session
- .getAssertionAuthBlock(), session
- .getAssertionIlAssertion(), session.getBkuURL(),
- session.getAssertionSignerCertificateBase64(), session
- .getAssertionBusinessService(), session
- .getExtendedSAMLAttributesOA(), useCondition,
- conditionLength);
- authData.setSamlAssertion(samlAssertion);
- String assertionFile = AuthConfigurationProvider.getInstance()
- .getGenericConfigurationParameter(
- "AuthenticationServer.WriteAssertionToFile");
- if (!ParepUtils.isEmpty(assertionFile))
- try {
- ParepUtils.saveStringToFile(samlAssertion, new File(
- assertionFile));
- } catch (IOException e) {
- throw new BuildException("builder.00", new Object[] {
- "AuthenticationData", e.toString() }, e);
- }
- String samlArtifact = new SAMLArtifactBuilder().build(session
- .getAuthURL(), session.getSessionID(), session.getSourceID());
- storeAuthenticationData(samlArtifact, authData);
- // invalidates the authentication session
- sessionStore.remove(sessionID);
- Logger.info("Anmeldedaten zu MOASession " + sessionID
- + " angelegt, SAML Artifakt " + samlArtifact);
- return samlArtifact;*/
+ //TODO: regenerate MOASession ID!
+ return "new Session";
@@ -2274,15 +1436,16 @@ public class AuthenticationServer implements MOAIDAuthConstants {
AuthenticationData authData = new AuthenticationData();
VerifyXMLSignatureResponse verifyXMLSigResp = session.getXMLVerifySignatureResponse();
- boolean useUTC = oaParam.getUseUTC();
boolean businessService = oaParam.getBusinessService();
- authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar
- .getInstance(), useUTC));
+ authData.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar
+ .getInstance()));
//baseID or wbpk in case of BusinessService without SSO or BusinessService SSO
@@ -2297,7 +1460,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
- authData.setUseUTC(oaParam.getUseUTC());
try {
@@ -2305,6 +1467,9 @@ public class AuthenticationServer implements MOAIDAuthConstants {
MISMandate mandate = session.getMISMandate();
authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + "OW");
+ authData.setIdentityLink(identityLink);
+ Logger.trace("Authenticated User is OW: " + mandate.getOWbPK());
} else {
@@ -2330,8 +1495,11 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} else {
+ Logger.trace("Authenticate user with wbPK " + authData.getBPK());
Element idlassertion = session.getIdentityLink().getSamlAssertion();
//set bpk/wpbk;
Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
@@ -2353,6 +1521,8 @@ public class AuthenticationServer implements MOAIDAuthConstants {
authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ Logger.trace("Authenticate user with bPK " + authData.getBPK());
@@ -2380,8 +1550,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
try {
session = AuthenticationSessionStoreage.getSession(id);
- /*(AuthenticationSession) sessionStore
- .get(id);*/
if (session == null)
throw new AuthenticationException("auth.02", new Object[] { id });
return session;
@@ -2397,14 +1565,18 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public void cleanup() {
long now = new Date().getTime();
- //clean AuthenticationSessionStore
- //TODO: acutally the StartAuthentificaten timestamp is used!!!!!
- //TODO: maybe change this to lastupdate timestamp.
+ //clean AuthenticationSessionStore
AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
//clean AssertionStore
AssertionStorage assertionstore = AssertionStorage.getInstance();
assertionstore.clean(now, authDataTimeOut);
+ //clean ExeptionStore
+ DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore();
+ exstore.clean(now, authDataTimeOut);
@@ -2500,58 +1672,78 @@ public class AuthenticationServer implements MOAIDAuthConstants {
* @return Identity link assertion
* @throws SZRGWClientException
- public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+ public at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse
+ getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
- SZRGWClient client = new SZRGWClient();
+ SZRGWClient client = null;
- try {
+ try {
AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
- client.setAddress(connectionParameters.getUrl());
- if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
- Logger.debug("Initialisiere SSL Verbindung");
- try {
- client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
- } catch (IOException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (GeneralSecurityException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- } catch (PKIException e) {
- Logger.error("Could not initialize SSL Factory", e);
- throw new SZRGWClientException("Could not initialize SSL Factory");
- }
- }
+ client = new SZRGWClient(connectionParameters);
+ CreateIdentityLinkRequest request = new CreateIdentityLinkRequest();
+ request.setSignature(DOMUtils.serializeNode(signature).getBytes());
+ CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request , connectionParameters.getUrl());
+// client.setAddress(connectionParameters.getUrl());
+// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
+// Logger.debug("Initialisiere SSL Verbindung");
+// try {
+// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
+// } catch (IOException e) {
+// Logger.error("Could not initialize SSL Factory", e);
+// throw new SZRGWClientException("Could not initialize SSL Factory");
+// } catch (GeneralSecurityException e) {
+// Logger.error("Could not initialize SSL Factory", e);
+// throw new SZRGWClientException("Could not initialize SSL Factory");
+// } catch (PKIException e) {
+// Logger.error("Could not initialize SSL Factory", e);
+// throw new SZRGWClientException("Could not initialize SSL Factory");
+// }
+// }
Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
catch (ConfigurationException e) {
Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
- }
+ } catch (TransformerException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ } catch (IOException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
- // create request
- CreateIdentityLinkResponse response = null;
- Element request = null;
- try {
- Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
- request = doc.getDocumentElement();
- // send request
- response = client.createIdentityLinkResponse(request);
- } catch (SZRGWClientException e) {
- // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
- try {
- response = client.createIdentityLinkResponse(request);
- }
- catch (SZRGWClientException e1) {
- throw new SZRGWClientException(e1);
- }
- }
+// // create request
+// CreateIdentityLinkResponse response = null;
+// Element request = null;
+// try {
+// Document doc = client.buildGetIdentityLinkRequest(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, signature);
+// request = doc.getDocumentElement();
+// // send request
+// response = client.createIdentityLinkResponse(request, connectionParameters.getUrl());
+// } catch (SZRGWClientException e) {
+// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
+//// try {
+//// response = client.createIdentityLinkResponse(request);
+//// }
+//// catch (SZRGWClientException e1) {
+//// throw new SZRGWClientException(e1);
+//// }
+// }
- return response;
+ return null;
@@ -2761,13 +1953,6 @@ public class AuthenticationServer implements MOAIDAuthConstants {
} catch (Throwable e) {
throw new CertificateException(e);
-// CertificateFactory cf;
-// X509Certificate cert = null;
-// cf = CertificateFactory.getInstance("X.509");
-// CertificateFactory
-// cert = (X509Certificate)cf.generateCertificate(is);
-// return cert;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
index 82c1da74a..fe35866b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationSessionCleaner.java
@@ -1,25 +1,4 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
package at.gv.egovernment.moa.id.auth;
@@ -37,7 +16,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class AuthenticationSessionCleaner implements Runnable {
/** interval the <code>AuthenticationSessionCleaner</code> is run in */
- private static final long SESSION_CLEANUP_INTERVAL = 30 * 60; // 30 min
+ private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
* Runs the thread. Cleans the <code>AuthenticationServer</code> session store
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index edc43da0c..f555cfb9a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -1,25 +1,4 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
package at.gv.egovernment.moa.id.auth;
@@ -139,4 +118,17 @@ public interface MOAIDAuthConstants {
public static final List<String> REQ_BKU_TYPES = Arrays.asList(REQ_BKU_TYPE_LOCAL, REQ_BKU_TYPE_ONLINE, REQ_BKU_TYPE_HANDY);
+ public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
+ public final static String EXT_SAML_MANDATE_OID = "OID";
+ public final static String EXT_SAML_MANDATE_RAW = "Mandate";
+ public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
+ public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
+ public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
+ public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
+ public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
+ public static final String PARAM_APPLET_HEIGTH = "heigth";
+ public static final String PARAM_APPLET_WIDTH = "width";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 725773b75..848bf94af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -1,35 +1,17 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
package at.gv.egovernment.moa.id.auth;
+import iaik.cms.ecc.IaikEccProvider;
import iaik.pki.PKIException;
import iaik.pki.jsse.IAIKX509TrustManager;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
import java.io.IOException;
-import java.math.BigInteger;
import java.security.GeneralSecurityException;
+import java.security.Security;
import java.util.Properties;
import javax.activation.CommandMap;
@@ -39,6 +21,7 @@ import javax.net.ssl.SSLSocketFactory;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigLoader;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl;
import at.gv.egovernment.moa.id.util.AxisSecureSocketFactory;
@@ -74,15 +57,24 @@ public class MOAIDAuthInitializer {
Logger.info("Default java file.encoding: "
+ System.getProperty("file.encoding"));
+ Logger.info("Loading security providers.");
+ IAIK.addAsProvider();
+// Security.insertProviderAt(new IAIK(), 1);
+// Security.insertProviderAt(new ECCProvider(), 1);
//JDK bug workaround according to:
// http://jce.iaik.tugraz.at/products/03_cms/faq/index.php#JarVerifier
// register content data handlers for S/MIME types
MailcapCommandMap mc = new MailcapCommandMap();
// create some properties and get the default Session
Properties props = new Properties();
props.put("mail.smtp.host", "localhost");
Session session = Session.getDefaultInstance(props, null);
// Restricts TLS cipher suites
@@ -129,6 +121,9 @@ public class MOAIDAuthInitializer {
"init.01", null), e);
+ IAIK.addAsProvider();
+ ECCProvider.addAsProvider();
// Initializes SSLSocketFactory store
@@ -174,33 +169,9 @@ public class MOAIDAuthInitializer {
- // sets the authentication session and authentication data time outs
- BigInteger param = authConf.getTimeOuts().getMOASessionCreated();
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutCreated(sessionTimeOut);
- }
- param = authConf.getTimeOuts().getMOASessionUpdated();
- if (param != null) {
- long sessionTimeOut = param.longValue();
- if (sessionTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsSessionTimeOutUpdated(sessionTimeOut);
- }
- param = authConf.getTimeOuts().getAssertion();
- if (param != null) {
- long authDataTimeOut = param.longValue();
- if (authDataTimeOut > 0)
- AuthenticationServer.getInstance()
- .setSecondsAuthDataTimeOut(authDataTimeOut);
- }
// Starts the session cleaner thread to remove unpicked authentication data
+ AuthConfigLoader.start();
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index bcad65eed..35109dfea 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -1,27 +1,25 @@
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
import java.io.IOException;
@@ -33,8 +31,8 @@ import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
@@ -82,11 +80,11 @@ public class AuthenticationAssertionBuilder {
* @throws ParseException If an error occurs on serializing an SAML attribute.
- protected String buildExtendedSAMLAttributes(List extendedSAMLAttributes) throws ParseException
+ protected String buildExtendedSAMLAttributes(List<ExtendedSAMLAttribute> extendedSAMLAttributes) throws ParseException
StringBuffer sb = new StringBuffer();
if (extendedSAMLAttributes!=null) {
- Iterator it = extendedSAMLAttributes.iterator();
+ Iterator<ExtendedSAMLAttribute> it = extendedSAMLAttributes.iterator();
while (it.hasNext()) {
ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
Object value = extendedSAMLAttribute.getValue();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index ee2313070..db9bc588f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -1,25 +1,25 @@
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
@@ -28,9 +28,7 @@ import java.io.StringWriter;
import java.text.MessageFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
-import java.util.Date;
import java.util.List;
-import java.util.Locale;
import javax.xml.bind.DatatypeConverter;
import javax.xml.transform.Result;
@@ -45,16 +43,15 @@ import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -87,6 +84,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" </saml:Attribute>" + NL +
"{7}" +
"{8}" +
+ "{9}" +
" </saml:AttributeStatement>" + NL +
@@ -110,6 +108,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
" <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
" </saml:Attribute>" + NL;
+ private static String AUTHBLOCKTOKKEN_ATTRIBUTE =
+ " <saml:Attribute AttributeName=''UniqueTokken'' AttributeNamespace=''" + MOA_NS_URI + "''>" + NL +
+ " <saml:AttributeValue>{0}</saml:AttributeValue>" + NL +
+ " </saml:Attribute>" + NL;
" <pr:Identification xmlns:pr=\"" + PD_NS_URI + "\">" + NL +
@@ -120,8 +123,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
* The number of SAML attributes included in this AUTH-Block (without the extended SAML attributes).
- public static final int NUM_OF_SAML_ATTRIBUTES = 4;
- public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 3;
+ public static final int NUM_OF_SAML_ATTRIBUTES = 5;
+ public static final int NUM_OF_SAML_ATTRIBUTES_SSO = 4;
* Constructor for AuthenticationBlockAssertionBuilder.
@@ -169,10 +172,11 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String identityLinkType,
String oaURL,
String gebDat,
- List extendedSAMLAttributes,
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
OAAuthParameter oaParam)
throws BuildException
String gebeORwbpk = "";
@@ -267,11 +271,13 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
Logger.warn("Addional AuthBlock Text can not loaded from OA!", e);
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ //generate unique AuthBlock tokken
+ String uniquetokken = Random.nextRandom();
+ session.setAuthBlockTokken(uniquetokken);
String assertion;
try {
assertion = MessageFormat.format(
@@ -284,6 +290,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
+ new Object[] { uniquetokken }),
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -332,7 +340,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String identityLinkType,
String oaURL,
String gebDat,
- List extendedSAMLAttributes,
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session)
throws BuildException
@@ -418,6 +426,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ //generate unique AuthBlock tokken
+ String uniquetokken = Random.nextRandom();
+ session.setAuthBlockTokken(uniquetokken);
String assertion;
try {
assertion = MessageFormat.format(
@@ -430,6 +442,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
+ new Object[] { uniquetokken }),
} catch (ParseException e) {
Logger.error("Error on building AUTH-Block: " + e.getMessage());
@@ -479,7 +493,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String identityLinkType,
String oaURL,
String gebDat,
- List extendedSAMLAttributes,
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes,
AuthenticationSession session,
OAAuthParameter oaParam)
throws BuildException
@@ -524,9 +538,10 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
String specialText = MessageFormat.format(SPECIAL_TEXT_ATTRIBUTE,
new Object[] { generateSpecialText(text, issuer, issueInstant) });
+ //generate unique AuthBlock tokken
+ String uniquetokken = Random.nextRandom();
+ session.setAuthBlockTokken(uniquetokken);
String assertion;
assertion = MessageFormat.format(
@@ -539,6 +554,8 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
+ new Object[] { uniquetokken }),
return assertion;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index 839ebe7a4..531303300 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -1,25 +1,26 @@
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
@@ -28,8 +29,9 @@ import java.text.MessageFormat;
import java.util.Calendar;
import java.util.List;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -229,7 +231,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- List extendedSAMLAttributes,
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes,
boolean useCondition,
int conditionLength)
throws BuildException
@@ -350,7 +352,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
String bkuURL,
String signerCertificateBase64,
boolean businessService,
- List extendedSAMLAttributes,
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes,
boolean useCondition,
int conditionLength)
throws BuildException
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 9bec06135..bd87737ed 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -26,9 +48,7 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.security.MessageDigest;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java
index 5757c398e..ca9bf2080 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/Builder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -24,7 +46,7 @@
package at.gv.egovernment.moa.id.auth.builder;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.util.StringUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
index 7528bc2e8..a904242e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -27,7 +49,7 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.IOException;
import java.text.MessageFormat;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.FileUtils;
@@ -71,25 +93,25 @@ public class CertInfoVerifyXMLSignatureRequestBuilder extends Builder implements
* @return the XML structure
* @throws BuildException
- public String build(boolean slVersion12) throws BuildException {
+ public String build() throws BuildException {
String sl10Prefix;
String sl11Prefix;
String slNsDeclaration;
- if (slVersion12) {
+// if (slVersion12) {
sl10Prefix = SL12_PREFIX;
sl11Prefix = SL12_PREFIX;
slNsDeclaration = "xmlns:" + SL12_PREFIX + "=\"" + SL12_NS_URI + "\"";
- } else {
- sl10Prefix = SL10_PREFIX;
- sl11Prefix = SL11_PREFIX;
- slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\"";
- }
+// } else {
+// sl10Prefix = SL10_PREFIX;
+// sl11Prefix = SL11_PREFIX;
+// slNsDeclaration = "xmlns:" + sl11Prefix + "=\"" + SL11_NS_URI + "\" xmlns:" + sl10Prefix + "=\"" + SL10_NS_URI + "\"";
+// }
String certInfoRequest = MessageFormat.format(CERTINFO_REQUEST, new Object[] {sl11Prefix, sl10Prefix, slNsDeclaration});
String resDsigSignature = "resources/xmldata/CertInfoDsigSignature.xml";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
index 23596abda..bbbfacbd1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -81,7 +103,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
* @param slVersion12 specifies whether the Security Layer version number is 1.2 or not
* @return String representation of <code>&lt;CreateXMLSignatureRequest&gt;</code>
- public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos, boolean slVersion12) {
+ public String build(String authBlock, String keyBoxIdentifier, List<String> dsigTransformInfos) {
String sl10Prefix;
String sl11Prefix;
@@ -97,7 +119,7 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
// dsigTransformInfosString += dsigTransformInfos[i];
// }
- if (slVersion12) {
+// if (slVersion12) {
// replace the SecurityLayer namespace prefixes and URIs within the transforms
dsigTransformInfosString = StringUtils.changeSLVersion(dsigTransformInfosString,
@@ -107,13 +129,13 @@ public class CreateXMLSignatureRequestBuilder implements Constants {
sl11Prefix = SL12_PREFIX;
slNsDeclaration = "xmlns:" + SL12_PREFIX + "='" + SL12_NS_URI + "'";
- } else {
- sl10Prefix = SL10_PREFIX;
- sl11Prefix = SL11_PREFIX;
- slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'";
- }
+// } else {
+// sl10Prefix = SL10_PREFIX;
+// sl11Prefix = SL11_PREFIX;
+// slNsDeclaration = "xmlns:" + sl10Prefix + "='" + SL10_NS_URI + "' xmlns:" + sl11Prefix + "='" + SL11_NS_URI + "'";
+// }
String request = MessageFormat.format(
CREATE_XML_SIGNATURE_REQUEST, new Object[] { authBlock,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
index 650f1578d..e7e1e5cbd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureRequestBuilderForeign.java
@@ -1,34 +1,56 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.builder;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -46,22 +68,22 @@ public class CreateXMLSignatureRequestBuilderForeign extends Builder {
/** private static int all contains the representation to replace all tags*/
private static final int ALL = -1;
- /** default HTML template */
- private static final String DEFAULT_XML_TEMPLATE =
- "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
- "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
- "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" +
- "<sl:DataObjectInfo Structure=\"enveloping\">" +
- "<sl:DataObject>" +
- "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
- "</sl:DataObject>" +
- "<sl:TransformsInfo>" +
- "<sl:FinalDataMetaInfo>" +
- "<sl:MimeType>text/plain</sl:MimeType>" +
- "</sl:FinalDataMetaInfo>" +
- "</sl:TransformsInfo>" +
- "</sl:DataObjectInfo>" +
- "</sl:CreateXMLSignatureRequest>";
+// /** default HTML template */
+// private static final String DEFAULT_XML_TEMPLATE =
+// "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+// "<sl:CreateXMLSignatureRequest xmlns:sl=\"http://www.buergerkarte.at/namespaces/securitylayer/1.2#\">" +
+// "<sl:KeyboxIdentifier>" + KEYBOXID_TAG + "</sl:KeyboxIdentifier>" +
+// "<sl:DataObjectInfo Structure=\"enveloping\">" +
+// "<sl:DataObject>" +
+// "<sl:XMLContent>" + XMLCONTENT_TAG + "</sl:XMLContent>" +
+// "</sl:DataObject>" +
+// "<sl:TransformsInfo>" +
+// "<sl:FinalDataMetaInfo>" +
+// "<sl:MimeType>text/plain</sl:MimeType>" +
+// "</sl:FinalDataMetaInfo>" +
+// "</sl:TransformsInfo>" +
+// "</sl:DataObjectInfo>" +
+// "</sl:CreateXMLSignatureRequest>";
/** default HTML template */
private static final String DEFAULT_XHTML_TEMPLATE =
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
index 9b7cc41ba..924051e2a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/DataURLBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -25,10 +47,6 @@
package at.gv.egovernment.moa.id.auth.builder;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.logging.Logger;
* Builds a DataURL parameter meant for the security layer implementation
@@ -58,7 +76,7 @@ public class DataURLBuilder {
public String buildDataURL(String authBaseURL, String authServletName, String sessionID) {
- String individualDataURLPrefix = null;
+// String individualDataURLPrefix = null;
String dataURL;
//is removed from config in MOA-ID 2.0
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
index bd8d52031..70aa1a160 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -27,8 +49,12 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
+import java.util.Map;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.util.FormBuildUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
* Builder for HTML form requesting the security layer implementation
@@ -53,9 +79,13 @@ public class GetIdentityLinkFormBuilder extends Builder {
/** special tag in the HTML template to be substituted for the infoboxes to be pushed from the BKU */
private static final String PUSHINFOBOX_TAG = "<PushInfobox>";
/** special tag in the HTML template to be substituted for the BKU URL */
- private static final String MANDATE_TAG = "<Mandate>";
/** private static int all contains the representation to replace all tags*/
private static final int ALL = -1;
+ private static final String COLOR_TAG = "<COLOR>";
+ private static final String REDIRECTTARGETTAG = "<REDIRECTTARGET>";
+ private static final String APPLETWIDTH_TAG = "<APPLETWIDTH>";
+ private static final String APPLETHEIGHT_TAG = "<APPLETHEIGHT>";
/** default HTML template */
private static final String DEFAULT_HTML_TEMPLATE =
@@ -112,6 +142,9 @@ public class GetIdentityLinkFormBuilder extends Builder {
* @param bkuURL URL of the "B&uuml;rgerkartenumgebung" the form will be submitted to;
* may be <code>null</code>, in this case the default URL will be used
* @param dataURL DataURL to be sent as a parameter in the form
+ * @param oaParam
+ * @param appletwidth
+ * @param appletheigth
public String build(
String htmlTemplate,
@@ -120,7 +153,9 @@ public class GetIdentityLinkFormBuilder extends Builder {
String dataURL,
String certInfoXMLRequest,
String certInfoDataURL,
- String pushInfobox)
+ String pushInfobox, OAAuthParameter oaParam,
+ String appletheigth,
+ String appletwidth)
throws BuildException
String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
@@ -131,6 +166,27 @@ public class GetIdentityLinkFormBuilder extends Builder {
//new:wird oben mitreplaced htmlForm = replaceTag(htmlForm, BKU_TAG, bkuURL);
htmlForm = replaceTag(htmlForm, CERTINFO_XMLREQUEST_TAG, encodeParameter(certInfoXMLRequest), true, ALL);
htmlForm = replaceTag(htmlForm, CERTINFO_DATAURL_TAG, certInfoDataURL, true, ALL);
+ if (oaParam != null) {
+ Map<String, String> map = oaParam.getFormCustomizaten();
+ htmlForm = replaceTag(htmlForm, COLOR_TAG, map.get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
+ htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, map.get(FormBuildUtils.REDIRECTTARGET), false, ALL);
+ } else {
+ htmlForm = replaceTag(htmlForm, COLOR_TAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.MAIN_BACKGROUNDCOLOR), false, ALL);
+ htmlForm = replaceTag(htmlForm, REDIRECTTARGETTAG, FormBuildUtils.getDefaultMap().get(FormBuildUtils.REDIRECTTARGET), false, ALL);
+ }
+ if (MiscUtil.isNotEmpty(appletheigth))
+ htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, appletheigth, false, ALL);
+ else
+ htmlForm = replaceTag(htmlForm, APPLETHEIGHT_TAG, "160", false, ALL);
+ if (MiscUtil.isNotEmpty(appletwidth))
+ htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, appletwidth, false, ALL);
+ else
+ htmlForm = replaceTag(htmlForm, APPLETWIDTH_TAG, "250", false, ALL);
return htmlForm;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java
index ea3d170eb..3f2d96df4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetVerifyAuthBlockFormBuilder.java
@@ -1,30 +1,52 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.builder;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
* Builder for HTML form requesting a security layer request
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
index b2acf9f2d..828fc78ab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -57,18 +79,18 @@ public class InfoboxReadRequestBuilder implements Constants {
* @return <code>&lt;InfoboxReadRequest&gt;</code> as String
- public String build(boolean slVersion12, boolean businessService, String identityLinkDomainIdentifier) {
+ public String build(boolean businessService, String identityLinkDomainIdentifier) {
String slPrefix;
String slNsDeclaration;
- if (slVersion12) {
+// if (slVersion12) {
slPrefix = SL12_PREFIX;
slNsDeclaration = SL12_NS_URI;
- } else {
- slPrefix = SL10_PREFIX;
- slNsDeclaration = SL10_NS_URI;
- }
+// } else {
+// slPrefix = SL10_PREFIX;
+// slNsDeclaration = SL10_NS_URI;
+// }
StringBuffer sb = new StringBuffer("<?xml version=\"1.0\" encoding=\"UTF-8\" ?>");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
index e13101dbb..bb3533664 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderCertificate.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
deleted file mode 100644
index 0a526ebbe..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/InfoboxValidatorParamsBuilder.java
+++ /dev/null
@@ -1,110 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.builder;
-import java.util.List;
-import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParamsImpl;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.auth.VerifyInfoboxParameter;
-import at.gv.egovernment.moa.util.XPathUtils;
- * This class provides one method for building parameters needed for
- * validating an infobox token.
- *
- * @author Harald Bratko
- */
-public class InfoboxValidatorParamsBuilder {
- // hide the default constructor
- private InfoboxValidatorParamsBuilder() {
- }
- /**
- * Builds the parameters passed to the validator class for validating an infobox token.
- *
- * @param session The actual Authentication session.
- * @param verifyInfoboxParameter The configuration parameters for the infobox.
- * @param infoboxTokenList Contains the infobox token to be validated.
- * @param oaParam The configuration parameters of the online application
- *
- * @return Parameters for validating an infobox token.
- */
-// public static InfoboxValidatorParams buildInfoboxValidatorParams(
-// AuthenticationSession session,
-// VerifyInfoboxParameter verifyInfoboxParameter,
-// List infoboxTokenList,
-// OAAuthParameter oaParam)
-// {
-// InfoboxValidatorParamsImpl infoboxValidatorParams = new InfoboxValidatorParamsImpl();
-// IdentityLink identityLink = session.getIdentityLink();
-// // the infobox token to validate
-// infoboxValidatorParams.setInfoboxTokenList(infoboxTokenList);
-// // configuration parameters
-// infoboxValidatorParams.setTrustProfileID(verifyInfoboxParameter.getTrustProfileID());
-// infoboxValidatorParams.setSchemaLocations(verifyInfoboxParameter.getSchemaLocations());
-// infoboxValidatorParams.setApplicationSpecificParams(verifyInfoboxParameter.getApplicationSpecificParams());
-// // authentication session parameters
-// infoboxValidatorParams.setBkuURL(session.getBkuURL());
-// infoboxValidatorParams.setTarget(session.getTarget());
-// infoboxValidatorParams.setDomainIdentifier(oaParam.getIdentityLinkDomainIdentifier());
-// infoboxValidatorParams.setBusinessApplication(session.getBusinessService());
-// // parameters from the identity link
-// infoboxValidatorParams.setFamilyName(identityLink.getFamilyName());
-// infoboxValidatorParams.setGivenName(identityLink.getGivenName());
-// infoboxValidatorParams.setDateOfBirth(identityLink.getDateOfBirth());
-// if (verifyInfoboxParameter.getProvideStammzahl()) {
-// infoboxValidatorParams.setIdentificationValue(identityLink.getIdentificationValue());
-// }
-// infoboxValidatorParams.setIdentificationType(identityLink.getIdentificationType());
-// infoboxValidatorParams.setPublicKeys(identityLink.getPublicKey());
-// if (verifyInfoboxParameter.getProvideIdentityLink()) {
-// Element identityLinkElem = (Element)identityLink.getSamlAssertion().cloneNode(true);
-// if (!verifyInfoboxParameter.getProvideStammzahl()) {
-// Element identificationValueElem =
-// (Element)XPathUtils.selectSingleNode(identityLinkElem, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH);
-// if (identificationValueElem != null) {
-// identificationValueElem.getFirstChild().setNodeValue("");
-// }
-// }
-// infoboxValidatorParams.setIdentityLink(identityLinkElem);
-// }
-// //TODO: check if this is Protocol specific
-// //infoboxValidatorParams.setHideStammzahl(!oaParam.getProvideStammzahl());
-// infoboxValidatorParams.setHideStammzahl(true);
-// return infoboxValidatorParams;
-// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
index 69e654f56..31e4c0578 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginConfirmationBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
index a80fcfa25..0746d1be1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/LoginFormBuilder.java
@@ -1,27 +1,51 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
+import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.URI;
+import java.net.URISyntaxException;
import org.apache.commons.io.IOUtils;
-import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
-import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class LoginFormBuilder {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "loginFormFull.html";
- private static final String HTMLTEMPLATEIFRAME = "loginFormIFrame.html";
private static String AUTH_URL = "#AUTH_URL#";
private static String MODUL = "#MODUL#";
private static String ACTION = "#ACTION#";
@@ -29,40 +53,42 @@ public class LoginFormBuilder {
private static String BKU_ONLINE = "#ONLINE#";
private static String BKU_HANDY = "#HANDY#";
private static String BKU_LOCAL = "#LOCAL#";
- private static String CONTEXTPATH = "#CONTEXTPATH#";
+ public static String CONTEXTPATH = "#CONTEXTPATH#";
private static String MOASESSIONID = "#SESSIONID#";
private static String SERVLET = CONTEXTPATH+"/GenerateIframeTemplate";
- private static String getTemplate(boolean isIFrame) {
+ public static String getTemplate() {
+ String pathLocation ="";
+ InputStream input = null;
+ try {
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+ File file = new File(new URI(pathLocation));
+ input = new FileInputStream(file);
+ } catch (ConfigurationException e) {
+ Logger.warn("MOA-ID configuration can not be loaded.");
+ } catch (Exception e) {
+ }
+ return getTemplate(input);
+ }
+ public static String getTemplate(InputStream input) {
String template = null;
- try {
- String pathLocation;
- InputStream input;
- String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
- if (isIFrame)
- pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
- else
- pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
- try {
- File file = new File(new URI(pathLocation));
- input = new FileInputStream(file);
- } catch (FileNotFoundException e) {
+ try {
+ if (input == null) {
Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
- if (isIFrame)
- pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
- else
- pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+ String pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
input = Thread.currentThread()
@@ -76,17 +102,23 @@ public class LoginFormBuilder {
template = template.replace(BKU_ONLINE, OAAuthParameter.ONLINEBKU);
template = template.replace(BKU_HANDY, OAAuthParameter.HANDYBKU);
template = template.replace(BKU_LOCAL, OAAuthParameter.LOCALBKU);
- input.close();
} catch (Exception e) {
Logger.error("Failed to read template", e);
+ } finally {
+ try {
+ input.close();
+ } catch (IOException e) {
+ Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
+ }
return template;
- public static String buildLoginForm(String modul, String action, String oaname, String contextpath, boolean isIFrame, String moaSessionID) {
- String value = getTemplate(isIFrame);
+ public static String buildLoginForm(String modul, String action, OAAuthParameter oaParam, String contextpath, String moaSessionID) {
+ String value = getTemplate();
if(value != null) {
if(modul == null) {
@@ -97,11 +129,16 @@ public class LoginFormBuilder {
value = value.replace(MODUL, modul);
value = value.replace(ACTION, action);
- value = value.replace(OANAME, oaname);
+ value = value.replace(OANAME, oaParam.getFriendlyName());
value = value.replace(CONTEXTPATH, contextpath);
value = value.replace(MOASESSIONID, moaSessionID);
+ value = FormBuildUtils.customiceLayoutBKUSelection(value,
+ oaParam.isShowMandateCheckBox(),
+ oaParam.isOnlyMandateAllowed(),
+ oaParam.getFormCustomizaten());
return value;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
index 05a7cdbea..333d8680c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -27,8 +49,8 @@ package at.gv.egovernment.moa.id.auth.builder;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
index 6d10f5519..e2a736330 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/RedirectFormBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
import java.io.InputStream;
@@ -5,8 +27,6 @@ import java.io.StringWriter;
import org.apache.commons.io.IOUtils;
-import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.logging.Logger;
public class RedirectFormBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
index 304a5b70c..1e2a4700d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -27,7 +49,7 @@ package at.gv.egovernment.moa.id.auth.builder;
import java.io.ByteArrayOutputStream;
import java.security.MessageDigest;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -45,7 +67,7 @@ public class SAMLArtifactBuilder {
* The generic configuration parameter for an alternative SourceID.
- private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
+// private static final String GENERIC_CONFIG_PARAM_SOURCEID = "AuthenticationServer.SourceID";
* Constructor for SAMLArtifactBuilder.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
index 9d7ae1f46..8b0d906fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -28,7 +50,7 @@ import java.text.MessageFormat;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
deleted file mode 100644
index bfc86d608..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SelectBKUFormBuilder.java
+++ /dev/null
@@ -1,87 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.builder;
-import at.gv.egovernment.moa.id.BuildException;
- * Builder for the BKU selection form requesting the user to choose
- * a BKU from a list.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SelectBKUFormBuilder extends Builder {
- /** private static String NL contains the NewLine representation in Java*/
- private static final String nl = "\n";
- /** special tag in the HTML template to be substituted for the form action which is
- * a URL of MOA-ID Auth */
- private static final String ACTION_TAG = "<StartAuth>";
- /** special tag in the HTML template to be substituted for the <code>&lt;select;gt;</code> tag
- * containing the BKU selection options */
- private static final String SELECT_TAG = "<BKUSelect>";
- /**
- * Template for the default html-code to be returned as security-layer-selection to be built
- */
- private static final String DEFAULT_HTML_TEMPLATE =
- "<html>" + nl +
- "<head>" + nl +
- "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl +
- "<title>Auswahl der B&uuml;rgerkartenumgebung</title>" + nl +
- "</head>" + nl +
- "<body>" + nl +
- "<form name=\"BKUSelectionForm\"" + nl +
- " action=\"" + ACTION_TAG + "\"" + nl +
- " method=\"post\">" + nl +
- SELECT_TAG + nl +
- " <input type=\"submit\" value=\"B&uuml;rgerkartenumgebung ausw&auml;hlen\"/>" + nl +
- "</form>" + nl +
- "</body>" + nl +
- "</html>";
- /**
- * Constructor
- */
- public SelectBKUFormBuilder() {
- super();
- }
- /**
- * Method build. Builds the form
- * @param htmlTemplate to be used
- * @param startAuthenticationURL the url where the startAuthenticationServlet can be found
- * @param bkuSelectTag if a special bku should be used
- * @return String
- * @throws BuildException on any error
- */
- public String build(String htmlTemplate, String startAuthenticationURL, String bkuSelectTag)
- throws BuildException {
- String htmlForm = htmlTemplate == null ? DEFAULT_HTML_TEMPLATE : htmlTemplate;
- htmlForm = replaceTag(htmlForm, ACTION_TAG, startAuthenticationURL, true, 1);
- htmlForm = replaceTag(htmlForm, SELECT_TAG, bkuSelectTag, true, 1);
- return htmlForm;
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
index 956593237..d8a53fba8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SendAssertionFormBuilder.java
@@ -1,26 +1,50 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
+import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.net.URI;
import org.apache.commons.io.IOUtils;
-import at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet;
-import at.gv.egovernment.moa.id.config.OAParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
+import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class SendAssertionFormBuilder {
private static final String HTMLTEMPLATESDIR = "htmlTemplates/";
private static final String HTMLTEMPLATEFULL = "sendAssertionFormFull.html";
- private static final String HTMLTEMPLATEIFRAME = "sendAssertionFormIFrame.html";
+ private static final String TEMPLATEBGCOLOR = "style=\"background-color: #COLOR#\"";
private static String URL = "#URL#";
private static String MODUL = "#MODUL#";
@@ -28,23 +52,21 @@ public class SendAssertionFormBuilder {
private static String ID = "#ID#";
private static String OANAME = "#OAName#";
private static String CONTEXTPATH = "#CONTEXTPATH#";
+ private static String BACKGROUNDCOLOR = "#BACKGROUNDCOLOR#";
+ private static String COLOR = "#COLOR#";
private static String SERVLET = CONTEXTPATH+"/SSOSendAssertionServlet";
- private static String getTemplate(boolean isIFrame) {
+ private static String getTemplate() {
- String template = null;
+ String template = null;
+ InputStream input = null;
try {
String pathLocation;
- InputStream input;
- String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
- if (isIFrame)
- pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEIFRAME;
- else
- pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
+ String rootconfigdir = AuthConfigurationProvider.getInstance().getRootConfigFileDir();
+ pathLocation = rootconfigdir + HTMLTEMPLATESDIR + HTMLTEMPLATEFULL;
try {
File file = new File(new URI(pathLocation));
@@ -54,10 +76,7 @@ public class SendAssertionFormBuilder {
Logger.warn("No LoginFormTempaltes found. Use Generic Templates from package.");
- if (isIFrame)
- pathLocation = "resources/templates/" + HTMLTEMPLATEIFRAME;
- else
- pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
+ pathLocation = "resources/templates/" + HTMLTEMPLATEFULL;
input = Thread.currentThread()
@@ -69,15 +88,24 @@ public class SendAssertionFormBuilder {
IOUtils.copy(input, writer);
template = writer.toString();
template = template.replace(URL, SERVLET);
} catch (Exception e) {
Logger.error("Failed to read template", e);
+ } finally {
+ try {
+ input.close();
+ } catch (IOException e) {
+ Logger.warn("SendAssertionTemplate inputstream can not be closed.", e);
+ }
return template;
- public static String buildForm(String modul, String action, String id, String oaname, String contextpath, boolean isIFrame) {
- String value = getTemplate(isIFrame);
+ public static String buildForm(String modul, String action, String id, OAAuthParameter oaParam, String contextpath) {
+ String value = getTemplate();
if(value != null) {
if(modul == null) {
@@ -89,8 +117,14 @@ public class SendAssertionFormBuilder {
value = value.replace(MODUL, modul);
value = value.replace(ACTION, action);
value = value.replace(ID, id);
- value = value.replace(OANAME, oaname);
+ value = value.replace(OANAME, oaParam.getFriendlyName());
value = value.replace(CONTEXTPATH, contextpath);
+ value = FormBuildUtils.customiceLayoutBKUSelection(value,
+ oaParam.isShowMandateCheckBox(),
+ oaParam.isOnlyMandateAllowed(),
+ oaParam.getFormCustomizaten());
return value;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index 8a9c2b4fd..0bd690827 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -1,13 +1,35 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.builder;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.logging.Logger;
@@ -36,7 +58,8 @@ public class StartAuthenticationBuilder {
Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
// STORK or normal authentication
- if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
+ //TODO: commented because npe was thrown
+ /*if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
//STORK authentication
Logger.trace("Found C-PEPS configuration for citizen of country: " + moasession.getCcc());
Logger.debug("Starting STORK authentication");
@@ -44,13 +67,13 @@ public class StartAuthenticationBuilder {
AuthenticationServer.startSTORKAuthentication(req, resp, moasession);
return "";
- } else {
+ } else {*/
//normal MOA-ID authentication
Logger.debug("Starting normal MOA-ID authentication");
- String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req.getScheme());
+ String getIdentityLinkForm = AuthenticationServer.getInstance().startAuthentication(moasession, req);
return getIdentityLinkForm;
- }
+ //}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
index b65b3db0d..d2ea53011 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -33,10 +55,10 @@ import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 4560e69cf..f84409d53 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -1,49 +1,56 @@
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between
+ * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence. This product combines work with different licenses. See the "NOTICE" text file for
+ * details on the various modules and licenses. The "NOTICE" text file is part of the distribution.
+ * Any derivative works that you distribute must include a readable copy of the "NOTICE" text file.
package at.gv.egovernment.moa.id.auth.data;
import iaik.x509.X509Certificate;
-import java.io.IOException;
import java.io.Serializable;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
-import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
-import javax.xml.parsers.ParserConfigurationException;
import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
@@ -51,43 +58,40 @@ import at.gv.egovernment.moa.util.DOMUtils;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
- * Session data to be stored between <code>AuthenticationServer</code> API
- * calls.
+ * Session data to be stored between <code>AuthenticationServer</code> API calls.
* @author Paul Ivancsics
* @version $Id$
public class AuthenticationSession implements Serializable {
private static final long serialVersionUID = 1L;
public static final String TARGET_PREFIX_ = Constants.URN_PREFIX_CDID + "+";
- public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK
- + "+";
+ public static final String REGISTERANDORDNR_PREFIX_ = Constants.URN_PREFIX_WBPK + "+";
* session ID
private String sessionID;
- * "Gesch&auml;ftsbereich" the online application belongs to; maybe
- * <code>null</code> if the online application is a business application
+ * "Gesch&auml;ftsbereich" the online application belongs to; maybe <code>null</code> if the
+ * online application is a business application
private String target;
- * Friendly name for the target, if target is configured via MOA-ID
- * configuration
+ * Friendly name for the target, if target is configured via MOA-ID configuration
private String targetFriendlyName;
* SourceID
private String sourceID;
* public online application URL requested
@@ -104,28 +108,25 @@ public class AuthenticationSession implements Serializable {
* HTML template URL
private String templateURL;
* URL of the BKU
private String bkuURL;
- * Indicates whether the corresponding online application is a business
- * service or not
+ * Indicates whether the corresponding online application is a business service or not
private boolean businessService;
- //Store Mandate
+ // Store Mandate
* Use mandate
private boolean useMandate;
private boolean isOW = false;
@@ -133,99 +134,93 @@ public class AuthenticationSession implements Serializable {
- * Mandate element
+ * Mandate element
private MISMandate mandate;
- * Reference value for mandate
- * bussiness service for the assertion
+ * Reference value for mandate bussiness service for the assertion
private String mandateReferenceValue;
* SessionID for MIS
private String misSessionID;
- //store Identitylink
+ // store Identitylink
* identity link read from smartcard
private IdentityLink identityLink;
- /**
- * timestamp logging when identity link has been received
- */
- private Date timestampIdentityLink;
- //store Authblock
+ // /**
+ // * timestamp logging when identity link has been received
+ // */
+ // private Date timestampIdentityLink;
+ // store Authblock
* authentication block to be signed by the user
private String authBlock;
+ private String authBlockTokken;
* The issuing time of the AUTH-Block SAML assertion.
private String issueInstant;
- //Signer certificate
+ // Signer certificate
* Signer certificate of the foreign citizen or for mandate mode
- //private X509Certificate signerCertificate;
+ // private X509Certificate signerCertificate;
private byte[] signerCertificate;
- * SAML attributes from an extended infobox validation to be appended to the
- * SAML assertion delivered to the final online application.
+ * SAML attributes from an extended infobox validation to be appended to the SAML assertion
+ * delivered to the final online application.
- private List extendedSAMLAttributesOA;
+ private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA;
- * The boolean value for either a target or a wbPK is provided as SAML
- * Attribute in the SAML Assertion or not.
+ * The boolean value for either a target or a wbPK is provided as SAML Attribute in the SAML
+ * Assertion or not.
private boolean samlAttributeGebeORwbpk;
- * SAML attributes from an extended infobox validation to be appended to the
- * SAML assertion of the AUTHBlock.
+ * SAML attributes from an extended infobox validation to be appended to the SAML assertion of
+ * the AUTHBlock.
- private List extendedSAMLAttributesAUTH;
+ private List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH;
- //TODO: check if it is in use!
- * If infobox validators are needed after signing, they can be stored in
- * this list.
+ * If infobox validators are needed after signing, they can be stored in this list.
private List infoboxValidators;
- * The register and number in the register parameter in case of a business
- * service application.
+ * The register and number in the register parameter in case of a business service application.
private String domainIdentifier;
- * This string contains all identifiers of infoboxes, the online application
- * is configured to accept. The infobox identifiers are comma separated.
+ * This string contains all identifiers of infoboxes, the online application is configured to
+ * accept. The infobox identifiers are comma separated.
private String pushInfobox;
* The STORK AuthRequest to be sent to the C-PEPS
private STORKAuthnRequest storkAuthnRequest;
+ // private AuthenticationData authData;
- //private AuthenticationData authData;
- //protocol selection
+ // protocol selection
private String action;
private String modul;
@@ -234,82 +229,83 @@ public class AuthenticationSession implements Serializable {
private boolean ssoRequested = false;
-// /**
-// * Indicates if target from configuration is used or not
-// */
-// private boolean useTargetFromConfig;
-// /**
-// * Authentication data for the assertion
-// */
-// private AuthenticationData assertionAuthData;
-// /**
-// * Persondata for the assertion
-// */
-// private String assertionPrPerson;
-// /**
-// * Authblock for the assertion
-// */
-// private String assertionAuthBlock;
-// /**
-// * Identitylink assertion for the (MOA) assertion
-// */
-// private String assertionIlAssertion;
-// /**
-// * Signer certificate (base64 encoded) for the assertion
-// */
-// private String assertionSignerCertificateBase64;
-// /**
-// * bussiness service for the assertion
-// */
-// boolean assertionBusinessService;
-// /**
-// * timestamp logging when authentication session has been created
-// */
-// private Date timestampStart;
-// private CreateXMLSignatureResponse XMLCreateSignatureResponse;
+// private OAuth20SessionObject oAuth20SessionObject;
+ // /**
+ // * Indicates if target from configuration is used or not
+ // */
+ // private boolean useTargetFromConfig;
+ // /**
+ // * Authentication data for the assertion
+ // */
+ // private AuthenticationData assertionAuthData;
+ //
+ // /**
+ // * Persondata for the assertion
+ // */
+ // private String assertionPrPerson;
+ //
+ // /**
+ // * Authblock for the assertion
+ // */
+ // private String assertionAuthBlock;
+ //
+ // /**
+ // * Identitylink assertion for the (MOA) assertion
+ // */
+ // private String assertionIlAssertion;
+ //
+ // /**
+ // * Signer certificate (base64 encoded) for the assertion
+ // */
+ // private String assertionSignerCertificateBase64;
+ //
+ // /**
+ // * bussiness service for the assertion
+ // */
+ // boolean assertionBusinessService;
+ //
+ // /**
+ // * timestamp logging when authentication session has been created
+ // */
+ // private Date timestampStart;
+ // private CreateXMLSignatureResponse XMLCreateSignatureResponse;
private VerifyXMLSignatureResponse XMLVerifySignatureResponse;
private boolean isForeigner;
-// private String requestedProtocolURL = null;
+ // private String requestedProtocolURL = null;
public String getModul() {
return modul;
public void setModul(String modul) {
this.modul = modul;
public String getAction() {
return action;
public void setAction(String action) {
this.action = action;
-// public AuthenticationData getAuthData() {
-// return authData;
-// }
-// public void setAuthData(AuthenticationData authData) {
-// this.authData = authData;
-// }
+ // public AuthenticationData getAuthData() {
+ // return authData;
+ // }
+ //
+ // public void setAuthData(AuthenticationData authData) {
+ // this.authData = authData;
+ // }
public boolean isAuthenticatedUsed() {
return authenticatedUsed;
public void setAuthenticatedUsed(boolean authenticatedUsed) {
this.authenticatedUsed = authenticatedUsed;
@@ -321,16 +317,15 @@ public class AuthenticationSession implements Serializable {
public void setAuthenticated(boolean authenticated) {
this.authenticated = authenticated;
-// public String getRequestedProtocolURL() {
-// return requestedProtocolURL;
-// }
-// public void setRequestedProtocolURL(String requestedProtocolURL) {
-// this.requestedProtocolURL = requestedProtocolURL;
-// }
+ // public String getRequestedProtocolURL() {
+ // return requestedProtocolURL;
+ // }
+ //
+ // public void setRequestedProtocolURL(String requestedProtocolURL) {
+ // this.requestedProtocolURL = requestedProtocolURL;
+ // }
* Constructor for AuthenticationSession.
@@ -339,14 +334,15 @@ public class AuthenticationSession implements Serializable {
public AuthenticationSession(String id) {
sessionID = id;
-// setTimestampStart();
+ // setTimestampStart();
infoboxValidators = new ArrayList();
- public X509Certificate getSignerCertificate(){
+ public X509Certificate getSignerCertificate() {
try {
return new X509Certificate(signerCertificate);
- } catch (CertificateException e) {
+ }
+ catch (CertificateException e) {
Logger.warn("Signer certificate can not be loaded from session database!", e);
return null;
@@ -355,15 +351,16 @@ public class AuthenticationSession implements Serializable {
public byte[] getEncodedSignerCertificate() {
return this.signerCertificate;
public void setSignerCertificate(X509Certificate signerCertificate) {
try {
this.signerCertificate = signerCertificate.getEncoded();
- } catch (CertificateEncodingException e) {
+ }
+ catch (CertificateEncodingException e) {
Logger.warn("Signer certificate can not be stored to session database!", e);
* Returns the identityLink.
@@ -372,7 +369,7 @@ public class AuthenticationSession implements Serializable {
public IdentityLink getIdentityLink() {
return identityLink;
* Returns the sessionID.
@@ -381,7 +378,7 @@ public class AuthenticationSession implements Serializable {
public String getSessionID() {
return sessionID;
* Sets the identityLink.
@@ -391,7 +388,7 @@ public class AuthenticationSession implements Serializable {
public void setIdentityLink(IdentityLink identityLink) {
this.identityLink = identityLink;
* Sets the sessionID.
@@ -401,7 +398,7 @@ public class AuthenticationSession implements Serializable {
public void setSessionID(String sessionId) {
this.sessionID = sessionId;
* Returns the oaURLRequested.
@@ -410,7 +407,7 @@ public class AuthenticationSession implements Serializable {
public String getOAURLRequested() {
return oaURLRequested;
* Returns the oaURLRequested.
@@ -419,7 +416,7 @@ public class AuthenticationSession implements Serializable {
public String getPublicOAURLPrefix() {
return oaPublicURLPrefix;
* Returns the BKU URL.
@@ -428,7 +425,7 @@ public class AuthenticationSession implements Serializable {
public String getBkuURL() {
return bkuURL;
* Returns the target.
@@ -437,7 +434,7 @@ public class AuthenticationSession implements Serializable {
public String getTarget() {
return target;
* Returns the sourceID.
@@ -446,7 +443,7 @@ public class AuthenticationSession implements Serializable {
public String getSourceID() {
return sourceID;
* Returns the target friendly name.
@@ -455,7 +452,7 @@ public class AuthenticationSession implements Serializable {
public String getTargetFriendlyName() {
return targetFriendlyName;
* Sets the oaURLRequested.
@@ -465,7 +462,7 @@ public class AuthenticationSession implements Serializable {
public void setOAURLRequested(String oaURLRequested) {
this.oaURLRequested = oaURLRequested;
* Sets the oaPublicURLPrefix
@@ -475,7 +472,7 @@ public class AuthenticationSession implements Serializable {
public void setPublicOAURLPrefix(String oaPublicURLPrefix) {
this.oaPublicURLPrefix = oaPublicURLPrefix;
* Sets the bkuURL
@@ -485,10 +482,9 @@ public class AuthenticationSession implements Serializable {
public void setBkuURL(String bkuURL) {
this.bkuURL = bkuURL;
- * Sets the target. If the target includes the target prefix, the prefix
- * will be stripped off.
+ * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
* @param target
* The target to set
@@ -498,13 +494,12 @@ public class AuthenticationSession implements Serializable {
// If target starts with prefix "urn:publicid:gv.at:cdid+"; remove
// prefix
this.target = target.substring(TARGET_PREFIX_.length());
- Logger.debug("Target prefix stripped off; resulting target: "
- + this.target);
+ Logger.debug("Target prefix stripped off; resulting target: " + this.target);
} else {
this.target = target;
* Sets the sourceID
@@ -514,10 +509,9 @@ public class AuthenticationSession implements Serializable {
public void setSourceID(String sourceID) {
this.sourceID = sourceID;
- * Sets the target. If the target includes the target prefix, the prefix
- * will be stripped off.
+ * Sets the target. If the target includes the target prefix, the prefix will be stripped off.
* @param target
* The target to set
@@ -525,7 +519,7 @@ public class AuthenticationSession implements Serializable {
public void setTargetFriendlyName(String targetFriendlyName) {
this.targetFriendlyName = targetFriendlyName;
* Returns the authURL.
@@ -534,7 +528,7 @@ public class AuthenticationSession implements Serializable {
public String getAuthURL() {
return authURL;
* Sets the authURL.
@@ -544,7 +538,7 @@ public class AuthenticationSession implements Serializable {
public void setAuthURL(String authURL) {
this.authURL = authURL;
* Returns the authBlock.
@@ -553,7 +547,7 @@ public class AuthenticationSession implements Serializable {
public String getAuthBlock() {
return authBlock;
* Sets the authBlock.
@@ -563,26 +557,17 @@ public class AuthenticationSession implements Serializable {
public void setAuthBlock(String authBlock) {
this.authBlock = authBlock;
- /**
- * Returns the timestampIdentityLink.
- *
- * @return Date
- */
- public Date getTimestampIdentityLink() {
- return timestampIdentityLink;
- }
* Returns the businessService.
- * @return <code>true</code> if the corresponding online application is a
- * business application, otherwise <code>false</code>
+ * @return <code>true</code> if the corresponding online application is a business application,
+ * otherwise <code>false</code>
public boolean getBusinessService() {
return businessService;
* Sets the businessService variable.
@@ -592,37 +577,14 @@ public class AuthenticationSession implements Serializable {
public void setBusinessService(boolean businessService) {
this.businessService = businessService;
-// /**
-// * Returns the timestampStart.
-// *
-// * @return Date
-// */
-// public Date getTimestampStart() {
-// return timestampStart;
-// }
- /**
- * Sets the current date as timestampIdentityLink.
- */
- public void setTimestampIdentityLink() {
- timestampIdentityLink = new Date();
- }
-// /**
-// * Sets the current date as timestampStart.
-// */
-// public void setTimestampStart() {
-// timestampStart = new Date();
-// }
* @return template URL
public String getTemplateURL() {
return templateURL;
* @param string
* the template URL
@@ -630,74 +592,74 @@ public class AuthenticationSession implements Serializable {
public void setTemplateURL(String string) {
templateURL = string;
- * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe
- * <code>null</code>.
+ * Returns the SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- * @return The SAML Attributes to be appended to the AUTHBlock. Maybe
- * <code>null</code>.
+ * @return The SAML Attributes to be appended to the AUTHBlock. Maybe <code>null</code>.
- public List getExtendedSAMLAttributesAUTH() {
+ public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesAUTH() {
+ if (extendedSAMLAttributesAUTH == null) extendedSAMLAttributesAUTH = new ArrayList<ExtendedSAMLAttribute>();
return extendedSAMLAttributesAUTH;
* Sets the SAML Attributes to be appended to the AUTHBlock.
* @param extendedSAMLAttributesAUTH
* The SAML Attributes to be appended to the AUTHBlock.
- public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) {
+ public void setExtendedSAMLAttributesAUTH(List<ExtendedSAMLAttribute> extendedSAMLAttributesAUTH) {
this.extendedSAMLAttributesAUTH = extendedSAMLAttributesAUTH;
- * Returns the SAML Attributes to be appended to the SAML assertion
- * delivered to the online application. Maybe <code>null</code>.
+ * Returns the SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application. Maybe <code>null</code>.
- * @return The SAML Attributes to be appended to the SAML assertion
- * delivered to the online application
+ * @return The SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application
- public List getExtendedSAMLAttributesOA() {
+ public List<ExtendedSAMLAttribute> getExtendedSAMLAttributesOA() {
return extendedSAMLAttributesOA;
- * Sets the SAML Attributes to be appended to the SAML assertion delivered
- * to the online application.
+ * Sets the SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application.
* @param extendedSAMLAttributesOA
- * The SAML Attributes to be appended to the SAML assertion
- * delivered to the online application.
+ * The SAML Attributes to be appended to the SAML assertion delivered to the online
+ * application.
- public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) {
+ public void setExtendedSAMLAttributesOA(List<ExtendedSAMLAttribute> extendedSAMLAttributesOA) {
this.extendedSAMLAttributesOA = extendedSAMLAttributesOA;
- * Returns the boolean value for either a target or a wbPK is provided as
- * SAML Attribute in the SAML Assertion or not.
+ * Returns the boolean value for either a target or a wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
- * @return true either a target or a wbPK is provided as SAML Attribute in
- * the SAML Assertion or false if not.
+ * @return true either a target or a wbPK is provided as SAML Attribute in the SAML Assertion or
+ * false if not.
public boolean getSAMLAttributeGebeORwbpk() {
return this.samlAttributeGebeORwbpk;
- * Sets the boolean value for either a target or a wbPK is provided as SAML
- * Attribute in the SAML Assertion or not.
+ * Sets the boolean value for either a target or a wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
* @param samlAttributeGebeORwbpk
- * The boolean for value either a target or wbPK is provided as
- * SAML Attribute in the SAML Assertion or not.
+ * The boolean for value either a target or wbPK is provided as SAML Attribute in the
+ * SAML Assertion or not.
public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) {
this.samlAttributeGebeORwbpk = samlAttributeGebeORwbpk;
* Returns the issuing time of the AUTH-Block SAML assertion.
@@ -706,7 +668,7 @@ public class AuthenticationSession implements Serializable {
public String getIssueInstant() {
return issueInstant;
* Sets the issuing time of the AUTH-Block SAML assertion.
@@ -716,40 +678,39 @@ public class AuthenticationSession implements Serializable {
public void setIssueInstant(String issueInstant) {
this.issueInstant = issueInstant;
* Returns the iterator to the stored infobox validators.
* @return Iterator
public Iterator getInfoboxValidatorIterator() {
- if (infoboxValidators == null)
- return null;
- return infoboxValidators.iterator();
- }
- /**
- * Adds an infobox validator class to the stored infobox validators.
- *
- * @param infoboxIdentifier
- * the identifier of the infobox the validator belongs to
- * @param infoboxFriendlyName
- * the friendly name of the infobox
- * @param infoboxValidator
- * the infobox validator to add
- */
- public Iterator addInfoboxValidator(String infoboxIdentifier,
- String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
- if (infoboxValidators == null)
- infoboxValidators = new ArrayList();
- Vector v = new Vector(3);
- v.add(infoboxIdentifier);
- v.add(infoboxFriendlyName);
- v.add(infoboxValidator);
- infoboxValidators.add(v);
+ if (infoboxValidators == null) return null;
return infoboxValidators.iterator();
+ // /**
+ // * Adds an infobox validator class to the stored infobox validators.
+ // *
+ // * @param infoboxIdentifier
+ // * the identifier of the infobox the validator belongs to
+ // * @param infoboxFriendlyName
+ // * the friendly name of the infobox
+ // * @param infoboxValidator
+ // * the infobox validator to add
+ // */
+ // public Iterator addInfoboxValidator(String infoboxIdentifier,
+ // String infoboxFriendlyName, InfoboxValidator infoboxValidator) {
+ // if (infoboxValidators == null)
+ // infoboxValidators = new ArrayList();
+ // Vector v = new Vector(3);
+ // v.add(infoboxIdentifier);
+ // v.add(infoboxFriendlyName);
+ // v.add(infoboxValidator);
+ // infoboxValidators.add(v);
+ // return infoboxValidators.iterator();
+ // }
* Tests for pending input events of the infobox validators.
@@ -761,100 +722,94 @@ public class AuthenticationSession implements Serializable {
if (iter != null) {
while (!result && iter.hasNext()) {
Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- if (!ParepUtils.isEmpty(infoboxvalidator.getForm()))
- result = true;
+ InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector.get(2);
+ if (!ParepUtils.isEmpty(infoboxvalidator.getForm())) result = true;
return result;
- /**
- * Returns the first pending infobox validator.
- *
- * @return the infobox validator class
- */
- public InfoboxValidator getFirstPendingValidator() {
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- String form = infoboxvalidator.getForm();
- if (!ParepUtils.isEmpty(form))
- return infoboxvalidator;
- }
- }
- return null;
- }
- /**
- * Returns the input form of the first pending infobox validator input
- * processor.
- *
- * @return the form to show
- */
- public String getFirstValidatorInputForm() {
- Iterator iter = getInfoboxValidatorIterator();
- if (iter != null) {
- while (iter.hasNext()) {
- Vector infoboxValidatorVector = (Vector) iter.next();
- InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
- .get(2);
- String form = infoboxvalidator.getForm();
- if (!ParepUtils.isEmpty(form))
- return form;
- }
- }
- return null;
- }
- /**
- * Returns domain identifier (the register and number in the register
- * parameter). <code>null</code> in the case of not a business service.
+ // /**
+ // * Returns the first pending infobox validator.
+ // *
+ // * @return the infobox validator class
+ // */
+ // public InfoboxValidator getFirstPendingValidator() {
+ // Iterator iter = getInfoboxValidatorIterator();
+ // if (iter != null) {
+ // while (iter.hasNext()) {
+ // Vector infoboxValidatorVector = (Vector) iter.next();
+ // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ // .get(2);
+ // String form = infoboxvalidator.getForm();
+ // if (!ParepUtils.isEmpty(form))
+ // return infoboxvalidator;
+ // }
+ // }
+ // return null;
+ // }
+ // /**
+ // * Returns the input form of the first pending infobox validator input
+ // * processor.
+ // *
+ // * @return the form to show
+ // */
+ // public String getFirstValidatorInputForm() {
+ // Iterator iter = getInfoboxValidatorIterator();
+ // if (iter != null) {
+ // while (iter.hasNext()) {
+ // Vector infoboxValidatorVector = (Vector) iter.next();
+ // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ // .get(2);
+ // String form = infoboxvalidator.getForm();
+ // if (!ParepUtils.isEmpty(form))
+ // return form;
+ // }
+ // }
+ // return null;
+ // }
+ /**
+ * Returns domain identifier (the register and number in the register parameter).
+ * <code>null</code> in the case of not a business service.
* @return the domainIdentifier
public String getDomainIdentifier() {
return domainIdentifier;
- * Sets the register and number in the register parameter if the application
- * is a business service. If the domain identifier includes the
- * registerAndOrdNr prefix, the prefix will be stripped off.
+ * Sets the register and number in the register parameter if the application is a business
+ * service. If the domain identifier includes the registerAndOrdNr prefix, the prefix will be
+ * stripped off.
* @param domainIdentifier
* the domain identifier to set
public void setDomainIdentifier(String domainIdentifier) {
- if (domainIdentifier != null
- && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
+ if (domainIdentifier != null && domainIdentifier.startsWith(REGISTERANDORDNR_PREFIX_)) {
// If domainIdentifier starts with prefix
// "urn:publicid:gv.at:wbpk+"; remove this prefix
- this.domainIdentifier = domainIdentifier
- .substring(REGISTERANDORDNR_PREFIX_.length());
- Logger.debug("Register and ordernumber prefix stripped off; resulting register string: "
- + this.domainIdentifier);
+ this.domainIdentifier = domainIdentifier.substring(REGISTERANDORDNR_PREFIX_.length());
+ Logger.debug("Register and ordernumber prefix stripped off; resulting register string: " + this.domainIdentifier);
} else {
this.domainIdentifier = domainIdentifier;
- * Gets all identifiers of infoboxes, the online application is configured
- * to accept. The infobox identifiers are comma separated.
+ * Gets all identifiers of infoboxes, the online application is configured to accept. The
+ * infobox identifiers are comma separated.
* @return the string containing infobox identifiers
public String getPushInfobox() {
- if (pushInfobox == null)
- return "";
+ if (pushInfobox == null) return "";
return pushInfobox;
* @param pushInfobox
* the infobox identifiers to set (comma separated)
@@ -862,7 +817,7 @@ public class AuthenticationSession implements Serializable {
public void setPushInfobox(String pushInfobox) {
this.pushInfobox = pushInfobox;
* @param useMandate
@@ -873,9 +828,9 @@ public class AuthenticationSession implements Serializable {
this.useMandate = true;
this.useMandate = false;
* Returns if mandate is used or not
@@ -884,26 +839,7 @@ public class AuthenticationSession implements Serializable {
public boolean getUseMandate() {
return this.useMandate;
-// /**
-// *
-// * @param useTargetFromConfig
-// * indicates if target from config is used or not
-// */
-// public void setUseTargetFromConfig(boolean useTargetFromConfig) {
-// this.useTargetFromConfig = useTargetFromConfig;
-// }
-// /**
-// * Returns if target is used from mandate or not
-// *
-// * @return
-// */
-// public boolean getUseTargetFromConfig() {
-// return this.useTargetFromConfig;
-// }
* @param misSessionID
@@ -912,7 +848,7 @@ public class AuthenticationSession implements Serializable {
public void setMISSessionID(String misSessionID) {
this.misSessionID = misSessionID;
* Returns the MIS session ID
@@ -921,105 +857,14 @@ public class AuthenticationSession implements Serializable {
public String getMISSessionID() {
return this.misSessionID;
-// /**
-// * @return the assertionAuthData
-// */
-// public AuthenticationData getAssertionAuthData() {
-// return assertionAuthData;
-// }
-// /**
-// * @param assertionAuthData
-// * the assertionAuthData to set
-// */
-// public void setAssertionAuthData(AuthenticationData assertionAuthData) {
-// this.assertionAuthData = assertionAuthData;
-// }
-// /**
-// * @return the assertionPrPerson
-// */
-// public String getAssertionPrPerson() {
-// return assertionPrPerson;
-// }
-// /**
-// * @param assertionPrPerson
-// * the assertionPrPerson to set
-// */
-// public void setAssertionPrPerson(String assertionPrPerson) {
-// this.assertionPrPerson = assertionPrPerson;
-// }
-// /**
-// * @return the assertionAuthBlock
-// */
-// public String getAssertionAuthBlock() {
-// return assertionAuthBlock;
-// }
-// /**
-// * @param assertionAuthBlock
-// * the assertionAuthBlock to set
-// */
-// public void setAssertionAuthBlock(String assertionAuthBlock) {
-// this.assertionAuthBlock = assertionAuthBlock;
-// }
-// /**
-// * @return the assertionIlAssertion
-// */
-// public String getAssertionIlAssertion() {
-// return assertionIlAssertion;
-// }
-// /**
-// * @param assertionIlAssertion
-// * the assertionIlAssertion to set
-// */
-// public void setAssertionIlAssertion(String assertionIlAssertion) {
-// this.assertionIlAssertion = assertionIlAssertion;
-// }
-// /**
-// * @return the assertionSignerCertificateBase64
-// */
-// public String getAssertionSignerCertificateBase64() {
-// return assertionSignerCertificateBase64;
-// }
-// /**
-// * @param assertionSignerCertificateBase64
-// * the assertionSignerCertificateBase64 to set
-// */
-// public void setAssertionSignerCertificateBase64(
-// String assertionSignerCertificateBase64) {
-// this.assertionSignerCertificateBase64 = assertionSignerCertificateBase64;
-// }
-// /**
-// * @return the assertionBusinessService
-// */
-// public boolean getAssertionBusinessService() {
-// return assertionBusinessService;
-// }
-// /**
-// * @param assertionBusinessService
-// * the assertionBusinessService to set
-// */
-// public void setAssertionBusinessService(boolean assertionBusinessService) {
-// this.assertionBusinessService = assertionBusinessService;
-// }
* @return the mandateReferenceValue
public String getMandateReferenceValue() {
return mandateReferenceValue;
* @param mandateReferenceValue
* the mandateReferenceValue to set
@@ -1027,7 +872,7 @@ public class AuthenticationSession implements Serializable {
public void setMandateReferenceValue(String mandateReferenceValue) {
this.mandateReferenceValue = mandateReferenceValue;
* Gets the STORK SAML AuthnRequest
@@ -1036,7 +881,7 @@ public class AuthenticationSession implements Serializable {
public STORKAuthnRequest getStorkAuthnRequest() {
return storkAuthnRequest;
* Sets the STORK SAML AuthnRequest
@@ -1046,45 +891,35 @@ public class AuthenticationSession implements Serializable {
public void setStorkAuthnRequest(STORKAuthnRequest storkAuthnRequest) {
this.storkAuthnRequest = storkAuthnRequest;
public String getCcc() {
return ccc;
public void setCcc(String ccc) {
this.ccc = ccc;
-// public CreateXMLSignatureResponse getXMLCreateSignatureResponse() {
-// return XMLCreateSignatureResponse;
-// }
-// public void setXMLCreateSignatureResponse(CreateXMLSignatureResponse xMLCreateSignatureResponse) {
-// XMLCreateSignatureResponse = xMLCreateSignatureResponse;
-// }
public boolean isForeigner() {
return isForeigner;
public void setForeigner(boolean isForeigner) {
this.isForeigner = isForeigner;
public VerifyXMLSignatureResponse getXMLVerifySignatureResponse() {
return XMLVerifySignatureResponse;
public void setXMLVerifySignatureResponse(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
XMLVerifySignatureResponse = xMLVerifySignatureResponse;
public MISMandate getMISMandate() {
return mandate;
public void setMISMandate(MISMandate mandate) {
this.mandate = mandate;
@@ -1093,44 +928,75 @@ public class AuthenticationSession implements Serializable {
try {
byte[] byteMandate = mandate.getMandate();
String stringMandate = new String(byteMandate);
- return DOMUtils.parseDocument(stringMandate, false,
- null, null).getDocumentElement();
+ return DOMUtils.parseDocument(stringMandate, false, null, null).getDocumentElement();
- }catch (Throwable e) {
+ }
+ catch (Throwable e) {
Logger.warn("Mandate content could not be generated from MISMandate.");
return null;
- }
+ }
* @return the ssoRequested
- //TODO: SSO only allowed without mandates, actually!!!!!!
+ // TODO: SSO only allowed without mandates, actually!!!!!!
public boolean isSsoRequested() {
return ssoRequested && !useMandate;
- * @param ssoRequested the ssoRequested to set
+ * @param ssoRequested
+ * the ssoRequested to set
public void setSsoRequested(boolean ssoRequested) {
this.ssoRequested = ssoRequested;
* @return the isOW
public boolean isOW() {
return isOW;
- * @param isOW the isOW to set
+ * @param isOW
+ * the isOW to set
public void setOW(boolean isOW) {
this.isOW = isOW;
+ /**
+ * @return the authBlockTokken
+ */
+ public String getAuthBlockTokken() {
+ return authBlockTokken;
+ }
+ /**
+ * @param authBlockTokken
+ * the authBlockTokken to set
+ */
+ public void setAuthBlockTokken(String authBlockTokken) {
+ this.authBlockTokken = authBlockTokken;
+ }
+ /**
+// * @return the oAuth20SessionObject
+// */
+// public OAuth20SessionObject getoAuth20SessionObject() {
+// return oAuth20SessionObject;
+// }
+// /**
+// * @param oAuth20SessionObject
+// * the oAuth20SessionObject to set
+// */
+// public void setoAuth20SessionObject(OAuth20SessionObject oAuth20SessionObject) {
+// this.oAuth20SessionObject = oAuth20SessionObject;
+// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
index b204b629a..4f539caf4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/CreateXMLSignatureResponse.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
index 23d526d2d..e1755615b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttribute.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
index 7523d7eaf..c7fa58eaf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/ExtendedSAMLAttributeImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
index b03f23ce4..78f1e14f0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/IdentityLink.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
index a0f032bad..95a492216 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxToken.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
index b7e0a8e6c..0791e4938 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxTokenImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
index e79e41515..e9a278d0f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResult.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
index 12643939e..0ba17eb2f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidationResultImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
index a4c73cb88..26484c138 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParams.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
index d612313f1..025383e7e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/InfoboxValidatorParamsImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
index 9b809ac18..bb33c9030 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SAMLAttribute.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java
index f329be79b..3c3b9589e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/Schema.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
index 5c1d448a1..2f42ae98a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/SchemaImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
index ed54683ca..6cf1de319 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/VerifyXMLSignatureResponse.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java
index ae4c5fd1e..31a3e38dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/AuthenticationException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/AuthenticationException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -22,7 +44,7 @@
-package at.gv.egovernment.moa.id;
+package at.gv.egovernment.moa.id.auth.exception;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
new file mode 100644
index 000000000..f1d3b078e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BKUException.java
@@ -0,0 +1,67 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+package at.gv.egovernment.moa.id.auth.exception;
+public class BKUException extends MOAIDException {
+ private static final long serialVersionUID = -4646544256490397419L;
+ private String bkuErrorCode;
+ private String bkuErrorMessage;
+ public BKUException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+ public BKUException(String messageId, Object[] parameters, Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+ public BKUException(String messageId, Object[] parameters,
+ String bkuErrorCode, String bkuErrorMessage) {
+ super(messageId, parameters);
+ this.bkuErrorCode = bkuErrorCode;
+ this.bkuErrorMessage = bkuErrorMessage;
+ }
+ /**
+ * @return the bkuErrorCode
+ */
+ public String getBkuErrorCode() {
+ return bkuErrorCode;
+ }
+ /**
+ * @return the bkuErrorMessage
+ */
+ public String getBkuErrorMessage() {
+ return bkuErrorMessage;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java
index c2ef9be6f..155a18f15 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/BuildException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/BuildException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -22,7 +44,7 @@
-package at.gv.egovernment.moa.id;
+package at.gv.egovernment.moa.id.auth.exception;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java
index c7c9e3d07..2b277736d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ECDSAConverterException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ECDSAConverterException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -22,7 +44,7 @@
-package at.gv.egovernment.moa.id;
+package at.gv.egovernment.moa.id.auth.exception;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
new file mode 100644
index 000000000..e26ab6597
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MISSimpleClientException.java
@@ -0,0 +1,94 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+public class MISSimpleClientException extends MOAIDException {
+ private static final long serialVersionUID = 1L;
+ private String misErrorCode;
+ private String misErrorMessage;
+ public MISSimpleClientException() {
+ super("UNDEFINED ERROR", null);
+ }
+ public MISSimpleClientException(String message) {
+ super(message, null);
+ this.misErrorMessage = message;
+ }
+ public MISSimpleClientException(String message, String code, String text) {
+ super(message, null);
+ this.misErrorMessage = text;
+ this.misErrorCode = code;
+ }
+ public MISSimpleClientException(Throwable cause) {
+ super("UNDEFINED ERROR", null, cause);
+ }
+ public MISSimpleClientException(String message, Throwable cause) {
+ super(message, null, cause);
+ this.misErrorMessage = message;
+ }
+ /**
+ * @return the bkuErrorCode
+ */
+ public String getMISErrorCode() {
+ return misErrorCode;
+ }
+ /**
+ * @return the bkuErrorMessage
+ */
+ public String getMISErrorMessage() {
+ return misErrorMessage;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java
index 54b5351de..165fee599 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/MOAIDException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOAIDException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -22,7 +44,7 @@
-package at.gv.egovernment.moa.id;
+package at.gv.egovernment.moa.id.auth.exception;
import java.io.PrintStream;
import java.io.PrintWriter;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java
new file mode 100644
index 000000000..42fa5c6a7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/MOASPException.java
@@ -0,0 +1,67 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+package at.gv.egovernment.moa.id.auth.exception;
+public class MOASPException extends MOAIDException {
+ private static final long serialVersionUID = -4646544256490397419L;
+ private String moaSPErrorCode;
+ private String moaSPErrorMessage;
+ public MOASPException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+ public MOASPException(String messageId, Object[] parameters, Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+ public MOASPException(String messageId, Object[] parameters, Throwable wrapped,
+ String moaSPErrorCode, String moaSPErrorMessage) {
+ super(messageId, parameters, wrapped);
+ this.moaSPErrorCode = moaSPErrorCode;
+ this.moaSPErrorMessage = moaSPErrorMessage;
+ }
+ /**
+ * @return the bkuErrorCode
+ */
+ public String getMOASPErrorCode() {
+ return moaSPErrorCode;
+ }
+ /**
+ * @return the bkuErrorMessage
+ */
+ public String getMOASPErrorMessage() {
+ return moaSPErrorMessage;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java
index eac65d14f..83d0a398b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ParseException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ParseException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -22,7 +44,7 @@
-package at.gv.egovernment.moa.id;
+package at.gv.egovernment.moa.id.auth.exception;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java
index 8ba23705e..3bdf8f743 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/ServiceException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ServiceException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -22,7 +44,7 @@
-package at.gv.egovernment.moa.id;
+package at.gv.egovernment.moa.id.auth.exception;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java
index 7ac3a15dd..0385352d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/ValidateException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/ValidateException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -22,9 +44,8 @@
-package at.gv.egovernment.moa.id.auth.validator;
+package at.gv.egovernment.moa.id.auth.exception;
-import at.gv.egovernment.moa.id.MOAIDException;
* Exception thrown while validating an incoming XML structure
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java
new file mode 100644
index 000000000..895a2aeef
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/WrongParametersException.java
@@ -0,0 +1,73 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+ * Exception thrown when the <code>AuthenticationServer</code> API is
+ * called with wrong parameters provided.
+ *
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class WrongParametersException extends MOAIDException {
+ /**
+ *
+ */
+ private static final long serialVersionUID = -7501748998171109466L;
+ * Constructor
+ */
+ public WrongParametersException(String call, String parameter, String errorID) {
+ super(errorID, new Object[] {call, parameter});
+ //super("auth.05", new Object[] {call, parameter});
+ //super("auth.12", new Object[] {call, parameter});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
index f6c5a14d8..d6d22fe4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -35,7 +57,7 @@ import org.apache.axis.message.SOAPBodyElement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -113,4 +135,4 @@ public class SignatureVerificationInvoker {
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
index 1624a59c0..b39cf9e9b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -25,21 +47,19 @@
package at.gv.egovernment.moa.id.auth.parser;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
-import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.w3c.dom.traversal.NodeIterator;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -84,13 +104,18 @@ public class CreateXMLSignatureResponseParser {
* @throws AuthenticationException if any authentication error occurs
* @throws ParseException if an element cannot be parsed
+ * @throws
- public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException {
+ public CreateXMLSignatureResponseParser(String xmlResponse) throws AuthenticationException, ParseException, BKUException{
try {
InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
- catch (Throwable t) {
+ catch (BKUException e) {
+ throw e;
+ } catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
@@ -103,8 +128,9 @@ public class CreateXMLSignatureResponseParser {
* @throws AuthenticationException If any authentication error occurs
* @throws ParseException If an element cannot be parsed
+ * @throws BKUException
- public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException {
+ public CreateXMLSignatureResponseParser(InputStream is) throws AuthenticationException, ParseException, BKUException {
@@ -125,8 +151,9 @@ public class CreateXMLSignatureResponseParser {
* @param is The CreateXMLSignatureResponse as stream.
* @throws AuthenticationException if an authentication error occurs.
* @throws ParseException If an error occurs on parsing the the document.
+ * @throws BKUException
- private void init(InputStream is) throws AuthenticationException, ParseException {
+ private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
try {
Element responseElem = DOMUtils.parseXmlValidating(is);
@@ -135,10 +162,16 @@ public class CreateXMLSignatureResponseParser {
sigResponse_ = responseElem;
} else {
ErrorResponseParser erp = new ErrorResponseParser(responseElem);
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ throw new BKUException("auth.08",
+ new Object[] { erp.getErrorCode(), erp.getErrorInfo()},
+ erp.getErrorCode(),
+ erp.getErrorInfo());
- } catch (Throwable t) {
+ } catch (BKUException e) {
+ throw e;
+ } catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
@@ -186,7 +219,7 @@ public class CreateXMLSignatureResponseParser {
cResp.setSamlAssertion((Element) XPathUtils.selectSingleNode(sigResponse_, "/" + slPrefix + SAML_ASSERTION_XPATH));
NodeIterator attrIter = XPathUtils.selectNodeIterator(sigResponse_, "/" + slPrefix + SAML_ATTRIBUTE_XPATH);
Element samlAttr;
- List samlAttributes = new ArrayList();
+ List<SAMLAttribute> samlAttributes = new ArrayList<SAMLAttribute>();
while ((samlAttr = (Element) attrIter.nextNode()) != null) {
String attrName = XPathUtils.getAttributeValue(samlAttr, "@AttributeName", "");
String attrNamespace = XPathUtils.getAttributeValue(samlAttr, "@AttributeNamespace", "");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
index 9b95edc77..a09f0a2a8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ErrorResponseParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -27,7 +49,7 @@ package at.gv.egovernment.moa.id.auth.parser;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
* Parses an <code>&lt;ErrorResponse&gt;</code>.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
index 6dff65616..390467bf8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -31,9 +53,9 @@ import java.util.Vector;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
index a468caf73..ab4a91df9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -36,9 +58,9 @@ import java.util.List;
import org.w3c.dom.Element;
import org.w3c.dom.traversal.NodeIterator;
-import at.gv.egovernment.moa.id.ECDSAConverterException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.ECDSAConverterException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
index 760df649d..28ce69e95 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -40,9 +62,10 @@ import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -66,14 +89,19 @@ public class InfoboxReadResponseParser {
* @param xmlResponse <code>&lt;InfoboxReadResponse&gt;</code> as String
* @throws ParseException If an element cannot be parsed
* @throws AuthenticationException If any authentication error occurs
+ * @throws BKUException
- public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException {
+ public InfoboxReadResponseParser(String xmlResponse) throws ParseException, AuthenticationException, BKUException {
try {
InputStream s = new ByteArrayInputStream(xmlResponse.getBytes("UTF-8"));
- catch (Throwable t) {
+ catch (BKUException e) {
+ throw e;
+ } catch (Throwable t) {
throw new ParseException("parser.01", new Object[] { t.toString()}, t);
@@ -85,8 +113,9 @@ public class InfoboxReadResponseParser {
* @param is <code>&lt;InfoboxReadResponse&gt;</code> as InputStream
* @throws ParseException If an element cannot be parsed
* @throws AuthenticationException If any authentication error occurs
+ * @throws BKUException
- public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException {
+ public InfoboxReadResponseParser(InputStream is) throws ParseException, AuthenticationException, BKUException {
@@ -98,8 +127,9 @@ public class InfoboxReadResponseParser {
* @param is The InfoBoxReadResponse as stream.
* @throws AuthenticationException If an authentication error occurs.
* @throws ParseException If an error occurs on parsing the the document.
+ * @throws BKUException
- private void init(InputStream is) throws AuthenticationException, ParseException {
+ private void init(InputStream is) throws AuthenticationException, ParseException, BKUException {
try {
Element responseElem = DOMUtils.parseXmlValidating(is);
@@ -108,11 +138,17 @@ public class InfoboxReadResponseParser {
infoBoxElem_ = responseElem;
} else {
ErrorResponseParser erp = new ErrorResponseParser(responseElem);
- throw new AuthenticationException("auth.08", new Object[] { erp.getErrorCode(), erp.getErrorInfo()});
+ throw new BKUException("auth.08",
+ new Object[] { erp.getErrorCode(), erp.getErrorInfo()},
+ erp.getErrorCode(),
+ erp.getErrorInfo());
+ } catch (BKUException e) {
+ throw e;
} catch (Throwable t) {
- throw new ParseException("parser.01", new Object[] { t.toString()}, t);
+ throw new ParseException("parser.01", new Object[] { t.toString()}, t);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
index 204f916e5..0e0b42cde 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -26,7 +48,7 @@ package at.gv.egovernment.moa.id.auth.parser;
import java.io.IOException;
-import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.util.Base64Utils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index 84e55435d..67433dde7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -1,6 +1,29 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.parser;
import java.io.UnsupportedEncodingException;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@@ -8,11 +31,11 @@ import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IRequest;
@@ -137,7 +160,9 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
moasession.setSsoRequested(true && oaParam.useSSO()); //make always SSO if OA requested it!!!!
//Validate BKU URI
- if (!ParamValidatorUtils.isValidBKUURI(bkuURL, oaParam.getBKUURL()))
+ List<String> allowedbkus = oaParam.getBKUURL();
+ allowedbkus.addAll(AuthConfigurationProvider.getInstance().getDefaultBKUURLs());
+ if (!ParamValidatorUtils.isValidBKUURI(bkuURL, allowedbkus))
throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
if (!oaParam.getBusinessService()) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
index 2c957603b..7bce406e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -32,8 +54,8 @@ import java.io.InputStream;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.XPathUtils;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
index 022f21491..f6cd2b776 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -23,9 +45,13 @@
package at.gv.egovernment.moa.id.auth.servlet;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.Security;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
@@ -34,6 +60,7 @@ import java.util.Map;
import javax.servlet.RequestDispatcher;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
+import javax.servlet.ServletContextEvent;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
@@ -45,17 +72,16 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.fileupload.disk.DiskFileItemFactory;
import org.apache.commons.fileupload.servlet.ServletFileUpload;
-import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
-import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
import at.gv.egovernment.moa.id.storage.IExceptionStore;
import at.gv.egovernment.moa.id.util.ServletUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.URLDecoder;
@@ -101,6 +127,11 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
req.setAttribute("LogLevel", "debug");
+ StatisticLogger logger = StatisticLogger.getInstance();
+ logger.logErrorOperation(exceptionThrown);
// forward this to errorpage-auth.jsp where the HTML error page is
// generated
ServletContext context = getServletContext();
@@ -162,46 +193,30 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
req.setAttribute("LogLevel", "debug");
- IExceptionStore store = ExceptionStoreImpl.getStore();
+ IExceptionStore store = DBExceptionStoreImpl.getStore();
String id = store.storeException(exceptionThrown);
- String redirectURL = null;
+ if (id != null) {
+ String redirectURL = null;
- redirectURL = ServletUtils.getBaseUrl(req);
- redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
- + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
+ redirectURL = ServletUtils.getBaseUrl(req);
+ redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id
+ + "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
- resp.setContentType("text/html");
- resp.setStatus(302);
+ resp.setContentType("text/html");
+ resp.setStatus(302);
- resp.addHeader("Location", redirectURL);
- Logger.debug("REDIRECT TO: " + redirectURL);
+ resp.addHeader("Location", redirectURL);
+ Logger.debug("REDIRECT TO: " + redirectURL);
- return;
- /*
- // forward this to errorpage-auth.jsp where the HTML error page is
- // generated
- ServletContext context = getServletContext();
- RequestDispatcher dispatcher = context
- .getRequestDispatcher("/errorpage-auth.jsp");
- try {
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
- resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
- dispatcher.forward(req, resp);
- } catch (ServletException e) {
- Logger.error(e);
- } catch (IOException e) {
- Logger.error(e);
+ return;
+ } else {
+ //Exception can not be stored in database
+ handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
- */
@@ -266,10 +281,10 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
* @throws FileUploadException
* if parsing request parameters fails.
- protected Map getParameters(HttpServletRequest req) throws IOException,
+ protected Map<String, String> getParameters(HttpServletRequest req) throws IOException,
FileUploadException {
- Map parameters = new HashMap();
+ Map<String, String> parameters = new HashMap<String, String>();
if (ServletFileUpload.isMultipartContent(req)) {
// request is encoded as mulitpart/form-data
@@ -363,6 +378,12 @@ public class AuthServlet extends HttpServlet implements MOAIDAuthConstants {
+// public void contextDestroyed(ServletContextEvent arg0) {
+// Security.removeProvider((new IAIK()).getName());
+// Security.removeProvider((new ECCProvider()).getName());
+// }
* Set response headers to avoid caching
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
index a77224d10..0c2bb66c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ConfigurationServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
index d4484a97c..c66e19eb0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
@@ -1,36 +1,52 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
import java.io.PrintWriter;
-import java.util.Arrays;
-import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringEscapeUtils;
-import org.bouncycastle.asn1.x509.Target;
-import com.trilead.ssh2.Session;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
public class GenerateIFrameTemplateServlet extends AuthServlet {
@@ -61,6 +77,8 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
String useMandate = req.getParameter(PARAM_USEMANDATE);
String ccc = req.getParameter(PARAM_CCC);
String moasessionid = req.getParameter(PARAM_SESSIONID);
+ moasessionid = StringEscapeUtils.escapeHtml(moasessionid);
AuthenticationSession moasession = null;
@@ -71,7 +89,7 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
moasession = AuthenticationSessionStoreage.getSession(moasessionid);
- String newmoasessionid = AuthenticationSessionStoreage.changeSessionID(moasession);
+ AuthenticationSessionStoreage.changeSessionID(moasession);
} catch (MOADatabaseException e) {
Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
@@ -96,8 +114,19 @@ public class GenerateIFrameTemplateServlet extends AuthServlet {
String target = oaParam.getTarget();
String bkuURL = oaParam.getBKUURL(bkuid);
+ if (MiscUtil.isEmpty(bkuURL)) {
+ Logger.info("No OA specific BKU defined. Use BKU from default configuration");
+ bkuURL = AuthConfigurationProvider.getInstance().getDefaultBKUURL(bkuid);
+ }
String templateURL = AuthConfigurationProvider.getInstance().getSLRequestTemplates(bkuid);
+ if (oaParam.isOnlyMandateAllowed())
+ useMandate = "true";
+ if (!oaParam.isShowMandateCheckBox())
+ useMandate = "false";
//parse all OA parameters i
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index 02c751a0a..2c8b3fb33 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -1,60 +1,82 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.servlet;
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Map;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
+import java.io.IOException;
+import java.security.cert.CertificateException;
+import java.util.Map;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
* Servlet requested for getting the foreign eID
@@ -64,11 +86,11 @@ import at.gv.egovernment.moa.util.DOMUtils;
public class GetForeignIDServlet extends AuthServlet {
- /**
- *
- */
- private static final long serialVersionUID = -3415644214702379483L;
+ /**
+ *
+ */
+ private static final long serialVersionUID = -3415644214702379483L;
* Constructor for GetForeignIDServlet.
@@ -114,9 +136,9 @@ public class GetForeignIDServlet extends AuthServlet {
- Map parameters;
- String pendingRequestID = null;
+ Map<String, String> parameters;
+ String pendingRequestID = null;
@@ -126,7 +148,7 @@ public class GetForeignIDServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
- String sessionID = req.getParameter(PARAM_SESSIONID);
+ String sessionID = req.getParameter(PARAM_SESSIONID);
pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
// escape parameter strings
@@ -152,13 +174,13 @@ public class GetForeignIDServlet extends AuthServlet {
CreateXMLSignatureResponse csresp =
new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse).parseResponseDsig();
- Element signature = csresp.getDsigSignature();
- try {
- session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
- } catch (CertificateException e) {
- Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
- throw new MOAIDException("auth.14", null);
+ Element signature = csresp.getDsigSignature();
+ try {
+ session.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+ } catch (CertificateException e) {
+ Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
+ throw new MOAIDException("auth.14", null);
// make SZR request to the identity link
@@ -181,40 +203,40 @@ public class GetForeignIDServlet extends AuthServlet {
IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(samlAssertion);
IdentityLink identitylink = ilParser.parseIdentityLink();
String samlArtifactBase64 =
- AuthenticationServer.getInstance().getForeignAuthenticationData(session);
- //session is implicit stored in changeSessionID!!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
- Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
- if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
- /*redirectURL = session.getOAURLRequested();
- if (!session.getBusinessService()) {
- redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
- }
- redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
- redirectURL = resp.encodeRedirectURL(redirectURL);*/
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
- ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID);
- redirectURL = resp.encodeRedirectURL(redirectURL);
- } else {
- redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
+ AuthenticationServer.getInstance().getForeignAuthenticationData(session);
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+ Logger.info("Changed MOASession " + sessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+ if (!samlArtifactBase64.equals("Redirect to Input Processor")) {
+ /*redirectURL = session.getOAURLRequested();
+ if (!session.getBusinessService()) {
+ redirectURL = addURLParameter(redirectURL, PARAM_TARGET, URLEncoder.encode(session.getTarget(), "UTF-8"));
+ }
+ redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
+ redirectURL = resp.encodeRedirectURL(redirectURL);*/
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(),
+ ModulUtils.buildAuthURL(session.getModul(), session.getAction(), pendingRequestID), newMOASessionID);
+ redirectURL = resp.encodeRedirectURL(redirectURL);
+ } else {
+ redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, newMOASessionID);
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("Session store error", null);
- }
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("Session store error", null);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index e461197e2..b2224e10c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -34,20 +56,18 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
import org.apache.commons.lang.StringEscapeUtils;
-import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -57,10 +77,8 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
* Servlet requested for getting the foreign eID provided by the security layer
@@ -165,7 +183,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
- List list = MISSimpleClient.sendGetMandatesRequest(
+ List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest(
connectionParameters.getUrl(), misSessionID, sslFactory);
if (list == null) {
@@ -181,7 +199,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
MISMandate mandate = (MISMandate) list.get(0);
String sMandate = new String(mandate.getMandate());
- if (sMandate == null | sMandate.compareToIgnoreCase("") == 0) {
+ if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
Logger.error("Mandate is empty.");
throw new AuthenticationException("auth.16",
new Object[] { GET_MIS_SESSIONID });
@@ -190,7 +208,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
//check if it is a parsable XML
byte[] byteMandate = mandate.getMandate();
String stringMandate = new String(byteMandate);
- Element mandateDoc = DOMUtils.parseDocument(stringMandate, false,
+ DOMUtils.parseDocument(stringMandate, false,
null, null).getDocumentElement();
// extract RepresentationType
@@ -225,8 +243,6 @@ public class GetMISSessionIDServlet extends AuthServlet {
handleError(null, ex, req, resp, pendingRequestID);
} catch (PKIException e) {
handleError(null, e, req, resp, pendingRequestID);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp, pendingRequestID);
} catch (SAXException e) {
handleError(null, e, req, resp, pendingRequestID);
} catch (ParserConfigurationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
index 8dc5d7469..c87a17c7f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/LogOutServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -25,48 +47,19 @@
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
-import java.io.PrintWriter;
-import java.util.List;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import javax.swing.text.StyleContext.SmallAttributeSet;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.stork.STORKAuthnRequestProcessor;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.config.stork.CPEPS;
-import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
-import at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.mw.messages.saml.STORKAuthnRequest;
-import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
-import eu.stork.vidp.messages.exception.SAMLException;
-import eu.stork.vidp.messages.exception.SAMLValidationException;
-import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
-import eu.stork.vidp.messages.stork.RequestedAttributes;
public class LogOutServlet extends AuthServlet {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
new file mode 100644
index 000000000..e04f97e6e
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/MonitoringServlet.java
@@ -0,0 +1,126 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+package at.gv.egovernment.moa.id.auth.servlet;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.Arrays;
+import java.util.List;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.monitoring.TestManager;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class MonitoringServlet extends AuthServlet {
+ private static final long serialVersionUID = 1L;
+ private static final String REQUEST_ATTR_MODULE = "module";
+ protected void doGet(HttpServletRequest req, HttpServletResponse resp)
+ throws ServletException, IOException {
+ try {
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ if (config.isMonitoringActive()) {
+ Logger.debug("Monitoring Servlet received request");
+ TestManager tests = TestManager.getInstance();
+ String modulename = req.getParameter(REQUEST_ATTR_MODULE);
+ if (MiscUtil.isEmpty(modulename)) {
+ List<String> error = tests.executeTests();
+ if (error != null && error.size() > 0) {
+ createErrorMessage(req, resp, error);
+ } else {
+ resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
+ Logger.info("Monitoring Servlet finished without errors");
+ }
+ } else {
+ if (tests.existsModule(modulename)) {
+ List<String> errors = tests.executeTest(modulename);
+ if (errors != null && errors.size() > 0) {
+ createErrorMessage(req, resp, errors);
+ } else {
+ resp.setStatus(HttpServletResponse.SC_OK);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getWriter().write(getHtml(config.getMonitoringMessageSuccess()));
+ Logger.info("Monitoring Servlet finished without errors");
+ }
+ } else {
+ Logger.warn("NO Testmodule exists with modulename " + modulename);
+ resp.setStatus(HttpServletResponse.SC_NOT_FOUND);
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out;
+ try {
+ out = new PrintWriter(resp.getOutputStream());
+ out.write("NO Testmodule exists with modulename " + modulename);
+ out.flush();
+ } catch (IOException e) {
+ Logger.warn("Internal Monitoring Servlet Error. ", e);
+ }
+ }
+ }
+ }
+ } catch (ConfigurationException e) {
+ createErrorMessage(req, resp, Arrays.asList(e.getMessage()));
+ }
+ }
+ private void createErrorMessage(HttpServletRequest req, HttpServletResponse resp, List<String> errorMessage) {
+ Logger.warn("Monitoring Servlet found some Error: " + errorMessage);
+ resp.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
+ resp.setContentType("text/html;charset=UTF-8");
+ PrintWriter out;
+ try {
+ out = new PrintWriter(resp.getOutputStream());
+ for (String error : errorMessage)
+ out.write(error + "<br>");
+ out.flush();
+ } catch (IOException e) {
+ Logger.warn("Internal Monitoring Servlet Error. ", e);
+ }
+ }
+ private String getHtml(String text) {
+ return "<html><head><title>Reponse</title></head><body>" + text +"</body></html>";
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index f6412f897..93f17dd70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
@@ -14,13 +36,13 @@ import org.opensaml.saml2.core.StatusCode;
import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
deleted file mode 100644
index ba8698934..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessValidatorInputServlet.java
+++ /dev/null
@@ -1,268 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.servlet;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.util.Map;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.GetVerifyAuthBlockFormBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.FileUtils;
- * Servlet requested for processing user input forms of infobox validators
- *
- * Utilizes the {@link AuthenticationServer}.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
- * @version $Id: ProcessValidatorInputServlet.java 769 2007-01-10 15:37:52Z peter.danner $
- */
-public class ProcessValidatorInputServlet extends AuthServlet {
- public static final long serialVersionUID = 1;
- /**
- * Constructor for VerifyIdentityLinkServlet.
- */
- public ProcessValidatorInputServlet() {
- super();
- }
- /**
- * Shows the user input forms of infobox validators
- *
- * @see javax.servlet.http.HttpServlet#doGet(HttpServletRequest, HttpServletResponse)
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- Logger.debug("GET ProcessInput");
- resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
- resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
- Map parameters;
- try {
- parameters = getParameters(req);
- } catch (FileUploadException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new IOException(e.getMessage());
- }
- String sessionID = req.getParameter(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
- if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
- // escape parameter strings
- sessionID = StringEscapeUtils.escapeHtml(sessionID);
- try {
- if (!ParamValidatorUtils.isValidSessionID(sessionID))
- throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
- AuthenticationSession session = AuthenticationServer.getSession(sessionID);
- InfoboxValidator infoboxvalidator = session.getFirstPendingValidator();
- String outputStream;
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, sessionID);
- if (infoboxvalidator!=null) {
- outputStream = infoboxvalidator.getForm();
- // replace strings the validators can not know
- outputStream = ParepUtils.replaceAll(outputStream, "<BASE_href>", session.getAuthURL());
- outputStream = ParepUtils.replaceAll(outputStream, "<MOASessionID>", sessionID);
- outputStream = ParepUtils.replaceAll(outputStream, "<BKU>", session.getBkuURL());
- outputStream = ParepUtils.replaceAll(outputStream, "<DataURL>", dataURL);
- outputStream = ParepUtils.replaceAll(outputStream, "<PushInfobox>", session.getPushInfobox());
- } else {
- throw new ValidateException("validator.65", null);
- }
- //resp.setStatus(200);
- resp.setContentType("text/html;charset=UTF-8");
- OutputStream out = resp.getOutputStream();
- out.write(outputStream.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished GET ProcessInput");
- }
- catch (WrongParametersException ex) {
- handleWrongParameters(ex, req, resp);
- }
- catch (MOAIDException ex) {
- handleError(null, ex, req, resp, null); //TODO: is this Class required?
- }
- }
- /**
- * Verifies the user input forms of infobox validators
- *
- * @see javax.servlet.http.HttpServlet#doPost(HttpServletRequest, HttpServletResponse)
- */
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
-// Logger.debug("POST ProcessInput");
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// Map parameters;
-// try {
-// parameters = getParameters(req);
-// } catch (FileUploadException e) {
-// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
-// throw new IOException(e.getMessage());
-// }
-// String sessionID = req.getParameter(PARAM_SESSIONID);
-// if (sessionID==null) sessionID = (String) req.getAttribute(PARAM_SESSIONID);
-// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID);
-// if (sessionID==null) sessionID = (String) parameters.get(PARAM_SESSIONID+"_");
-// // escape parameter strings
-// sessionID = StringEscapeUtils.escapeHtml(sessionID);
-// try {
-// if (!ParamValidatorUtils.isValidSessionID(sessionID))
-// throw new WrongParametersException("ProcessInput", PARAM_SESSIONID, "auth.12");
-// AuthenticationSession session = AuthenticationServer.getSession(sessionID);
-// AuthenticationServer.processInput(session, parameters);
-// String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().getCreateXMLSignatureRequestAuthBlockOrRedirect(session, null, null);
-// if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) {
-// // Now sign the AUTH Block
-// String dataURL = new DataURLBuilder().buildDataURL(
-// session.getAuthURL(), AuthenticationServer.REQ_VERIFY_AUTH_BLOCK, sessionID);
-// String htmlForm = null;
-// boolean doInputProcessorSign = false; // If sign process should be within an extra form, provide a parameter. Otherwise transport through security layer is assumed
-// String inputProcessorSignForm = req.getParameter("Sign_Form");
-// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) req.getAttribute("Sign_Form");
-// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form");
-// if (inputProcessorSignForm==null) inputProcessorSignForm = (String) parameters.get("Sign_Form_");
-// // escape parameter strings
-// inputProcessorSignForm = StringEscapeUtils.escapeHtml(inputProcessorSignForm);
-// if (!ParepUtils.isEmpty(inputProcessorSignForm)) doInputProcessorSign = inputProcessorSignForm.equalsIgnoreCase("true");
-// if (doInputProcessorSign) {
-// // Test if we have a user input form sign template
-// String inputProcessorSignTemplateURL = req.getParameter(PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE);
-// if (!ParamValidatorUtils.isValidSignUrl(inputProcessorSignTemplateURL))
-// throw new WrongParametersException("ProcessInput", PARAM_INPUT_PROCESSOR_SIGN_TEMPLATE, "auth.12");
-// String inputProcessorSignTemplate = null;
-// OAAuthParameter oaParam =
-// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getOAURLRequested());
-// // override template url by url from configuration file
-// if (oaParam.getInputProcessorSignTemplateURL() != null) {
-// inputProcessorSignTemplateURL = oaParam.getInputProcessorSignTemplateURL();
-// }
-// if (inputProcessorSignTemplateURL != null) {
-// try {
-// inputProcessorSignTemplate = new String(FileUtils.readURL(inputProcessorSignTemplateURL));
-// } catch (IOException ex) {
-// throw new AuthenticationException(
-// "auth.03",
-// new Object[] { inputProcessorSignTemplateURL, ex.toString()},
-// ex);
-// }
-// }
-// htmlForm = new GetVerifyAuthBlockFormBuilder().build(
-// inputProcessorSignTemplate, session.getBkuURL(), createXMLSignatureRequestOrRedirect, dataURL, session.getPushInfobox());
-// htmlForm = ParepUtils.replaceAll(htmlForm, "<BASE_href>", session.getAuthURL());
-// htmlForm = ParepUtils.replaceAll(htmlForm, "<MOASessionID>", sessionID);
-// htmlForm = ParepUtils.replaceAll(htmlForm, "<BKU>", session.getBkuURL());
-// htmlForm = ParepUtils.replaceAll(htmlForm, "<DataURL>", dataURL);
-// htmlForm = ParepUtils.replaceAll(htmlForm, "<PushInfobox>", session.getPushInfobox());
-// resp.setContentType("text/html;charset=UTF-8");
-// } else {
-// htmlForm = createXMLSignatureRequestOrRedirect;
-// resp.setStatus(307);
-// resp.addHeader("Location", dataURL);
-// //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
-// resp.setContentType("text/xml;charset=UTF-8");
-// }
-// OutputStream out = resp.getOutputStream();
-// out.write(htmlForm.getBytes("UTF-8"));
-// out.flush();
-// out.close();
-// Logger.debug("Finished POST ProcessInput");
-// } else {
-// String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, session.getSessionID());
-// resp.setContentType("text/html");
-// resp.setStatus(302);
-// resp.addHeader("Location", redirectURL);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-// }
-// try {
-// AuthenticationSessionStoreage.storeSession(session);
-// } catch (MOADatabaseException e) {
-// throw new AuthenticationException("", null);
-// }
-// }
-// catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
-// }
-// catch (MOAIDException ex) {
-// handleError(null, ex, req, resp);
-// }
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
index 5a0bd33bf..7c51e7d6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/RedirectServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
index 8dd547bb5..6fa7b56c6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SSOSendAssertionServlet.java
@@ -1,33 +1,46 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.servlet;
import java.io.IOException;
-import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.URLEncoder;
public class SSOSendAssertionServlet extends AuthServlet{
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
deleted file mode 100644
index 2deece26f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/SelectBKUServlet.java
+++ /dev/null
@@ -1,184 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.servlet;
-import java.io.IOException;
-import java.io.OutputStreamWriter;
-import java.io.Writer;
-import javax.servlet.ServletConfig;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.StringUtils;
- * Servlet requested for selecting a BKU.
- * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLComplete,
- * the browser is redirected to the configured "BKU-Auswahl-URL".
- * <br>In case of {@link AuthConfigurationProvider#getBKUSelectionType}==HTMLSelect,
- * the list of available BKU's is fetched from a BKU-Auswahl server, and presented
- * to the user in an HTML form.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class SelectBKUServlet extends AuthServlet {
- /**
- *
- */
- private static final long serialVersionUID = 4764993494204751296L;
- * Calls the web application initializer.
- *
- * @see javax.servlet.Servlet#init(ServletConfig)
- */
- public void init(ServletConfig servletConfig) throws ServletException {
- try {
- super.init(servletConfig);
- MOAIDAuthInitializer.initialize();
- Logger.debug("default platform file.encoding: " + System.getProperty("file.encoding"));
- Logger.info(MOAIDMessageProvider.getInstance().getMessage("init.00", null));
- }
- catch (Exception ex) {
- Logger.fatal(MOAIDMessageProvider.getInstance().getMessage("init.02", null), ex);
- throw new ServletException(ex);
- }
- }
- /**
- * Responds with an HTML form which requests the user to choose a BKU.
- */
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- Logger.debug("GET SelectBKU");
-// resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-// resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-// String authURL = req.getScheme() + "://" + req.getServerName();
-// if ((req.getScheme().equalsIgnoreCase("https") && req.getServerPort()!=443) || (req.getScheme().equalsIgnoreCase("http") && req.getServerPort()!=80)) {
-// authURL = authURL.concat(":" + req.getServerPort());
-// }
-// authURL = authURL.concat(req.getContextPath() + "/");
-// String target = req.getParameter(PARAM_TARGET);
-// String oaURL = req.getParameter(PARAM_OA);
-// String bkuSelectionTemplateURL = req.getParameter(PARAM_BKUTEMPLATE);
-// String templateURL = req.getParameter(PARAM_TEMPLATE);
-// // escape parameter strings
-// target = StringEscapeUtils.escapeHtml(target);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
-// templateURL = StringEscapeUtils.escapeHtml(templateURL);
-// bkuSelectionTemplateURL = StringEscapeUtils.escapeHtml(bkuSelectionTemplateURL);
-// try {
-// // check parameter
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("SelectBKU", PARAM_OA, "auth.12");
-// if (!ParamValidatorUtils.isValidTemplate(req, templateURL))
-// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
-// if (!ParamValidatorUtils.isValidTemplate(req, bkuSelectionTemplateURL))
-// throw new WrongParametersException("SelectBKU", PARAM_TEMPLATE, "auth.12");
-// if (!ParamValidatorUtils.isValidTarget(target))
-// throw new WrongParametersException("SelectBKU", PARAM_TARGET, "auth.12");
-// OAAuthParameter oaParam =
-// AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
-// if (oaParam == null)
-// throw new AuthenticationException("auth.00", new Object[] { oaURL });
-// // get target and target friendly name from config
-// String targetConfig = oaParam.getTarget();
-// String returnValue = null;
-// if (StringUtils.isEmpty(targetConfig)) {
-// // no target attribut is given in OA config
-// // target is used from request
-// // check parameter
-// if (!ParamValidatorUtils.isValidTarget(target))
-// throw new WrongParametersException("StartAuthentication", PARAM_TARGET, "auth.12");
-// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, target, oaURL, bkuSelectionTemplateURL, templateURL);
-// }
-// else {
-// // use target from config
-// returnValue = AuthenticationServer.getInstance().selectBKU(authURL, targetConfig, oaURL, bkuSelectionTemplateURL, templateURL);
-// }
-// String bkuSelectionType = AuthConfigurationProvider.getInstance().getBKUSelectionType();
-// if (bkuSelectionType.equals(AuthConfigurationProvider.BKU_SELECTION_TYPE_HTMLCOMPLETE)) {
-// // bkuSelectionType==HTMLComplete
-// String redirectURL = returnValue;
-// resp.setContentType("text/html");
-// resp.sendRedirect(redirectURL);
-// Logger.info("REDIRECT TO: " + redirectURL);
-// } else {
-// // bkuSelectionType==HTMLSelect
-// String htmlForm = returnValue;
-// resp.setContentType("text/html;charset=UTF-8");
-// Logger.debug("HTML-Form: " + htmlForm);
-// Writer out = new OutputStreamWriter(resp.getOutputStream(), "UTF8");
-// out.write(htmlForm);
-// out.flush();
-// Logger.debug("Finished GET SelectBKU");
-// }
-// }
-// catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
-// }
-// catch (Throwable ex) {
-// handleError(null, ex, req, resp);
-// }
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 09e4e957d..714d6b3f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -25,7 +47,6 @@
package at.gv.egovernment.moa.id.auth.servlet;
import iaik.pki.PKIException;
-import iaik.x509.X509Certificate;
import java.io.IOException;
import java.security.GeneralSecurityException;
@@ -41,13 +62,14 @@ import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
@@ -59,10 +81,8 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient;
-import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClientException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.URLEncoder;
* Servlet requested for verifying the signed authentication block
@@ -139,7 +159,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String pendingRequestID = null;
- Map parameters;
+ Map<String, String> parameters;
parameters = getParameters(req);
@@ -147,6 +167,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
throw new IOException(e.getMessage());
String sessionID = req.getParameter(PARAM_SESSIONID);
String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
@@ -187,11 +208,15 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
// redirect url
// build redirect(to the GetMISSessionIdSerlvet)
+ //change MOASessionID before MIS request
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
redirectURL =
new DataURLBuilder().buildDataURL(
- session.getSessionID());
+ newMOASessionID);
String oaURL = session.getOAURLRequested();
OAAuthParameter oaParam = authConf.getOnlineApplicationParameter(oaURL);
@@ -226,13 +251,13 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest(connectionParameters.getUrl(), idl, cert, oaFriendlyName, redirectURL, mandateReferenceValue, profilesArray, targetType, sslFactory);
- String redirectMISGUI = misSessionID.getRedirectURL();
if (misSessionID == null) {
Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null.");
throw new MISSimpleClientException("Fehler bei Anfrage an Vollmachten Service.");
+ String redirectMISGUI = misSessionID.getRedirectURL();
try {
@@ -280,8 +305,6 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
handleError(null, e, req, resp, pendingRequestID);
} catch (PKIException e) {
handleError(null, e, req, resp, pendingRequestID);
- } catch (MISSimpleClientException e) {
- handleError(null, e, req, resp, pendingRequestID);
} catch (TransformerException e) {
handleError(null, e, req, resp, pendingRequestID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
index ec05af5a1..80b1547c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyCertificateServlet.java
@@ -1,54 +1,76 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.servlet;
-import iaik.x509.X509Certificate;
-import java.io.IOException;
-import java.util.Map;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.fileupload.FileUploadException;
-import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.id.util.ServletUtils;
-import at.gv.egovernment.moa.logging.Logger;
+import iaik.x509.X509Certificate;
+import java.io.IOException;
+import java.util.Map;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.fileupload.FileUploadException;
+import org.apache.commons.lang.StringEscapeUtils;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.id.util.ServletUtils;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.spss.util.CertificateUtils;
@@ -59,11 +81,11 @@ import at.gv.egovernment.moa.spss.util.CertificateUtils;
public class VerifyCertificateServlet extends AuthServlet {
- /**
- *
- */
- private static final long serialVersionUID = -4110159749768152538L;
+ /**
+ *
+ */
+ private static final long serialVersionUID = -4110159749768152538L;
* Constructor for VerifyCertificateServlet.
@@ -108,10 +130,10 @@ public class VerifyCertificateServlet extends AuthServlet {
- String pendingRequestID = null;
- Map parameters;
+ String pendingRequestID = null;
+ Map<String, String> parameters;
parameters = getParameters(req);
@@ -124,8 +146,8 @@ public class VerifyCertificateServlet extends AuthServlet {
// escape parameter strings
sessionID = StringEscapeUtils.escapeHtml(sessionID);
- pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(sessionID);
AuthenticationSession session = null;
try {
@@ -142,20 +164,20 @@ public class VerifyCertificateServlet extends AuthServlet {
throw new AuthenticationException("auth.14", null);
- boolean useMandate = session.getUseMandate();
+ boolean useMandate = session.getUseMandate();
if (useMandate) {
- // verify certificate for OrganWalter
- String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
+ // verify certificate for OrganWalter
+ String createXMLSignatureRequestOrRedirect = AuthenticationServer.getInstance().verifyCertificate(session, cert);
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("session store error", null);
+ }
ServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, session, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
else {
@@ -177,12 +199,12 @@ public class VerifyCertificateServlet extends AuthServlet {
- try {
- AuthenticationSessionStoreage.storeSession(session);
- } catch (MOADatabaseException e) {
- throw new MOAIDException("session store error", null);
- }
+ try {
+ AuthenticationSessionStoreage.storeSession(session);
+ } catch (MOADatabaseException e) {
+ throw new MOAIDException("session store error", null);
+ }
ServletUtils.writeCreateXMLSignatureRequest(resp, session, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl);
@@ -190,13 +212,13 @@ public class VerifyCertificateServlet extends AuthServlet {
Logger.debug("Send CreateXMLSignatureRequest to BKU");
- catch (MOAIDException ex) {
+ catch (MOAIDException ex) {
handleError(null, ex, req, resp, pendingRequestID);
- }
- finally {
- ConfigurationDBUtils.closeSession();
+ }
+ finally {
+ ConfigurationDBUtils.closeSession();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
index 38f650a65..7c2a032a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyIdentityLinkServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -34,15 +56,15 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.fileupload.FileUploadException;
import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -113,7 +135,7 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
Logger.debug("POST VerifyIdentityLink");
- Map parameters;
+ Map<String, String> parameters;
String pendingRequestID = null;
@@ -185,11 +207,6 @@ public class VerifyIdentityLinkServlet extends AuthServlet {
else {
- // @TODO: unteren InfoboxReadRequest zu, Signer-Cert auslesen (wegen Cert Abfrage auf Organwalter OID),
- // nach oben verschoben vor verifyIdentityLink (da hier schon bPK berechnet, die aber f�r OW nicht in
- // AUTH Block aufscheinen darf. --> D.h. verifyIdentityLink umbauen - verify und AUTH Block bauen trennen)
- //TODO: Klaus fragen ob der Teil wirklich noch benötigt wird!!!!!
boolean useMandate = session.getUseMandate();
if (useMandate) { // Mandate modus
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java
index 7ffe59fd9..ca15cb120 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/AssertionVerifier.java
@@ -1,55 +1,77 @@
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.stork;
-import java.util.List;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.metadata.RequestedAttribute;
+import java.util.List;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.metadata.RequestedAttribute;
- * Interface to be implemented for verifying SAML assertions
- *
+ * Interface to be implemented for verifying SAML assertions
+ *
* @author bzwattendorfer
public interface AssertionVerifier {
- /**
- * Verifies a given assertion
- * @param assertion SAML assertion
- * @param reqIPAddress IP address of the client
- * @param authnRequestID ID of the corresponding authentication request for verification
- * @param recipient recipient for verification
- * @param audience audience for verification
- * @param reqAttrList RequestedAttribute list for verification
- * @throws SecurityException
+ /**
+ * Verifies a given assertion
+ * @param assertion SAML assertion
+ * @param reqIPAddress IP address of the client
+ * @param authnRequestID ID of the corresponding authentication request for verification
+ * @param recipient recipient for verification
+ * @param audience audience for verification
+ * @param reqAttrList RequestedAttribute list for verification
+ * @throws SecurityException
public void verify(Assertion assertion, String reqIPAddress, String authnRequestID, String recipient, String audience, List<RequestedAttribute> reqAttrList) throws SecurityException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
index b95ab6218..80089a423 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/CredentialProvider.java
@@ -1,28 +1,50 @@
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
@@ -33,17 +55,17 @@ import org.opensaml.xml.security.credential.Credential;
import eu.stork.vidp.messages.exception.SAMLException;
- * Interface supporting different kinds of Credentials
- *
+ * Interface supporting different kinds of Credentials
+ *
* @author bzwattendorfer
public interface CredentialProvider {
- /**
- * Gets appropriate credentials
- * @return Credential object
- * @throws SAMLException
+ /**
+ * Gets appropriate credentials
+ * @return Credential object
+ * @throws SAMLException
public Credential getCredential() throws SAMLException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
index 467210b4d..cf167ba84 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/KeyStoreCredentialProvider.java
@@ -1,70 +1,92 @@
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.stork;
-import java.security.KeyStore;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import org.opensaml.xml.security.credential.Credential;
-import org.opensaml.xml.security.x509.BasicX509Credential;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import at.gv.egovernment.moa.util.KeyStoreUtils;
-import at.gv.egovernment.moa.util.StringUtils;
-import eu.stork.vidp.messages.exception.SAMLException;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
- * Provides credentials from a KeyStore
- * @author bzwattendorfer
- *
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.StringUtils;
+import eu.stork.vidp.messages.exception.SAMLException;
+ * Provides credentials from a KeyStore
+ * @author bzwattendorfer
+ *
public class KeyStoreCredentialProvider implements CredentialProvider {
private final static Logger log = LoggerFactory.getLogger(KeyStoreCredentialProvider.class);
/** KeyStore Path */
private String keyStorePath;
/** KeyStore Password */
private String keyStorePassword;
/** Specific Key Name as Credential */
private String keyName;
/** Key password */
private String keyPassword;
- /**
- * Creates a KeyStoreCredentialProvider object
- * @param keyStorePath KeyStore Path
- * @param keyStorePassword KeyStore Password
- * @param keyName KeyName of the key to be retrieved
- * @param keyPassword Password for the Key
+ /**
+ * Creates a KeyStoreCredentialProvider object
+ * @param keyStorePath KeyStore Path
+ * @param keyStorePassword KeyStore Password
+ * @param keyName KeyName of the key to be retrieved
+ * @param keyPassword Password for the Key
public KeyStoreCredentialProvider(String keyStorePath,
String keyStorePassword, String keyName, String keyPassword) {
@@ -75,23 +97,23 @@ public class KeyStoreCredentialProvider implements CredentialProvider {
this.keyPassword = keyPassword;
- /**
- * Gets the credential object from the KeyStore
+ /**
+ * Gets the credential object from the KeyStore
public Credential getCredential() throws SAMLException {
log.trace("Retrieving credentials for signing SAML Response.");
if (StringUtils.isEmpty(this.keyStorePath))
throw new SAMLException("No keyStorePath specified");
//KeyStorePassword optional
//if (StringUtils.isEmpty(this.keyStorePassword))
// throw new SAMLException("No keyStorePassword specified");
if (StringUtils.isEmpty(this.keyName))
throw new SAMLException("No keyName specified");
//KeyStorePassword optional
//if (StringUtils.isEmpty(this.keyPassword))
// throw new SAMLException("No keyPassword specified");
@@ -120,7 +142,7 @@ public class KeyStoreCredentialProvider implements CredentialProvider {
return credential;
- }
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
index 3048ccbee..dcd1a8a1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorAssertionVerifier.java
@@ -1,58 +1,80 @@
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.stork;
-import java.util.List;
-import org.joda.time.DateTime;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.Audience;
-import org.opensaml.saml2.core.AudienceRestriction;
-import org.opensaml.saml2.core.Conditions;
-import org.opensaml.saml2.core.SubjectConfirmation;
-import org.opensaml.saml2.core.SubjectConfirmationData;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import at.gv.egovernment.moa.logging.Logger;
-import eu.stork.vidp.messages.saml.STORKAttribute;
-import eu.stork.vidp.messages.util.SAMLUtil;
+import java.util.List;
+import org.joda.time.DateTime;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.Audience;
+import org.opensaml.saml2.core.AudienceRestriction;
+import org.opensaml.saml2.core.Conditions;
+import org.opensaml.saml2.core.SubjectConfirmation;
+import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import at.gv.egovernment.moa.logging.Logger;
+import eu.stork.vidp.messages.saml.STORKAttribute;
+import eu.stork.vidp.messages.util.SAMLUtil;
- * Verifies the SAML assertion according to the STORK specification
+ * Verifies the SAML assertion according to the STORK specification
* @author bzwattendorfer
public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
- private static final int CLOCK_SKEW_MINUTES = 5;
+ private static final int CLOCK_SKEW_MINUTES = 5;
private static final boolean IS_USERS_CLIENT_IP_ADDRESS_TO_VERIFY = false;
/* (non-Javadoc)
@@ -63,13 +85,13 @@ public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
//SAML assertion need not to be signed, skipping signature validation
- verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient);
- Logger.debug("SubjectConfirmationData successfully verified");
+ verifySubjectConfirmation(assertion, reqIPAddress, authnRequestID, recipient);
+ Logger.debug("SubjectConfirmationData successfully verified");
verifyConditions(assertion, audience);
- Logger.debug("Conditions successfully verified");
+ Logger.debug("Conditions successfully verified");
@@ -82,21 +104,21 @@ public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
private void verifySubjectConfirmationData(SubjectConfirmationData scData, String reqAddress, String requestID, String recipient) throws SecurityException {
//NotBefore not allowed in SSO profile
- verifyNotOnOrAfter(scData.getNotOnOrAfter());
+ verifyNotOnOrAfter(scData.getNotOnOrAfter());
Logger.trace("NotOnOrAfter successfully verified");
- verifyClientAddress(scData, reqAddress);
+ verifyClientAddress(scData, reqAddress);
Logger.trace("User's client IP address successfully verified.");
} else {
Logger.warn("User's client IP address will not be verified.");
- verifyRecipient(scData, recipient);
- Logger.trace("Recipient successfully verified");
+ verifyRecipient(scData, recipient);
+ Logger.trace("Recipient successfully verified");
- verifyInResponseTo(scData, requestID);
+ verifyInResponseTo(scData, requestID);
Logger.trace("InResponseTo successfully verified");
@@ -167,75 +189,75 @@ public class PEPSConnectorAssertionVerifier implements AssertionVerifier {
private void verifyConditions(Assertion assertion, String reqAudience) throws SecurityException {
Conditions conditions = assertion.getConditions();
- verifyNotBefore(conditions.getNotBefore());
- Logger.trace("NotBefore successfully verified");
+ verifyNotBefore(conditions.getNotBefore());
+ Logger.trace("NotBefore successfully verified");
- verifyNotOnOrAfter(conditions.getNotOnOrAfter());
+ verifyNotOnOrAfter(conditions.getNotOnOrAfter());
Logger.trace("NotOnOrAfter successfully verified");
- verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience);
+ verifyAudience(conditions.getAudienceRestrictions().get(0), reqAudience);
Logger.trace("Audience successfully verified");
- }
- public static void validateRequiredAttributes(
- List<RequestedAttribute> reqAttrList,
- List<Attribute> attrList)
- throws STORKException {
- Logger.debug("Starting required attribute validation");
- if (reqAttrList == null || reqAttrList.isEmpty()) {
- Logger.error("Requested Attributes list is empty.");
- throw new STORKException("No attributes have been requested");
- }
- if (attrList == null || attrList.isEmpty()) {
- Logger.error("STORK AttributeStatement is empty.");
- throw new STORKException("No attributes have been received");
- }
- Logger.trace("These attributes have been requested and received: ");
- int count = 0;
- for (RequestedAttribute reqAttr : reqAttrList) {
- Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired());
- for(Attribute attr : attrList) {
- if (verifyRequestedAttribute(reqAttr, attr))
- count++;
- }
- }
- int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList);
- Logger.trace("Number of requested required attributes: " + numRequiredReqAttr);
- Logger.trace("Number of received required attributes: " + count);
- if (count != numRequiredReqAttr) {
- Logger.error("Not all required attributes have been received");
- throw new STORKException("Not all required attributes have been received");
- }
- Logger.debug("Received all required attributes!");
- }
- private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) {
- if ((reqAttr.getName()).equals(attr.getName())) {
- if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
- Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr));
- return true;
- }
- }
- return false;
- }
- private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) {
- int count = 0;
- for (RequestedAttribute reqAttr : reqAttrList)
- if (reqAttr.isRequired()) count++;
- return count;
- }
+ }
+ public static void validateRequiredAttributes(
+ List<RequestedAttribute> reqAttrList,
+ List<Attribute> attrList)
+ throws STORKException {
+ Logger.debug("Starting required attribute validation");
+ if (reqAttrList == null || reqAttrList.isEmpty()) {
+ Logger.error("Requested Attributes list is empty.");
+ throw new STORKException("No attributes have been requested");
+ }
+ if (attrList == null || attrList.isEmpty()) {
+ Logger.error("STORK AttributeStatement is empty.");
+ throw new STORKException("No attributes have been received");
+ }
+ Logger.trace("These attributes have been requested and received: ");
+ int count = 0;
+ for (RequestedAttribute reqAttr : reqAttrList) {
+ Logger.trace("Requested attribute: " + reqAttr.getName() + " isRequired: " + reqAttr.isRequired());
+ for(Attribute attr : attrList) {
+ if (verifyRequestedAttribute(reqAttr, attr))
+ count++;
+ }
+ }
+ int numRequiredReqAttr = getNumberOfRequiredAttributes(reqAttrList);
+ Logger.trace("Number of requested required attributes: " + numRequiredReqAttr);
+ Logger.trace("Number of received required attributes: " + count);
+ if (count != numRequiredReqAttr) {
+ Logger.error("Not all required attributes have been received");
+ throw new STORKException("Not all required attributes have been received");
+ }
+ Logger.debug("Received all required attributes!");
+ }
+ private static boolean verifyRequestedAttribute(RequestedAttribute reqAttr, Attribute attr) {
+ if ((reqAttr.getName()).equals(attr.getName())) {
+ if (reqAttr.isRequired() && SAMLUtil.getStatusFromAttribute(attr).equals(STORKAttribute.ALLOWED_ATTRIBUTE_STATUS_AVAIL)) {
+ Logger.trace("Received required attribute " + attr.getName() + " status: " + SAMLUtil.getStatusFromAttribute(attr));
+ return true;
+ }
+ }
+ return false;
+ }
+ private static int getNumberOfRequiredAttributes(List<RequestedAttribute> reqAttrList) {
+ int count = 0;
+ for (RequestedAttribute reqAttr : reqAttrList)
+ if (reqAttr.isRequired()) count++;
+ return count;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
index b09b6a64e..134836a9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/PEPSConnectorResponseVerifier.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2011 by Graz University of Technology, Austria
* The Austrian STORK Modules have been developed by the E-Government
@@ -31,18 +53,16 @@ package at.gv.egovernment.moa.id.auth.stork;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
import eu.stork.mw.messages.saml.STORKResponse;
import eu.stork.vidp.messages.exception.SAMLValidationException;
import eu.stork.vidp.messages.util.SAMLUtil;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
index 848937824..ea3d4101b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/ResponseVerifier.java
@@ -1,43 +1,65 @@
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.stork;
-import eu.stork.mw.messages.saml.STORKResponse;
- * Interface to be implemented for SAML response verification
- * @author bzwattendorfer
- *
+import eu.stork.mw.messages.saml.STORKResponse;
+ * Interface to be implemented for SAML response verification
+ * @author bzwattendorfer
+ *
public interface ResponseVerifier {
- /**
- * Verifies a STORK response
- * @param response STORK response
- * @throws SecurityException
+ /**
+ * Verifies a STORK response
+ * @param response STORK response
+ * @throws SecurityException
public void verify(STORKResponse response) throws SecurityException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
index ff30919bc..5dc615b6c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKAuthnRequestProcessor.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
@@ -6,20 +28,15 @@ package at.gv.egovernment.moa.id.auth.stork;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.commons.lang.StringEscapeUtils;
-import org.apache.commons.lang.StringUtils;
import org.apache.velocity.app.VelocityEngine;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.Endpoint;
-import org.opensaml.saml2.metadata.RequestedAttribute;
import org.opensaml.ws.transport.http.HTTPOutTransport;
import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
import org.opensaml.xml.security.credential.Credential;
-import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.logging.Logger;
import eu.stork.mw.messages.saml.STORKAuthnRequest;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java
index 5b737603b..a91e1bc5a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index c98ca87b9..37c9376ae 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -1,29 +1,42 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.auth.stork;
-import iaik.x509.X509Certificate;
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.security.cert.CertificateException;
-import java.security.cert.CertificateFactory;
import java.util.List;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.xml.namespace.QName;
-import javax.xml.transform.TransformerException;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.saml2.metadata.SurName;
import org.opensaml.ws.transport.http.HTTPInTransport;
import org.opensaml.ws.transport.http.HTTPOutTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -36,17 +49,16 @@ import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.ParseException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
import eu.stork.mw.messages.saml.STORKResponse;
@@ -361,6 +373,9 @@ public class STORKResponseProcessor {
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
throw new STORKException("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ } catch (at.gv.egovernment.moa.id.client.SZRGWClientException e) {
+ Logger.error("Error connecting SZR-Gateway: ", e);
+ throw new STORKException("Error connecting SZR-Gateway: ", e);
return identityLink;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java
index 29478718f..b923727f9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/VelocityProvider.java
@@ -1,48 +1,70 @@
- * Copyright 2011 by Graz University of Technology, Austria
- * The Austrian STORK Modules have been developed by the E-Government
- * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
- * Austria and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2011 by Graz University of Technology, Austria
+ * The Austrian STORK Modules have been developed by the E-Government
+ * Innovation Center EGIZ, a joint initiative of the Federal Chancellery
+ * Austria and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.stork;
-import org.apache.velocity.app.VelocityEngine;
-import org.apache.velocity.runtime.RuntimeConstants;
+import org.apache.velocity.app.VelocityEngine;
+import org.apache.velocity.runtime.RuntimeConstants;
- * Gets a Velocity Engine
- *
+ * Gets a Velocity Engine
+ *
* @author bzwattendorfer
public class VelocityProvider {
- /**
- * Gets velocityEngine from Classpath
- * @return VelocityEngine
- * @throws Exception
+ /**
+ * Gets velocityEngine from Classpath
+ * @return VelocityEngine
+ * @throws Exception
public static VelocityEngine getClassPathVelocityEngine() throws Exception {
VelocityEngine velocityEngine = getBaseVelocityEngine();
@@ -54,12 +76,12 @@ public class VelocityProvider {
return velocityEngine;
- /**
- * Gets VelocityEngine from File
- * @param rootPath File Path to template file
- * @return VelocityEngine
- * @throws Exception
+ /**
+ * Gets VelocityEngine from File
+ * @param rootPath File Path to template file
+ * @return VelocityEngine
+ * @throws Exception
public static VelocityEngine getFileVelocityEngine(String rootPath) throws Exception {
VelocityEngine velocityEngine = getBaseVelocityEngine();
@@ -72,10 +94,10 @@ public class VelocityProvider {
return velocityEngine;
- /**
- * Gets a basic VelocityEngine
- * @return VelocityEngine
+ /**
+ * Gets a basic VelocityEngine
+ * @return VelocityEngine
private static VelocityEngine getBaseVelocityEngine() {
VelocityEngine velocityEngine = new VelocityEngine();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index b2ef2d000..5471c03f5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -40,6 +62,7 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.SAMLAttribute;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -142,7 +165,7 @@ public class CreateXMLSignatureResponseValidator {
int offset = 0;
// check number of SAML aatributes
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
int extendedSAMLAttributesNum = 0;
if (extendedSAMLAttributes != null) {
extendedSAMLAttributesNum = extendedSAMLAttributes.size();
@@ -261,7 +284,7 @@ public class CreateXMLSignatureResponseValidator {
if (!samlAttribute.getName().equals("SpecialText")) {
throw new ValidateException(
- new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)});
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
@@ -284,10 +307,29 @@ public class CreateXMLSignatureResponseValidator {
throw new ValidateException("validator.35", null);
+ //check unique AuthBlock tokken
+ samlAttribute = samlAttributes[4 + offset];
+ if (!samlAttribute.getName().equals("UniqueTokken")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String uniquetokken = (String)samlAttribute.getValue();
+ if (!uniquetokken.equals(session.getAuthBlockTokken())) {
+ throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
// now check the extended SAML attributes
int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset;
if (extendedSAMLAttributes != null) {
- Iterator it = extendedSAMLAttributes.iterator();
+ Iterator<ExtendedSAMLAttribute> it = extendedSAMLAttributes.iterator();
while (it.hasNext()) {
ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
samlAttribute = samlAttributes[i];
@@ -405,12 +447,12 @@ public class CreateXMLSignatureResponseValidator {
SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes();
boolean foundOA = false;
- boolean foundGB = false;
- boolean foundWBPK = false;
+// boolean foundGB = false;
+// boolean foundWBPK = false;
int offset = 0;
// check number of SAML aatributes
- List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
int extendedSAMLAttributesNum = 0;
if (extendedSAMLAttributes != null) {
extendedSAMLAttributesNum = extendedSAMLAttributes.size();
@@ -470,7 +512,7 @@ public class CreateXMLSignatureResponseValidator {
if (!samlAttribute.getName().equals("SpecialText")) {
throw new ValidateException(
- new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(3)});
+ new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)});
if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
String samlSpecialText = (String)samlAttribute.getValue();
@@ -494,10 +536,28 @@ public class CreateXMLSignatureResponseValidator {
throw new ValidateException("validator.35", null);
+ //check unique AuthBlock tokken
+ samlAttribute = samlAttributes[3 + offset];
+ if (!samlAttribute.getName().equals("UniqueTokken")) {
+ throw new ValidateException(
+ "validator.37",
+ new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)});
+ }
+ if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) {
+ String uniquetokken = (String)samlAttribute.getValue();
+ if (!uniquetokken.equals(session.getAuthBlockTokken())) {
+ throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()});
+ }
+ } else {
+ throw new ValidateException("validator.35", null);
+ }
// now check the extended SAML attributes
int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset;
if (extendedSAMLAttributes != null) {
- Iterator it = extendedSAMLAttributes.iterator();
+ Iterator<ExtendedSAMLAttribute> it = extendedSAMLAttributes.iterator();
while (it.hasNext()) {
ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next();
samlAttribute = samlAttributes[i];
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
index a4b98c4c8..fa6486afe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -28,6 +50,7 @@ import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.XPathUtils;
@@ -70,25 +93,25 @@ public class IdentityLinkValidator implements Constants {
/** Xpath expression to the SAML:Attribute element */
private static final String ATTRIBUTE_XPATH =
ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
- /** Xpath expression to the SAML:AttributeName attribute */
- private static final String ATTRIBUTE_NAME_XPATH =
- ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
- /** Xpath expression to the SAML:AttributeNamespace attribute */
- private static final String ATTRIBUTE_NAMESPACE_XPATH =
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/@AttributeNamespace";
- /** Xpath expression to the SAML:AttributeValue element */
- private static final String ATTRIBUTE_VALUE_XPATH =
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Attribute/"
- + SAML
- + "AttributeValue";
+// /** Xpath expression to the SAML:AttributeName attribute */
+// private static final String ATTRIBUTE_NAME_XPATH =
+// ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
+// /** Xpath expression to the SAML:AttributeNamespace attribute */
+// private static final String ATTRIBUTE_NAMESPACE_XPATH =
+// ROOT
+// + SAML
+// + "AttributeStatement/"
+// + SAML
+// + "Attribute/@AttributeNamespace";
+// /** Xpath expression to the SAML:AttributeValue element */
+// private static final String ATTRIBUTE_VALUE_XPATH =
+// ROOT
+// + SAML
+// + "AttributeStatement/"
+// + SAML
+// + "Attribute/"
+// + SAML
+// + "AttributeValue";
/** Singleton instance. <code>null</code>, if none has been created. */
private static IdentityLinkValidator instance;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
index 7d951d65f..e6e2539c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/InfoboxValidator.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -30,6 +52,7 @@ import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
* Validates an InfoboxReadResponse.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
index ed826c615..0d39a4bc5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -35,9 +57,9 @@ import java.security.interfaces.RSAPublicKey;
import java.util.List;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.logging.Logger;
@@ -123,7 +145,7 @@ public class VerifyXMLSignatureResponseValidator {
throw new ValidateException("validator.50", null);
//Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
if (identityLinkSignersSubjectDNNames != null) {
String subjectDN = "";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java
deleted file mode 100644
index c8020cda4..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessor.java
+++ /dev/null
@@ -1,87 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.validator.parep;
-import java.util.Map;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
-import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
- * Input processor for infobox validators.
- */
-public interface ParepInputProcessor {
- /**
- * Initialize user input processing. This function must initialize the
- * processor to remember its state. Fixed values for the current authentication
- * session are set here.
- *
- * @param representationID The id of the provided standardized mandate
- * @param parepConfiguration The configuration of the party representation validator
- * @param rpFamilyName The family name of the representative
- * @param rpGivenName
- * @param rpDateOfBirth
- * @param request CreateMandateRequest containing the representative and the mandator
- */
- public void initialize(
- String representationID, ParepConfiguration parepConfiguration,
- String rpFamilyName, String rpGivenName, String rpDateOfBirth,
- CreateMandateRequest request);
- /**
- * Starting point of user input processing. This function must initialize the
- * processor and remember its state.
- *
- * @param physical Is person a physical person selected
- * @param familyName The family name of the mandator
- * @param givenName
- * @param dateOfBirth
- * @param streetName The address of the physical person
- * @param buildingNumber
- * @param unit
- * @param postalCode
- * @param municipality
- * @param cbFullName
- * @param cbIdentificationType
- * @param cbIdentificationValue
- * @return The initial user input form
- */
- public String start(
- boolean physical, String familyName, String givenName, String dateOfBirth,
- String streetName, String buildingNumber, String unit, String postalCode, String municipality,
- String cbFullName, String cbIdentificationType, String cbIdentificationValue);
- /**
- * Validation after the user submitted form
- *
- * @param parameters Returned input field values
- * @param extErrortext Error text from SZR-gateway to throw error page or form to correct user input data
- * @return User input form if needed, or empty form if everything is ok with the user input. Returns null on error.
- */
- public String validate(Map parameters, String extErrortext);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
deleted file mode 100644
index a154c9ece..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepInputProcessorImpl.java
+++ /dev/null
@@ -1,337 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
- *
- */
-package at.gv.egovernment.moa.id.auth.validator.parep;
-import java.io.ByteArrayOutputStream;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.InputStream;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Map;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
-import at.gv.egovernment.moa.logging.Logger;
- * Implements the standard party representation infobox validator input processor
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- *
- */
-public class ParepInputProcessorImpl implements ParepInputProcessor{
- /** the requested representation ID (currently * or OID) */
- private String representationID;
- /** contains the configuration of the owning validator */
- private ParepConfiguration parepConfiguration;
- /** Family name of the representative */
- private String rpFamilyName;
- /** Given name of the representative */
- private String rpGivenName;
- /** The representatives date of birth */
- private String rpDateOfBirth;
- /** The current CreateMandateRequest to the SZR-gateway */
- private CreateMandateRequest request;
- /*
- * (non-Javadoc)
- *
- * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#initialize(String, ParepConfiguration, String, String, String, CreateMandateRequest)
- */
- public void initialize(
- String representationID, ParepConfiguration parepConfiguration,
- String rpFamilyName, String rpGivenName, String rpDateOfBirth,
- CreateMandateRequest request)
- {
- // Initialization
- this.representationID = representationID;
- this.parepConfiguration = parepConfiguration;
- this.rpFamilyName = rpFamilyName;
- this.rpGivenName = rpGivenName;
- this.rpDateOfBirth = rpDateOfBirth;
- this.request = request;
- }
-public String start(boolean physical, String familyName, String givenName,
- String dateOfBirth, String streetName, String buildingNumber,
- String unit, String postalCode, String municipality, String cbFullName,
- String cbIdentificationType, String cbIdentificationValue) {
- // TODO Auto-generated method stub
- return null;
-public String validate(Map parameters, String extErrortext) {
- // TODO Auto-generated method stub
- return null;
- //TODO: check correctness
-// /*
-// * (non-Javadoc)
-// *
-// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#start(boolean, String, String, String, String, String, String, String, String, String, String, String)
-// */
-// public String start(
-// boolean physical, String familyName, String givenName, String dateOfBirth,
-// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
-// String cbFullName, String cbIdentificationType, String cbIdentificationValue)
-// {
-// // Load the form
-// String form = loadForm(
-// physical, familyName, givenName, dateOfBirth,
-// streetName, buildingNumber, unit, postalCode, municipality,
-// cbFullName, cbIdentificationType, cbIdentificationValue, "");
-// try {
-// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
-// cbIdentificationType, cbIdentificationValue);
-// } catch (SZRGWClientException e) {
-// //e.printStackTrace();
-// Logger.info(e);
-// return null;
-// }
-// return form;
-// }
-// /*
-// * (non-Javadoc)
-// *
-// * @see at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessor#validate(Map, String)
-// */
-// public String validate(Map parameters, String extErrortext)
-// {
-// // Process the gotten parameters
-// String form = null;
-// boolean formNecessary = false;
-// if (!ParepUtils.isEmpty(extErrortext)) formNecessary = true;
-// String locErrortext = "Folgende Parameter fehlen: ";
-// String familyName = (String) parameters.get("familyname_");
-// if (null == familyName) familyName ="";
-// String givenName = (String) parameters.get("givenname_");
-// if (null == givenName) givenName ="";
-// boolean physical = "true".equals(parameters.get("physical_"));
-// String dobday = (String) parameters.get("dobday_");
-// if (null!=dobday && dobday.equalsIgnoreCase("TT")) dobday="";
-// String dobmonth = (String) parameters.get("dobmonth_");
-// if (null!=dobmonth && dobmonth.equalsIgnoreCase("MM")) dobmonth="";
-// String dobyear = (String) parameters.get("dobyear_");
-// if (null!=dobyear && dobyear.equalsIgnoreCase("JJJJ")) dobyear="";
-// String dateOfBirth = "";
-// dobyear = (" ".substring(0, 4-dobyear.length()) + dobyear);
-// dobmonth = (" ".substring(0, 2-dobmonth.length()) + dobmonth);
-// dobday = (" ".substring(0, 2-dobday.length()) + dobday);
-// dateOfBirth = dobyear + "-" + dobmonth + "-" + dobday;
-// String cbFullName = (String) parameters.get("fullname_");
-// if (null == cbFullName) cbFullName ="";
-// String cbIdentificationType = (String) parameters.get("cbidentificationtype_");
-// if (null == cbIdentificationType) cbIdentificationType ="";
-// String cbIdentificationValue = (String) parameters.get("cbidentificationvalue_");
-// if (null == cbIdentificationValue) cbIdentificationValue ="";
-// String postalCode = (String) parameters.get("postalcode_");
-// if (null == postalCode) postalCode ="";
-// String municipality = (String) parameters.get("municipality_");
-// if (null == municipality) municipality ="";
-// String streetName = (String) parameters.get("streetname_");
-// if (null == streetName) streetName ="";
-// String buildingNumber = (String) parameters.get("buildingnumber_");
-// if (null == buildingNumber) buildingNumber ="";
-// String unit = (String) parameters.get("unit_");
-// if (null == unit) unit ="";
-// if (physical) {
-// if (ParepUtils.isEmpty(familyName)) {
-// formNecessary = true;
-// locErrortext = locErrortext + "Familienname";
-// }
-// if (ParepUtils.isEmpty(givenName)) {
-// formNecessary = true;
-// if (!locErrortext.endsWith(": ")) locErrortext = locErrortext + ", ";
-// locErrortext = locErrortext + "Vorname";
-// }
-// // Auf existierendes Datum prüfen
-// SimpleDateFormat format = new SimpleDateFormat("yyyy-MM-dd");
-// format.setLenient(false); // Wir wollen keine künstliche Pareserintelligenz, nur Datum prüfen
-// try {
-// format.parse(dateOfBirth);
-// }
-// catch(ParseException pe)
-// {
-// formNecessary = true;
-// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
-// locErrortext = locErrortext + "korrektes Geburtsdatum";
-// }
-// } else {
-// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
-// formNecessary = true;
-// if (ParepUtils.isEmpty(cbFullName)) {
-// locErrortext = locErrortext + "Name der Organisation";
-// }
-// if (ParepUtils.isEmpty(cbIdentificationType)) {
-// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
-// locErrortext = locErrortext + "Auswahl des Registers";
-// }
-// if (ParepUtils.isEmpty(cbIdentificationValue)) {
-// if (!locErrortext.endsWith("fehlen: ")) locErrortext = locErrortext + ", ";
-// locErrortext = locErrortext + "Ordnungsnummer im ausgewählten Register";
-// }
-// }
-// }
-// try {
-// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
-// cbIdentificationType, cbIdentificationValue);
-// if (formNecessary) {
-// // Daten noch nicht vollständig oder anderer Fehler
-// if (locErrortext.endsWith("fehlen: ")) locErrortext ="";
-// String error = "";
-// if (!ParepUtils.isEmpty(extErrortext)) {
-// error = extErrortext;
-// if (!ParepUtils.isEmpty(locErrortext)) error = error + "; ";
-// }
-// if (!ParepUtils.isEmpty(locErrortext)) error = error + locErrortext;
-// if (!ParepUtils.isEmpty(error)) {
-// error = "<div class=\"errortext\"> <img alt=\"Rufezeichen\" src=\"img/rufezeichen.gif\" width=\"10\" height=\"16\" />&nbsp; " + error + "</div>";
-// }
-// form = loadForm(physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality, cbFullName, cbIdentificationType, cbIdentificationValue, error);
-// if (form == null) {
-// return null;
-// }
-// } else {
-// return ""; // everything is ok
-// }
-// } catch (Exception e) {
-// //e.printStackTrace();
-// Logger.info(e);
-// return null;
-// }
-// return form;
-// }
-// /**
-// * Loads the empty user input form and replaces tag occurences with given variables
-// *
-// * @param physical
-// * @param familyName
-// * @param givenName
-// * @param dateOfBirth
-// * @param streetName
-// * @param buildingNumber
-// * @param unit
-// * @param postalCode
-// * @param municipality
-// * @param cbFullName
-// * @param cbIdentificationType
-// * @param cbIdentificationValue
-// * @param errorText
-// * @return
-// */
-// private String loadForm(
-// boolean physical, String familyName, String givenName, String dateOfBirth,
-// String streetName, String buildingNumber, String unit, String postalCode, String municipality,
-// String cbFullName, String cbIdentificationType, String cbIdentificationValue, String errorText)
-// {
-// String form = "";
-// try {
-// String fileName = parepConfiguration.getInputProcessorTemplate(representationID);
-// InputStream instream = null;
-// File file = new File(fileName);
-// if (file.exists()) {
-// //if this resolves to a file, load it
-// instream = new FileInputStream(fileName);
-// } else {
-// fileName = parepConfiguration.getFullDirectoryName(fileName);
-// if (fileName.startsWith("file:\\")) fileName = fileName.substring(6);
-// file = new File(fileName);
-// if (file.exists()) {
-// //if this resolves to a file, load it
-// instream = new FileInputStream(fileName);
-// } else {
-// //else load a named resource in our classloader.
-// instream = this.getClass().getResourceAsStream(parepConfiguration.getInputProcessorTemplate(representationID));
-// if (instream == null) {
-// Logger.error("Form Prozessor Input Template \"" + fileName + "\" fehlt");
-// return null;
-// }
-// }
-// }
-// ByteArrayOutputStream bos = new ByteArrayOutputStream();
-// ParepUtils.dumpInputOutputStream(instream, bos);
-// form = bos.toString("UTF-8");
-// } catch(Exception e) {
-// Logger.error("Fehler beim Einlesen des Input-Templates.", e);
-// }
-// if (!ParepUtils.isEmpty(form)) {
-// boolean cbEnabled = parepConfiguration.isRepresentingCorporateParty(representationID);
-// boolean physEnabled = parepConfiguration.isRepresentingPhysicalParty(representationID);
-// boolean reducedSelection = (!physEnabled || !cbEnabled);
-// if (reducedSelection) {
-// physical = !cbEnabled;//wird somit umgesetzt falls jur. Person nicht vetretbar
-// }
-// if (ParepUtils.isEmpty(dateOfBirth)) dateOfBirth = "JJJJ-MM-TT";
-// form = ParepUtils.replaceAll(form, "<rpgivenname>", rpGivenName);
-// form = ParepUtils.replaceAll(form, "<rpfamilyname>", rpFamilyName);
-// form = ParepUtils.replaceAll(form, "<rpdobyear>", rpDateOfBirth.substring(0,4));
-// form = ParepUtils.replaceAll(form, "<rpdobmonth>", rpDateOfBirth.substring(5,7));
-// form = ParepUtils.replaceAll(form, "<rpdobday>", rpDateOfBirth.substring(8,10));
-// //darf zw. phys. und jur. Person gewählt werden:
-// //form = replaceAll(form, "seldisabled=\"\"", reducedSelection ? "disabled=\"true\"" : "");
-// form = ParepUtils.replaceAll(form, "physdisabled=\"\"", physEnabled ? "" : "disabled=\"true\"");
-// form = ParepUtils.replaceAll(form, "physselected=\"\"", physical ? "checked=\"checked\"" : "");
-// form = ParepUtils.replaceAll(form, "<givenname>", givenName);
-// form = ParepUtils.replaceAll(form, "<familyname>", familyName);
-// form = ParepUtils.replaceAll(form, "<dobyear>", dateOfBirth.substring(0,4).trim());
-// form = ParepUtils.replaceAll(form, "<dobmonth>", dateOfBirth.substring(5,7).trim());
-// form = ParepUtils.replaceAll(form, "<dobday>", dateOfBirth.substring(8,10).trim());
-// form = ParepUtils.replaceAll(form, "<streetname>", streetName);
-// form = ParepUtils.replaceAll(form, "<buildingnumber>", buildingNumber);
-// form = ParepUtils.replaceAll(form, "<unit>", unit);
-// form = ParepUtils.replaceAll(form, "<postalcode>", postalCode);
-// form = ParepUtils.replaceAll(form, "<municipality>", municipality);
-// form = ParepUtils.replaceAll(form, "cbdisabled=\"\"", cbEnabled ? "" : "disabled=\"true\"");
-// form = ParepUtils.replaceAll(form, "<fullname>", cbFullName);
-// form = ParepUtils.replaceAll(form, "cbseldisabled=\"\"", cbEnabled ? "" : "disabled=\"disabled\"");
-// form = ParepUtils.replaceAll(form, "cbselected=\"\"", physical ? "" : "checked=\"checked\"");
-// form = ParepUtils.replaceAll(form, "fnselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XFN") ? "selected=\"selected\"" : "");
-// form = ParepUtils.replaceAll(form, "vrselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XVR") ? "selected=\"selected\"" : "");
-// form = ParepUtils.replaceAll(form, "ersbselected=\"\"", cbIdentificationType.equals("urn:publicid:gv.at:baseid+XERSB") ? "selected=\"selected\"" : "");
-// form = ParepUtils.replaceAll(form, "<cbidentificationvalue>", cbIdentificationValue);
-// form = ParepUtils.replaceAll(form, "<errortext>", errorText);
-// }
-// return form;
-// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
index ab7a134c8..5483b865e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java
@@ -1,58 +1,80 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep;
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.io.OutputStreamWriter;
-import javax.xml.parsers.DocumentBuilderFactory;
-import org.apache.xml.serialize.OutputFormat;
-import org.apache.xml.serialize.XMLSerializer;
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.BoolUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StringUtils;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.OutputStreamWriter;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.apache.xml.serialize.OutputFormat;
+import org.apache.xml.serialize.XMLSerializer;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.BoolUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
* This class implements a set of utility methods.
@@ -253,12 +275,12 @@ public class ParepUtils {
try {
Element nameSpaceNode = mandator.getOwnerDocument().createElement("NameSpaceNode");
nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
- String s = DOMUtils.serializeNode(mandator);
+ DOMUtils.serializeNode(mandator);
// check if physical person
- Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
+ Element physicalPerson = (Element) XPathAPI.selectSingleNode(mandator, "descendant-or-self::pr:PhysicalPerson", nameSpaceNode);
// Element physicalPerson = (Element)XPathAPI.selectSingleNode(mandator,
// "descendant-or-self::pr:CorporateBody", nameSpaceNode);
@@ -511,25 +533,25 @@ public class ParepUtils {
- /*
- *
- */
- private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
- try {
- Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
- Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
- String nsPrefix = mandator.getPrefix();
- String nsUri = mandator.getNamespaceURI();
- Element mandatorClone = (Element) mandator.cloneNode(true);
- mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
- return mandatorClone;
- } catch (Exception e) {
- throw new SZRGWClientException(e);
- }
- }
+// /*
+// *
+// */
+// private static Element extractRepresentative(Element mandate) throws SZRGWClientException {
+// try {
+// Element nameSpaceNode = mandate.getOwnerDocument().createElement("NameSpaceNode");
+// nameSpaceNode.setAttribute("xmlns:md", SZRGWConstants.MANDATE_NS);
+// Element mandator = (Element) XPathAPI.selectSingleNode(mandate, "//md:Representative/child::*[1]", nameSpaceNode);
+// String nsPrefix = mandator.getPrefix();
+// String nsUri = mandator.getNamespaceURI();
+// Element mandatorClone = (Element) mandator.cloneNode(true);
+// mandatorClone.setAttribute("xmlns:" + nsPrefix, nsUri);
+// return mandatorClone;
+// } catch (Exception e) {
+// throw new SZRGWClientException(e);
+// }
+// }
* Serializes a XML element to a given output stream.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
deleted file mode 100644
index f2f897432..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepValidator.java
+++ /dev/null
@@ -1,643 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.validator.parep;
-import java.io.File;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Vector;
-import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
-import at.gv.egovernment.moa.id.auth.data.InfoboxToken;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResultImpl;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateRequest;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateMandateResponse;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
-import at.gv.egovernment.moa.id.auth.validator.parep.config.ParepConfiguration;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.util.SSLUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
- * This class implements a MOA-ID Infobox Validator for validating
- * a standardized XML mandate using the SZR-gateway.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner
- */
-public class ParepValidator implements InfoboxValidator {
- public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
- public final static String EXT_SAML_MANDATE_OID = "OID";
- public final static String EXT_SAML_MANDATE_RAW = "Mandate";
- public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
- public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
- public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
- public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
- public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
- public InfoboxValidationResult validate(InfoboxValidatorParams params)
- throws ValidateException {
- // TODO Auto-generated method stub
- return null;
- }
- public InfoboxValidationResult validate(Map parameters)
- throws ValidateException {
- // TODO Auto-generated method stub
- return null;
- }
- public InfoboxValidationResult validate(Element samlAssertion)
- throws ValidateException {
- // TODO Auto-generated method stub
- return null;
- }
- public String getForm() {
- // TODO Auto-generated method stub
- return null;
- }
- //TODO: check correctness!!!!
-// /** activates debug settings */
-// private boolean PAREP_DEBUG = false;
-// /** contains the parameters the validator initially was called with */
-// private InfoboxValidatorParams params = null;
-// /** contains the configuration of the validator */
-// private ParepConfiguration parepConfiguration = null;
-// /** the requested representation ID (currently * or OID) */
-// private String representationID = null;
-// /** holds the information of the SZR-request */
-// private CreateMandateRequest request = null;
-// /** List of extended SAML attributes. */
-// private Vector extendedSamlAttributes = new Vector();
-// /** the class which processes the user input */
-// private ParepInputProcessor inputProcessor = null;
-// /** The form if user input is necessary */
-// private String form = null;
-// /** unspecified error of parep-validator (must not know more about)*/
-// private final static String COMMON_ERROR = "Es ist ein Fehler bei der �berpr�fung f�r berufsm��ige Parteienvetretung aufgetreten";
-// /** Default class to gather remaining mandator data. */
-// public final static String PAREP_INPUT_PROCESSOR = "at.gv.egovernment.moa.id.auth.validator.parep.ParepInputProcessorImpl";
-// /** Default template to gather remaining mandator data. */
-// public final static String PAREP_INPUT_TEMPLATE = "/resources/templates/ParepMinTemplate.html";
-// /** kind of representation text in AUTH block*/
-// public final static String STANDARD_REPRESENTATION_TEXT = "berufsm��ige(r) Parteienvertreter(in)";
-// /** Names of the produced SAML-attributes. */
-// public final static String EXT_SAML_MANDATE_RAW = "Mandate";
-// public final static String EXT_SAML_MANDATE_NAME = "MandatorName";
-// public final static String EXT_SAML_MANDATE_DOB = "MandatorDateOfBirth";
-// public final static String EXT_SAML_MANDATE_WBPK = "MandatorWbpk";
-// public final static String EXT_SAML_MANDATE_REPRESENTATIONTYPE = "RepresentationType";
-// public final static String EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION = "OIDTextualDescription";
-// public final static String EXT_SAML_MANDATE_OID = "OID";
-// /** */
-// public final static String EXT_SAML_MANDATE_REPRESENTATIONTEXT = "Vollmachtsvertreter";
-// /** register and register number for non physical persons - the domain identifier for business applications*/
-// public final static String EXT_SAML_MANDATE_CB_BASE_ID = "MandatorDomainIdentifier";
-// /**
-// * Parses the XML configuration element and creates the validators configuration
-// * Use this function if you want to preconfigure the validator.
-// *
-// * @param configElem
-// * the XML configuration element to parse.
-// * @throws ConfigurationException
-// * if an error occurs during the configuration process
-// */
-// public void Configure(Element configElem) throws ConfigurationException {
-// if (this.parepConfiguration == null) {
-// Logger.debug("Lade Konfiguration.");
-// parepConfiguration = new ParepConfiguration(configElem);
-// Logger.debug("Konfiguration erfolgreich geladen.");
-// }
-// }
-// /*
-// * (non-Javadoc)
-// *
-// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams)
-// */
-// public InfoboxValidationResult validate(InfoboxValidatorParams params) throws ValidateException {
-// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-// try {
-// Logger.debug("Starte Organwalter-/berufsmäßige Parteienvertreterprüfung.");
-// this.params = params;
-// Element mandate = extractPrimaryToken(this.params.getInfoboxTokenList());
-// // ParepUtils.serializeElement(mandate, System.out);
-// this.representationID = ParepUtils.extractRepresentativeID(mandate);
-// if (ParepUtils.isEmpty(representationID)) {
-// validationResult.setErrorMessage("Fehlende oder falsche MandateID in standardisierter Vollmacht");
-// return validationResult;
-// }
-// // überprüfen der Identifikation (Type/Value).
-// String identificationType = this.params.getIdentificationType();
-// String identificationValue = this.params.getIdentificationValue();
-// if (this.params.getBusinessApplication()) {
-// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
-// validationResult.setErrorMessage("Eine Vertretung durch Organwalter im privatwirtschaftlichen Bereich ist nicht vorgesehen.");
-// return validationResult;
-// } else {
-// Logger.debug("Parteienvertreter wird mit wbPK identifiziert");
-// }
-// } else {
-// if (representationID.startsWith(MOAIDAuthConstants.PARTY_ORGAN_REPRESENTATION_OID_NUMBER)) {
-// //Für Organwalter wird die Stammzahl zur Berechnung der Organwalter-bPK benötigt
-// if (!Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
-// Logger.error("Für eine Vertretung durch Organwalter ist es notwendig dessen Stammzahl an das Stammzahlenregister-Gateway zu �bermitteln. In der MOA-ID Konfiguration muss die �bermittlung Stammzahl aktiviert sein.");
-// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
-// return validationResult;
-// } else {
-// Logger.debug("Organwalter wird mit Stammzahl identifiziert");
-// }
-// } else {
-// if (Constants.URN_PREFIX_BASEID.equals(this.params.getIdentificationType())) {
-// // bPK berechnen, da dem SZR-Gateway das Target nicht bekannt ist
-// identificationType = Constants.URN_PREFIX_CDID;
-// String bpkBase64 = new BPKBuilder().buildBPK(this.params.getIdentificationValue(), this.params.getTarget());
-// identificationValue = bpkBase64;
-// Logger.debug("bPK für Parteienvertreter wurde berechnet. Parteienvertreter wird mit bPK identifiziert");
-// } else {
-// Logger.debug("Parteienvertreter wird mit bPK identifiziert");
-// }
-// }
-// }
-// Configure(this.params.getApplicationSpecificParams());
-// // check if we have a configured party representative for that
-// if (!parepConfiguration.isPartyRepresentative(representationID)) {
-// Logger.info("Kein berufsmäßiger Parteienvertreter für MandateID \"" + representationID + "\" konfiguriert.");
-// validationResult.setErrorMessage("Die standardisierte Vollmacht wird von diesem Server nicht akzeptiert.");
-// return validationResult;
-// }
-// // Vertreter
-// this.request = new CreateMandateRequest();
-// request.setRepresentative(this.params, identificationType, identificationValue);
-// // ParepUtils.serializeElement(request.getRepresentative(), System.out);
-// //ParepUtils.saveElementToFile(request.getRepresentative(), new File("c:/representative.xml"));
-// Logger.debug("Prüfe vorausgefüllte Daten...");
-// boolean physical = true;
-// String familyName = "";
-// String givenName = "";
-// String dateOfBirth = "";
-// String cbFullName = "";
-// String cbIdentificationType = "";
-// String cbIdentificationValue = "";
-// String postalCode = "";
-// String municipality = "";
-// String streetName = "";
-// String buildingNumber = "";
-// String unit = "";
-// boolean formNecessary = false;
-// // Vertretener (erstes Vorkommen)
-// Element mandator = ParepUtils.extractMandator(mandate);
-// if (mandator != null) {
-// // ParepUtils.serializeElement(mandator, System.out);
-// // ParepUtils.saveElementToFile(mandator, new File("c:/mandator.xml"));
-// if (ParepUtils.isPhysicalPerson(mandator)) {
-// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
-// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
-// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
-// } else {
-// physical = false;
-// cbFullName = ParepUtils.extractMandatorFullName(mandator);
-// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
-// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
-// }
-// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
-// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
-// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
-// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
-// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-// }
-// if (physical) {
-// if (!parepConfiguration.isRepresentingPhysicalParty(representationID)) {
-// validationResult.setErrorMessage("Vertretung von natürlichen Personen für diese standardisierte Vollmacht nicht erlaubt.");
-// return validationResult;
-// }
-// if (ParepUtils.isEmpty(familyName) || ParepUtils.isEmpty(givenName) || ParepUtils.isEmpty(dateOfBirth)) {
-// formNecessary = true;
-// }
-// } else {
-// if (!parepConfiguration.isRepresentingCorporateParty(representationID)) {
-// validationResult.setErrorMessage("Vertretung von juristischen Personen für diese standardisierte Vollmacht nicht erlaubt.");
-// return validationResult;
-// }
-// if (ParepUtils.isEmpty(cbFullName) || ParepUtils.isEmpty(cbIdentificationType) || ParepUtils.isEmpty(cbIdentificationValue)) {
-// formNecessary = true;
-// }
-// }
-// //Zeigen wir, dass die Daten �bernommen wurden:
-// if (parepConfiguration.isAlwaysShowForm()) formNecessary=true;
-// // Input processor
-// this.form = "";
-// if (formNecessary) {
-// ParepInputProcessor inputProcessor= getInputProcessor();
-// this.form = inputProcessor.start(
-// physical, familyName, givenName, dateOfBirth, streetName, buildingNumber, unit, postalCode, municipality,
-// cbFullName, cbIdentificationType, cbIdentificationValue);
-// if (this.form == null) {
-// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
-// return validationResult;
-// }
-// } else {
-// // Request vorbereiten mit vorgegebenen Daten
-// request.setMandator(familyName, givenName, dateOfBirth, postalCode, municipality, streetName, buildingNumber, unit, physical, cbFullName,
-// cbIdentificationType, cbIdentificationValue);
-// }
-// // ParepUtils.serializeElement(request.getMandator(), System.out);
-// // ParepUtils.saveElementToFile(request.getMandator(), new File("c:/mandator.xml"));
-// addAuthBlockExtendedSamlAttributes();
-// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
-// Logger.debug("�berpr�fung der vertretenen Partei erfolgreich beendet");
-// validationResult.setValid(true);
-// return validationResult;
-// } catch (Exception e) {
-// e.printStackTrace();
-// Logger.info(e);
-// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
-// return validationResult;
-// }
-// }
-// /*
-// * (non-Javadoc)
-// *
-// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(java.util.Map)
-// */
-// public InfoboxValidationResult validate(Map parameters) throws ValidateException {
-// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung");
-// Logger.debug("Prüfe im Formular ausgefüllte Daten...");
-// if (PAREP_DEBUG) Logger.debug("Got parameters from user input form: " + parameters.toString());
-// // Input processor
-// ParepInputProcessor inputProcessor= getInputProcessor();
-// this.form = inputProcessor.validate(parameters, null);
-// if (this.form == null) {
-// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
-// return validationResult;
-// }
-// addAuthBlockExtendedSamlAttributes();
-// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
-// validationResult.setValid(true);
-// Logger.debug("Intermediate processing von Organwalter-/berufsmäßige Parteienvertreterprüfung erfolgreich beendet");
-// return validationResult;
-// }
-// /*
-// * (non-Javadoc)
-// *
-// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#validate(org.w3c.dom.Element)
-// */
-// public InfoboxValidationResult validate(Element samlAssertion) throws ValidateException {
-// InfoboxValidationResultImpl validationResult = new InfoboxValidationResultImpl(false, null, null);
-// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung");
-// this.form = "";
-// try {
-// request.setSignature(samlAssertion);
-////DPO debug
-//// Element mandate = (ParepUtils.readDocFromIs(new FileInputStream("c:/vertetervollmacht_1."))).getDocumentElement();
-//// String id = representationID;
-//// CreateMandateResponse response;
-//// if (true) {
-//// if (this.params.getHideStammzahl()) {
-//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-//// // Achtung: Es wird hier nicht spezifikationskonform vorgegangen, damit im Kompatibilit�tsmodus Personendaten ersetzt werden k�nnen.
-//// // W�rden die Stammzahlen gel�scht (geblindet) werden, w�rde der Identifikationswert des Vertretenen g�nzlich fehlen.
-//// // Im Falle einen business Anwendung berechnet MOA-ID nach R�ckkehr das wbPK
-//// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
-//// }
-//// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +".xml"));
-// //ParepUtils.serializeElement(request.toElement(), System.out);
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(request.toElement(), new File("c:/gwrequest.xml"));
-// // configure szrgw client
-// Logger.debug("Lade SZR-GW Client.");
-// SZRGWClient client = new SZRGWClient();
-// // System.out.println("Parameters: " + cfg.getConnectionParameters());
-// Logger.debug("Initialisiere Verbindung...");
-// ConnectionParameter connectionParameters = parepConfiguration.getConnectionParameters(representationID);
-// // Logger.debug("Connection Parameters: " + connectionParameters);
-// Logger.debug("SZR-GW URL: " + connectionParameters.getUrl());
-// client.setAddress(connectionParameters.getUrl());
-// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) {
-// Logger.debug("Initialisiere SSL Verbindung");
-// client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
-// }
-// Logger.debug("Starte Kommunikation mit dem Stammzahlenregister Gateway...");
-// CreateMandateResponse response;
-// Element requ = request.toElement();
-// try {
-// response = client.createMandateResponse(requ);
-// } catch (SZRGWClientException e) {
-// // give him a second try - Nach dem Starten des Tomcat wird beim ersten Mal das Client-Zertifikat offenbar vom HTTPClient nicht mitgeschickt.
-// client = new SZRGWClient(connectionParameters.getUrl());
-// if (connectionParameters.getUrl().toLowerCase().startsWith("https:")) client.setSSLSocketFactory(SSLUtils.getSSLSocketFactory(AuthConfigurationProvider.getInstance(), connectionParameters));
-// response = client.createMandateResponse(requ);
-// }
-// Logger.debug("SZR-Gateway Response Code: " + response.getResultCode()+ " " + response.getInfo()!=null ? response.getInfo():"");
-// if (response.getResultCode()==2000) {
-// if(response.getMandate()==null) {
-// Logger.error("Keine Vollmacht vom SZR-Gateway erhalten");
-// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
-// return validationResult;
-// }
-// //DPO debug output (2lines)
-// String id = representationID;
-// if (id.equals("*")) id="standardisiert";
-// Element mandate = response.getMandate();
-// // Replace Stammzahlen
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(response.getMandate(), new File("c:/vertetervollmacht_"+ id +"_origin.xml"));
-// if (this.params.getHideStammzahl()) {
-// ParepUtils.HideStammZahlen(mandate, this.params.getBusinessApplication(), this.params.getTarget(), this.params.getDomainIdentifier(), false);
-// if (PAREP_DEBUG) ParepUtils.saveElementToFile(mandate, new File("c:/vertetervollmacht_"+ id +"_hideStammzahl.xml"));
-// }
-// extendedSamlAttributes.clear();
-// // Vollmacht
-// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_RAW, mandate, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-// validationResult.setExtendedSamlAttributes(getExtendedSamlAttributes());
-// validationResult.setValid(true);
-// Logger.debug("Post processing von Organwalter-/berufsm��ige Parteienvertreterpr�fung erfolgreich beendet");
-// } else {
-// String errorMsg = "Fehler " + response.getResultCode() + " bei Stammzahlenregister-Gateway Anfrage";
-// String responseInfo = response.getInfo();
-// if (response.getResultCode()>=4000 && response.getResultCode()<4999) {
-// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
-// validationResult.setErrorMessage(errorMsg);
-// } else if (response.getResultCode()>=5000 && response.getResultCode()<=5999) {
-// // Person not found
-// ParepInputProcessor inputProcessor= getInputProcessor();
-// switch (response.getResultCode()) {
-// case 5230:
-// errorMsg = "Keine mit den Eingaben &uuml;bereinstimmende Person vorhanden. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
-// break;
-// case 5231:
-// errorMsg = "Die Person konnte nicht eindeutig identifiziert werden. Es existieren mehrere Personen zu Ihrer Suchanfrage. Bitte erg&auml;nzen/&auml;ndern Sie ihre Angaben.";
-// break;
-// default:
-// if (!ParepUtils.isEmpty(responseInfo)) errorMsg = errorMsg + ": " + responseInfo;
-// }
-// this.form = inputProcessor.validate(generateParameters(), errorMsg);
-// if (this.form == null) {
-// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
-// return validationResult;
-// }
-// validationResult.setValid(true);
-// } else {
-// // Do not inform the user too much
-// Logger.error(errorMsg);
-// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
-// }
-// }
-// return validationResult;
-// } catch (Exception e) {
-// e.printStackTrace();
-// Logger.info(e);
-// validationResult.setErrorMessage(ParepValidator.COMMON_ERROR);
-// return validationResult;
-// }
-// }
-// /**
-// * provides the primary infobox token of the given list.
-// *
-// * @param infoBoxTokens
-// * the list of infobox tokens.
-// * @return
-// * the XML element of the primary token.
-// * @throws ValidateException
-// * if an error occurs or list is not suitable.
-// */
-// public static Element extractPrimaryToken(List infoBoxTokens) throws ValidateException {
-// if (infoBoxTokens == null || infoBoxTokens.size() == 0) {
-// throw new ValidateException("validator.62", null);
-// }
-// for (int i = 0; i < infoBoxTokens.size(); i++) {
-// InfoboxToken token = (InfoboxToken) infoBoxTokens.get(i);
-// if (token.isPrimary()) {
-// return token.getXMLToken();
-// }
-// }
-// throw new ValidateException("validator.62", null);
-// }
-// /*
-// * @see at.gv.egovernment.moa.id.auth.validator.InfoboxValidator#getExtendedSamlAttributes()
-// */
-// public ExtendedSAMLAttribute[] getExtendedSamlAttributes() {
-// ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes.size()];
-// extendedSamlAttributes.copyInto(ret);
-// Logger.debug("ParepValidator ExtendedSAML Attributes: " + ret.length);
-// return ret;
-// }
-// /**
-// * @return The next pending user input form, which is "" if no form is to be shown, and null on errors.
-// */
-// public String getForm() {
-// return this.form;
-// }
-// /**
-// * Gets the user form input processor (class) assigned to the current party representative
-// * If the method is called for the first time it initializes the input processor.
-// *
-// * @return The user form input processor
-// */
-// private ParepInputProcessor getInputProcessor() {
-// if (this.inputProcessor!=null) return inputProcessor;
-// String inputProcessorName = parepConfiguration.getInputProcessorClass(representationID);
-// ParepInputProcessor inputProcessor = null;
-// try {
-// Class inputProcessorClass = Class.forName(inputProcessorName);
-// inputProcessor= (ParepInputProcessor) inputProcessorClass.newInstance();
-// inputProcessor.initialize(representationID, parepConfiguration, this.params.getFamilyName(), this.params.getGivenName(), this.params.getDateOfBirth(), request);
-// } catch (Exception e) {
-// Logger.error("Could not load input processor class \"" + inputProcessorName + "\": " + e.getMessage());
-// }
-// this.inputProcessor = inputProcessor;
-// return inputProcessor;
-// }
-// /**
-// * Generates the parameter list, which is needed to simulate a return from
-// * an user form.
-// *
-// * @return the form parameters
-// */
-// private Map generateParameters() {
-// Map parameters = new HashMap();
-// boolean physical = true;
-// String familyName = "";
-// String givenName = "";
-// String dateOfBirth = "";
-// String cbFullName = "";
-// String cbIdentificationType = "";
-// String cbIdentificationValue = "";
-// String postalCode = "";
-// String municipality = "";
-// String streetName = "";
-// String buildingNumber = "";
-// String unit = "";
-// try {
-// // Vertretener (erstes Vorkommen)
-// Element mandator = request.getMandator();
-// if (mandator != null) {
-// if (ParepUtils.isPhysicalPerson(mandator)) {
-// familyName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:FamilyName/text()");
-// givenName = ParepUtils.extractText(mandator, "descendant-or-self::pr:Name/pr:GivenName/text()");
-// dateOfBirth = ParepUtils.extractMandatorDateOfBirth(mandator);
-// } else {
-// physical = false;
-// cbFullName = ParepUtils.extractMandatorFullName(mandator);
-// cbIdentificationType = ParepUtils.getIdentification(mandator, "Type");
-// cbIdentificationValue = ParepUtils.extractMandatorWbpk(mandator);
-// }
-// postalCode = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:PostalCode/text()");
-// municipality = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:Municipality/text()");
-// streetName = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:StreetName/text()");
-// buildingNumber = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:BuildingNumber/text()");
-// unit = ParepUtils.extractText(mandator, "descendant-or-self::pr:PostalAddress/pr:DeliveryAddress/pr:Unit/text()");
-// }
-// } catch (Exception e) {
-// Logger.error("Could not extract Mandator form SZR-gateway request");
-// }
-// parameters.put("familyname_", familyName);
-// parameters.put("givenname_", givenName);
-// parameters.put("dateofbirth_", dateOfBirth);
-// parameters.put("dobyear_", dateOfBirth.substring(0,4));
-// parameters.put("dobmonth_", dateOfBirth.substring(5,7));
-// parameters.put("dobday_", dateOfBirth.substring(8,10));
-// parameters.put("physical_", physical ? "true" : "false");
-// parameters.put("fullname_", cbFullName);
-// parameters.put("cbidentificationtype_", cbIdentificationType);
-// parameters.put("cbidentificationvalue_", cbIdentificationValue);
-// parameters.put("postalcode_", postalCode);
-// parameters.put("municipality_", municipality);
-// parameters.put("streetname_", streetName);
-// parameters.put("buildingnumber_", buildingNumber);
-// parameters.put("unit_", unit);
-// return parameters;
-// }
-// /**
-// * Adds the AUTH block related SAML attributes to the validation result.
-// * This is needed always before the AUTH block is to be signed, because the
-// * name of the mandator has to be set
-// */
-// private void addAuthBlockExtendedSamlAttributes() {
-// extendedSamlAttributes.clear();
-// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_REPRESENTATIONTYPE, parepConfiguration.getRepresentationText(representationID), SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
-// Element mandator = request.getMandator();
-// // Name
-// String name = ParepUtils.extractMandatorName(mandator);
-// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_NAME, name, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
-// // Geburtsdatum
-// String dob = ParepUtils.extractMandatorDateOfBirth(mandator);
-// if (dob != null && !"".equals(dob)) {
-// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_DOB, dob, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
-// }
-// // (w)bpk
-// String wbpk = ParepUtils.extractMandatorWbpk(mandator);
-// if (!ParepUtils.isEmpty(wbpk)) {
-// if (!ParepUtils.isPhysicalPerson(mandator)){
-// String idType = ParepUtils.extractMandatorIdentificationType(mandator);
-// if (!ParepUtils.isEmpty(idType) && idType.startsWith(Constants.URN_PREFIX_BASEID + "+X")) {
-// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_CB_BASE_ID, ParepUtils.getRegisterString(idType) + ": " + wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
-// }
-// } else if (this.params.getBusinessApplication()) {
-// extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(ParepValidator.EXT_SAML_MANDATE_WBPK, wbpk, SZRGWConstants.MANDATE_NS, ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
-// }
-// }
-// }
-//// public static void main(String[] args) throws Exception {
-//// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java
deleted file mode 100644
index fc845f579..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/PartyRepresentative.java
+++ /dev/null
@@ -1,183 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
- *
- */
-package at.gv.egovernment.moa.id.auth.validator.parep;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- *
- */
-public class PartyRepresentative {
- /** Object Identifier **/
- private String oid;
- private boolean representPhysicalParty;
- private boolean representCorporateParty;
- /**
- * Text for representation description in SAML Assertion (Auth-Block)
- * */
- private String representationText;
- /**
- * SZR-GW connection parameters.
- */
- private ConnectionParameter connectionParameters = null;
- private String inputProcessorClass = null;
- private String inputProcessorTemplate = null;
- /**
- * Constructor
- */
-public PartyRepresentative() {
- this.oid = null;
- this.representPhysicalParty = false;
- this.representCorporateParty = false;
- this.connectionParameters = null;
- this.representationText = null;
- * Constructor
- */
- public PartyRepresentative(boolean representPhysicalParty, boolean representCorporateParty) {
- this.oid = null;
- this.representPhysicalParty = representPhysicalParty;
- this.representCorporateParty = representCorporateParty;
- this.connectionParameters = null;
- this.representationText = null;
- this.inputProcessorClass = null;
- this.inputProcessorTemplate = null;
- }
- /**
- * @return the oid
- */
- public String getOid() {
- return oid;
- }
- /**
- * @param oid the oid to set
- */
- public void setOid(String oid) {
- this.oid = oid;
- }
- /**
- * @return the representPhysicalParty
- */
- public boolean isRepresentingPhysicalParty() {
- return representPhysicalParty;
- }
- /**
- * @param representPhysicalParty the representPhysicalParty to set
- */
- public void setRepresentingPhysicalParty(boolean representPhysicalParty) {
- this.representPhysicalParty = representPhysicalParty;
- }
- /**
- * @return the representCorporateParty
- */
- public boolean isRepresentingCorporateParty() {
- return representCorporateParty;
- }
- /**
- * @param representCorporateParty the representCorporateParty to set
- */
- public void setRepresentingCorporateParty(boolean representCorporateParty) {
- this.representCorporateParty = representCorporateParty;
- }
- /**
- * @return the connectionParameters
- */
- public ConnectionParameter getConnectionParameters() {
- return connectionParameters;
- }
- /**
- * @param connectionParameters the connectionParameters to set
- */
- public void setConnectionParameters(ConnectionParameter connectionParameters) {
- this.connectionParameters = connectionParameters;
- }
- /**
- * @return the representationText
- */
- public String getRepresentationText() {
- return representationText;
- }
- /**
- * @param representationText the representationText to set
- */
- public void setRepresentationText(String representationText) {
- this.representationText = representationText;
- }
- /**
- * @return the inputProcessorClass
- */
- public String getInputProcessorClass() {
- return inputProcessorClass;
- }
- /**
- * @param inputProcessorClass the inputProcessorClass to set
- */
- public void setInputProcessorClass(String inputProcessorClass) {
- this.inputProcessorClass = inputProcessorClass;
- }
- /**
- * @return the inputProcessorTemplate
- */
- public String getInputProcessorTemplate() {
- return inputProcessorTemplate;
- }
- /**
- * @param inputProcessorTemplate the inputProcessorTemplate to set
- */
- public void setInputProcessorTemplate(String inputProcessorTemplate) {
- this.inputProcessorTemplate = inputProcessorTemplate;
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
index eae5dba05..fca0b2dce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateIdentityLinkResponse.java
@@ -1,31 +1,53 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import org.w3c.dom.Element;
+import org.w3c.dom.Element;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
deleted file mode 100644
index 53f786eb3..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateRequest.java
+++ /dev/null
@@ -1,281 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import java.util.ArrayList;
-import java.util.List;
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidatorParams;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.util.Constants;
- * This class implements a detailed CreateMandateRequest that
- * will be sent to SZR-gateway.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class CreateMandateRequest {
- /**
- * The Request.
- */
- private Document document;
- /**
- * List of mandate representatives as XML element.
- */
- private List representatives;
- /**
- * The mandator.
- */
- private Element mandator;
- /**
- * The representative.
- */
- private Element representative;
- /**
- * The signature to verify by the SZR-gateway
- */
- private Element signature;
- /**
- * Creates the CreateMandateRequest element that will
- * be sent to SZR-gateway
- *
- * @return the CreateMandateRequest element.
- */
- public Element toElement() throws SZRGWClientException{
- this.document = ParepUtils.createEmptyDocument();
- Element root = this.document.createElement(SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.CREATE_MANDATE_REQUEST);
- root.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
- root.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
- if (this.representative!=null) root.appendChild(this.document.importNode(this.representative, true));
- if (this.mandator!=null) root.appendChild(this.document.importNode(this.mandator, true));
- if (this.signature!=null) root.appendChild(this.document.importNode(this.signature, true));
- return root;
- }
- /**
- * Adds a representative.
- *
- * @param representative an XML representative to add.
- */
- public void addRepresentative(Element representative) {
- if (representatives == null) {
- representatives = new ArrayList();
- }
- representatives.add(representative);
- }
- /**
- * Gets the representative.
- *
- * @return the representative.
- */
- public Element getRepresentative() {
- return representative;
- }
- /**
- * Gets the mandator.
- *
- * @return the mandator.
- */
- public Element getMandator() {
- return mandator;
- }
- /**
- * Sets the mandator.
- *
- * @param mandator the mandator.
- */
- public void setMandator(Element mandator) {
- this.mandator = mandator;
- }
- /**
- * Sets the Mandator.
- *
- * @param familyName the family name of the mandator.
- */
- public void setMandator(String familyName, String givenName, String dateOfBirth,
- String postalCode, String municipality, String streetName, String buildingNumber, String unit,
- boolean physical, String cbFullName, String cbIdentificationType, String cbIdentificationValue) throws SZRGWClientException {
- Document mandatorDocument = ParepUtils.createEmptyDocument();
- Element mandatorElem = mandatorDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.MANDATOR);
-// mandatorElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
-/// mandatorElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
- if (physical) {
- Element physicalPersonElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.PHYSICALPERSON);
- physicalPersonElem.appendChild(createNameElem(mandatorDocument, givenName, familyName));
- physicalPersonElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.DATEOFBIRTH, dateOfBirth));
- mandatorElem.appendChild(physicalPersonElem);
- Element postalAddressElement = createPostalAddressElem(mandatorDocument, postalCode, municipality, streetName, buildingNumber, unit);
- if (null!=postalAddressElement) mandatorElem.appendChild(postalAddressElement);
- } else {
- Element corporateBodyElem = mandatorDocument.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.CORPORATEBODY);
- corporateBodyElem.appendChild(createIdentificationElem(mandatorDocument, cbIdentificationType, cbIdentificationValue));
- corporateBodyElem.appendChild(createPersonDataElem(mandatorDocument, SZRGWConstants.FULLNAME, cbFullName));
- mandatorElem.appendChild(corporateBodyElem);
- }
- this.mandator = mandatorElem;
- }
- private Element createPersonDataElem(Document document, String elementName, String elementValue) {
- Element elem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + elementName);
- Node value = document.createTextNode(elementValue);
- elem.appendChild(value);
- return elem;
- }
- private Element createIdentificationElem(Document document, String identificationType, String identificationValue) {
- Element identificationElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.IDENTIFICATION);
- identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.VALUE, identificationValue));
- identificationElem.appendChild(createPersonDataElem(document, SZRGWConstants.TYPE, identificationType));
- return identificationElem;
- }
- private Element createNameElem(Document document, String givenName, String familyName) {
- Element nameElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.NAME);
- nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.GIVENNAME, givenName));
- nameElem.appendChild(createPersonDataElem(document, SZRGWConstants.FAMILYNAME, familyName));
- return nameElem;
- }
- private Element createPostalAddressElem(Document document, String postalCode, String municipality, String streetName, String buildingNumber, String unit) {
- if (ParepUtils.isEmpty(postalCode) && ParepUtils.isEmpty(municipality) && ParepUtils.isEmpty(streetName)
- && ParepUtils.isEmpty(buildingNumber) && ParepUtils.isEmpty(unit)) return null;
- Element postalAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.POSTALADDRESS);
- if (!ParepUtils.isEmpty(postalCode)) {
- postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.POSTALCODE, postalCode));
- }
- if (!ParepUtils.isEmpty(municipality)) {
- postalAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.MUNICIPALITY, municipality));
- }
- if (!ParepUtils.isEmpty(streetName) || !ParepUtils.isEmpty(buildingNumber) || !ParepUtils.isEmpty(unit)) {
- Element deliveryAddressElem = document.createElementNS(Constants.PD_NS_URI, SZRGWConstants.PD_PREFIX + SZRGWConstants.DELIVERYADDRESS);
- if (!ParepUtils.isEmpty(streetName)) {
- deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.STREETNAME, streetName));
- }
- if (!ParepUtils.isEmpty(buildingNumber)) {
- deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.BUILDINGNUMBER, buildingNumber));
- }
- if (!ParepUtils.isEmpty(unit)) {
- deliveryAddressElem.appendChild(createPersonDataElem(document, SZRGWConstants.UNIT, unit));
- }
- postalAddressElem.appendChild(deliveryAddressElem);
- }
- return postalAddressElem;
- }
- /**
- * Sets the Representative.
- *
- * @param params InfoboxValidatorParams contain the data of the representative.
- * @param identificationType the type of the identification of the representative (has to be urn:publicid:gv.at:cdid).
- * @param identificationValue the identification value (bPK).
- */
- public void setRepresentative(InfoboxValidatorParams params, String identificationType, String identificationValue) throws SZRGWClientException {
- Document representativeDocument = ParepUtils.createEmptyDocument();
- Element representativeElem = representativeDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE);
-// representativeElem.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
-// representativeElem.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
- //Old Version 0.0.1 of SZR-Gateway
-// representativeElem.appendChild(createIdentificationElem(representativeDocument, identificationType, identificationValue));
-// representativeElem.appendChild(createNameElem(representativeDocument, params.getGivenName(), params.getFamilyName()));
-// representativeElem.appendChild(createPersonDataElem(representativeDocument, SZRGWConstants.DATEOFBIRTH, params.getDateOfBirth()));
- //New since version 0.0.2 of SZR-Gateway:
- // we need to send an identity link and must replace its identification value
- representativeElem.appendChild(representativeElem.getOwnerDocument().importNode(params.getIdentityLink(), true));
- try {
- Element nameSpaceNode = representativeElem.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX, Constants.PD_NS_URI);
- nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SAML_POSTFIX, Constants.SAML_NS_URI);
- nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.SZRGW_POSTFIX, SZRGWConstants.SZRGW_REQUEST_NS);
- Node identificationValueNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Value/text()", nameSpaceNode);
- if (identificationValueNode != null) {
- identificationValueNode.setNodeValue(identificationValue);
- } else {
- throw new SZRGWClientException("validator.63", null);
- }
- Node identificationTypeNode = XPathAPI.selectSingleNode(representativeElem, "descendant-or-self::" + SZRGWConstants.SZRGW_PREFIX + SZRGWConstants.REPRESENTATIVE + "/" +SZRGWConstants.SAML_PREFIX + "Assertion/saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person/pr:Identification/pr:Type/text()", nameSpaceNode);
- if (identificationTypeNode != null) {
- identificationTypeNode.setNodeValue(identificationType);
- } else {
- throw new SZRGWClientException("validator.63", null);
- }
- } catch (Exception e) {
- throw new SZRGWClientException("validator.63", null);
- }
- this.representative = representativeElem;
- }
- /**
- * @return the signature
- */
- public Element getSignature() {
- return signature;
- }
- /**
- * @param signature the signature to set
- */
- public void setSignature(Element signature) throws SZRGWClientException{
- Document signatureDocument = ParepUtils.createEmptyDocument();
- Element signatureElem = signatureDocument.createElementNS(SZRGWConstants.SZRGW_REQUEST_NS, SZRGWConstants.SZRGW_PREFIX + "Signature");
- //SZR-gateway takes the first Signature
- //signatureElem.setAttribute("SignatureLocation", "//saml:Assertion/dsig:Signature");
- signatureElem.appendChild(signatureDocument.importNode(signature, true));
- this.signature = signatureElem;
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
index 40867536c..e6b7dee34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/CreateMandateResponse.java
@@ -1,27 +1,49 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
index 2efde3188..0313814b1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SOAPConstants.java
@@ -1,27 +1,49 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
index e3457f4de..5522129c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClient.java
@@ -1,395 +1,417 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import javax.net.ssl.SSLSocketFactory;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.w3c.dom.Text;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
- * This class implements a client for communication with the SZR-gateway
- * <p>
- * Two types of requests are supported
- * <ol>
- * <li>Basic Request</li>
- * <li>Detailed Request</li>
- * </ol>
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWClient {
- /**
- * The URL of the SZR-gateway webservice.
- */
- private String address;
- /**
- * The SSL socket factory when using a secure connection.
- */
- private SSLSocketFactory sSLSocketFactory;
- /**
- * Constructor
- */
- public SZRGWClient() {
- }
- /**
- * Constructor
- *
- * @param address the URL of the SZR-gateway webservice.
- */
- public SZRGWClient(String address) {
- this.address = address;
- }
- /**
- * Sets the SSL socket factory.
- *
- * @param factory the SSL socket factory.
- */
- public void setSSLSocketFactory(SSLSocketFactory factory) {
- this.sSLSocketFactory = factory;
- }
- /**
- * Sets the SZR webservice URL
- *
- * @param address the URL of the SZR-gateway webservice.
- */
- public void setAddress(String address) {
- this.address = address;
- }
- /**
- * Creates a mandate.
- *
- * @param reqElem the request.
- * @return a SZR-gateway response containing the result
- * @throws SZRGWException when an error occurs creating the mandate.
- */
- public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
- //Logger.info("Connecting to SZR-gateway.");
- try {
- if (address == null) {
- throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
- }
- HttpClient client = new HttpClient();
- PostMethod method = new PostMethod(address);
- method.setRequestHeader("SOAPAction", "");
- // ssl settings
- if (sSLSocketFactory != null) {
- SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
- Protocol.registerProtocol("https", new Protocol("https", fac, 443));
- }
- // create soap body
- Element soapBody = getSOAPBody();
- Document doc = soapBody.getOwnerDocument();
- soapBody.appendChild(doc.importNode(reqElem, true));
- Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
- //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.serializeElementAsDocument(requestElement, bos);
- method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
- client.executeMethod(method);
- CreateMandateResponse response = new CreateMandateResponse();
- bos = new ByteArrayOutputStream();
- doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
- //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
- response.parse(doc.getDocumentElement());
- return response;
- } catch(Exception e) {
- //e.printStackTrace();
- throw new SZRGWClientException(e);
- }
- }
- /**
- * Gets a identity link.
- *
- * @param reqElem the request.
- * @return a SZR-gateway response containing the result
- * @throws SZRGWException when an error occurs creating the mandate.
- */
- public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException {
- try {
- if (address == null) {
- throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
- }
- HttpClient client = new HttpClient();
- PostMethod method = new PostMethod(address);
- method.setRequestHeader("SOAPAction", "");
- // ssl settings
- if (sSLSocketFactory != null) {
- SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
- Protocol.registerProtocol("https", new Protocol("https", fac, 443));
- }
- // create soap body
- Element soapBody = getSOAPBody();
- Document doc = soapBody.getOwnerDocument();
- soapBody.appendChild(doc.importNode(reqElem, true));
- Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
- //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
- ByteArrayOutputStream bos = new ByteArrayOutputStream();
- ParepUtils.serializeElementAsDocument(requestElement, bos);
- method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
- client.executeMethod(method);
- CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
- bos = new ByteArrayOutputStream();
- doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
- //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
- NodeList list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
- if (list.getLength() > 0) {
- // set error response
- list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
- String error = DOMUtils.getText(list.item(0));
- response.setError(error);
- }
- else {
- // set assertion
- DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- Document newdoc = builder.newDocument();
- Element nameSpaceNode = newdoc.createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
- nameSpaceNode.setAttribute("xmlns:" + Constants.SAML_PREFIX, Constants.SAML_NS_URI);
- Element samlAssertion = (Element)XPathAPI.selectSingleNode(doc, "//saml:Assertion[1]", nameSpaceNode);
- if (samlAssertion == null)
- throw new SZRGWClientException("Could not found a saml:Assertion element in response.");
- else
- response.setAssertion(samlAssertion);
- }
- return response;
- } catch(Exception e) {
- throw new SZRGWClientException(e);
- }
- }
- /*
- * builds an XML soap envelope
- */
- private Element getSOAPBody() throws SZRGWClientException {
- Document doc_;
- try {
- doc_ = ParepUtils.createEmptyDocument();
- Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
- doc_.appendChild(root);
- root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
- root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
- root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
- Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
- root.appendChild(body);
- return body;
- } catch (SZRGWClientException e) {
- throw new SZRGWClientException(e);
- }
- }
- public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
- String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
- try {
- DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.newDocument();
- Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
- getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
- doc.appendChild(getIdentityLink);
- if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
- Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
- getIdentityLink.appendChild(pepsDataElem);
- if (PEPSIdentifier != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSIdentifier);
- elem.appendChild(text);
- }
- if (PEPSFirstname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFirstname);
- elem.appendChild(text);
- }
- if (PEPSFamilyname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFamilyname);
- elem.appendChild(text);
- }
- if (PEPSDateOfBirth != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSDateOfBirth);
- elem.appendChild(text);
- }
- }
- if (signature == null)
- throw new SZRGWClientException("Signature element must not be null!");
- else {
- Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
- Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent");
- sig.appendChild(xmlcontent);
- Node n = doc.importNode(signature, true);
- getIdentityLink.appendChild(sig);
- xmlcontent.appendChild(n);
- }
- return doc;
- } catch (ParserConfigurationException e) {
- throw new SZRGWClientException(e);
- } /*catch (CertificateEncodingException e) {
- throw new SZRGWClientException(e);
- }*/
- }
- public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
- String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
- try {
- DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
- factory.setNamespaceAware(true);
- DocumentBuilder builder = factory.newDocumentBuilder();
- Document doc = builder.newDocument();
- Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
- getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
- doc.appendChild(getIdentityLink);
- if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
- Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
- getIdentityLink.appendChild(pepsDataElem);
- if (PEPSIdentifier != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSIdentifier);
- elem.appendChild(text);
- }
- if (PEPSFirstname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFirstname);
- elem.appendChild(text);
- }
- if (PEPSFamilyname != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSFamilyname);
- elem.appendChild(text);
- }
- if (PEPSDateOfBirth != null) {
- Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
- pepsDataElem.appendChild(elem);
- Text text= doc.createTextNode(PEPSDateOfBirth);
- elem.appendChild(text);
- }
- }
- if (signature == null)
- throw new SZRGWClientException("Signature element must not be null!");
- else {
- Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
- Element base64content = doc.createElementNS(SZRGW_NS, "szrgw:Base64Content");
- sig.appendChild(base64content);
- getIdentityLink.appendChild(sig);
- Text text= doc.createTextNode(signature);
- base64content.appendChild(text);
- }
- return doc;
- } catch (ParserConfigurationException e) {
- throw new SZRGWClientException(e);
- } /*catch (CertificateEncodingException e) {
- throw new SZRGWClientException(e);
- }*/
- }
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import javax.net.ssl.SSLSocketFactory;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.w3c.dom.Text;
+import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+ * This class implements a client for communication with the SZR-gateway
+ * <p>
+ * Two types of requests are supported
+ * <ol>
+ * <li>Basic Request</li>
+ * <li>Detailed Request</li>
+ * </ol>
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClient {
+ /**
+ * The URL of the SZR-gateway webservice.
+ */
+ private String address;
+ /**
+ * The SSL socket factory when using a secure connection.
+ */
+ private SSLSocketFactory sSLSocketFactory;
+ /**
+ * Constructor
+ */
+ public SZRGWClient() {
+ }
+ /**
+ * Constructor
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public SZRGWClient(String address) {
+ this.address = address;
+ }
+ /**
+ * Sets the SSL socket factory.
+ *
+ * @param factory the SSL socket factory.
+ */
+ public void setSSLSocketFactory(SSLSocketFactory factory) {
+ this.sSLSocketFactory = factory;
+ }
+ /**
+ * Sets the SZR webservice URL
+ *
+ * @param address the URL of the SZR-gateway webservice.
+ */
+ public void setAddress(String address) {
+ this.address = address;
+ }
+ /**
+ * Creates a mandate.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateMandateResponse createMandateResponse(Element reqElem) throws SZRGWClientException {
+ //Logger.info("Connecting to SZR-gateway.");
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+ //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+ client.executeMethod(method);
+ CreateMandateResponse response = new CreateMandateResponse();
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+ //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+ response.parse(doc.getDocumentElement());
+ return response;
+ } catch(Exception e) {
+ //e.printStackTrace();
+ throw new SZRGWClientException(e);
+ }
+ }
+ /**
+ * Gets a identity link.
+ *
+ * @param reqElem the request.
+ * @return a SZR-gateway response containing the result
+ * @throws SZRGWException when an error occurs creating the mandate.
+ */
+ public CreateIdentityLinkResponse createIdentityLinkResponse(Element reqElem) throws SZRGWClientException {
+ try {
+ if (address == null) {
+ throw new NullPointerException("Address (SZR-gateway ServiceURL) must not be null.");
+ }
+ HttpClient client = new HttpClient();
+ PostMethod method = new PostMethod(address);
+ method.setRequestHeader("SOAPAction", "");
+ // ssl settings
+ if (sSLSocketFactory != null) {
+ SZRGWSecureSocketFactory fac = new SZRGWSecureSocketFactory(sSLSocketFactory);
+ Protocol.registerProtocol("https", new Protocol("https", fac, 443));
+ }
+ // create soap body
+ Element soapBody = getSOAPBody();
+ Document doc = soapBody.getOwnerDocument();
+ soapBody.appendChild(doc.importNode(reqElem, true));
+ Element requestElement = soapBody.getOwnerDocument().getDocumentElement();
+ //ParepUtils.saveElementToFile(requestElement, new File("c:/temp/szrRequest.xml"));
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ParepUtils.serializeElementAsDocument(requestElement, bos);
+ method.setRequestBody(new ByteArrayInputStream(bos.toByteArray()));
+ client.executeMethod(method);
+ CreateIdentityLinkResponse response = new CreateIdentityLinkResponse();
+ bos = new ByteArrayOutputStream();
+ doc = ParepUtils.readDocFromIs(method.getResponseBodyAsStream());
+ //ParepUtils.saveElementToFile(doc.getDocumentElement(), new File("c:/temp/szrResponse.xml"));
+ NodeList list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "ErrorResponse");
+ if (list.getLength() > 0) {
+ // set error response
+ list = doc.getElementsByTagNameNS(SZRGWConstants.SZRGW_REQUEST_NS, "Info");
+ String error = DOMUtils.getText(list.item(0));
+ response.setError(error);
+ }
+ else {
+ // set assertion
+ DocumentBuilder builder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
+ Document newdoc = builder.newDocument();
+ Element nameSpaceNode = newdoc.createElement("NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ nameSpaceNode.setAttribute("xmlns:" + Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ Element samlAssertion = (Element)XPathAPI.selectSingleNode(doc, "//saml:Assertion[1]", nameSpaceNode);
+ if (samlAssertion == null)
+ throw new SZRGWClientException("Could not found a saml:Assertion element in response.");
+ else
+ response.setAssertion(samlAssertion);
+ }
+ return response;
+ } catch(Exception e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+ /*
+ * builds an XML soap envelope
+ */
+ private Element getSOAPBody() throws SZRGWClientException {
+ Document doc_;
+ try {
+ doc_ = ParepUtils.createEmptyDocument();
+ Element root = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.ENVELOPE);
+ doc_.appendChild(root);
+ root.setAttribute("xmlns" + SOAPConstants.SOAP_ENV_POSTFIX, SOAPConstants.SOAP_ENV_NS);
+ root.setAttribute("xmlns:xsd", "http://www.w3.org/2001/XMLSchema");
+ root.setAttribute("xmlns:xsi", "http://www.w3.org/2001/XMLSchema-instance");
+ Element body = doc_.createElementNS(SOAPConstants.SOAP_ENV_NS, SOAPConstants.SOAP_ENV_PREFIX + SOAPConstants.BODY);
+ root.appendChild(body);
+ return body;
+ } catch (SZRGWClientException e) {
+ throw new SZRGWClientException(e);
+ }
+ }
+ public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, Element signature) throws SZRGWClientException {
+ String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ try {
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+ Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
+ doc.appendChild(getIdentityLink);
+ if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
+ Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
+ getIdentityLink.appendChild(pepsDataElem);
+ if (PEPSIdentifier != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSIdentifier);
+ elem.appendChild(text);
+ }
+ if (PEPSFirstname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFirstname);
+ elem.appendChild(text);
+ }
+ if (PEPSFamilyname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFamilyname);
+ elem.appendChild(text);
+ }
+ if (PEPSDateOfBirth != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSDateOfBirth);
+ elem.appendChild(text);
+ }
+ }
+ if (signature == null)
+ throw new SZRGWClientException("Signature element must not be null!");
+ else {
+ Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
+ Element xmlcontent = doc.createElementNS(SZRGW_NS, "szrgw:XMLContent");
+ sig.appendChild(xmlcontent);
+ Node n = doc.importNode(signature, true);
+ getIdentityLink.appendChild(sig);
+ xmlcontent.appendChild(n);
+ }
+ return doc;
+ } catch (ParserConfigurationException e) {
+ throw new SZRGWClientException(e);
+ } /*catch (CertificateEncodingException e) {
+ throw new SZRGWClientException(e);
+ }*/
+ }
+ public Document buildGetIdentityLinkRequest(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature) throws SZRGWClientException {
+ String SZRGW_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ try {
+ DocumentBuilderFactory factory =DocumentBuilderFactory.newInstance();
+ factory.setNamespaceAware(true);
+ DocumentBuilder builder = factory.newDocumentBuilder();
+ Document doc = builder.newDocument();
+ Element getIdentityLink = doc.createElementNS(SZRGW_NS, "szrgw:GetIdentityLinkRequest");
+ getIdentityLink.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:szrgw", SZRGW_NS);
+ doc.appendChild(getIdentityLink);
+ if ( (PEPSIdentifier != null) || (PEPSFirstname != null) || (PEPSFamilyname != null) || (PEPSDateOfBirth != null) ) {
+ Element pepsDataElem = doc.createElementNS(SZRGW_NS, "szrgw:PEPSData");
+ getIdentityLink.appendChild(pepsDataElem);
+ if (PEPSIdentifier != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Identifier");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSIdentifier);
+ elem.appendChild(text);
+ }
+ if (PEPSFirstname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Firstname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFirstname);
+ elem.appendChild(text);
+ }
+ if (PEPSFamilyname != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:Familyname");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSFamilyname);
+ elem.appendChild(text);
+ }
+ if (PEPSDateOfBirth != null) {
+ Element elem = doc.createElementNS(SZRGW_NS, "szrgw:DateOfBirth");
+ pepsDataElem.appendChild(elem);
+ Text text= doc.createTextNode(PEPSDateOfBirth);
+ elem.appendChild(text);
+ }
+ }
+ if (signature == null)
+ throw new SZRGWClientException("Signature element must not be null!");
+ else {
+ Element sig = doc.createElementNS(SZRGW_NS, "szrgw:Signature");
+ Element base64content = doc.createElementNS(SZRGW_NS, "szrgw:Base64Content");
+ sig.appendChild(base64content);
+ getIdentityLink.appendChild(sig);
+ Text text= doc.createTextNode(signature);
+ base64content.appendChild(text);
+ }
+ return doc;
+ } catch (ParserConfigurationException e) {
+ throw new SZRGWClientException(e);
+ } /*catch (CertificateEncodingException e) {
+ throw new SZRGWClientException(e);
+ }*/
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
index 49198d79f..8e1f887f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWClientException.java
@@ -1,66 +1,88 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
- * This class implements the basic exception type for the SZR-gateway client
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWClientException extends Exception {
- /**
- *
- */
- private static final long serialVersionUID = 26538259471017714L;
- * see super constructor.
- */
- public SZRGWClientException() {
- super();
- }
- /*
- * see super constructor.
- */
- public SZRGWClientException(String arg0) {
- super(arg0);
- }
- /*
- * see super construction.
- */
- public SZRGWClientException(Throwable arg0) {
- super(arg0);
- }
- /*
- * see super constructor
- */
- public SZRGWClientException(String arg0, Throwable arg1) {
- super(arg0, arg1);
- }
+ * This class implements the basic exception type for the SZR-gateway client
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWClientException extends Exception {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 26538259471017714L;
+ * see super constructor.
+ */
+ public SZRGWClientException() {
+ super();
+ }
+ /*
+ * see super constructor.
+ */
+ public SZRGWClientException(String arg0) {
+ super(arg0);
+ }
+ /*
+ * see super construction.
+ */
+ public SZRGWClientException(Throwable arg0) {
+ super(arg0);
+ }
+ /*
+ * see super constructor
+ */
+ public SZRGWClientException(String arg0, Throwable arg1) {
+ super(arg0, arg1);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
index ab559aff9..b3c447009 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWConstants.java
@@ -1,78 +1,100 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
- * This interface specifies all the constants needed for the communication with the SZR-gateway.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public interface SZRGWConstants {
- //PersonData
- public static final String PD_PREFIX = "pr:";
- public static final String PD_POSTFIX = ":pr";
- public static final String PERSON = "Person";
- public static final String PHYSICALPERSON = "PhysicalPerson";
- public static final String CORPORATEBODY = "CorporateBody";
- public static final String IDENTIFICATION = "Identification";
- public static final String VALUE = "Value";
- public static final String TYPE = "Type";
- public static final String NAME = "Name";
- public static final String GIVENNAME = "GivenName";
- public static final String FAMILYNAME = "FamilyName";
- public static final String DATEOFBIRTH = "DateOfBirth";
- public static final String FULLNAME = "FullName";
- public static final String ORGANIZATION = "Organization";
- public static final String POSTALADDRESS = "PostalAddress";
- public static final String DELIVERYADDRESS = "DeliveryAddress";
- public static final String MUNICIPALITY = "Municipality";
- public static final String POSTALCODE = "PostalCode";
- public static final String STREETNAME = "StreetName";
- public static final String BUILDINGNUMBER = "BuildingNumber";
- public static final String UNIT = "Unit";
- //String ADDRESS = "Address";
- //String COUNTRYCODE = "CountryCode";
- //String DOORNUMBER = "DoorNumber";
- // SZR-gateway constants
- public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
- public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
- public static final String SZRGW_PREFIX = "sgw:";
- public static final String SZRGW_POSTFIX = ":sgw";
- public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
- public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
- public static final String ERROR_RESPONSE = "ErrorResponse";
- public static final String MANDATOR = "Mandator";
- public static final String REPRESENTATIVE = "Representative";
- public static final String MANDATE = "Mandate";
- public static final String MANDATE_PREFIX = "md:";
- public static final String MANDATE_POSTFIX = ":md";
- public static final String SAML_PREFIX = "saml:";
- public static final String SAML_POSTFIX = ":saml";
+ * This interface specifies all the constants needed for the communication with the SZR-gateway.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public interface SZRGWConstants {
+ //PersonData
+ public static final String PD_PREFIX = "pr:";
+ public static final String PD_POSTFIX = ":pr";
+ public static final String PERSON = "Person";
+ public static final String PHYSICALPERSON = "PhysicalPerson";
+ public static final String CORPORATEBODY = "CorporateBody";
+ public static final String IDENTIFICATION = "Identification";
+ public static final String VALUE = "Value";
+ public static final String TYPE = "Type";
+ public static final String NAME = "Name";
+ public static final String GIVENNAME = "GivenName";
+ public static final String FAMILYNAME = "FamilyName";
+ public static final String DATEOFBIRTH = "DateOfBirth";
+ public static final String FULLNAME = "FullName";
+ public static final String ORGANIZATION = "Organization";
+ public static final String POSTALADDRESS = "PostalAddress";
+ public static final String DELIVERYADDRESS = "DeliveryAddress";
+ public static final String MUNICIPALITY = "Municipality";
+ public static final String POSTALCODE = "PostalCode";
+ public static final String STREETNAME = "StreetName";
+ public static final String BUILDINGNUMBER = "BuildingNumber";
+ public static final String UNIT = "Unit";
+ //String ADDRESS = "Address";
+ //String COUNTRYCODE = "CountryCode";
+ //String DOORNUMBER = "DoorNumber";
+ // SZR-gateway constants
+ public static final String SZRGW_REQUEST_NS = "http://reference.e-government.gv.at/namespace/szrgw/20070807#";
+ public static final String MANDATE_NS = "http://reference.e-government.gv.at/namespace/mandates/20040701#";
+ public static final String SZRGW_PREFIX = "sgw:";
+ public static final String SZRGW_POSTFIX = ":sgw";
+ public static final String CREATE_MANDATE_REQUEST = "CreateMandateRequest";
+ public static final String CREATE_MANDATE_RESPONSE = "CreateMandateResponse";
+ public static final String ERROR_RESPONSE = "ErrorResponse";
+ public static final String MANDATOR = "Mandator";
+ public static final String REPRESENTATIVE = "Representative";
+ public static final String MANDATE = "Mandate";
+ public static final String MANDATE_PREFIX = "md:";
+ public static final String MANDATE_POSTFIX = ":md";
+ public static final String SAML_PREFIX = "saml:";
+ public static final String SAML_POSTFIX = ":saml";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
index 306384b53..fd16c1586 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/client/szrgw/SZRGWSecureSocketFactory.java
@@ -1,148 +1,170 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw;
-import java.io.IOException;
-import java.net.InetAddress;
-import java.net.Socket;
-import java.net.UnknownHostException;
-import javax.net.ssl.SSLSocketFactory;
-import org.apache.commons.httpclient.params.HttpConnectionParams;
-import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
- * This class implements a secure protocol socket factory
- * for the Apache HTTP client.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
- /**
- * The SSL socket factory.
- */
- private SSLSocketFactory factory;
- /**
- * Creates a new Secure socket factory for the
- * Apache HTTP client.
- *
- * @param factory the SSL socket factory to use.
- */
- public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
- this.factory = factory;
- }
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
- */
- public Socket createSocket(
- String host,
- int port,
- InetAddress clientHost,
- int clientPort)
- throws IOException, UnknownHostException {
- return this.factory.createSocket(
- host,
- port,
- clientHost,
- clientPort
- );
- }
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
- */
- public Socket createSocket(String host, int port)
- throws IOException, UnknownHostException {
- return this.factory.createSocket(
- host,
- port
- );
- }
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
- */
- public Socket createSocket(
- Socket socket,
- String host,
- int port,
- boolean autoClose)
- throws IOException, UnknownHostException {
- return this.factory.createSocket(
- socket,
- host,
- port,
- autoClose
- );
- }
- /**
- * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
- */
- public Socket createSocket(
- String host,
- int port,
- InetAddress clientHost,
- int clientPort,
- HttpConnectionParams params)
- throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
- Socket socket = createSocket(host, port, clientHost, clientPort);
- if (socket != null) {
- // socket.setKeepAlive(false);
- if (params.getReceiveBufferSize() >= 0)
- socket.setReceiveBufferSize(params.getReceiveBufferSize());
- if (params.getSendBufferSize() >= 0)
- socket.setSendBufferSize(params.getSendBufferSize());
- socket.setReuseAddress(true);
- if (params.getSoTimeout() >= 0)
- socket.setSoTimeout(params.getSoTimeout());
- }
- return socket;
- }
- /**
- * @see java.lang.Object#equals(java.lang.Object)
- */
- public boolean equals(Object obj) {
- return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
- }
- /**
- * @see java.lang.Object#hashCode()
- */
- public int hashCode() {
- return SZRGWSecureSocketFactory.class.hashCode();
- }
+import java.io.IOException;
+import java.net.InetAddress;
+import java.net.Socket;
+import java.net.UnknownHostException;
+import javax.net.ssl.SSLSocketFactory;
+import org.apache.commons.httpclient.params.HttpConnectionParams;
+import org.apache.commons.httpclient.protocol.SecureProtocolSocketFactory;
+ * This class implements a secure protocol socket factory
+ * for the Apache HTTP client.
+ *
+ * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
+ */
+public class SZRGWSecureSocketFactory implements SecureProtocolSocketFactory {
+ /**
+ * The SSL socket factory.
+ */
+ private SSLSocketFactory factory;
+ /**
+ * Creates a new Secure socket factory for the
+ * Apache HTTP client.
+ *
+ * @param factory the SSL socket factory to use.
+ */
+ public SZRGWSecureSocketFactory(SSLSocketFactory factory) {
+ this.factory = factory;
+ }
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ host,
+ port,
+ clientHost,
+ clientPort
+ );
+ }
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int)
+ */
+ public Socket createSocket(String host, int port)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ host,
+ port
+ );
+ }
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.net.Socket,java.lang.String,int,boolean)
+ */
+ public Socket createSocket(
+ Socket socket,
+ String host,
+ int port,
+ boolean autoClose)
+ throws IOException, UnknownHostException {
+ return this.factory.createSocket(
+ socket,
+ host,
+ port,
+ autoClose
+ );
+ }
+ /**
+ * @see SecureProtocolSocketFactory#createSocket(java.lang.String,int,java.net.InetAddress,int,org.apache.commons.httpclient.params.HttpConnectionParams)
+ */
+ public Socket createSocket(
+ String host,
+ int port,
+ InetAddress clientHost,
+ int clientPort,
+ HttpConnectionParams params)
+ throws IOException, UnknownHostException, org.apache.commons.httpclient.ConnectTimeoutException {
+ Socket socket = createSocket(host, port, clientHost, clientPort);
+ if (socket != null) {
+ // socket.setKeepAlive(false);
+ if (params.getReceiveBufferSize() >= 0)
+ socket.setReceiveBufferSize(params.getReceiveBufferSize());
+ if (params.getSendBufferSize() >= 0)
+ socket.setSendBufferSize(params.getSendBufferSize());
+ socket.setReuseAddress(true);
+ if (params.getSoTimeout() >= 0)
+ socket.setSoTimeout(params.getSoTimeout());
+ }
+ return socket;
+ }
+ /**
+ * @see java.lang.Object#equals(java.lang.Object)
+ */
+ public boolean equals(Object obj) {
+ return ((obj != null) && obj.getClass().equals(SZRGWSecureSocketFactory.class));
+ }
+ /**
+ * @see java.lang.Object#hashCode()
+ */
+ public int hashCode() {
+ return SZRGWSecureSocketFactory.class.hashCode();
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
deleted file mode 100644
index ee5a57914..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/config/ParepConfiguration.java
+++ /dev/null
@@ -1,436 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.auth.validator.parep.config;
-import java.io.File;
-import java.io.FileInputStream;
-import java.util.HashMap;
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
-import at.gv.egovernment.moa.id.auth.validator.parep.PartyRepresentative;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
-import at.gv.egovernment.moa.id.config.ConnectionParameter;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Constants;
- * This class implements the Configuration.
- *
- * @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
- */
-public class ParepConfiguration {
- //TODO: check correctness!!!!
- /**
-// * System property for config file.
-// */
-// public final static String PAREP_VALIDATOR_CONFIG = "parep.validator.config";
-// /**
-// * SZR-GW connection parameters.
-// */
-// private ConnectionParameter standardConnectionParameters;
-// /**
-// * Input field processor.
-// */
-// private String standardInputProcessorClass;
-// /**
-// * Input field processor template.
-// */
-// private String standardInputProcessorTemplate;
-// /**
-// * Configured party representatives.
-// */
-// private HashMap partyRepresentatives;
-// /**
-// * The configuration element.
-// */
-// private Element configElement = null;
-// /**
-// * Defines whether the user input form must be shown on each
-// * request or not (also predefined mandates)
-// */
-// private boolean alwaysShowForm = false;
-// /**
-// * The configuration base directory.
-// */
-// private String baseDir_;
-// /**
-// * Gets the SZR-GW connection parameters.
-// *
-// * @return the connection parameters.
-// */
-// public ConnectionParameter getConnectionParameters(String representationID) {
-// if (partyRepresentatives == null || "*".equals(representationID))
-// return standardConnectionParameters;
-// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
-// ConnectionParameter connectionParameters = pr.getConnectionParameters();
-// if (connectionParameters==null) connectionParameters = standardConnectionParameters;
-// return connectionParameters;
-// }
-// /**
-// * Sets the SZR-GW connection parameters for standard connection.
-// *
-// * @param connectionParameters
-// * the connection parameters.
-// */
-// public void setStandardConnectionParameters(ConnectionParameter connectionParameters) {
-// this.standardConnectionParameters = connectionParameters;
-// }
-// /*
-// *
-// */
-// public String getFullDirectoryName(String fileString) {
-// return makeAbsoluteURL(fileString, baseDir_);
-// }
-// /*
-// *
-// */
-// private static String makeAbsoluteURL(String url, String root) {
-// // if url is relative to rootConfigFileDirName make it absolute
-// File keyFile;
-// String newURL = url;
-// if (null == url)
-// return null;
-// if (url.startsWith("http:/") || url.startsWith("https:/") || url.startsWith("ftp:/") || url.startsWith("file:/") || url.startsWith("file:\\")) {
-// return url;
-// } else {
-// // check if absolute - if not make it absolute
-// keyFile = new File(url);
-// if (!keyFile.isAbsolute()) {
-// keyFile = new File(root, url);
-// newURL = keyFile.getPath();
-// }
-// return newURL;
-// }
-// }
-// /**
-// * Initializes the configuration with a given XML configuration element found
-// * in the MOA-ID configuration.
-// *
-// * @param configElem
-// * the configuration element.
-// * @throws ConfigurationException
-// * if an error occurs initializing the configuration.
-// */
-// public ParepConfiguration(Element configElem) throws ConfigurationException {
-// partyRepresentatives = new HashMap();
-// partyRepresentatives.put("*", new PartyRepresentative(true, true));
-// String fileName = System.getProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME);
-// try {
-// baseDir_ = (new File(fileName)).getParentFile().toURL().toString();
-// Logger.trace("Config base directory: " + baseDir_);
-// // check for configuration in system properties
-// if (System.getProperty(PAREP_VALIDATOR_CONFIG) != null) {
-// Document doc = ParepUtils.readDocFromIs(new FileInputStream(System.getProperty(PAREP_VALIDATOR_CONFIG)));
-// this.configElement = doc.getDocumentElement();
-// } else {
-// this.configElement = configElem;
-// }
-// } catch (Exception e) {
-// throw new ConfigurationException("Allgemeiner Fehler beim Einlesen der ParepValidatorConfiguration", null, e);
-// }
-// load();
-// }
-// /*
-// *
-// */
-// private void load() throws ConfigurationException {
-// Logger.debug("Parse ParepValidator Konfiguration");
-// try {
-// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
-// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
-// // nameSpaceNode.setAttribute("xmlns:sgw",
-// // SZRGWConstants.SZRGW_PROFILE_NS);
-// Node inputProcessorNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
-// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
-// if (inputProcessorNode != null) {
-// this.standardInputProcessorTemplate = ((Element) inputProcessorNode).getAttribute("template");
-// Node inputProcessorClassNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
-// + Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor/text()", nameSpaceNode);
-// if (inputProcessorClassNode != null) {
-// this.standardInputProcessorClass = inputProcessorClassNode.getNodeValue();
-// }
-// }
-// Node alwaysShowFormNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
-// + Constants.MOA_ID_CONFIG_PREFIX + ":AlwaysShowForm/text()", nameSpaceNode);
-// if (alwaysShowFormNode != null) {
-// this.setAlwaysShowForm(alwaysShowFormNode.getNodeValue());
-// }
-// // load connection parameters
-// Logger.debug("Lade SZR-Gateway Standard Verbindungsparameter");
-// Element connectionParamElement = (Element) XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
-// + Constants.MOA_ID_CONFIG_PREFIX + ":ConnectionParameter", nameSpaceNode);
-// if (connectionParamElement != null) {
-// // parse connection parameters
-// // ParepUtils.serializeElement(connectionParamElement, System.out);
-// this.standardConnectionParameters = buildConnectionParameter(connectionParamElement, nameSpaceNode);
-// }
-// Logger.trace("Lade Konfiguration der Parteienvertreter");
-// NodeList partyRepresentativeNodeList = XPathAPI.selectNodeList(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentation/"
-// + Constants.MOA_ID_CONFIG_PREFIX + ":PartyRepresentative", nameSpaceNode);
-// for (int i = 0; i < partyRepresentativeNodeList.getLength(); i++) {
-// PartyRepresentative partyRepresentative = new PartyRepresentative();
-// Element partyRepresentativeElement = (Element) partyRepresentativeNodeList.item(i);
-// boolean representPhysicalParty = partyRepresentativeElement.getAttribute("representPhysicalParty").equalsIgnoreCase("true") ? true : false;
-// boolean representCorporateParty = partyRepresentativeElement.getAttribute("representCorporateParty").equalsIgnoreCase("true") ? true : false;
-// partyRepresentative.setOid(partyRepresentativeElement.getAttribute("oid"));
-// partyRepresentative.setRepresentingPhysicalParty(representPhysicalParty);
-// partyRepresentative.setRepresentingCorporateParty(representCorporateParty);
-// partyRepresentative.setRepresentationText(partyRepresentativeElement.getAttribute("representationText"));
-// Node inputProcessorSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX + ":InputProcessor", nameSpaceNode);
-// if (inputProcessorSubNode != null) {
-// partyRepresentative.setInputProcessorTemplate(((Element) inputProcessorSubNode).getAttribute("template"));
-// Node inputProcessorClassSubNode = XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
-// + ":InputProcessor/text()", nameSpaceNode);
-// if (inputProcessorClassSubNode != null) {
-// partyRepresentative.setInputProcessorClass(inputProcessorClassSubNode.getNodeValue());
-// }
-// }
-// Element connectionParamSubElement = (Element) XPathAPI.selectSingleNode(partyRepresentativeElement, Constants.MOA_ID_CONFIG_PREFIX
-// + ":ConnectionParameter", nameSpaceNode);
-// if (connectionParamSubElement == null) {
-// if (this.standardConnectionParameters == null) {
-// throw new ConfigurationException("Fehler beim Parsen der ParepValidatorConfiguration: SZR-GW Verbindungsparameter zu Parteienvetreter "
-// + partyRepresentative.getOid() + " fehlen.", null, null);
-// }
-// } else {
-// // parse connection parameters
-// // ParepUtils.serializeElement(connectionParamSubElement, System.out);
-// partyRepresentative.setConnectionParameters(buildConnectionParameter(connectionParamSubElement, nameSpaceNode));
-// }
-// partyRepresentatives.put(partyRepresentative.getOid(), partyRepresentative);
-// Logger.debug("Parteienvertreter: " + partyRepresentative.getOid() + " erfolgreich konfiguriert (representPhysicalParty="
-// + partyRepresentative.isRepresentingPhysicalParty() + ", representCorporateParty=" + partyRepresentative.isRepresentingCorporateParty()
-// + ", representationText=" + partyRepresentative.getRepresentationText()
-// + ")");
-// }
-// Logger.debug("ParepValidator Konfiguration erfolgreich geparst.");
-// } catch (Exception e) {
-// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der MandateValidatorConfiguration", null, e);
-// }
-// }
-// /*
-// *
-// */
-// private ConnectionParameter buildConnectionParameter(Element connParamElement, Element nameSpaceNode) throws ConfigurationException {
-// try {
-// ConnectionParameter connectionParameter = new ConnectionParameter();
-// // parse connection url
-// String URL = connParamElement.getAttribute("URL");
-// connectionParameter.setUrl(URL);
-// // accepted server certificates
-// Node accServerCertsNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":AcceptedServerCertificates/text()",
-// nameSpaceNode);
-// if (accServerCertsNode != null) {
-// String serverCertsDir = getFullDirectoryName(accServerCertsNode.getNodeValue());
-// Logger.debug("Full directory name of accepted server certificates: " + serverCertsDir);
-// connectionParameter.setAcceptedServerCertificates(serverCertsDir);
-// }
-// // client key store
-// Node clientKeyStoreNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/text()", nameSpaceNode);
-// if (clientKeyStoreNode != null) {
-// String clientKeystore = getFullDirectoryName(clientKeyStoreNode.getNodeValue());
-// connectionParameter.setClientKeyStore(clientKeystore);
-// }
-// // client key store password
-// Node clientKeyStorePasswordNode = XPathAPI.selectSingleNode(connParamElement, Constants.MOA_ID_CONFIG_PREFIX + ":ClientKeyStore/@password",
-// nameSpaceNode);
-// if (clientKeyStorePasswordNode != null) {
-// connectionParameter.setClientKeyStorePassword(clientKeyStorePasswordNode.getNodeValue());
-// }
-// return connectionParameter;
-// } catch (Exception e) {
-// throw new ConfigurationException("Allgemeiner Fehler beim Parsen der ParepValidator ConnectionParameter.", null, e);
-// }
-// }
-// public boolean isPartyRepresentative(String representationID) {
-// if (partyRepresentatives == null)
-// return false;
-// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
-// return pr != null;
-// }
-// public boolean isRepresentingCorporateParty(String representationID) {
-// if (partyRepresentatives == null) return false;
-// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
-// if (pr == null) return false;
-// return pr.isRepresentingCorporateParty();
-// }
-// public boolean isRepresentingPhysicalParty(String representationID) {
-// if (partyRepresentatives == null) return false;
-// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
-// if (pr == null) return false;
-// return pr.isRepresentingPhysicalParty();
-// }
-// public String getRepresentationText(String representationID) {
-// String result = ParepValidator.STANDARD_REPRESENTATION_TEXT;
-// if (partyRepresentatives != null) {
-// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
-// if (pr != null) {
-// if (!ParepUtils.isEmpty(pr.getRepresentationText())) result = pr.getRepresentationText();
-// }
-// }
-// return result;
-// }
-// /**
-// * @return the input processor classname corresponding to <code>representationID</code>
-// * @param representationID
-// * the representation ID.
-// */
-// public String getInputProcessorClass(String representationID) {
-// String inputProcessorClass = standardInputProcessorClass;
-// if (ParepUtils.isEmpty(inputProcessorClass)) inputProcessorClass = ParepValidator.PAREP_INPUT_PROCESSOR;
-// if (!(partyRepresentatives == null || "*".equals(representationID))) {
-// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
-// if (pr!=null) {
-// String prInputProcessorClass = pr.getInputProcessorClass();
-// if (!ParepUtils.isEmpty(prInputProcessorClass)) inputProcessorClass = prInputProcessorClass;
-// }
-// }
-// return inputProcessorClass;
-// }
-// /**
-// * @param standardInputProcessorClass the standardInputProcessorClass to set
-// */
-// public void setStandardInputProcessorClass(String standardInputProcessorClass) {
-// this.standardInputProcessorClass = standardInputProcessorClass;
-// }
-// /**
-// * @return the InputProcessorTemplate
-// */
-// public String getInputProcessorTemplate(String representationID) {
-// String inputProcessorTemplate = standardInputProcessorTemplate;
-// if (ParepUtils.isEmpty(inputProcessorTemplate)) inputProcessorTemplate = ParepValidator.PAREP_INPUT_TEMPLATE;
-// if (!(partyRepresentatives == null || "*".equals(representationID))) {
-// PartyRepresentative pr = (PartyRepresentative) partyRepresentatives.get(representationID);
-// if (pr!=null) {
-// String prInputProcessorTemplate = pr.getInputProcessorTemplate();
-// if (!ParepUtils.isEmpty(prInputProcessorTemplate)) inputProcessorTemplate = prInputProcessorTemplate;
-// }
-// }
-// return inputProcessorTemplate;
-// }
-// /**
-// * @param standardInputProcessorTemplate the standardInputProcessorTemplate to set
-// */
-// public void setStandardInputProcessorTemplate(String standardInputProcessorTemplate) {
-// this.standardInputProcessorTemplate = standardInputProcessorTemplate;
-// }
-// /**
-// * @return the alwaysShowForm
-// */
-// public boolean isAlwaysShowForm() {
-// return alwaysShowForm;
-// }
-// /**
-// * @param alwaysShowForm the alwaysShowForm to set
-// */
-// public void setAlwaysShowForm(String alwaysShowForm) {
-// if (ParepUtils.isEmpty(alwaysShowForm)) {
-// this.alwaysShowForm = false;
-// } else {
-// this.alwaysShowForm = alwaysShowForm.equalsIgnoreCase("true");
-// }
-// }
-// public static boolean isMandateCompatibilityMode(Element configElement) throws ConfigurationException {
-// try {
-// if (configElement==null) return false;
-// Element nameSpaceNode = configElement.getOwnerDocument().createElement("NameSpaceNode");
-// nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
-// Node mandateCompatibilityNode = XPathAPI.selectSingleNode(configElement, Constants.MOA_ID_CONFIG_PREFIX + ":CompatibilityMode/text()", nameSpaceNode);
-// if (mandateCompatibilityNode != null && !ParepUtils.isEmpty(mandateCompatibilityNode.getNodeValue())) {
-// return mandateCompatibilityNode.getNodeValue().equalsIgnoreCase("true");
-// }
-// return false;
-// } catch (Exception e) {
-// throw new ConfigurationException("Allgemeiner Fehler beim Parsen des CompatibilityMode Parameters.", null, e);
-// }
-// }
-//// public static void main(String[] args) throws Exception {
-//// System.setProperty(PAREP_VALIDATOR_CONFIG, "c:/Doku/work/Organwalter/ConfigurationSnippetAppSpecific.xml");
-//// System.setProperty("moa.id.configuration", "c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/SampleMOAWIDConfiguration_withTestBKsProxy.xml");
-//// System.setProperty("log4j.configuration", "file:c:/workspace33moa/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/conf/moa-id/log4j.properties");
-//// Configuration cfg = new Configuration(null);
-//// System.out.println(cfg.getInputProcessorClass(""));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java
index d98c944de..f5ec72530 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/WrongParametersException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/LaxHostNameVerifier.java
@@ -1,5 +1,5 @@
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,34 +19,20 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.client;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
-package at.gv.egovernment.moa.id.auth;
+public class LaxHostNameVerifier implements HostnameVerifier {
-import at.gv.egovernment.moa.id.MOAIDException;
- * Exception thrown when the <code>AuthenticationServer</code> API is
- * called with wrong parameters provided.
- *
- * @author Paul Ivancsics
- * @version $Id$
- */
-public class WrongParametersException extends MOAIDException {
- /**
- *
+ /*
+ * (non-Javadoc)
+ * @see javax.net.ssl.HostnameVerifier#verify(java.lang.String, javax.net.ssl.SSLSession)
- private static final long serialVersionUID = -7501748998171109466L;
+ public boolean verify(String arg0, SSLSession arg1) {
+ return true;
+ }
- * Constructor
- */
- public WrongParametersException(String call, String parameter, String errorID) {
- super(errorID, new Object[] {call, parameter});
- //super("auth.05", new Object[] {call, parameter});
- //super("auth.12", new Object[] {call, parameter});
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
new file mode 100644
index 000000000..a9f41819d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClient.java
@@ -0,0 +1,103 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.client;
+import java.net.URL;
+import java.util.Map;
+import javax.net.ssl.SSLSocketFactory;
+import javax.xml.namespace.QName;
+import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.util.SSLUtils;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.wsdl.szrgw.SZRGWService;
+import at.gv.util.wsdl.szrgw.SZRGWType;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
+import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+import com.sun.xml.ws.developer.JAXWSProperties;
+import javax.xml.ws.BindingProvider;
+public class SZRGWClient {
+ private SSLSocketFactory sslContext = null;
+ public SZRGWClient(ConnectionParameter szrgwconnection) throws SZRGWClientException {
+ initial(szrgwconnection);
+ }
+ public CreateIdentityLinkResponse sentCreateIDLRequest(CreateIdentityLinkRequest request, String serviceUrl) throws SZRGWClientException {
+ MiscUtil.assertNotNull(request, "createIDLRequest");
+ MiscUtil.assertNotNull(serviceUrl, "serviceURL");
+ URL url = SZRGWClient.class.getResource("/resources/wsdl/szrgw/szrgw.wsdl");
+ SZRGWService service = new SZRGWService(url, new QName("http://reference.e-government.gv.at/namespace/szrgw/20070807/wsdl", "SZRGWService"));
+ SZRGWType port = service.getSZRGWPort();
+ BindingProvider bindingProvider = (BindingProvider) port;
+ Map<String, Object> requestContext = bindingProvider.getRequestContext();
+ requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, serviceUrl);
+ // check for ssl
+ if (serviceUrl.toLowerCase().startsWith("https")) {
+ Logger.trace("Using ssl for SZRGW client request.");
+ if (sslContext == null) {
+ throw new SZRGWClientException("SSL context from configuration is empty. Please configure an SSL context in the configuration first.", null);
+ }
+ requestContext.put(JAXWSProperties.SSL_SOCKET_FACTORY, sslContext);
+ // check for lax hostname
+ if (true) {
+ Logger.trace("LaxHostnameVerifier enabled. This setting is not recommended to use.");
+ requestContext.put(JAXWSProperties.HOSTNAME_VERIFIER, new LaxHostNameVerifier());
+ }
+ }
+ return port.szrgwOperation(request);
+ }
+ private void initial(ConnectionParameter szrgwconnection) throws at.gv.egovernment.moa.id.client.SZRGWClientException{
+ try {
+ sslContext = SSLUtils.getSSLSocketFactory(
+ AuthConfigurationProvider.getInstance(),
+ szrgwconnection);
+ } catch (Exception e) {
+ Logger.warn("SZRGW Client initialization FAILED.", e);
+ throw new SZRGWClientException("SZRGW Client initialization FAILED.", null);
+ }
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
new file mode 100644
index 000000000..d15ded8a8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/client/SZRGWClientException.java
@@ -0,0 +1,39 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.client;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+public class SZRGWClientException extends MOAIDException{
+ private static final long serialVersionUID = 1L;
+ public SZRGWClientException(String messageId, Object[] parameters) {
+ super(messageId, parameters);
+ }
+ public SZRGWClientException(SZRGWClientException e1) {
+ super("", null, e1);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
index b0525978d..a0223853a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -24,7 +46,7 @@
package at.gv.egovernment.moa.id.config;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
* Exception signalling an error in the configuration.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
index bf4952113..84265f4ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationProvider.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -72,7 +94,7 @@ public class ConfigurationProvider {
* configuration name (a <code>String</code>) to a configuration value (also a
* <code>String</code>).
- protected Map genericConfiguration;
+ protected Map<String, String> genericConfiguration;
/** The default chaining mode. */
protected String defaultChainingMode;
@@ -112,7 +134,7 @@ public class ConfigurationProvider {
* @return The mapping of generic configuration properties (a name to value
* mapping) from the configuration.
- public Map getGenericConfiguration() {
+ public Map<String, String> getGenericConfiguration() {
return genericConfiguration;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
index 65fda8396..a5ee41a9d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConfigurationUtils.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.config;
import java.io.IOException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
index b358a31c9..ccf2c5a57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameter.java
@@ -1,10 +1,32 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.config;
import java.util.Properties;
import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
-public abstract class ConnectionParameter {
+public abstract class ConnectionParameter implements ConnectionParameterInterface{
protected static final String PROP_IDENTIFIER_KEYSTORE = "clientKeyStore";
protected static final String PROP_IDENTIFIER_KEYSTOREPASSWORD = "clientKeyStorePassword";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
index 41d6959b1..a0b787ec5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterForeign.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.config;
import java.util.Properties;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java
new file mode 100644
index 000000000..8e95c106d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterInterface.java
@@ -0,0 +1,35 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.config;
+public interface ConnectionParameterInterface {
+ public boolean isHTTPSURL();
+ public String getUrl();
+ public String getAcceptedServerCertificates();
+ public String getClientKeyStore();
+ public String getClientKeyStorePassword();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
index 0e05633c8..3ba1ec6c3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMOASP.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.config;
import java.util.Properties;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
index 00b393b92..f6ca392d1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/ConnectionParameterMandate.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.config;
import java.util.Properties;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
index c1715d6fc..7e21c6667 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/OAParameter.java
@@ -1,40 +1,52 @@
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
+ *
* Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
* the European Commission - subsequent versions of the EUPL (the "Licence");
* You may not use this work except in compliance with the Licence.
* You may obtain a copy of the Licence at:
* http://www.osor.eu/eupl/
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the Licence is distributed on an "AS IS" basis,
* See the Licence for the specific language governing permissions and
* limitations under the Licence.
- *
+ *
* This product combines work with different licenses. See the "NOTICE" text
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria MOA-ID has been developed in a cooperation between
+ * BRZ, the Federal Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at: http://www.osor.eu/eupl/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence. This product combines work with different licenses. See the "NOTICE" text file for
+ * details on the various modules and licenses. The "NOTICE" text file is part of the distribution.
+ * Any derivative works that you distribute must include a readable copy of the "NOTICE" text file.
package at.gv.egovernment.moa.id.config;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
- * Configuration parameters belonging to an online application,
- * to be used within both, the MOA ID Auth and the
- * MOA ID PROXY component.
+ * Configuration parameters belonging to an online application, to be used within both, the MOA ID
+ * Auth and the MOA ID PROXY component.
* @author Harald Bratko
public class OAParameter {
public OAParameter(OnlineApplication oa) {
this.oaType = oa.getType();
@@ -52,58 +64,80 @@ public class OAParameter {
this.targetFriendlyName = oa.getTargetFriendlyName();
+ this.removePBKFromAuthblock = oa.isRemoveBPKFromAuthBlock();
+ this.oAuth20Config = oa.getAuthComponentOA().getOAOAUTH20();
- /**
- * type of the online application (maybe "PublicService" or "BusinessService")
- */
- private String oaType;
- /**
- * specifies whether the online application is a business application or not
- * (<code>true</code> if value of {@link #oaType} is "businessService"
- */
- private boolean businessService;
- /**
- * public URL prefix of the online application
- */
- private String publicURLPrefix;
- /**
- * specifies a human readable name of the Online Application
- */
- private String friendlyName;
- /**
- * specified a specific target for the Online Application (overwrites the target in der request)
- */
- private String target;
- /**
- * specifies a friendly name for the target
- */
- private String targetFriendlyName;
+ /**
+ * type of the online application (maybe "PublicService" or "BusinessService")
+ */
+ private String oaType;
+ /**
+ * specifies whether the online application is a business application or not (<code>true</code>
+ * if value of {@link #oaType} is "businessService"
+ */
+ private boolean businessService;
+ /**
+ * public URL prefix of the online application
+ */
+ private String publicURLPrefix;
+ /**
+ * specifies a human readable name of the Online Application
+ */
+ private String friendlyName;
+ /**
+ * specified a specific target for the Online Application (overwrites the target in der request)
+ */
+ private String target;
+ /**
+ * specifies a friendly name for the target
+ */
+ private String targetFriendlyName;
+ private boolean removePBKFromAuthblock;
+ /**
+ * Contains the oAuth 2.0 configuration (client id, secret and redirect uri)
+ */
+ private OAOAUTH20 oAuth20Config;
public String getOaType() {
return oaType;
public boolean getBusinessService() {
return businessService;
public String getPublicURLPrefix() {
return publicURLPrefix;
public String getFriendlyName() {
return friendlyName;
public String getTarget() {
return target;
public String getTargetFriendlyName() {
return targetFriendlyName;
+ public boolean isRemovePBKFromAuthBlock() {
+ return removePBKFromAuthblock;
+ }
+ public OAOAUTH20 getoAuth20Config() {
+ return oAuth20Config;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
index e515152dd..c31666bbb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetToSectorNameMapper.java
@@ -1,27 +1,49 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
@@ -36,7 +58,7 @@ import java.util.Map;
public class TargetToSectorNameMapper implements TargetsAndSectorNames {
- private static Map targetMap = new HashMap(41);
+ private static Map<String, String> targetMap = new HashMap<String, String>(41);
static {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
index a2962e4b2..fda3ea506 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/TargetsAndSectorNames.java
@@ -1,27 +1,49 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
new file mode 100644
index 000000000..1674715d1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigLoader.java
@@ -0,0 +1,78 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.config.auth;
+import java.util.Date;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.logging.Logger;
+public class AuthConfigLoader implements Runnable {
+ private static final long INTERVAL = 60; // 60 sec
+ public void run() {
+ while (true) {
+ try {
+ Thread.sleep(INTERVAL * 1000);
+ Logger.info("check for new config.");
+ MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ Date dbdate = moaidconfig.getTimestampItem();
+ Date pvprefresh = moaidconfig.getPvp2RefreshItem();
+ Date date = AuthConfigurationProvider.getTimeStamp();
+ if (dbdate != null && dbdate.after(date)) {
+ AuthConfigurationProvider instance = AuthConfigurationProvider.getInstance();
+ instance.reloadDataBaseConfig();
+ }
+ Date pvpdate = MOAMetadataProvider.getTimeStamp();
+ if (pvprefresh != null && pvpdate != null && pvprefresh.after(pvpdate)) {
+ MOAMetadataProvider.reInitialize();
+ }
+ } catch (Throwable e) {
+ Logger.warn("MOA-ID Configuration is actually not loadable. Reuse old configuration.", e);
+ } finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ }
+ }
+ public static void start() {
+ // start the session cleanup thread
+ Thread configLoader = new Thread(new AuthConfigLoader());
+ configLoader.setName("ConfigurationLoader");
+ configLoader.setDaemon(true);
+ configLoader.setPriority(Thread.MIN_PRIORITY);
+ configLoader.start();
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 28288815a..69a73215a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -24,39 +46,34 @@
package at.gv.egovernment.moa.id.config.auth;
-import iaik.security.cipher.AESKeyGenerator;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.net.MalformedURLException;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
import java.util.ArrayList;
+import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.NoSuchPaddingException;
import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import org.hibernate.cfg.Configuration;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
+import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentityLinkSigners;
@@ -77,9 +94,10 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyAuthBlock;
import at.gv.egovernment.moa.id.commons.db.dao.config.VerifyIdentityLink;
import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
-import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
+import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
@@ -87,6 +105,7 @@ import at.gv.egovernment.moa.id.config.ConnectionParameter;
import at.gv.egovernment.moa.id.config.ConnectionParameterForeign;
import at.gv.egovernment.moa.id.config.ConnectionParameterMOASP;
import at.gv.egovernment.moa.id.config.ConnectionParameterMandate;
+import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
import at.gv.egovernment.moa.logging.Logger;
@@ -113,8 +132,8 @@ import eu.stork.vidp.messages.common.STORKBootstrap;
public class AuthConfigurationProvider extends ConfigurationProvider {
- /** DEFAULT_ENCODING is "UTF-8" */
- private static final String DEFAULT_ENCODING="UTF-8";
+// /** DEFAULT_ENCODING is "UTF-8" */
+// private static final String DEFAULT_ENCODING="UTF-8";
* The name of the generic configuration property giving the authentication session time out.
@@ -184,9 +203,12 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
private static List<String> IdentityLinkX509SubjectNames = new ArrayList<String>();
private static Map<String, String> SLRequestTemplates = new HashMap<String, String>();
+ private static Map<String, String> DefaultBKUURLs = new HashMap<String, String>();
private static SSO ssoconfig = null;
+ private static Date date = null;
* Return the single instance of configuration data.
@@ -202,6 +224,10 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return instance;
+ public static Date getTimeStamp() {
+ return date;
+ }
* Reload the configuration data and set it if successful.
@@ -244,7 +270,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
try {
//Initial Hibernate Framework
Logger.trace("Initializing Hibernate framework.");
//Load MOAID-2.0 properties file
File propertiesFile = new File(fileName);
FileInputStream fis;
@@ -264,12 +290,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
fis = new FileInputStream(propertiesFile);
- //TODO: maybe some general hibnerate config!!!
// read MOAID Session Hibernate properties
Properties moaSessionProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "moasession.";
- if (key.toString().startsWith(propPrefix)) {
+ if (key.toString().startsWith(propPrefix+"hibernate")) {
String propertyName = key.toString().substring(propPrefix.length());
moaSessionProp.put(propertyName, props.get(key.toString()));
@@ -279,11 +304,21 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Properties configProp = new Properties();
for (Object key : props.keySet()) {
String propPrefix = "configuration.";
- if (key.toString().startsWith(propPrefix)) {
+ if (key.toString().startsWith(propPrefix+"hibernate")) {
String propertyName = key.toString().substring(propPrefix.length());
configProp.put(propertyName, props.get(key.toString()));
+ // read advanced logging properties
+ Properties statisticProps = new Properties();
+ for (Object key : props.keySet()) {
+ String propPrefix = "advancedlogging.";
+ if (key.toString().startsWith(propPrefix+"hibernate")) {
+ String propertyName = key.toString().substring(propPrefix.length());
+ statisticProps.put(propertyName, props.get(key.toString()));
+ }
+ }
// initialize hibernate
synchronized (AuthConfigurationProvider.class) {
@@ -297,9 +332,20 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
+ config.addAnnotatedClass(ExceptionStore.class);
MOASessionDBUtils.initHibernate(config, moaSessionProp);
+ //initial advanced logging
+ if (isAdvancedLoggingActive()) {
+ Logger.info("Advanced statistic log is activated, starting initialization process ...");
+ Configuration statisticconfig = new Configuration();
+ statisticconfig.addAnnotatedClass(StatisticLog.class);
+ statisticconfig.addProperties(statisticProps);
+ StatisticLogDBUtils.initHibernate(statisticconfig, statisticProps);
+ Logger.info("Advanced statistic log is initialized.");
+ }
Logger.trace("Hibernate initialization finished.");
@@ -383,6 +429,16 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.info("XML Configuration load is completed.");
+ reloadDataBaseConfig();
+ } catch (Throwable t) {
+ throw new ConfigurationException("config.02", null, t);
+ }
+ }
+ public synchronized void reloadDataBaseConfig() throws ConfigurationException {
Logger.info("Read MOA-ID 2.0 configuration from database.");
moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
Logger.info("MOA-ID 2.0 is loaded.");
@@ -391,27 +447,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Logger.warn("NO MOA-ID configuration found.");
throw new ConfigurationException("config.18", null);
-// //TODO: only for Testing!!!
-// if (MiscUtil.isNotEmpty(xmlconfigout)) {
-// Logger.info("Write MOA-ID 2.x xml config into " + xmlconfig);
-// JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
-// Marshaller m = jc.createMarshaller();
-// m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
-// File test = new File(xmlconfigout);
-// m.marshal(moaidconfig, test);
-// }
//build STORK Config
AuthComponentGeneral auth = getAuthComponentGeneral();
ForeignIdentities foreign = auth.getForeignIdentities();
if (foreign == null ) {
Logger.warn("Error in MOA-ID Configuration. No STORK configuration found.");
- } else
- storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
+ }
+ //TODO: commented because npe was thrown
+ //else
+ //storkconfig = new STORKConfig(foreign.getSTORK(), props, rootConfigFileDir);
//load Chaining modes
@@ -431,41 +477,41 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
throw new ConfigurationException("config.02", null);
- //set Trusted CA certs directory
- trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
+ //set Trusted CA certs directory
+ trustedCACertificates = rootConfigFileDir + moaidconfig.getTrustedCACertificates();
- //set CertStoreDirectory
- setCertStoreDirectory();
- //set TrustManagerRevocationChecking
- setTrustManagerRevocationChecking();
- //set TimeOuts
+ //set CertStoreDirectory
+ setCertStoreDirectory();
+ //set TrustManagerRevocationChecking
+ setTrustManagerRevocationChecking();
+ //set TimeOuts
if (auth.getGeneralConfiguration() != null) {
- if (auth.getGeneralConfiguration().getTimeOuts() != null) {
- timeouts = new TimeOuts();
- if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
- timeouts.setAssertion(new BigInteger("120"));
- else
- timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
- timeouts.setMOASessionCreated(new BigInteger("2700"));
- else
- timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
- if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
- timeouts.setMOASessionUpdated(new BigInteger("1200"));
- else
- timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
- }
- }
- else {
- Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
- throw new ConfigurationException("config.02", null);
- }
+ if (auth.getGeneralConfiguration().getTimeOuts() != null) {
+ timeouts = new TimeOuts();
+ if (auth.getGeneralConfiguration().getTimeOuts().getAssertion() == null)
+ timeouts.setAssertion(new BigInteger("120"));
+ else
+ timeouts.setAssertion(auth.getGeneralConfiguration().getTimeOuts().getAssertion());
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated() == null)
+ timeouts.setMOASessionCreated(new BigInteger("2700"));
+ else
+ timeouts.setMOASessionCreated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated());
+ if (auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated() == null)
+ timeouts.setMOASessionUpdated(new BigInteger("1200"));
+ else
+ timeouts.setMOASessionUpdated(auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated());
+ }
+ }
+ else {
+ Logger.warn("Error in MOA-ID Configuration. No TimeOuts defined.");
+ throw new ConfigurationException("config.02", null);
+ }
//set PVP2 general config
Protocols protocols = auth.getProtocols();
if (protocols != null) {
@@ -490,10 +536,11 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
Contact c = new Contact();
- c.setMail(e.getMail());
- c.setPhone(e.getPhone());
+ c.getMail().addAll(e.getMail());
+ c.getPhone().addAll(e.getPhone());
+ cont.add(c);
@@ -504,6 +551,33 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//set alternativeSourceID
if (auth.getGeneralConfiguration() != null)
alternativesourceid = auth.getGeneralConfiguration().getAlternativeSourceID();
+ // sets the authentication session and authentication data time outs
+ BigInteger param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionCreated();
+ if (param != null) {
+ long sessionTimeOut = param.longValue();
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutCreated(sessionTimeOut);
+ }
+ param = auth.getGeneralConfiguration().getTimeOuts().getMOASessionUpdated();
+ if (param != null) {
+ long sessionTimeOut = param.longValue();
+ if (sessionTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsSessionTimeOutUpdated(sessionTimeOut);
+ }
+ param = auth.getGeneralConfiguration().getTimeOuts().getAssertion();
+ if (param != null) {
+ long authDataTimeOut = param.longValue();
+ if (authDataTimeOut > 0)
+ AuthenticationServer.getInstance()
+ .setSecondsAuthDataTimeOut(authDataTimeOut);
+ }
else {
Logger.warn("Error in MOA-ID Configuration. No GeneralConfig defined.");
throw new ConfigurationException("config.02", null);
@@ -577,14 +651,22 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
//set IdentityLinkSignerSubjectNames
+ IdentityLinkX509SubjectNames = new ArrayList<String>();
IdentityLinkSigners idlsigners = auth.getIdentityLinkSigners();
if (idlsigners != null) {
- IdentityLinkX509SubjectNames = new ArrayList<String>(idlsigners.getX509SubjectName());
- } else {
- Logger.warn("Warning in MOA-ID Configuration. No IdenitiyLink signer found.");
- }
+ Logger.debug("Load own IdentityLinkX509SubjectNames");
+ IdentityLinkX509SubjectNames.addAll(new ArrayList<String>(idlsigners.getX509SubjectName()));
+ }
+ // now add the default identity link signers
+ String[] identityLinkSignersWithoutOID = MOAIDAuthConstants.IDENTITY_LINK_SIGNERS_WITHOUT_OID;
+ for (int i=0; i<identityLinkSignersWithoutOID.length; i++) {
+ String identityLinkSigner = identityLinkSignersWithoutOID[i];
+ if (!IdentityLinkX509SubjectNames.contains(identityLinkSigner)) {
+ IdentityLinkX509SubjectNames.add(identityLinkSigner);
+ }
+ }
//set SLRequestTemplates
SLRequestTemplates templ = moaidconfig.getSLRequestTemplates();
if (templ == null) {
@@ -596,6 +678,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
SLRequestTemplates.put(OAAuthParameter.HANDYBKU, templ.getHandyBKU());
+ //set Default BKU URLS
+ DefaultBKUs bkuuls = moaidconfig.getDefaultBKUs();
+ if (bkuuls != null) {
+ DefaultBKUURLs.put(OAAuthParameter.ONLINEBKU, bkuuls.getOnlineBKU());
+ DefaultBKUURLs.put(OAAuthParameter.LOCALBKU, bkuuls.getLocalBKU());
+ DefaultBKUURLs.put(OAAuthParameter.HANDYBKU, bkuuls.getHandyBKU());
+ }
//set SSO Config
if (auth.getSSO()!= null) {
ssoconfig = new SSO();
@@ -613,20 +703,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
} else {
Logger.warn("Error in MOA-ID Configuration. No Single Sign-On Config found");
//close Database
- } catch (Throwable t) {
- throw new ConfigurationException("config.02", null, t);
- }
- }
+ date = new Date();
+ }
- public Properties getGeneralPVP2ProperiesConfig() {
+ private Properties getGeneralProperiesConfig(final String propPrefix) {
Properties configProp = new Properties();
for (Object key : props.keySet()) {
- String propPrefix = "protocols.pvp2.";
if (key.toString().startsWith(propPrefix)) {
String propertyName = key.toString().substring(propPrefix.length());
configProp.put(propertyName, props.get(key.toString()));
@@ -635,6 +722,14 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return configProp;
+ public Properties getGeneralPVP2ProperiesConfig() {
+ return this.getGeneralProperiesConfig("protocols.pvp2.");
+ }
+ public Properties getGeneralOAuth20ProperiesConfig() {
+ return this.getGeneralProperiesConfig("protocols.oauth20.");
+ }
public PVP2 getGeneralPVP2DBConfig() {
return pvp2general;
@@ -769,6 +864,21 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
+ public List<String> getDefaultBKUURLs() throws ConfigurationException {
+ return new ArrayList<String>(DefaultBKUURLs.values());
+ }
+ public String getDefaultBKUURL(String type) throws ConfigurationException {
+ String el = DefaultBKUURLs.get(type);
+ if (MiscUtil.isNotEmpty(el))
+ return el;
+ else {
+ Logger.warn("getSLRequestTemplates: BKU Type does not match: "
+ + OAAuthParameter.ONLINEBKU + " or " + OAAuthParameter.HANDYBKU + " or " + OAAuthParameter.LOCALBKU);
+ return null;
+ }
+ }
public boolean isSSOBusinessService() throws ConfigurationException {
if (ssoconfig != null && ssoconfig.getIdentificationNumber() != null)
@@ -831,22 +941,44 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
public boolean isIdentityLinkResigning() {
- String prop = props.getProperty("configuration.resignidentitylink", "false");
- if (Boolean.valueOf(prop))
- return true;
- else
- return false;
+ String prop = props.getProperty("configuration.resignidentitylink.active", "false");
+ return Boolean.valueOf(prop);
public String getIdentityLinkResigningKey() {
- String prop = props.getProperty("configuration.resignidentitylink.keygroup");
+ String prop = props.getProperty("configuration.resignidentitylink.keygroup");
if (MiscUtil.isNotEmpty(prop))
return prop;
return null;
+ public boolean isMonitoringActive() {
+ String prop = props.getProperty("configuration.monitoring.active", "false");
+ return Boolean.valueOf(prop);
+ }
+ public String getMonitoringTestIdentityLinkURL() {
+ String prop = props.getProperty("configuration.monitoring.test.identitylink.url");
+ if (MiscUtil.isNotEmpty(prop))
+ return prop;
+ else
+ return null;
+ }
+ public String getMonitoringMessageSuccess() {
+ String prop = props.getProperty("configuration.monitoring.message.success");
+ if (MiscUtil.isNotEmpty(prop))
+ return prop;
+ else
+ return null;
+ }
+ public boolean isAdvancedLoggingActive() {
+ String prop = props.getProperty("configuration.advancedlogging.active", "false");
+ return Boolean.valueOf(prop);
+ }
* Retruns the STORK Configuration
* @return STORK Configuration
@@ -879,7 +1011,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
- private AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
+ private static AuthComponentGeneral getAuthComponentGeneral() throws ConfigurationException {
AuthComponentGeneral authgeneral = moaidconfig.getAuthComponentGeneral();
if (authgeneral == null) {
Logger.warn("Error in MOA-ID Configuration. No generalAuthConfiguration found");
@@ -888,7 +1020,7 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return authgeneral;
- private MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
+ private static MOASP getMOASPConfig(AuthComponentGeneral authgeneral) throws ConfigurationException {
MOASP moasp = authgeneral.getMOASP();
if (moasp == null) {
@@ -897,4 +1029,5 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return moasp;
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index c62594d6f..aa886626a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -25,9 +47,12 @@
package at.gv.egovernment.moa.id.config.auth;
import java.util.ArrayList;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.IdentificationNumber;
import at.gv.egovernment.moa.id.commons.db.dao.config.Mandates;
@@ -40,7 +65,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TemplatesType;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
import eu.stork.vidp.messages.builder.STORKMessagesBuilder;
import eu.stork.vidp.messages.common.STORKConstants;
import eu.stork.vidp.messages.stork.QualityAuthenticationAssuranceLevel;
@@ -92,31 +119,6 @@ public class OAAuthParameter extends OAParameter {
private String keyBoxIdentifier;
- * @return the slVersion
- */
-public String getSlVersion() {
- return oa_auth.getSlVersion();
- * @return the slVersion12
- */
-public boolean isSlVersion12() {
- if ("1.2".equals(oa_auth.getSlVersion()))
- return true;
- else
- return false;
- }
-public boolean getUseUTC() {
- return oa_auth.isUseUTC();
-public boolean useIFrame() {
- return oa_auth.isUseIFrame();
* @return the identityLinkDomainIdentifier
public String getIdentityLinkDomainIdentifier() {
@@ -153,13 +155,6 @@ public List<String> getTransformsInfos() {
return oa_auth.getOAPVP2();
-// * @return the bkuSelectionTemplateURL
-// */
-//public String getBkuSelectionTemplateURL() {
-// return bkuSelectionTemplateURL;
* @return the templateURL
@@ -241,20 +236,6 @@ public List<String> getTransformsInfos() {
return null;
-// * @return the inputProcessorSignTemplateURL
-// */
-//public String getInputProcessorSignTemplateURL() {
-// return inputProcessorSignTemplateURL;
-// * @return the verifyInfoboxParameters
-// */
-//public VerifyInfoboxParameters getVerifyInfoboxParameters() {
-// return verifyInfoboxParameters;
* @return the mandateProfiles
@@ -279,6 +260,76 @@ public String getIdentityLinkDomainIdentifierType() {
return null;
+public boolean isShowMandateCheckBox() {
+ TemplatesType templates = oa_auth.getTemplates();
+ if (templates != null) {
+ BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization();
+ if (bkuselection != null) {
+ if (bkuselection.isMandateLoginButton() != null)
+ return bkuselection.isMandateLoginButton();
+ }
+ }
+ return true;
+public boolean isOnlyMandateAllowed() {
+ TemplatesType templates = oa_auth.getTemplates();
+ if (templates != null) {
+ BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization();
+ if (bkuselection != null) {
+ if (bkuselection.isOnlyMandateLoginAllowed() != null)
+ return bkuselection.isOnlyMandateLoginAllowed();
+ }
+ }
+ return false;
+public Map<String, String> getFormCustomizaten() {
+ TemplatesType templates = oa_auth.getTemplates();
+ Map<String, String> map = new HashMap<String, String>();
+ map.putAll(FormBuildUtils.getDefaultMap());
+ if (templates != null) {
+ BKUSelectionCustomizationType bkuselection = templates.getBKUSelectionCustomization();
+ if (bkuselection != null) {
+ if (MiscUtil.isNotEmpty(bkuselection.getBackGroundColor()))
+ map.put(FormBuildUtils.MAIN_BACKGROUNDCOLOR, bkuselection.getBackGroundColor());
+ if (MiscUtil.isNotEmpty(bkuselection.getButtonBackGroundColor()))
+ map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR, bkuselection.getButtonBackGroundColor());
+ if (MiscUtil.isNotEmpty(bkuselection.getButtonBackGroundColorFocus()))
+ map.put(FormBuildUtils.BUTTON_BACKGROUNDCOLOR_FOCUS, bkuselection.getButtonBackGroundColorFocus());
+ if (MiscUtil.isNotEmpty(bkuselection.getButtonFontColor()))
+ map.put(FormBuildUtils.BUTTON_COLOR, bkuselection.getButtonFontColor());
+ if (MiscUtil.isNotEmpty(bkuselection.getFontType()))
+ map.put(FormBuildUtils.FONTFAMILY, bkuselection.getFontType());
+ if (MiscUtil.isNotEmpty(bkuselection.getFrontColor()))
+ map.put(FormBuildUtils.MAIN_COLOR, bkuselection.getFrontColor());
+ if (MiscUtil.isNotEmpty(bkuselection.getHeaderBackGroundColor()))
+ map.put(FormBuildUtils.HEADER_BACKGROUNDCOLOR, bkuselection.getHeaderBackGroundColor());
+ if (MiscUtil.isNotEmpty(bkuselection.getHeaderFrontColor()))
+ map.put(FormBuildUtils.HEADER_COLOR, bkuselection.getHeaderFrontColor());
+ if (MiscUtil.isNotEmpty(bkuselection.getHeaderText()))
+ map.put(FormBuildUtils.HEADER_TEXT, bkuselection.getHeaderText());
+ if (MiscUtil.isNotEmpty(bkuselection.getAppletRedirectTarget()))
+ map.put(FormBuildUtils.REDIRECTTARGET, bkuselection.getAppletRedirectTarget());
+ }
+ }
+ return map;
* @return the qaaLevel
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
deleted file mode 100644
index 41d4d4fae..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameter.java
+++ /dev/null
@@ -1,411 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config.auth;
-import java.io.IOException;
-import java.util.Iterator;
-import java.util.List;
-import javax.xml.transform.TransformerException;
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.auth.data.Schema;
-import at.gv.egovernment.moa.util.Constants;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StringUtils;
- * This class is a container for parameters that maybe needed for verifying an infobox.
- *
- * @author Harald Bratko
- */
-public class VerifyInfoboxParameter {
- /**
- * The default package name (first part) of a infobox validator class.
- */
- public static final String DEFAULT_PACKAGE_TRUNK = "at.gv.egovernment.moa.id.auth.validator.";
- /**
- * The identifier of the infobox to be verified. This identifier must exactly the
- * identifier of the infobox returned by BKU.
- */
- protected String identifier_;
- /**
- * The friendly name of the infobox.
- * This name is used within browser messages, thus it should be the german equivalent of
- * the {@link #identifier_ infobox identifier} (e.g. &quot;<code>Stellvertretungen</code>&quot;
- * for &quot;<code>Mandates</code>&quot; or &quot;<code>GDAToken</code>&quot; for
- * &quot;<code>EHSPToken</code>&quot;.
- * <br>If not specified within the config file the {@link #identifier_ infobox identifier}
- * will be used.
- */
- protected String friendlyName_;
- /**
- * The Id of the TrustProfile to be used for validating certificates.
- */
- protected String trustProfileID_;
- /**
- * The full name of the class to be used for verifying the infobox.
- */
- protected String validatorClassName_;
- /**
- * Schema location URIs that may be needed by the
- * validator to parse infobox tokens.
- * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
- * specifying the location of an XML schema.
- */
- protected List schemaLocations_;
- /**
- * Application specific parameters that may be needed for verifying an infobox.
- */
- protected Element applicationSpecificParams_;
- /**
- * Specifies if the infobox is be required to be returned by the BKU.
- */
- protected boolean required_;
- /**
- * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
- * application or not.
- */
- protected boolean provideStammzahl_;
- /**
- * Specifies whether the <code>identity link</code> should be passed to the verifying
- * application or not.
- */
- protected boolean provideIdentityLink_;
- /**
- * Initializes this VerifiyInfoboxParamater with the given identifier and a default
- * validator class name.
- *
- * @param identifier The identifier of the infobox to be verified.
- */
- public VerifyInfoboxParameter(String identifier) {
- identifier_ = identifier;
- StringBuffer sb = new StringBuffer(DEFAULT_PACKAGE_TRUNK);
- sb.append(identifier.toLowerCase());
- sb.append(".");
- sb.append(identifier.substring(0, 1).toUpperCase());
- sb.append(identifier.substring(1));
- sb.append("Validator");
- validatorClassName_ = sb.toString();
- }
- /**
- * Returns application specific parameters.
- * Each child element of this element contains a verifying application specific parameter. {@link #applicationSpecificParams_}
- *
- * @see #applicationSpecificParams_
- *
- * @return Application specific parameters.
- */
- public Element getApplicationSpecificParams() {
- return applicationSpecificParams_;
- }
- /**
- * Sets the application specific parameters.
- *
- * @see #applicationSpecificParams_
- *
- * @param applicationSpecificParams The application specific parameters to set.
- */
- public void setApplicationSpecificParams(Element applicationSpecificParams) {
- applicationSpecificParams_ = applicationSpecificParams;
- }
- /**
- * Appends special application specific parameters for party representation.
- *
- * @param applicationSpecificParams The application specific parameters for party representation to set.
- */
- public void appendParepSpecificParams(Element applicationSpecificParams) {
- try {
- if (applicationSpecificParams_==null) {
- applicationSpecificParams_ = applicationSpecificParams.getOwnerDocument().createElement("ApplicationSpecificParameters");
- }
- Element nameSpaceNode = applicationSpecificParams.getOwnerDocument().createElement("NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns:" + Constants.MOA_ID_CONFIG_PREFIX, Constants.MOA_ID_CONFIG_NS_URI);
- NodeList nodeList = XPathAPI.selectNodeList(applicationSpecificParams, "*", nameSpaceNode);
- if (null!=nodeList) {
- for (int i=0; i<nodeList.getLength(); i++) {
- applicationSpecificParams_.appendChild((Node) nodeList.item(i));
- }
- }
- } catch (TransformerException e) {
- //Do nothing
- }
- }
- /**
- * Returns the friendly name.
- *
- * @see #friendlyName_
- *
- * @return The friendly name.
- */
- public String getFriendlyName() {
- return friendlyName_;
- }
- /**
- * Sets the friendly name.
- *
- * @param friendlyName The friendly name to set.
- */
- public void setFriendlyName(String friendlyName) {
- friendlyName_ = friendlyName;
- }
- /**
- * Returns the infobox identifier.
- *
- * @see #identifier_
- *
- * @return The infobox identifier.
- */
- public String getIdentifier() {
- return identifier_;
- }
- /**
- * Sets the the infobox identifier.
- *
- * @see #identifier_
- *
- * @param identifier The infobox identifier to set.
- */
- public void setIdentifier(String identifier) {
- identifier_ = identifier;
- }
- /**
- * Specifies whether the identity link should be passed to the verifying application
- * or not.
- *
- * @return <code>True</code> if the identity link should be passed to the verifying
- * application, otherwise <code>false</code>.
- */
- public boolean getProvideIdentityLink() {
- return provideIdentityLink_;
- }
- /**
- * Sets the {@link #provideIdentityLink_} parameter.
- *
- * @param provideIdentityLink <code>True</code> if the identity link should be passed to
- * the verifying application, otherwise <code>false</code>.
- */
- public void setProvideIdentityLink(boolean provideIdentityLink) {
- provideIdentityLink_ = provideIdentityLink;
- }
- /**
- * Specifies whether the <code>Stammzahl</code> should be passed to the verifying
- * application or not.
- *
- * @return <code>True</code> if the <code>Stammzahl</code> should be passed to the
- * verifying application, otherwise <code>false</code>.
- */
- public boolean getProvideStammzahl() {
- return provideStammzahl_;
- }
- /**
- * Sets the {@link #provideStammzahl_} parameter.
- *
- * @param provideStammzahl <code>True</code> if the <code>Stammzahl</code> should be
- * passed to the verifying application, otherwise <code>false</code>.
- */
- public void setProvideStammzahl(boolean provideStammzahl) {
- provideStammzahl_ = provideStammzahl;
- }
- /**
- * Specifies whether the infobox is required or not.
- *
- * @return <code>True</code> if the infobox is required to be returned by the BKU,
- * otherwise <code>false</code>.
- */
- public boolean isRequired() {
- return required_;
- }
- /**
- * Sets the {@link #required_} parameter.
- *
- * @param required <code>True</code> if the infobox is required to be returned by the
- * BKU, otherwise <code>false</code>.
- */
- public void setRequired(boolean required) {
- required_ = required;
- }
- /**
- * Schema location URIs that may be needed by the
- * validator to parse infobox tokens.
- * Each entry in the list is a {@link at.gv.egovernment.moa.id.auth.data.Schema Schema}
- * specifying the location of an XML schema.
- *
- * @return A list of {@link at.gv.egovernment.moa.id.auth.data.Schema Schema} objects
- * each of them specifying the location of an XML schema.
- */
- public List getSchemaLocations() {
- return schemaLocations_;
- }
- /**
- * Sets the schema locations.
- *
- * @see #schemaLocations_
- *
- * @param schemaLocations The schema location list to be set.
- */
- public void setSchemaLocations(List schemaLocations) {
- schemaLocations_ = schemaLocations;
- }
- /**
- * Returns the ID of the trust profile to be used for verifying certificates.
- *
- * @return The ID of the trust profile to be used for verifying certificates.
- * Maybe <code>null</code>.
- */
- public String getTrustProfileID() {
- return trustProfileID_;
- }
- /**
- * Sets the ID of the trust profile to be used for verifying certificates.
- *
- * @param trustProfileID The ID of the trust profile to be used for verifying certificates.
- */
- public void setTrustProfileID(String trustProfileID) {
- trustProfileID_ = trustProfileID;
- }
- /**
- * Returns the name of the class to be used for verifying this infobox.
- *
- * @return The name of the class to be used for verifying this infobox.
- */
- public String getValidatorClassName() {
- return validatorClassName_;
- }
- /**
- * Sets the name of the class to be used for verifying this infobox.
- *
- * @param validatorClassName The name of the class to be used for verifying this infobox.
- */
- public void setValidatorClassName(String validatorClassName) {
- validatorClassName_ = validatorClassName;
- }
- /**
- * Get a string representation of this object.
- * This method is for debugging purposes only.
- *
- * @return A string representation of this object.
- */
- public String toString() {
- StringBuffer buffer = new StringBuffer(1024);
- buffer.append(" <Infobox Identifier=\"");
- buffer.append(identifier_);
- buffer.append("\" required=\"");
- buffer.append(required_);
- buffer.append("\" provideStammzahl=\"");
- buffer.append(provideStammzahl_);
- buffer.append("\" provideIdentityLink=\"");
- buffer.append(provideIdentityLink_);
- buffer.append("\">");
- buffer.append("\n");
- if (friendlyName_ != null) {
- buffer.append(" <FriendlyName>");
- buffer.append(friendlyName_);
- buffer.append("</FriendlyName>");
- buffer.append("\n");
- }
- if (trustProfileID_ != null) {
- buffer.append(" <TrustProfileID>");
- buffer.append(trustProfileID_);
- buffer.append("</TrustProfileID>");
- buffer.append("\n");
- }
- if (validatorClassName_ != null) {
- buffer.append(" <ValidatorClass>");
- buffer.append(validatorClassName_);
- buffer.append("</ValidatorClass>");
- buffer.append("\n");
- }
- if (schemaLocations_ != null) {
- buffer.append(" <SchemaLocations>");
- buffer.append("\n");
- Iterator it = schemaLocations_.iterator();
- while (it.hasNext()) {
- buffer.append(" <Schema namespace=\"");
- Schema schema = (Schema)it.next();
- buffer.append(schema.getNamespace());
- buffer.append("\" schemaLocation=\"");
- buffer.append(schema.getSchemaLocation());
- buffer.append("\"/>\n");
- }
- buffer.append(" </SchemaLocations>");
- buffer.append("\n");
- }
- if (applicationSpecificParams_ != null) {
- try {
- String applicationSpecificParams = DOMUtils.serializeNode(applicationSpecificParams_);
- buffer.append(" ");
- buffer.append(StringUtils.removeXMLDeclaration(applicationSpecificParams));
- buffer.append("\n");
- } catch (TransformerException e) {
- // do nothing
- } catch (IOException e) {
- // do nothing
- }
- }
- buffer.append(" </Infobox>");
- return buffer.toString() ;
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
deleted file mode 100644
index 821fb2225..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/VerifyInfoboxParameters.java
+++ /dev/null
@@ -1,159 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.config.auth;
-import java.util.Hashtable;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Map;
- * This class contains the parameters for verifying all the infoboxes configured for an
- * online application.
- *
- * @author Harald Bratko
- */
-public class VerifyInfoboxParameters {
- /**
- * A map of {@link VerifyInfoboxParameter} objects.
- * Each of these objects contains parameters that maybe needed for validating an
- * infobox.
- */
- protected Map infoboxParameters_;
- /**
- * A list of the identifiers of the infoboxes supported by this
- * VerifyInfoboxParameters;
- */
- protected List identifiers_;
- /**
- * Holds the (comma separated) identifiers of those infoboxes MOA-IF is able to validate
- * in the context of the actual online application.
- * The string will be added as value of the <code>PushInfobox</code> parameter in the
- * HTML form used for reading the infoboxes from the BKU.
- */
- protected String pushInfobox_;
- /**
- * Initializes this VerifyInfoboxParameters with an empty {@link #infoboxParameters_}
- * map.
- */
- public VerifyInfoboxParameters() {
- infoboxParameters_ = new Hashtable();
- pushInfobox_ = "";
- }
- /**
- * Initializes this VerifyInfoboxParameters with the given
- * <code>infoboxParameters</code> map and builds the {@link #pushInfobox_} string
- * from the keys of the given map.
- */
- public VerifyInfoboxParameters(List identifiers, Map infoboxParameters) {
- identifiers_ = identifiers;
- infoboxParameters_ = infoboxParameters;
- // build the pushInfobox string
- if ((identifiers != null) && (!identifiers.isEmpty())) {
- StringBuffer identifiersSB = new StringBuffer();
- int identifiersNum = identifiers.size();
- int i = 1;
- Iterator it = identifiers.iterator();
- while (it.hasNext()) {
- identifiersSB.append((String)it.next());
- if (i != identifiersNum) {
- identifiersSB.append(",");
- }
- i++;
- }
- pushInfobox_ = identifiersSB.toString();
- } else {
- pushInfobox_ = "";
- }
- }
- /**
- * Returns the (comma separated) identifiers of the infoboxes configured for the actual
- * online application.
- *
- * @see #pushInfobox_
- *
- * @return The (comma separated) identifiers of the infoboxes configured for the actual
- * online application.
- */
- public String getPushInfobox() {
- return pushInfobox_;
- }
- /**
- * Sets the {@link #pushInfobox_} string.
- *
- * @param pushInfobox The pushInfobox string to be set.
- */
- public void setPushInfobox(String pushInfobox) {
- pushInfobox_ = pushInfobox;
- }
- /**
- * Returns map of {@link VerifyInfoboxParameter} objects.
- * Each of these objects contains parameters that maybe needed for validating an
- * infobox.
- *
- * @return The map of {@link VerifyInfoboxParameter} objects.
- */
- public Map getInfoboxParameters() {
- return infoboxParameters_;
- }
- /**
- * Sets the map of {@link VerifyInfoboxParameter} objects.
- *
- * @see #infoboxParameters_
- *
- * @param infoboxParameters The infoboxParameters to set.
- */
- public void setInfoboxParameters(Map infoboxParameters) {
- infoboxParameters_ = infoboxParameters;
- }
- /**
- * Returns the identifiers of the supported infoboxes.
- *
- * @return The identifiers.
- */
- public List getIdentifiers() {
- return identifiers_;
- }
- /**
- * Sets the identifiers.
- *
- * @param identifiers The identifiers to set.
- */
- public void setIdentifiers(List identifiers) {
- identifiers_ = identifiers;
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 96d0bd2ed..8e24bdfdd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -1,7 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.config.legacy;
-import iaik.x509.X509Certificate;
import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -16,22 +36,18 @@ import java.util.Map;
import java.util.Properties;
import java.util.Set;
-import org.bouncycastle.crypto.macs.OldHMac;
import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.xml.XMLObject;
import org.w3c.dom.Element;
import eu.stork.vidp.messages.util.SAMLUtil;
import eu.stork.vidp.messages.util.XMLUtil;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUURLS;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.ChainingModes;
-import at.gv.egovernment.moa.id.commons.db.dao.config.ClientKeyStore;
import at.gv.egovernment.moa.id.commons.db.dao.config.ConnectionParameterClientAuthType;
import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.DefaultBKUs;
@@ -54,7 +70,6 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineMandates;
import at.gv.egovernment.moa.id.commons.db.dao.config.Organization;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.Protocols;
-import at.gv.egovernment.moa.id.commons.db.dao.config.RequestedAttributeType;
import at.gv.egovernment.moa.id.commons.db.dao.config.SAMLSigningParameter;
import at.gv.egovernment.moa.id.commons.db.dao.config.SLRequestTemplates;
import at.gv.egovernment.moa.id.commons.db.dao.config.SSO;
@@ -74,7 +89,6 @@ import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.data.IssuerAndSerial;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -136,7 +150,7 @@ public class BuildFromLegacyConfig {
//Load generic Config
- Map genericConfiguration = builder.buildGenericConfiguration();
+ Map<String, String> genericConfiguration = builder.buildGenericConfiguration();
GeneralConfiguration authGeneral = new GeneralConfiguration();
if (genericConfiguration.containsKey(GENERIC_CONFIG_PARAM_SOURCEID))
@@ -168,21 +182,18 @@ public class BuildFromLegacyConfig {
- //TODO: set Protocols!!!!
Protocols auth_protocols = new Protocols();
LegacyAllowed prot_legacy = new LegacyAllowed();
- final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x"); //TODO: set default values
+ final List<String> PROTOCOLS_LEGACY_ALLOWED = Arrays.asList("id_saml1","id_pvp2x");
- //TODO: remove beta test values
PVP2 prot_pvp2 = new PVP2();
- prot_pvp2.setPublicURLPrefix("https://labda.iaik.tugraz.at:8443/moa-id-auth/");
- prot_pvp2.setIssuerName("MOA-ID 2.0 Demo IDP");
+ prot_pvp2.setPublicURLPrefix("https://....");
+ prot_pvp2.setIssuerName("MOA-ID 2.x IDP");
Organization pvp2_org = new Organization();
@@ -213,8 +224,8 @@ public class BuildFromLegacyConfig {
SSO auth_sso = new SSO();
- auth_sso.setTarget("BF");
- auth_sso.setFriendlyName("EGIZ MOAID 2.0 Beta");
+ auth_sso.setTarget("");
+ auth_sso.setFriendlyName("");
//set SecurityLayer Transformations
@@ -268,7 +279,6 @@ public class BuildFromLegacyConfig {
- //TODO: check correctness!!!
//set IdentityLinkSigners
IdentityLinkSigners auth_idsigners = new IdentityLinkSigners();
@@ -399,7 +409,7 @@ public class BuildFromLegacyConfig {
//set general OA configuration
moa_oa.setCalculateHPI(false); //TODO: Bernd fragen warum das nicht direkt über den Bereichsidentifyer definert wird
- moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier())); //TODO: check correctness
+ moa_oa.setKeyBoxIdentifier(MOAKeyBoxSelector.fromValue(oa.getKeyBoxIdentifier()));
@@ -411,9 +421,9 @@ public class BuildFromLegacyConfig {
//SLLayer Version / useIframe
- oa_auth.setSlVersion(oa.getSlVersion());
- oa_auth.setUseIFrame(false);
- oa_auth.setUseUTC(oa.getUseUTC());
+// oa_auth.setSlVersion(oa.getSlVersion());
+// oa_auth.setUseIFrame(false);
+// oa_auth.setUseUTC(oa.getUseUTC());
@@ -477,26 +487,12 @@ public class BuildFromLegacyConfig {
+ oa_saml1.setIsActive(true);
OAPVP2 oa_pvp2 = new OAPVP2();
-// oa_pvp2.setMetadataURL("empty");
-// //TODO: is only a workaround!!!!
-// Properties props = getGeneralPVP2ProperiesConfig(properies);
-// File dir = new File(props.getProperty("idp.truststore"));
-// File[] files = dir.listFiles();
-// if (files.length > 0) {
-// FileInputStream filestream = new FileInputStream(files[0]);
-// X509Certificate signerCertificate = new X509Certificate(filestream);
-// oa_pvp2.setCertificate(signerCertificate.getEncoded());
-// } else {
-// oa_pvp2.setCertificate(null);
-// }
@@ -531,11 +527,7 @@ public class BuildFromLegacyConfig {
//set trustedCACertificate path
- //TODO: move to read config functionality
- //trustedCACertificates = FileUtils.makeAbsoluteURL(trustedCACertificates, rootConfigFileDir);
//Not required in MOAID 2.0 config (DefaultBKUs & SLRequestTemplates)
//trustedBKUs = builder.getTrustedBKUs();
//trustedTemplateURLs = builder.getTrustedTemplateURLs();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
index c191d7b2b..1d9f738be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/CPEPS.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
index 3abc94b02..45ed39bd4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConfigurationBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
index 455fde9bf..ab1cd6c2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/ConnectionParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -24,6 +46,8 @@
package at.gv.egovernment.moa.id.config.legacy;
+import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
* This bean class is used to store data for various connectionParameter
* within the MOA-ID configuration
@@ -31,7 +55,7 @@ package at.gv.egovernment.moa.id.config.legacy;
* @author Stefan Knirsch
* @version $Id$
-public class ConnectionParameter {
+public class ConnectionParameter implements ConnectionParameterInterface{
* Server URL
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
index 3948522c0..01977c239 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAAuthParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
index de449cbcf..2a4d68726 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/OAParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
index 2d0a91fb9..4666122d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/STORKConfig.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
index fcccf41f0..69d4889af 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureCreationParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
index d01c8e541..9358d763f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/SignatureVerificationParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
index a482da430..6f00a7b9c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
index c7f5aa7ff..b7a6b42be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/VerifyInfoboxParameters.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
index 2609737bb..e077e096f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAConfiguration.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
index d14d570ab..00ca5ad57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/OAProxyParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -76,6 +98,8 @@ public class OAProxyParameter extends OAParameter {
private OAConfiguration oaConfiguration;
+ private String errorRedirctURL;
* Returns the configFileURL.
@@ -205,4 +229,20 @@ public class OAProxyParameter extends OAParameter {
this.oaConfiguration = oaConfiguration;
+ * @return the errorRedirctURL
+ */
+public String getErrorRedirctURL() {
+ return errorRedirctURL;
+ * @param errorRedirctURL the errorRedirctURL to set
+ */
+public void setErrorRedirctURL(String errorRedirctURL) {
+ this.errorRedirctURL = errorRedirctURL;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
index 094e7162e..3220dc90c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -69,8 +91,10 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
private static final String OA_PROXY_LOGIN_PARA_XPATH = CONF + "ProxyComponent/@loginParameterResolverImpl";
/** an XPATH-Expression */
private static final String OA_PROXY_LOGIN_PARA_CONF_XPATH = CONF + "ProxyComponent/@loginParameterResolverConfiguration";
- /** an XPATH-Expression */
private static final String OA_PROXY_CONNECTION_BUILDER_XPATH = CONF + "ProxyComponent/@connectionBuilderImpl";
+ /** an XPATH-Expression */
+ private static final String OA_PROXY_ERROR_REDIRECT_URL_XPATH = CONF + "ProxyComponent/@errorRedirectURL";
/** an XPATH-Expression */
protected static final String OACONF_LOGIN_TYPE_XPATH =
ROOTOA + CONF + "LoginType";
@@ -201,7 +225,8 @@ public class ProxyConfigurationBuilder extends ConfigurationBuilder {
oap.setLoginParameterResolverConfiguration(XPathUtils.getAttributeValue(oAElem, OA_PROXY_LOGIN_PARA_CONF_XPATH, null));
oap.setLoginParameterResolverConfiguration(FileUtils.makeAbsoluteURL(oap.getLoginParameterResolverConfiguration(), rootConfigFileDir_));
oap.setConnectionBuilderImpl(XPathUtils.getAttributeValue(oAElem,OA_PROXY_CONNECTION_BUILDER_XPATH, null));
+ oap.setErrorRedirctURL(XPathUtils.getAttributeValue(oAElem,OA_PROXY_ERROR_REDIRECT_URL_XPATH, null));
ConnectionParameter conPara = buildConnectionParameter(proxyComponentElem);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
index 1c9c1caa8..ecde454dd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/proxy/ProxyConfigurationProvider.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -173,6 +195,32 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
+ public String getTrustedCACertificates() {
+ return trustedCACertificates;
+ }
+ /**
+ * @return the certstoreDirectory
+ */
+ public String getCertstoreDirectory() {
+ if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
+ return (String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY);
+ else
+ return null;
+ }
+ /**
+ * @return the trustmanagerrevoationchecking
+ */
+ public boolean isTrustmanagerrevoationchecking() {
+ if (genericConfiguration.containsKey(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING))
+ return Boolean.valueOf((String)genericConfiguration.get(ConfigurationProvider.TRUST_MANAGER_REVOCATION_CHECKING));
+ else
+ return true;
+ }
* Return a bean containing all information about the ProxyComponent
* @return The ConnectionParameter for the Proxy Component
@@ -209,4 +257,4 @@ public class ProxyConfigurationProvider extends ConfigurationProvider {
return null;
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
index a5b160454..6e67b4219 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 6a3f4cc9e..76cd8f994 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
index 4010ab491..f188daf0d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureCreationParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
index 211c7dde4..9b3e24c46 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/SignatureVerificationParameter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 4bbd221a5..f9d3986d7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -124,12 +146,21 @@ public class AuthenticationData implements Serializable {
private String samlAssertion;
/** useUTC */
- private boolean useUTC;
+// private boolean useUTC;
* creation timestamp
Date timestamp;
+ //this method is only required for MOA-ID Proxy 2.0 Release.
+ //TODO: remove it, if MOA-ID Proxy is not supported anymore.
+ public String getWBPK() {
+ return bPK;
+ }
* Constructor for AuthenticationData.
@@ -176,22 +207,14 @@ public class AuthenticationData implements Serializable {
public String getBPK() {
return bPK;
// /**
-// * Returns the wbPK.
-// * @return String the wbPK.
+// * Returns useUTC
+// * @return useUTC
// */
-// public String getWBPK() {
-// return wbPK;
+// public boolean getUseUTC() {
+// return useUTC;
// }
- /**
- * Returns useUTC
- * @return useUTC
- */
- public boolean getUseUTC() {
- return useUTC;
- }
* Sets the minorVersion.
@@ -241,9 +264,9 @@ public class AuthenticationData implements Serializable {
// this.wbPK = wbPK;
// }
- public void setUseUTC(boolean useUTC) {
- this.useUTC = useUTC;
- }
+// public void setUseUTC(boolean useUTC) {
+// this.useUTC = useUTC;
+// }
* Returns the assertionID.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java
deleted file mode 100644
index 3745f2c95..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/Cookie.java
+++ /dev/null
@@ -1,143 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.StringTokenizer;
-import at.gv.egovernment.moa.logging.Logger;
- * The Cookie-class provides methods to save and return cookies for
- * each single session
- *
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class Cookie {
- /** A HahsMap containing all our cookies */
- HashMap cookies = new HashMap();
- /** A HashMap to temporarely store 'Set-Cookie' values from the OnlineApplication
- * to send them back to the client/browser as soon as possible */
- HashMap cookies401 = new HashMap();
- /**
- * Adds a Cookie from a response with response-code 401 to the cookie-pool
- * for sending it back to the browser / client
- * @param cookieString The complete 'Set-Cookie' - String
- */
- public void add401(String cookieString)
- {
- cookies401.put(getKey(cookieString),cookieString);
- }
- /**
- * Get the HashMap containing all cookies to be sent to the browser / client
- * @return HashMap with all cookies
- */
- public HashMap get401()
- {
- return cookies401;
- }
- /**
- * Clear the 401 cookie-pool
- */
- public void clear401()
- {
- cookies401.clear();
- }
- /**
- * Set a cookie that comes from the Online-Application
- * and save it in our "normal" cookie-pool
- * @param value The complete "Set-Cookie" - String from the Online-Application
- */
- public void setCookie(String value) {
- cookies.put(getKey(value), getValue(value));
- }
- /**
- * Method saveOldCookies.
- * @param value The complete "Set-Cookie" - String from the Online-Application
- */
- public void saveOldCookies(String value) {
- StringTokenizer st = new StringTokenizer(value,";");
- while (st.hasMoreTokens())
- {
- // We have to trim because the Tokenizer returns cookies including spaces at the beginning
- StringTokenizer st2 = new StringTokenizer(st.nextToken().trim(),"=");
- String cookieKey = st2.nextToken().trim();
- if (st2.hasMoreTokens())
- {
- String cookieValue = st2.nextToken().trim();
- if (!cookies.containsKey(cookieKey))
- cookies.put(cookieKey , cookieValue);
- }
- }
- Logger.debug("Found these cookies: " + getCookies());
- }
- /**
- * Get a String containing all cookies saved in that session seperated by '; '
- * to be sent back to the Online-Application
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookies() {
- String result = "";
- if (cookies.size()==0)
- return null;
- Iterator i = cookies.keySet().iterator();
- while (i.hasNext()) {
- String key = (String) i.next();
- result += key + "=" + (String)cookies.get(key) + "; ";
- }
- return result.substring(0, result.length() - 2);
- }
- /**
- * Returns the key of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns CookieA
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the key of a key-value-pair of a cookie
- */
- private String getKey(String input) {
- return input.substring(0, input.indexOf("="));
- }
- /**
- * Returns the value of a key-value-pair of a cookie
- * getKey("CookieA=1234") returns 1234
- * @param String the complete "Set-cookie" String containing a key-value-pair of a cookie
- * @return String the value of a key-value-pair of a cookie
- */
- private String getValue(String input) {
- if (input.indexOf(";") == -1)
- return input.substring(input.indexOf("=") + 1, input.getBytes().length);
- return input.substring(input.indexOf("=") + 1, input.indexOf(";"));
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java
deleted file mode 100644
index cb87f8ff0..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/CookieManager.java
+++ /dev/null
@@ -1,138 +0,0 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-package at.gv.egovernment.moa.id.data;
-import java.util.HashMap;
- * The CookieManager is a singleton to manage a Cookie-Object for
- * each session
- * @author Stefan Knirsch
- * @version $Id$
- *
- */
-public class CookieManager {
- /** the singleton instance of the CookieManager */
- private static CookieManager instance;
- /** a HashMap to bind a Cookie-object to every single session*/
- private static HashMap cookies = new HashMap();
- /**
- * Create a singleton of the CookieManager
- * @return CookieManager
- */
- public static CookieManager getInstance()
- {
- if(instance==null) instance=new CookieManager();
- return instance;
- }
- /**
- * Save a cookie to a specified session-id
- * @param id The session id
- * @param cookie_string The complete 'Set-Cookie' String from the OnlineApplication
- */
- public void saveCookie(String id, String cookie_string)
- {
- getCookieWithID(id).setCookie(cookie_string);
- }
- /**
- * Method saveOldCookies.
- * @param id
- * @param cookie_string
- */
- public void saveOldCookies(String id,String cookie_string)
- {
- getCookieWithID(id).saveOldCookies(cookie_string);
- }
- /**
- * Get a Cookie-Object for a specified session-id
- * @param id The session id
- * @return Cookie object containing all saved cookies for this session
- */
- public Cookie getCookieWithID(String id)
- {
- Cookie c = null;
- if(cookies.containsKey(id))
- c = (Cookie)cookies.get(id);
- else
- {
- c = new Cookie();
- cookies.put(id,c);
- }
- return c;
- }
- /**
- * Get a String containing all cookies of a specified session-id
- * saved in that session seperated by '; ' to be sent back to
- * the Online-Application
- * @param id the session-id
- * @return String containing all cookies saved in that session seperated by '; '
- */
- public String getCookie(String id)
- {
- Cookie result = (Cookie)cookies.get((String)id);
- if (result==null)
- return null;
- return result.getCookies();
- }
- /**
- * Adds a Cookie for a special session from a response with
- * response-code 401 to the cookie-pool for sending it back
- * to the browser / client
- * @param id The session-id
- * @param value The complete 'Set-Cookie' - String
- */
- public void add401(String id,String value)
- {
- getCookieWithID(id).add401(value);
- }
- /**
- * Clear the 401 cookie-pool of a session
- * @param id the session-id
- */
- public void clear401(String id)
- {
- getCookieWithID(id).clear401();
- }
- /**
- * Get the HashMap containing all cookies of a session to be sent to the browser / client
- * @param id the session-id
- * @return HashMap with all cookies
- */
- public HashMap get401(String id)
- {
- return getCookieWithID(id).get401();
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
index 625e01e57..edb711b2f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IssuerAndSerial.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java
index 88843af67..dcdb0ef34 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/SAMLStatus.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index d587092eb..260a4fd79 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -1,12 +1,35 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.entrypoints;
+import iaik.security.ecc.provider.ECCProvider;
+import iaik.security.provider.IAIK;
import java.io.IOException;
-import java.util.ConcurrentModificationException;
-import java.util.HashMap;
+import java.security.Security;
import java.util.Iterator;
-import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
@@ -16,13 +39,13 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
-import javax.swing.ListModel;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
@@ -36,12 +59,12 @@ import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
import at.gv.egovernment.moa.id.moduls.RequestStorage;
import at.gv.egovernment.moa.id.moduls.SSOManager;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ExceptionStoreImpl;
-import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
+import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.legacy.LegacyHelper;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class DispatcherServlet extends AuthServlet{
@@ -72,7 +95,6 @@ public class DispatcherServlet extends AuthServlet{
protected void processRequest(HttpServletRequest req,
HttpServletResponse resp) throws ServletException, IOException {
boolean isValidSSOSession = false;
boolean useSSOOA = false;
String protocolRequestID = null;
@@ -84,9 +106,9 @@ public class DispatcherServlet extends AuthServlet{
String errorid = req.getParameter(ERROR_CODE_PARAM);
if (errorid != null) {
- Throwable throwable = ExceptionStoreImpl.getStore()
+ Throwable throwable = DBExceptionStoreImpl.getStore()
- ExceptionStoreImpl.getStore().removeException(errorid);
+ DBExceptionStoreImpl.getStore().removeException(errorid);
Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
@@ -130,8 +152,14 @@ public class DispatcherServlet extends AuthServlet{
if (handlingModule != null) {
if (handlingModule.generateErrorMessage(
throwable, req, resp, errorRequest)) {
+ //log Error Message
+ StatisticLogger logger = StatisticLogger.getInstance();
+ logger.logErrorOperation(throwable, errorRequest);
@@ -154,7 +182,7 @@ public class DispatcherServlet extends AuthServlet{
handleErrorNoRedirect("UNKOWN ERROR DETECTED!", null, req,
@@ -228,35 +256,26 @@ public class DispatcherServlet extends AuthServlet{
Object idObject = req.getParameter(PARAM_TARGET_PENDINGREQUESTID);
if (protocolRequests != null &&
- idObject != null && (idObject instanceof String)) {
+ idObject != null && (idObject instanceof String)) {
+ protocolRequestID = (String) idObject;
-// synchronized (protocolRequests) {
- protocolRequestID = (String) idObject;
- //get IRequest if it exits
- if (protocolRequests.containsKey(protocolRequestID)) {
- protocolRequest = protocolRequests.get(protocolRequestID);
- Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
- //RequestStorage.setPendingRequest(httpSession, protocolRequests);
+ //get IRequest if it exits
+ if (protocolRequests.containsKey(protocolRequestID)) {
+ protocolRequest = protocolRequests.get(protocolRequestID);
+ Logger.debug(DispatcherServlet.class.getName()+": Found PendingRequest with ID " + protocolRequestID);
- } else {
- Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
+ } else {
+ Logger.error("No PendingRequest with ID " + protocolRequestID + " found.!");
- Set<String> mapkeys = protocolRequests.keySet();
- for (String el : mapkeys)
- Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el));
- handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
- null, req, resp);
- //resp.sendError(HttpServletResponse.SC_CONFLICT);
- return;
- }
-// }
+ Set<String> mapkeys = protocolRequests.keySet();
+ for (String el : mapkeys)
+ Logger.debug("PendingRequest| ID=" + el + " OAIdentifier=" + protocolRequests.get(el));
+ handleErrorNoRedirect("Während des Anmeldevorgangs ist ein Fehler aufgetreten. Bitte versuchen Sie es noch einmal.",
+ null, req, resp);
+ return;
+ }
} else {
try {
protocolRequest = info.preProcess(req, resp, action);
@@ -265,26 +284,22 @@ public class DispatcherServlet extends AuthServlet{
if(protocolRequests != null) {
-// synchronized (protocolRequests) {
-// synchronized (protocolRequest) {
- Set<String> mapkeys = protocolRequests.keySet();
- for (String el : mapkeys) {
- IRequest value = protocolRequests.get(el);
+ Set<String> mapkeys = protocolRequests.keySet();
+ for (String el : mapkeys) {
+ IRequest value = protocolRequests.get(el);
+ if (value.getOAURL().equals(protocolRequest.getOAURL())) {
- if (value.getOAURL().equals(protocolRequest.getOAURL())) {
- if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
- Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
- RequestStorage.removeAllPendingRequests(req.getSession());
- } else {
- RequestStorage.removePendingRequest(protocolRequests, el);
- }
- }
+ if(!AuthenticationSessionStoreage.deleteSessionWithPendingRequestID(el)) {
+ Logger.warn(DispatcherServlet.class.getName()+": NO MOASession with PendingRequestID " + el + " found. Delete all user sessions!");
+ RequestStorage.removeAllPendingRequests(req.getSession());
+ } else {
+ RequestStorage.removePendingRequest(protocolRequests, el);
-// }
-// }
+ }
+ }
} else {
protocolRequests = new ConcurrentHashMap<String, IRequest>();
@@ -303,25 +318,29 @@ public class DispatcherServlet extends AuthServlet{
} catch (MOAIDException e) {
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
Logger.error("Failed to generate a valid protocol request!");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getWriter().write("NO valid protocol request received!");
if (protocolRequest == null) {
- resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
Logger.error("Failed to generate a valid protocol request!");
+ resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getWriter().write("NO valid protocol request received!");
RequestStorage.setPendingRequest(httpSession, protocolRequests);
AuthenticationManager authmanager = AuthenticationManager.getInstance();
SSOManager ssomanager = SSOManager.getInstance();
String moasessionID = null;
+ String newSSOSessionId = null;
AuthenticationSession moasession = null;
//get SSO Cookie for Request
@@ -356,6 +375,7 @@ public class DispatcherServlet extends AuthServlet{
isValidSSOSession = ssomanager.isValidSSOSession(ssoId, req);
useSSOOA = oaParam.useSSO();
//if a legacy request is used SSO should not be allowed, actually
boolean isUseMandateRequested = LegacyHelper.isUseMandateRequested(req);
@@ -391,11 +411,9 @@ public class DispatcherServlet extends AuthServlet{
if ((useSSOOA || isValidSSOSession)) //TODO: SSO with mandates requires an OVS extension
- //TODO SSO Question!!!!
if (useSSOOA && isValidSSOSession) {
moasessionID = ssomanager.getMOASession(ssoId);
@@ -409,17 +427,13 @@ public class DispatcherServlet extends AuthServlet{
else {
- //TODO: maybe transmit moasessionID with http GET to handle more then one PendingRequest!
moasessionID = (String) req.getParameter(PARAM_SESSIONID);
-// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-// AuthenticationManager.MOA_SESSION, null);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
//save SSO session usage in Database
- String newSSOSessionId = ssomanager.storeSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
+ newSSOSessionId = ssomanager.createSSOSessionInformations(moasessionID, protocolRequest.getOAURL());
if (newSSOSessionId != null) {
ssomanager.setSSOSessionID(req, resp, newSSOSessionId);
@@ -429,34 +443,47 @@ public class DispatcherServlet extends AuthServlet{
} else {
-// moasessionID = HTTPSessionUtils.getHTTPSessionString(req.getSession(),
-// AuthenticationManager.MOA_SESSION, null);
moasessionID = (String) req.getParameter(PARAM_SESSIONID);
moasession = AuthenticationSessionStoreage.getSession(moasessionID);
+ moasessionID = AuthenticationSessionStoreage.changeSessionID(moasession);
- moduleAction.processRequest(protocolRequest, req, resp, moasession);
+ String assertionID = moduleAction.processRequest(protocolRequest, req, resp, moasession);
RequestStorage.removePendingRequest(protocolRequests, protocolRequestID);
if (needAuthentication) {
- boolean isSSOSession = AuthenticationSessionStoreage.isSSOSession(moasessionID);
+ boolean isSSOSession = MiscUtil.isNotEmpty(newSSOSessionId);
if ((useSSOOA || isSSOSession) //TODO: SSO with mandates requires an OVS extension
- && !moasession.getUseMandate())
- {
+ && !moasession.getUseMandate()) {
+ try {
+ //Store OA specific SSO session information
+ AuthenticationSessionStoreage.addSSOInformation(moasessionID,
+ newSSOSessionId, assertionID, protocolRequest.getOAURL());
+ } catch (AuthenticationException e) {
+ Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
+ authmanager.logout(req, resp, moasessionID);
+ isSSOSession = false;
+ }
} else {
authmanager.logout(req, resp, moasessionID);
- //authmanager.logout(req, resp);
+ //Advanced statistic logging
+ StatisticLogger logger = StatisticLogger.getInstance();
+ logger.logSuccessOperation(protocolRequest, moasession, isSSOSession);
} catch (Throwable e) {
@@ -471,7 +498,7 @@ public class DispatcherServlet extends AuthServlet{
} catch (MOAIDException ex) {
handleError(null, ex, req, resp, protocolRequestID);
} catch (Throwable e) {
- handleErrorNoRedirect(e.getMessage(), null, req,
+ handleErrorNoRedirect(e.getMessage(), e, req,
@@ -480,7 +507,7 @@ public class DispatcherServlet extends AuthServlet{
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
index 10ff4bfc8..65634bed3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/CertStoreConfigurationImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
index fa9323089..d7a9962e0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/LoggerConfigImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
index 64bb081b0..646c27fe8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/PKIConfigurationImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
index 25f02c260..2c24161f6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/RevocationConfigurationImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
index a03508adb..d230eef26 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/config/ValidationConfigurationImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
index 4a27a8d66..8afba2a12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/PKIProfileImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
index 9b4853439..202be882e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/pki/jsse/MOAIDTrustManager.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -94,7 +116,7 @@ public class MOAIDTrustManager extends IAIKX509TrustManager {
private void buildAcceptedServerCertificates(String acceptedServerCertificateStoreURL)
throws IOException, GeneralSecurityException {
- List certList = new ArrayList();
+ List<X509Certificate> certList = new ArrayList<X509Certificate>();
URL storeURL = new URL(acceptedServerCertificateStoreURL);
File storeDir = new File(storeURL.getFile());
// list certificate files in directory
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
index 794a1f12f..16184502d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/iaik/servertools/observer/ObservableImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -40,7 +62,7 @@ import java.util.List;
public class ObservableImpl implements Observable {
/** a List for all observers */
- private List observers = new ArrayList();
+ private List<Observer> observers = new ArrayList<Observer>();
* @see iaik.pki.store.observer.Observable#addObserver(iaik.pki.store.observer.Observer)
@@ -60,7 +82,7 @@ public class ObservableImpl implements Observable {
* @see iaik.pki.store.observer.Observable#notify(iaik.pki.store.observer.NotificationData)
public void notify(NotificationData data) {
- Iterator iter = observers.iterator();
+ Iterator<Observer> iter = observers.iterator();
for (iter = observers.iterator(); iter.hasNext();) {
Observer observer = (Observer) iter.next();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index be0132c14..655c507be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
import java.io.IOException;
@@ -7,24 +29,20 @@ import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.OAParameter;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
@@ -48,61 +66,6 @@ public class AuthenticationManager extends AuthServlet {
-// public AuthenticationSession getAuthenticationSession(
-// HttpSession session) {
-// String sessionID = HTTPSessionUtils.getHTTPSessionString(session,
-// MOA_SESSION, null);
-// if (sessionID != null) {
-// try {
-// return AuthenticationSessionStoreage.getSession(sessionID);
-// } catch (MOADatabaseException e) {
-// return null;
-// }
-// }
-// return null;
-// }
-// /**
-// * Checks if the session is authenticated
-// *
-// * @param request
-// * @param response
-// * @return
-// */
-// public boolean isAuthenticated(HttpServletRequest request,
-// HttpServletResponse response) {
-// Logger.info("Checking authentication");
-// HttpSession session = request.getSession();
-// String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
-// if(moaSessionID == null) {
-// Logger.info("NO MOA Session to logout");
-// return false;
-// }
-//// AuthenticationSession authSession;
-//// try {
-//// authSession = AuthenticationSessionStoreage
-//// .getSession(moaSessionID);
-//// } catch (MOADatabaseException e) {
-//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
-//// return false;
-//// }
-//// if(authSession == null) {
-//// Logger.info("NO MOA Authentication data for ID " + moaSessionID);
-//// return false;
-//// }
-//// return authSession.isAuthenticated();
-// return AuthenticationSessionStoreage.isAuthenticated(moaSessionID);
-// }
* Checks if this request can authenticate a MOA Session
@@ -112,9 +75,7 @@ public class AuthenticationManager extends AuthServlet {
public boolean tryPerformAuthentication(HttpServletRequest request,
HttpServletResponse response) {
- HttpSession session = request.getSession();
String sessionID = (String) request.getParameter(PARAM_SESSIONID);
if (sessionID != null) {
Logger.info("got MOASession: " + sessionID);
@@ -133,9 +94,7 @@ public class AuthenticationManager extends AuthServlet {
-// HTTPSessionUtils.setHTTPSessionString(session, MOA_SESSION,
-// sessionID);
return true; // got authenticated
@@ -153,10 +112,6 @@ public class AuthenticationManager extends AuthServlet {
HttpServletResponse response, String moaSessionID) {
- HttpSession session = request.getSession();
- //String moaSessionID = HTTPSessionUtils.getHTTPSessionString(session, MOA_SESSION, null);
if(moaSessionID == null) {
moaSessionID = (String) request.getParameter(PARAM_SESSIONID);
@@ -284,7 +239,7 @@ public class AuthenticationManager extends AuthServlet {
String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(),
- target.requestedAction(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame(), moasession.getSessionID());
+ target.requestedAction(), oaParam, request.getContextPath(), moasession.getSessionID());
//store MOASession
try {
@@ -310,7 +265,7 @@ public class AuthenticationManager extends AuthServlet {
throws ServletException, IOException, MOAIDException {
String form = SendAssertionFormBuilder.buildForm(target.requestedModule(),
- target.requestedAction(), target.getRequestID(), oaParam.getFriendlyName(), request.getContextPath(), oaParam.useIFrame());
+ target.requestedAction(), target.getRequestID(), oaParam, request.getContextPath());
PrintWriter out = new PrintWriter(response.getOutputStream());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
index aa8a8d9a9..9a3d3986b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IAction.java
@@ -1,14 +1,36 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public interface IAction extends MOAIDAuthConstants {
- public void processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, AuthenticationSession moasession)
throws MOAIDException;
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
index 679ccb000..05b6ec1f3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IModulInfo.java
@@ -1,9 +1,31 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public interface IModulInfo {
//public List<ServletInfo> getServlets();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
index 824b210cf..2ef24c084 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/IRequest.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
public interface IRequest {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
index 2a92f3ce5..91f98608c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulStorage.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
import java.util.ArrayList;
@@ -10,7 +32,8 @@ public class ModulStorage {
private static final String[] modulClasses = new String[]{
- "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol"
+ "at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol",
+ "at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20Protocol"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
index b07695938..99b7f4217 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ModulUtils.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
index 286da5a91..6551b88a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/NoPassivAuthenticationException.java
@@ -1,6 +1,28 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public class NoPassivAuthenticationException extends MOAIDException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
index d47e8df05..b9b1742e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
import java.io.Serializable;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
index d33d4693d..bfe1151c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/RequestStorage.java
@@ -1,6 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
-import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpSession;
@@ -52,16 +73,12 @@ public class RequestStorage {
if (requestmap != null && requestID != null) {
synchronized (requestmap) {
- //Map<String, IRequest> requestmap = getPendingRequest(session);
if (requestmap.containsKey(requestID)) {
Logger.debug(RequestStorage.class.getName()+": Remove PendingRequest with ID " + requestID);
- //setPendingRequest(session, requestmap);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index 18eeae58e..82de940db 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -1,7 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.List;
import javax.servlet.http.Cookie;
@@ -11,14 +31,12 @@ import javax.servlet.http.HttpServletResponse;
import org.hibernate.Query;
import org.hibernate.Session;
-import at.gv.egovernment.moa.id.AuthenticationException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.util.HTTPSessionUtils;
import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -27,42 +45,41 @@ public class SSOManager {
private static final String SSOCOOKIE = "MOA_ID_SSO";
- private static final int DEFAULTSSOTIMEOUT = 15*60; //sec
+ private static final int DEFAULTSSOTIMEOUT = 15 * 60; // sec
private static SSOManager instance = null;
private static int sso_timeout;
public static SSOManager getInstance() {
if (instance == null) {
instance = new SSOManager();
- //TODO: move to config based timeout!
try {
sso_timeout = (int) AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionUpdated().longValue();
- } catch (ConfigurationException e) {
+ }
+ catch (ConfigurationException e) {
Logger.info("SSO Timeout can not be loaded from MOA-ID configuration. Use default Timeout with " + DEFAULTSSOTIMEOUT);
return instance;
public boolean isValidSSOSession(String ssoSessionID, HttpServletRequest httpReq) {
- //search SSO Session
+ // search SSO Session
if (ssoSessionID == null) {
Logger.info("No SSO Session cookie found.");
- return false;
+ return false;
-// String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
-// AuthenticationManager.MOA_SESSION, null);
+ // String moaSessionId =HTTPSessionUtils.getHTTPSessionString(httpReq.getSession(),
+ // AuthenticationManager.MOA_SESSION, null);
- return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
+ return AuthenticationSessionStoreage.isValidSessionWithSSOID(ssoSessionID, null);
@@ -72,52 +89,65 @@ public class SSOManager {
public String existsOldSSOSession(String ssoId) {
- Logger.trace("Check that the SSOID has already been used");
- Session session = MOASessionDBUtils.getCurrentSession();
- List<OldSSOSessionIDStore> result;
- synchronized (session) {
- session.beginTransaction();
- Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
- query.setString("sessionid", ssoId);
- result = query.list();
- //send transaction
- }
- Logger.trace("Found entries: " + result.size());
- //Assertion requires an unique artifact
- if (result.size() == 0) {
- session.getTransaction().commit();
- return null;
- }
- OldSSOSessionIDStore oldSSOSession = result.get(0);
- AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
- if (correspondingMoaSession == null) {
- Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
- //TODO: ist der OldSSOSessionStore zum Aufräumen?
- return null;
- }
- String moasessionid = correspondingMoaSession.getSessionid();
- session.getTransaction().commit();
+ Logger.trace("Check that the SSOID has already been used");
+ Session session = MOASessionDBUtils.getCurrentSession();
+ List<OldSSOSessionIDStore> result;
+ synchronized (session) {
- return moasessionid;
+// try {
+// session.getTransaction().rollback();
+// }
+// catch (Exception e) {
+// e.printStackTrace();
+// }
+// try {
+// session.getSessionFactory().openSession();
+// }
+// catch (Exception e) {
+// e.printStackTrace();
+// }
+ // session.getTransaction().begin();
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSSOSessionWithOldSessionID");
+ query.setString("sessionid", ssoId);
+ result = query.list();
+ // send transaction
+ }
+ Logger.trace("Found entries: " + result.size());
+ // Assertion requires an unique artifact
+ if (result.size() == 0) {
+ session.getTransaction().commit();
+ return null;
+ }
+ OldSSOSessionIDStore oldSSOSession = result.get(0);
+ AuthenticatedSessionStore correspondingMoaSession = oldSSOSession.getMoasession();
+ if (correspondingMoaSession == null) {
+ Logger.info("Get request with old SSO SessionID but no corresponding SSO Session is found.");
+ return null;
+ }
+ String moasessionid = correspondingMoaSession.getSessionid();
+ session.getTransaction().commit();
+ return moasessionid;
- public String storeSSOSessionInformations(String moaSessionID, String OAUrl) {
+ public String createSSOSessionInformations(String moaSessionID, String OAUrl) {
String newSSOId = Random.nextRandom();
System.out.println("generate new SSO Tokken (" + newSSOId + ")");
if (MiscUtil.isEmpty(moaSessionID) || MiscUtil.isEmpty(OAUrl)) {
@@ -125,43 +155,34 @@ public class SSOManager {
return null;
- try {
- AuthenticationSessionStoreage.addSSOInformation(moaSessionID, newSSOId, OAUrl);
- return newSSOId;
- } catch (AuthenticationException e) {
- Logger.warn("SSO Session information can not be stored -> SSO is not enabled!");
- return null;
- }
+ return newSSOId;
public void setSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp, String ssoId) {
Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
- deleteSSOSessionID(httpReq, httpResp);
+ deleteSSOSessionID(httpReq, httpResp);
Cookie cookie = new Cookie(SSOCOOKIE, ssoId);
- cookie.setPath(httpReq.getContextPath());
- httpResp.addCookie(cookie);
+ cookie.setPath(httpReq.getContextPath());
+ httpResp.addCookie(cookie);
public String getSSOSessionID(HttpServletRequest httpReq) {
- Cookie[] cookies = httpReq.getCookies();
+ Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
- //TODO: funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird (firefox)
- //if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
+ // funktioniert nicht, da Cookie seltsamerweise immer unsecure übertragen wird
+ // (firefox)
+ // if (cookie.getName().equals(SSOCOOKIE) && cookie.getSecure()) {
if (cookie.getName().equals(SSOCOOKIE)) {
return cookie.getValue();
@@ -171,14 +192,12 @@ public class SSOManager {
public void deleteSSOSessionID(HttpServletRequest httpReq, HttpServletResponse httpResp) {
- Cookie[] cookies = httpReq.getCookies();
+ Cookie[] cookies = httpReq.getCookies();
if (cookies != null) {
for (Cookie cookie : cookies) {
- if (!cookie.getName().equals(SSOCOOKIE))
- httpResp.addCookie(cookie);
+ if (!cookie.getName().equals(SSOCOOKIE)) httpResp.addCookie(cookie);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
index 0181233d5..807f789ce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletInfo.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
import javax.servlet.http.HttpServlet;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
index 50b1702f8..c8fbfb558 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/ServletType.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.moduls;
public enum ServletType {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
new file mode 100644
index 000000000..a08ef5f0c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java
@@ -0,0 +1,142 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import org.hibernate.Query;
+import org.hibernate.Session;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.StatisticLogDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
+import at.gv.egovernment.moa.id.commons.db.dao.statistic.StatisticLog;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class DatabaseTestModule implements TestModuleInterface{
+ public List<String> performTests() throws Exception {
+ Logger.trace("Start MOA-ID Database Test.");
+ List<String> errors = new ArrayList<String>();
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ String error = testMOAConfigurationDatabase();
+ if (MiscUtil.isNotEmpty(error))
+ errors.add(error);
+ error = testMOASessionDatabase();
+ if (MiscUtil.isNotEmpty(error))
+ errors.add(error);
+ if (config.isAdvancedLoggingActive()) {
+ error = testMOAAdvancedLoggingDatabase();
+ if (MiscUtil.isNotEmpty(error))
+ errors.add(error);
+ }
+ return errors;
+ }
+ private String testMOASessionDatabase() throws Exception{
+ Logger.trace("Start Test: MOASessionDatabase");
+ Date expioredate = new Date(new Date().getTime() - 120);
+ try {
+ List<AssertionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAssertionWithTimeOut");
+ query.setTimestamp("timeout", expioredate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+ Logger.trace("Finish Test: MOASessionDatabase");
+ return null;
+ } catch (Throwable e) {
+ Logger.warn("Failed Test: MOASessionDatabase", e);
+ return "MOASessionDatabase: " + e.getMessage();
+ }
+ }
+ private String testMOAConfigurationDatabase() throws Exception{
+ MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+ ConfigurationDBUtils.closeSession();
+ if (moaidconfig == null)
+ return ("MOA-ID 2.x configuration can not be loaded from Database.");
+ return null;
+ }
+ private String testMOAAdvancedLoggingDatabase() {
+ Date expioredate = new Date(new Date().getTime() - 120);
+ try {
+ Session session = StatisticLogDBUtils.getCurrentSession();
+ List<StatisticLog> results;
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getAllEntriesNotBeforeTimeStamp");
+ query.setTimestamp("timeout", expioredate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+ Logger.trace("Finish Test: AdvancedLoggingDataBase");
+ return null;
+ } catch (Throwable e) {
+ Logger.warn("Failed Test: AdvancedLoggingDataBase", e);
+ return "AdvancedLoggingDataBase: " + e.getMessage();
+ }
+ }
+ public String getName() {
+ return "DatabaseTest";
+ }
+ public void initializeTest(long delayParam, String url) throws Exception {
+ // TODO Auto-generated method stub
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
new file mode 100644
index 000000000..c88769197
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -0,0 +1,91 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.util.List;
+import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class IdentityLinkTestModule implements TestModuleInterface {
+ private static IdentityLink identityLink = null;
+ public void initializeTest(long delayParam, String url) throws Exception{
+ if (MiscUtil.isNotEmpty(url)) {
+ File idlfile = new File(url);
+ InputStream idlstream = new FileInputStream(idlfile);
+ identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
+ }
+ }
+ public List<String> performTests() throws Exception{
+ Logger.trace("Start MOA-ID IdentityLink Test");
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ IdentityLinkValidator.getInstance().validate(identityLink);
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+ .build(identityLink, config
+ .getMoaSpIdentityLinkTrustProfileID());
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ domVerifyXMLSignatureResponse).parseData();
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ verifyXMLSignatureResponse,
+ config.getIdentityLinkX509SubjectNames(),
+ VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
+ true);
+ Logger.trace("Finished MOA-ID IdentityLink Test without errors");
+ return null;
+ }
+ public String getName() {
+ return "IdentityLinkTest";
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
new file mode 100644
index 000000000..ccfa6d5d1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -0,0 +1,110 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+public class TestManager {
+ private static TestManager instance;
+ private Map<String, TestModuleInterface> tests = new HashMap<String, TestModuleInterface>();
+ public static TestManager getInstance() throws ConfigurationException {
+ if (instance == null)
+ instance = new TestManager();
+ return instance;
+ }
+ private TestManager() throws ConfigurationException {
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ //add Database test
+ DatabaseTestModule test1 = new DatabaseTestModule();
+ tests.put(test1.getName(), test1);
+ //add IdentityLink verification test
+ IdentityLinkTestModule test2 = new IdentityLinkTestModule();
+ String idlurl = config.getMonitoringTestIdentityLinkURL();
+ try {
+ test2.initializeTest(0, idlurl);
+ tests.put(test2.getName(), test2);;
+ } catch (Exception e) {
+ Logger.warn("MOA-ID IdentityLink Test can not performed without IdentityLink. Insert IdentityLink file to MOA-ID configuration", e);
+ }
+ }
+ public List<String> executeTests() {
+ Logger.debug("Start MOA-ID-Auth testing");
+ List<String> errors;
+ for (TestModuleInterface test : tests.values()) {
+ try {
+ errors = test.performTests();
+ if (errors != null && errors.size() > 0)
+ return errors;
+ } catch (Exception e) {
+ Logger.warn("General Testing Eception during Test " + test.getClass() + ": ", e);
+ return Arrays.asList(e.getMessage());
+ }
+ }
+ return null;
+ }
+ public List<String> executeTest(String testname) {
+ TestModuleInterface test = tests.get(testname);
+ if (test != null) {
+ try {
+ return test.performTests();
+ } catch (Exception e) {
+ Logger.warn("General Testing Eception during Test " + test.getName() + ": ", e);
+ return Arrays.asList(e.getMessage());
+ }
+ } else {
+ Logger.info("TestModule with Name " + testname + " is not implemented");
+ return null;
+ }
+ }
+ public boolean existsModule(String modulename) {
+ return tests.containsKey(modulename);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
new file mode 100644
index 000000000..4e26b1ce8
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/monitoring/TestModuleInterface.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.monitoring;
+import java.util.List;
+public interface TestModuleInterface {
+ public List<String> performTests() throws Exception;
+ public void initializeTest(long delayParam, String url) throws Exception;
+ public String getName();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
new file mode 100644
index 000000000..8d45a5d86
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java
@@ -0,0 +1,73 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+import java.util.Properties;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+public class OAuth20Configuration {
+ private static OAuth20Configuration instance;
+ public static OAuth20Configuration getInstance() {
+ if (instance == null) {
+ instance = new OAuth20Configuration();
+ }
+ return instance;
+ }
+ public static final String JWT_KEYSTORE = "jwt.ks.file";
+ public static final String JWT_KEYSTORE_PASSWORD = "jwt.ks.password";
+ public static final String JWT_KEY_NAME = "jwt.ks.key.name";
+ public static final String JWT_KEY_PASSWORD = "jwt.ks.key.password";
+ private Properties props;
+ private OAuth20Configuration() {
+ try {
+ props = AuthConfigurationProvider.getInstance().getGeneralOAuth20ProperiesConfig();
+ }
+ catch (ConfigurationException e) {
+ e.printStackTrace();
+ }
+ }
+ public String getJWTKeyStore() {
+ return props.getProperty(JWT_KEYSTORE);
+ }
+ public String getJWTKeyStorePassword() {
+ return props.getProperty(JWT_KEYSTORE_PASSWORD);
+ }
+ public String getJWTKeyName() {
+ return props.getProperty(JWT_KEY_NAME);
+ }
+ public String getJWTKeyPassword() {
+ return props.getProperty(JWT_KEY_PASSWORD);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
new file mode 100644
index 000000000..677b5e7ab
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Constants.java
@@ -0,0 +1,67 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+public final class OAuth20Constants {
+ private OAuth20Constants() {
+ throw new InstantiationError();
+ }
+ // error parameters and error codes
+ public static final String PARAM_ERROR = "error";
+ public static final String PARAM_ERROR_DESCRIPTION = "error_description";
+ public static final String PARAM_ERROR_URI = "error_uri";
+ public static final String ERROR_INVALID_REQUEST = "invalid_request";
+ public static final String ERROR_UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type";
+ public static final String ERROR_INVALID_CLIENT = "invalid_client";
+ public static final String ERROR_ACCESS_DENIED = "access_denied";
+ public static final String ERROR_SERVER_ERROR = "server_error";
+ public static final String ERROR_INVALID_GRANT = "invalid_grant";
+ public static final String ERROR_UNAUTHORIZED_CLIENT = "unauthorized_client";
+ // request parameters
+ //public static final String PARAM_OA_URL = "oaURL";
+ public static final String PARAM_RESPONSE_TYPE = "response_type";
+ public static final String PARAM_REDIRECT_URI = "redirect_uri";
+ public static final String PARAM_STATE = "state";
+ public static final String PARAM_GRANT_TYPE = "grant_type";
+ public static final String PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE = "authorization_code";
+ public static final String PARAM_CLIENT_ID = "client_id";
+ public static final String PARAM_CLIENT_SECRET = "client_secret";
+ public static final String PARAM_SCOPE = "scope";
+ public static final String PARAM_MOA_MOD = "mod";
+ public static final String PARAM_MOA_ACTION = "action";
+ // reponse parameters
+ public static final String RESPONSE_CODE = "code";
+ public static final String RESPONSE_TOKEN = "token";
+ public static final String RESPONSE_ACCESS_TOKEN = "access_token";
+ public static final String RESPONSE_ID_TOKEN = "id_token";
+ public static final String RESPONSE_EXPIRES_IN = "expires_in";
+ public static final String RESPONSE_TOKEN_TYPE = "token_type";
+ public static final String RESPONSE_TOKEN_TYPE_VALUE_BEARER = "Bearer";
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
new file mode 100644
index 000000000..4a33a44b7
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20SessionObject.java
@@ -0,0 +1,74 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+import java.io.Serializable;
+import java.util.Map;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+public class OAuth20SessionObject implements Serializable {
+ /**
+ *
+ */
+ private static final long serialVersionUID = 1L;
+ private String scope;
+ private String code;
+ private Map<String, Object> authDataSession;
+ public String getScope() {
+ return scope;
+ }
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+ /**
+ * @return the code
+ */
+ public String getCode() {
+ return code;
+ }
+ /**
+ * @param code
+ * the code to set
+ */
+ public void setCode(String code) {
+ this.code = code;
+ }
+ public Map<String, Object> getAuthDataSession() {
+ return authDataSession;
+ }
+ public void setAuthDataSession(Map<String, Object> idToken) {
+ this.authDataSession = idToken;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java
new file mode 100644
index 000000000..912060949
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Util.java
@@ -0,0 +1,111 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+import java.io.UnsupportedEncodingException;
+import java.util.Map;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import org.apache.commons.lang.StringUtils;
+import com.google.gson.JsonObject;
+public final class OAuth20Util {
+ public static final String REGEX_HTTPS = "^(https?)://[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]";
+ public static final String REGEX_FILE = "^(file):/.[-a-zA-Z0-9+&@#/%?=~_|!:,.;]*[-a-zA-Z0-9+&@#/%=~_|]";
+ private OAuth20Util() {
+ throw new InstantiationError();
+ }
+ /**
+ * Simple helper function to add parameter to a url
+ *
+ * @param url
+ * @param name
+ * @param value
+ * @throws UnsupportedEncodingException
+ */
+ public static void addParameterToURL(final StringBuilder url, final String name, final String value)
+ throws UnsupportedEncodingException {
+ if (url.indexOf("?") < 0) {
+ url.append("?");
+ } else {
+ url.append("&");
+ }
+ // URLEncoder.encode(value, "UTF-8")
+ url.append(name).append("=").append(value);
+ }
+ public static boolean isUrl(final String url) {
+ Pattern urlPattern;
+ if (url.startsWith("file")) {
+ urlPattern = Pattern.compile(REGEX_FILE, Pattern.CASE_INSENSITIVE);
+ } else {
+ urlPattern = Pattern.compile(REGEX_HTTPS, Pattern.CASE_INSENSITIVE);
+ }
+ Matcher matcher = urlPattern.matcher(url);
+ return matcher.find();
+ }
+ public static boolean isValidStateValue(String state) {
+ Pattern urlPattern = Pattern.compile("javascript|<|>|&|;", Pattern.CASE_INSENSITIVE);
+ Matcher matcher = urlPattern.matcher(state);
+ return !matcher.find();
+ }
+ public static void addProperytiesToJsonObject(JsonObject jsonObject, Map<String, Object> params) {
+ for (Map.Entry<String, Object> param : params.entrySet()) {
+ if (!StringUtils.isEmpty(param.getKey()) && param.getValue() != null) {
+ // check for integer
+ try {
+ int i = Integer.parseInt(String.valueOf(param.getValue()));
+ jsonObject.addProperty(param.getKey(), i);
+ continue;
+ }
+ catch (NumberFormatException e) {
+ }
+ // check for long
+ try {
+ long l = Long.parseLong(String.valueOf(param.getValue()));
+ jsonObject.addProperty(param.getKey(), l);
+ continue;
+ }
+ catch (NumberFormatException e) {
+ }
+ // string
+ if (param.getValue() instanceof String) {
+ jsonObject.addProperty(param.getKey(), String.valueOf(param.getValue()));
+ }
+ }
+ }
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java
new file mode 100644
index 000000000..eb3cfcccb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/Pair.java
@@ -0,0 +1,45 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20;
+public class Pair<P1, P2> {
+ private final P1 first;
+ private final P2 second;
+ private Pair(final P1 newFirst, final P2 newSecond) {
+ this.first = newFirst;
+ this.second = newSecond;
+ }
+ public P1 getFirst() {
+ return this.first;
+ }
+ public P2 getSecond() {
+ return this.second;
+ }
+ public static <P1, P2> Pair<P1, P2> newInstance(final P1 newFirst, final P2 newSecond) {
+ return new Pair<P1, P2>(newFirst, newSecond);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
new file mode 100644
index 000000000..aedf0dbce
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -0,0 +1,183 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import java.util.ArrayList;
+import java.util.List;
+import org.apache.commons.lang.StringUtils;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBPKAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonBirthDateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonFamilyNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonGivenNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateNaturalPersonSourcePinTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepDescAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateProfRepOIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateReferenceValueAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonPrimitive;
+public final class OAuth20AttributeBuilder {
+ private OAuth20AttributeBuilder() {
+ throw new InstantiationError();
+ }
+ private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() {
+ public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(value));
+ }
+ public Pair<String, JsonPrimitive> buildIntegerAttribute(final String friendlyName, final String name, final int value) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(value));
+ }
+ public Pair<String, JsonPrimitive> buildLongAttribute(final String friendlyName, final String name, final long value) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(value));
+ }
+ public Pair<String, JsonPrimitive> buildEmptyAttribute(final String friendlyName, final String name) {
+ return Pair.newInstance(friendlyName, new JsonPrimitive(""));
+ }
+ };
+ private static final List<IAttributeBuilder> buildersOpenId = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersProfile = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersEID = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersEIDGov = new ArrayList<IAttributeBuilder>();
+ private static final List<IAttributeBuilder> buildersMandate = new ArrayList<IAttributeBuilder>();
+ static {
+ // openId
+ buildersOpenId.add(new OpenIdIssuerAttribute());
+ buildersOpenId.add(new OpenIdSubjectIdentifierAttribute());
+ buildersOpenId.add(new OpenIdExpirationTimeAttribute());
+ buildersOpenId.add(new OpenIdIssueInstantAttribute());
+ buildersOpenId.add(new OpenIdAuthenticationTimeAttribute());
+ // profile
+ buildersProfile.add(new ProfileGivenNameAttribute());
+ buildersProfile.add(new ProfileFamilyNameAttribute());
+ buildersProfile.add(new ProfileDateOfBirthAttribute());
+ // EID
+ buildersEID.add(new EIDCcsURL());
+ buildersEID.add(new EIDCitizenQAALevelAttributeBuilder());
+ buildersEID.add(new EIDIssuingNationAttributeBuilder());
+ buildersEID.add(new EIDSectorForIDAttributeBuilder());
+ buildersEID.add(new EIDAuthBlock());
+ buildersEID.add(new EIDSignerCertificate());
+ buildersEID.add(new BPKAttributeBuilder());
+ // eID_gov
+ buildersEIDGov.add(new EIDSourcePIN());
+ buildersEIDGov.add(new EIDSourcePINType());
+ buildersEIDGov.add(new EIDIdentityLinkBuilder());
+ // mandate
+ buildersMandate.add(new MandateTypeAttributeBuilder());
+ buildersMandate.add(new MandateReferenceValueAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonSourcePinAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonSourcePinTypeAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonBPKAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonFamilyNameAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonGivenNameAttributeBuilder());
+ buildersMandate.add(new MandateNaturalPersonBirthDateAttributeBuilder());
+ buildersMandate.add(new MandateLegalPersonSourcePinAttributeBuilder());
+ buildersMandate.add(new MandateLegalPersonSourcePinTypeAttributeBuilder());
+ buildersMandate.add(new MandateLegalPersonFullNameAttributeBuilder());
+ buildersMandate.add(new MandateProfRepOIDAttributeBuilder());
+ buildersMandate.add(new MandateProfRepDescAttributeBuilder());
+ }
+ private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject,
+ final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData) {
+ for (IAttributeBuilder b : builders) {
+ try {
+ Pair<String, JsonPrimitive> attribute = b.build(authSession, oaParam, authData, generator);
+ if (attribute != null && !StringUtils.isEmpty(attribute.getSecond().getAsString())) {
+ jsonObject.add(attribute.getFirst(), attribute.getSecond());
+ }
+ }
+ catch (AttributeException e) {
+ Logger.info("Cannot add attribute " + b.getName());
+ }
+ }
+ }
+ public static void addScopeOpenId(final JsonObject jsonObject, final AuthenticationSession authSession,
+ final OAAuthParameter oaParam, final AuthenticationData authData) {
+ addAttibutes(buildersOpenId, jsonObject, authSession, oaParam, authData);
+ }
+ public static void addScopeProfile(final JsonObject jsonObject, final AuthenticationSession authSession,
+ final OAAuthParameter oaParam, final AuthenticationData authData) {
+ addAttibutes(buildersProfile, jsonObject, authSession, oaParam, authData);
+ }
+ public static void addScopeEID(final JsonObject jsonObject, final AuthenticationSession authSession,
+ final OAAuthParameter oaParam, final AuthenticationData authData) {
+ addAttibutes(buildersEID, jsonObject, authSession, oaParam, authData);
+ }
+ public static void addScopeEIDGov(final JsonObject jsonObject, final AuthenticationSession authSession,
+ final OAAuthParameter oaParam, final AuthenticationData authData) {
+ addAttibutes(buildersEIDGov, jsonObject, authSession, oaParam, authData);
+ }
+ public static void addScopeMandate(final JsonObject jsonObject, final AuthenticationSession authSession,
+ final OAAuthParameter oaParam, final AuthenticationData authData) {
+ addAttibutes(buildersMandate, jsonObject, authSession, oaParam, authData);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
new file mode 100644
index 000000000..da1980896
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java
@@ -0,0 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder {
+ public String getName() {
+ return "auth_time";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildLongAttribute(this.getName(), "", ((long) (authData.getTimestamp().getTime() / 1000)));
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
new file mode 100644
index 000000000..e7a85705a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java
@@ -0,0 +1,51 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import java.util.Date;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class OpenIdExpirationTimeAttribute implements IAttributeBuilder {
+ public static final int expirationTime = 5 * 60; // in seconds
+ public String getName() {
+ return "exp";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime));
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
new file mode 100644
index 000000000..a75dfd029
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java
@@ -0,0 +1,49 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import java.util.Date;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class OpenIdIssueInstantAttribute implements IAttributeBuilder {
+ public String getName() {
+ return "iat";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000));
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
new file mode 100644
index 000000000..d21f1a5bb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java
@@ -0,0 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class OpenIdIssuerAttribute implements IAttributeBuilder {
+ public String getName() {
+ return "iss";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getIssuer());
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
new file mode 100644
index 000000000..bc48ce915
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java
@@ -0,0 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder {
+ public String getName() {
+ return "sub";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getBPK());
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
new file mode 100644
index 000000000..a92b0c12d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java
@@ -0,0 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class ProfileDateOfBirthAttribute implements IAttributeBuilder {
+ public String getName() {
+ return "birthdate";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getDateOfBirth());
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
new file mode 100644
index 000000000..5ce22a6c6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java
@@ -0,0 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class ProfileFamilyNameAttribute implements IAttributeBuilder {
+ public String getName() {
+ return "family_name";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getFamilyName());
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
new file mode 100644
index 000000000..047bfa9a9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java
@@ -0,0 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class ProfileGivenNameAttribute implements IAttributeBuilder {
+ public String getName() {
+ return "given_name";
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", authData.getGivenName());
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java
new file mode 100644
index 000000000..25a30bfcf
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20AccessDeniedException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20AccessDeniedException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20AccessDeniedException() {
+ super(OAuth20Constants.ERROR_ACCESS_DENIED, "oauth20.05", new Object[] {});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java
new file mode 100644
index 000000000..a938d1544
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20CertificateErrorException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20CertificateErrorException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20CertificateErrorException(final String name) {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.09", new Object[] { name });
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
new file mode 100644
index 000000000..307615fbd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20Exception.java
@@ -0,0 +1,71 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
+public class OAuth20Exception extends RuntimeException {
+ private static final long serialVersionUID = 1L;
+ private String messageId;
+ private String errorCode;
+ public OAuth20Exception(final String errorCode, final String messageId, final Object[] parameters) {
+ super(MOAIDMessageProvider.getInstance().getMessage(messageId, parameters));
+ this.errorCode = errorCode;
+ this.messageId = messageId;
+ }
+ /**
+ * @return the messageId
+ */
+ public String getMessageId() {
+ return messageId;
+ }
+ /**
+ * @param messageId
+ * the messageId to set
+ */
+ public void setMessageId(String messageId) {
+ this.messageId = messageId;
+ }
+ /**
+ * @return the errorCode
+ */
+ public String getErrorCode() {
+ return errorCode;
+ }
+ /**
+ * @param errorCode
+ * the errorCode to set
+ */
+ public void setErrorCode(String errorCode) {
+ this.errorCode = errorCode;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java
new file mode 100644
index 000000000..9c2875cef
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidClientException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20InvalidClientException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20InvalidClientException() {
+ super(OAuth20Constants.ERROR_INVALID_CLIENT, "oauth20.05", new Object[] {});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java
new file mode 100644
index 000000000..c0f03c735
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidGrantException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20InvalidGrantException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20InvalidGrantException() {
+ super(OAuth20Constants.ERROR_INVALID_GRANT, "oauth20.07", new Object[] {});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java
new file mode 100644
index 000000000..b980840c2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20InvalidRequestException.java
@@ -0,0 +1,35 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20InvalidRequestException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20InvalidRequestException() {
+ super(OAuth20Constants.ERROR_INVALID_REQUEST, "oauth20.04", new Object[] {});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java
new file mode 100644
index 000000000..8de854821
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ResponseTypeException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20ResponseTypeException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20ResponseTypeException() {
+ super(OAuth20Constants.ERROR_UNSUPPORTED_RESPONSE_TYPE, "oauth20.03", new Object[] {});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
new file mode 100644
index 000000000..d560e46f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20ServerErrorException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20ServerErrorException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20ServerErrorException() {
+ super(OAuth20Constants.ERROR_SERVER_ERROR, "oauth20.06", new Object[] {});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java
new file mode 100644
index 000000000..ee7b4d7d6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20UnauthorizedClientException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20UnauthorizedClientException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20UnauthorizedClientException() {
+ super(OAuth20Constants.ERROR_UNAUTHORIZED_CLIENT, "oauth20.08", new Object[] {});
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java
new file mode 100644
index 000000000..48267d88c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/exceptions/OAuth20WrongParameterException.java
@@ -0,0 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.exceptions;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+public class OAuth20WrongParameterException extends OAuth20Exception {
+ private static final long serialVersionUID = 1L;
+ public OAuth20WrongParameterException(final String name) {
+ super(OAuth20Constants.ERROR_INVALID_REQUEST, "oauth20.02", new Object[] { name });
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java
new file mode 100644
index 000000000..50e57bdc1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Signer.java
@@ -0,0 +1,121 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2010 Google Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
+ * in compliance with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the License
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the License for the specific language governing permissions and limitations under
+ * the License.
+ *
+ */
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PrivateKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import net.oauth.jsontoken.crypto.AbstractSigner;
+import net.oauth.jsontoken.crypto.RsaSHA256Signer;
+import net.oauth.jsontoken.crypto.SignatureAlgorithm;
+ * Signer that can sign byte arrays using a {@link PrivateKey} and SHA-256. <br/>
+ * This is something like a copy of the {@link RsaSHA256Signer}.
+ *
+ */
+public class OAuth20SHA256Signer extends AbstractSigner implements OAuthSigner {
+ private final Signature signature;
+ private final PrivateKey signingKey;
+ private final OAuthSignatureAlgorithm algorithm;
+ /**
+ * Public constructor.
+ *
+ * @param issuer
+ * The id of this signer, to be included in the JSON Token's envelope.
+ * @param keyId
+ * The id of the key used by this signer, to be included in the JSON Token's
+ * envelope.
+ * @param key
+ * the private key to be used for signing.
+ * @throws InvalidKeyException
+ * if the key is unsuitable for RSA signing.
+ */
+ public OAuth20SHA256Signer(final String issuer, final String keyId, final PrivateKey key) throws InvalidKeyException {
+ super(issuer, keyId);
+ this.signingKey = key;
+ this.algorithm = OAuth20SignatureUtil.findSignature(key);
+ try {
+ this.signature = this.algorithm.getSignatureInstance();
+ this.signature.initSign(signingKey);
+ }
+ catch (NoSuchAlgorithmException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ catch (NoSuchProviderException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ }
+ /*
+ * (non-Javadoc)
+ * @see net.oauth.jsontoken.crypto.Signer#getSignatureAlgorithm()
+ */
+ public SignatureAlgorithm getSignatureAlgorithm() {
+ // it is fine to return RS256 because we overwrite the JsonToken for the algorithm name. But
+ // we need the internal SHA256 which is used.
+ return SignatureAlgorithm.RS256;
+ }
+ /*
+ * (non-Javadoc)
+ * @see net.oauth.jsontoken.crypto.Signer#sign(byte[])
+ */
+ public byte[] sign(byte[] source) throws SignatureException {
+ try {
+ signature.initSign(signingKey);
+ }
+ catch (InvalidKeyException e) {
+ throw new RuntimeException("key somehow became invalid since calling the constructor");
+ }
+ signature.update(source);
+ return signature.sign();
+ }
+ public OAuthSignatureAlgorithm getOAuthSignatureAlgorithm() {
+ return this.algorithm;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java
new file mode 100644
index 000000000..374320a5a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SHA256Verifier.java
@@ -0,0 +1,84 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import net.oauth.jsontoken.crypto.RsaSHA256Verifier;
+import net.oauth.jsontoken.crypto.Verifier;
+ * A verifier that can verify signatures on byte arrays using a {@link PublicKey} and SHA-256. <br/>
+ * This is something like a copy of the {@link RsaSHA256Verifier}.
+ */
+public class OAuth20SHA256Verifier implements Verifier {
+ private final PublicKey verificationKey;
+ private final Signature signer;
+ /**
+ * Public Constructor.
+ *
+ * @param verificationKey
+ * the key used to verify the signature.
+ */
+ public OAuth20SHA256Verifier(final PublicKey verificationKey) {
+ this.verificationKey = verificationKey;
+ try {
+ this.signer = OAuth20SignatureUtil.findSignature(verificationKey).getSignatureInstance();
+ this.signer.initVerify(verificationKey);
+ }
+ catch (InvalidKeyException e) {
+ throw new IllegalStateException("key is invalid", e);
+ }
+ catch (NoSuchAlgorithmException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ catch (NoSuchProviderException e) {
+ throw new IllegalStateException("Cannot get algorithm for the given private key", e);
+ }
+ }
+ /*
+ * (non-Javadoc)
+ * @see net.oauth.jsontoken.crypto.Verifier#verifySignature(byte[], byte[])
+ */
+ public void verifySignature(byte[] source, byte[] signature) throws SignatureException {
+ try {
+ signer.initVerify(verificationKey);
+ }
+ catch (InvalidKeyException e) {
+ throw new RuntimeException("key someone become invalid since calling the constructor");
+ }
+ signer.update(source);
+ if (!signer.verify(signature)) {
+ throw new SignatureException("signature did not verify");
+ }
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
new file mode 100644
index 000000000..9f20ee956
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java
@@ -0,0 +1,116 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.interfaces.RSAPublicKey;
+import org.apache.commons.lang.StringUtils;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+public final class OAuth20SignatureUtil {
+ private OAuth20SignatureUtil() {
+ throw new InstantiationError();
+ }
+ static OAuthSignatureAlgorithm findSignature(final PrivateKey key) {
+ Logger.debug("OAuth - Looking for signature for key " + key.getClass());
+ if (key instanceof RSAPrivateKey) {
+ Logger.debug("OAuth - going to uses SHA256withRSA signature");
+ return OAuthSignatureAlgorithm.RS256;
+ } else if (key instanceof ECPrivateKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature");
+ return OAuthSignatureAlgorithm.ECDSA256;
+ } else if (key instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
+ return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
+ } else {
+ throw new IllegalStateException("Cannot find an alorithm for the given private key");
+ }
+ }
+ static OAuthSignatureAlgorithm findSignature(final PublicKey key) {
+ if (key instanceof RSAPublicKey) {
+ Logger.debug("OAuth - going to uses SHA256withRSA signature");
+ return OAuthSignatureAlgorithm.RS256;
+ } else if (key instanceof ECPublicKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature");
+ return OAuthSignatureAlgorithm.ECDSA256;
+ } else if (key instanceof iaik.security.ecc.ecdsa.ECPublicKey) {
+ Logger.debug("OAuth - going to uses SHA256withECDSA signature with iaik");
+ return OAuthSignatureAlgorithm.ECDSA256_IAKIK;
+ } else {
+ throw new IllegalStateException("Cannot find an alorithm for the given private key");
+ }
+ }
+ public static OAuthSigner loadSigner(String issuer) throws OAuth20Exception {
+ OAuth20Configuration globalConfig = OAuth20Configuration.getInstance();
+ if (StringUtils.isEmpty(globalConfig.getJWTKeyStore())) {
+ throw new OAuth20CertificateErrorException("keystore");
+ }
+ if (StringUtils.isEmpty(globalConfig.getJWTKeyName())) {
+ throw new OAuth20CertificateErrorException("key name");
+ }
+ try {
+ KeyStore ks = KeyStoreUtils.loadKeyStore(globalConfig.getJWTKeyStore(), globalConfig.getJWTKeyStorePassword());
+ X509Certificate certificate = (X509Certificate) ks.getCertificate(globalConfig.getJWTKeyName());
+ PrivateKey privateKey = (PrivateKey) ks.getKey(globalConfig.getJWTKeyName(), globalConfig.getJWTKeyPassword()
+ .toCharArray());
+ BasicX509Credential credential = new BasicX509Credential();
+ credential.setEntityCertificate(certificate);
+ credential.setPrivateKey(privateKey);
+ // Logger.debug("Going to use X509Certificate:");
+ // Logger.debug(certificate);
+ // Logger.debug("Going to use private key:");
+ // Logger.debug(privateKey);
+ return new OAuth20SHA256Signer(issuer, globalConfig.getJWTKeyName(), credential.getPrivateKey());
+ }
+ catch (Exception e) {
+ Logger.error(e.getMessage(), e);
+ throw new OAuth20CertificateErrorException("keystore");
+ }
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java
new file mode 100644
index 000000000..af17825fd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthJsonToken.java
@@ -0,0 +1,49 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+import net.oauth.jsontoken.JsonToken;
+import com.google.gson.JsonObject;
+public class OAuthJsonToken extends JsonToken {
+ private final OAuthSigner signer;
+ public OAuthJsonToken(OAuthSigner signer) {
+ super(signer);
+ this.signer = signer;
+ }
+ @Override
+ public JsonObject getHeader() {
+ JsonObject header = new JsonObject();
+ header.addProperty(ALGORITHM_HEADER, signer.getOAuthSignatureAlgorithm().getAlgorithm());
+ String keyId = getKeyId();
+ if (keyId != null) {
+ header.addProperty(KEY_ID_HEADER, keyId);
+ }
+ return header;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java
new file mode 100644
index 000000000..473efc10a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSignatureAlgorithm.java
@@ -0,0 +1,84 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.Signature;
+import org.apache.commons.lang.StringUtils;
+ * Enum of the signature algorithms supported by this package.
+ */
+public enum OAuthSignatureAlgorithm {
+ ECDSA256("SHA256withECDSA", "ECDSA256", null), RS256("SHA256withRSA", "RS256", null), ECDSA256_IAKIK("SHA1withECDSA", "ECDSA256",
+ "IAIK_ECC");
+ private final String signatureName;
+ private final String algorithm;
+ private final String providerName;
+ private OAuthSignatureAlgorithm(final String signatureName, final String hashAlg, final String providerName) {
+ this.signatureName = signatureName;
+ this.algorithm = hashAlg;
+ this.providerName = providerName;
+ }
+ /**
+ * What the signature algorithm is named in the "alg" parameter in a JSON Token's envelope.
+ */
+ public String getAlgorithm() {
+ return this.algorithm;
+ }
+ /**
+ *
+ * @return the signature name like SHA256withECDSA or SHA256withRSA
+ */
+ public String getSignatureName() {
+ return this.signatureName;
+ }
+ /**
+ * Calls {@link Signature#getInstance(String)} with the defined signature name
+ *
+ * @return
+ * @throws NoSuchAlgorithmException
+ * @throws NoSuchProviderException
+ */
+ public Signature getSignatureInstance() throws NoSuchAlgorithmException, NoSuchProviderException {
+ if (!StringUtils.isEmpty(this.providerName)) {
+ return Signature.getInstance(this.signatureName, this.providerName);
+ } else {
+ return Signature.getInstance(this.signatureName);
+ }
+ }
+ /**
+ * Given the name of the algorithm in the envelope, returns the corresponding enum instance.
+ */
+ public static OAuthSignatureAlgorithm getFromJsonName(String name) {
+ return OAuthSignatureAlgorithm.valueOf(name);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java
new file mode 100644
index 000000000..3904f8cef
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuthSigner.java
@@ -0,0 +1,29 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.json;
+import net.oauth.jsontoken.crypto.Signer;
+public interface OAuthSigner extends Signer {
+ public abstract OAuthSignatureAlgorithm getOAuthSignatureAlgorithm();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
new file mode 100644
index 000000000..9eefa5bf3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java
@@ -0,0 +1,206 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.security.SignatureException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.Pair;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OpenIdExpirationTimeAttribute;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil;
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken;
+import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+class OAuth20AuthAction implements IAction {
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ AuthenticationSession moasession) throws MOAIDException {
+ OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req;
+ String responseType = oAuthRequest.getResponseType();
+ String code = Random.nextRandom();
+ try {
+ String accessToken = UUID.randomUUID().toString();
+ Logger.debug("Stored session with id: " + code);
+ OAuth20SessionObject o = new OAuth20SessionObject();
+ if (responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
+ o.setScope(oAuthRequest.getScope());
+ o.setCode(code);
+ //generate idToken from MOASession
+ Map<String, Object> idToken = generateIDToken(o, oAuthRequest, moasession, accessToken);
+ o.setAuthDataSession(idToken);
+ } else if (responseType.equals(OAuth20Constants.RESPONSE_TOKEN)) {
+ throw new OAuth20ResponseTypeException();
+ }
+ // store data in oath session
+ AssertionStorage.getInstance().put(code, o);
+ Logger.debug("Saved OAuth20SessionObject in session with id: " + code);
+ // add code and state to redirect url
+ httpResp.setStatus(HttpServletResponse.SC_FOUND);
+ String redirectURI = oAuthRequest.getRedirectUri();
+ String state = oAuthRequest.getState();
+ redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.RESPONSE_CODE, code);
+ redirectURI = this.addURLParameter(redirectURI, OAuth20Constants.PARAM_STATE, state);
+ String finalUrl = redirectURI;
+ httpResp.addHeader("Location", finalUrl);
+ Logger.debug("REDIRECT TO: " + finalUrl.toString());
+ return accessToken;
+ }
+ catch (Exception e) {
+ //remove OAuthSessionObject if it already exists
+ if (AssertionStorage.getInstance().containsKey(code)) {
+ AssertionStorage.getInstance().remove(code);
+ }
+ if (e instanceof OAuth20Exception) {
+ throw (OAuth20Exception) e;
+ }
+ throw new OAuth20ServerErrorException();
+ }
+ }
+ private Map<String, Object> generateIDToken(OAuth20SessionObject auth20SessionObject,
+ OAuth20AuthRequest oAuthRequest, AuthenticationSession moasession, String accessToken) throws SignatureException, MOAIDException {
+ // create response
+ Map<String, Object> params = new HashMap<String, Object>();
+ params.put(OAuth20Constants.RESPONSE_ACCESS_TOKEN, accessToken);
+ params.put(OAuth20Constants.RESPONSE_TOKEN_TYPE, OAuth20Constants.RESPONSE_TOKEN_TYPE_VALUE_BEARER);
+ params.put(OAuth20Constants.RESPONSE_EXPIRES_IN, OpenIdExpirationTimeAttribute.expirationTime);
+ // build id token and scope
+ Pair<String, String> pair = buildIdToken(auth20SessionObject.getScope(), oAuthRequest,
+ moasession);
+ Logger.debug("RESPONSE ID_TOKEN: " + pair.getFirst());
+ params.put(OAuth20Constants.RESPONSE_ID_TOKEN, pair.getFirst());
+ Logger.debug("RESPONSE SCOPE: " + pair.getSecond());
+ params.put(OAuth20Constants.PARAM_SCOPE, pair.getSecond());
+ return params;
+ }
+ private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, AuthenticationSession session)
+ throws MOAIDException, SignatureException {
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oAuthRequest.getOAURL());
+ AuthenticationData authData = AuthenticationServer.buildAuthenticationData(session, oaParam, oAuthRequest.getTarget());
+ OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer());
+ OAuthJsonToken token = new OAuthJsonToken(signer);
+ StringBuilder resultScopes = new StringBuilder();
+ // always fill with open id
+ OAuth20AttributeBuilder.addScopeOpenId(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ resultScopes.append("openId");
+ for (String s : scope.split(" ")) {
+ if (s.equalsIgnoreCase("profile")) {
+ OAuth20AttributeBuilder.addScopeProfile(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ resultScopes.append(" profile");
+ } else if (s.equalsIgnoreCase("eID")) {
+ OAuth20AttributeBuilder.addScopeEID(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ resultScopes.append(" eID");
+ } else if (s.equalsIgnoreCase("eID_gov")) {
+ OAuth20AttributeBuilder.addScopeEIDGov(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ resultScopes.append(" eID_gov");
+ } else if (s.equalsIgnoreCase("mandate")) {
+ OAuth20AttributeBuilder.addScopeMandate(token.getPayloadAsJsonObject(), session, oaParam, authData);
+ resultScopes.append(" mandate");
+ }
+ // TODO parser STORK
+ }
+ // add properties and sign
+ // HmacSHA256Signer signer = new HmacSHA256Signer("testSigner", "key_id",
+ // "super_secure_pwd".getBytes());
+ // Signer signer = OAuth20Util.loadSigner(authData.getIssuer(), oaParam.getoAuth20Config());
+ return Pair.newInstance(token.serializeAndSign(), resultScopes.toString());
+ }
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
+ * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return true;
+ }
+ private String addURLParameter(String url, String name, String value) {
+ String param = name + "=" + value;
+ if (url.indexOf("?") < 0) {
+ return url + "?" + param;
+ } else {
+ return url + "&" + param;
+ }
+ }
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ public String getDefaultActionName() {
+ return OAuth20Protocol.AUTH_ACTION;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
new file mode 100644
index 000000000..dc3335631
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -0,0 +1,156 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import javax.servlet.http.HttpServletRequest;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+class OAuth20AuthRequest extends OAuth20BaseRequest {
+ private static final long serialVersionUID = 1L;
+ private String responseType;
+ private String state;
+ private String redirectUri;
+ private String scope;
+ private String clientID;
+ /**
+ * @return the responseType
+ */
+ public String getResponseType() {
+ return responseType;
+ }
+ /**
+ * @param responseType
+ * the responseType to set
+ */
+ public void setResponseType(String responseType) {
+ this.responseType = responseType;
+ }
+ /**
+ * @return the state
+ */
+ public String getState() {
+ return state;
+ }
+ /**
+ * @param state
+ * the state to set
+ */
+ public void setState(String state) {
+ this.state = state;
+ }
+ /**
+ * @return the redirectUri
+ */
+ public String getRedirectUri() {
+ return redirectUri;
+ }
+ /**
+ * @param redirectUri
+ * the redirectUri to set
+ */
+ public void setRedirectUri(String redirectUri) {
+ this.redirectUri = redirectUri;
+ }
+ /**
+ * @return the scope
+ */
+ public String getScope() {
+ return scope;
+ }
+ /**
+ * @param scope
+ * the scope to set
+ */
+ public void setScope(String scope) {
+ this.scope = scope;
+ }
+ /**
+ * @return the clientID
+ */
+ public String getClientID() {
+ return clientID;
+ }
+ /**
+ * @param clientID
+ * the clientID to set
+ */
+ public void setClientID(String clientID) {
+ this.clientID = clientID;
+ }
+ @Override
+ protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+ this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
+ this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
+ this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
+ this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+ this.setScope(this.getParam(request, OAuth20Constants.PARAM_SCOPE, false));
+ // check for response type
+ if (!this.responseType.equals(OAuth20Constants.RESPONSE_CODE)) {
+ throw new OAuth20ResponseTypeException();
+ }
+ // check state for invalid characters (like < > & ; ... javascript ... to prevent xss)
+ if (!OAuth20Util.isValidStateValue(this.getState())) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_STATE);
+ }
+ // check if client id and redirect uri are ok
+ try {
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL())
+ .getoAuth20Config();
+ if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())
+ || !this.getRedirectUri().equals(oAuthConfig.getOAuthRedirectUri())) {
+ throw new OAuth20AccessDeniedException();
+ }
+ }
+ catch (ConfigurationException e) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
new file mode 100644
index 000000000..d0b43d25a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -0,0 +1,143 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.Set;
+import javax.servlet.http.HttpServletRequest;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.commons.lang.StringUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidRequestException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
+import at.gv.egovernment.moa.logging.Logger;
+abstract class OAuth20BaseRequest extends RequestImpl {
+ private static final long serialVersionUID = 1L;
+ protected Set<String> allowedParameters = new HashSet<String>();
+ protected OAuth20BaseRequest() {
+ }
+ protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
+ String param = request.getParameter(name);
+ Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
+ if (isNeeded && StringUtils.isEmpty(param)) {
+ throw new OAuth20WrongParameterException(name);
+ }
+ this.allowedParameters.add(name);
+ return param;
+ }
+ protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+ // moa id - load oa with client id!
+ try {
+ String oaURL = StringEscapeUtils.escapeHtml(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+ if (!ParamValidatorUtils.isValidOA(oaURL)) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ this.setOAURL(oaURL);
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(oaURL);
+ if (oaParam == null) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ this.setTarget(oaParam.getTarget());
+ OAOAUTH20 config = oaParam.getoAuth20Config();
+ if (config == null) {
+ throw new OAuth20InvalidRequestException();
+ }
+ if (StringUtils.isEmpty(config.getOAuthClientSecret()) || StringUtils.isEmpty(config.getOAuthClientId())
+ || StringUtils.isEmpty(config.getOAuthRedirectUri())) {
+ throw new OAuth20ServerErrorException();
+ }
+ }
+ catch (ConfigurationException e) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ // oAuth
+ this.populateSpecialParameters(request);
+ // cleanup parameters
+ this.checkAllowedParameters(request);
+ }
+ private void checkAllowedParameters(final HttpServletRequest request) {
+ Logger.debug("Going to check for allowed parameters");
+ this.allowedParameters.add(OAuth20Constants.PARAM_MOA_ACTION);
+ this.allowedParameters.add(OAuth20Constants.PARAM_MOA_MOD);
+ @SuppressWarnings("rawtypes")
+ Iterator iter = request.getParameterMap().keySet().iterator();
+ while (iter.hasNext()) {
+ String name = (String) iter.next();
+ if (!this.allowedParameters.contains(name)) {
+ Logger.debug("Found wrong parameter: " + name);
+ throw new OAuth20WrongParameterException(name);
+ }
+ }
+ }
+ protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+ public static OAuth20BaseRequest newInstance(final String action, final HttpServletRequest request) throws OAuth20Exception {
+ OAuth20BaseRequest res;
+ if (action.equals(OAuth20Protocol.AUTH_ACTION)) {
+ res = new OAuth20AuthRequest();
+ } else if (action.equals(OAuth20Protocol.TOKEN_ACTION)) {
+ res = new OAuth20TokenRequest();
+ } else {
+ throw new OAuth20InvalidRequestException();
+ }
+ res.setAction(action);
+ res.setModule(OAuth20Protocol.NAME);
+ res.populateParameters(request);
+ return res;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
new file mode 100644
index 000000000..1fb67a0b2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -0,0 +1,189 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.Map;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang.StringUtils;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IModulInfo;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.logging.Logger;
+import com.google.gson.JsonObject;
+public class OAuth20Protocol implements IModulInfo {
+ public static final String NAME = OAuth20Protocol.class.getName();
+ public static final String PATH = "id_oauth20";
+ public static final String AUTH_ACTION = "AUTH";
+ public static final String TOKEN_ACTION = "TOKEN";
+ private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
+ static {
+ actions.put(AUTH_ACTION, new OAuth20AuthAction());
+ actions.put(TOKEN_ACTION, new OAuth20TokenAction());
+ }
+ public String getName() {
+ return NAME;
+ }
+ public String getPath() {
+ return PATH;
+ }
+ public IAction getAction(String action) {
+ return actions.get(action);
+ }
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#preProcess(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse, java.lang.String)
+ */
+ public IRequest preProcess(HttpServletRequest request, HttpServletResponse resp, String action) throws MOAIDException {
+ // validation is done inside creation
+ OAuth20BaseRequest res = OAuth20BaseRequest.newInstance(action, request);
+ Logger.debug("Created: " + res);
+ return res;
+ }
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#canHandleRequest(javax.servlet.http.HttpServletRequest
+ * , javax.servlet.http.HttpServletResponse)
+ */
+ public IAction canHandleRequest(HttpServletRequest request, HttpServletResponse response) {
+ if (request.getParameter("action").equals(AUTH_ACTION)) {
+ return getAction(AUTH_ACTION);
+ } else if (request.getParameter("action").equals(TOKEN_ACTION)) {
+ return getAction(TOKEN_ACTION);
+ }
+ return null;// getAction(AUTH_ACTION);
+ }
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IModulInfo#generateErrorMessage(java.lang.Throwable,
+ * javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+ * at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ public boolean generateErrorMessage(Throwable e, HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest)
+ throws Throwable {
+ StringBuilder url = new StringBuilder();
+ String paramRedirect = request.getParameter(OAuth20Constants.PARAM_REDIRECT_URI);
+ if (e instanceof OAuth20Exception) {
+ String action = request.getParameter("action");
+ Logger.debug("Going to throw O OAuth20Exception for action: " + action);
+ OAuth20Exception oAuth20Exception = ((OAuth20Exception) e);
+ String errorCode = oAuth20Exception.getErrorCode();
+ String errorDescription = oAuth20Exception.getMessage();
+ // String errorUri = "http://tools.ietf.org/html/draft-ietf-oauth-v2-11";
+ if (action.equals(AUTH_ACTION)) {
+ // check if given redirect url is ok
+ if (StringUtils.isNotEmpty(paramRedirect) && OAuth20Util.isUrl(paramRedirect)) {
+ url.append(paramRedirect);
+ // otherwise throw an
+ } else {
+ throw new MOAIDException("oauth20.01", new Object[] {});
+ }
+ String state = request.getParameter(OAuth20Constants.PARAM_STATE);
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR, errorCode);
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_DESCRIPTION,
+ URLEncoder.encode(oAuth20Exception.getMessageId() + ": " + errorDescription, "UTF-8"));
+ // OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ OAuth20Util.addParameterToURL(url, OAuth20Constants.PARAM_STATE, state);
+ response.setContentType("text/html");
+ response.setStatus(HttpServletResponse.SC_FOUND);
+ response.addHeader("Location", url.toString());
+ Logger.debug("REDIRECT TO: " + url.toString());
+ return true;
+ } else if (action.equals(TOKEN_ACTION)) {
+ Map<String, Object> params = new HashMap<String, Object>();
+ params.put(OAuth20Constants.PARAM_ERROR, errorCode);
+ params.put(OAuth20Constants.PARAM_ERROR_DESCRIPTION,
+ URLEncoder.encode(oAuth20Exception.getMessageId() + ": " + errorDescription, "UTF-8"));
+ // params.put(OAuth20Constants.PARAM_ERROR_URI, errorUri);
+ // create response
+ JsonObject jsonObject = new JsonObject();
+ OAuth20Util.addProperytiesToJsonObject(jsonObject, params);
+ String jsonResponse = jsonObject.toString();
+ Logger.debug("JSON Response: " + jsonResponse);
+ // write respone to http response
+ response.setContentType("application/json");
+ response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+ response.getOutputStream().print(jsonResponse);
+ response.getOutputStream().close();
+ return true;
+ }
+ }
+ return false;
+ }
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IModulInfo#validate(javax.servlet.http.HttpServletRequest,
+ * javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.moduls.IRequest)
+ */
+ public boolean validate(HttpServletRequest request, HttpServletResponse response, IRequest pending) {
+ // we validate in the preProcess
+ return true;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
new file mode 100644
index 000000000..3f6c148eb
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java
@@ -0,0 +1,119 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IAction;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException;
+import at.gv.egovernment.moa.id.storage.AssertionStorage;
+import at.gv.egovernment.moa.logging.Logger;
+import com.google.gson.JsonObject;
+class OAuth20TokenAction implements IAction {
+ public String processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp,
+ AuthenticationSession moasession) throws MOAIDException {
+ OAuth20SessionObject auth20SessionObject = null;
+ try {
+ OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req;
+ try {
+ Logger.debug("Loaded OAuth20SessionObject from session: " + oAuthRequest.getCode());
+ auth20SessionObject =
+ AssertionStorage.getInstance().get(oAuthRequest.getCode(), OAuth20SessionObject.class);
+ } catch (MOADatabaseException e) {
+ throw new OAuth20UnauthorizedClientException();
+ }
+ // do checking for different grant types and code
+ if (auth20SessionObject == null || !auth20SessionObject.getCode().equals(oAuthRequest.getCode())) {
+ throw new OAuth20UnauthorizedClientException();
+ } else {
+ Logger.debug("Loaded of OAuth20SessionObject was successful");
+ }
+ // create response
+ JsonObject jsonObject = new JsonObject();
+ OAuth20Util.addProperytiesToJsonObject(jsonObject, auth20SessionObject.getAuthDataSession());
+ String jsonResponse = jsonObject.toString();
+ Logger.debug("JSON Response: " + jsonResponse);
+ // write respone to http response
+ httpResp.setContentType("application/json");
+ httpResp.setStatus(HttpServletResponse.SC_OK);
+ httpResp.getOutputStream().print(jsonResponse);
+ httpResp.getOutputStream().close();
+ return null;
+ }
+ catch (Exception e) {
+ Logger.error(e.getMessage(), e);
+ throw new OAuth20ServerErrorException();
+ }
+ finally {
+ if (auth20SessionObject != null) {
+ // destroy session for clean up
+ Logger.debug("Going to destroy session: " + auth20SessionObject.getCode());
+ AssertionStorage.getInstance().remove(auth20SessionObject.getCode());
+ }
+ }
+ }
+ /*
+ * (non-Javadoc)
+ * @see
+ * at.gv.egovernment.moa.id.moduls.IAction#needAuthentication(at.gv.egovernment.moa.id.moduls
+ * .IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+ */
+ public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
+ return false;
+ }
+ /*
+ * (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.moduls.IAction#getDefaultActionName()
+ */
+ public String getDefaultActionName() {
+ return OAuth20Protocol.TOKEN_ACTION;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
new file mode 100644
index 000000000..0f1ba23b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -0,0 +1,140 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.protocol;
+import javax.servlet.http.HttpServletRequest;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OAOAUTH20;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20InvalidGrantException;
+import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException;
+class OAuth20TokenRequest extends OAuth20BaseRequest {
+ private static final long serialVersionUID = 1L;
+ private String code;
+ private String grantType;
+ private String clientID;
+ private String clientSecret;
+ /**
+ * @return the code
+ */
+ public String getCode() {
+ return code;
+ }
+ /**
+ * @param code
+ * the code to set
+ */
+ public void setCode(String code) {
+ this.code = code;
+ }
+ /**
+ * @return the grantType
+ */
+ public String getGrantType() {
+ return grantType;
+ }
+ /**
+ * @param grantType
+ * the grantType to set
+ */
+ public void setGrantType(String grantType) {
+ this.grantType = grantType;
+ }
+ /**
+ * @return the clientID
+ */
+ public String getClientID() {
+ return clientID;
+ }
+ /**
+ * @param clientID
+ * the clientID to set
+ */
+ public void setClientID(String clientID) {
+ this.clientID = clientID;
+ }
+ /**
+ * @return the clientSecret
+ */
+ public String getClientSecret() {
+ return clientSecret;
+ }
+ /**
+ * @param clientSecret
+ * the clientSecret to set
+ */
+ public void setClientSecret(String clientSecret) {
+ this.clientSecret = clientSecret;
+ }
+ @Override
+ protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+ this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
+ this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
+ this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
+ this.setClientSecret(this.getParam(request, OAuth20Constants.PARAM_CLIENT_SECRET, true));
+ // check for grant type
+ if (!this.getGrantType().equals(OAuth20Constants.PARAM_GRANT_TYPE_VALUE_AUTHORIZATION_CODE)) {
+ throw new OAuth20InvalidGrantException();
+ }
+ // check if client id and secret are ok
+ try {
+ // OAOAUTH20 cannot be null at this point. check was done in base request
+ OAOAUTH20 oAuthConfig = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(this.getOAURL())
+ .getoAuth20Config();
+ if (!this.getClientID().equals(oAuthConfig.getOAuthClientId())) {
+ throw new OAuth20AccessDeniedException();
+ }
+ if (!this.getClientSecret().equals(oAuthConfig.getOAuthClientSecret())) {
+ throw new OAuth20AccessDeniedException();
+ }
+ }
+ catch (ConfigurationException e) {
+ throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID);
+ }
+ //add valid parameters
+ this.allowedParameters.add(OAuth20Constants.PARAM_SCOPE);
+ this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
index 59a5158bd..f0d503d88 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/AuthenticationAction.java
@@ -1,22 +1,44 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler.RequestManager;
public class AuthenticationAction implements IAction {
- public void processRequest(IRequest req, HttpServletRequest httpReq,
+ public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
System.out.println("Process PVP2 auth request!");
PVPTargetConfiguration pvpRequest = (PVPTargetConfiguration) req;
- RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
+ return RequestManager.getInstance().handle(pvpRequest.request, httpReq, httpResp, moasession);
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
deleted file mode 100644
index 1e3c6145f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/ExternalPVPSessionStore.java
+++ /dev/null
@@ -1,28 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-import java.util.HashMap;
-import java.util.Map;
-import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.xml.io.MarshallingException;
-public class ExternalPVPSessionStore {
- private Map<String, SPSSODescriptor> externalSessions = new HashMap<String, SPSSODescriptor>();
- public boolean contains(String sessionID) {
- return externalSessions.containsKey(sessionID);
- }
- public void put(String sessionID, SPSSODescriptor sso) throws MarshallingException {
- externalSessions.put(sessionID, sso);
- }
- public SPSSODescriptor get(String sessionID) {
- return externalSessions.get(sessionID);
- }
- public void remove(String sessionID) {
- externalSessions.remove(sessionID);
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index 3d0fd80bd..3d4360640 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
import java.io.StringWriter;
@@ -27,13 +49,16 @@ import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
+import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
+import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
+import org.opensaml.xml.signature.impl.KeyInfoBuilder;
import org.w3c.dom.Document;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
@@ -44,7 +69,7 @@ import at.gv.egovernment.moa.logging.Logger;
public class MetadataAction implements IAction {
- public void processRequest(IRequest req, HttpServletRequest httpReq,
+ public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession moasession) throws MOAIDException {
try {
@@ -78,17 +103,15 @@ public class MetadataAction implements IAction {
KeyInfoGenerator keyInfoGenerator = keyInfoFactory.newInstance();
- Credential credential = CredentialProvider
- .getIDPSigningCredential();
- KeyDescriptor signKeyDescriptor = SAML2Utils
- .createSAMLObject(KeyDescriptor.class);
- signKeyDescriptor.setUse(UsageType.SIGNING);
- signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(credential));
+ Credential metadataSigningCredential = CredentialProvider.getIDPMetaDataSigningCredential();
Signature signature = CredentialProvider
- .getIDPSignature(credential);
+ .getIDPSignature(metadataSigningCredential);
+// KeyInfoBuilder metadataKeyInfoBuilder = new KeyInfoBuilder();
+// KeyInfo metadataKeyInfo = metadataKeyInfoBuilder.buildObject();
+// //KeyInfoHelper.addCertificate(metadataKeyInfo, metadataSigningCredential.);
+// signature.setKeyInfo(metadataKeyInfo );
@@ -139,9 +162,17 @@ public class MetadataAction implements IAction {
+ //set assertion signing key
+ Credential assertionSigingCredential = CredentialProvider
+ .getIDPAssertionSigningCredential();
+ KeyDescriptor signKeyDescriptor = SAML2Utils
+ .createSAMLObject(KeyDescriptor.class);
+ signKeyDescriptor.setUse(UsageType.SIGNING);
+ signKeyDescriptor.setKeyInfo(keyInfoGenerator.generate(assertionSigingCredential));
NameIDFormat persistenNameIDFormat = SAML2Utils.createSAMLObject(NameIDFormat.class);
@@ -184,13 +215,15 @@ public class MetadataAction implements IAction {
String metadataXML = sw.toString();
- System.out.println("METADATA: " + metadataXML);
+ //System.out.println("METADATA: " + metadataXML);
+ return null;
} catch (Exception e) {
Logger.error("Failed to generate metadata", e);
throw new MOAIDException("pvp2.13", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
index 6055484f7..82a620f6b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVP2XProtocol.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
import iaik.pkcs.pkcs11.objects.Object;
@@ -11,7 +33,6 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
-import org.opensaml.DefaultBootstrap;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.RequestAbstractType;
@@ -23,23 +44,18 @@ import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
-import org.opensaml.xml.ConfigurationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.moduls.NoPassivAuthenticationException;
-import at.gv.egovernment.moa.id.moduls.ServletInfo;
-import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.MandateAttributesNotHandleAbleException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMetadataInformationException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
@@ -47,8 +63,8 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.CheckMandateAttributes;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityLogAdapter;
+import at.gv.egovernment.moa.logging.Logger;
public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
@@ -60,18 +76,11 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
public static final String SOAP = "Soap";
public static final String METADATA = "Metadata";
- private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
private static List<IDecoder> decoder = new ArrayList<IDecoder>();
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
- servletList.add(new ServletInfo(PVPProcessor.class, REDIRECT,
- ServletType.AUTH));
- servletList.add(new ServletInfo(PVPProcessor.class, POST,
- ServletType.AUTH));
decoder.add(new PostBinding());
decoder.add(new RedirectBinding());
@@ -93,10 +102,6 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
return instance;
- public List<ServletInfo> getServlets() {
- return servletList;
- }
public String getName() {
return NAME;
@@ -141,7 +146,6 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
RequestAbstractType samlReq = moaRequest.getSamlRequest();
//String xml = PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(samlReq));
//Logger.info("SAML : " + xml);
if(!moaRequest.isVerified()) {
@@ -154,6 +158,12 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
throw new MOAIDException("Unsupported request", new Object[] {});
+ EntityDescriptor metadata = moaRequest.getEntityMetadata();
+ if(metadata == null) {
+ throw new NoMetadataInformationException();
+ }
+ SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AuthnRequest authnRequest = (AuthnRequest)samlReq;
Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
@@ -161,6 +171,9 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
if(aIdx != null) {
assertionidx = aIdx.intValue();
+ } else {
+ assertionidx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
aIdx = authnRequest.getAttributeConsumingServiceIndex();
@@ -170,37 +183,31 @@ public class PVP2XProtocol implements IModulInfo, MOAIDAuthConstants {
attributeIdx = aIdx.intValue();
- EntityDescriptor metadata = moaRequest.getEntityMetadata();
- if(metadata == null) {
- throw new NoMetadataInformationException();
- }
- SPSSODescriptor spSSODescriptor = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AssertionConsumerService consumerService = spSSODescriptor.getAssertionConsumerServices().get(assertionidx);
- AttributeConsumingService attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
- //TODO: maybe change to getEntityID()
- //String oaURL = consumerService.getLocation();
+ AttributeConsumingService attributeConsumer = null;
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+ attributeConsumer = spSSODescriptor.getAttributeConsumingServices().get(attributeIdx);
+ }
String oaURL = moaRequest.getEntityMetadata().getEntityID();
String binding = consumerService.getBinding();
- String entityID = moaRequest.getEntityMetadata().getEntityID();
+// String entityID = moaRequest.getEntityMetadata().getEntityID();
+ Logger.info("Dispatch PVP2 Request: OAURL=" + oaURL + " Binding=" + binding);
- //String oaURL = (String) request.getParameter(PARAM_OA);
oaURL = StringEscapeUtils.escapeHtml(oaURL);
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
- //TODO: set correct target;
- config.setTarget(PVPConfiguration.getInstance().getTargetForSP(entityID));
String useMandate = request.getParameter(PARAM_USEMANDATE);
if(useMandate != null) {
- if(useMandate.equals("true")) {
+ if(useMandate.equals("true") && attributeConsumer != null) {
if(!CheckMandateAttributes.canHandleMandate(attributeConsumer)) {
throw new MandateAttributesNotHandleAbleException();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
index 2e2f75b94..5062646b6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPAssertionStorage.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
import org.opensaml.common.SAMLObject;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
index e8b661362..5b4843752 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPConstants.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
public interface PVPConstants {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
index d7079ba5c..7509c51d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
index d842d5fe0..18d757208 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPTargetConfiguration.java
@@ -1,9 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public class PVPTargetConfiguration extends RequestImpl {
+ private static final long serialVersionUID = 4889919265919638188L;
MOARequest request;
String binding;
String consumerURL;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
index 1d51d91f1..a0fba918c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/ArtifactBinding.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
@@ -29,7 +51,6 @@ public class ArtifactBinding implements IDecoder, IEncoder {
public void encodeRequest(HttpServletRequest req, HttpServletResponse resp,
RequestAbstractType request, String targetLocation)
throws MessageEncodingException, SecurityException {
- // TODO Auto-generated method stub
@@ -38,7 +59,7 @@ public class ArtifactBinding implements IDecoder, IEncoder {
throws MessageEncodingException, SecurityException {
try {
Credential credentials = CredentialProvider
- .getIDPSigningCredential();
+ .getIDPAssertionSigningCredential();
Signature signer = CredentialProvider.getIDPSignature(credentials);
@@ -73,25 +94,28 @@ public class ArtifactBinding implements IDecoder, IEncoder {
} catch (CredentialsNotAvailableException e) {
throw new SecurityException(e);
+ } catch (Exception e) {
+ throw new SecurityException(e);
public MOARequest decodeRequest(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
- // TODO Auto-generated method stub
return null;
public MOAResponse decodeRespone(HttpServletRequest req,
HttpServletResponse resp) throws MessageDecodingException,
SecurityException {
- // TODO Auto-generated method stub
return null;
public boolean handleDecode(String action, HttpServletRequest req) {
- // TODO Auto-generated method stub
return false;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
index 0f82d9a3f..b64b28de8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IDecoder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
index 66526534d..8b888e806 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/IEncoder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
index 946f62066..d28c5eeec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOARequest.java
@@ -1,9 +1,36 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
+import java.io.Serializable;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.metadata.EntityDescriptor;
-public class MOARequest {
+public class MOARequest implements Serializable{
+ private static final long serialVersionUID = 2395131650841669663L;
private RequestAbstractType samlRequest;
private EntityDescriptor entityMetadata;
private boolean verified = false;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
index 47f935b0c..3d21d95c4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAResponse.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import org.opensaml.saml2.core.Response;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
index 513939e5d..1d6b227d6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/MOAURICompare.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import org.opensaml.common.binding.decoding.URIComparator;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 85861297c..af29054e1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
@@ -16,7 +38,6 @@ import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
@@ -25,7 +46,6 @@ import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.Credential;
-import at.gv.egovernment.moa.id.auth.stork.VelocityProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
@@ -46,8 +66,10 @@ public class PostBinding implements IDecoder, IEncoder {
try {
Credential credentials = CredentialProvider
- .getIDPSigningCredential();
+ .getIDPAssertionSigningCredential();
+ Logger.debug("create SAML POSTBinding response");
// VelocityEngine engine =
// VelocityProvider.getClassPathVelocityEngine();
VelocityEngine engine = new VelocityEngine();
@@ -70,7 +92,7 @@ public class PostBinding implements IDecoder, IEncoder {
- context.setOutboundSAMLMessageSigningCredential(credentials);
+ context.setOutboundSAMLMessageSigningCredential(credentials);
// context.setOutboundMessage(authReq);
@@ -103,7 +125,7 @@ public class PostBinding implements IDecoder, IEncoder {
RequestAbstractType inboundMessage = (RequestAbstractType) messageContext
MOARequest request = new MOARequest(inboundMessage);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 86801dde5..28299871c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -1,13 +1,37 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.jcp.xml.dsig.internal.dom.DOMURIDereferencer;
import org.opensaml.common.SAMLObject;
import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.decoding.HTTPRedirectDeflateDecoder;
import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
+import org.opensaml.saml2.binding.security.SAML2AuthnRequestsSignedRule;
import org.opensaml.saml2.binding.security.SAML2HTTPRedirectDeflateSignatureRule;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
@@ -15,7 +39,6 @@ import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.saml2.metadata.SingleSignOnService;
import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.security.SecurityPolicyResolver;
@@ -33,6 +56,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
public class RedirectBinding implements IDecoder, IEncoder {
@@ -47,8 +71,10 @@ public class RedirectBinding implements IDecoder, IEncoder {
throws MessageEncodingException, SecurityException {
try {
Credential credentials = CredentialProvider
- .getIDPSigningCredential();
+ .getIDPAssertionSigningCredential();
+ Logger.debug("create SAML RedirectBinding response");
HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
resp, true);
@@ -86,13 +112,18 @@ public class RedirectBinding implements IDecoder, IEncoder {
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
+ SAML2AuthnRequestsSignedRule signedRole = new SAML2AuthnRequestsSignedRule();
BasicSecurityPolicy policy = new BasicSecurityPolicy();
+ policy.getPolicyRules().add(signedRole);
SecurityPolicyResolver resolver = new StaticSecurityPolicyResolver(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index 04ec3eaee..9fe75618d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.binding;
import javax.servlet.http.HttpServletRequest;
@@ -9,8 +31,6 @@ import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
-import org.opensaml.saml2.metadata.SingleSignOnService;
-import org.opensaml.saml2.metadata.impl.SingleSignOnServiceBuilder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.soap.soap11.decoder.http.HTTPSOAP11Decoder;
@@ -67,7 +87,7 @@ public class SoapBinding implements IDecoder, IEncoder {
throws MessageEncodingException, SecurityException, PVP2Exception {
try {
Credential credentials = CredentialProvider
- .getIDPSigningCredential();
+ .getIDPAssertionSigningCredential();
HTTPSOAP11Encoder encoder = new HTTPSOAP11Encoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
index ab880bb9e..d2a63c72f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/CitizenTokenBuilder.java
@@ -1,7 +1,28 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AttributeValue;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
@@ -10,14 +31,6 @@ import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSIntegerBuilder;
import org.opensaml.xml.schema.impl.XSStringBuilder;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
public class CitizenTokenBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
index 60e510de2..37bd83932 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/PVPAttributeBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder;
import java.util.ArrayList;
@@ -12,11 +34,18 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BPKAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.BirthdateAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDAuthBlock;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCcsURL;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDCitizenQAALevelAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIdentityLinkBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDIssuingNationAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSectorForIDAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSignerCertificate;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePIN;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.EIDSourcePINType;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.GivenNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateFullMandateAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonFullNameAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder;
@@ -33,16 +62,26 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateRefere
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.MandateTypeAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PVPVersionAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.PrincipalNameAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.SamlAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.UnprovideableAttributeException;
public class PVPAttributeBuilder {
+ private static IAttributeGenerator<Attribute> generator = new SamlAttributeGenerator();
private static HashMap<String, IAttributeBuilder> builders;
private static void addBuilder(IAttributeBuilder builder) {
builders.put(builder.getName(), builder);
static {
builders = new HashMap<String, IAttributeBuilder>();
// Citizen Token normal
@@ -54,6 +93,12 @@ public class PVPAttributeBuilder {
addBuilder(new EIDCitizenQAALevelAttributeBuilder());
addBuilder(new EIDIssuingNationAttributeBuilder());
addBuilder(new EIDSectorForIDAttributeBuilder());
+ addBuilder(new EIDIdentityLinkBuilder());
+ addBuilder(new EIDAuthBlock());
+ addBuilder(new EIDCcsURL());
+ addBuilder(new EIDSignerCertificate());
+ addBuilder(new EIDSourcePIN());
+ addBuilder(new EIDSourcePINType());
// Mandate Attributes
addBuilder(new MandateTypeAttributeBuilder());
@@ -72,27 +117,39 @@ public class PVPAttributeBuilder {
addBuilder(new MandateReferenceValueAttributeBuilder());
addBuilder(new MandateFullMandateAttributeBuilder());
- public static Attribute buildAttribute(String name,
- AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ public static Attribute buildAttribute(String name, AuthenticationSession authSession, OAAuthParameter oaParam,
+ AuthenticationData authData) throws PVP2Exception {
if (builders.containsKey(name)) {
- return builders.get(name).build(authSession, oaParam, authData);
+ try {
+ return builders.get(name).build(authSession, oaParam, authData, generator);
+ }
+ catch (AttributeException e) {
+ if (e instanceof UnavailableAttributeException) {
+ throw new UnprovideableAttributeException(((UnavailableAttributeException) e).getAttributeName());
+ } else if (e instanceof InvalidDateFormatAttributeException) {
+ throw new InvalidDateFormatException();
+ } else if (e instanceof NoMandateDataAttributeException) {
+ throw new NoMandateDataAvailableException();
+ } else {
+ throw new UnprovideableAttributeException(name);
+ }
+ }
return null;
public static List<Attribute> buildSupportedEmptyAttributes() {
List<Attribute> attributes = new ArrayList<Attribute>();
Iterator<IAttributeBuilder> builderIt = builders.values().iterator();
while (builderIt.hasNext()) {
IAttributeBuilder builder = builderIt.next();
- Attribute emptyAttribute = builder.buildEmpty();
+ Attribute emptyAttribute = builder.buildEmpty(generator);
if (emptyAttribute != null) {
return attributes;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
index 17fc52a8c..17f76d35a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/assertion/PVP2AssertionBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion;
import java.util.Iterator;
@@ -21,6 +43,7 @@ import org.opensaml.saml2.core.RequestedAuthnContext;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.AttributeConsumingService;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.NameIDFormat;
@@ -32,16 +55,17 @@ import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NameIDFormatNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoAuthContextException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
@@ -55,53 +79,55 @@ import at.gv.egovernment.moa.util.Constants;
public class PVP2AssertionBuilder implements PVPConstants {
public static Assertion buildAssertion(AuthnRequest authnRequest,
- AuthenticationSession authSession, EntityDescriptor peerEntity)
+ AuthenticationSession authSession, EntityDescriptor peerEntity, DateTime date)
throws MOAIDException {
Assertion assertion = SAML2Utils.createSAMLObject(Assertion.class);
RequestedAuthnContext reqAuthnContext = authnRequest
- if (reqAuthnContext == null) {
- throw new NoAuthContextException();
- }
- boolean stork_qaa_1_4_found = false;
AuthnContextClassRef authnContextClassRef = SAML2Utils
- List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
- .getAuthnContextClassRefs();
- if (reqAuthnContextClassRefIt.size() == 0) {
- stork_qaa_1_4_found = true;
+ if (reqAuthnContext == null) {
- } else {
- for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
- String qaa_uri = authnClassRef.getAuthnContextClassRef();
- if (qaa_uri.trim().equals(STORK_QAA_1_4)
- || qaa_uri.trim().equals(STORK_QAA_1_3)
- || qaa_uri.trim().equals(STORK_QAA_1_2)
- || qaa_uri.trim().equals(STORK_QAA_1_1)) {
- if (authSession.isForeigner()) {
- //TODO: insert QAA check
- stork_qaa_1_4_found = false;
- } else {
- stork_qaa_1_4_found = true;
- authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ } else {
+ boolean stork_qaa_1_4_found = false;
+ List<AuthnContextClassRef> reqAuthnContextClassRefIt = reqAuthnContext
+ .getAuthnContextClassRefs();
+ if (reqAuthnContextClassRefIt.size() == 0) {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ } else {
+ for (AuthnContextClassRef authnClassRef : reqAuthnContextClassRefIt) {
+ String qaa_uri = authnClassRef.getAuthnContextClassRef();
+ if (qaa_uri.trim().equals(STORK_QAA_1_4)
+ || qaa_uri.trim().equals(STORK_QAA_1_3)
+ || qaa_uri.trim().equals(STORK_QAA_1_2)
+ || qaa_uri.trim().equals(STORK_QAA_1_1)) {
+ if (authSession.isForeigner()) {
+ //TODO: insert QAA check
+ stork_qaa_1_4_found = false;
+ } else {
+ stork_qaa_1_4_found = true;
+ authnContextClassRef.setAuthnContextClassRef(STORK_QAA_1_4);
+ }
+ break;
- break;
- }
- if (!stork_qaa_1_4_found) {
- throw new QAANotSupportedException(STORK_QAA_1_4);
+ if (!stork_qaa_1_4_found) {
+ throw new QAANotSupportedException(STORK_QAA_1_4);
+ }
// reqAuthnContextClassRefIt = reqAuthnContext.getAuthnContextClassRefs()
@@ -133,7 +159,7 @@ public class PVP2AssertionBuilder implements PVPConstants {
AuthnStatement authnStatement = SAML2Utils
String remoteSessionID = SAML2Utils.getSecureIdentifier();
- authnStatement.setAuthnInstant(new DateTime());
+ authnStatement.setAuthnInstant(date);
// currently dummy id ...
@@ -142,16 +168,14 @@ public class PVP2AssertionBuilder implements PVPConstants {
SPSSODescriptor spSSODescriptor = peerEntity
Integer aIdx = authnRequest.getAttributeConsumingServiceIndex();
int idx = 0;
if (aIdx != null) {
idx = aIdx.intValue();
- }
- AttributeConsumingService attributeConsumingService = spSSODescriptor
- .getAttributeConsumingServices().get(idx);
+ }
AttributeStatement attributeStatement = SAML2Utils
@@ -195,32 +219,38 @@ public class PVP2AssertionBuilder implements PVPConstants {
.buildAuthenticationData(authSession, oaParam,
- Iterator<RequestedAttribute> it = attributeConsumingService
- .getRequestAttributes().iterator();
- while (it.hasNext()) {
- RequestedAttribute reqAttribut = it.next();
- try {
- Attribute attr = PVPAttributeBuilder.buildAttribute(
- reqAttribut.getName(), authSession, oaParam, authData);
- if (attr == null) {
+ if (spSSODescriptor.getAttributeConsumingServices() != null &&
+ spSSODescriptor.getAttributeConsumingServices().size() > 0) {
+ AttributeConsumingService attributeConsumingService = spSSODescriptor
+ .getAttributeConsumingServices().get(idx);
+ Iterator<RequestedAttribute> it = attributeConsumingService
+ .getRequestAttributes().iterator();
+ while (it.hasNext()) {
+ RequestedAttribute reqAttribut = it.next();
+ try {
+ Attribute attr = PVPAttributeBuilder.buildAttribute(
+ reqAttribut.getName(), authSession, oaParam, authData);
+ if (attr == null) {
+ if (reqAttribut.isRequired()) {
+ throw new UnprovideableAttributeException(
+ reqAttribut.getName());
+ }
+ } else {
+ attributeStatement.getAttributes().add(attr);
+ }
+ } catch (PVP2Exception e) {
+ Logger.error(
+ "Attribute generation failed! for "
+ + reqAttribut.getFriendlyName(), e);
if (reqAttribut.isRequired()) {
throw new UnprovideableAttributeException(
- } else {
- attributeStatement.getAttributes().add(attr);
- }
- } catch (PVP2Exception e) {
- Logger.error(
- "Attribute generation failed! for "
- + reqAttribut.getFriendlyName(), e);
- if (reqAttribut.isRequired()) {
- throw new UnprovideableAttributeException(
- reqAttribut.getName());
if (attributeStatement.getAttributes().size() > 0) {
@@ -292,8 +322,17 @@ public class PVP2AssertionBuilder implements PVPConstants {
SubjectConfirmationData subjectConfirmationData = SAML2Utils
- subjectConfirmationData.setNotOnOrAfter(new DateTime().plusMinutes(20));
- subjectConfirmationData.setRecipient(peerEntity.getEntityID());
+ subjectConfirmationData.setNotOnOrAfter(date.plusMinutes(5));
+ //TL: change from entityID to destination URL
+ AssertionConsumerService consumerService = spSSODescriptor
+ .getAssertionConsumerServices().get(idx);
+ if (consumerService == null) {
+ throw new InvalidAssertionConsumerServiceException(idx);
+ }
+ subjectConfirmationData.setRecipient(consumerService.getLocation());
@@ -303,22 +342,29 @@ public class PVP2AssertionBuilder implements PVPConstants {
AudienceRestriction audienceRestriction = SAML2Utils
Audience audience = SAML2Utils.createSAMLObject(Audience.class);
- conditions.setNotBefore(new DateTime());
- conditions.setNotOnOrAfter(new DateTime().plusMinutes(20));
+ conditions.setNotBefore(date);
+ conditions.setNotOnOrAfter(date.plusMinutes(5));
+// conditions.setNotOnOrAfter(new DateTime());
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
- issuer.setValue(PVPConfiguration.getInstance().getIDPIssuerName());
+ //TODO: check!
+ //change to entity value from entity name to IDP EntityID (URL)
+ issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
- assertion.setIssueInstant(new DateTime());
+ assertion.setIssueInstant(date);
return assertion;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
index 4fb76c377..648651350 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -1,37 +1,60 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
-public class BPKAttributeBuilder extends BaseAttributeBuilder {
+public class BPKAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
return BPK_NAME;
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
String bpk = authData.getBPK();
String type = authData.getBPKType();
if (type.startsWith(Constants.URN_PREFIX_WBPK))
- type = type.substring((Constants.URN_PREFIX_WBPK+"+").length());
- else if (type.startsWith(Constants.URN_PREFIX_CDID))
- type = type.substring((Constants.URN_PREFIX_CDID+"+").length());
- if(bpk.length() > BPK_MAX_LENGTH) {
+ type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
+ else if (type.startsWith(Constants.URN_PREFIX_CDID)) type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
+ if (bpk.length() > BPK_MAX_LENGTH) {
bpk = bpk.substring(0, BPK_MAX_LENGTH);
- return buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
+ Logger.trace("Authenticate user with bPK/wbPK " + bpk + " and Type=" + type);
+ return g.buildStringAttribute(BPK_FRIENDLY_NAME, BPK_NAME, type + ":" + bpk);
- public Attribute buildEmpty() {
- return buildemptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(BPK_FRIENDLY_NAME, BPK_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
deleted file mode 100644
index d3c79c939..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BaseAttributeBuilder.java
+++ /dev/null
@@ -1,62 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
-import org.opensaml.saml2.core.AttributeValue;
-import org.opensaml.xml.Configuration;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSInteger;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.schema.impl.XSIntegerBuilder;
-import org.opensaml.xml.schema.impl.XSStringBuilder;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-public abstract class BaseAttributeBuilder implements PVPConstants, IAttributeBuilder {
- protected static XMLObject buildAttributeStringValue(String value) {
- XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
- XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
- stringValue.setValue(value);
- return stringValue;
- }
- protected static XMLObject buildAttributeIntegerValue(int value) {
- XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
- XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
- integerValue.setValue(value);
- return integerValue;
- }
- protected static Attribute buildStringAttribute(String friendlyName,
- String name, String value) {
- Attribute attribute =
- SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeStringValue(value));
- return attribute;
- }
- protected static Attribute buildIntegerAttribute(String friendlyName,
- String name, int value) {
- Attribute attribute =
- SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
- return attribute;
- }
- protected static Attribute buildemptyAttribute(String friendlyName, String name) {
- Attribute attribute =
- SAML2Utils.createSAMLObject(Attribute.class);
- attribute.setFriendlyName(friendlyName);
- attribute.setName(name);
- attribute.setNameFormat(Attribute.URI_REFERENCE);
- return attribute;
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
index fa42fc54f..523063c6e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BirthdateAttributeBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.text.DateFormat;
@@ -5,41 +27,39 @@ import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-public class BirthdateAttributeBuilder extends BaseAttributeBuilder {
+public class BirthdateAttributeBuilder implements IPVPAttributeBuilder {
public static final String IDENTITY_LINK_DATE_FORMAT = "yyyy-MM-dd";
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
try {
- DateFormat identityLinkFormat = new SimpleDateFormat(
- Date date = identityLinkFormat.parse(authSession.getIdentityLink()
- .getDateOfBirth());
- DateFormat pvpDateFormat = new SimpleDateFormat(
+ DateFormat identityLinkFormat = new SimpleDateFormat(IDENTITY_LINK_DATE_FORMAT);
+ Date date = identityLinkFormat.parse(authSession.getIdentityLink().getDateOfBirth());
+ DateFormat pvpDateFormat = new SimpleDateFormat(BIRTHDATE_FORMAT_PATTERN);
String dateString = pvpDateFormat.format(date);
- return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME,
- BIRTHDATE_NAME, dateString);
- } catch (ParseException e) {
+ return g.buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
+ //return buildStringAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME, dateString);
+ }
+ catch (ParseException e) {
return null;
- public Attribute buildEmpty() {
- return buildemptyAttribute(BIRTHDATE_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(BIRTHDATE_FRIENDLY_NAME, BIRTHDATE_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
new file mode 100644
index 000000000..56972248b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
@@ -0,0 +1,65 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import iaik.util.logging.Log;
+import java.io.IOException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class EIDAuthBlock implements IPVPAttributeBuilder {
+ public String getName() {
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ try {
+ String authblock = authSession.getAuthBlock();
+ if (MiscUtil.isNotEmpty(authblock)) {
+ Base64Utils.encode(authblock.getBytes()));
+ }
+ }
+ catch (IOException e) {
+ Log.info("Encode AuthBlock BASE64 failed.");
+ }
+ throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
new file mode 100644
index 000000000..7179dd090
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCcsURL.java
@@ -0,0 +1,52 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class EIDCcsURL implements IPVPAttributeBuilder {
+ public String getName() {
+ return EID_CCS_URL_NAME;
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ String bkuurl = authSession.getBkuURL();
+ if (MiscUtil.isNotEmpty(bkuurl))
+ return g.buildStringAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME, bkuurl);
+ else
+ throw new UnavailableAttributeException(EID_CCS_URL_NAME);
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_CCS_URL_FRIENDLY_NAME, EID_CCS_URL_NAME);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
index 5ddd87c7b..02088eea1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDCitizenQAALevelAttributeBuilder.java
@@ -1,26 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-public class EIDCitizenQAALevelAttributeBuilder extends BaseAttributeBuilder {
+public class EIDCitizenQAALevelAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
- return buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildIntegerAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
- public Attribute buildEmpty() {
- return buildemptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
new file mode 100644
index 000000000..2d86586d2
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
@@ -0,0 +1,90 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import java.io.IOException;
+import javax.xml.transform.TransformerException;
+import org.w3c.dom.Element;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DOMUtils;
+public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
+ public String getName() {
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ try {
+ String ilAssertion = null;
+ if (oaParam.getBusinessService()) {
+ IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
+ Element resignedilAssertion;
+ resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
+ .getSamlAssertion());
+ ilAssertion = DOMUtils.serializeNode(resignedilAssertion);
+ } else
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
+ return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes()));
+ } catch (MOAIDException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ } catch (TransformerException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ } catch (IOException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ }
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
index 08e4e67b3..39d4d29e7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIssuingNationAttributeBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import iaik.x509.X509Certificate;
@@ -5,21 +27,20 @@ import iaik.x509.X509Certificate;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
-public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
+public class EIDIssuingNationAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
String countryCode = "AT";
@@ -48,12 +69,12 @@ public class EIDIssuingNationAttributeBuilder extends BaseAttributeBuilder {
- return buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
+ return g.buildStringAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
- public Attribute buildEmpty() {
- return buildemptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(EID_ISSUING_NATION_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
index 8cb2b5be6..807d59050 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -1,26 +1,47 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-public class EIDSectorForIDAttributeBuilder extends BaseAttributeBuilder {
+public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
String bpktype = authData.getBPKType();
+ return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
new file mode 100644
index 000000000..7cd415ada
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
@@ -0,0 +1,64 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import iaik.util.logging.Log;
+import java.io.IOException;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.util.Base64Utils;
+public class EIDSignerCertificate implements IPVPAttributeBuilder {
+ public String getName() {
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ try {
+ byte[] signerCertificate = authSession.getEncodedSignerCertificate();
+ if (signerCertificate != null) {
+ .encode(signerCertificate));
+ }
+ }catch (IOException e) {
+ Log.info("Signer certificate BASE64 encoding error");
+ }
+ throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME);
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
new file mode 100644
index 000000000..5bf65da04
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -0,0 +1,52 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+public class EIDSourcePIN implements IPVPAttributeBuilder {
+ public String getName() {
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (oaParam.getBusinessService())
+ throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME);
+ else {
+ return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue());
+ }
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
new file mode 100644
index 000000000..ec509f74b
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePINType.java
@@ -0,0 +1,52 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+public class EIDSourcePINType implements IPVPAttributeBuilder {
+ public String getName() {
+ }
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (oaParam.getBusinessService())
+ throw new UnavailableAttributeException(EID_SOURCE_PIN_TYPE_NAME);
+ else {
+ return g.buildStringAttribute(EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, EID_SOURCE_PIN_TYPE_NAME, authData.getIdentificationType());
+ }
+ }
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
index 5c8151c01..7bd5e2db5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/GivenNameAttributeBuilder.java
@@ -1,24 +1,45 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-public class GivenNameAttributeBuilder extends BaseAttributeBuilder {
+public class GivenNameAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
- return buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName());
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME, authSession.getIdentityLink().getGivenName());
- public Attribute buildEmpty() {
- return buildemptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME);
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(GIVEN_NAME_FRIENDLY_NAME, GIVEN_NAME_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
index 173fbd52f..55b16edfb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeBuilder.java
@@ -1,15 +1,37 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
public interface IAttributeBuilder {
public String getName();
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception;
- public Attribute buildEmpty();
+ public <ATT> ATT build(final AuthenticationSession authSession, final OAAuthParameter oaParam, final AuthenticationData authData,
+ final IAttributeGenerator<ATT> g) throws AttributeException;
+ public <ATT> ATT buildEmpty(final IAttributeGenerator<ATT> g);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java
new file mode 100644
index 000000000..9edb167ee
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IAttributeGenerator.java
@@ -0,0 +1,33 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+public interface IAttributeGenerator<ATT> {
+ public abstract ATT buildStringAttribute(final String friendlyName, final String name, final String value);
+ public abstract ATT buildIntegerAttribute(final String friendlyName, final String name, final int value);
+ public abstract ATT buildLongAttribute(final String friendlyName, final String name, final long value);
+ public abstract ATT buildEmptyAttribute(final String friendlyName, final String name);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java
new file mode 100644
index 000000000..8adf5cad9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/IPVPAttributeBuilder.java
@@ -0,0 +1,30 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+interface IPVPAttributeBuilder extends PVPConstants, MOAIDAuthConstants, IAttributeBuilder {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
index cecd90448..4528aa1fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -1,35 +1,55 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.io.IOException;
import javax.xml.transform.TransformerException;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.DOMUtils;
-public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder {
+public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData)
- throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if (authSession.getUseMandate()) {
if (authSession.getMandate() != null) {
String fullMandate;
try {
fullMandate = DOMUtils.serializeNode(authSession
- return buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ return g.buildStringAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ MANDATE_FULL_MANDATE_NAME, Base64Utils.encode(fullMandate.getBytes()));
} catch (TransformerException e) {
Logger.error("Failed to generate Full Mandate", e);
} catch (IOException e) {
@@ -41,8 +61,8 @@ public class MandateFullMandateAttributeBuilder extends BaseAttributeBuilder {
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_FULL_MANDATE_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
index 15059c036..9ab1de50d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonFullNameAttributeBuilder.java
@@ -1,6 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -8,44 +29,43 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBod
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateLegalPersonFullNameAttributeBuilder extends BaseAttributeBuilder {
+public class MandateLegalPersonFullNameAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
- if(authSession.getUseMandate()) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
- if(corporation == null) {
+ if (corporation == null) {
Logger.error("No corporation mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
- return buildStringAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
- MANDATE_LEG_PER_FULL_NAME_NAME, corporation.getFullName());
+ corporation.getFullName());
return null;
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_LEG_PER_FULL_NAME_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
index 820efb209..ca68704c9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinAttributeBuilder.java
@@ -1,6 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -9,37 +30,37 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBuilder {
+public class MandateLegalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if(authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
if(corporation == null) {
Logger.error("No corporation mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
IdentificationType id = null;
if(corporation.getIdentification().size() == 0) {
Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
id = corporation.getIdentification().get(0);
/*if(authSession.getBusinessService()) {
@@ -49,16 +70,16 @@ public class MandateLegalPersonSourcePinAttributeBuilder extends BaseAttributeBu
/*if(id == null) {
Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
+ return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME,
MANDATE_LEG_PER_SOURCE_PIN_NAME, id.getValue().getValue());
return null;
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
index 44b58d04f..5656d1769 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateLegalPersonSourcePinTypeAttributeBuilder.java
@@ -1,6 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -9,59 +30,53 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.Identificati
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateLegalPersonSourcePinTypeAttributeBuilder extends
- BaseAttributeBuilder {
+public class MandateLegalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData)
- throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if (authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
if (mandate == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
if (mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
- CorporateBodyType corporation = mandateObject.getMandator()
- .getCorporateBody();
+ CorporateBodyType corporation = mandateObject.getMandator().getCorporateBody();
if (corporation == null) {
Logger.error("No corporate mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
IdentificationType id = null;
- if(corporation.getIdentification().size() == 0) {
+ if (corporation.getIdentification().size() == 0) {
Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
- id = corporation.getIdentification().get(0);
- /*id = MandateBuilder.getBPKIdentification(corporate);
- if (id == null) {
- Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
- }*/
- return buildStringAttribute(
+ id = corporation.getIdentification().get(0);
+ /*
+ * id = MandateBuilder.getBPKIdentification(corporate); if (id == null) {
+ * Logger.error("Failed to generate IdentificationType"); throw new
+ * NoMandateDataAttributeException(); }
+ */
+ id.getType());
return null;
- public Attribute buildEmpty() {
- return buildemptyAttribute(
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
index 49e013fe0..039fc8af8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBPKAttributeBuilder.java
@@ -1,62 +1,82 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
-import at.gv.egovernment.moa.id.BuildException;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
-public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilder {
+public class MandateNaturalPersonBPKAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
- if(authSession.getUseMandate()) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
- PhysicalPersonType physicalPerson = mandateObject.getMandator()
- .getPhysicalPerson();
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
if (physicalPerson == null) {
Logger.error("No physicalPerson mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
-// if(authSession.getBusinessService()) {
-// id = MandateBuilder.getWBPKIdentification(physicalPerson);
-// } else {
-// id = MandateBuilder.getBPKIdentification(physicalPerson);
-// }
- if(id == null) {
+ // if(authSession.getBusinessService()) {
+ // id = MandateBuilder.getWBPKIdentification(physicalPerson);
+ // } else {
+ // id = MandateBuilder.getBPKIdentification(physicalPerson);
+ // }
+ if (id == null) {
Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
String bpk;
try {
if (id.getType().equals(Constants.URN_PREFIX_BASEID)) {
- if (authSession.getBusinessService()) {
+ if (authSession.getBusinessService()) {
bpk = new BPKBuilder().buildWBPK(id.getValue().getValue(), oaParam.getIdentityLinkDomainIdentifier());
@@ -65,26 +85,24 @@ public class MandateNaturalPersonBPKAttributeBuilder extends BaseAttributeBuilde
bpk = new BPKBuilder().buildBPK(id.getValue().getValue(), oaParam.getTarget());
- } else
+ } else
bpk = id.getValue().getValue();
- } catch (BuildException e ){
+ }
+ catch (BuildException e) {
Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
- return buildStringAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
return null;
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_NAT_PER_BPK_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
index a87d4d25c..f5dc277bd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonBirthDateAttributeBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.text.DateFormat;
@@ -5,7 +27,6 @@ import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -13,62 +34,55 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidDateFormatException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.InvalidDateFormatAttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateNaturalPersonBirthDateAttributeBuilder extends
- BaseAttributeBuilder {
+public class MandateNaturalPersonBirthDateAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData)
- throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if (authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
if (mandate == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
if (mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
- PhysicalPersonType physicalPerson = mandateObject.getMandator()
- .getPhysicalPerson();
+ PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
if (physicalPerson == null) {
Logger.error("No physicalPerson mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
String dateOfBirth = physicalPerson.getDateOfBirth();
try {
- DateFormat mandateFormat = new SimpleDateFormat(
+ DateFormat mandateFormat = new SimpleDateFormat(MandateBuilder.MANDATE_DATE_OF_BIRTH_FORMAT);
Date date = mandateFormat.parse(dateOfBirth);
- DateFormat pvpDateFormat = new SimpleDateFormat(
+ DateFormat pvpDateFormat = new SimpleDateFormat(MANDATE_NAT_PER_BIRTHDATE_FORMAT_PATTERN);
String dateString = pvpDateFormat.format(date);
- return buildStringAttribute(
- } catch (ParseException e) {
+ }
+ catch (ParseException e) {
- throw new InvalidDateFormatException();
+ throw new InvalidDateFormatAttributeException();
return null;
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
index 6744e5d20..2a7bafdbc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonFamilyNameAttributeBuilder.java
@@ -1,8 +1,29 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.util.Iterator;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -11,32 +32,32 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttributeBuilder {
+public class MandateNaturalPersonFamilyNameAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if(authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
if(physicalPerson == null) {
Logger.error("No physicalPerson mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
StringBuilder sb = new StringBuilder();
@@ -46,15 +67,15 @@ public class MandateNaturalPersonFamilyNameAttributeBuilder extends BaseAttribu
sb.append(" " + fNamesit.next().getValue());
+ return g.buildStringAttribute(MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME,
return null;
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
index 67aa8df0e..4707c385a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonGivenNameAttributeBuilder.java
@@ -1,8 +1,29 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import java.util.Iterator;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -10,51 +31,49 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateNaturalPersonGivenNameAttributeBuilder extends BaseAttributeBuilder {
+public class MandateNaturalPersonGivenNameAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
- if(authSession.getUseMandate()) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
PhysicalPersonType physicalPerson = mandateObject.getMandator().getPhysicalPerson();
- if(physicalPerson == null) {
+ if (physicalPerson == null) {
Logger.error("No physicalPerson mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
StringBuilder sb = new StringBuilder();
Iterator<String> gNamesit = physicalPerson.getName().getGivenName().iterator();
- while(gNamesit.hasNext()) {
+ while (gNamesit.hasNext()) {
sb.append(" " + gNamesit.next());
return null;
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
index eaa7e88af..7fbbce9bc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinAttributeBuilder.java
@@ -1,6 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -9,56 +30,56 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateNaturalPersonSourcePinAttributeBuilder extends
- BaseAttributeBuilder {
+public class MandateNaturalPersonSourcePinAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData)
- throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if(authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
PhysicalPersonType physicalPerson = mandateObject.getMandator()
if (physicalPerson == null) {
Logger.error("No physicalPerson mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
- /*if(authSession.getBusinessService()) {
+ if(authSession.getBusinessService()) {
id = MandateBuilder.getWBPKIdentification(physicalPerson);
- } else {
- id = MandateBuilder.getBPKIdentification(physicalPerson);
- }*/
+// } else {
+// id = MandateBuilder.getBPKIdentification(physicalPerson);
+ }
if(id == null) {
Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
+ return g.buildStringAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
MANDATE_NAT_PER_SOURCE_PIN_NAME, id.getValue().getValue());
return null;
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
index 7b8f59dd2..538cee048 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateNaturalPersonSourcePinTypeAttributeBuilder.java
@@ -1,6 +1,27 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
@@ -9,35 +30,33 @@ import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPers
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
import at.gv.egovernment.moa.logging.Logger;
-public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends
- BaseAttributeBuilder {
+public class MandateNaturalPersonSourcePinTypeAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData)
- throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if(authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
PhysicalPersonType physicalPerson = mandateObject.getMandator()
if (physicalPerson == null) {
Logger.error("No physicalPerson mandate");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
IdentificationType id = null;
id = physicalPerson.getIdentification().get(0);
@@ -48,17 +67,17 @@ public class MandateNaturalPersonSourcePinTypeAttributeBuilder extends
if(id == null) {
Logger.error("Failed to generate IdentificationType");
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
return null;
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
index b7c356112..814211b24 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepDescAttributeBuilder.java
@@ -1,39 +1,59 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
-public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
+public class MandateProfRepDescAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
if(authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ throw new NoMandateDataAttributeException();
String text = AttributeExtractor.extractSAMLAttributeOA(
if(text == null) {
return null;
- return buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ return g.buildStringAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
@@ -41,8 +61,8 @@ public class MandateProfRepDescAttributeBuilder extends BaseAttributeBuilder {
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(MANDATE_PROF_REP_DESC_FRIENDLY_NAME,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
index 740a99649..b040072a6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateProfRepOIDAttributeBuilder.java
@@ -1,49 +1,64 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AttributeExtractor;
-public class MandateProfRepOIDAttributeBuilder extends BaseAttributeBuilder {
+public class MandateProfRepOIDAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
- if(authSession.getUseMandate()) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAvailableException();
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
- String oid = AttributeExtractor.extractSAMLAttributeOA(
- ParepValidator.EXT_SAML_MANDATE_OID,
- authSession);
+ String oid = AttributeExtractor.extractSAMLAttributeOA(EXT_SAML_MANDATE_OID, authSession);
- if(oid == null) {
+ if (oid == null) {
return null;
- return buildStringAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
return null;
- public Attribute buildEmpty() {
- return buildemptyAttribute(MANDATE_PROF_REP_OID_FRIENDLY_NAME,
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
- \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
index 5a50473d3..7e7b57e4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateReferenceValueAttributeBuilder.java
@@ -1,43 +1,50 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
-import org.w3c.dom.Element;
-import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoMandateDataAvailableException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
-import at.gv.egovernment.moa.id.util.MandateBuilder;
-public class MandateReferenceValueAttributeBuilder extends BaseAttributeBuilder {
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+public class MandateReferenceValueAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws PVP2Exception {
- if(authSession.getUseMandate()) {
- Element mandate = authSession.getMandate();
- if(mandate == null) {
- throw new NoMandateDataAvailableException();
- }
- Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new NoMandateDataAvailableException();
- }
- MANDATE_REFERENCE_VALUE_NAME, mandateObject.getMandateID());
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (authSession.getUseMandate()) {
+ authSession.getMandateReferenceValue());
return null;
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
index bc7fdaf73..4842141fc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateTypeAttributeBuilder.java
@@ -1,41 +1,63 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import org.w3c.dom.Element;
import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.ResponderErrorException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.id.util.MandateBuilder;
-public class MandateTypeAttributeBuilder extends BaseAttributeBuilder {
+public class MandateTypeAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) throws ResponderErrorException {
- if(authSession.getUseMandate()) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ if (authSession.getUseMandate()) {
Element mandate = authSession.getMandate();
- if(mandate == null) {
- throw new ResponderErrorException("No mandate data available", null);
+ if (mandate == null) {
+ throw new NoMandateDataAttributeException();
Mandate mandateObject = MandateBuilder.buildMandate(mandate);
- if(mandateObject == null) {
- throw new ResponderErrorException("No mandate data available", null);
+ if (mandateObject == null) {
+ throw new NoMandateDataAttributeException();
- return buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation());
+ return g.buildStringAttribute(MANDATE_TYPE_FRIENDLY_NAME, MANDATE_TYPE_NAME, mandateObject.getAnnotation());
return null;
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
index 545d70d76..e8c410555 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PVPVersionAttributeBuilder.java
@@ -1,24 +1,45 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-public class PVPVersionAttributeBuilder extends BaseAttributeBuilder {
+public class PVPVersionAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
- public Attribute buildEmpty() {
- return buildemptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME);
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(PVP_VERSION_FRIENDLY_NAME, PVP_VERSION_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
index 7ca7eb829..c687b2bff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/PrincipalNameAttributeBuilder.java
@@ -1,24 +1,45 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import org.opensaml.saml2.core.Attribute;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
-public class PrincipalNameAttributeBuilder extends BaseAttributeBuilder {
+public class PrincipalNameAttributeBuilder implements IPVPAttributeBuilder {
public String getName() {
- public Attribute build(AuthenticationSession authSession,
- OAAuthParameter oaParam, AuthenticationData authData) {
- return buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName());
+ public <ATT> ATT build(AuthenticationSession authSession, OAAuthParameter oaParam, AuthenticationData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(PRINCIPAL_NAME_FRIENDLY_NAME, PRINCIPAL_NAME_NAME, authSession.getIdentityLink().getFamilyName());
- public Attribute buildEmpty() {
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
new file mode 100644
index 000000000..de77cc5b3
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/SamlAttributeGenerator.java
@@ -0,0 +1,87 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeValue;
+import org.opensaml.xml.Configuration;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.schema.XSInteger;
+import org.opensaml.xml.schema.XSString;
+import org.opensaml.xml.schema.impl.XSIntegerBuilder;
+import org.opensaml.xml.schema.impl.XSStringBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
+public class SamlAttributeGenerator implements IAttributeGenerator<Attribute> {
+ private XMLObject buildAttributeStringValue(String value) {
+ XSStringBuilder stringBuilder = (XSStringBuilder) Configuration.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
+ XSString stringValue = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
+ stringValue.setValue(value);
+ return stringValue;
+ }
+ private XMLObject buildAttributeIntegerValue(int value) {
+ XSIntegerBuilder integerBuilder = (XSIntegerBuilder) Configuration.getBuilderFactory().getBuilder(XSInteger.TYPE_NAME);
+ XSInteger integerValue = integerBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSInteger.TYPE_NAME);
+ integerValue.setValue(value);
+ return integerValue;
+ }
+ public Attribute buildStringAttribute(final String friendlyName, final String name, final String value) {
+ Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeStringValue(value));
+ return attribute;
+ }
+ public Attribute buildIntegerAttribute(final String friendlyName, final String name, final int value) {
+ Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue(value));
+ return attribute;
+ }
+ public Attribute buildEmptyAttribute(final String friendlyName, final String name) {
+ Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ return attribute;
+ }
+ public Attribute buildLongAttribute(String friendlyName, String name, long value) {
+ Attribute attribute = SAML2Utils.createSAMLObject(Attribute.class);
+ attribute.setFriendlyName(friendlyName);
+ attribute.setName(name);
+ attribute.setNameFormat(Attribute.URI_REFERENCE);
+ attribute.getAttributeValues().add(buildAttributeIntegerValue((int) value));
+ return attribute;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java
index 81251139a..9f13b8270 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClientException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/AttributeException.java
@@ -1,5 +1,5 @@
- * Copyright 2003 Federal Chancellery Austria
+ * Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,28 +19,15 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
-package at.gv.egovernment.moa.id.util.client.mis.simple;
-public class MISSimpleClientException extends Exception {
- private static final long serialVersionUID = 1L;
- public MISSimpleClientException() {
- }
- public MISSimpleClientException(String message) {
- super(message);
- }
- public MISSimpleClientException(Throwable cause) {
- super(cause);
- }
- public MISSimpleClientException(String message, Throwable cause) {
- super(message, cause);
- }
-} \ No newline at end of file
+public class AttributeException extends Exception {
+ private static final long serialVersionUID = 1L;
+ public AttributeException(String message) {
+ super(message);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java
new file mode 100644
index 000000000..dd251f0cd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/InvalidDateFormatAttributeException.java
@@ -0,0 +1,35 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
+public class InvalidDateFormatAttributeException extends AttributeException {
+ private static final long serialVersionUID = 1L;
+ public InvalidDateFormatAttributeException() {
+ super("Date format is invalid.");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java
new file mode 100644
index 000000000..066330a2d
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/NoMandateDataAttributeException.java
@@ -0,0 +1,32 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
+public class NoMandateDataAttributeException extends AttributeException {
+ private static final long serialVersionUID = 1L;
+ public NoMandateDataAttributeException() {
+ super("Mandate data is not available.");
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java
new file mode 100644
index 000000000..f63edf909
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/exceptions/UnavailableAttributeException.java
@@ -0,0 +1,40 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions;
+public class UnavailableAttributeException extends AttributeException {
+ private static final long serialVersionUID = 1L;
+ private String attributeName;
+ public UnavailableAttributeException(String attributeName) {
+ super("Attribute " + attributeName + " is not available.");
+ this.attributeName = attributeName;
+ }
+ public String getAttributeName() {
+ return attributeName;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
index 0786f896a..f6832c161 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/config/PVPConfiguration.java
@@ -1,15 +1,34 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.config;
import iaik.x509.X509Certificate;
import java.io.File;
-import java.io.FileInputStream;
import java.security.cert.CertificateException;
import java.util.ArrayList;
-import java.util.Iterator;
import java.util.List;
import java.util.Properties;
-import java.util.Set;
import org.opensaml.saml2.metadata.Company;
import org.opensaml.saml2.metadata.ContactPerson;
@@ -28,10 +47,8 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.Contact;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.PVP2;
import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
-import at.gv.egovernment.moa.id.protocols.pvp2x.utils.Digester;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
@@ -51,10 +68,15 @@ public class PVPConfiguration {
public static final String PVP2_POST = "/pvp2/post";
public static final String PVP_CONFIG_FILE = "pvp2config.properties";
public static final String IDP_JAVAKEYSTORE = "idp.ks.file";
- public static final String IDP_KEYALIAS = "idp.ks.alias";
public static final String IDP_KS_PASS = "idp.ks.kspassword";
- public static final String IDP_KEY_PASS = "idp.ks.keypassword";
+ public static final String IDP_KEYALIASMETADATA = "idp.ks.metadata.alias";
+ public static final String IDP_KEY_PASSMETADATA = "idp.ks.metadata.keypassword";
+ public static final String IDP_KEYALIASASSERTION = "idp.ks.assertion.sign.alias";
+ public static final String IDP_KEY_PASSASSERTION = "idp.ks.assertion.sign.keypassword";
public static final String IDP_ISSUER_NAME = "idp.issuer.name";
@@ -98,7 +120,8 @@ public class PVPConfiguration {
String publicPath = generalpvpconfigdb.getPublicURLPrefix();
if(publicPath != null) {
if(publicPath.endsWith("/")) {
- publicPath = publicPath.substring(0, publicPath.length()-2);
+ int length = publicPath.length();
+ publicPath = publicPath.substring(0, length-1);
return publicPath;
@@ -119,17 +142,25 @@ public class PVPConfiguration {
public String getIDPKeyStoreFilename() {
return props.getProperty(IDP_JAVAKEYSTORE);
public String getIDPKeyStorePassword() {
return props.getProperty(IDP_KS_PASS);
- public String getIDPKeyAlias() {
- return props.getProperty(IDP_KEYALIAS);
+ public String getIDPKeyAliasMetadata() {
+ return props.getProperty(IDP_KEYALIASMETADATA);
+ }
+ public String getIDPKeyPasswordMetadata() {
+ return props.getProperty(IDP_KEY_PASSMETADATA);
+ }
+ public String getIDPKeyAliasAssertionSign() {
+ return props.getProperty(IDP_KEYALIASASSERTION);
- public String getIDPKeyPassword() {
- return props.getProperty(IDP_KEY_PASS);
+ public String getIDPKeyPasswordAssertionSign() {
+ return props.getProperty(IDP_KEY_PASSASSERTION);
public String getIDPIssuerName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
index 51c4b7e72..9f4c7fed3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/BindingNotSupportedException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
index 521b55580..94a4e8226 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionConsumerServiceException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
new file mode 100644
index 000000000..69da5c09c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidAssertionEncryptionException.java
@@ -0,0 +1,36 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
+import org.opensaml.saml2.core.StatusCode;
+public class InvalidAssertionEncryptionException extends PVP2Exception {
+ private static final long serialVersionUID = 6513388841485355549L;
+ public InvalidAssertionEncryptionException() {
+ super("pvp2.16", new Object[]{});
+ this.statusCodeValue = StatusCode.REQUESTER_URI;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
index 799d26ccb..252539bf5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/InvalidDateFormatException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
index 41a56639a..15a0ccf72 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/MandateAttributesNotHandleAbleException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
index 7dc9d5645..5a393062f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NameIDFormatNotSupportedException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
public class NameIDFormatNotSupportedException extends PVP2Exception {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
index cd81de30f..fdc8c8d39 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoAuthContextException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
index 6af97301f..333ef9765 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoCredentialsException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
index d24905f68..ce80ac5cb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMandateDataAvailableException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
public class NoMandateDataAvailableException extends PVP2Exception {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
index c45820cfb..50a1af6ad 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/NoMetadataInformationException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
index a9bd8104e..60fe47364 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2EncodingException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
public class PVP2EncodingException extends PVP2Exception {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
index 990a76562..709c1e34b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/PVP2Exception.java
@@ -1,8 +1,30 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public abstract class PVP2Exception extends MOAIDException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
index be22be859..fdf1063c0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/QAANotSupportedException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
index 61c41d82b..8f12f3cce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/RequestDeniedException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
index a24320cbc..fe921f8b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/ResponderErrorException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
index e0f576205..65def4602 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSignedException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
index 029470b94..8a386c951 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/SAMLRequestNotSupported.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
index 0a91cc61a..a8bfe1070 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/exceptions/UnprovideableAttributeException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.exceptions;
import org.opensaml.saml2.core.StatusCode;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index 99567478d..6d9022bd9 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -1,20 +1,43 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.metadata;
-import java.io.File;
-import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
+import java.util.Map;
import java.util.Timer;
import javax.xml.namespace.QName;
import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.protocol.Protocol;
import org.opensaml.saml2.metadata.EntitiesDescriptor;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.RoleDescriptor;
import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
-import org.opensaml.saml2.metadata.provider.FilesystemMetadataProvider;
import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.saml2.metadata.provider.MetadataProvider;
@@ -22,22 +45,20 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.parse.BasicParserPool;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
-import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.MetadataSignatureFilter;
-import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class MOAMetadataProvider implements MetadataProvider {
private static MOAMetadataProvider instance = null;
private static Object mutex = new Object();
+ private static Date timestamp = null;
public static MOAMetadataProvider getInstance() {
if (instance == null) {
synchronized (mutex) {
@@ -49,43 +70,201 @@ public class MOAMetadataProvider implements MetadataProvider {
return instance;
+ public static Date getTimeStamp() {
+ return timestamp;
+ }
+ public static void reInitialize() {
+ synchronized (mutex) {
+ /**add new Metadataprovider or remove Metadataprovider which are not in use any more.**/
+ if (instance != null)
+ instance.addAndRemoveMetadataProvider();
+ else
+ Logger.info("MOAMetadataProvider is not loaded.");
+ }
+ }
+ public static void destroy() {
+ if (instance != null) {
+ instance.internalDestroy();
+ } else {
+ Logger.info("MOAMetadataProvider is not loaded. Accordingly it can not be destroyed");
+ }
+ }
MetadataProvider internalProvider;
+ private void addAndRemoveMetadataProvider() {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ Logger.info("Relaod MOAMetaDataProvider.");
+ /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+ *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+ Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
+ Map<String, HTTPMetadataProvider> loadedproviders = new HashMap<String, HTTPMetadataProvider>();
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+ //make a Map of all actually loaded HTTPMetadataProvider
+ List<MetadataProvider> providers = chainProvider.getProviders();
+ for (MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ loadedproviders.put(httpprovider.getMetadataURI(), httpprovider);
+ }
+ }
+ //load all PVP2 OAs form ConfigurationDatabase and
+ //compare actually loaded Providers with configured PVP2 OAs
+ List<OnlineApplication> oaList = ConfigurationDBRead
+ .getAllActiveOnlineApplications();
+ //set Timestamp
+ timestamp = new Date();
+ Iterator<OnlineApplication> oaIt = oaList.iterator();
+ while (oaIt.hasNext()) {
+ HTTPMetadataProvider httpProvider = null;
+ try {
+ OnlineApplication oa = oaIt.next();
+ OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
+ if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) {
+ String metadataurl = pvp2Config.getMetadataURL();
+ if (loadedproviders.containsKey(metadataurl)) {
+ //PVP2 OA is actually loaded, to nothing
+ providersinuse.put(metadataurl, loadedproviders.get(metadataurl));
+ loadedproviders.remove(metadataurl);
+ } else if ( MiscUtil.isNotEmpty(metadataurl) &&
+ !providersinuse.containsKey(metadataurl) ) {
+ //PVP2 OA is new, add it to MOAMetadataProvider
+ Logger.info("Loading metadata for: " + oa.getFriendlyName());
+ httpProvider = createNewHTTPMetaDataProvider(
+ pvp2Config.getMetadataURL(),
+ pvp2Config.getCertificate(),
+ oa.getFriendlyName());
+ if (httpProvider != null)
+ providersinuse.put(metadataurl, httpProvider);
+ }
+ }
+ } catch (Throwable e) {
+ Logger.error(
+ "Failed to add Metadata (unhandled reason: "
+ + e.getMessage(), e);
+ if (httpProvider != null) {
+ Logger.debug("Destroy failed Metadata provider");
+ httpProvider.destroy();
+ }
+ }
+ }
+ //remove all actually loaded MetadataProviders with are not in ConfigurationDB any more
+ Collection<HTTPMetadataProvider> notusedproviders = loadedproviders.values();
+ for (HTTPMetadataProvider provider : notusedproviders) {
+ String metadataurl = provider.getMetadataURI();
+ try {
+ provider.destroy();
+ /*OpenSAML ChainingMetadataProvider can not remove a MetadataProvider (UnsupportedOperationException)
+ *The ChainingMetadataProvider use internal a unmodifiableList to hold all registrated MetadataProviders.*/
+ //chainProvider.removeMetadataProvider(provider);
+ Logger.info("Remove not used MetadataProvider with MetadataURL " + metadataurl);
+ } catch (Throwable e) {
+ Logger.error("HTTPMetadataProvider with URL " + metadataurl
+ + " can not be removed from the list of actually loaded Providers.", e);
+ }
+ }
+ try {
+ chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+ } catch (MetadataProviderException e) {
+ Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy", e);
+ }
+ } else {
+ Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+ }
+ }
+ public void internalDestroy() {
+ if (internalProvider != null && internalProvider instanceof ChainingMetadataProvider) {
+ Logger.info("Destrorying MOAMetaDataProvider.");
+ ChainingMetadataProvider chainProvider = (ChainingMetadataProvider) internalProvider;
+ List<MetadataProvider> providers = chainProvider.getProviders();
+ for (MetadataProvider provider : providers) {
+ if (provider instanceof HTTPMetadataProvider) {
+ HTTPMetadataProvider httpprovider = (HTTPMetadataProvider) provider;
+ Logger.debug("Destroy HTTPMetadataProvider +" + httpprovider.getMetadataURI());
+ httpprovider.destroy();
+ } else {
+ Logger.warn("MetadataProvider can not be destroyed.");
+ }
+ }
+ instance = null;
+ } else {
+ Logger.warn("ReInitalize MOAMetaDataProvider is not possible! MOA-ID Instance has to be restarted manualy");
+ }
+ }
private MOAMetadataProvider() {
ChainingMetadataProvider chainProvider = new ChainingMetadataProvider();
Logger.info("Loading metadata");
+ Map<String, MetadataProvider> providersinuse = new HashMap<String, MetadataProvider>();
List<OnlineApplication> oaList = ConfigurationDBRead
Iterator<OnlineApplication> oaIt = oaList.iterator();
while (oaIt.hasNext()) {
+ HTTPMetadataProvider httpProvider = null;
try {
OnlineApplication oa = oaIt.next();
Logger.info("Loading metadata for: " + oa.getFriendlyName());
OAPVP2 pvp2Config = oa.getAuthComponentOA().getOAPVP2();
- if (pvp2Config != null) {
+ if (pvp2Config != null && MiscUtil.isNotEmpty(pvp2Config.getMetadataURL())) {
String metadataURL = pvp2Config.getMetadataURL();
- try {
- // TODO: use proper SSL checking
- HTTPMetadataProvider httpProvider = new HTTPMetadataProvider(
- metadataURL, 20000);
- httpProvider.setParserPool(new BasicParserPool());
- httpProvider.setRequireValidMetadata(true);
- MetadataFilter filter = new MetadataSignatureFilter(
- metadataURL, pvp2Config.getCertificate());
- httpProvider.setMetadataFilter(filter);
- chainProvider.addMetadataProvider(httpProvider);
- httpProvider.initialize();
- } catch (MetadataProviderException e) {
- Logger.error(
- "Failed to add Metadata file for "
- + oa.getFriendlyName() + "[ "
- + e.getMessage() + " ]", e);
- } catch (CertificateException e) {
- Logger.error(
- "Failed to add Metadata file for "
- + oa.getFriendlyName() + "[ "
- + e.getMessage() + " ]", e);
+ if (!providersinuse.containsKey(metadataURL)) {
+ httpProvider = createNewHTTPMetaDataProvider(
+ metadataURL,
+ pvp2Config.getCertificate(),
+ oa.getFriendlyName());
+ if (httpProvider != null)
+ providersinuse.put(metadataURL, httpProvider);
+ } else {
+ Logger.info(metadataURL + " are already added.");
} else {
+ " is not a PVP2 Application skipping");
@@ -94,12 +273,74 @@ public class MOAMetadataProvider implements MetadataProvider {
"Failed to add Metadata (unhandled reason: "
+ e.getMessage(), e);
+ if (httpProvider != null) {
+ Logger.debug("Destroy failed Metadata provider");
+ httpProvider.destroy();
+ }
+ try {
+ chainProvider.setProviders(new ArrayList<MetadataProvider>(providersinuse.values()));
+ } catch (MetadataProviderException e) {
+ Logger.error(
+ "Failed to add Metadata (unhandled reason: "
+ + e.getMessage(), e);
+ }
internalProvider = chainProvider;
+ timestamp = new Date();
+ private HTTPMetadataProvider createNewHTTPMetaDataProvider(String metadataURL, byte[] certificate, String oaName) {
+ HTTPMetadataProvider httpProvider = null;
+ Timer timer= null;
+ try {
+ timer = new Timer();
+ httpProvider = new HTTPMetadataProvider(timer, new HttpClient(),
+ metadataURL);
+ httpProvider.setParserPool(new BasicParserPool());
+ httpProvider.setRequireValidMetadata(true);
+ httpProvider.setMinRefreshDelay(1000*60*15); //15 minutes
+ httpProvider.setMaxRefreshDelay(1000*60*60*24); //24 hours
+ //httpProvider.setRefreshDelayFactor(0.1F);
+ // TODO: use proper SSL checking
+ MetadataFilter filter = new MetadataSignatureFilter(
+ metadataURL, certificate);
+ httpProvider.setMetadataFilter(filter);
+ httpProvider.initialize();
+ return httpProvider;
+ } catch (Throwable e) {
+ Logger.error(
+ "Failed to add Metadata file for "
+ + oaName + "[ "
+ + e.getMessage() + " ]", e);
+ if (httpProvider != null) {
+ Logger.debug("Destroy failed Metadata provider");
+ httpProvider.destroy();
+ }
+ if (timer != null) {
+ Logger.debug("Destroy Timer.");
+ timer.cancel();
+ }
+ }
+ return null;
+ }
public boolean requireValidMetadata() {
return internalProvider.requireValidMetadata();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
index d479de2d7..f84e6e588 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/ArtifactResolution.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import javax.servlet.http.HttpServletRequest;
@@ -8,8 +30,8 @@ import org.opensaml.common.binding.artifact.SAMLArtifactMap.SAMLArtifactMapEntry
import org.opensaml.saml2.core.ArtifactResolve;
import org.opensaml.saml2.core.ArtifactResponse;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPAssertionStorage;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.SoapBinding;
@@ -23,7 +45,7 @@ public class ArtifactResolution implements IRequestHandler {
return (obj.getSamlRequest() instanceof ArtifactResolve);
- public void process(MOARequest obj, HttpServletRequest req,
+ public String process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
@@ -50,7 +72,8 @@ public class ArtifactResolution implements IRequestHandler {
Logger.error("Failed to resolve artifact", e);
+ return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
index f8270cf33..d318792f1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/AuthnRequestHandler.java
@@ -1,24 +1,73 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.saml2.core.EncryptedAssertion;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.impl.EncryptedAssertionBuilder;
+import org.opensaml.saml2.encryption.Encrypter;
+import org.opensaml.saml2.encryption.Encrypter.KeyPlacement;
import org.opensaml.saml2.metadata.AssertionConsumerService;
import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.KeyDescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.security.MetadataCredentialResolver;
+import org.opensaml.security.MetadataCriteria;
import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.encryption.EncryptionConstants;
+import org.opensaml.xml.encryption.EncryptionException;
+import org.opensaml.xml.encryption.EncryptionParameters;
+import org.opensaml.xml.encryption.KeyEncryptionParameters;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.CriteriaSet;
import org.opensaml.xml.security.SecurityException;
+import org.opensaml.xml.security.credential.Credential;
+import org.opensaml.xml.security.credential.UsageType;
+import org.opensaml.xml.security.criteria.EntityIDCriteria;
+import org.opensaml.xml.security.criteria.UsageCriteria;
+import org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory;
+import org.opensaml.xml.security.x509.BasicX509Credential;
+import org.opensaml.xml.security.x509.X509Credential;
+import org.opensaml.xml.signature.KeyInfo;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.ArtifactBinding;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
@@ -29,8 +78,10 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionB
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionConsumerServiceException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.InvalidAssertionEncryptionException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.PrettyPrinter;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.logging.Logger;
public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
@@ -39,7 +90,7 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
return (obj.getSamlRequest() instanceof AuthnRequest);
- public void process(MOARequest obj, HttpServletRequest req,
+ public String process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession authSession) throws MOAIDException {
if (!handleObject(obj)) {
throw new MOAIDException("pvp2.13", null);
@@ -48,58 +99,125 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
AuthnRequest authnRequest = (AuthnRequest) obj.getSamlRequest();
EntityDescriptor peerEntity = obj.getEntityMetadata();
-// if (!AuthenticationSessionStoreage.isAuthenticated(authSession.getSessionID())) {
-// throw new AuthenticationException("auth.21", new Object[] {});
-// }
+ DateTime date = new DateTime();
-// AuthenticationManager authmanager = AuthenticationManager.getInstance();
-// AuthenticationSession authSession =authmanager.getAuthenticationSession(req.getSession());
+ Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity, date);
- // authSession.getM
- Assertion assertion = PVP2AssertionBuilder.buildAssertion(authnRequest, authSession, peerEntity);
Response authResponse = SAML2Utils.createSAMLObject(Response.class);
Issuer nissuer = SAML2Utils.createSAMLObject(Issuer.class);
- authResponse.getAssertions().add(assertion);
+ //SAML2 response required IssueInstant
+ authResponse.setIssueInstant(date);
+ SPSSODescriptor spSSODescriptor = peerEntity
+ .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
Integer aIdx = authnRequest.getAssertionConsumerServiceIndex();
int idx = 0;
if (aIdx != null) {
idx = aIdx.intValue();
+ } else {
+ idx = SAML2Utils.getDefaultAssertionConsumerServiceIndex(spSSODescriptor);
- SPSSODescriptor spSSODescriptor = peerEntity
- .getSPSSODescriptor(SAMLConstants.SAML20P_NS);
AssertionConsumerService consumerService = spSSODescriptor
if (consumerService == null) {
+ //TODO: maybe use default ConsumerService
throw new InvalidAssertionConsumerServiceException(idx);
String oaURL = consumerService.getLocation();
+ //check, if metadata includes an encryption key
+ MetadataCredentialResolver mdCredResolver =
+ new MetadataCredentialResolver(MOAMetadataProvider.getInstance());
+ CriteriaSet criteriaSet = new CriteriaSet();
+ criteriaSet.add( new EntityIDCriteria(obj.getSamlRequest().getIssuer().getValue()) );
+ criteriaSet.add( new MetadataCriteria(SPSSODescriptor.DEFAULT_ELEMENT_NAME, SAMLConstants.SAML20P_NS) );
+ criteriaSet.add( new UsageCriteria(UsageType.ENCRYPTION) );
+ X509Credential encryptionCredentials = null;
+ try {
+ encryptionCredentials = (X509Credential) mdCredResolver.resolveSingle(criteriaSet);
+ } catch (SecurityException e2) {
+ Logger.warn("Can not extract the Assertion Encryption-Key from metadata", e2);
+ throw new InvalidAssertionEncryptionException();
+ }
+ if (encryptionCredentials != null) {
+ //encrypt SAML2 assertion
+ try {
+ EncryptionParameters dataEncParams = new EncryptionParameters();
+ dataEncParams.setAlgorithm(EncryptionConstants.ALGO_ID_BLOCKCIPHER_AES128);
+ List<KeyEncryptionParameters> keyEncParamList = new ArrayList<KeyEncryptionParameters>();
+ KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
+ keyEncParam.setEncryptionCredential(encryptionCredentials);
+ keyEncParam.setAlgorithm(EncryptionConstants.ALGO_ID_KEYTRANSPORT_RSAOAEP);
+ KeyInfoGeneratorFactory kigf = Configuration.getGlobalSecurityConfiguration()
+ .getKeyInfoGeneratorManager().getDefaultManager()
+ .getFactory(encryptionCredentials);
+ keyEncParam.setKeyInfoGenerator(kigf.newInstance());
+ keyEncParamList.add(keyEncParam);
+ Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
+ //samlEncrypter.setKeyPlacement(KeyPlacement.INLINE);
+ samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
+ EncryptedAssertion encryptAssertion = null;
+ encryptAssertion = samlEncrypter.encrypt(assertion);
+ authResponse.getEncryptedAssertions().add(encryptAssertion);
+ } catch (EncryptionException e1) {
+ Logger.warn("Can not encrypt the PVP2 assertion", e1);
+ throw new InvalidAssertionEncryptionException();
+ }
+ } else {
+ authResponse.getAssertions().add(assertion);
+ }
IEncoder binding = null;
if (consumerService.getBinding().equals(
binding = new RedirectBinding();
} else if (consumerService.getBinding().equals(
// TODO: not supported YET!!
binding = new ArtifactBinding();
} else if (consumerService.getBinding().equals(
binding = new PostBinding();
if (binding == null) {
@@ -109,12 +227,28 @@ public class AuthnRequestHandler implements IRequestHandler, PVPConstants {
try {
binding.encodeRespone(req, resp, authResponse, oaURL);
// TODO add remoteSessionID to AuthSession ExternalPVPSessionStore
+// Logger logger = new Logger();
+// logger.debug("Redirect Binding Request = " + PrettyPrinter.prettyPrint(SAML2Utils.asDOMDocument(authResponse)));
+ return assertion.getID();
} catch (MessageEncodingException e) {
Logger.error("Message Encoding exception", e);
throw new MOAIDException("pvp2.01", null, e);
} catch (SecurityException e) {
Logger.error("Security exception", e);
throw new MOAIDException("pvp2.01", null, e);
+// } catch (TransformerException e) {
+// Logger.error("Security exception", e);
+// throw new MOAIDException("pvp2.01", null, e);
+// } catch (IOException e) {
+// Logger.error("Security exception", e);
+// throw new MOAIDException("pvp2.01", null, e);
+// } catch (MarshallingException e) {
+// Logger.error("Security exception", e);
+// throw new MOAIDException("pvp2.01", null, e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
index 458316c6d..92a47adb3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/IRequestHandler.java
@@ -1,15 +1,37 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
public interface IRequestHandler {
public boolean handleObject(MOARequest obj);
- public void process(MOARequest obj, HttpServletRequest req,
+ public String process(MOARequest obj, HttpServletRequest req,
HttpServletResponse resp, AuthenticationSession moasession) throws MOAIDException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
index a043bfde5..a4f43a97a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/requestHandler/RequestManager.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.requestHandler;
import java.util.ArrayList;
@@ -7,8 +29,8 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOARequest;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSupported;
@@ -31,14 +53,13 @@ public class RequestManager {
handler.add(new ArtifactResolution());
- public void handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
+ public String handle(MOARequest obj, HttpServletRequest req, HttpServletResponse resp, AuthenticationSession moasession)
throws SAMLRequestNotSupported, MOAIDException {
Iterator<IRequestHandler> it = handler.iterator();
while(it.hasNext()) {
IRequestHandler handler = it.next();
if(handler.handleObject(obj)) {
- handler.process(obj, req, resp, moasession);
- return;
+ return handler.process(obj, req, resp, moasession);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
index 38251ab56..1963115da 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialProvider.java
@@ -1,22 +1,35 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-import iaik.pkcs.pkcs12.PKCS12;
-import iaik.x509.X509Certificate;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
-import java.io.IOException;
import java.security.KeyStore;
-import java.security.cert.CertificateException;
-import javax.jws.soap.SOAPBinding.Use;
+import java.security.PrivateKey;
+import java.security.interfaces.RSAPrivateKey;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.UsageType;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.KeyStoreX509CredentialAdapter;
-import org.opensaml.xml.security.x509.X509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureConstants;
@@ -24,35 +37,73 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.KeyStoreUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
public class CredentialProvider {
- public static Credential getIDPSigningCredential()
+ private static KeyStore keyStore = null;
+ public static Credential getIDPMetaDataSigningCredential()
throws CredentialsNotAvailableException {
- KeyStore keyStore;
PVPConfiguration config = PVPConfiguration.getInstance();
try {
- keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
- config.getIDPKeyStorePassword());
+ if (keyStore == null)
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
- keyStore, config.getIDPKeyAlias(), config
- .getIDPKeyPassword().toCharArray());
+ keyStore, config.getIDPKeyAliasMetadata(), config
+ .getIDPKeyPasswordMetadata().toCharArray());
return credentials;
} catch (Exception e) {
- Logger.error("Failed to generate IDP Signing credentials");
+ Logger.error("Failed to generate IDP Metadata Signing credentials");
throw new CredentialsNotAvailableException(e.getMessage(), null);
+ public static Credential getIDPAssertionSigningCredential()
+ throws CredentialsNotAvailableException {
+ PVPConfiguration config = PVPConfiguration.getInstance();
+ try {
+ if (keyStore == null)
+ keyStore = KeyStoreUtils.loadKeyStore(config.getIDPKeyStoreFilename(),
+ config.getIDPKeyStorePassword());
+ KeyStoreX509CredentialAdapter credentials = new KeyStoreX509CredentialAdapter(
+ keyStore, config.getIDPKeyAliasAssertionSign(), config
+ .getIDPKeyPasswordAssertionSign().toCharArray());
+ credentials.setUsageType(UsageType.SIGNING);
+ return credentials;
+ } catch (Exception e) {
+ Logger.error("Failed to generate IDP Assertion Signing credentials");
+ e.printStackTrace();
+ throw new CredentialsNotAvailableException(e.getMessage(), null);
+ }
+ }
public static Signature getIDPSignature(Credential credentials) {
+ PrivateKey privatekey = credentials.getPrivateKey();
Signature signer = SAML2Utils.createSAMLObject(Signature.class);
- signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
- signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
+ if (privatekey instanceof RSAPrivateKey) {
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
+ } else if (privatekey instanceof iaik.security.ecc.ecdsa.ECPrivateKey) {
+ signer.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_ECDSA_SHA1);
+ }
+ signer.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
return signer;
public static Credential getSPTrustedCredential(String entityID)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
index 56864bc1f..a47c34c0b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/CredentialsNotAvailableException.java
@@ -1,6 +1,28 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public class CredentialsNotAvailableException extends MOAIDException {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
index b88998cd1..ef64efb56 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/signer/SAMLSigner.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.signer;
public class SAMLSigner {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
index a59fc17c5..666bfab3c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AttributeExtractor.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.util.Iterator;
@@ -5,18 +27,16 @@ import java.util.List;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
-import at.gv.egovernment.moa.id.auth.validator.parep.ParepValidator;
public class AttributeExtractor {
public static String extractSAMLAttributeOA(String name,
AuthenticationSession authSession) {
- List extAttributes = authSession.getExtendedSAMLAttributesOA();
+ List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesOA();
if(extAttributes == null) {
return null;
- Iterator extAttributesIt = extAttributes.iterator();
- String value = null;
+ Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
while(extAttributesIt.hasNext()) {
Object attr = extAttributesIt.next();
if(attr instanceof ExtendedSAMLAttribute) {
@@ -34,12 +54,11 @@ public class AttributeExtractor {
public static String extractSAMLAttributeAUTH(String name,
AuthenticationSession authSession) {
- List extAttributes = authSession.getExtendedSAMLAttributesAUTH();
+ List<ExtendedSAMLAttribute> extAttributes = authSession.getExtendedSAMLAttributesAUTH();
if(extAttributes == null) {
return null;
- Iterator extAttributesIt = extAttributes.iterator();
- String value = null;
+ Iterator<ExtendedSAMLAttribute> extAttributesIt = extAttributes.iterator();
while(extAttributesIt.hasNext()) {
Object attr = extAttributesIt.next();
if(attr instanceof ExtendedSAMLAttribute) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
index 66d0b1d46..e3c90ea35 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/CheckMandateAttributes.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.util.ArrayList;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
index 7d81825d9..d715b8b7b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/Digester.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.security.MessageDigest;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
index 807da0ebe..c40731576 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/PrettyPrinter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.io.*;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
index d6ac121b1..b52e37e06 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java
@@ -1,7 +1,30 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
+import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilder;
@@ -13,14 +36,14 @@ import org.opensaml.Configuration;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Status;
import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.saml2.metadata.AssertionConsumerService;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.io.Marshaller;
import org.opensaml.xml.io.MarshallingException;
import org.w3c.dom.Document;
-import eu.stork.vidp.messages.common.STORKBootstrap;
public class SAML2Utils {
public static <T> T createSAMLObject(final Class<T> clazz) {
@@ -79,4 +102,17 @@ public class SAML2Utils {
return status;
+ public static int getDefaultAssertionConsumerServiceIndex(SPSSODescriptor spSSODescriptor) {
+ List<AssertionConsumerService> assertionConsumerList = spSSODescriptor.getAssertionConsumerServices();
+ for (AssertionConsumerService el : assertionConsumerList) {
+ if (el.isDefault())
+ return el.getIndex();
+ }
+ return 0;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
index 70793d073..cf3650afd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/StoredAssertion.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
import org.joda.time.DateTime;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
index bf30c72cb..0b2bbafeb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ChainSAMLValidator.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
import java.util.ArrayList;
@@ -6,7 +28,7 @@ import java.util.List;
import org.opensaml.saml2.core.RequestAbstractType;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public class ChainSAMLValidator implements ISAMLValidator {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
index 525a0870e..f9dab1cb5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/ISAMLValidator.java
@@ -1,8 +1,30 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
import org.opensaml.saml2.core.RequestAbstractType;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public interface ISAMLValidator {
public void validateRequest(RequestAbstractType request) throws MOAIDException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
index db1241e6f..d65b847dc 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/validation/SAMLSignatureValidator.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.validation;
import org.opensaml.common.SignableSAMLObject;
@@ -5,7 +27,7 @@ import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.validation.ValidationException;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException;
public class SAMLSignatureValidator implements ISAMLValidator {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
index 5cea607bc..749f613f8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ChainSAMLVerifier.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import java.util.ArrayList;
@@ -6,7 +28,7 @@ import java.util.List;
import org.opensaml.saml2.core.RequestAbstractType;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public class ChainSAMLVerifier implements ISAMLVerifier {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
index b78c2f264..4ef9919ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/EntityVerifier.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import java.util.Iterator;
@@ -10,7 +32,7 @@ import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
index a577f3f46..8bbf8ee1a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/ISAMLVerifier.java
@@ -1,8 +1,30 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import org.opensaml.saml2.core.RequestAbstractType;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
public interface ISAMLVerifier {
public void verifyRequest(RequestAbstractType request) throws MOAIDException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
index 36dc2442c..d398ca533 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/MetadataSignatureFilter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import iaik.x509.X509Certificate;
@@ -10,10 +32,11 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.provider.FilterException;
import org.opensaml.saml2.metadata.provider.MetadataFilter;
import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.x509.BasicX509Credential;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException;
import at.gv.egovernment.moa.logging.Logger;
public class MetadataSignatureFilter implements MetadataFilter {
@@ -31,7 +54,7 @@ public class MetadataSignatureFilter implements MetadataFilter {
public void processEntityDescriptorr(EntityDescriptor desc) throws MOAIDException {
- String entityID = desc.getEntityID();
+// String entityID = desc.getEntityID();
@@ -48,9 +71,37 @@ public class MetadataSignatureFilter implements MetadataFilter {
Iterator<EntityDescriptor> entIT = desc.getEntityDescriptors().iterator();
- while(entID.hasNext()) {
- processEntityDescriptorr(entIT.next());
+ //check every Entity
+ while(entIT.hasNext()) {
+ EntityDescriptor entity = entIT.next();
+ String entityID = entity.getEntityID();
+ //CHECK if Entity also match MetaData signature.
+ /*This check is necessary to prepend declaration of counterfeit OA metadata!!*/
+ byte[] entityCert = EntityVerifier.fetchSavedCredential(entityID);
+ if (entityCert != null) {
+ X509Certificate cert;
+ try {
+ cert = new X509Certificate(entityCert);
+ BasicX509Credential entityCrendential = new BasicX509Credential();
+ entityCrendential.setEntityCertificate(cert);
+ EntityVerifier.verify(desc, entityCrendential);
+ } catch (Exception e) {
+ throw new MOAIDException("The App", null, e);
+ }
+ } else {
+ throw new NoCredentialsException("NO Certificate found for OA " + entityID);
+ }
+ //TODO: insert to support signed Entity-Elements
+ //processEntityDescriptorr(entIT.next());
@@ -68,6 +119,9 @@ public class MetadataSignatureFilter implements MetadataFilter {
} */else {
throw new MOAIDException("Invalid Metadata file Root element is no EntitiesDescriptor", null);
+ ConfigurationDBUtils.closeSession();
Logger.info("Metadata Filter done OK");
} catch (MOAIDException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
index 8df418f9a..ac222ee54 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerificationEngine.java
@@ -1,9 +1,30 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.Response;
-import org.opensaml.saml2.metadata.IDPSSODescriptor;
import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.security.MetadataCriteria;
import org.opensaml.security.SAMLSignatureProfileValidator;
@@ -42,6 +63,7 @@ public class SAMLVerificationEngine {
public void verifyRequest(RequestAbstractType samlObj, SignatureTrustEngine sigTrustEngine ) throws org.opensaml.xml.security.SecurityException, Exception {
SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
try {
} catch (ValidationException e) {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
index 6dbaae0a1..b689de1d2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import org.opensaml.saml2.core.RequestAbstractType;
@@ -5,12 +27,12 @@ import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.config.ConfigurationException;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
index f3c5ed86a..e48c7bb98 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/TrustEngineFactory.java
@@ -1,11 +1,31 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
import java.util.ArrayList;
import java.util.List;
-import org.opensaml.saml2.metadata.provider.MetadataProviderException;
import org.opensaml.security.MetadataCredentialResolver;
-import org.opensaml.xml.security.credential.CredentialResolver;
import org.opensaml.xml.security.keyinfo.BasicProviderKeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xml.security.keyinfo.KeyInfoProvider;
@@ -16,8 +36,6 @@ import org.opensaml.xml.signature.SignatureTrustEngine;
import org.opensaml.xml.signature.impl.ExplicitKeySignatureTrustEngine;
import org.opensaml.xml.signature.impl.PKIXSignatureTrustEngine;
-import sun.security.krb5.Credentials;
import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import edu.internet2.middleware.shibboleth.common.security.MetadataPKIXValidationInformationResolver;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 75825d92d..4e1b0a135 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -1,28 +1,37 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
-import java.io.IOException;
-import java.io.PrintWriter;
-import java.io.UnsupportedEncodingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.builder.RedirectFormBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
@@ -32,17 +41,9 @@ import at.gv.egovernment.moa.util.URLEncoder;
public class GetArtifactAction implements IAction {
- public void processRequest(IRequest req, HttpServletRequest httpReq,
+ public String processRequest(IRequest req, HttpServletRequest httpReq,
HttpServletResponse httpResp, AuthenticationSession session) throws AuthenticationException {
-// HttpSession httpSession = httpReq.getSession();
-// AuthenticationManager authmanager = AuthenticationManager.getInstance();
-// AuthenticationSession session = authmanager.getAuthenticationSession(httpSession);
-// if (!AuthenticationSessionStoreage.isAuthenticated(session.getSessionID())) {
-// throw new AuthenticationException("auth.21", new Object[] {});
-// }
String oaURL = (String) req.getOAURL();
String target = (String) req.getTarget();
@@ -59,23 +60,10 @@ public class GetArtifactAction implements IAction {
throw new WrongParametersException("StartAuthentication",
PARAM_OA, "auth.12");
- // if (oaURL == null) {
-// oaURL = session.getOAURLRequested();
-// }
// TODO: Support Mandate MODE!
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- // builds authentication data and stores it together with a SAML
- // artifact
- //TODO: check, if this is correct!!!!
- //AuthenticationData authData = buildAuthenticationData(session, session.getXMLVerifySignatureResponse(),
- // useUTC, false);
SAML1AuthenticationServer saml1server = SAML1AuthenticationServer.getInstace();
AuthenticationData authData = SAML1AuthenticationServer.buildAuthenticationData(session,
@@ -97,18 +85,13 @@ public class GetArtifactAction implements IAction {
httpResp.addHeader("Location", url);
} else {
- String redirectURL = oaURL;
- //session.getOAURLRequested();
+ String redirectURL = oaURL;
if (!oaParam.getBusinessService()) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
URLEncoder.encode(oaParam.getTarget(), "UTF-8"));
redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
URLEncoder.encode(samlArtifactBase64, "UTF-8"));
redirectURL = httpResp.encodeRedirectURL(redirectURL);
@@ -117,52 +100,14 @@ public class GetArtifactAction implements IAction {
httpResp.addHeader("Location", redirectURL);
Logger.debug("REDIRECT TO: " + redirectURL);
- /*
- * OAAuthParameter oaParam =
- * AuthConfigurationProvider.getInstance().
- * getOnlineApplicationParameter(oaURL);
- *
- * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
- * == null) { friendlyName = oaURL; }
- *
- *
- * LoginConfirmationBuilder builder = new
- * LoginConfirmationBuilder();
- * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
- * String form = builder.finish(oaURL, session.getIdentityLink()
- * .getName(), friendlyName);
- */
- /*
- * resp.setContentType("text/html");
- *
- * OutputStream out = resp.getOutputStream();
- * out.write(form.getBytes("UTF-8")); out.flush(); out.close();
- */
- } catch (WrongParametersException ex) {
- // handleWrongParameters(ex, req, httpResp);
- ex.printStackTrace();
- } catch (ConfigurationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (BuildException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (AuthenticationException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (UnsupportedEncodingException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (IOException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
- } catch (MOADatabaseException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
+ return authData.getAssertionID();
+ } catch (Exception ex) {
+ Logger.error("SAML1 Assertion build error", ex);
+ throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex);
protected static String addURLParameter(String url, String paramname,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
deleted file mode 100644
index 433302b4f..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactServlet.java
+++ /dev/null
@@ -1,135 +0,0 @@
-package at.gv.egovernment.moa.id.protocols.saml1;
-import java.io.IOException;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.URLEncoder;
-public class GetArtifactServlet extends AuthServlet {
- /**
- *
- */
- private static final long serialVersionUID = 3593264832041467899L;
- /**
- * Constructor for GetArtifactServlet.
- */
- public GetArtifactServlet() {
- super();
- }
- @Override
- protected void doGet(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- HttpSession httpSession = req.getSession();
-// AuthenticationSession session = AuthenticationManager
-// .getAuthenticationSession(httpSession);
-// String oaURL = (String) req.getAttribute(PARAM_OA);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
-// String target = (String) req.getAttribute(PARAM_TARGET);
-// target = StringEscapeUtils.escapeHtml(target);
-// try {
-// // check parameter
-// if (!ParamValidatorUtils.isValidOA(oaURL))
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
-// if (oaURL == null) {
-// oaURL = session.getOAURLRequested();
-// }
-// if (oaURL == null) {
-// throw new WrongParametersException("StartAuthentication",
-// PARAM_OA, "auth.12");
-// }
-// String samlArtifactBase64 = SAML1AuthenticationServer
-// .BuildSAMLArtifact(session);
-// String redirectURL = oaURL;
-// session.getOAURLRequested();
-// if (!session.getBusinessService()) {
-// redirectURL = addURLParameter(redirectURL, PARAM_TARGET,
-// URLEncoder.encode(session.getTarget(), "UTF-8"));
-// }
-// redirectURL = addURLParameter(redirectURL, PARAM_SAMLARTIFACT,
-// URLEncoder.encode(samlArtifactBase64, "UTF-8"));
-// redirectURL = resp.encodeRedirectURL(redirectURL);
-// resp.setContentType("text/html");
-// resp.setStatus(302);
-// resp.addHeader("Location", redirectURL);
-// Logger.debug("REDIRECT TO: " + redirectURL);
-// /*
-// * OAAuthParameter oaParam =
-// * AuthConfigurationProvider.getInstance().
-// * getOnlineApplicationParameter(oaURL);
-// *
-// * String friendlyName = oaParam.getFriendlyName(); if(friendlyName
-// * == null) { friendlyName = oaURL; }
-// *
-// *
-// * LoginConfirmationBuilder builder = new
-// * LoginConfirmationBuilder();
-// * builder.addParameter(PARAM_SAMLARTIFACT, samlArtifactBase64);
-// * String form = builder.finish(oaURL, session.getIdentityLink()
-// * .getName(), friendlyName);
-// */
-// /*
-// resp.setContentType("text/html");
-// OutputStream out = resp.getOutputStream();
-// out.write(form.getBytes("UTF-8"));
-// out.flush();
-// out.close();*/
-// } catch (WrongParametersException ex) {
-// handleWrongParameters(ex, req, resp);
-// } catch (ConfigurationException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// } catch (BuildException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// } catch (AuthenticationException e) {
-// // TODO Auto-generated catch block
-// e.printStackTrace();
-// }
- }
- @Override
- protected void doPost(HttpServletRequest req, HttpServletResponse resp)
- throws ServletException, IOException {
- doGet(req, resp);
- }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
index 1fbcb9a46..0f5e9ee68 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -31,9 +53,9 @@ import org.apache.commons.lang3.StringEscapeUtils;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.Random;
@@ -86,7 +108,6 @@ public class GetAuthenticationDataService implements Constants {
String statusMessageCode = null;
String statusMessage = null;
String samlAssertion = "";
- boolean useUTC = false;
if (requests.length > 1) {
// more than 1 request given as parameter
statusCode = "samlp:Requester";
@@ -119,7 +140,7 @@ public class GetAuthenticationDataService implements Constants {
AuthenticationData authData = saml1server.getSaml1AuthenticationData(samlArtifact);
- useUTC = authData.getUseUTC();
+// useUTC = authData.getUseUTC();
// success
samlAssertion = authData.getSamlAssertion();
@@ -170,7 +191,7 @@ public class GetAuthenticationDataService implements Constants {
try {
String responseID = Random.nextRandom();
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), useUTC);
+ String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());
if (statusMessage == null)
statusMessage = MOAIDMessageProvider.getInstance().getMessage(statusMessageCode, null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index ede5f05d2..7c91026bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
import java.io.IOException;
@@ -10,10 +32,6 @@ import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
@@ -22,8 +40,12 @@ import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser;
-import at.gv.egovernment.moa.id.auth.validator.ValidateException;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -33,6 +55,7 @@ import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.moduls.IRequest;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
//import at.gv.egovernment.moa.id.util.IdentityLinkReSigner;
+import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
@@ -50,11 +73,9 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
return instance;
- //private static Map authenticationDataStore = new HashMap();
private static AssertionStorage authenticationDataStore = AssertionStorage.getInstance();
- //TODO: make this time configurable
* time out in milliseconds used by {@link cleanup} for authentication data
* store
@@ -117,24 +138,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("1206", new Object[] { samlArtifact });
- boolean keepAssertion = false;
- //removed from MOA-ID 2.0 config
-// try {
-// String boolStr = AuthConfigurationProvider.getInstance()
-// .getGenericConfigurationParameter(
-// "AuthenticationServer.KeepAssertion");
-// if (null != boolStr && boolStr.equalsIgnoreCase("true"))
-// keepAssertion = true;// Only allowed for debug purposes!!!
-// } catch (ConfigurationException ex) {
-// throw new AuthenticationException("1205", new Object[] {
-// samlArtifact, ex.toString() });
-// }
- if (!keepAssertion) {
- authenticationDataStore.remove(samlArtifact);
- }
+ authenticationDataStore.remove(samlArtifact);
long now = new Date().getTime();
@@ -196,7 +201,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set IdentityLink for assortion
String ilAssertion = "";
if (saml1parameter.isProvideIdentityLink()) {
- if (session.getBusinessService()) {
+ if (oaParam.getBusinessService()) {
//IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance();
// Element resignedilAssertion = identitylinkresigner.resignIdentityLink(authData.getIdentityLink()
@@ -217,7 +222,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String samlAssertion;
if (session.getUseMandate()) {
- List oaAttributes = session.getExtendedSAMLAttributesOA();
+ List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA();
if (saml1parameter.isProvideFullMandatorData()) {
@@ -247,6 +252,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+ break;
.info("Invalid return value from method \"getAddToAUTHBlock()\" ("
@@ -318,8 +325,8 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
String samlArtifact = new SAMLArtifactBuilder().build(
- session.getAuthURL(), session.getSessionID(),
- saml1parameter.getSourceID());
+ session.getAuthURL(), Random.nextRandom(),
+ saml1parameter.getSourceID());
storeAuthenticationData(samlArtifact, authData);
@@ -344,10 +351,6 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
throw new AuthenticationException("auth.10", new Object[] {
- //AuthenticationSession session = getSession(sessionID);
- // AuthConfigurationProvider authConf =
- // AuthConfigurationProvider.getInstance();
IdentityLink tempIdentityLink = null;
Element mandate = session.getMandate();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 309b644d5..1c57c841e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -1,26 +1,45 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
-import java.util.ArrayList;
import java.util.HashMap;
-import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.IAction;
import at.gv.egovernment.moa.id.moduls.IModulInfo;
import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ServletInfo;
-import at.gv.egovernment.moa.id.moduls.ServletType;
import at.gv.egovernment.moa.id.moduls.RequestImpl;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
@@ -33,13 +52,9 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
public static final String GETARTIFACT = "GetArtifact";
- private static List<ServletInfo> servletList = new ArrayList<ServletInfo>();
private static HashMap<String, IAction> actions = new HashMap<String, IAction>();
static {
- servletList.add(new ServletInfo(GetArtifactServlet.class, GETARTIFACT,
- ServletType.AUTH));
actions.put(GETARTIFACT, new GetArtifactAction());
@@ -55,11 +70,6 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
return instance;
- public List<ServletInfo> getServlets() {
- return servletList;
- }
public String getName() {
return NAME;
@@ -88,6 +98,8 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
+ Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL);
//load Target only from OA config
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
@@ -95,12 +107,16 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
if (oaParam == null)
throw new AuthenticationException("auth.00",
new Object[] { oaURL });
+ OASAML1 saml1 = oaParam.getSAML1Parameter();
+ if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
+ Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
+ throw new AuthenticationException("auth.00",
+ new Object[] { oaURL });
+ }
- //TODO: set reauthenticate if OA.useSSO=false
request.getSession().setAttribute(PARAM_OA, oaURL);
request.getSession().setAttribute(PARAM_TARGET, oaParam.getTarget());
return config;
@@ -139,26 +155,6 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
public boolean validate(HttpServletRequest request,
HttpServletResponse response, IRequest pending) {
- //TODO: funktioniert so nicht!!!
-// String oaURL = (String) request.getParameter(PARAM_OA);
-// oaURL = StringEscapeUtils.escapeHtml(oaURL);
-// String target = (String) request.getParameter(PARAM_TARGET);
-// target = StringEscapeUtils.escapeHtml(target);
-// //the target parameter is used to define the OA in SAML1 standard
-// if (target.startsWith("http")) {
-// oaURL = target;
-// target = null;
-// }
-// if (oaURL != null) {
-// if (oaURL.equals(pending.getOAURL()))
-// return true;
-// else
-// return false;
-// }
return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
index 846cdea63..708eb3f2c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
index 720031bf3..6a268b061 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ConnectionBuilderFactory.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
index e1bd38d68..59ef64357 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultConnectionBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
index 03b012a27..34add9895 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/DefaultLoginParameterResolver.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
index 1243960ac..4d5511ef8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/ElakConnectionBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
index 9bbef8aa9..2bc0fe131 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/EnhancedConnectionBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
index 980a132da..cd751b7ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolver.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
index 191fb51b9..1767185c8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -24,7 +46,7 @@
package at.gv.egovernment.moa.id.proxy;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
* Exception thrown while proxying a request to the online application
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
index bb6b0a476..0b43630ee 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/LoginParameterResolverFactory.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -69,7 +91,7 @@ public class LoginParameterResolverFactory {
if (className != null) {
try {
Class lprClass = Class.forName(className);
- LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
+ LoginParameterResolver lpr = (LoginParameterResolver)Class.forName(className).newInstance();
Class[] argumentTypes = { String.class, Boolean.class };
Method confMethod = lprClass.getMethod( "configure", argumentTypes );
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
index e075c99ef..91df96027 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/MOAIDProxyInitializer.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -91,10 +113,8 @@ public class MOAIDProxyInitializer {
ConnectionParameter connParamAuth = proxyConf.getAuthComponentConnectionParameter();
if (connParamAuth!=null) {
if (connParamAuth.isHTTPSURL()) {
- //TODO: einkommentieren!!!!
- //SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
- //AxisSecureSocketFactory.initialize(ssf);
+ SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(proxyConf, connParamAuth);
+ AxisSecureSocketFactory.initialize(ssf);
} else {
throw new ConfigurationException("config.16", null);
@@ -107,9 +127,7 @@ public class MOAIDProxyInitializer {
OAProxyParameter oaParam = oaParams[i];
ConnectionParameter oaConnParam = oaParam.getConnectionParameter();
if (oaConnParam.isHTTPSURL());
- //TODO: einkommentieren!!!!
- //SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
// Initializes the ConnectionBuilderFactory from configuration data
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
index 0d435a64f..df8a9bd4e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/NotAllowedException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -24,7 +46,7 @@
package at.gv.egovernment.moa.id.proxy;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
* Exception thrown while proxying a request to the online application
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
index 1a466c520..86da34e1c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverEncryptedData.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -701,4 +723,4 @@ public class XMLLoginParameterResolverEncryptedData implements LoginParameterRes
private Map bPKMap;
private Map namedMap;
private boolean isConfigured = false;
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
index b904161a1..2760a736b 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/XMLLoginParameterResolverPlainData.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -445,4 +467,4 @@ public class XMLLoginParameterResolverPlainData
Document doc = readXMLFile(fileName);
buildInfo(doc, businessService.booleanValue() );
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
index 2493f42b8..73f4d1f1f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -29,7 +51,7 @@ import java.util.Calendar;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.DateTimeUtils;
@@ -63,7 +85,7 @@ public class SAMLRequestBuilder implements Constants {
public Element build(String requestID, String samlArtifactBase64) throws BuildException {
try {
- String issueInstant = DateTimeUtils.buildDateTime(Calendar.getInstance(), true);
+ String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar.getInstance());
String request = MessageFormat.format(REQUEST, new Object[] {requestID, issueInstant, samlArtifactBase64});
Element requestElem = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
return requestElem;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
index 6cb7ffdfc..0ef2077a3 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/invoke/GetAuthenticationDataInvoker.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -36,10 +58,11 @@ import javax.xml.rpc.ServiceFactory;
import org.apache.axis.message.SOAPBodyElement;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider;
@@ -49,6 +72,7 @@ import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
import at.gv.egovernment.moa.id.proxy.servlet.ProxyException;
import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
* Invoker of
@@ -81,49 +105,63 @@ public class GetAuthenticationDataInvoker {
* either via API call or via web service call.
* @param samlArtifact SAML artifact to be used as a parameter
* @return AuthenticationData
+ * @throws MOAIDException
public AuthenticationData getAuthenticationData(String samlArtifact)
- throws ConfigurationException, ProxyException, BuildException, ServiceException, ParseException, AuthenticationException {
+ throws MOAIDException {
ConnectionParameter authConnParam =
- if (authConnParam == null) {
- try {
- if (apiServer == null) {
- Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
- Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
- apiServer = getInstanceMethod.invoke(null, (Object[]) null);
- apiMethod = serverClass.getMethod(
- "getAuthenticationData", new Class[] {String.class});
- }
- AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
- return authData;
- }
- catch (InvocationTargetException ex) {
- Throwable targetEx = ex.getTargetException();
- if (targetEx instanceof AuthenticationException)
- throw (AuthenticationException) targetEx;
- else
- throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
- }
- catch (Throwable ex) {
- throw new ProxyException("proxy.09", new Object[] {ex.toString()});
- }
- }
- else {
+ //Removed for MOA-ID 2.x
+// if (authConnParam == null) {
+// try {
+// if (apiServer == null) {
+// Class serverClass = Class.forName("at.gv.egovernment.moa.id.auth.AuthenticationServer");
+// Method getInstanceMethod = serverClass.getMethod("getInstance", (Class[]) null);
+// apiServer = getInstanceMethod.invoke(null, (Object[]) null);
+// apiMethod = serverClass.getMethod(
+// "getAuthenticationData", new Class[] {String.class});
+// }
+// AuthenticationData authData = (AuthenticationData)apiMethod.invoke(apiServer, new Object[] {samlArtifact});
+// return authData;
+// }
+// catch (InvocationTargetException ex) {
+// Throwable targetEx = ex.getTargetException();
+// if (targetEx instanceof AuthenticationException)
+// throw (AuthenticationException) targetEx;
+// else
+// throw new ProxyException("proxy.09", new Object[] {targetEx.toString()});
+// }
+// catch (Throwable ex) {
+// throw new ProxyException("proxy.09", new Object[] {ex.toString()});
+// }
+// }
+// else {
Element samlpRequest = new SAMLRequestBuilder().build(Random.nextRandom(), samlArtifact);
Element samlpResponse = getAuthenticationData(samlpRequest);
SAMLResponseParser srp = new SAMLResponseParser(samlpResponse);
SAMLStatus status = srp.parseStatusCode();
if (! "samlp:Success".equals(status.getStatusCode())) {
- // on error status throw exception
- String code = status.getStatusCode();
- if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
- code += "(" + status.getSubStatusCode() + ")";
- throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+ if ("samlp:Responder".equals(status.getStatusCode())) {
+ Logger.info("MOA-ID authentication process failed.");
+ String code = status.getStatusCode();
+ if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+ code += "(" + status.getSubStatusCode() + ")";
+ throw new MOAIDException("proxy.17", new Object[] {status.getStatusMessage()});
+ } else {
+ // on error status throw exception
+ String code = status.getStatusCode();
+ if (status.getSubStatusCode() != null && status.getSubStatusCode().length() > 0)
+ code += "(" + status.getSubStatusCode() + ")";
+ throw new ServiceException("service.02", new Object[] {code, status.getStatusMessage()});
+ }
return srp.parseAuthenticationData();
- }
+// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
index 1589f1440..35f72d36d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/AuthenticationDataAssertionParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -26,7 +48,7 @@ package at.gv.egovernment.moa.id.proxy.parser;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.util.BoolUtils;
import at.gv.egovernment.moa.util.Constants;
@@ -144,11 +166,10 @@ public class AuthenticationDataAssertionParser implements Constants {
XPathUtils.getAttributeValue(samlAssertion, ISSUE_INSTANT_XPATH, ""));
String pkValue = XPathUtils.getElementValue(samlAssertion, PK_XPATH, "");
- //TODO: set pBK and Type
if (XPathUtils.getAttributeValue(samlAssertion, NAME_QUALIFIER_XPATH, "").equalsIgnoreCase(URN_PREFIX_BPK)) {
- authData.setBPK(Constants.URN_PREFIX_BPK);
+ authData.setBPK(pkValue);
+ authData.setBPKType(Constants.URN_PREFIX_BPK);
} else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
index 18571f19d..9835c554d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParser.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -26,7 +48,7 @@ package at.gv.egovernment.moa.id.proxy.parser;
import org.w3c.dom.Element;
-import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.SAMLStatus;
import at.gv.egovernment.moa.util.Constants;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
index 099d663ea..e7340850c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ConfigurationServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -97,4 +119,4 @@ public void init(ServletConfig servletConfig) throws ServletException {
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
index 3a967d8f9..d4d4fa7a1 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyException.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -24,7 +46,7 @@
package at.gv.egovernment.moa.id.proxy.servlet;
-import at.gv.egovernment.moa.id.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
* Exception thrown while proxying a request to the online application
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
index ddaab7a28..52f72f577 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/proxy/servlet/ProxyServlet.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -30,6 +52,7 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
import java.net.HttpURLConnection;
import java.util.Enumeration;
import java.util.HashMap;
@@ -49,11 +72,12 @@ import javax.servlet.http.HttpSession;
import org.apache.commons.lang.StringEscapeUtils;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.ParseException;
-import at.gv.egovernment.moa.id.ServiceException;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.legacy.ConnectionParameter;
import at.gv.egovernment.moa.id.config.proxy.OAConfiguration;
@@ -72,6 +96,8 @@ import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.URLEncoder;
* Servlet requested for logging in at an online application,
@@ -88,6 +114,8 @@ public class ProxyServlet extends HttpServlet {
private static final String PARAM_TARGET = "Target";
/** Name of the Parameter for the SAMLArtifact */
private static final String PARAM_SAMLARTIFACT = "SAMLArtifact";
+ /** Name of the Parameter for the ErrorMessage */
+ private static final String PARAM_ERRORMASSAGE = "error";
/** Name of the Attribute for marking the session as authenticated*/
private static final String ATT_AUTHDATAFETCHED = "AuthDataFetched";
@@ -191,6 +219,13 @@ public class ProxyServlet extends HttpServlet {
if (session.getAttribute(ATT_BROWSERREQU)==null) {
+ // read configuration data
+ ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
+ OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
+ if (oaParam == null) {
+ throw new ProxyException("proxy.02", new Object[] { urlRequested });
+ }
samlArtifact = req.getParameter(PARAM_SAMLARTIFACT);
Logger.debug("moa-id-proxy login " + PARAM_SAMLARTIFACT + ": " + samlArtifact);
// String target = req.getParameter(PARAM_TARGET); parameter given but not processed
@@ -200,19 +235,26 @@ public class ProxyServlet extends HttpServlet {
AuthenticationData authData;
try {
authData = new GetAuthenticationDataInvoker().getAuthenticationData(samlArtifact);
} catch (ServiceException ex) {
- throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+ throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
} catch (ProxyException ex) {
throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
- }
+ } catch (MOAIDException ex) {
+ String errorURL = oaParam.getErrorRedirctURL();
+ if (MiscUtil.isNotEmpty(errorURL)) {
+ generateErrorAndRedirct(resp, errorURL, ex.getMessage());
+ return;
+ } else {
+ Logger.info("No ErrorRedirectURL defined. The error is shown on MOA-ID Proxy errorpage.");
+ throw new ProxyException("proxy.14", new Object[] {ex.getMessage()}, ex);
+ }
+ }
session.setAttribute(ATT_AUTHDATAFETCHED, "true");
- // read configuration data
- ProxyConfigurationProvider proxyConf = ProxyConfigurationProvider.getInstance();
- OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(urlRequested);
- if (oaParam == null) {
- throw new ProxyException("proxy.02", new Object[] { urlRequested });
- }
publicURLPrefix = oaParam.getPublicURLPrefix();
Logger.debug("OA: " + publicURLPrefix);
oaConf = oaParam.getOaConfiguration();
@@ -257,17 +299,32 @@ public class ProxyServlet extends HttpServlet {
} catch (LoginParameterResolverException ex) {
- throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
+ String errorURL = oaParam.getErrorRedirctURL();
+ if (MiscUtil.isNotEmpty(errorURL)) {
+ generateErrorAndRedirct(resp, errorURL,
+ MOAIDMessageProvider.getInstance().getMessage("proxy.13",
+ new Object[] { publicURLPrefix }));
+ return;
+ } else
+ throw new ProxyException("proxy.13", new Object[] { publicURLPrefix });
} catch (NotAllowedException e) {
- throw new ProxyException("proxy.15", new Object[] { });
+ String errorURL = oaParam.getErrorRedirctURL();
+ if (MiscUtil.isNotEmpty(errorURL)) {
+ generateErrorAndRedirct(resp, errorURL,
+ MOAIDMessageProvider.getInstance().getMessage("proxy.15",
+ new Object[] { }));
+ return;
+ } else
+ throw new ProxyException("proxy.15", new Object[] { });
// setup SSLSocketFactory for communication with the online application
if (oaConnParam.isHTTPSURL()) {
- try {
- //TODO: einkommentieren!!!!
- //ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
+ try {
+ ssf = SSLUtils.getSSLSocketFactory(proxyConf, oaConnParam);
} catch (Throwable ex) {
throw new ProxyException(
@@ -923,5 +980,28 @@ private static void copyStream(InputStream source, OutputStream destination, byt
+private static void generateErrorAndRedirct(HttpServletResponse resp, String errorURL, String message) {
+ try {
+ errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE,
+ URLEncoder.encode(message, "UTF-8"));
+ } catch (UnsupportedEncodingException e) {
+ errorURL = addURLParameter(errorURL, PARAM_ERRORMASSAGE, "Fehlermeldung%20konnte%20nicht%20%C3%BCbertragen%20werden.");
+ }
+ errorURL = resp.encodeRedirectURL(errorURL);
+ resp.setContentType("text/html");
+ resp.setStatus(302);
+ resp.addHeader("Location", errorURL);
+protected static String addURLParameter(String url, String paramname,
+ String paramvalue) {
+ String param = paramname + "=" + paramvalue;
+ if (url.indexOf("?") < 0)
+ return url + "?" + param;
+ else
+ return url + "&" + param;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
index ba4f65571..e1e03bce7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AssertionStorage.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.storage;
import java.io.Serializable;
@@ -114,7 +136,9 @@ public class AssertionStorage {
try {
AssertionStore element = searchInDatabase(artifact);
+ Logger.info("Remove Assertion with Artifact" + artifact);
} catch (MOADatabaseException e) {
Logger.info("Assertion not removed! (Assertion with Artifact=" + artifact
+ "not found)");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 5da3dd8f6..b00df8a86 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -1,11 +1,29 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.storage;
-import java.io.Serializable;
import java.util.Date;
-import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
-import java.util.Set;
import org.apache.commons.lang.SerializationUtils;
import org.hibernate.HibernateException;
@@ -13,12 +31,10 @@ import org.hibernate.Query;
import org.hibernate.Session;
import org.hibernate.Transaction;
-import at.gv.egovernment.moa.id.AuthenticationException;
-import at.gv.egovernment.moa.id.BuildException;
-import at.gv.egovernment.moa.id.MOAIDException;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
-import at.gv.egovernment.moa.id.commons.db.dao.session.AssertionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore;
@@ -136,7 +152,7 @@ public class AuthenticationSessionStoreage {
Session session = MOASessionDBUtils.getCurrentSession();
- List result;
+ List<AuthenticatedSessionStore> result;
synchronized (session) {
@@ -163,18 +179,6 @@ public class AuthenticationSessionStoreage {
-// public static void dumpSessionStore() {
-// synchronized (sessionStore) {
-// Set<String> keys = sessionStore.keySet();
-// Iterator<String> keyIterator = keys.iterator();
-// while(keyIterator.hasNext()) {
-// String key = keyIterator.next();
-// AuthenticationSession session = sessionStore.get(key);
-// Logger.info("Key: " + key + " -> " + session.toString());
-// }
-// }
-// }
public static String changeSessionID(AuthenticationSession session)
throws AuthenticationException, BuildException {
@@ -204,7 +208,7 @@ public class AuthenticationSessionStoreage {
public static void addSSOInformation(String moaSessionID, String SSOSessionID,
- String OAUrl) throws AuthenticationException {
+ String assertionID, String OAUrl) throws AuthenticationException {
AuthenticatedSessionStore dbsession;
Transaction tx = null;
@@ -212,7 +216,7 @@ public class AuthenticationSessionStoreage {
try {
Session session = MOASessionDBUtils.getCurrentSession();
- List result;
+ List<AuthenticatedSessionStore> result;
synchronized (session) {
@@ -227,6 +231,7 @@ public class AuthenticationSessionStoreage {
//Assertion requires an unique artifact
if (result.size() != 1) {
Logger.trace("No entries found.");
+ tx.rollback();
throw new MOADatabaseException("No session found with this sessionID");
@@ -237,6 +242,7 @@ public class AuthenticationSessionStoreage {
activeOA.setCreated(new Date());
+ activeOA.setAssertionSessionID(assertionID);
List<OASessionStore> activeOAs = dbsession.getActiveOAsessions();
@@ -257,12 +263,15 @@ public class AuthenticationSessionStoreage {
//Store MOASession
//send transaction
+ Logger.debug("Add SSO-Session login information for OA: " + OAUrl
+ + " and AssertionID: " + assertionID);
} catch (MOADatabaseException e) {
@@ -293,7 +302,7 @@ public class AuthenticationSessionStoreage {
throw new MOADatabaseException("No MOA Session with id: " + sessionID);
} catch (Throwable e) {
- Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID);
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + sessionID, e);
throw new MOADatabaseException("MOASession deserialization-exception");
@@ -369,20 +378,6 @@ public class AuthenticationSessionStoreage {
} else {
return true;
-// AuthenticatedSessionStore dbsession = result.get(0);
-// if (dbsession.getSessionid().equals(moaSessionId) && dbsession.isAuthenticated()) {
-// Log.info("Found SSO Session Cookie for MOA Session =" + moaSessionId);
-// return true;
-// } else {
-// Log.warn("Found SSO Session with ID="+ dbsession.getSessionid()
-// + " but this Session does not match to MOA Sesson ID=" + moaSessionId);
-// }
-// return false;
@@ -431,6 +426,44 @@ public class AuthenticationSessionStoreage {
+ public static AuthenticationSession getSessionWithPendingRequestID(String pedingRequestID) {
+ try {
+ MiscUtil.assertNotNull(pedingRequestID, "pedingRequestID");
+ Logger.trace("Get authenticated session with pedingRequestID " + pedingRequestID + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+ List<AuthenticatedSessionStore> result;
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getSessionWithPendingRequestID");
+ query.setString("sessionid", pedingRequestID);
+ result = query.list();
+ //send transaction
+ session.getTransaction().commit();
+ }
+ Logger.trace("Found entries: " + result.size());
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ return null;
+ }
+ //decrypt Session
+ byte[] decrypted = SessionEncrytionUtil.decrypt(result.get(0).getSession());
+ return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
+ } catch (Throwable e) {
+ Logger.warn("MOASession deserialization-exception by using MOASessionID=" + pedingRequestID);
+ return null;
+ }
+ }
public static void clean(long now, long authDataTimeOutCreated, long authDataTimeOutUpdated) {
Date expioredatecreate = new Date(now - authDataTimeOutCreated);
Date expioredateupdate = new Date(now - authDataTimeOutUpdated);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
new file mode 100644
index 000000000..ae8e5ee27
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/DBExceptionStoreImpl.java
@@ -0,0 +1,175 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.storage;
+import java.util.Date;
+import java.util.List;
+import org.apache.commons.lang.SerializationUtils;
+import org.hibernate.HibernateException;
+import org.hibernate.Query;
+import org.hibernate.Session;
+import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.session.ExceptionStore;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class DBExceptionStoreImpl implements IExceptionStore {
+ private static DBExceptionStoreImpl store;
+ public static DBExceptionStoreImpl getStore() {
+ if(store == null) {
+ store = new DBExceptionStoreImpl();
+ }
+ return store;
+ }
+ public String storeException(Throwable e) {
+ String id = Random.nextRandom();
+ Logger.debug("Store Exception with ID " + id);
+ ExceptionStore dbexception = new ExceptionStore();
+ dbexception.setExid(id);
+ byte[] data = SerializationUtils.serialize(e);
+ dbexception.setException(data);
+ dbexception.setTimestamp(new Date());
+ try {
+ MOASessionDBUtils.saveOrUpdate(dbexception);
+ } catch (MOADatabaseException e1) {
+ Logger.warn("Exception can not be stored in Database.", e);
+ return null;
+ }
+ return id;
+ }
+ public Throwable fetchException(String id) {
+ try {
+ Logger.debug("Fetch Exception with ID " + id);
+ ExceptionStore ex = searchInDatabase(id);
+ Object data = SerializationUtils.deserialize(ex.getException());
+ if (data instanceof Throwable)
+ return (Throwable) data;
+ else {
+ Logger.warn("Exeption is not of classtype Throwable");
+ return null;
+ }
+ } catch (MOADatabaseException e) {
+ Logger.info("No Exception found with ID=" + id);
+ return null;
+ } catch (Exception e) {
+ Logger.warn("Exception can not deserialized from Database.",e);
+ return null;
+ }
+ }
+ public void removeException(String id) {
+ try {
+ ExceptionStore ex = searchInDatabase(id);
+ MOASessionDBUtils.delete(ex);
+ Logger.debug("Delete Execption with ID " + id);
+ } catch (MOADatabaseException e) {
+ Logger.info("No Exception found with ID=" + id);
+ }
+ }
+ public void clean(long now, long exceptionTimeOut) {
+ Date expioredate = new Date(now - exceptionTimeOut);
+ List<ExceptionStore> results;
+ Session session = MOASessionDBUtils.getCurrentSession();
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getExceptionWithTimeOut");
+ query.setTimestamp("timeout", expioredate);
+ results = query.list();
+ session.getTransaction().commit();
+ }
+ if (results.size() != 0) {
+ for(ExceptionStore result : results) {
+ try {
+ MOASessionDBUtils.delete(result);
+ Logger.info("Remove Exception with ID=" + result.getExid()
+ + " after timeout.");
+ } catch (HibernateException e){
+ Logger.warn("Exception with ID=" + result.getExid()
+ + " not removed after timeout! (Error during Database communication)", e);
+ }
+ }
+ }
+ }
+ @SuppressWarnings("rawtypes")
+ private ExceptionStore searchInDatabase(String id) throws MOADatabaseException {
+ MiscUtil.assertNotNull(id, "exceptionID");
+ Logger.trace("Getting Exception with ID " + id + " from database.");
+ Session session = MOASessionDBUtils.getCurrentSession();
+ List result;
+ synchronized (session) {
+ session.beginTransaction();
+ Query query = session.getNamedQuery("getExceptionWithID");
+ query.setString("id", id);
+ result = query.list();
+ //send transaction
+ session.getTransaction().commit();
+ }
+ Logger.trace("Found entries: " + result.size());
+ //Assertion requires an unique artifact
+ if (result.size() != 1) {
+ Logger.trace("No entries found.");
+ throw new MOADatabaseException("No Exception found with ID " + id);
+ }
+ return (ExceptionStore) result.get(0);
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
index 5ea3be837..ce974c531 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/ExceptionStoreImpl.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.storage;
import java.util.HashMap;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
index 5c51fff73..4c76a49a4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/IExceptionStore.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.storage;
public interface IExceptionStore {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
index 70c397c42..046d0f825 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AxisSecureSocketFactory.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java
index 9b08ed4b1..566c8aec4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAConstants.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
index e1ef1af08..2c0a82708 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ECDSAKeyValueConverter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -593,4 +615,4 @@ public class ECDSAKeyValueConverter
return inScopeNSAttrs;
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
new file mode 100644
index 000000000..9ba78165c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/FormBuildUtils.java
@@ -0,0 +1,117 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.util;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class FormBuildUtils {
+ private static Map<String, String> defaultmap = null;
+ public static String MAIN_COLOR = "#MAIN_COLOR#";
+ public static String HEADER_COLOR = "#HEADER_COLOR#";
+ public static String BUTTON_COLOR = "#BUTTON_COLOR#";
+ public static String FONTFAMILY = "#FONTTYPE#";
+ public static String HEADER_TEXT = "#HEADER_TEXT#";
+ public static String REDIRECTTARGET = "#REDIRECTTARGET#";
+ private static String MANDATEVISIBLE = "#MANDATEVISIBLE#";
+ private static String MANDATECHECKED = "#MANDATECHECKED#";
+ private static final String TEMPLATEVISIBLE = " display: none";
+ private static final String TEMPLATEDISABLED = "disabled=\"true\"";
+ private static final String TEMPLATECHECKED = "checked=\"true\"";
+ private static final String TEMPLATE_ARIACHECKED = "aria-checked=";
+ static {
+ if (defaultmap == null) {
+ defaultmap = new HashMap<String, String>();
+ defaultmap.put(MAIN_BACKGROUNDCOLOR, "#F7F8F7");
+ defaultmap.put(MAIN_COLOR, "#000000");
+ defaultmap.put(HEADER_BACKGROUNDCOLOR, "#C3D2E2");
+ defaultmap.put(HEADER_COLOR, "#000000");
+ defaultmap.put(HEADER_TEXT, "Login");
+ defaultmap.put(BUTTON_COLOR, "#000000");
+ defaultmap.put(FONTFAMILY, "Verdana,Geneva,Arial,sans-serif");
+ defaultmap.put(REDIRECTTARGET, "_top");
+ }
+ }
+ public static String customiceLayoutBKUSelection(String value, boolean isShowMandateCheckbox,
+ boolean isOnlyMandateAllowed, Map<String, String> map) {
+ if (isShowMandateCheckbox)
+ value = value.replace(MANDATEVISIBLE, "");
+ else
+ if (isOnlyMandateAllowed) {
+ value = value.replace(MANDATECHECKED, TEMPLATECHECKED + " " +
+ } else
+ value = value.replace(MANDATECHECKED, TEMPLATE_ARIACHECKED + "\"false\"");
+ String fonttype = map.get(FONTFAMILY);
+ if (MiscUtil.isNotEmpty(fonttype)) {
+ String[] fonttypeList = fonttype.split(",");
+ String fonttypeformated = "\"" + fonttypeList[0].trim().replace("\"", "") + "\"";
+ for (int i=1; i<fonttypeList.length; i++) {
+ fonttypeformated += ",\"" + fonttypeList[i].trim().replace("\"", "") + "\"";
+ }
+ map.put(FONTFAMILY, fonttypeformated);
+ }
+ Set<String> elements = map.keySet();
+ for (String element: elements) {
+ value = value.replace(element, map.get(element));
+ }
+ return value;
+ }
+ public static Map<String, String> getDefaultMap() {
+ return defaultmap;
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
index ac34d31dc..3e31c0403 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPRequestJSPForwarder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -97,4 +119,4 @@ public class HTTPRequestJSPForwarder {
HttpServletResponse resp) {
forwardNamed(message, "/message.jsp", context, req, resp);
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
deleted file mode 100644
index 1e9cb9024..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPSessionUtils.java
+++ /dev/null
@@ -1,70 +0,0 @@
-package at.gv.egovernment.moa.id.util;
-import java.util.Enumeration;
-import java.util.HashMap;
-import java.util.Iterator;
-import java.util.Set;
-import javax.servlet.http.HttpSession;
-public class HTTPSessionUtils {
-// public static HashMap<String, Object> extractAllProperties(HttpSession session) {
-// @SuppressWarnings("unchecked")
-// Enumeration<String> keys = (Enumeration<String>)session.getAttributeNames();
-// HashMap<String, Object> properties = new HashMap<String, Object>();
-// while(keys.hasMoreElements()) {
-// Object keyObject = keys.nextElement();
-// String key = keyObject.toString();
-// Object value = session.getAttribute(key);
-// properties.put(key, value);
-// }
-// return properties;
-// }
-// public static void pushAllProperties(HttpSession session, HashMap<String, Object> properties) {
-// Set<String> keys = properties.keySet();
-// Iterator<String> keysIterator = keys.iterator();
-// while(keysIterator.hasNext()) {
-// String key = keysIterator.next();
-// session.setAttribute(key, properties.get(key));
-// }
-// }
-// public static boolean getHTTPSessionBoolean(HttpSession session, String name, boolean fallback) {
-// Object obj = session.getAttribute(name);
-// if(obj == null) {
-// return fallback;
-// }
-// if(obj instanceof Boolean) {
-// Boolean b = (Boolean)obj;
-// if(b != null) {
-// return b.booleanValue();
-// }
-// }
-// return fallback;
-// }
-// public static void setHTTPSessionBoolean(HttpSession session, String name, boolean value) {
-// session.setAttribute(name, new Boolean(value));
-// }
-// public static String getHTTPSessionString(HttpSession session, String name, String fallback) {
-// Object obj = session.getAttribute(name);
-// if(obj == null) {
-// return fallback;
-// }
-// if(obj instanceof String) {
-// return (String)obj;
-// }
-// return fallback;
-// }
-// public static void setHTTPSessionString(HttpSession session, String name, String value) {
-// session.setAttribute(name, value);
-// }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
index a148aa690..1f08d9019 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/HTTPUtils.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
new file mode 100644
index 000000000..090bea486
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/IdentityLinkReSigner.java
@@ -0,0 +1,192 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.util;
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import javax.xml.transform.TransformerException;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureCreationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+import at.gv.egovernment.moa.spss.api.common.MetaInfo;
+import at.gv.egovernment.moa.spss.api.common.Transform;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureEnvironmentProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateSignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateTransformsInfoProfile;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.DataObjectInfo;
+import at.gv.egovernment.moa.spss.api.xmlsign.ErrorResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse;
+import at.gv.egovernment.moa.spss.api.xmlsign.SingleSignatureInfo;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.MiscUtil;
+public class IdentityLinkReSigner {
+ private static IdentityLinkReSigner instance;
+ public static IdentityLinkReSigner getInstance() {
+ if (instance == null) {
+ instance = new IdentityLinkReSigner();
+ }
+ return instance;
+ }
+ public Element resignIdentityLink(Element idl) throws MOAIDException {
+ try {
+ AuthConfigurationProvider config = AuthConfigurationProvider.getInstance();
+ if (config.isIdentityLinkResigning()) {
+ if (idl == null) {
+ Logger.warn("IdentityLink is empty");
+ return null;
+ } else {
+ NodeList signatures = idl.getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature");
+ Node signature = signatures.item(0);
+ Node parent = signature.getParentNode();
+ parent.removeChild(signature);
+ }
+ SPSSFactory spssFac = SPSSFactory.getInstance();
+ String keyGroupId = config.getIdentityLinkResigningKey();
+ if (MiscUtil.isEmpty(keyGroupId)) {
+ Logger.warn("No IdentityLink reSigning-Key definded");
+ throw new MOAIDException("config.19", new Object[]{});
+ }
+ MetaInfo mi = spssFac.createMetaInfo("text/xml", null, null, null);
+ Transform envelopedSignatureTransform = spssFac.createEnvelopedSignatureTransform();
+ List<Transform> transformsList = new ArrayList<Transform>();
+ transformsList.add(envelopedSignatureTransform);
+ CreateTransformsInfo ct = spssFac.createCreateTransformsInfo(transformsList, mi);
+ CreateTransformsInfoProfile ctip = spssFac.createCreateTransformsInfoProfile(ct, null);
+ Content content = spssFac.createContent("");
+ DataObjectInfo doi = spssFac.createDataObjectInfo(DataObjectInfo.STRUCTURE_DETACHED, false, content, ctip);
+ // create signature environment
+ HashMap<String, String> nsMap = new HashMap<String, String>();
+ nsMap.put(Constants.SAML_PREFIX, Constants.SAML_NS_URI);
+ nsMap.put(Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
+ nsMap.put(Constants.PD_PREFIX, Constants.PD_NS_URI);
+ CreateSignatureLocation csl = spssFac.createCreateSignatureLocation("/" + Constants.SAML_PREFIX + ":" + "Assertion", -1, nsMap);
+ CreateSignatureEnvironmentProfile csep = spssFac.createCreateSignatureEnvironmentProfile(csl, null);
+ InputStream serializedIdl = new ByteArrayInputStream(DOMUtils.serializeNode(idl).getBytes());
+ Content confirmationContent = spssFac.createContent(serializedIdl, null);
+ CreateSignatureInfo csi = spssFac.createCreateSignatureInfo(confirmationContent, csep);
+ List<DataObjectInfo> dataobjectinfoList = new ArrayList<DataObjectInfo>();
+ dataobjectinfoList.add(doi);
+ SingleSignatureInfo ssi = spssFac.createSingleSignatureInfo(dataobjectinfoList, csi, false);
+ List<SingleSignatureInfo> singlesignatureinfolist = new ArrayList<SingleSignatureInfo>();
+ singlesignatureinfolist.add(ssi);
+ CreateXMLSignatureRequest cxsreq = spssFac.createCreateXMLSignatureRequest(keyGroupId, singlesignatureinfolist);
+ // signature creation service
+ SignatureCreationService scs = SignatureCreationService.getInstance();
+ CreateXMLSignatureResponse cxresp;
+ Logger.info("Creating MOA-SS signature");
+ cxresp = scs.createXMLSignature(cxsreq);
+ // evaluate response
+ List<Object> elements = cxresp.getResponseElements();
+ if (elements.get(0) instanceof ErrorResponse) {
+ ErrorResponse errResponse = (ErrorResponse) elements.get(0);
+ Logger.warn("Error while calling MOA-SS: " + errResponse.getErrorCode() + " / " + errResponse.getInfo());
+ throw new MOAIDException("builder.04", new Object[]{errResponse.getErrorCode(), errResponse.getInfo()});
+ } else if (elements.get(0) instanceof SignatureEnvironmentResponse) {
+ Logger.debug("Successfully created signature.");
+ SignatureEnvironmentResponse ser = (SignatureEnvironmentResponse) elements.get(0);
+ int responseType = ser.getResponseType();
+ if (responseType == SignatureEnvironmentResponse.ERROR_RESPONSE) {
+ Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS");
+ throw new MOAIDException("builder.05", new Object[]{});
+ } else {
+ Logger.debug("MOA-SS Signature createn successfull");
+ return ser.getSignatureEnvironment();
+ }
+ } else {
+ Logger.warn("Allgemeiner Fehler beim Aufruf von MOA-SS: Unbekannter ResponseType von MOA-SS");
+ throw new MOAIDException("builder.05", new Object[]{});
+ }
+ } else
+ return idl;
+ } catch (ConfigurationException e) {
+ Logger.warn("Configuration can not be loaded", e);
+ throw new MOAIDException("config.18", new Object[]{});
+ } catch (TransformerException e) {
+ Logger.warn("IdentityLink serialization error.", e);
+ throw new MOAIDException("builder.05", new Object[]{});
+ } catch (IOException e) {
+ Logger.warn("IdentityLink I/O error.", e);
+ throw new MOAIDException("builder.05", new Object[]{});
+ } catch (MOAException e) {
+ Logger.warn("General IdentityLink signing error.", e);
+ throw new MOAIDException("builder.05", new Object[]{});
+ }
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
index 74b18a662..dbe5b8ffa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/InOrderServletRequestWrapper.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -409,4 +431,4 @@ public class InOrderServletRequestWrapper extends HttpServletRequestWrapper {
return bodyParamOrder.elements();
-} //End InOrderServletRequestWrapper \ No newline at end of file
+} //End InOrderServletRequestWrapper
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
index a4d0c2ab6..b7a866370 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MOAIDMessageProvider.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
index b56a54c90..4ead00da2 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/MandateBuilder.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.util;
import java.util.Iterator;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
index ea823889f..3b6e001bf 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParamValidatorUtils.java
@@ -1,54 +1,75 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.util;
-import java.io.IOException;
-import java.io.StringReader;
-import java.net.MalformedURLException;
-import java.net.URL;
-import java.util.Iterator;
-import java.util.List;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-import javax.servlet.http.HttpServletRequest;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import org.xml.sax.InputSource;
-import org.xml.sax.SAXException;
-import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
-import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.StringUtils;
+import java.io.IOException;
+import java.io.StringReader;
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moa.util.StringUtils;
public class ParamValidatorUtils implements MOAIDAuthConstants{
@@ -81,66 +102,66 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
return false;
- }
- /**
- * Checks if the given ccc parameter is valid
- * @param ccc HTTP parameter from request
- * @return true if ccc is valid
- */
- public static boolean isValidCCC(String ccc) {
- Logger.debug("Ueberpruefe Parameter CCC");
- // if non parameter is given return true
- if (StringUtils.isEmpty(ccc)) {
- Logger.debug("Parameter CCC ist null");
- return true;
- }
- Pattern pattern = Pattern.compile("[a-zA-Z]{2}");
- Matcher matcher = pattern.matcher(ccc);
- boolean b = matcher.matches();
- if (b) {
- Logger.debug("Parameter CCC erfolgreich ueberprueft");
- return true;
- }
- else {
- Logger.error("Fehler Ueberpruefung Parameter CCC. CCC entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, sowie 2 Zeichen lang)");
- return false;
- }
- }
- /**
- * Checks if the given target is valid
- * @param sourceID HTTP parameter from request
- * @return
- */
- public static boolean isValidSourceID(String sourceID) {
- Logger.debug("Ueberpruefe Parameter sourceID");
- // if non parameter is given return true
- if (StringUtils.isEmpty(sourceID)) {
- Logger.debug("Parameter Target ist null");
- return true;
- }
- Pattern pattern = Pattern.compile("[\\w-_]{1,20}");
- Matcher matcher = pattern.matcher(sourceID);
- boolean b = matcher.matches();
- if (b) {
- Logger.debug("Parameter sourceID erfolgreich ueberprueft");
- return true;
- }
- else {
- Logger.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
- return false;
- }
+ }
+ /**
+ * Checks if the given ccc parameter is valid
+ * @param ccc HTTP parameter from request
+ * @return true if ccc is valid
+ */
+ public static boolean isValidCCC(String ccc) {
+ Logger.debug("Ueberpruefe Parameter CCC");
+ // if non parameter is given return true
+ if (StringUtils.isEmpty(ccc)) {
+ Logger.debug("Parameter CCC ist null");
+ return true;
+ }
+ Pattern pattern = Pattern.compile("[a-zA-Z]{2}");
+ Matcher matcher = pattern.matcher(ccc);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter CCC erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter CCC. CCC entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, sowie 2 Zeichen lang)");
+ return false;
+ }
+ }
+ /**
+ * Checks if the given target is valid
+ * @param sourceID HTTP parameter from request
+ * @return
+ */
+ public static boolean isValidSourceID(String sourceID) {
+ Logger.debug("Ueberpruefe Parameter sourceID");
+ // if non parameter is given return true
+ if (StringUtils.isEmpty(sourceID)) {
+ Logger.debug("Parameter Target ist null");
+ return true;
+ }
+ Pattern pattern = Pattern.compile("[\\w-_]{1,20}");
+ Matcher matcher = pattern.matcher(sourceID);
+ boolean b = matcher.matches();
+ if (b) {
+ Logger.debug("Parameter sourceID erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter sourceID. SourceID entspricht nicht den Kriterien (nur Zeichen a-z, A-Z, - und _, sowie 1-20 Zeichen lang)");
+ return false;
+ }
@@ -180,7 +201,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
* @return
public static boolean isValidBKUURI(String bkuURI, List<String> allowedBKUs) {
- Logger.debug("Ueberpruefe Parameter bkuURI");
+ Logger.debug("Ueberpruefe Parameter bkuURI");
// if non parameter is given return true
if (StringUtils.isEmpty(bkuURI)) {
@@ -192,12 +213,12 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
try {
// check if bku url starts with http or https
if (bkuURI.startsWith("http") || bkuURI.startsWith("https")) {
- URL url =new URL(bkuURI);
+ new URL(bkuURI);
// check if bkuURI is a local BKU
if (bkuURI.compareToIgnoreCase("https://localhost:3496/https-security-layer-request") == 0 ||
- bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 ||
- bkuURI.compareToIgnoreCase("") == 0 ||
+ bkuURI.compareToIgnoreCase("http://localhost:3495/http-security-layer-request") == 0 ||
+ bkuURI.compareToIgnoreCase("") == 0 ||
bkuURI.compareToIgnoreCase("") == 0) {
Logger.debug("Parameter bkuURI erfolgreich ueberprueft");
return true;
@@ -215,10 +236,10 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
- else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) {
- Logger.debug("Parameter bkuURI from configuration is used.");
- return true;
+ else if (MOAIDAuthConstants.REQ_BKU_TYPES.contains(bkuURI)) {
+ Logger.debug("Parameter bkuURI from configuration is used.");
+ return true;
} else {
Logger.error("Fehler Ueberpruefung Parameter bkuURI. bkuURI beginnt nicht mit http or https");
return false;
@@ -264,26 +285,26 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
Logger.debug("Parameter Template bzw. bkuSelectionTemplateURL erfolgreich ueberprueft");
return true;
- else {
- //check against configured trustet template urls
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
- //get OA specific template URLs
- if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
- for (TemplateType el : oaSlTemplates)
- trustedTemplateURLs.add(el.getURL());
- }
- boolean b = trustedTemplateURLs.contains(template);
- if (b) {
- Logger.debug("Parameter Template erfolgreich ueberprueft");
- return true;
- }
- else {
- Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ") bzw. ist nicht auf Liste der vertrauenswuerdigen Template URLs (Konfigurationselement: MOA-IDConfiguration/TrustedTemplateURLs)");
- return false;
- }
+ else {
+ //check against configured trustet template urls
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ List<String> trustedTemplateURLs = authConf.getSLRequestTemplates();
+ //get OA specific template URLs
+ if (oaSlTemplates != null && oaSlTemplates.size() > 0) {
+ for (TemplateType el : oaSlTemplates)
+ trustedTemplateURLs.add(el.getURL());
+ }
+ boolean b = trustedTemplateURLs.contains(template);
+ if (b) {
+ Logger.debug("Parameter Template erfolgreich ueberprueft");
+ return true;
+ }
+ else {
+ Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL. Parameter liegt nicht am gleichen Server wie die MOA-Instanz (" + req.getServerName() + ") bzw. ist nicht auf Liste der vertrauenswuerdigen Template URLs (Konfigurationselement: MOA-IDConfiguration/TrustedTemplateURLs)");
+ return false;
+ }
@@ -297,9 +318,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
} catch (MalformedURLException e) {
Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
return false;
- } catch (ConfigurationException e) {
- Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
- return false;
+ } catch (ConfigurationException e) {
+ Logger.error("Fehler Ueberpruefung Parameter Template bzw. bkuSelectionTemplateURL.", e);
+ return false;
@@ -324,9 +345,9 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
Logger.debug("Parameter MOASessionId erfolgreich ueberprueft");
return true;
- else {
+ else {
Logger.error("Fehler Ueberpruefung Parameter MOASessionId. MOASessionId entspricht nicht den Kriterien (nur Zeichen 0-9 und -)");
- return false;
+ return false;
@@ -449,7 +470,7 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
// }
public static boolean isValidXMLDocument(String document) {
if (StringUtils.isEmpty(document))
return false;
@@ -475,38 +496,38 @@ public class ParamValidatorUtils implements MOAIDAuthConstants{
return false;
- }
- public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) {
- String oaURL = req.getParameter(PARAM_OA);
- String bkuURL = req.getParameter(PARAM_BKU);
- String templateURL = req.getParameter(PARAM_TEMPLATE);
- String useMandate = req.getParameter(PARAM_USEMANDATE);
- String ccc = req.getParameter(PARAM_CCC);
- // check parameter
- try {
- if (!ParamValidatorUtils.isValidOA(oaURL))
- throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
- if (MiscUtil.isEmpty(bkuURL))
- throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
- if (MiscUtil.isEmpty(templateURL))
- throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
- if (!ParamValidatorUtils.isValidUseMandate(useMandate))
- throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
- if (!ParamValidatorUtils.isValidCCC(ccc))
- throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
- } catch (WrongParametersException e) {
- return false;
- }
- if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
- return false;
- else
- return true;
+ }
+ public static boolean areAllLegacyParametersAvailable(HttpServletRequest req) {
+ String oaURL = req.getParameter(PARAM_OA);
+ String bkuURL = req.getParameter(PARAM_BKU);
+ String templateURL = req.getParameter(PARAM_TEMPLATE);
+ String useMandate = req.getParameter(PARAM_USEMANDATE);
+ String ccc = req.getParameter(PARAM_CCC);
+ // check parameter
+ try {
+ if (!ParamValidatorUtils.isValidOA(oaURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_OA, "auth.12");
+ if (MiscUtil.isEmpty(bkuURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_BKU, "auth.12");
+ if (MiscUtil.isEmpty(templateURL))
+ throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
+ if (!ParamValidatorUtils.isValidUseMandate(useMandate))
+ throw new WrongParametersException("StartAuthentication", PARAM_USEMANDATE, "auth.12");
+ if (!ParamValidatorUtils.isValidCCC(ccc))
+ throw new WrongParametersException("StartAuthentication", PARAM_CCC, "auth.12");
+ } catch (WrongParametersException e) {
+ return false;
+ }
+ if (StringUtils.isEmpty(oaURL) || StringUtils.isEmpty(templateURL) || StringUtils.isEmpty(bkuURL))
+ return false;
+ else
+ return true;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
index a9d95d65e..31ff44936 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ParameterInOrderFilter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -83,4 +105,4 @@ public class ParameterInOrderFilter implements Filter
//process the rest of filter chain
chain.doFilter(sRequ, response);
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
index f1d0ecd45..2d9fb9196 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/Random.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -27,12 +49,9 @@ package at.gv.egovernment.moa.id.util;
import iaik.security.random.SeedGenerator;
-import java.io.IOException;
import java.nio.ByteBuffer;
import java.security.SecureRandom;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.Base64Utils;
* Random number generator used to generate ID's
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
index a6619fc11..ed3f297c7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SSLUtils.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
* Copyright 2003 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
@@ -55,6 +77,7 @@ import org.apache.regexp.RESyntaxException;
import at.gv.egovernment.moa.id.config.ConfigurationException;
import at.gv.egovernment.moa.id.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.config.ConnectionParameter;
+import at.gv.egovernment.moa.id.config.ConnectionParameterInterface;
import at.gv.egovernment.moa.id.iaik.config.PKIConfigurationImpl;
import at.gv.egovernment.moa.id.iaik.pki.PKIProfileImpl;
import at.gv.egovernment.moa.id.iaik.pki.jsse.MOAIDTrustManager;
@@ -72,13 +95,13 @@ import at.gv.egovernment.moa.logging.Logger;
public class SSLUtils {
/** SSLSocketFactory store, mapping URL->SSLSocketFactory **/
- private static Map sslSocketFactories = new HashMap();
+ private static Map<String, SSLSocketFactory> sslSocketFactories = new HashMap<String, SSLSocketFactory>();
* Initializes the SSLSocketFactory store.
public static void initialize() {
- sslSocketFactories = new HashMap();
+ sslSocketFactories = new HashMap<String, SSLSocketFactory>();
// JSSE Abhängigkeit
//Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
Security.addProvider(new IAIK());
@@ -106,7 +129,7 @@ public class SSLUtils {
public static SSLSocketFactory getSSLSocketFactory(
ConfigurationProvider conf,
- ConnectionParameter connParam)
+ ConnectionParameterInterface connParam)
throws IOException, GeneralSecurityException, ConfigurationException, PKIException {
Logger.debug("Get SSLSocketFactory for " + connParam.getUrl());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
index db6d7aa53..56e59a4aa 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ServletUtils.java
@@ -1,44 +1,66 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.util;
-import java.io.IOException;
-import java.io.OutputStream;
-import java.net.URLEncoder;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import at.gv.egovernment.moa.id.MOAIDException;
-import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.logging.Logger;
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.URLEncoder;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
* @author <a href="mailto:peter.danner@egiz.gv.at">Peter Danner</a>
@@ -75,7 +97,7 @@ public class ServletUtils {
- Logger.debug("Finished POST " + servletName);
+ Logger.debug("Finished POST " + servletName);
} else {
String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), servletGoal, session.getSessionID());
@@ -85,78 +107,78 @@ public class ServletUtils {
Logger.debug("REDIRECT TO: " + redirectURL);
- }
- /**
- * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
- * depending on the requests starting text.
- *
- * @param resp The httpServletResponse
- * @param session The current AuthenticationSession
- * @param createXMLSignatureRequestOrRedirect The request
- * @param servletGoal The servlet to which the redirect should happen
- * @param servletName The servlet name for debug purposes
- * @throws MOAIDException
- * @throws IOException
- */
- public static void writeCreateXMLSignatureRequest(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
- throws MOAIDException,
- IOException
- {
- resp.setStatus(307);
- resp.addHeader("Location", dataURL);
- //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
- resp.setContentType("text/xml;charset=UTF-8");
- OutputStream out = resp.getOutputStream();
- out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST " + servletName);
- /**
- * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
- * depending on the requests starting text.
- *
- * @param resp The httpServletResponse
- * @param session The current AuthenticationSession
- * @param createXMLSignatureRequestOrRedirect The request
- * @param servletGoal The servlet to which the redirect should happen
- * @param servletName The servlet name for debug purposes
- * @throws MOAIDException
- * @throws IOException
- */
- public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
- throws MOAIDException,
- IOException {
- resp.setStatus(200);
- Logger.debug("ContentType set to: application/x-www-form-urlencoded");
- resp.setContentType("application/x-www-form-urlencoded");
- String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" +
- "DataURL=" + URLEncoder.encode(dataURL, "UTF-8");
- OutputStream out = resp.getOutputStream();
- out.write(content.getBytes("UTF-8"));
- out.flush();
- out.close();
- Logger.debug("Finished POST " + servletName);
- }
- public static String getBaseUrl( HttpServletRequest request ) {
- if ( ( request.getServerPort() == 80 ) ||
- ( request.getServerPort() == 443 ) )
- return request.getScheme() + "://" +
- request.getServerName() +
- request.getContextPath();
- else
- return request.getScheme() + "://" +
- request.getServerName() + ":" + request.getServerPort() +
- request.getContextPath();
- }
+ /**
+ * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
+ * depending on the requests starting text.
+ *
+ * @param resp The httpServletResponse
+ * @param session The current AuthenticationSession
+ * @param createXMLSignatureRequestOrRedirect The request
+ * @param servletGoal The servlet to which the redirect should happen
+ * @param servletName The servlet name for debug purposes
+ * @throws MOAIDException
+ * @throws IOException
+ */
+ public static void writeCreateXMLSignatureRequest(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
+ throws MOAIDException,
+ IOException
+ {
+ resp.setStatus(307);
+ resp.addHeader("Location", dataURL);
+ //TODO test impact of explicit setting charset with older versions of BKUs (HotSign)
+ resp.setContentType("text/xml;charset=UTF-8");
+ OutputStream out = resp.getOutputStream();
+ out.write(createXMLSignatureRequestOrRedirect.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST " + servletName);
+ }
+ /**
+ * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing
+ * depending on the requests starting text.
+ *
+ * @param resp The httpServletResponse
+ * @param session The current AuthenticationSession
+ * @param createXMLSignatureRequestOrRedirect The request
+ * @param servletGoal The servlet to which the redirect should happen
+ * @param servletName The servlet name for debug purposes
+ * @throws MOAIDException
+ * @throws IOException
+ */
+ public static void writeCreateXMLSignatureRequestURLEncoded(HttpServletResponse resp, AuthenticationSession session, String createXMLSignatureRequestOrRedirect, String servletGoal, String servletName, String dataURL)
+ throws MOAIDException,
+ IOException {
+ resp.setStatus(200);
+ Logger.debug("ContentType set to: application/x-www-form-urlencoded");
+ resp.setContentType("application/x-www-form-urlencoded");
+ String content = "XMLRequest=" + URLEncoder.encode(createXMLSignatureRequestOrRedirect, "UTF-8") + "&" +
+ "DataURL=" + URLEncoder.encode(dataURL, "UTF-8");
+ OutputStream out = resp.getOutputStream();
+ out.write(content.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ Logger.debug("Finished POST " + servletName);
+ }
+ public static String getBaseUrl( HttpServletRequest request ) {
+ if ( ( request.getServerPort() == 80 ) ||
+ ( request.getServerPort() == 443 ) )
+ return request.getScheme() + "://" +
+ request.getServerName() +
+ request.getContextPath();
+ else
+ return request.getScheme() + "://" +
+ request.getServerName() + ":" + request.getServerPort() +
+ request.getContextPath();
+ }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index 1f8c31bb5..4b7e46ce7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -1,18 +1,36 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.util;
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import javax.crypto.Cipher;
-import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
-import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.logging.Logger;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
index caa8f1769..269e21d4f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/VelocityLogAdapter.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.util;
import org.apache.velocity.app.Velocity;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index 979744edb..385dd753c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -1,35 +1,57 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.util.client.mis.simple;
-import java.io.Serializable;
+import java.io.Serializable;
public class MISMandate implements Serializable{
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = 1L;
final static private String OID_NOTAR = "";
final static private String TEXT_NOTAR = "berufsmäßige(r) Parteienvertreter(in) mit Notariatseigenschaft";
@@ -45,20 +67,20 @@ public class MISMandate implements Serializable{
private String oid = null;
private byte[] mandate = null;
- private String owBPK = null;
+ private String owBPK = null;
public String getProfRep() {
return oid;
public void setProfRep(String oid) {
this.oid = oid;
- }
- public void setOWbPK(String oWbPK) {
- this.owBPK = oWbPK;
- }
- public String getOWbPK() {
- return owBPK;
+ }
+ public void setOWbPK(String oWbPK) {
+ this.owBPK = oWbPK;
+ }
+ public String getOWbPK() {
+ return owBPK;
public byte[] getMandate() {
return mandate;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
index 7268d0d83..9050a0f38 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSessionId.java
@@ -1,27 +1,49 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.util.client.mis.simple;
public class MISSessionId {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index 8970abc10..c0fde8146 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -1,55 +1,78 @@
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
package at.gv.egovernment.moa.id.util.client.mis.simple;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import javax.net.ssl.SSLSocketFactory;
-import javax.xml.parsers.DocumentBuilderFactory;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-import org.apache.commons.codec.binary.Base64;
-import org.apache.commons.httpclient.HttpClient;
-import org.apache.commons.httpclient.methods.PostMethod;
-import org.apache.commons.httpclient.methods.StringRequestEntity;
-import org.apache.commons.httpclient.protocol.Protocol;
-import org.apache.xpath.XPathAPI;
-import org.w3c.dom.DOMException;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import at.gv.egovernment.moa.util.DOMUtils;
-import at.gv.egovernment.moa.util.StringUtils;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import javax.net.ssl.SSLSocketFactory;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.methods.PostMethod;
+import org.apache.commons.httpclient.methods.StringRequestEntity;
+import org.apache.commons.httpclient.protocol.Protocol;
+import org.apache.xpath.XPathAPI;
+import org.w3c.dom.DOMException;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException;
+import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWSecureSocketFactory;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.StringUtils;
public class MISSimpleClient {
@@ -71,7 +94,7 @@ public class MISSimpleClient {
- public static List sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
+ public static List<MISMandate> sendGetMandatesRequest(String webServiceURL, String sessionId, SSLSocketFactory sSLSocketFactory) throws MISSimpleClientException {
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
@@ -106,18 +129,18 @@ public class MISSimpleClient {
throw new MISSimpleClientException("No mandates found in response.");
- ArrayList foundMandates = new ArrayList();
+ ArrayList<MISMandate> foundMandates = new ArrayList<MISMandate>();
for (int i=0; i<mandateElements.getLength(); i++) {
- Element mandate = (Element) mandateElements.item(i);
+ Element mandate = (Element) mandateElements.item(i);
MISMandate misMandate = new MISMandate();
- if (mandate.hasAttribute("ProfessionalRepresentative")) {
+ if (mandate.hasAttribute("ProfessionalRepresentative")) {
// System.out.println("OID: " + mandate.getAttribute("ProfessionalRepresentative"));
- }
- if (mandate.hasAttribute("OWbPK")) {
- misMandate.setOWbPK(mandate.getAttribute("OWbPK"));
-// System.out.println("OWBPK: " + mandate.getAttribute("OWbPK"));
+ }
+ if (mandate.hasAttribute("OWbPK")) {
+ misMandate.setOWbPK(mandate.getAttribute("OWbPK"));
+// System.out.println("OWBPK: " + mandate.getAttribute("OWbPK"));
@@ -155,8 +178,8 @@ public class MISSimpleClient {
Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Element mirElement = doc.createElementNS(MIS_NS, "MandateIssueRequest");
Element idlElement = doc.createElementNS(MIS_NS, "IdentityLink");
idlElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(idl))));
@@ -166,21 +189,21 @@ public class MISSimpleClient {
// certElement.appendChild(doc.createTextNode(new String(Base64.encodeBase64(cert))));
- }
- if (!StringUtils.isEmpty(oaFriendlyName)) {
- Element oaFriendlyNameElement = doc.createElementNS(MIS_NS, "OAFriendlyName");
- oaFriendlyNameElement.appendChild(doc.createTextNode(oaFriendlyName));
- mirElement.appendChild(oaFriendlyNameElement);
- }
+ }
+ if (!StringUtils.isEmpty(oaFriendlyName)) {
+ Element oaFriendlyNameElement = doc.createElementNS(MIS_NS, "OAFriendlyName");
+ oaFriendlyNameElement.appendChild(doc.createTextNode(oaFriendlyName));
+ mirElement.appendChild(oaFriendlyNameElement);
+ }
Element redirectElement = doc.createElementNS(MIS_NS, "RedirectURL");
- mirElement.appendChild(redirectElement);
- Element referenceValueElement = doc.createElementNS(MIS_NS, "ReferenceValue");
- referenceValueElement.appendChild(doc.createTextNode(referenceValue));
- mirElement.appendChild(referenceValueElement);
+ mirElement.appendChild(redirectElement);
+ Element referenceValueElement = doc.createElementNS(MIS_NS, "ReferenceValue");
+ referenceValueElement.appendChild(doc.createTextNode(referenceValue));
+ mirElement.appendChild(referenceValueElement);
if (mandateIdentifier != null && mandateIdentifier.length > 0) {
Element filtersElement = doc.createElementNS(MIS_NS, "Filters");
@@ -192,16 +215,16 @@ public class MISSimpleClient {
- }
- //add Target element
- Element targetElement = doc.createElementNS(MIS_NS, "Target");
- Element targetTypeElement = doc.createElementNS(MIS_NS, "Type");
- targetTypeElement.appendChild(doc.createTextNode(targetType));
- targetElement.appendChild(targetTypeElement);
- mirElement.appendChild(targetElement);
+ }
+ //add Target element
+ Element targetElement = doc.createElementNS(MIS_NS, "Target");
+ Element targetTypeElement = doc.createElementNS(MIS_NS, "Type");
+ targetTypeElement.appendChild(doc.createTextNode(targetType));
+ targetElement.appendChild(targetTypeElement);
+ mirElement.appendChild(targetElement);
// send soap request
Element mandateIssueResponseElement = sendSOAPRequest(webServiceURL, mirElement);
@@ -248,21 +271,21 @@ public class MISSimpleClient {
if (errorElement != null) {
String code = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Code/text()", NS_NODE)).getNodeValue();
String text = ((Node) XPathAPI.selectSingleNode(mandateIssueResponseElement, "//mis:MandateIssueResponse/mis:Error/mis:Text/text()", NS_NODE)).getNodeValue();
- throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text); }
+ throw new MISSimpleClientException("Fehler beim Abfragen des Online-Vollmachten Services: " + code + " / " + text, code, text); }
} catch (TransformerException e) {
throw new MISSimpleClientException(e);
- private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
-// try {
-// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request));
-// } catch (TransformerException e1) {
-// e1.printStackTrace();
-// } catch (IOException e1) {
-// e1.printStackTrace();
-// }
+ private static Element sendSOAPRequest(String webServiceURL, Element request) throws MISSimpleClientException {
+// try {
+// System.out.println("REQUEST-MIS: \n" + DOMUtils.serializeNode(request));
+// } catch (TransformerException e1) {
+// e1.printStackTrace();
+// } catch (IOException e1) {
+// e1.printStackTrace();
+// }
if (webServiceURL == null) {
throw new NullPointerException("Argument webServiceURL must not be null.");
@@ -275,7 +298,7 @@ public class MISSimpleClient {
PostMethod post = new PostMethod(webServiceURL);
StringRequestEntity re = new StringRequestEntity(DOMUtils.serializeNode(packIntoSOAP(request)),"text/xml", "UTF-8");
- int responseCode = httpclient.executeMethod(post);
+ int responseCode = httpclient.executeMethod(post);
if (responseCode != 200) {
throw new MISSimpleClientException("Invalid HTTP response code " + responseCode);
@@ -315,4 +338,4 @@ public class MISSimpleClient {
throw new MISSimpleClientException(e);
-} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
index 03521cf2f..9ce44fe15 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/legacy/LegacyHelper.java
@@ -1,3 +1,25 @@
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
package at.gv.egovernment.moa.id.util.legacy;
import javax.servlet.http.HttpServletRequest;
@@ -5,7 +27,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.auth.WrongParametersException;
+import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
public class LegacyHelper implements MOAIDAuthConstants{